The Curse of Multiple SNMP Community Strings
NNM starts with a single global default community string, which is initially set to “public.” You can also inform NNM about specific community strings based on a range of IP addresses (wildcard), or community strings for specific devices. Security conscious network managers often use a variety of community strings to prevent hackers/ crackers from obtaining information about the network from SNMP agents. It is the author’s experience that tremendous grief results from this approach to security, and so, wherever practical, access lists (such as those used in the Cisco IOS to limit access to a service via a list of allowed clients) should be used instead.
You may receive push-back from system and network ...
Get OpenView Network Node Manager: Designing and Implementing an Enterprise Solution now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
