Cisco 9300 SNMPv3 using AES-256-C instead of AES-256

kirkthatitguy · ‎12-19-2023

I'm trying to connect my Cisco switches to be monitored. I have other devices setup to be monitored using SNMPv3 using AES256 so I know its not the monitoring system. Additionally, I can perform a snmpwalk and it works if I specify AES-256-C instead of AES-256. Does anyone have any suggestions on why the Cisco 9300s use AES-256-C instead of AES-256 and if there is any way to get them to use AES-256?

MHM Cisco World · ‎12-19-2023

Usually these encryption is hardware limit.

You must use ase265-c I think

MHM

pieterh · ‎12-21-2023

take a look at this (rather old and not specific to Cisco 9300) document
SNMP Configuration Guide - AES and 3-DES Encryption Support for SNMP Version 3 [Cisco ASR 1000 Series Aggregation Services Routers] - Cisco

where the section "Information About AES and 3-DES Encryption Support for SNMP Version 3" reports

AES encryption uses the Cipher Feedback (CFB) mode with encryption key sizes of 128, 192, or 256 bits.

=> my guess is, the AES-256-C in your snmpwalk tool refers to this CFB
it suggests your tool sees a difference between AES-256 and AES-256-C but IOS sees this as AES-256

added : this document for ios-xe 17 reports the same
SNMP Configuration Guide, Cisco IOS XE 17 - AES and 3-DES Encryption Support for SNMP Version 3 [Cisco 1000 Series Integrated Services Routers] - Cisco