How to Configure SNMP Community Strings [IP Application Services]

Document ID: 7282

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
How To Configure SNMP Community Strings on a Router and a Cisco IOS Software-based XL Catalyst Switch
      Enable SNMP Community Strings
      Verify SNMP Community Strings
      Modify SNMP Community Strings
      Disable/Remove SNMP Community Strings
How To Configure SNMP Community Strings on an RSM
      Enable SNMP Community Strings
      Verify SNMP Community Strings
      Modify SNMP Community Strings
      Disable/Remove SNMP Community Strings
How To Configure SNMP Community Strings on a Multilayer Switch Feature Card (MSFC)
      Enable SNMP Community Strings
      Verify SNMP Community Strings
      Modify SNMP Community Strings
      Disable/Remove SNMP Community Strings
How To Configure SNMP Community Strings on a Catalyst Switch
      Enable SNMP Community Strings
      Verify SNMP Community Strings
      Modify SNMP Community Strings
      Disable/Remove SNMP Community Strings
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

This document explains how to configure Simple Network Management Protocol (SNMP) community strings on Cisco routers, Route Switch Modules (RSMs), and Catalyst switches. In the context of this document, configuring is defined as verifying, enabling, modifying, and disabling SNMP community strings.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

How To Configure SNMP Community Strings on a Router and a Cisco IOS Software-based XL Catalyst Switch

Enable SNMP Community Strings

The procedure listed below is the same for both routers and Cisco IOS software-based XL Catalyst Switches.

Telnet to the router:
```
prompt# telnet 172.16.99.20
```
Enter the enable mode by entering the enable password at the prompt:
```
Router>enable 
Password: 
Router#
```
Display the running configuration and look for the SNMP information:
```
Router#show running-config 
Building configuration... 
.... 
.... 
```
Note: If no SNMP information is present, continue with the steps below. If any SNMP commands are listed, you can modify or disable them.

Go into the configuration mode:

Router#configure terminal 
Enter configuration commands, one per line.  End 
with CNTL/Z. 
Router(config)#

Use the command below to enable the Read-only (RO) community string:
```
Router(config)#snmp-server community public RO 
```
where "public" is the Read-only community string.
Use the command below to enable the Read-write (RW) community string:

Router(config)#snmp-server community private RW

where "private" is the Read-write community string.
Exit out of the configuration mode and return to the main prompt:
```
Router(config)#exit 
Router#
```
Write the modified configuration to nonvolatile RAM (NVRAM) to save the settings:
```
Router#write memory 
Building configuration... 
[OK] 
Router#
```

Verify SNMP Community Strings

Here is how to verify SNMP community strings.

Verify that there is TCP/IP connectivity between the Network Management Server (NMS) server and the router:

C:\>ping 172.16.99.20 

Pinging 172.16.99.20 with 32 bytes of data: 
Reply from 172.16.99.20: bytes=32 time<10ms TTL=247 
Reply from 172.16.99.20: bytes=32 time=10ms TTL=247 
Reply from 172.16.99.20: bytes=32 time<10ms TTL=247 
Reply from 172.16.99.20: bytes=32 time<10ms TTL=247 
Ping statistics for 172.16.99.20: 
   Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 
   Minimum = 0ms, Maximum =  10ms, Average =  2ms

Telnet to the router:
```
prompt# telnet 172.16.99.20
```
Enter the enable mode by entering the enable password at the prompt:
```
Router>enable 
Password: 
Router#
```
Display the running configuration and look for the SNMP information:
```
Router#show running-config 
.... 
.... 
snmp-server community public RO 
snmp-server community private RW 
.... 
....
```
In the above sample output, "public" is the read-only community string and "private" is the read-write community string.

Note: If you do not see any "snmp-server" statements, SNMP has not been enabled on the router.

Alternatively, execute the show snmp command in the enable mode. If you see the following message, it also indicates that SNMP has not been enabled on the router:
```
Router#show snmp 
%SNMP agent not enabled 
Router#
```
Exit out of the enable mode and return to the main prompt:
```
Router#disable 
Router>
```

Modify SNMP Community Strings

Follow these steps to modify SNMP community strings.

Telnet to the router:
```
prompt# telnet 172.16.99.20
```
Enter the enable mode by entering the enable password at the prompt:
```
Router>enable 
Password: 
Router#
```

Display the running configuration and look for the SNMP information:

Router#show running-config 

Building configuration... 
... 
... 
snmp-server community public RO 
snmp-server community private RW 
.... 
....

Go into the configuration mode:
```
Router#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z. 
Router(config)#
```
- To modify the current Read-only (RO) community string:
  1. Delete the current Read-only (RO) community string by using the command below:
    - Router(config)#no snmp-server community public RO (where "public" is the Read-only community string)
  2. Enter the new Read-only (RO) community string by using the command below:
    - Router(config)#snmp-server community XXXX RO (where "XXXX" is the Read-only community string)
- To modify the current Read-write (RW) community string:
  1. Delete the current Read-write (RW) community string by using the command below:
    - Router(config)#no snmp-server community private RW (where "private" is the Read-write community string)
  2. Enter the new Read-write (RW) community string by using the command below:
    - Router(config)#snmp-server community YYYY RW (where "YYYY" is the Read-write community string)
Exit out of the configuration mode and return to the main prompt:
```
Router(config)#exit 
Router#
```
Write the modified configuration to nonvolatile RAM (NVRAM) to save the settings:
```
Router#write memory 
Building configuration... 
[OK] 
Router#
```

Disable/Remove SNMP Community Strings

Follow these directions to disable or remove SMMP community strings.

Telnet to the router:
```
prompt# telnet 172.16.99.20
```
Enter the enable mode by entering the enable password at the prompt:
```
Router>enable 
Password: 
Router#
```

Display the running configuration and look for the SNMP information:

Router#show running-config 

Building configuration... 
... 
... 
snmp-server community public RO 
snmp-server community private RW 
.... 
....

Go into the configuration mode:

Router#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z. 
Router(config)#

To disable/remove the current Read-only (RO) community string, use the following command:
```
Router(config)#no snmp-server community public RO
```
where "public" is the Read-only community string
To disable/remove the current Read-write (RW) community string, use the following command:
```
Router(config)#no snmp-server community private RW 
```
where "private" is the Read-write community string
Exit out of the configuration mode and return to the main prompt:
```
Router(config)#exit 
Router#
```
Write the modified configuration to nonvolatile RAM (NVRAM) to save the settings:
```
Router#write memory 
Building configuration... 
[OK] 
Router#
```

How To Configure SNMP Community Strings on an RSM

Enable SNMP Community Strings

RSMs run the same Cisco IOS software code as the routers do. Consequently, you can follow the same procedure to enable SNMP on an RSM as described above for the routers.

Verify SNMP Community Strings

Follow this procedure to verify SNMP communtiy strings on an RSM.

Telnet to the Catalyst Switch (in our example, we use the Catalyst 5500):
```
prompt# telnet 172.16.99.55
```
Enter the enable mode by entering the enable password at the prompt:
```
Cat5500>enable 
Password: 
Cat5500> (enable)
```

Display the system modules and locate the RSM module by executing the show module command. An example is shown below:

Cat5500> (enable) show module 

Mod Slot Ports Module-Type Model Sub Status 
--- ---- ----- ---------------------- -------------- --- ------ 
1 1 0 Supervisor III WS-X5530 yes ok 
2 2  Gigabit Ethernet Ext WS-X5410   
3 3 9 Gigabit Ethernet WS-X5410 no ok 
4 4 24 10BaseT Ethernet WS-X5010 no ok 
5 5 1 Route Switch WS-X5302 no ok 
6 6 1 Network Analysis/RMON WS-X5380 no ok 
7 7 12 10/100BaseTX Ethernet WS-X5213A no ok 
9 9 16 Token Ring WS-X5030 no ok 
10 10 12 10BaseFL Ethernet WS-X5011 no ok 
11 11 24 10/100BaseTX Ethernet WS-X5225R no ok 
13 13  ASP/SRP no   

... 
... 
--<snip>--

After you identify the Mod number, start a "session" to the RSM module. An example of how to do this is shown below:
```
Cat5500> (enable) session 5 
Trying Router-5... 
Connected to Router-5. 
Escape character is '^]'. 

RSM> 
```
Enter the enable mode by entering the enable password at the prompt:
```
RSM>enable 
Password: 
RSM#
```
Display the running configuration and look for the SNMP information:
```
RSM#show running-config 

Building configuration... 
.... 
.... 
snmp-server community public RO 
snmp-server community private RW 
.... 
....
```
In the above sample output, "public" is the Read-only community string and "private" is the Read-write community string.

Note: If you do not see any "snmp-server" statements, SNMP has not been enabled on the router.

Alternatively, you can execute the show snmp command in the enable mode. If you see the following message, it also indicates that SNMP has not been enabled on the router.
```
RSM#show snmp 

%SNMP agent not enabled
 
RSM#
```
Exit out of the enable mode and return to the main prompt:
```
RSM#exit 
Cat5500> (enable)
```

Modify SNMP Community Strings

RSM runs the same Cisco IOS software code as the routers do. You can follow the same procedure to modify SNMP as described in the above router example.

Disable/Remove SNMP Community Strings

RSM runs the same Cisco IOS software code as the routers do. You can follow the same procedure to disable SNMP as described in the above router example.

How To Configure SNMP Community Strings on a Multilayer Switch Feature Card (MSFC)

Enable SNMP Community Strings

A multilayer switch feature card (MSFC) runs the same Cisco IOS software code as the routers do. You can follow the same procedure to enable SNMP as described in the above .

Verify SNMP Community Strings

Here is how to verify SNMP community strings on a multilayer switch feature card (MSFC).

Telnet to the Catalyst Switch (the Catalyst 6509 is used in the example below):
```
prompt# telnet 172.16.99.66
```
Enter the enable mode by entering the enable password at the prompt:
```
Cat6509>enable 
Password: 
Cat6509> (enable)
```

Display the system modules and locate the MSFC module by executing the show module command. Here is an example:

Cat6509 (enable) show module 

Mod Slot Ports Module-Type  Model Sub Status 
--- ---- ----- ---------------------- ---------------- --- ------ 
1 1 2 1000BaseX Supervisor WS-X6K-SUP1A-2GE yes ok 
15 1 1 Multilayer Switch Feature WS-F6K-MSFC no ok 
3 3 8 1000BaseX Ethernet WS-X6408A-GBIC no ok 
4 4 48 10/100BaseTX Ethernet WS-X6348-RJ-45 yes ok 
5 5 48 10/100BaseTX Ethernet WS-X6348-RJ-45 no ok 
6 6 8 T1 WS-X6608-T1 no ok 
7 7 24 FXS WS-X6624-FXS no ok 
8 8 0 FlexWAN Module WS-X6182-2PA no ok 

.... 
.... 
--<snip>--

After you identify the Mod number, start a "session" to the MSFC module. An example is shown below:

Cat6509> (enable) session 15 
Trying Router-15... 
Connected to Router-15. 
Escape character is '^]'. 

MSFC>

Enter the enable mode by entering the enable password at the prompt:
```
MSFC>enable 
Password: 
MSFC#
```
Display the running configuration and look for the SNMP information:
```
MSFC#show running-config 

Building configuration... 
.... 
.... 
snmp-server community public RO 
snmp-server community private RW 
.... 
....
```
In the above sample output, "public" is the Read-only community string and "private" is the Read-write community string.

Note: If you do not see any "snmp-server" statements, SNMP has not been enabled on the router.

Alternatively, you can execute the show snmp command in the enable mode. If you see the following message, it also indicates that SNMP has not been enabled on the router:
```
MSFC#show snmp 

%SNMP agent not enabled
 
MSFC#
```
Exit out of the enable mode and return to the main prompt:
```
MSFC#exit 
Cat65509> (enable)
```

Modify SNMP Community Strings

The MSFC runs the same Cisco IOS software code as the routers do. You can follow the same procedure to modify SNMP as described in the above router example.

Disable/Remove SNMP Community Strings

The MSFC runs the same Cisco IOS software code as the routers do. You can follow the same procedure to disable SNMP as described in the above router example.

How To Configure SNMP Community Strings on a Catalyst Switch

On Catalyst switches such as the 4000, 5000, and 6000 series running a regular catalyst Operating System (OS), SNMP is enabled by default with the community strings set to the following:

Read-Only: Public
Read-Write: Private
Read-Write-all: Secret

With these community strings and the IP address of your switch's management interface, anyone would be able to reconfigure the device. Changing the community strings on the Catalyst switch immediately after setting the device on the network is very important.

Enable SNMP Community Strings

Follow these steps to enable SNMP community strings on a catalyst switch.

Telnet to the Catalyst Switch (the Catalyst 5500 is used in the example below):
```
prompt# telnet 172.16.99.55
```
Enter the enable mode by entering the enable password at the prompt:
```
Cat5500>enable 
Password: 
Cat5500> (enable)
```
To enable Read-only (RO) community string, use the command below:
```
Cat5500> (enable) set snmp community read-only XXXX 
```
(where "XXXX" is the Read-only community string)
To enable Read-write (RW) community string, use the command below:
```
Cat5500> (enable) set snmp community read-write YYYY  
```
where "YYYY" is the Read-write community string

Note: The Catalyst 4000, 5000, and 6000 series switches do not have Start-up configurations. That is why there is no write memory command in these switches compared to the routers.

Verify that the new community strings have been added:

Cat5500> (enable) show snmp 

    RMON:                    Enabled  
    Extended RMON:           Enabled 
    Extended RMON Netflow:   Enabled 
    Extended RMON Vlanmode:  Disabled 
    Extended RMON Vlanagent: Disabled    
    SPAN Configuration: 
    Traps Enabled: 
    Port,Module,Chassis,Bridge,Repeater,Vtp,Auth,ippermit,Vmps,config,
       entity,stpx,syslog      
    Port Traps Enabled: 3/1-9,4/1-24,7/1-12,9/1-16,10/1-12,11/1-24    
    Community-Access    Community-String 
    ----------------    ---------------- 
    read-only           XXXX (XXXX is the new Read-only community string) 
    read-write          YYYY (YYYY is the new Read-write community string)
    read-write-all      secret 
    .... 
    .... 
    --<snip>--

Verify SNMP Community Strings

Follow these steps to configure SNMP community strings on a catalyst switch.

Telnet to the Catalyst Switch (the Catalyst 5500 is used in the example below):
```
prompt# telnet 172.16.99.55
```
Enter the enable mode by entering the enable password at the prompt:
```
Cat5500>enable 
Password: 
Cat5500>(enable)
```

Display the current SNMP information and look for the community-access information by executing the show snmp command. An example is shown below:

Cat5500> (enable) show snmp 

RMON:                    Enabled 
Extended RMON:           Enabled 
Extended RMON Netflow:   Enabled 
Extended RMON Vlanmode:  Disabled          
Extended RMON Vlanagent: Disabled        
SPAN Configuration: 
Traps Enabled: 
Port,Module,Chassis,Bridge,Repeater,Vtp,Auth,ippermit,Vmps,config,
   entity,stpx,syslog          
Port Traps Enabled: 3/1-9,4/1-24,7/1-12,9/1-16,10/1-12,11/1-24 
Community-Access    Community-String 
---------------     -------------- 
read-only            XXXX          ("XXXX" is the Read-only community string) 
read-write           YYYY          ("YYYY" is the Read-write community string)
read-write-all       secret 
.... 
.... 
--<snip>--

Modify SNMP Community Strings

Follow these steps to modify SNMP community strings on a catalyst switch.

Telnet to the Catalyst Switch (the Catalyst 5500 is used in the example below):
```
prompt# telnet 172.16.99.55
```
Enter the enable mode by entering the enable password at the prompt:
```
Cat5500>enable 
Password: 
Cat5500> (enable)
```
To modify the Read-only (RO) community string, use the command below:
```
Cat5500> (enable) set snmp community read-only public 
```
where "public" is the Read-only community string
To enable the Read-write (RW) community string, use the command below:
```
Cat5500> (enable) set snmp community read-write private
```
where "private" is the Read-write community string

Display the current SNMP information and look for the community-access information by executing the show snmp command. Here is an example:

Cat5500> (enable) show snmp 

RMON:                     Enabled 
Extended RMON:            Enabled 
Extended RMON Netflow:    Enabled 
Extended RMON Vlanmode:   Disabled          
Extended RMON Vlanagent:  Disabled        
SPAN Configuration: 
Traps Enabled: 
Port,Module,Chassis,Bridge,Repeater,Vtp,Auth,ippermit,Vmps,config,
   entity,stpx,syslog
Port Traps Enabled: 3/1-9,4/1-24,7/1-12,9/1-16,10/1-12,11/1-24 
Community-Access     Community-String 
----------------     ------------- 
read-only            public   

!--- public is the modified Read-only community string

read-write           private  

!--- private is the modified Read-write community string

read-write-all       secret 
.... 
....
--<snip>--

Disable/Remove SNMP Community Strings

Follow these steps to disable or remove SNMP community strings on a catalyst switch.

Telnet to the Catalyst Switch (the Catalyst 5500 is used in the example below):
```
prompt# telnet 172.16.99.55
```
Enter the enable mode by entering the enable password at the prompt:
```
Cat5500>enable 
Password: 
Cat5500>(enable)
```

To delete/remove the Read-only (RO) community string, use the command below:

Cat5500> (enable) set snmp community read-only 
SNMP read-only community string cleared

To delete/remove the Read-write (RW) community string, use the command below:

Cat5500>(enable) set snmp community read-write 
SNMP read-write community string cleared

Verify that the community strings have been deleted/removed. Here is an example:

Cat5500> (enable) show snmp 

RMON:                    Enabled 
Extended RMON:           Enabled 
Extended RMON Netflow:   Enabled 
Extended RMON Vlanmode:  Disabled          
Extended RMON Vlanagent: Disabled        
SPAN Configuration: 
Traps Enabled: 
Port,Module,Chassis,Bridge,Repeater,Vtp,Auth,ippermit,Vmps,config,
   entity,stpx,syslog          
Port Traps Enabled: 3/1-9,4/1-24,7/1-12,9/1-16,10/1-12,11/1-24 
Community-Access   Community-String 
----------------   ------------- 
read-only 
read-write 
.... 
....
--<snip>--

As you can see, the column for "Community-String" above is blank. This indicates that both the read-only and read-write community strings have been deleted or removed.

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.

NetPro Discussion Forums - Featured Conversations for Network Management

Network Infrastructure: Network Management

Virtual Private Networks: Network and Policy Management

Related Information

Updated: Oct 26, 2005

Document ID: 7282

Hierarchical Navigation

IP Application Services