Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
997
Views
0
Helpful
2
Replies

[CiscoPrime 2.0] SNMPv3 Privacy Type issues

perdata
Level 1
Level 1

‎11-07-2013 01:29 AM

Hello Cisco Community,

I tried to find a similar topic, but no luck.

So, I go ahead and discribe my problem.

We would like to switch from SNMPv2 to v3 and already added v3-setting to all devices with 3DES as privacy algorithm.

Now we would like to setup Prime 2.0 to communicate with the 3DES devices, but it's not possible to enable 3DES in Prime 2.0.

Below [1] , I added a list with all possible SNMPv3 privacy type settings in Prime 2.0 and LMS 4.2.3.

As you can see, I can't set 3DES for device discovery or the device setting.

Could you please tell me why I've to use with Prime 2.0 a low secure algorithm (DES or AES128) instead of 3DES or AES256?

And why is this setting available in LMS 4.2.3, I thought  Prime 2.0 is the replacement for LMS.

Thanks and Best,

Dennis & Thomas

[1]

Cisco Prime Infrastructure 2.0

# Administration  >  System Settings  >  SNMP Credentials  >  SNMP Credential Details

SNMPv3 Privacy Type: CBC-DES, CFB-AES-128, CFB-AES-192, CFB-AES-256

# Operate > Discovery > Discovery Settings > SNMPv3 Credential

SNMPv3 Privacy Type: DES, AES128

# Operate > Device Work Center > Edit selected Device > SNMP Parameters

SNMPv3 Privacy Type: CBC-DES, CFB-AES-128

Cisco Prime LMS 4.2.3

# Inventory > Device Administration > Add / Import / Manage Devices > Edit Credentials by selected Device

3. SNMP Credentials - Privacy Algorithm : DES, 3DES, AES128, AES192, AES256

Labels:
0 Helpful
2 Replies 2

perdata
Level 1
Level 1

‎11-12-2013 01:51 AM

Hey Guys,

any idear or maybe somebody can confirm this problem?

Thanks and Best

0 Helpful

a.olsthoorn
Level 1
Level 1
In response to perdata

‎12-05-2013 07:23 AM

Hi, I also found out that using SNMPv3 is a pain. using AES256 is not possible. AES128 is not proven using PI2.0. Using LMS 4.2.x works fine.

It seems to work when discovering and syncing using snmpv3 but lateron it is broken again. Strange behaviour.

I'm very interested in the follow up on this.

feature request:

- better logging to troubleshoot this

- AES 256 should be an selectable option to use

- enhance SNMP communication between switches and PI

regards

Ad

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents