Is PaperCut compatible with SNMPv3?
“Our organization is interested in using SNMPv3 exclusively as it is regarded as more secure than older versions. Does PaperCut support this protocol?”
SNMP (Simple Network Management Protocol) makes it easy for administrators to scan their network and discover what devices are connected, and in the case of printers find out details like model, serial number, toner levels and device errors.
Older versions of SNMP, including SNMPv1 and SNMPv2c require the device and server to use a shared secret called a “community string” in order to communicate. The community string typically defaults to “public” for data retrieval. However, the SNMPv1/v2c protocol sends the community string in clear text and can potentially be discovered with packet sniffing thereby reducing its security.
SNMPv3 on the other hand was designed with security in mind and uses authentication and data encryption. In particular it requires the following parameters:
- Context Name
- Authentication Password (at least 8 characters)
- Encryption or Privacy Password (at least 8 characters)
- Authentication algorithm: typically MD5 or SHA
- Encryption algorithm: typically DES or AES
Although the context name allows a device to partition up its exported information and only allow access for different data in different contexts, printers typically don’t utilise this feature and rather just have one context name set for access to everything. For example of context names on different devices:
- Brother: <user defined>
- Dell: <blank>
- Epson: EPSON
- Fuji Xerox: <blank>
- HP: Jetdirect
- Konica Minolta: <user defined>
- Kyocera: <blank>
- Lanier: GWNCS
- Lexmark: <blank>
- Ricoh: GWNCS
- Samsung: <blank>
- Sharp: mfpdirect
- Toshiba: MFP
- Xerox: <blank>
PaperCut uses SNMP in various parts of the product. It is used by the PaperCut Print Provider and by the PaperCut Application Server.
SNMP in Print Provider
- Printer Error Detection on Linux/Mac and in Windows (by default it does indirectly by Windows but can be configured to use SNMP directly). This is used for display of the error status for the printer, for virtual redirection to a printer not in error and to help decide if a Windows print job should be cancelled in PaperCut.
- Hardware Page Count validation
SNMP in Application Server
- Toner Level , model and serial number detection (SNMPv3 is enabled on the Printer Details page)
- Blocking jobs from being released to a printer reporting an error (SNMPv3 is enabled on the Device Details page)
- some embedded devices utilise SNMP calls: Toshiba fetches serial number, Xerox configures the device and Ricoh may fetch ICE job records if configured to do so. (SNMPv3 is enabled on the Device Creation page for Xerox and on Device Details page for all devices)
Prior to PaperCut 19.0, PaperCut only uses SNMPv3 for configuring Xerox devices in Xerox EIP1.0 and possibly in EIP1.5+ (using SNMPv2c or SNMPv3). For the rest of SNMP retrieval in PaperCut we used SNMPv1.
From PaperCut 19.0, PaperCut is capable of using SNMPv3 in all parts of the Application Server but not the Print Provider. SNMPv3 support for the Print Provider will come in a release beyond 19.0. Using SNMPv3 will require adding the SNMPv3 parameters on the device and in PaperCut in the Printer Details and Device Details admin web pages.
If you turn off SNMPv1/2c on your printers in PaperCut 19.0 and just configure SNMPv3, then the SNMP calls used in the Print Provider will stop working. This will prevent:
- Printer Error Detection used by the Print Provider (NB: it will not affect releasing of print jobs at the MFP panel as SNMP error reporting in this case is handled by the Application Server)
- Hardware Page Count Validation
If you turn off SNMPv1/2c on your printers in PaperCut 19.x (beyond 19.0 when SNMPv3 is supported in the Print Provider) and just configure SNMPv3, then the following will be affected:
- Printer Error Detection on Windows as the Windows Print Spooler only uses SNMPv1/2c to obtain information about printer statuses. Read this for more information. However, if SNMP printer error detection is enabled in the print-provider.conf file of the Windows Print Provider then this should successfully use SNMPv3.
Let us know! We love chatting about what’s going on under the hood. Feel free to leave a comment below or visit our Support Portal for further assistance.