SNMPv1 vs. V2c vs. V3 – SNMP Versions Comparison

约旦麦克弗森 Published: October 10, 2022

曾几何时,简单网络管理协议(SNMP)只有一个版本. It was used to monitor and manage all network 设备, and those 设备 used it to communicate with one another. 然而, over time, different SNMP versions have arisen.

Today, we have SNMPv1, SNMPv2, and SNMPv3. But, what’s the difference, and SNMP是如何工作的 within the different variations? Can these different versions coexist within the same network?

Important Components of Different SNMP Versions

Before we explore the different SNMP versions and what each offers, let’s touch quickly on the 设备 that use them.


SNMP 设备 include anything connected to your organization’s network. That includes things like:

  • 路由器
  • 开关
  • 防火墙

然而, 它还包括您可能不会自动认为是“设备”的其他组件。, 如:

  • 闭路电视摄像头
  • 负载平衡器
  • 十大赌博正规老平台器

SNMP versions and vulnerabilities - network switch with cables


SNMP为什么重要? 没有这个 type of network management protocol, no device on the network could communicate effectively with others. In essence, there would be no network. 毕竟, if your server cannot communicate with the router, or the firewall cannot communicate with other 设备, there’s no interconnectivity.

然而,每个SNMP版本都是不同的,并且会带来一些其他的东西. 有什么不同?? Continue reading below to find out.

What Are Community Strings?

社区字符串是ID或密码与GET请求的组合,用于从启用snmp的设备(路由器)访问数据, 开关, 防火墙, 等.). SNMP团体字在您的网络设备上是只读的(SNMPv1和SNMPv2c)或读写的(SNMPv3). 如果您计划使用读写,出于安全原因,您可能希望使用SNMPv3.


访问控制列表(acl)是将权限分配给特定用户的规则集, 设备, 或者交通类型. acl还可以用于为您的SNMP配置添加额外的安全层 improve network performance by restricting traffic to essential services only.

如果您是Cisco Meraki用户,请记住您必须将设备列入SNMP查询的白名单.


We’ll start the discussion with SNMPv1, the initial version.


As you might suspect, SNMPv1 is the original version and the oldest. 它也是最容易设置的,因为您所需要的只是一个明文社区. 然而, that ease of setup acts as a weakness today. With only a string of plaintext, even if limited to a range of authorized IP addresses, v1 doesn’t offer much in the way of security. This wasn’t originally a problem because threats had yet to evolve, 但在当今世界, it’s simply too much risk.

SNMP Version 1 Vulnerabilities

Many SNMP version 1 vulnerabilities exist. 然而,其中一个关键问题是通过网络发送的消息是未加密的. 换句话说, 任何有数据包嗅探器的不良行为者都可以毫不费力地读取社区字符串. 一旦发生这种情况,攻击者就可以创建一个欺骗的IP地址并与网络进行交互.

SNMP v2c vs v3 in data center EOC


Next in line is SNMP v2c. What should you know about this version?


SNMP v2c is the second generation of this protocol. 但是,不要认为这意味着在功能或安全性方面的重大飞跃. In reality, v2c only added support for 64-bit systems. 这意味着它仍然存在影响v1的所有安全漏洞, including that messages are sent unencrypted across the network.


一句话,不. SNMPv2c is not particularly secure, although it was a slightly better iteration than the initial version.


Because it is simply a revamped version of SNMPv1, 攻击者可以利用相同的弱点,通过欺骗的IP地址轻松访问整个网络. SNMP V2c设备可能从制造商发货时使用PUBLIC作为团体字符串名称,但这并没有帮助. 在您的网络上启用社区字符串之前,请确保在您的设备上定制了社区字符串.

network engineer using SNMP types and community strings





As the name suggests, SNMPv3 is the third (and final) version of SNMP. 它是专门为解决前两代中非常突出的安全漏洞而开发的. 它还向表中添加了三个新元素,包括SNMP View、SNMP Groups和SNMP Users.

Which Encryption Algorithms Can SNMPv3 Use?

SNMPv3可以使用几种不同的安全加密算法来帮助创建更安全的网络. These include SHA, MD5, and DES. 更重要的是, it can use them without requiring a massive amount of system resources, leaving additional resources for other network needs. 注意,安全性增强是开发SNMPv3的主要原因, so there are no additional major functionality enhancements.


SNMPv3 works very similarly to v1 and v2. 流量从各种各样的源(设备)流过网络。. SNMP与整个网络以及组成该网络的所有设备进行通信. 在大多数设备中,它是预先配置的,尽管有些设备需要管理员启用它. Once enabled, all 设备 will begin storing performance statistics.

SNMP is based on the shared resource management model, in that every device contributes to managing the system’s resources. 协议数据单元(称为SNMP GET请求)被发送到不同的设备. 这些通信由网络监控工具跟踪,然后用于从SNMP获取数据.

SNMP V2 vs V3: Can They Coexist?

Can you use SNMP v2 and v3 on the same network? 虽然两者都基于相同的基本原则,但您不能(也不应该)这样做。. They’re best used in different applications. Because of its improved security, SNMPv3更适合在公共和面向internet的网络上使用.

V2 is best used only on low-risk, internal networks. 和, 澄清一下, if you’re still running SNMPv1, it’s beyond time for you to upgrade to something sounder

在当今的IT环境中,对许多组织来说,威胁建模是一个重要的过程. When it comes to security requirements, security threats and vulnerabilities, 临界, 修复方法, there is no right solution for everyone. While SNMPv3 leverages 2-password encryption for increased security, it is not extremely common or easy-to-use. 您可以使用只读v2c和ACL来实现足够的安全性,而不必在v3上使用双密码加密.

