Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84572members
353845posts

AP7920 with snmpv3

APC UPS Data Center & Enterprise Solutions Forum

Schneider Electric support forum for our Data Center and Business Power UPS, UPS Accessories, Software, Services, and associated commercial products designed to share knowledge, installation, and configuration.

Solved
BillP
Administrator Administrator
Administrator
0 Likes
3
362

AP7920 with snmpv3

This question was originally posted by Mik on APC forums on 10/28/2014


Hello,

I have an AP7920 and I cannot get snmpv3 working with it. snmpv1 works fine

I have in the Snmp > Settings menu

SNMPv3 Access : Enabled

Snmp > SNMPv3 User Profile 1

User Name = mytest1234

Access Type = No Auth/No Priv

But it fails

$ snmpwalk -v 3 -u mytest1234 -l NoauthNoPriv 192.168.1.1

snmpwalk: Unknown user name

And it's the same with Auth/No Priv

$ snmpwalk -v 3 -u mytest1234 -a MD5 -A mystring123456789 -l authNoPriv 192.168.1.1

snmpwalk: Authentication failure (incorrect password, community or key)

And with Auth/Priv

$ snmpwalk -v 3 -u mytest1234 -a MD5 -A mystring123456789 -x AES -X azertyuiopqsdfghjklm -l authPriv 192.168.1.1

Timeout: No Response from 192.168.1.1


I accept changes after every change and logout before testing. I use the latest firmware version aos 374


Also the APC implementation looks like it doesn't comply fully with RFC2574. It specifies that passwords are at least 8 characters long but the AOS APC expects much more.

If we enter a 8 character strings for the passwords it displays "bad data" after we accept changes.



Has anyone succeed in making snmpv3 working ?

Tags (4)

Accepted Solutions
Desert_apc
Crewman
Crewman
0 Likes
0
362

Re: AP7920 with snmpv3

This was originally posted on APC forums on 5/20/2015


Mik,

It's a shame this thread was dropped.  Did you ever get v3 working? 

I'm having issue with it as well, this implemention is horrid.

~Desert

See Answer In Context

3 Replies 3
BillP
Administrator Administrator
Administrator
0 Likes
0
362

Re: AP7920 with snmpv3

This reply was originally posted by Angela on APC forums on 10/29/2014


Are you limited to trying this snmpwalk utility?

I am able to add/monitor a PDU using authentication/privacy on SNMPv3 to be monitored by a StruxureWare Data Center Expert - that is the only thing I currently have access to in order to speak SNMPv3 to devices. I added a PDU using the same firmware you mentioned. I used a 20 character authentication and privacy passphrase.

BillP
Administrator Administrator
Administrator
0 Likes
0
362

Re: AP7920 with snmpv3

This reply was originally posted by Mik on APC forums on 10/29/2014


Hello Angela,

I use snmpwalk, snmpget, snmpbulkwalk, snmpgetbulk. Actually it's all the commands that most monitoring application use to retrieve informations on *nix platforms.

In my previous message I wrote that I used AES but actually I tested it with DES. The AP7920 supports only DES.

However I just found where was the problem. The ACL needs to be enabled explicitly. That is very strange because with most other vendors (Cisco for example) no filtering is applied when the ACL is disabled. Here yes frown

So it works but the snmpwalk very very slow when snmpv3 is used.

The full snmpwalk takes 7s with snmpv1 and...x with snmpv3. The overhead is very important.

I wondering if you could test it and let the developpers know about it.

Also regarding the password and passphrase length because the password according to RFC2574 should be at least 8 characters long. So most people expect their password between 8 and 14 characters to work fine.

But APC devices require 15 characters minimum. I think this is not right.

In a production network you tend to configure one snmp user that will poll (read) all the devices (APC, Cisco, Juniper, etc) so the same login/password is used. Now if one day a customer (who use a 8 characters long password) buys APC devices and want to poll them in snmpv3 (with security of course) he will have either, to create a specific use a new login/password to monitor APC devices only or change the password on all of his other devices so that the password length will be 15 characters long at least.

Moreover, when you configure a 9 character passwords in CLI, the system write "bad data" after you apply the changes. "bad data" is not very very explicit, at least it should return a message saying "password should be minimum 15 characters long"

Fourth point DES is not considered as secured. People tend to use 3DES or AES

If you could transmit this to the developpers, I'm sure APC clients will enjoy these improvements.

Desert_apc
Crewman
Crewman
0 Likes
0
363

Re: AP7920 with snmpv3

This was originally posted on APC forums on 5/20/2015


Mik,

It's a shame this thread was dropped.  Did you ever get v3 working? 

I'm having issue with it as well, this implemention is horrid.

~Desert