sapwalk on a Cisco device not responding when using the AES256 privacy protocol

search cancel

sapwalk on a Cisco device not responding when using the AES256 privacy protocol

book

Article ID: 373485

calendar_today

Updated On:

Products

DX NetOps CA Performance Management - Usage and Administration

Issue/Introduction

When executing the sapwalk like in the example below I am not getting any response , it times out or giving back errors:

./sapwalk2 -i #.#.#.# -v v3 -s 1 -u <AuthUser> -l AP -xt SHA -xa '#####' -xp '######' -xe AES256  -t 3000

Environment

DX Netops Performance Management 22.2 and above

Cause

Cisco devices use a Cisco specific type of the AES256 algorithm.

Resolution

To use a Cisco specific protocol execute the -xe parameter wiht one of the protocols: AES192C/AES256C



./sapwalk2 -i #.#.#.# -v v3 -s 1 -u <AuthUser> -l AP -xt SHA -xa '#####' -xp '######' -xe AES256C-t 3000

ref:

# ./sapwalk2 --help
#sapwalk2: ver 25.0
#Copyright (c) 1994-2021 SIMPLESOFT Inc.
Usage: sapwalk2 
         -i  ip_address 
         -v  snmp_version(v1/v2c/v3)
         -s  startoid 
         <-c  community for v1/v2c           >
         <-u  username  for v3               >
         <-l  seclevel  (nAnP/AnP/AP) for v3 >
         [-xt auth type (MD5/SHA/SHA224/SHA256/SHA384/SHA512) for v3] 
         [-xa auth password for v3           ] 
         [-xp priv password for v3           ] 
         [-xn ctxtname  for v3               ] 
         [-xe priv type (DES/3DES/AES128/AES192/AES256/AES192C/AES256C)for v3] 
         [-xi ctxtid    for v3 (will discover if not specified)]

Additional Information

https://community.cisco.com/t5/network-management/snmpv3-aes192-256-key-localization-not-done-via-aes-draft/td-p/2954763

Feedback

thumb_up Yes

thumb_down No