-----Original Message----- From: Gro-Anita Hillestad Vindheim [mailto:gro-anita.vindheim@ntnu.no] Sent: 20. mai 2009 10:08 To: nav-users@uninett.no Subject: How does NAV use snmp read and write communities when both are present ?

A very long subject, repeated here:

How does NAV use snmp read and write communities when both are present ?

Correct me if I am wrong, but I think the data collector is only using its RO permissions while collecting data from the devices. AFAIK only (currently) Arnold will utilize SNMP RW while interacting with the devices (quarantine VLANs, blocking users, etc) as it requires shutdown/access vlan settings to be changed on the switchports.

Untill now, we have only used snmp read on our core boxes. We are going to deploy vlanAdmin on some core boxes, and thus we need to register snmp write communities for these. We'll use snmpview-functionality to control the permission for the snmp write community.

Will this affect the NAV data collection in any way, or does all collection use snmp read even with snmp write present?

No, as long as you are not changing your RO settings on your devices, you have nothing to worry about as far as NAV is concerned. Adding a RW SNMP string to a device, is a separate config setting than RO and will typically look like this for SNMPv1/v2 (for typical Catalyst IOS switches):

snmp-server community abitsecret RO snmp-server community supersecret RW <- This is what you'll be adding

And no, adding a RW community will not impact your data collection in any way afaik.

(I think NAV uses snmp read, and that everything will work fine, I just have to check... )

I would think so too :-)

Good luck with your vlanAdmin project!

------------------------------------------------------ Vidar Stokkenes Networking Consulant Networking and telecom Department HN IKT - Tromsø

Tlf: 76 16 61 87 / 77 66 99 55 Cell: 95 87 99 42 e-mail: vidar.stokkenes@hn-ikt.no

 Before printing, think about the environment