Idea Details

SNMP V3 AES-256 for CAPC Discovery

Last activity 06-13-2019 10:05 AM
Bob Wilcox's profile image
04-18-2017 12:23 PM

Need AES-256 added as option for Privacy Protocol for Discovery Profiles in CAPC

 

Our company decided the standard they would use for SNMP V3 is SHA1 with AES-256 encryption, current options only support AES-128.


Comments

10-11-2017 01:51 PM

We plan to support polling and trap based notifications via SNMPv3 with an 'AES 256 with 3DES key extension' privacy protocol option in our upcoming 3.5 release.  Check out the recording of our last CA PM 3.5 end of sprint demo to see an example of how to configure an SNMP Profile with this new privacy protocol.

08-03-2017 05:10 PM

The engineering team has begun looking into this request and has raised a question about which flavor of SNMPv3 AES 256 privacy protocol encryption is needed.

 

There are two flavors we're aware of:

1) AES 256 in CFB mode – see https://tools.ietf.org/html/draft-blumenthal-aes-usm-04

2) AES 256 with 3DES key extension – see https://tools.ietf.org/html/draft-reeder-snmpv3-usm-3desede-00e

 

Spectrum currently supports option #2, so I suspect that is what folks are looking for, but I don't want to make that assumption and possibly miss the mark.

 

In case these IETF draft descriptions aren’t enough to determine which flavor is needed, the engineering team has created a command line tool that can be used to test each method against one or more of their network devices to see which one responds.  If anyone is interested in trying this just email me (Matthew.Stormann@ca.com) and I'll send it to you.

 

Appreciate any help.

 

Thanks,

Matt