The SNMP Read-Only Community String is like a user id or password. It is sent along with each SNMP Get-Request and allows (or denies) access to a router's or other device's statistics. If the community string is correct, the device responds with the requested information. If the community string is incorrect, the device simply ignores the request and does not respond.
Most network vendors ship their equipment with a default password of "public". (This is the so-called "default public community string".) Many network administrators change the community string to keep intruders from getting information about the network setup. This is a good idea. Even if it's only read-access, an intruder can learn a lot about a network that could be used to compromise it.
If there's a "read-only community string", you might also expect to have one that would allow you to write to the device. There is, and it's called a "read-write community string". There is also a SNMP Set-Request, sent to set a certain SNMP MIB variable (OID) to a specified value. The read-write community string protects the device against unauthorized changes. (The read-write community string should never be set to 'public'!). Many SNMP-speaking devices also have IP address filters that ignore requests (read and write) unless the source address is on an access list.
There's also a SNMP Trap, which is an unsolicited message from a device to an SNMP console (such as Intermapper) that the device is in an interesting or unusual state. Traps might indicate power-up or link-up/down conditions, temperatures exceeding certain thresholds, or high traffic, for example. Traps provide an immediate notification for an event that might otherwise be discovered only during occasional polling.
Intermapper can retrieve data from devices using SNMP version 1, version 2c, or version 3. Each of these can access the same SNMP information, but through different means:
There are actually three community strings for SNMPv1-v2c-speaking devices:
By convention, most SNMPv1-v2c equipment ships from the factory with a read-only community string set to "public". It is standard practice for network managers to change all the community strings so that outsiders cannot see information about the internal network. (In addition, network managers may employ firewalls to block any SNMP traffic to ports 161 and 162 on the internal network.)
Still have questions? We can help. Submit a case to Technical Support.