Support for AES192 and AES256

Joon commented 9 months ago

I am attempting to connect to devices that use AES256 for SNMP V3, and need some assistance with general setup. I am able to make 128 bit AES connections, but am getting timeouts for AES256 connections.

Is AES 256 supported by SNMP::Info? If so, how should I enable it? Also, how can I troubleshoot the root cause of my timeout errors?

Expected Behavior

SNMP::Info can connect to a device using AES 256 as the privacy protocol for SNMP V3

Current Behavior

SNMP::Info times out when connecting to a device with AES 192 or AES256, but works fine for AES 128

Steps to Reproduce (for bugs)

Build a docker container using Alpine 3.18 as the base
Install net-snmp-perl (version net-snmp-perl-5.9.3-r3 is installed according to apk)
Install SNMP::Info from CPAN (version 3.94 is installed)
Start a session with "my $info = new SNMP::Info(%infoParams)", with %infoParams containing a PrivProto value of "AES256"

Your Environment

SNMP::Info version used: 3.94
Netdisco version (if used): n/a

ollyg commented 8 months ago

Hi @Joon

I think you can try "AES192C" and "AES256C" instead of AES192 and AES256. Apparently there are Cisco specific versions of the algorithms.

If you dont have Cisco, then I am a bit stumped, as your package/version of net-snmp should include the support and have it enabled.

Do let me know how you get on

regards Oliver.

Joon commented 8 months ago

Thank you @ollyg , that was the issue, it was the “-C” versions that I had to use. I forgot to close out this issue once I figured it out

Thank you for getting back to me!

netdisco / snmp-info