Devices configure SNMPv3 SHA/AES are not able to be discovered and modeled in Spectrum

book

Article ID: 36943

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Devices configured to use SNMPv3 SHA/AES are not able to be discovered and modeled in Spectrum.

Cause

Out of the box, Spectrum is configured to discover and model SNMPv3 devices configured with MD5/DES. 

Environment

Spectrum 10.x

Resolution

Out of the box, Spectrum is configured to discover and model SNMPv3 devices configured with MD5/DES. This is controlled by the following entries in the $SPECROOT/SS/.vnmrc file:



snmpv3_default_auth_protocol=md5
snmpv3_default_priv_protocol=des




Devices that are configured to use SHA/AES can be modeled in Spectrum using either of the following methods:



  1. Change the default configuration in the $SPECROOT/SS/.vnmrc file as follows and then restart the SpectroSERVER process for the change to take affect:


snmpv3_default_auth_protocol=sha
snmpv3_default_priv_protocol=aes


NOTE: This is a global so all SNMPv3 discovery and modeling will now use SHA/AES.


  1. You can have a mixed environment where some devices use MD5/DES and some use SHA/AES. To do this, you will need to decide which is going to be the default and configure the $SPECROOT/SS/.vnmrc file accordingly. As an example, if you leave the defaults at MD5/DES, to manage devices that use SHA/AES, when you create your SNMPv3 profile, you can override the default to explicitly use SHA/AES. To override the default authentication to use SHA, enter the following in the SNMPv3 profile in the Authentication Password field where <authpassword> is the Authentication Password:


SHA^<authpassword>



To override the default privacy to use AES, enter the following in the SNMPv3 profile in the Privacy Password field where <privpassword> is the Privacy Password:



AES^<privpassword>



Now when using this new SNMPv3 profile, SHA/AES will override the MD5/DES defaults.

Additional Information

For more information, please reference "SNMPv3 Support" in the Spectrum 10 docops guide online:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/spectrum/10-4-1/managing-network/modeling-and-managing-your-it-infrastructure/snmpv3-support.html