cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1893
Views
2
Helpful
2
Replies

Cisco 9300 SNMPv3 using AES-256-C instead of AES-256

kirkthatitguy
Level 1
Level 1

I'm trying to connect my Cisco switches to be monitored.  I have other devices setup to be monitored using SNMPv3 using AES256 so I know its not the monitoring system.  Additionally, I can perform a snmpwalk and it works if I specify AES-256-C instead of AES-256.  Does anyone have any suggestions on why the Cisco 9300s use AES-256-C instead of AES-256 and if there is any way to get them to use AES-256?

2 Replies 2

Usually these encryption is hardware limit.

You must use ase265-c I think

MHM

pieterh
VIP
VIP

take a look at this (rather old and not specific to Cisco 9300) document 
SNMP Configuration Guide - AES and 3-DES Encryption Support for SNMP Version 3 [Cisco ASR 1000 Series Aggregation Services Routers] - Cisco

where the section "Information About AES and 3-DES Encryption Support for SNMP Version 3" reports

  • AES encryption uses the Cipher Feedback (CFB) mode with encryption key sizes of 128, 192, or 256 bits.

=> my guess is, the AES-256-C in your snmpwalk tool refers to this CFB
it suggests your tool sees a difference between AES-256 and AES-256-C but IOS sees this as AES-256

 

added : this document for ios-xe 17 reports the same 
SNMP Configuration Guide, Cisco IOS XE 17 - AES and 3-DES Encryption Support for SNMP Version 3 [Cisco 1000 Series Integrated Services Routers] - Cisco