cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2296
Views
16
Helpful
2
Replies

What SHA ciphers are used for network device SNMP?

SMD28316
Level 1
Level 1

I want to disabled SHA1 Ciphers on ISE, but I have configured SNMP for multiple switches for SNMP CoA, the SNMP authentication protocol is set to SHA, will SNMP CoA fail then? I am worried about the impact for this, I am not sure if SHA1 will be used or not,

1 Accepted Solution

Accepted Solutions

Arne Bier
VIP
VIP

Hello @SMD28316 

 

Using ISE 3.0 and snmpwalk, I tested and the SNMPv3 agent in ISE still responds even if you disabled SHA1 in the GUI. It seems that this SHA1 disabling has nothing to do with the SNMP agent in ISE.

 

The Net-SNMP command below allows you to test with SHA1 (which is what I am using) and also SHA-256 etc - I tested them all - only SHA1 works with ISE.

snmpwalk -v 3 -x AES -u arne -X cisco123123 -a SHA -A cisco123123 172.16.0.10 -l authPriv
CiscoISE/admin# show snmp-server user
User: arne
  EngineID: 9HMXXXXXXE7M
  Auth Protocol: sha
  Priv Protocol: aes-128

ISE-SNMPv3.png

View solution in original post

2 Replies 2

Arne Bier
VIP
VIP

Hello @SMD28316 

 

Using ISE 3.0 and snmpwalk, I tested and the SNMPv3 agent in ISE still responds even if you disabled SHA1 in the GUI. It seems that this SHA1 disabling has nothing to do with the SNMP agent in ISE.

 

The Net-SNMP command below allows you to test with SHA1 (which is what I am using) and also SHA-256 etc - I tested them all - only SHA1 works with ISE.

snmpwalk -v 3 -x AES -u arne -X cisco123123 -a SHA -A cisco123123 172.16.0.10 -l authPriv
CiscoISE/admin# show snmp-server user
User: arne
  EngineID: 9HMXXXXXXE7M
  Auth Protocol: sha
  Priv Protocol: aes-128

ISE-SNMPv3.png

Mark Potter
Level 1
Level 1

Great answer!

Have been looking at updating our priv & auth options.