Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Does LMS 4.0.1 Support SHA 256?

Under LMS 4.0.1 when I look at devices under credential settings for devices SHA1 is only available. Is there an add-on that needs to be installed to support SHA 256?

4 REPLIES
Hall of Fame Super Silver

Where exactly do you see the

Where exactly do you see the SHA settings in LMS?

I can only recall using that setting on the IOS devices themselves when specifying the integrity type for IPsec VPNs or the enable secret password encryption (type 4 - implementation flawed and thus not recommended).

You can of course create cli templates and compliance checks in LMS that use those options.

Community Member

Under the "Inventory" tab Add

Under the "Inventory" tab Add/Import/Manage devices. When I select a switch to edit under credential settings the drop down box for SNMPV3 settings only has MD5 and SHA1 options available.

Hall of Fame Super Silver

That's because the only SNMP

That's because the only SNMP v3 authentication algorithms supported (on either IOS or NX-OS or ASA software) are MD5 and SHA1.

The SNMP v3 encryption algorithms support up to AES-256 (on NX-OS and IOS) and that is selectable in the SNMPv3 credentials settings on LMS.

That applies even on the latest updated Prime LMS Version 4.2(5).

Community Member

Marvin,Thank you for the

Marvin,

Thank you for the insightful information. Initially searching the web and LMS documentation didn't seem to provide any direct answers to this question.

 

Doug

 

152
Views
5
Helpful
4
Replies
CreatePlease to create content