Heh,

not sure about solarwinds, if I correctly remember they uses some java library, which can support cisco specific aes192/256 priv keys.
But officially this never has supported in net-snmp, because never have been approved as a standard:
http://www.net-snmp.org/wiki/index.php/Strong_Authentication_or_Encryption


On Mon, Jun 15, 2015 at 9:26 PM, Thiedek, Vic <Vic.Thiedek@vgt.net> wrote:

Thanks Adam, your explanation helps me better understand how Observium interacts with SNMP!

 

 

Thanks Mike, Here are the answers to your questions:

 

We definitely do not need this level of encryption!  I inherited these devices. 

SNMPv3 with AES256 is functioning correctly as SolarWinds currently polls these devices.  We are looking to move away from SW.

 

Sample Devices:

WS-C2960S-24TS-L:         Cisco IOS Software, C2960S Software (C2960S-UN​IVERSALK9-M), Version 12.2(58)SE​2,

CISCO1921/K9:                 Cisco IOS Software, C1900 Software (C1900-UNI​VERSALK9-M), Version 15.1(4)M4,

 

Sanitized Configs:

 

This works for SolarWinds (256)

snmp-server user xxxuser xxxreadgroup v3 auth sha xxxpass priv aes 256 xxxpass access xxxx-RO

snmp-server group xxxreadgroup v3 priv read xxxview access xxxx-RO

snmp-server view xxxview internet included

snmp-server view xxxview  mib-2 included

 

This works for Observium (128)

snmp-server user xxxuser xxxreadgroup v3 auth sha xxxpass priv aes 128 xxxpass access xxxx-RO

snmp-server group xxxreadgroup v3 priv read xxxview access xxxx-RO

snmp-server view xxxview internet included

snmp-server view xxxview  mib-2 included

 

I just wanted to verify that this configuration will not work with net-snmp and my Observium setup so I can move on to plan B.

 

Thanks!

 

 

From: observium [mailto:observium-bounces@observium.org] On Behalf Of Mike Stupalov
Sent: Monday, June 15, 2015 11:10 AM
To: Observium Network Observation System
Subject: Re: [Observium] SNMPv3 with AES256

 

Hi,

 many questions :)

* You are working in FBI? Why do you need this level of encryption :D
* On which cisco device/model you configure aes256? Show config example pls.
* Can be bug not in net-snmp, but on your devices? See https://tools.cisco.com/bugsearch/bug/CSCui94875/

My best solution - just use aes128 and READ ONLY view on your devices ;)

Observium support any snmp auth settings supported in net-snmp (snmpwalk/snmpget commands), see 'man snmpcmd'.

 

On Mon, Jun 15, 2015 at 6:37 PM, Thiedek, Vic <Vic.Thiedek@vgt.net> wrote:

Greetings!

 

Does Observium support AES256 for SNMPv3 for Cisco Devices?

 

Testing with SHA / AES128            SNMPv3 Authentication Successful

Testing with SHA / AES256            SNMPv3 Authentication Fails

 

I would use AES128, but the environment (750+ devices) was already setup for AES256.

 

Thanks in advance!

 

Vic

 

 

 


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

 



--

Mike Stupalov
http://observium.org/




--
Mike Stupalov
http://observium.org/