I have configured 2 users on a SNMP v3 server (a Cisco router):
- A user that uses DES as the privacy method (
desuser) - A user that uses AES 128 as the privacy method (
aesuser)
The privacy password and the authentication password for both the users were set to the same: 12345678 for testing purposes.
Using the code in the link below (at end of question), I was able to perform SNMP v3 queries using DES as the privacy method. For this I used the following command line args:
-v=3 -l=authPriv -a=MD5 -A=12345678 -x=DES -X=12345678 -u=desuser 10.10.10.1 1.3.6.1.2.1.2.2.1.7.1
The above worked without any issue.
I then tried to use AES 128 as the privacy method by changing the privacy method and the user on the command line args as below:
-v=3 -l=authPriv -a=MD5 -A=12345678 -x=AES -X=12345678 -u=aesuser 10.10.10.1 1.3.6.1.2.1.2.2.1.7.1
This resulted in a TimeoutException:
I am able to use both these users (aesuser and desuser) on other SNMP agents without any issue.
Please let me know:
What needs to be specified in the command line arg
-xwhen using AES 128? Should it be justAESorAES128?When I reviewed the code for
snmpget(in the link at the end), I noticed that the value assigned to the command line arg-xis assigned to a variable calledprivacy. However, this variable is never used later in the code when setting theIPrivacyProviderobject. The only two code paths available when setting the this object isDESPrivacyProviderandDefaultPrivacyProvider. (see code extract below) Shouldn't these be something likeAESPrivacyProviderthat would enable the AES privacy method on the code?
Code extract from the snmpget project's Program.vb:
Dim priv As IPrivacyProvider
If ((level And Levels.Privacy) = Levels.Privacy) Then
priv = New AESPrivacyProvider(New OctetString(privPhrase), auth)
Else
priv = New DefaultPrivacyProvider(auth)
End If
https://github.com/lextm/sharpsnmplib/blob/master/Samples/VB.NET/snmpget/
