SNMP USM Error

T_L — Wed, 05 Oct 2022 17:28:52 GMT

Good Afternoon --

I have an SNMP question that is driving me bonkers and I am hoping it may be easily addressed, although I am afraid I am going down a hole...

Every time we try and utilize snmpwalk on a local gateway configured for v3 only we get the this error:

ERROR: passphrase chosen is below the length requirements of the USM (min=8)

snmpwalk: (the supplied password length is too short)

The authentication and privacy phrases we are using are approx. 20 characters each. The error immediately returns hits in search engines and references sk172066 - and provides the following:

Solution

Set a new SNMP v3 passphrase that excludes special characters.

And then refers to sk90860 - How to Configure snmp on GAIA OS

We are not using special characters of any kind. *and, we are able to successfully poll the gateways via snmp using the same USM auth/pass configurations?! So how is it that local snmpwalk doesn't like them but the gateway is successfully responding to the polling engines with the same config?

Here are the example commands we used - pulled directly from sk90860

[Expert@HostName:0]# snmpwalk -v3 -u USERNAME -l authPriv -a MD5 -A PASSPHRASE -x DES|AES -X PASSPHRASE localhost 1.3.6.1.2.1

[Expert@HostName:0]# snmpwalk -v3 -u USERNAME -l authPriv -a MD5 -A PASSPHRASE -x DES|AES -X PASSPHRASE localhost 1.3.6.1.4.1.2620

I have tried this on GWs - 4800, 12400 -- R80.40 JHF173

- 5400, 5600 -- R81.10 JHF66

*We utilize SHA1 and AES on the R80.30 GWs and changed the standards to meet the R81 standards. We have also tried changing the credential length - each time we can poll successfully and each time snmpwalk returns the same error.

Re: SNMP USM Error

PhoneBoy — Fri, 07 Oct 2022 19:04:45 GMT

I recommend opening a TAC case here.

Re: SNMP USM Error

Chris_Atkinson — Mon, 10 Oct 2022 00:11:15 GMT

Is the affected machine deployed as VSX and do you have the same issue with 'snmpget' ?

Re: SNMP USM Error

T_L — Mon, 10 Oct 2022 17:06:08 GMT

None of the appliances I tested on are VSX machines - and snmpget works with a handful of specific OIDs.

topic Re: SNMP USM Error in Firewall and Security Management

SNMP USM Error

Re: SNMP USM Error

Re: SNMP USM Error

Re: SNMP USM Error