This reply was originally posted by Mik on APC forums on 10/29/2014
Hello Angela,
I use snmpwalk, snmpget, snmpbulkwalk, snmpgetbulk. Actually it's all the commands that most monitoring application use to retrieve informations on *nix platforms.
In my previous message I wrote that I used AES but actually I tested it with DES. The AP7920 supports only DES.
However I just found where was the problem. The ACL needs to be enabled explicitly. That is very strange because with most other vendors (Cisco for example) no filtering is applied when the ACL is disabled. Here yes 
So it works but the snmpwalk very very slow when snmpv3 is used.
The full snmpwalk takes 7s with snmpv1 and...x with snmpv3. The overhead is very important.
I wondering if you could test it and let the developpers know about it.
Also regarding the password and passphrase length because the password according to RFC2574 should be at least 8 characters long. So most people expect their password between 8 and 14 characters to work fine.
But APC devices require 15 characters minimum. I think this is not right.
In a production network you tend to configure one snmp user that will poll (read) all the devices (APC, Cisco, Juniper, etc) so the same login/password is used. Now if one day a customer (who use a 8 characters long password) buys APC devices and want to poll them in snmpv3 (with security of course) he will have either, to create a specific use a new login/password to monitor APC devices only or change the password on all of his other devices so that the password length will be 15 characters long at least.
Moreover, when you configure a 9 character passwords in CLI, the system write "bad data" after you apply the changes. "bad data" is not very very explicit, at least it should return a message saying "password should be minimum 15 characters long"
Fourth point DES is not considered as secured. People tend to use 3DES or AES
If you could transmit this to the developpers, I'm sure APC clients will enjoy these improvements.