search cancel

Devices configure SNMPv3 SHA/AES are not able to be discovered and modeled in Spectrum

book

Article ID: 36943

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Devices configured to use SNMPv3 SHA/AES are not able to be discovered and modeled in Spectrum.

Environment

Spectrum 10.x

Cause

Out of the box, Spectrum is configured to discover and model SNMPv3 devices configured with MD5/DES. 

Resolution

Out of the box, Spectrum is configured to discover and model SNMPv3 devices configured with MD5/DES. This is controlled by the following entries in the $SPECROOT/SS/.vnmrc file:



snmpv3_default_auth_protocol=md5
snmpv3_default_priv_protocol=des




Devices that are configured to use SHA/AES can be modeled in Spectrum using either of the following methods:



  1. Change the default configuration in the $SPECROOT/SS/.vnmrc file as follows and then restart the SpectroSERVER process for the change to take affect:


snmpv3_default_auth_protocol=sha
snmpv3_default_priv_protocol=aes


NOTE: This is a global so all SNMPv3 discovery and modeling will now use SHA/AES.


  1. You can have a mixed environment where some devices use MD5/DES and some use SHA/AES. To do this, you will need to decide which is going to be the default and configure the $SPECROOT/SS/.vnmrc file accordingly. As an example, if you leave the defaults at MD5/DES, to manage devices that use SHA/AES, when you create your SNMPv3 profile, you can override the default to explicitly use SHA/AES. To override the default authentication to use SHA, enter the following in the SNMPv3 profile in the Authentication Password field where <authpassword> is the Authentication Password:


SHA^<authpassword>



To override the default privacy to use AES, enter the following in the SNMPv3 profile in the Privacy Password field where <privpassword> is the Privacy Password:



AES^<privpassword>



Now when using this new SNMPv3 profile, SHA/AES will override the MD5/DES defaults.

Additional Information

For more information, please reference "SNMPv3 Support" in the Spectrum 10 docops guide online:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/spectrum/10-4-1/managing-network/modeling-and-managing-your-it-infrastructure/snmpv3-support.html