Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
T_L
Contributor

SNMP USM Error

Good Afternoon --

I have an SNMP question that is driving me bonkers and I am hoping it may be easily addressed, although I am afraid I am going down a hole...

Every time we try and utilize snmpwalk on a local gateway configured for v3 only we get the this error:

     ERROR: passphrase chosen is below the length requirements of the USM (min=8)

    snmpwalk: (the supplied password length is too short)

The authentication and privacy phrases we are using are approx. 20 characters each. The error immediately returns hits in search engines and references sk172066 - and provides the following:

   Solution
   Set a new SNMP v3 passphrase that excludes special characters.
   And then refers to sk90860 - How to Configure snmp on GAIA OS
 
We are not using special characters of any kind. *and, we are able to successfully poll the gateways via snmp using the same USM auth/pass configurations?! So how is it that local snmpwalk doesn't like them but the gateway is successfully responding to the polling engines with the same config?
 
Here are the example commands we used - pulled directly from sk90860
 
[Expert@HostName:0]# snmpwalk -v3 -u USERNAME -l authPriv -a MD5 -A PASSPHRASE -x DES|AES -X PASSPHRASE localhost 1.3.6.1.2.1
 
[Expert@HostName:0]# snmpwalk -v3 -u USERNAME -l authPriv -a MD5 -A PASSPHRASE -x DES|AES -X PASSPHRASE localhost 1.3.6.1.4.1.2620

 

I have tried this on GWs - 4800, 12400 -- R80.40 JHF173

                                          - 5400, 5600 -- R81.10 JHF66

*We utilize SHA1 and AES on the R80.30 GWs and changed the standards to meet the R81 standards. We have also tried changing the credential length - each time we can poll successfully and each time snmpwalk returns the same error.

 

                                

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

I recommend opening a TAC case here. 

0 Kudos

Is the affected machine deployed as VSX and do you have the same issue with 'snmpget' ?

0 Kudos
T_L
Contributor

None of the appliances I tested on are VSX machines - and snmpget works with a handful of specific OIDs.

0 Kudos