DX Unified Infrastructure Management

  • Private Community
 View Only

  • 1.  Discover Cisco device on snmpv3 with AES256

    Posted Nov 04, 2019 12:58 AM
    Hi Community,

    I want to know if anyone has successfully discovered Cisco devices running snmpV3 with SHA and AES256 into UIM and snmpcollector?


    ------------------------------
    Chris
    ------------------------------


  • 2.  RE: Discover Cisco device on snmpv3 with AES256

    Broadcom Employee
    Posted Nov 04, 2019 01:19 AM
    Hi

    The discovery agent might not be able to discover devices with AES 256

    but depending on the Java version used by the snmpcollector probe you might need to download Oracle Unlimited Strength Java Cryptography Extension Policy File
    to use AES 192 or AES 256 security protocols to be directly discovered by the snmpcollector probe

    (Optional) Install AES Policy Files

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/snmpcollector-snmp-data-monitoring/snmpcollector-versions-2-2-1-6/v1-6-snmpcollector-ac-configuration.html
    Original Message


  • 3.  RE: Discover Cisco device on snmpv3 with AES256

    Posted Nov 04, 2019 04:52 AM
    Thanks Franklin,

    I have tried that, and even changed to the latest version of JRE for UIM(java_jre v2.01 in archive), but with no luck. snmpcollector tells me that the credentials are not valid.
    But from the same hub, i use iReasoning MIB Browser, pointing to the nimsoft JRE for JAVA, and am able to walk the device successfully. So it seems that snmpc is unable to connect to devices running snmpv3 with SHA and AES-256.

    ------------------------------
    Chris
    ------------------------------

    Original Message


  • 4.  RE: Discover Cisco device on snmpv3 with AES256
    Best Answer

    Posted Nov 29, 2019 01:56 AM
    So it seems that there is an issue with snmpcollector v4.03 and the AES 256 privacy.
    But thanks to the development teams, it turns out that snmpcollector 3.50 is stable and working as expected.

    ------------------------------
    Chris
    ------------------------------

    Original Message


  • 5.  RE: Discover Cisco device on snmpv3 with AES256

    Posted Mar 05, 2021 12:56 PM
    Hi everyone.

    I have UIM 20.1 with discovery_agent 20.10 and snmpcollector 4.04T3

    I am testing some devices for monitoring with AES 256, and I see that discovery_agent still not work with 256 bit. That it's correct? Only I wan to confirm.

    I think if discovery_agent doesn't work, I can set the device in snmpcollector manually, right...? However, to achieve this, I have to perform the procedure...

    Follow these steps:
    • Verify that you use AES-192 or AES-256 security protocols. This process is not needed for AES-128.
    • Download the Oracle Unlimited Strength Java Cryptography Extension Policy Files 6 software.
    • Locate the security directory on any robots running the probe.
    • Windows:
      C:\Program Files (x86)\Nimsoft\jre\jre6\lib\security
    • UNIX:
      /opt/nimsoft/jre/jre6/lib/security
    • Rename the existing security .jar files
    • Copy the new local_policy.jar and US_export_policy.jar files into the directory.
    If what is above is true... can someone help me download the local_policy.jar and US_export_policy.jar files, I don't have access to Oracle and I can't download them.

    The path of my jre (E:\Program Files (x86)\Nimsoft\jre\jre8u232b09\lib\security) indicates that it is jre8, the document says "Extension Policy Files 6 software", I assume that for my case it must be 8. In case, can you help me to download 6 and 8 ???

    I think this is the link ------>  Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE Download

    Thank so much for your help.

    Regards.
    Original Message