Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass SNMPv3 device support

This thread has been viewed 9 times

  • 1.  Clearpass SNMPv3 device support

    Posted Jan 19, 2018 07:38 AM

    We have our Cisco managed switches setup with SNMPv3 and AES-256 privacy protocol.  We would to set these up as devices in Clearpass and do SNMP reads from them.  I was hoping that AES-256 priv support would be added in 6.7 but it appears it wasn't.  Will Clearpass be supporting AES-256 in the future for network devices?



  • 2.  RE: Clearpass SNMPv3 device support
    Best Answer

    EMPLOYEE
    Posted Jan 22, 2018 05:26 AM

    SNMPv3 with AES-256 does not seem widespread and personally, I would think, AES-128 is secure enough for this purpose. The SNMPv3 standard doesn't even appear to support AES-256 at the moment, which can result in compatibility issues.

     

    I have not seen this request before, and you might work with your Aruba ClearPass partner or SE to get this filed as a feature request.



  • 3.  RE: Clearpass SNMPv3 device support

    Posted Jan 22, 2018 07:33 AM

    Interesting.  I didn't realize AES-256 was not officially supported in the SNMPv3 RFC even though our Cisco switches support it.

     

    Switch#sh snmp user

User name: xxxxxxx
Engine ID: 80000009030070D37965B200
storage-type: nonvolatile        active
Authentication Protocol: SHA
Privacy Protocol: AES256
Group-name: xxxxxxx