Wrong SNMP Community String — NMS Cannot Poll Device
Presenting Symptom
The NMS cannot poll the router via SNMP, returning 'No response from device' or 'Timeout' errors.
Network Context
A small branch office with a Cisco ISR 4331 router running IOS XE 16.9. The router is managed by a central NMS (e.g., SolarWinds or PRTG) over the WAN. SNMPv2c is configured with a read-only community string. The NMS is configured to use community string 'public', but the router has 'private' configured.
Diagnostic Steps
Verify SNMP configuration on the router
show running-config | include snmp-serversnmp-server community private RO snmp-server location Branch_Office snmp-server contact admin@example.com
Check the configured community strings. If the community string shown does not match what the NMS is using, that is the likely cause.
Test SNMP connectivity from the NMS or a test host
snmpwalk -v2c -c public 192.168.1.1 .1.3.6.1.2.1.1Timeout: No Response from 192.168.1.1
If using the wrong community string, the SNMP request times out. A successful response would show system description. This confirms the community mismatch.
Check SNMP statistics on the router
show snmp statisticsSNMP packets input: 0 SNMP packets output: 0 SNMP packets input version 2c: 0 SNMP packets input bad community: 5
Look for 'bad community' count. If it is incrementing, the NMS is sending requests with an incorrect community string.
Verify NMS configuration (if accessible)
Check NMS device settings for SNMP community stringCommunity string: public (or whatever is configured)
Confirm the NMS is using the community string that does not match the router. This step may be performed by the network engineer on the NMS console.
Root Cause
The SNMP community string configured on the router ('private') does not match the community string configured on the NMS ('public'). SNMPv2c uses community strings as a simple authentication mechanism; if they don't match, the router discards the request and increments the 'bad community' counter.
Resolution
Verification
Run the following commands to confirm the fix: show running-config | include snmp-server Expected output: snmp-server community public RO From the NMS or test host: snmpwalk -v2c -c public 192.168.1.1 .1.3.6.1.2.1.1 Expected output: SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, ISR 4331... Also check: show snmp statistics Expected output: SNMP packets input bad community: 0 (or no increment)
Prevention
["Standardize SNMP community strings across all devices using a naming convention (e.g., 'readonly' for RO, 'readwrite' for RW).","Use SNMPv3 with authentication and encryption instead of SNMPv2c to avoid plaintext community strings and improve security.","Document the SNMP configuration in the network management database and ensure consistency between device configs and NMS settings."]
CCNA Exam Relevance
On the CCNA 200-301 exam, SNMP troubleshooting questions often appear as multiple-choice or drag-and-drop scenarios. The exam tests your ability to identify misconfigured SNMP community strings as a cause of NMS polling failures. Key fact: SNMPv2c uses community strings for authentication; a mismatch results in 'bad community' errors and no response.
Exam Tips
Memorize the command 'show snmp statistics' to check for bad community errors.
Remember that SNMPv2c community strings are case-sensitive and must match exactly between agent and manager.
In exam scenarios, if the NMS cannot poll, always check the community string first before checking ACLs or reachability.
Commands Used in This Scenario
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions