Note: Different IEDs may support different SNMP versions, please check this before configuring Tekron clocks with a specific version.
Click the link to read about What is SNMP
SNMPv1
SNMP v1 is the first implementation of the SNMP protocol and operates over UDP, IP, Connectionless Network Service (CLNS), Apple Talk Datagram – Delivery Protocol (DDP) and Novell Internet Packet Exchange (IPX).
SNMPv1 is criticized for its poor security. Authentication of clients is performed only by a “community string”, which is a type of password sent with no encryption.
By default: -
the public community string is Read-only (R/O)
the private community string is Read and Write (R/W)
On the Tekron clocks: -
The Name 1 field is the “private” community string (R/W)
The Name 2 field is the “public” community string (R/O)
SNMP v2
This release includes improvements in security, confidentiality and manager to manager communications. It introduced GetBulkRequest as an alternative to iterative GetNextRequests for retrieving large amounts of data in a single request. The new security was deemed by many to be overly complex and was not widely accepted.
SNMP v2c (Community-Based SNMP) was introduced after SNMPv2. It is essentially the same as SNMPv2 but without the controversial security model, instead sticking to the simple “community string” based security.
SNMP v2u is a further compromise that attempts to offer greater security than SNMPv1 but with less complexity than SNMPv2. SNMPv2u’s security mechanism was eventually adopted as one of the two security frameworks used in SNMPv3.
Only SNMPv2c gets endorsed by Internet Engineering Task Force (IETF). Tekron products use SNMPv2c instead of SNMPv2 for this reason.
SNMP v1 and SNMPv2c interoperability
As presently specified, SNMPv2c is incompatible with SNMPv1 in two key areas: message formats and protocol operations. SNMPv2c messages use different header and protocol data unit (PDU) formats to SNMPv1 messages. SNMPv2c also uses two protocol operations that are not specified in SNMPv1.
SNMP v3
SNMPv3 makes no changes to the protocol aside from the addition of cryptographic security. Visually, SNMPv3 looks very different to other SNMP versions due to new textual conventions, concepts, and terminology.
The main difference between SNMPv3 and older versions are the security and remote configuration additions made by SNMPv3. It introduced support for security models. Namely, SNMPv3 contains the specifications for the use of USM (User-based Security Model). A security model that defines the security policy within an administrative domain or an intranet.
SNMPv3 addresses issues related to the large-scale deployment of SNMP. Including fault tracing and management. Currently, SNMP is predominantly used for monitoring and performance management.
SNMPv3 also defines
- Device discovery and time synchronisation procedures
- The SNMP framework MIB
- The USM (User-based Security Model) and VACM (View-based Access Control Model) MIBs
SNMPv3 defines several security-related capabilities. The initial specifications defined the USM and VACM were later followed by a transport security model that provided support for SNMPv3 over SSH and SNMPv3 over TLS and DTLS.
- USM (User-based Security Model) provides authentication and privacy (encryption) functions and operates at the message level.
- VACM (View-based Access Control Model) determines whether a given principal is allowed access to a MIB object to perform specific functions and operates at the PDU level (protocol display units).
- TSM (Transport Security Mode) provides a method for authenticating and encrypting messages over external security channels. Two transports, SSH and TLS/DTLS, have been defined that make use of the TSM specification
- TLS (Transport Layer Security) provides privacy and data integrity checking between two or more communicating devices. Traditionally a server and client.