Security

Reply
Occasional Contributor II

Clearpass SNMPv3 device support

We have our Cisco managed switches setup with SNMPv3 and AES-256 privacy protocol.  We would to set these up as devices in Clearpass and do SNMP reads from them.  I was hoping that AES-256 priv support would be added in 6.7 but it appears it wasn't.  Will Clearpass be supporting AES-256 in the future for network devices?

Re: Clearpass SNMPv3 device support

SNMPv3 with AES-256 does not seem widespread and personally, I would think, AES-128 is secure enough for this purpose. The SNMPv3 standard doesn't even appear to support AES-256 at the moment, which can result in compatibility issues.

 

I have not seen this request before, and you might work with your Aruba ClearPass partner or SE to get this filed as a feature request.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor II

Re: Clearpass SNMPv3 device support

Interesting.  I didn't realize AES-256 was not officially supported in the SNMPv3 RFC even though our Cisco switches support it.

 

Switch#sh snmp user

User name: xxxxxxx
Engine ID: 80000009030070D37965B200
storage-type: nonvolatile        active
Authentication Protocol: SHA
Privacy Protocol: AES256
Group-name: xxxxxxx
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: