CA Spectrum Unable to Discover SNMPv3 device using hashed passwords (HMAC)

book

Article ID: 128050

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Users are not able to discover SNMPv3 devices in Spectrum even though the agent configuration is correct.  When reviewing a sniffer trace, the agent responds to Spectrum with usmStatsWrongDigests, which indicates that the authentication information between Spectrum and the SNMPv3 agent are incorrect.  Upon further inspection of the agent, it was found that the passwords were hashed.

Cause

Spectrum does not support HMAC-SHA-2 (Hashed Message Authentication Mode) authentication.

Environment

Release:
Component: SPCAPP

Resolution

Reconfigure the SNMPv3 agent so that it does not use HMAC 2 authentication.  The following hash algorithms are HMAC-2 and are not supported:

usmHMAC192SHA256AuthProtocol
usmHMAC128SHA224AuthProtocol
usmHMAC256SHA384AuthProtocol
usmHMAC384SHA512AuthProtocol


The Spectrum SNMP agent supports the standard SHA-1 and MD5 hashing algorithms:

HMAC-MD5-96 (used as 'MD5' in Spectrum)
HMAC-SHA-96 (used as 'SHA' in Spectrum)