Is PaperCut compatible with SNMPv3?

KB Home   |   Is PaperCut compatible with SNMPv3?

Main.SNMPv3Only History

Hide minor edits - Show changes to output

March 03, 2019, at 06:11 AM by Tim Shimmin -
Changed lines 44-46 from:
* [[https://www.papercut.com/products/ng/manual/ch-printer-mgmt-toner-levels.html|Toner Level , model and serial number detection]] (SNMPv3 is enabled on the printer details page)
* [[https://www.papercut.com/products/ng/manual/releasestation/topics/rs-block-released-jobs-printer-error-about.html|Blocking jobs from being released to a printer reporting an error]] (SNMPv3 is enabled on the Device Creation and/or Device Details pages)
* some embedded devices utilise SNMP calls: Toshiba fetches serial number, Xerox configures the device and Ricoh may fetch ICE job records. (SNMPv3 is enabled on the Device Creation and/or Device Details pages)
to:
* [[https://www.papercut.com/products/ng/manual/ch-printer-mgmt-toner-levels.html|Toner Level , model and serial number detection]] (`SNMPv3 is enabled on the printer details page)
* [[https://www.papercut.com/products/ng/manual/releasestation/topics/rs-block-released-jobs-printer-error-about.html|Blocking jobs from being released to a printer reporting an error]] (`SNMPv3 is enabled on the Device Creation and/or Device Details pages)
* some embedded devices utilise SNMP calls: Toshiba fetches serial number, Xerox configures the device and Ricoh may fetch ICE job records. (`SNMPv3 is enabled on the Device Creation and/or Device Details pages)
March 03, 2019, at 06:11 AM by Tim Shimmin -
Changed lines 44-46 from:
* [[https://www.papercut.com/products/ng/manual/ch-printer-mgmt-toner-levels.html|Toner Level , model and serial number detection]] (enabled on the printer details page)
* [[https://www.papercut.com/products/ng/manual/releasestation/topics/rs-block-released-jobs-printer-error-about.html|Blocking jobs from being released to a printer reporting an error]] (enabled on the Device Creation and/or Device Details pages)
* some embedded devices utilise SNMP calls (Toshiba fetches serial number, Xerox configures the device and Ricoh may fetch ICE job records)
to:
* [[https://www.papercut.com/products/ng/manual/ch-printer-mgmt-toner-levels.html|Toner Level , model and serial number detection]] (SNMPv3 is enabled on the printer details page)
* [[https://www.papercut.com/products/ng/manual/releasestation/topics/rs-block-released-jobs-printer-error-about.html|Blocking jobs from being released to a printer reporting an error]] (SNMPv3 is enabled on the Device Creation and/or Device Details pages)
* some embedded devices utilise SNMP calls: Toshiba fetches serial number, Xerox configures the device and Ricoh may fetch ICE job records. (SNMPv3 is enabled on the Device Creation and/or Device Details pages)
March 03, 2019, at 06:08 AM by Tim Shimmin -
Changed lines 44-45 from:
* [[https://www.papercut.com/products/ng/manual/ch-printer-mgmt-toner-levels.html|Toner Level , model and serial number detection]] (enabled on printer the details page)
* [[https://www.papercut.com/products/ng/manual/releasestation/topics/rs-block-released-jobs-printer-error-about.html|Blocking jobs from being released to a printer reporting an error]] (enabled on the Device Creation and Device Details pages)
to:
* [[https://www.papercut.com/products/ng/manual/ch-printer-mgmt-toner-levels.html|Toner Level , model and serial number detection]] (enabled on the printer details page)
* [[https://www.papercut.com/products/ng/manual/releasestation/topics/rs-block-released-jobs-printer-error-about.html|Blocking jobs from being released to a printer reporting an error]] (enabled on the Device Creation and/or Device Details pages)
Changed line 40 from:
* Printer Error Detection on Linux/Mac and in Windows (by default it does indirectly by Windows but can be configured to use SNMP directly). This is used for display of the error status for the printer and for virtual redirection to a printer not in error.
to:
* Printer Error Detection on Linux/Mac and in Windows (by default it does indirectly by Windows but can be configured to use SNMP directly). This is used for display of the error status for the printer, for virtual redirection to a printer not in error and to help decide if a Windows print job should be cancelled in PaperCut.
February 13, 2019, at 07:33 AM by Tim Shimmin - Update for SNMPv3 changes in PaperCut 19.0
Changed lines 5-18 from:
SNMP (Simple Network Management Protocol) makes it easy for administrators to scan their network and discover what devices are connected, and in the case of printers find out details like model, serial number, and toner levels.

Older versions of SNMP, including `SNMPv1 and `SNMPv2 require the device and server to use a shared secret called a "community string" in order to communicate. However because the same community string is configured on every device, a hacker would only need to guess one password to obtain a lot of information about devices on the network.

`SNMPv3 on the other hand requires a username and password in addition to the community string, adding an additional layer of security. 

However, before assuming that `SNMPv3 is best you should note that there is one big caveat.  Be aware that the Windows Print Spooler only uses `SNMPv1/2 to obtain information about printer statuses.* This means that if your organization disabled `SNMPv1/2 on your printers, then you would miss out on SNMP statuses in Windows (such as "paper jam", "out of paper", "toner/ink low", "door open", etc...) from your printers.  Read [[https://docs.microsoft.com/en-us/windows/desktop/SNMP/supported-versions|this]] for more information.

!!How does PaperCut work with `SNMPv3?
PaperCut makes use of SNMP in multiple areas of the application. Where appropriate we make use of  `SNMPv3, however for information such as toner levels, printer serial numbers we use the `SNMPv2 protocol.

If an organization only allows the use of `SNMPv3 then the following features of PaperCut will not be available:

* [[https://www.papercut.com/products/ng/manual/ch-printer-mgmt-toner-levels.html|Toner Level detection]]
to:

SNMP (Simple Network Management Protocol) makes it easy for administrators to scan their network and discover what devices are connected, and in the case of printers find out details like model, serial number, toner levels and device errors.

Older versions of SNMP, including `SNMPv1 and `SNMPv2c require the device and server to use a shared secret called a “community string” in order to communicate. The community string typically defaults to "public" for data retrieval. However, the `SNMPv1/v2c protocol sends the community string in clear text and can potentially be discovered with packet sniffing thereby reducing its security.

`SNMPv3 on the other hand was designed with security in mind and uses authentication and data encryption.
In particular it requires the following parameters:
* Context Name
* Username
* Authentication Password (at least 8 characters)
* Encryption or Privacy Password (at least 8 characters)
* Authentication algorithm: typically MD5 or SHA
* Encryption algorithm: typically DES or AES

Although the context name allows a device to partition up its exported information and only allow access for different data in different contexts, printers typically don't utilise this feature and rather just have one context name set for access to everything.
For example of '''contexts''' on different devices:
* Brother: <user defined>
* Dell: <blank>
* Epson: EPSON
* Fuji Xerox: <blank>
* HP: Jetdirect
* Konica Minolta: <user defined>
* Kyocera: <blank>
* Lanier: GWNCS
* Lexmark: <blank>
* Ricoh: GWNCS
* Samsung: <blank>
* Sharp: mfpdirect
* Toshiba: MFP
* Xerox: <blank>

!!How does PaperCut work with SNMP?
PaperCut uses SNMP in various parts of the product. It is used by the PaperCut Print Provider and by the PaperCut Application Server.

SNMP in Print Provider
* Printer Error Detection on Linux/Mac and in Windows (by default it does indirectly by Windows but can be configured to use SNMP directly). This is used for display of the error status for the printer and for virtual redirection to a printer not in error.
Changed lines 42-44 from:
* [[https://www.papercut.com/products/ng/manual/releasestation/topics/rs-block-released-jobs-printer-error-about.html|Blocking jobs from being released to a printer reporting an error]]

For
[[http://www.papercut-mf.com/|PaperCut MF]] customers, some Toshiba and Xerox copiers can not be configured to use PaperCut due to the use of `SNMPv2.
to:

SNMP in Application Server
*
[[https://www.papercut.com/products/ng/manual/ch-printer-mgmt-toner-levels.html|Toner Level , model and serial number detection]] (enabled on printer the details page)
*
[[https://www.papercut.com/products/ng/manual/releasestation/topics/rs-block-released-jobs-printer-error-about.html|Blocking jobs from being released to a printer reporting an error]] (enabled on the Device Creation and Device Details pages)
* some embedded devices utilise SNMP calls (Toshiba fetches serial number, Xerox configures the device and Ricoh may fetch ICE job records)

!!How does PaperCut work with `SNMPv3?
Prior to PaperCut 19.0, PaperCut only uses `SNMPv3 for configuring Xerox devices in Xerox `EIP1.0 and possibly in `EIP1.5+ (using `SNMPv2c or `SNMPv3).
For the rest of SNMP retrieval in PaperCut we used `SNMPv1.

From PaperCut 19.0, PaperCut is capable of using `SNMPv3 in all parts of the Application Server but not the Print Provider. `SNMPv3 support for the Print Provider will come in a release beyond 19.0. Using `SNMPv3 will require adding the `SNMPv3 parameters on the device and in PaperCut in the Printer Details, Device Creation and Device Details admin web pages.

!!How does PaperCut work if `SNMPv3 is enabled and `SNMPv1/v2c is disabled on the device?
If you turn off `SNMPv1/2c on your printers in PaperCut 19.0 and just configure `SNMPv3, then the SNMP calls used in the Print Provider will stop working.
This will prevent:
* Printer Error Detection used by the Print Provider (NB: it will not affect releasing of print jobs which is handled by the Application Server)
* Hardware Page Count Validation

If you turn off `SNMPv1/2c on your printers in PaperCut 19.x (beyond 19.0 when `SNMPv3 is supported in the Print Provider) and just configure `SNMPv3, then the following will be affected:
* Printer Error Detection on Windows as the Windows Print Spooler only uses `SNMPv1/2c to obtain information about printer statuses. Read [[https://docs.microsoft.com/en-us/windows/desktop/SNMP/supported-versions|this]] for more information. However, if SNMP printer error detection is enabled in the print-provider.conf file of the Windows Print Provider then this should successfully use `SNMPv3.

November 05, 2018, at 06:30 PM by Aaron Pouliot -
Changed lines 2-3 from:
''Our organization is interested in using `SNMPv3 exclusively as it is regarded as more secure than older versions. Does PaperCut support this protocol?''
to:
''"Our organization is interested in using `SNMPv3 exclusively as it is regarded as more secure than older versions. Does PaperCut support this protocol?"''
Added lines 24-26:
!!Still have questions?
Let us know! We love chatting about what’s going on under the hood. Feel free to leave a comment below or visit our [[https://support.papercut.com|Support Portal]] for further assistance.

Deleted line 28:
November 05, 2018, at 05:30 PM by Aaron Pouliot - fixed article with input from Alan
Changed lines 2-4 from:
''Our organization is interested in using SNMPv3 exclusively as it is regarded as more secure than older versions. Does PaperCut support this protocol?''

!!What is SNMPv3?
to:
''Our organization is interested in using `SNMPv3 exclusively as it is regarded as more secure than older versions. Does PaperCut support this protocol?''

!!What is `SNMPv3?
Changed lines 7-15 from:
Older versions of SNMP, including SNMPv1 and SNMPv2 require the device and server to use a shared secret called a "community string" in order to communicate. However because the same community string is configured on every device, a hacker would only need to guess one password to obtain a lot of information about devices on the network.

SNMPv3 on the other hand requires a username and password in addition to the community string, adding an additional layer of security. 

However, before assuming that SNMPv3 is best you should note that there is one big caveat.  Be aware that the Windows Print Spooler only uses '''SNMPv1/2''' to obtain information about printer statuses. This means that if your organization disabled SNMPv1/2 on your printers, then you would miss out on SNMP statuses in Windows (such as "paper jam", "out of paper", "toner/ink low", "door open", etc...) from your printers.

!!How does PaperCut work with SNMPv3?

PaperCut makes use of SNMP in multiple areas of the application. Where appropriate we make use of SNMPv3, however for information such as toner levels, printer serial numbers we use the SNMPv2 protocol.
to:
Older versions of SNMP, including `SNMPv1 and `SNMPv2 require the device and server to use a shared secret called a "community string" in order to communicate. However because the same community string is configured on every device, a hacker would only need to guess one password to obtain a lot of information about devices on the network.

`SNMPv3 on the other hand requires a username and password in addition to the community string, adding an additional layer of security. 

However, before assuming that `SNMPv3 is best you should note that there is one big caveat.  Be aware that the Windows Print Spooler only uses `SNMPv1/2 to obtain information about printer statuses.* This means that if your organization disabled `SNMPv1/2 on your printers, then you would miss out on SNMP statuses in Windows (such as "paper jam", "out of paper", "toner/ink low", "door open", etc...) from your printers.  Read [[https://docs.microsoft.com/en-us/windows/desktop/SNMP/supported-versions|this]] for more information.

!!How does PaperCut work with `SNMPv3?
PaperCut makes use
of SNMP in multiple areas of the application. Where appropriate we make use of  `SNMPv3, however for information such as toner levels, printer serial numbers we use the `SNMPv2 protocol.
Changed line 26 from:
----
to:
November 05, 2018, at 05:22 PM by Aaron Pouliot - fixed article with input from Alan
Changed lines 2-4 from:

PaperCut makes use of SNMP in multiple areas of the application. Where appropriate we make use of `SNMPv3 however for information such as toner levels, printer serial numbers we make use of the `SNMPv2 protocol.
to:
''Our organization is interested in using SNMPv3 exclusively as it is regarded as more secure than older versions. Does PaperCut support this protocol?''

!!What is SNMPv3?
SNMP (Simple Network Management Protocol) makes it easy for administrators to scan their network and discover what devices are connected, and in the case of printers find out details like model, serial number, and toner levels.

Older versions of SNMP, including SNMPv1 and SNMPv2 require the device and server to use a shared secret called a "community string" in order to communicate. However because the same community string is configured on every device, a hacker would only need to guess one password to obtain a lot of information about devices on the network.

SNMPv3 on the other hand requires a username and password in addition to the community string, adding an additional layer of security. 

However, before assuming that SNMPv3 is best you should note that there is one big caveat.  Be aware that the Windows Print Spooler only uses '''SNMPv1/2''' to obtain information about printer statuses. This means that if your organization disabled SNMPv1/2 on your printers, then you would miss out on SNMP statuses in Windows (such as "paper jam", "out of paper", "toner/ink low", "door open", etc...) from your printers.

!!How does PaperCut work with SNMPv3?
PaperCut makes use of SNMP in multiple areas of the application. Where appropriate we make use of SNMPv3, however for information such as toner levels, printer serial numbers we use the SNMPv2
protocol.
Deleted line 18:
* Serial number retrieval of print devices
August 29, 2018, at 06:54 PM by Aaron Pouliot - minor rewording
Changed lines 1-2 from:
(:title What impact does running only SNMPv3 have?:)
to:
(:title Is PaperCut compatible with SNMPv3?:)
Changed lines 5-6 from:
If an organisation only allows the use of `SNMPv3 then the following features of PaperCut will not be available:
to:
If an organization only allows the use of `SNMPv3 then the following features of PaperCut will not be available:
Changed lines 16-17 from:
----
[-Keywords: -]
to:
----
August 29, 2018, at 06:48 PM by Aaron Pouliot - fixed typo
Changed line 15 from:
''Categories:'' [[Category.Security|+]],
to:
''Categories:'' [[Category.Security|+]]
Added line 10:
* [[https://www.papercut.com/products/ng/manual/releasestation/topics/rs-block-released-jobs-printer-error-about.html|Blocking jobs from being released to a printer reporting an error]]
July 02, 2014, at 07:22 AM by 203.222.113.44 -
Changed lines 11-12 from:
For [[http://www.papercut-mf.com/|PaperCut MF]] customers, some Toshiba and Xerox copiers can not be configure to use PaperCut due to the use of `SNMPv2.
to:
For [[http://www.papercut-mf.com/|PaperCut MF]] customers, some Toshiba and Xerox copiers can not be configured to use PaperCut due to the use of `SNMPv2.
Changed lines 1-12 from:
(:title What impact does running only `SNMPv3 have?:)

PaperCut makes use of SNMP in multiple areas. Where appropriate we make use of SNMPv3 however for information such as toner levels, printer serial numbers we make use of the simpler SNMPv2 protocol.

If an organisation only allows the use of SNMPv3 then the following features of PaperCut will not be available:

 - Toner Level detection
 
- Serial number retrieval of print devices
 - Hardware
Page Count validation

For PaperCut MF customers, some Toshiba and Xerox copiers can not be configure to use PaperCut due to the use of SNMPv2.
to:
(:title What impact does running only SNMPv3 have?:)

PaperCut makes use of SNMP in multiple areas of the application. Where appropriate we make use of `SNMPv3 however for information such as toner levels, printer serial numbers we make use of the `SNMPv2 protocol.

If an organisation only allows the use of `SNMPv3 then the following features of PaperCut will not be available:

* [[https://www.papercut.com/products/ng/manual/ch-printer-mgmt-toner-levels.html|Toner Level detection]]
* Serial number retrieval of print devices
* [[https://www.papercut.com/products/ng/manual/ch-printer-mgmt-hwcheck.html|Hardware
Page Count validation]]

For [[http://www.papercut-mf.com/|PaperCut MF]] customers, some Toshiba and Xerox copiers can not be configure to use PaperCut due to the use of `SNMPv2.
Added lines 1-16:
(:title What impact does running only `SNMPv3 have?:)

PaperCut makes use of SNMP in multiple areas. Where appropriate we make use of SNMPv3 however for information such as toner levels, printer serial numbers we make use of the simpler SNMPv2 protocol.

If an organisation only allows the use of SNMPv3 then the following features of PaperCut will not be available:

 - Toner Level detection
 - Serial number retrieval of print devices
 - Hardware Page Count validation

For PaperCut MF customers, some Toshiba and Xerox copiers can not be configure to use PaperCut due to the use of SNMPv2.

----
''Categories:'' [[Category.Security|+]],
----
[-Keywords: -]

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on March 03, 2019, at 06:11 AM
Printable View   |   Article History   |   Edit Article