snmp-server community [string] [ro|rw]
Configures an SNMP community string on a Cisco IOS device to allow SNMP access with read-only or read-write privileges for network monitoring and management.
snmp-server community [string] [ro|rw]When to Use This Command
- Setting up a read-only community string for network monitoring tools like SolarWinds or PRTG to poll device statistics without making changes.
- Configuring a read-write community string for a network management system that needs to modify device configurations or reset interfaces remotely.
- Creating multiple community strings for different management stations with varying access levels for security segmentation.
- Temporarily enabling a read-write community string during maintenance to allow automated scripts to push configuration changes.
Command Examples
Basic read-only community string
snmp-server community public roThis command sets the SNMP community string to 'public' with read-only (ro) access. No output is generated upon successful configuration. Use 'show running-config | include snmp' to verify.
Read-write community string with ACL restriction
snmp-server community private rw 10Sets community string 'private' with read-write (rw) access, restricted by access-list 10. The ACL must permit the NMS IP addresses. No output on success; verify with 'show snmp community'.
Understanding the Output
The command itself does not produce output. To verify SNMP community configuration, use 'show snmp community' or 'show running-config | include snmp-server community'. The 'show snmp community' output displays each community string, its access level (RO or RW), and any associated ACL. For example: 'Community name: public, Access: read-only, ACL: none'. A good configuration shows the intended community strings with correct access. A bad configuration might show missing communities or incorrect ACLs. Watch for unintended read-write communities that could pose a security risk.
CCNA Exam Tips
CCNA exam may test that 'snmp-server community' is configured in global config mode, not interface mode.
Remember that 'ro' allows only SNMP GET operations, while 'rw' allows GET and SET operations.
The exam might ask about restricting SNMP access using an ACL: 'snmp-server community string rw <acl-number>'.
Be aware that the default community string 'public' with read-only access is often pre-configured and should be changed for security.
Common Mistakes
Using 'rw' when only monitoring is needed, exposing the device to unauthorized configuration changes.
Forgetting to apply an ACL to limit which management stations can use the community string, leading to security vulnerabilities.
Typing 'snmp-server community' in interface configuration mode instead of global configuration mode, resulting in an error.
Related Commands
access-list [1-99] permit|deny [source]
Creates a standard numbered access list (1-99) to permit or deny traffic based on source IP address, used to filter packets entering or leaving a router interface.
snmp-server host [ip] [string]
Configures the SNMP server to send SNMP notifications (traps or informs) to a specified host, using a community string for authentication.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions