By 2024 there’ll be an estimated 83 billion connected devices on our networks. All these devices, made by a wide variety of vendors, use different types of software, making everything more complicated for IT staff trying to get network devices working together. Simple Network Management Protocol (SNMP) acts like a magic wand to untangle that ball of yarn with a simple gesture. Without it, monitoring the health of every device on a network would be like trying to untangle a ball of yarn that’s been attacked by a dozen furious cats.

cat playing with ball of yarn

So, what is SNMP, and how’s it “magical”?

SNMP is a basic network protocol designed to collect and report data from network devices connected to IP networks. While it can be used to alter the behavior of connected devices by modifying the gathered information, the primary use of SNMP in most networks is for read-only functions.

Except for consumer-grade network gear, most devices that can be networked support SNMP, as it’s become the essential framework that enables different devices to communicate and share information, regardless of the device’s vendor or the software it runs.

SNMP is also necessary for network management because, without it, it would be nearly impossible for a network monitoring solution to identify devices and monitor their performance.

There are currently three key versions of SNMP available, namely SNMPv1 – the original, SNMPv2, and SNMPv3. Let’s take a quick look at SNMPv1, but the main focus of this article will be SNMPv2 vs. SNMPv3. You’ll see why.

What is SNMPv1?

SNMPv1 is the original version of the Simple Network Management Protocol. SNMP was first introduced in 1988 by a group of university researchers to monitor networked devices over TCP/IP networks. By 1990, the Internet Architecture Board (IAB) approved SNMP as an internet standard.

Some basic commands of SNMPv1 include:

  • GET. The manager sends a “get” request to the managed device or agent to retrieve a value.
  • GETNEXT. Like the “get” command, the “getnext” command retrieves a value but from the next OID in the MIB.
  • SET. This is a command instructing the agent to make a change.
  • TRAP. An snmp trap is a one-way message from the agent to the manager to inform of an event.
  • RESPONSE. Returns the answer to the query initiated by the manager.

In the IT world, SNMPv1 is the equivalent of a dinosaur that hasn’t quite gone extinct. It’s still in use today as it provides the most basic functionality required for data polling without using significant resources.

However, the reason it doesn’t require a lot of resources is also a big part of its main drawback. SNMPv1 has very basic security and doesn’t include any encryption algorithms.

In SNMPv1, an agent (the device being monitored) is paired with a random set of managers (your network management solution), forming a community. Each community is provided a name, which is referred to as a community string. And here’s where security issues arise. The community string is sent in clear text when a query is made, and since most devices have the string set to ‘public,’ this can lead to a host of security issues. This very primitive authentication method makes it easy for an unauthorized device to connect to the network and gather information or make changes.

Another drawback of SNMPv1 is that it only supports 32-bit counters, which is very limiting for today’s networks. With the interface throughput on some links reaching hundreds of gigabits per second, 32-bit counters can easily roll-over between polling intervals.

Let’s be clear: No matter how you look at it, SNMPv1 should be considered obsolete. It has no safe application in today’s networks where security is more important than ever.

What is SNMPv2?

As networks grew and usage increased significantly, a newer version of SNMP was developed. SNMPv2 brings 64-bit counters to the table, as well as improvements in security, a greater degree of flexibility when establishing hierarchical management structures, and simpler Management Information Base (MIB) discovery.

SNMPv2 also introduces new commands for easier use. This protocol introduced commands like “GETBULK”, allowing a manager to request multiple variables from an agent in one message. “INFORM” altered the way that “Traps” worked in SNMPv1. The new “Inform” command requires the manager to respond to the agent, essentially confirming receipt of the message.

SNMPv2 has three different versions, namely SNMPv2c, SNMPv2u, and SNMPv2. The standardized version is in fact SNMPv2c. Therefore, when someone refers to SNMPv2, they actually mean SNMPv2c. In reality, we could have titled this blog post “SNMPv2c vs SNMPv3”, but it’s kind of a mouthful.

SNMPv2 introduced a new security system that, unfortunately, limited the adoption of this new protocol. SNMPv2c was developed in response, removing the new security system and reverting to the familiar community-based approach. So while SNMPv2c brought improvements in areas such as protocol packet types, MIB structure elements, and transport mappings, it still has the same security flaws as its predecessor. But ease of use, combined with its additional functionality, means SNMPv2c is still widely in use today. However, it tends to be limited to internal networks because of its security flaws.

Worth noting: Many devices allow you to set up Access Control Lists (ACL) or Approved Managers Lists, that limit who can access SNMP data. While this addresses some secure access concerns of SNMP, it does not address the privacy and encryption concerns.

SNMPv2c’s security may be good enough for internal networks, but it should never be considered an option for public or internet-facing devices. It’s simple authentication system and lack of encryption makes networks vulnerable to a wide range of threats.

What is SNMPv3?

Building on its predecessors, SNMPv3 was developed in 1998 to address mounting security issues. It introduces three new elements: SNMP View, SNMP Groups, and SNMP Users.

These three elements ensure that every interaction with a device on the network is effectively authenticated and encrypted, significantly reducing the risk of unauthorized parties gaining access to read/write data.

With SNMP, you have a lot of access to the devices on a network. With a bit of work, you can discover the authentication credentials of a machine. It’s one of the key network discovery techniques that malicious actors can use to learn about an organization they’re targeting. SNMP view restricts this ability by allowing you to define information users can access. For example, you can define a view that permits one group of users to see only the interface statistics of a specific set of devices, and another view that permits a different group of users to see hardware health information.

SNMP groups define the type of access for users, namely read-only or read/write. It also defines the type of security that is active when interacting with the device. An SNMP user is added to a group to define what level of access they have, and the level of security involved. At this point, a username is created, along with the password and the level of authentication and encryption. The SNMP group is then associated with an SNMP view, defining what the user can see.

This user-based model ensures a higher level of security over previous versions of the protocol. SNMPv3 also makes it easy for administrators to enforce role-based access control, as there is no limit to how many individual usernames can be generated. And whenever someone wants to obtain information, they must enter a username and password, which was previously not the case.

SNMPv3 also introduced encryption methods such as SHA, MD5, and DES to increase security and prevent data tampering and eavesdropping without requiring an overwhelming amount of resources. It should be noted, though, that encryption systems only work if authentication has been enabled.

There aren’t any other major functionality changes to SNMPv3 beyond the security enhancements. When comparing SNMPv2 vs SNMPv3, you’ll see that there are no new operations, for example. There are however a few minor changes to be aware of.

For example, in SNMPv3, the terminology of “manager” and “agent” was eliminated and replaced with “SNMP entities.” Each entity consists of an SNMP engine (similar to the “agent” in previous versions) along with one or multiple SNMP applications (similar to the “manager” in previous versions).

In terms of security, SNMPv3 is a clear step beyond SNMPv2c. But like any system, SNMPv3 has its drawbacks, chief of which is the multiple variables that need to be configured, including usernames, passwords, authentication protocols, and privacy protocols. Misconfiguration is a serious concern.

SNMPv3 is the preferred protocol to use on public and internet-facing devices.

SNMPv2 vs. SNMPv3: A comparison table

Here’s a table of critical differences between SNMPv2 vs. SNMPv3 that will help you to choose the best version of this protocol for your network. Note: As SNMPv2c is more common than SNMPv2, we’ll focus on that specific protocol in the table.

While SNMPv3 should generally be the only choice due to enhanced security, SNMPv2 can be helpful in certain situations, as it’s less complex than v3. However, we recommend that it never be used on public and internet-facing networks as the security risks are far too significant.

SNMPv2 vs. SNMPv3: Which one?

For now, SNMP is still a necessity. It may be long in the tooth, and could do with an upgrade, for now it’s still the best vendor-agnostic network monitoring protocol.

The question still arises between SNMPv2 vs. v3 – which is better? And no, there is no situation in which SNMPv1 is a good option. If you’re still using it, then you need to update now.

The main differences between the two versions are linked to security. Yes, SNMPv3 does away with the idea of managers and agents, but that’s just so the new security protocols can be implemented effectively. However, these additional security methods make SNMPv3 more complex and harder to configure, especially when you consider how many variables are involved.

Essentially, SNMPv3 is a good option for any network, and should definitely be used on public and internet-facing networks to protect against security risks and threats. SNMPv2 should be limited to low-risk internal networks.

No matter what, you’ll want to ensure the network and system security of your network monitoring system meets or exceeds the level of security you’re enabling SNMP on and deploying your network monitoring system to.

💡Pro tip: Curious what else is out there besides SNMP, check out our article on SNMP alternatives.

Get templates for network assessment reports, presentations, pricing & more—designed just for MSPs.

Ebook cover - The Ultimate Guide to Selling Managed Network Services
  1. HT Avatar

    What about the ports used? Is there a difference between SNMP v2c and SNMP v3 for the ports that need to be enabled on firewalls?

    1. Steve Petryschuk Avatar
      Steve Petryschuk

      Hi HT – Great question. There is no difference in the ports used for SNMP v2c vs SNMP v3. They both use port UDP 161 for polling, and UDP 162 for notifications / traps. Note that TCP ports 161 and 162 can be used for SNMP, but it is most often UDP.

Leave a Reply

Your email address will not be published. Required fields are marked *