SNMP

SNMP is the most commonly used network management protocol. Currently, Cisco IOS Software supports different security models in SNMPv1, SNMPv2, and SNMPv3. The SNMP security level defines the cryptographic security services that are applied to an SNMP session. SNMPv1 and SNMPv2 are not secure protocols. The only authentication mechanisms available in SNMPv1 and SNMPv2 are community strings. Therefore, SNMPv3 should be used whenever possible. If SNMPv3 cannot be used, you should at least use secure SNMPv1 or SNMPv2 by using an uncommon, complex community string, and by enabling read-only access. If community strings are also used for SNMP traps, they must be different from community strings for the get and set methods. This is considered best practice and it also avoids unrelated issues in the Cisco IOS Software.
SNMP is the most commonly used network management protocol. Currently, Cisco IOS Software supports different security models in SNMPv1, SNMPv2, and SNMPv3. The SNMP security level defines the cryptographic security services that are applied to an SNMP session. SNMPv1 and SNMPv2 are not secure protocols. The only authentication mechanisms available in SNMPv1 and SNMPv2 are community strings. Therefore, SNMPv3 should be used whenever possible. If SNMPv3 cannot be used, you should at least use secure SNMPv1 or SNMPv2 by using an uncommon, complex community string, and by enabling read-only access. To configure read-only access for SNMPv1 or SNMPv2, specify the SNMP community using the snmp-server community command followed by the community string and include ro to designate the community as read-only.
SHA-1 authentication can be configured for SNMPv3 using either the authNoPriv or authPriv access modes. However, SNMPv1 and SNMPv2 do not support SHA-1 authentication.
AES encryption can be configured for SNMPv3 using the authPriv access mode. However, SNMPv1 and SNMPv2 do not support AES encryption.