Does LMS 4.0.1 Support SHA 256?

douglas.mckee · ‎09-17-2014

Under LMS 4.0.1 when I look at devices under credential settings for devices SHA1 is only available. Is there an add-on that needs to be installed to support SHA 256?

Marvin Rhoads · ‎09-17-2014

Where exactly do you see the SHA settings in LMS?

I can only recall using that setting on the IOS devices themselves when specifying the integrity type for IPsec VPNs or the enable secret password encryption (type 4 - implementation flawed and thus not recommended).

You can of course create cli templates and compliance checks in LMS that use those options.

douglas.mckee · ‎09-18-2014

Under the "Inventory" tab Add/Import/Manage devices. When I select a switch to edit under credential settings the drop down box for SNMPV3 settings only has MD5 and SHA1 options available.

Marvin Rhoads · ‎09-18-2014

That's because the only SNMP v3 authentication algorithms supported (on either IOS or NX-OS or ASA software) are MD5 and SHA1.

The SNMP v3 encryption algorithms support up to AES-256 (on NX-OS and IOS) and that is selectable in the SNMPv3 credentials settings on LMS.

That applies even on the latest updated Prime LMS Version 4.2(5).

douglas.mckee · ‎09-18-2014

Marvin,

Thank you for the insightful information. Initially searching the web and LMS documentation didn't seem to provide any direct answers to this question.

Doug