While Spectrum supports SNMPv3 with AES256 the latest versions of CA PM (2.7, 2.8) are missing this functionality.
To avoid unnecessary configuration on the devices it is urgent that Spectrum and CA PM support both SNMPv3 AES256.
( ICS#05000964 )
Delivered in CA PM 3.5 - thanks for all the cusotmers who raised, voted, and supported delivery of this enhancement!
We plan to support polling and trap based notifications via SNMPv3 with an 'AES 256 with 3DES key extension' privacy protocol option in our upcoming 3.5 release. Check out our last CA PM 3.5 end of sprint demo to see an example of configuring an SNMP Profile with this new privacy protocol.
The engineering team has begun investigating this feature. They've raised a question about which flavor of SNMPv3 AES 256 privacy protocol encryption is needed.
The two flavors that we're aware of are:
1) AES 256 in CFB mode – see https://tools.ietf.org/html/draft-blumenthal-aes-usm-04
2) AES 256 with 3DES key extension – see https://tools.ietf.org/html/draft-reeder-snmpv3-usm-3desede-00e
Spectrum currently supports option #2, so we assume that's what's needed, but I don't want to miss the mark.
In case these IETF draft descriptions aren’t enough to determine which flavor is need, the engineering team has developed a command line tool that can be used to test each method against one of their network devices to see which one responds. If you're interested, please email me (Matthew.Stormann@ca.com) and I can send it to you.
Appreciate any help.
Good to know... Tks!
For everybody who is interested in: I was told by Product Management
"It is planned for our 3.5 release (Fall 2017)".
Hello Product Management. Is this on the roadmap?
Best Regards, Martin
I have to switch to AES256 and no support in PM will be the the K.O. for PM.
Should be moved to CA PM community
This idea is currently under consideration for a future release.