topic Re: What SHA ciphers are used for network device SNMP? in Network Access Control

What SHA ciphers are used for network device SNMP?

SMD28316 — Wed, 17 Nov 2021 23:48:31 GMT

I want to disabled SHA1 Ciphers on ISE, but I have configured SNMP for multiple switches for SNMP CoA, the SNMP authentication protocol is set to SHA, will SNMP CoA fail then? I am worried about the impact for this, I am not sure if SHA1 will be used or not,

Re: What SHA ciphers are used for network device SNMP?

Arne Bier — Tue, 23 Nov 2021 23:59:36 GMT

Hello @SMD28316

Using ISE 3.0 and snmpwalk, I tested and the SNMPv3 agent in ISE still responds even if you disabled SHA1 in the GUI. It seems that this SHA1 disabling has nothing to do with the SNMP agent in ISE.

The Net-SNMP command below allows you to test with SHA1 (which is what I am using) and also SHA-256 etc - I tested them all - only SHA1 works with ISE.

snmpwalk -v 3 -x AES -u arne -X cisco123123 -a SHA -A cisco123123 172.16.0.10 -l authPriv

CiscoISE/admin# show snmp-server user
User: arne
  EngineID: 9HMXXXXXXE7M
  Auth Protocol: sha
  Priv Protocol: aes-128

Re: What SHA ciphers are used for network device SNMP?

Mark Potter — Fri, 09 Dec 2022 01:23:06 GMT

Great answer!

Have been looking at updating our priv & auth options.