Unable to configure SNMP v3 Access Control in NMC4 on Galaxy VS 10kW

Matt13 · ‎2025-04-23

I've been trying to configure the SNMP v3 Access Control on a NMC4 on Galaxy VS 10kW.

However, i recieve the following message.

"Per host filtering is not currently supported. Configure the firewall instead"

Unfortunately i have no idea what that means? On NMC 3's and 2's I normally add the IP address of our EcoStruxure IT gateway. This then allows us to detect the device and view it EcoStruxure IT.

Teken · ‎2025-04-24

Under SNMP v3 is the Access tab enabled?!? Followed by configuration the User Profile & Encryption / Cypher.

Lastly, under Access Control (enabling) then entering the user / IP Address of the NMS?!?

The enable box in your image capture is not checked off.

Questions Ask . . . 👍

Matt13 · ‎2025-04-25

Yes the ENMPv3 Access box is ticked. In the Configure SNMPv3 User Profiles section I have added the username authentication and privicy passphrase's and chosen the relvent protocols.

It's the "Per host filtering is not currently supported. Configure the firewall instead" I do not understand as this seems to be new on the NMC4 cards. I have never configured the firewall setting on the card and do not have access to the company firewall.

Teken · ‎2025-04-25

Please call out the specific NMC SKU and current firmware installed under the About Tab -> NMC.

Questions Ask . . . 👍

Matt13 · ‎2025-04-25

Please see the attached screengrabs

Teken · ‎2025-04-25

Report back the results of using the following IP Address: 0.0.0.0 for SNMP v3.

As a break fix / work around please test what happens using SNMP v1.

Questions Ask . . . 👍

Matt13 · ‎2025-04-28

0.0.0.0 works, thank you.

However i'd still like to resolve the issue so i can point it to our EcoStruxure IT gateway server. Would this still be a security risk until then?

Teken · ‎2025-04-28

Can you expand on what you mean by security risk?!?!

Matt13 · ‎2025-04-28

So this is in the SNMP v3 access control system of the NMC. I normally enter the IP address of the EcoStruxure IT gateway on all our other devices. This was at the request of our Cybersecurity team. I presume that meant that it device would only accept certain information from that exact IP address, not any others? Entering 0.0.0.0 seems like a bit of a botch or something that the cybersecurity team may pick up and question me on.

Please excuse me if I am incorrect, i am not a cybersecurity expert.

Teken · ‎2025-04-29

At a high level my suggestion to use IP 0.0.0.0 via SNMP v3 & SNMP v1 was to help identify and narrow down some possibilities.

This problem should be attacked on three fronts.

Create a service request with APC Technical Support and provide them a link to this specific thread and any other relevant information.

Engage your management and cybersecurity team and advise them of the problem and current *Break Fix* in place or request they advise you for next steps.

You may continue to ask and provide more information here in hopes of finding the root cause and solution.

As it relates to using 0.0.0.0 on SNMP v3. It already uses authentication and encryption which limits the risk but your concern is valid that using it is an attack surface to be exploited.

Even if very remote in nature and possibility.

You may also consider using v1 to see what the results are too and report back the outcome.

In the NMC please upload a screen shot of the network tab. The main page will show an overview of what’s enabled vs not.

Please also upload what the following pages / tabs are set to under security, firewall, 802.1X, Remote User, Radius etc.

Questions Ask . . . 👍

Unable to configure SNMP v3 Access Control in NMC4 on Galaxy VS 10kW

Unable to configure SNMP v3 Access Control in NMC4 on Galaxy VS 10kW

This is a heading