Hiding SNMP Community Strings?

MrDMrD Posts: 441Member
Hi all, is there a command to hide SNMP Community Strings from public view. Something similar to "service-password encryption" for passwords. Thanks!


  • wildfirewildfire Posts: 654Member
    hmm I remeber seeing a similar topic on groupstudy but I cant find it now as I deleted the emails (unless it was you Mr D!)

    Of course community strings are sent in clear, so I guess hiding them doesnt really achieve a great deal.
    Looking for CCIE lab study partnerts, in the UK or Online.
  • MrDMrD Posts: 441Member
    Yeah it was me on GS. I know this, and you know this, but layer 8 (mgmt) doesn't care. :D

    P.S. Thanks for deleting my email icon_cool.gif
  • wildfirewildfire Posts: 654Member
    If theres no way in the IOS to do it, you could write your own TCL script to code the characters. Nothing complicated :) , define an array a = %r b=^7 etc the reference your running config output so when a show run is issue it changes that part of of the output string.

    That would probably take loads of tcl books and months of development, but if (I like it) layer 8 are happy icon_cool.gif
    Looking for CCIE lab study partnerts, in the UK or Online.
  • MrDMrD Posts: 441Member
    Yeah, we use CiscoWorks which masks it fine, but only through CiscoWorks. Much quicker to hit it via Telnet IMO. I think I'll try the TCL script. Thanks guys!
  • gibby1801gibby1801 Posts: 14Member ■□□□□□□□□□
    From what I've found, it entirely depends on the IOS level you're using. For example, a 6509 may encrypt the SNMP strings with "service password-encryption" turn on, while a 3550 might not.

    Try it on a few different models and see what you find.

    Josh Gibson
  • teezeeteezee Posts: 9Inactive Imported Users ■□□□□□□□□□
    Well to add to this... just give the kinda right you'd give to the public and private strings...!!! Talking about your IOS! well it's true... i guess the most recent IOS support the SNMP V3. And the v3 is not yet widely used on other technologies as of now, i only know that of Cisco's!
Sign In or Register to comment.