[SNMP4J] using aes192/aes256 privacy protocols against Cisco devices

Tue Sep 18 21:13:33 CEST 2007

Hi Elad,

The Cisco device should return a report message in any case
or at least increment the snmpSilentDrops counter.

Best regards,
Frank

Elad Sarver wrote:
> Hi,
> 
> There was a draft describing the AES192 and 256. I don't think it was ever
> approved (maybe even dropped - does anyone know?)
> Anyway, both snmp4j and Cisco IOS implement it, so it should work...
> 
> Elad
> 
> 
> On 9/18/07, Matthieu Casanova <chocolat.mou at gmail.com> wrote:
>> Hi, someone stops me if I'm wrong but I think that the RFC3826 (AES
>> for USM) speaks only of AES 128, so I suppose that AES192 and 256 are
>> bonus we have in snmp4j.
>>
>> Matthieu
>>
>> 2007/9/18, Elad Sarver <elad.xx at gmail.com>:
>>> Hi,
>>>
>>> When I use the snmp4j.exe tool (latest version) to query a Cisco 7200
>> series
>>> device using AES128 encryption, it works.
>>> When I try to use the same for AES192 or AES256, the device doesn't
>> respond.
>>> not even with a Report PDU, which is always sent in other cases.
>>> Using Ethereal, I see that an encrypted AES192 PDU was sent to the
>>> device and nothing came back.
>>>
>>> I have the security policy files installed. Before they were installed,
>> a
>>> different error had occured. So it probably isn't the reason.
>>> The device is configured correctly, and traps/informs are being sent
>> from it
>>> correctly with AES192.
>>>
>>> 1. What could be the problem?
>>> 2. Was the Snmp4J tool tested against Cisco devices using these privacy
>>> protocols?
>>>
>>> thanks,
>>> Elad.
>>> _______________________________________________
>>> SNMP4J mailing list
>>> SNMP4J at agentpp.org
>>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>>>
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j

-- 
AGENT++
http://www.agentpp.com
http://www.mibexplorer.com
http://www.mibdesigner.com