“Our organization is interested in using SNMPv3 exclusively as it is regarded as more secure than older versions. Does PaperCut support this protocol?”
What is SNMPv3?
SNMP (Simple Network Management Protocol) makes it easy for administrators to scan their network and discover what devices are connected, and in the case of printers find out details like model, serial number, toner levels and device errors.
Older versions of SNMP, including SNMPv1 and SNMPv2c require the device and server to use a shared secret called a “community string” in order to communicate. The community string typically defaults to “public” for data retrieval. However, the SNMPv1/v2c protocol sends the community string in clear text and can potentially be discovered with packet sniffing thereby reducing its security.
SNMPv3 on the other hand was designed with security in mind and uses authentication and data encryption.
In particular it requires the following parameters:
Authentication Password (at least 8 characters)
Encryption or Privacy Password (at least 8 characters)
Authentication algorithm: typically MD5 or SHA
Encryption algorithm: typically DES or AES
Although the context name allows a device to partition up its exported information and only allow access for different data in different contexts, printers typically don’t utilise this feature and rather just have one context name set for access to everything.
For example of contexts on different devices:
Brother: <user defined>
Fuji Xerox: <blank>
Konica Minolta: <user defined>
How does PaperCut work with SNMP?
PaperCut uses SNMP in various parts of the product. It is used by the PaperCut Print Provider and by the PaperCut Application Server.
SNMP in Print Provider
Printer Error Detection on Linux/Mac and in Windows (by default it does indirectly by Windows but can be configured to use SNMP directly). This is used for display of the error status for the printer, for virtual redirection to a printer not in error and to help decide if a Windows print job should be cancelled in PaperCut.
some embedded devices utilise SNMP calls: Toshiba fetches serial number, Xerox configures the device and Ricoh may fetch ICE job records. (SNMPv3 is enabled on the Device Creation and/or Device Details pages)
How does PaperCut work with SNMPv3?
Prior to PaperCut 19.0, PaperCut only uses SNMPv3 for configuring Xerox devices in Xerox EIP1.0 and possibly in EIP1.5+ (using SNMPv2c or SNMPv3).
For the rest of SNMP retrieval in PaperCut we used SNMPv1.
From PaperCut 19.0, PaperCut is capable of using SNMPv3 in all parts of the Application Server but not the Print Provider. SNMPv3 support for the Print Provider will come in a release beyond 19.0. Using SNMPv3 will require adding the SNMPv3 parameters on the device and in PaperCut in the Printer Details, Device Creation and Device Details admin web pages.
How does PaperCut work if SNMPv3 is enabled and SNMPv1/v2c is disabled on the device?
If you turn off SNMPv1/2c on your printers in PaperCut 19.0 and just configure SNMPv3, then the SNMP calls used in the Print Provider will stop working.
This will prevent:
Printer Error Detection used by the Print Provider (NB: it will not affect releasing of print jobs which is handled by the Application Server)
Hardware Page Count Validation
If you turn off SNMPv1/2c on your printers in PaperCut 19.x (beyond 19.0 when SNMPv3 is supported in the Print Provider) and just configure SNMPv3, then the following will be affected:
Printer Error Detection on Windows as the Windows Print Spooler only uses SNMPv1/2c to obtain information about printer statuses. Read this for more information. However, if SNMP printer error detection is enabled in the print-provider.conf file of the Windows Print Provider then this should successfully use SNMPv3.
Still have questions?
Let us know! We love chatting about what’s going on under the hood. Feel free to leave a comment below or visit our Support Portal for further assistance.
This release contains an updated Java version which no longer supports 32-bit workstations. If you have any 32-bit users launching the User Client or Release Station from a network share, see this Knowledge Base article for more information.