ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
CA Spectrum Unable to Discover SNMPv3 device using hashed passwords (HMAC)
Article ID: 128050
Updated On:
Products
CA Spectrum
Issue/Introduction
Users are not able to discover SNMPv3 devices in Spectrum even though the agent configuration is correct. When reviewing a sniffer trace, the agent responds to Spectrum with usmStatsWrongDigests, which indicates that the authentication information between Spectrum and the SNMPv3 agent are incorrect. Upon further inspection of the agent, it was found that the passwords were hashed.
Cause
Spectrum does not support HMAC-SHA-2 (Hashed Message Authentication Mode) authentication.
Environment
Release:
Component: SPCAPP
Component: SPCAPP
Resolution
Reconfigure the SNMPv3 agent so that it does not use HMAC 2 authentication. The following hash algorithms are HMAC-2 and are not supported:
usmHMAC192SHA256AuthProtocol
usmHMAC128SHA224AuthProtocol
usmHMAC256SHA384AuthProtocol
usmHMAC384SHA512AuthProtocol
The Spectrum SNMP agent supports the standard SHA-1 and MD5 hashing algorithms:
HMAC-MD5-96 (used as 'MD5' in Spectrum)
HMAC-SHA-96 (used as 'SHA' in Spectrum)
usmHMAC192SHA256AuthProtocol
usmHMAC128SHA224AuthProtocol
usmHMAC256SHA384AuthProtocol
usmHMAC384SHA512AuthProtocol
The Spectrum SNMP agent supports the standard SHA-1 and MD5 hashing algorithms:
HMAC-MD5-96 (used as 'MD5' in Spectrum)
HMAC-SHA-96 (used as 'SHA' in Spectrum)
Additional Information
Support for SHA2 was introduced in Spectrum release 10.4.2.0 and above:
Supporting SHA-256 and SHA-512 for SNMPv3
DX NetOps Spectrum
now supports SHA-256 and SHA-512 hashing algorithms for SNMPv3 communication. This ability helps you communicate with the devices by using a more secure SNMP communication. You can use the appropriate option (SHA256 or SHA512) while creating the SNMPv3 profile. You can then select that created profile to discover (Module Discovery) the related device or to fetch (MIB Tools) the device information.For more information about how to use these options, see the "Configuring the SNMPv3 Profile" section in Edit SNMPv3 Profiles Dialog.
Feedback
Yes
No
Powered by
