Simple Network Management Protocol (SNMP) is a network protocol used to manage TCP/IP networks. In Windows, the SNMP service -- also known as the SNMP agent -- is used to provide status information about an SNMP host on a TCP/IP network.
SNMP provides security by using community names and SNMP authentication traps. An SNMP trap is an event notification message sent by the SNMP Trap service running on an SNMP host. The SNMP trap is sent to other SNMP hosts or to an SNMP management system, which are known as trap destinations.
You can restrict SNMP communications for the SNMP agent, allowing it to communicate with only a specific list of communities.
SNMP Security controls
Send authentication trap: Specifies whether to send an SNMP trap message to all trap destinations if this SNMP host receives an SNMP request from an SNMP host or community that is not listed on the Security tab. Authentication is the process of verifying that a host name or address is valid. When the SNMP agent receives a request that does not contain a known community name or that is not sent from a member of the acceptable hosts list, the SNMP agent sends an authentication trap message to one or more trap destinations, indicating the failure of authentication. This check box is selected by default.
Accepted community names: Lists the community names whose member SNMP hosts are authenticated to send SNMP requests to this computer. A community name acts as a password that is shared by one or more SNMP hosts.
Accepted community names are used to authenticate incoming messages only. To check outgoing messages, add the SNMP host as a trap destination on the Traps tab.
The SNMP Trap service requires at least one community name. Public is the default community name that is accepted in all SNMP implementations. You can add multiple community names, and delete or change the default community name. If an SNMP request is received from a community that is not on this list, the request will generate an authentication trap.
Caution | |
If you remove all the community names including the default name Public, SNMP will not respond to any community names presented. |
- Add: Adds a community name and
associated permissions to the list of communities that can send
SNMP requests to this SNMP host. Use the following permission
levels to specify how this SNMP host processes SNMP requests from a
selected community:
- None: Prevents this host from
processing any SNMP requests.
- Notify: Allows this host to send only
SNMP traps to the community.
- Read Only: Prevents this host from
processing SNMP SET requests. SNMP managed objects have default
values specified by the agent. Some applications may request to
modify these values with the SNMP SET command.
- Read Write: Allows this host to
process SNMP SET requests.
- Read Create: Allows this host to
create new entries in the SNMP tables.
- None: Prevents this host from
processing any SNMP requests.
- Edit: Provides a dialog box to edit
the selected community name and its permissions.
- Remove: Removes the selected community
name from the list.
Accept SNMP packets from any host: Specifies that all SNMP packets from all SNMP hosts belonging to any community listed in Accepted community names are processed. No SNMP packets are rejected on the basis of the host name or IP address of the source host or the list of acceptable hosts. This check box is selected by default.
Accept SNMP packets from these hosts: Lists the SNMP hosts and SNMP management systems that can send SNMP requests to this SNMP host. This setting provides a higher level of security than use of a community name, which can contain a large group of hosts. You can add the names of any SNMP host or SNMP management system that belong to any community listed in Accepted community names. Only SNMP packets received from the hosts in this list are accepted. All other SNMP messages are rejected, and then authentication traps are sent.
- Add: Adds a specific SNMP host name or
SNMP management system to the list of acceptable sources.
- Edit: Provides a dialog box to edit
computer name or IP address of the selected SNMP host.
- Remove: Removes the selected SNMP host
or SNMP management system from the list.
Additional references
For more information about SNMP, see Simple Network Management Protocol in TCP/IP Fundamentals for Windows in the Microsoft TechNet Technical Library at http://go.microsoft.com/fwlink/?LinkId=66006.