search

home-assistant / core

:house_with_garden: Open source home automation that puts local control and privacy first.
https://www.home-assistant.io
Apache License 2.0
69.79k stars 28.93k forks source link

"SNMP error: Wrong SNMP PDU digest" SNMP to Tp-Link TL-SG3452P not working anymore as of version 2024.6.1 #119616

Open megapearl opened 3 weeks ago

megapearl commented 3 weeks ago

The problem

Connecting to TP-Link switch with SNMPv3 Authentication mode: SHA, and Privacy mode: DES not working anymore as of homeassistant v2024.6.1

What version of Home Assistant Core has the issue?

core-2024.6.2

What was the last working version of Home Assistant Core?

core-2024.5.5

What type of installation are you running?

Home Assistant Container

Integration causing the issue

snmp

Link to integration documentation on our website

https://www.home-assistant.io/integrations/snmp/

Diagnostics information

System Information

version core-2024.6.1
installation_type Home Assistant Container
dev false
hassio false
docker true
user root
virtualenv false
python_version 3.12.2
os_name Linux
os_version 5.10.216-1.ph4-esx
arch x86_64
timezone Europe/Amsterdam
config_dir /config
Home Assistant Community Store GitHub API | ok -- | -- GitHub Content | ok GitHub Web | ok GitHub API Calls Remaining | 5000 Installed Version | 1.34.0 Stage | running Available Repositories | 1394 Downloaded Repositories | 22 HACS Data | ok
Home Assistant Cloud logged_in | false -- | -- can_reach_cert_server | ok can_reach_cloud_auth | ok can_reach_cloud | ok
Dashboards dashboards | 3 -- | -- resources | 8 views | 14 mode | storage
Recorder oldest_recorder_run | April 13, 2024 at 08:43 -- | -- current_recorder_run | June 13, 2024 at 14:47 estimated_db_size | 3735.22 MiB database_engine | mysql database_version | 10.11.8
Spotify api_endpoint_reachable | ok -- | --

Example YAML snippet

switch:
  - platform: snmp
    name: cupboard_ethernetswitch_port_1
    baseoid: 1.3.6.1.4.1.11863.6.56.1.1.2.1.1.2.1
    payload_on: 1
    payload_off: 0
    vartype: Integer
    host: cupboard-switch.myinternaldomain.com
    version: "3"
    username: homeassistant
    auth_key: !secret cupboard_switch_snmp_poe_auth
    auth_protocol: hmac-sha
    priv_key: !secret cupboard_switch_snmp_poe_priv
    priv_protocol: des

Anything in the logs that might be useful for us?

SNMP error: Wrong SNMP PDU digest

Additional information

The not working switch is: Model: Tp-Link TL-SG3452P Hardware Version: TL-SG3452P 1.0 Firmware Version: 1.1.9 Build 20240115 Rel.74411

I have a second switch a bit newer model with the exact same configuration (SNMPv3 and Authentication mode: SHA, and Privacy mode: DES) that is working fine with the same homeassistant instance: Model: Tp-Link TL-SG2218P Hardware Version: TL-SG2218P 1.20 Firmware Version: 1.20.0 Build 20230818 Rel.72032

When reverting to homeassistant 2024.5.5 both switches connect fine. When upgrading homeassistant to 2024.6.1 and above, the TL-SG3452P won't connect anymore and gives the Wrong SNMP PDU digest error, while the TL-SG2218P still connects fine.

home-assistant[bot] commented 3 weeks ago

Hey there @nmaggioni, mind taking a look at this issue as it has been labeled with an integration (snmp) you are listed as a code owner for? Thanks!

Code owner commands Code owners of `snmp` can trigger bot actions by commenting: - `@home-assistant close` Closes the issue. - `@home-assistant rename Awesome new title` Renames the issue. - `@home-assistant reopen` Reopen the issue. - `@home-assistant unassign snmp` Removes the current integration label and assignees on the issue, add the integration domain after the command. - `@home-assistant add-label needs-more-information` Add a label (needs-more-information, problem in dependency, problem in custom component) to the issue. - `@home-assistant remove-label needs-more-information` Remove a label (needs-more-information, problem in dependency, problem in custom component) on the issue.

(message by CodeOwnersMention)

snmp documentation snmp source (message by IssueLinks)

nmaggioni commented 3 weeks ago

@bdraco Could this be related to lextudio/pysnmp#68 since the SNMP engine is now a shared instance?

bdraco commented 3 weeks ago

Not 100% sure as there isn't enough information to full understand the problem, but if I had to guess, It does look like https://github.com/lextudio/pysnmp/pull/68 will fix this issue.

megapearl commented 2 weeks ago

I created a second user in the tp-link switch 'homeassistant2' and adjusted the configuration in homeassistant and can connect successfully now, but when reverting back to the first user 'homeassistant' the problem returns, is there any way to delete the cache in homeassistant manually?

nmaggioni commented 2 weeks ago

I think this confirms my suspicion. Since the credentials caching happens inside pysnmp itself, though, we'll have to wait for that PR to land and a new release to be made.

Using a different username for each authentication method is a valid workaround in the meantime, thanks for having tested it.