Error received creating V3 profile via REST. Failure - Privacy protocol is not valid. Values should be DES, 3DES, AES, AES256
search cancel

Error received creating V3 profile via REST. Failure - Privacy protocol is not valid. Values should be DES, 3DES, AES, AES256

book

Article ID: 403498

calendar_today

Updated On:

Products

Network Observability

Issue/Introduction

When you try to add SNMP v3 profiles via REST using AES128 you get unexpected error while it is possible in the OneClick GUI.  You followed the documented steps here using a POST call to

http://<spectrum OneClick host>:<spectrum OneClick port>/spectrum/restful/v3profiles/createv3profiles

with the following payload:

<rs:v3profile-request
 xmlns:rs="http://www.ca.com/spectrum/restful/schema/request"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.ca.com/spectrum/restful/schema/request ../../../xsd/Request.xsd">
 <rs:v3profile-create-list>
   <rs:create-v3profile>
    <rs:profile-name profile-name="V3SHA256AES128"/>
    <rs:user-name user-name="user1"/>
    <rs:security-level security-level="2"/> 
    <rs:auth-proto auth-proto="SHA256"/> 
    <rs:auth-password auth-password="xxxxxxxxx"/>  
    <rs:priv-proto priv-proto="AES128"/> 
    <rs:priv-password priv-password="yyyyyyyyyy"/>
    <rs:secure-domain secure-domain="None"/>
    <rs:dh-flag dh-flag="0"/>
    <rs:dh-random-number dh-random-number=""/>
   </rs:create-v3profile>
 </rs:v3profile-create-list>
</rs:v3profile-request>

The result was a failure and the following message

Failure - Privacy protocol is not valid. Values should be DES, 3DES, AES, AES256

When you run it as AES it creates the profile with AES128.

 

Environment

All version of DX NetOps Spectrum up to 24.3.12

Cause

The error checking in the code was incorrect. 

Resolution

This will be addressed via code fix in the 24.3.12 release. 

Until then, the same create V3 profile functionality exists on REST as in the OneClick GUI.  If you wish to use AES128 please specify AES and it will create with AES128.  Internally AES is linked to AES128. When we create a profile with "<rs:priv-proto priv-proto="AES"/>" then the privacy protocol will be set to AES128 for the created v3 profile. Community string will also have "AES^" for the AES128 privacy protocol.

 

Powered by Wolken Software