SNMPv2, defined in RFCs 1901 and 1902, is an evolution of the initial SNMPv1. SNMPv2 offers improvements to SNMPv1, including additional protocol operations. The Get, GetNext, and Set operations used in SNMPv1 are exactly the same as those used in SNMPv2. The SNMP Trap operation serves the same function as in SNMPv1, but it uses a different message format.
SNMPv2 defines two new protocol operations:
- GetBulk: Reduces repetitive requests for MIB variables.
- Inform Request: Alerts an SNMP manager about specific conditions with confirmation.
The NMS manager uses the GetBulk operation to retrieve large blocks of data, such as multiple rows in a table. This is more efficient than repeating GetNext commands. If the agent responding to the GetBulk operation cannot provide values for all the variables in a list, it provides partial results. The Inform operation allows one NMS manager to send trap information to other NMS managers and to receive information. The difference between Inform Request and Trap is that Inform Request requires an acknowledgment. Another improvement is that data type values can be 64 bits.
Table 5-6 summarizes SNMP message types.
Table 5-6 SNMP Message Types
| SNMP Message | Description |
| Get Request | Retrieves the value of a specific MIB variable. |
| GetNext Request | Retrieves the next issuance of the MIB variable. |
| Get Response | Contains the values of the requested variable. |
| Set Request | Modifies the value of an MIB variable. |
| Trap | Transmits an unsolicited alarm condition. |
| GetBulk | Reduces repetitive requests for MIB variables. |
| Inform Request | Alerts an SNMP manager about specific conditions with a confirmation. |
SNMPv3
SNMPv3 was developed to correct several deficiencies in the earlier versions of SNMP, especially related to security. SNMPv3, defined in RFCs 3410 through 3415, provides authentication and privacy via usernames and access control through key management. SNMPv3 also verifies each message to ensure that it has not been modified during transmission. SNMPv3 removes the use of community-based authentication strings sent in plaintext over the network. It is recommended that SNMPv1 and SNMPv2 be used only for read-only access and that SNMPv3 be used with read/write access.
SNMPv3 introduces three levels of security:
- noAuthNoPriv: No authentication and no encryption
- authNoPriv: Authentication and no encryption
- authPriv: Authentication and encryption
Authentication for SNMPv3 is based on the Hash-based Message Authentication Code–Message Digest 5 (HMAC-MD5) and HMAC–Secure Hash (HMAC-SHA) algorithms. The Cipher Block Chaining–Data Encryption Standard (CBC-DES) standard is used for encryption.
Table 5-7 summarizes SNMP security levels.
Table 5-7 SNMP Security Levels
| Version | Level | Authentication | Encryption |
| SNMPv1 | NoAuthNoPriv | Community string | None |
| SNMPv2 | NoAuthNoPriv | Community string | None |
| SNMPv3 | NoAuthNoPriv | Username | None |
| SNMPv3 | AuthNoPriv | MD5 or SHA | None |
| SNMPv3 | AuthPriv | MD5 or SHA | DES, 3DES, AES |