12-19-2023 07:11 AM
I'm trying to connect my Cisco switches to be monitored. I have other devices setup to be monitored using SNMPv3 using AES256 so I know its not the monitoring system. Additionally, I can perform a snmpwalk and it works if I specify AES-256-C instead of AES-256. Does anyone have any suggestions on why the Cisco 9300s use AES-256-C instead of AES-256 and if there is any way to get them to use AES-256?
12-19-2023 07:20 AM
Usually these encryption is hardware limit.
You must use ase265-c I think
MHM
12-21-2023 12:12 AM - edited 12-21-2023 12:20 AM
take a look at this (rather old and not specific to Cisco 9300) document
SNMP Configuration Guide - AES and 3-DES Encryption Support for SNMP Version 3 [Cisco ASR 1000 Series Aggregation Services Routers] - Cisco
where the section "Information About AES and 3-DES Encryption Support for SNMP Version 3" reports
AES encryption uses the Cipher Feedback (CFB) mode with encryption key sizes of 128, 192, or 256 bits.
=> my guess is, the AES-256-C in your snmpwalk tool refers to this CFB
it suggests your tool sees a difference between AES-256 and AES-256-C but IOS sees this as AES-256
added : this document for ios-xe 17 reports the same
SNMP Configuration Guide, Cisco IOS XE 17 - AES and 3-DES Encryption Support for SNMP Version 3 [Cisco 1000 Series Integrated Services Routers] - Cisco
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide