SNMPv3 Question

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • KenB
    Geek Extraordinaire

    2,500+ Posts
    • Dec 2007
    • 3945
    #1

    SNMPv3 Question

    Hey, All,

    Has anyone sucessfully set up SNMPv3 with current model Ricoh machines?

    A customer would like to disable V1 and V2, and just go with 3 in order to tighten down their security.

    I know that a certificate is required on each machine, but can they be the ones that are self-signed device certs, that ship with each machine, or do they need to be actual CA certs?

    I've read where the self-signed should work, but they don't, at least in every instance I've tried to date.

    Thanks!
    “I think you should treat good friends like a fine wine. That’s why I keep mine locked up in the basement.” - Tim Hawkins
    Tags: certs, instance, self-signed, snmpv3
    • slimslob
      Retired

      Site Contributor
      25,000+ Posts
      • May 2013
      • 36912
      #2
      How do I configure SNMPv3 on a printer? : sysadmin

      Supported network devices | Cisco, Juniper, Fortinet, HP, Aruba | NCM

        Comment

        • KenB
          Geek Extraordinaire

          2,500+ Posts
          • Dec 2007
          • 3945
          #3
          Re: SNMPv3 Question

          Some applications, such as SLNX, and formerly DMNX require SNMP for device management.

          Those same customers frequently run printer vulnerability checks, with some fairly sophisticated network monitoring tools. Right now we are dealing with two banks (for a total of about 600 MFPs, mostly Ricoh), in that very situation.

          SNMP 1 and 2 get dinged as being potentially dangerous, and result in red flags being generated.

          I will check if SLNX would be happy with “read only” capability.

          Thanks!
          “I think you should treat good friends like a fine wine. That’s why I keep mine locked up in the basement.” - Tim Hawkins

            Comment

            • rthonpm
              Field Supervisor

              2,500+ Posts
              • Aug 2007
              • 2847
              #4
              Re: SNMPv3 Question

              You may need to install the self-signed cert on any devices that are also being used to collect SNMP data. If the device doesn't trust the cert, it may not be able to collect data.

              You may also be able to get away with just changing the SNMP community name to something other than public and also scale down permissions to read only.

              Sent from my BlackBerry using Tapatalk

                Comment

                Previous template Next
                Working...