Note the features of the different SNMP versions:
SNMPv1 and SNMPv2c use community strings for authentication. SNMPv3 is similar if not configured with authentication or encryption, in which case, it only uses the configured username.
Note authNoPriv and authPriv. You’ll certainly have a question on the exam that asks for the valid SNMPv3 configuration modes.
Here is an example of proper security of SNMPv2c:
- The GET command, or what you’d call NMS polling, is configured in the first line, with community string name defined and the ro (read-only) operator followed by a mandatory ACL number for restriction.
- Traps sourced by configured alarm parameters on the device are configured with the second line, which specifies the host and ideally a different community string than what was used for the GET.
- Note: SET commands would be configured as part of a rw (read-write) command, and are not a good security practice – use SNMPv3 if write access is required.
Stuck-in-Active: Journal of an IT-Network Administrator 