Hiding SNMP Community Strings?
Hi all, is there a command to hide SNMP Community Strings from public view. Something similar to "service-password encryption" for passwords. Thanks!
Comments
-
wildfire Member Posts: 654hmm I remeber seeing a similar topic on groupstudy but I cant find it now as I deleted the emails (unless it was you Mr D!)
Of course community strings are sent in clear, so I guess hiding them doesnt really achieve a great deal.Looking for CCIE lab study partnerts, in the UK or Online. -
MrD Member Posts: 441Yeah it was me on GS. I know this, and you know this, but layer 8 (mgmt) doesn't care.
P.S. Thanks for deleting my email -
wildfire Member Posts: 654If theres no way in the IOS to do it, you could write your own TCL script to code the characters. Nothing complicated , define an array a = %r b=^7 etc the reference your running config output so when a show run is issue it changes that part of of the output string.
That would probably take loads of tcl books and months of development, but if (I like it) layer 8 are happyLooking for CCIE lab study partnerts, in the UK or Online. -
MrD Member Posts: 441Yeah, we use CiscoWorks which masks it fine, but only through CiscoWorks. Much quicker to hit it via Telnet IMO. I think I'll try the TCL script. Thanks guys!
-
gibby1801 Member Posts: 14 ■□□□□□□□□□From what I've found, it entirely depends on the IOS level you're using. For example, a 6509 may encrypt the SNMP strings with "service password-encryption" turn on, while a 3550 might not.
Try it on a few different models and see what you find.
ThanksJosh Gibson
CCNA -
teezee Inactive Imported Users Posts: 9 ■□□□□□□□□□Well to add to this... just give the kinda right you'd give to the public and private strings...!!! Talking about your IOS! well it's true... i guess the most recent IOS support the SNMP V3. And the v3 is not yet widely used on other technologies as of now, i only know that of Cisco's!