09-11-2018 10:20 AM
I am getting this fault in UCSM.
SNMP User can't be deployed. Error: AES is not enabled
09-11-2018 10:32 AM
Greetings.
Suspect you may have FIPS and MD5 auth at play.
-Cisco UCS Manager Release 3.2(3) and later releases do not support MD5 authentication if SNMPv3 is in Federal Information Processing Standards (FIPS) mode. As a result, any existing or new SNMPv3 users with MD5 authentication will not be deployed with these releases and the following fault message will be generated: "SNMP User testuser can't be deployed. Error: MD5 auth is not supported" on UCS manager.
To deploy such a user, change the authentication type to SHA.
Thanks,
Kirk...
09-13-2018 04:39 AM
@Kirk J wrote:
To deploy such a user, change the authentication type to SHA.
I'm not seeing that option, where is it?
09-13-2018 01:43 PM
12-13-2018 06:50 PM
SNMPv1, SNMPv2c, and SNMPv3 each represent a different security model. The security model combines with the selected security level to determine the security mechanism applied when the SNMP message is processed.
The security level determines the privileges required to view the message associated with an SNMP trap. The privilege level determines whether the message requires protection from disclosure or whether the message is authenticated. The supported security level depends on which security model is implemented. SNMP security levels support one or more of the following privileges:
noAuthNoPriv—No authentication or encryption
authNoPriv—Authentication but no encryption
authPriv—Authentication and encryption
SNMPv3 provides for both security models and security levels. A security model is an authentication strategy that is set up for a user and the role in which the user resides. A security level is the permitted level of security within a security model. A combination of a security model and a security level determines which security mechanism is employed when handling an SNMP packet.
Cisco UCS uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3 message encryption and conforms with RFC 3826.
The privacy password, or priv option, offers a choice of DES or 128-bit AES encryption for SNMP security encryption. If you enable AES-128 configuration and include a privacy password for an SNMPv3 user, Cisco UCS Manager uses the privacy password to generate a 128-bit AES key. The AES privacy password can have a minimum of eight characters. If the passphrases are specified in clear text, you can specify a maximum of 64 characters.
Cisco UCS Manager Release 3.2(3) and later releases do not support SNMPv3 users without AES encryption. Hence, any existing or newly created SNMPv3 users without AES encryption will not be deployed with these releases, and the following fault message will appear:
Major F1036 2018-02-01T14:36:32.995 99095 SNMP User testuser can't be
deployed. Error: AES is not enabled
To deploy such a user, enable AES-128 encryption.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide