11-17-2021 03:48 PM
I want to disabled SHA1 Ciphers on ISE, but I have configured SNMP for multiple switches for SNMP CoA, the SNMP authentication protocol is set to SHA, will SNMP CoA fail then? I am worried about the impact for this, I am not sure if SHA1 will be used or not,
Solved! Go to Solution.
11-23-2021 03:59 PM
Hello @SMD28316
Using ISE 3.0 and snmpwalk, I tested and the SNMPv3 agent in ISE still responds even if you disabled SHA1 in the GUI. It seems that this SHA1 disabling has nothing to do with the SNMP agent in ISE.
The Net-SNMP command below allows you to test with SHA1 (which is what I am using) and also SHA-256 etc - I tested them all - only SHA1 works with ISE.
snmpwalk -v 3 -x AES -u arne -X cisco123123 -a SHA -A cisco123123 172.16.0.10 -l authPriv
CiscoISE/admin# show snmp-server user User: arne EngineID: 9HMXXXXXXE7M Auth Protocol: sha Priv Protocol: aes-128
11-23-2021 03:59 PM
Hello @SMD28316
Using ISE 3.0 and snmpwalk, I tested and the SNMPv3 agent in ISE still responds even if you disabled SHA1 in the GUI. It seems that this SHA1 disabling has nothing to do with the SNMP agent in ISE.
The Net-SNMP command below allows you to test with SHA1 (which is what I am using) and also SHA-256 etc - I tested them all - only SHA1 works with ISE.
snmpwalk -v 3 -x AES -u arne -X cisco123123 -a SHA -A cisco123123 172.16.0.10 -l authPriv
CiscoISE/admin# show snmp-server user User: arne EngineID: 9HMXXXXXXE7M Auth Protocol: sha Priv Protocol: aes-128
12-08-2022 05:23 PM
Great answer!
Have been looking at updating our priv & auth options.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide