wizard based add router snmp v3 authpriv AES256 no response

[uzairhussainpk]

Dear sir ,
i like to add a router which is using snmp v3 authPriv AES256 encryption , when i add it using nagiosxi wizard switch/router its not adding, when i did snmpwalk from command line , it gave me mesg "NO RESPONSE from 10.1.1.5" means its not using AES256 and router encrypted mesg could not be understand by my machine or may be i am doing some mistake. kindly suggest me what should I do.

snmpwalk -v 3 -u xyx -l authPriv -a MD5 -A "dkfjdklfldfd" -x AES256 -X "dkfjkdfldf" 10.1.1.5

Reg.
Masroor

[cdienger]

DES and AES are currently the only options available in the wizard and in the check_snmp plugin used by the wizard to create the checks. Can you configure the device to use AES?

[uzairhussainpk]

I did search on net for this issue. I found that if I could manage to install net-snmp version 5.8, it gives AES192 and AES256 protocol support.
The thing is , last rpm package only available is 5.7 for CentOS 7. I would like to ask, if I could compile source code net-snmp 5.8 then what will you suggest.

Reg,
Masroor.

[cdienger]

That would at least be a step in the direction of getting AES256 working but I'd have to look into what other changes would be needed. I'd suggest trying to set this up on a lab machine first if you want to explore this. The first thing I noticed that was necessary is to compile the source with the "--enable-blumenthal-aes" option:

Code: Select all

./configure --enable-blumenthal-aes
make
make install

This puts the snmpget and snmpwalk binaries in /usr/local/bin/, which may be ideal for testing. You can simply replace the existing binaries with the new ones and switch back if needed. I would then try running the checks using check_ifoperstatus and check_ifoperstatnag directly on the command line.