Hi Craig Small, Thank you . This is really helpful. If AES192 and AES192C are AES standard from different entity then are they interchangeable ? Eg: I did configure AES192 on snmpd and use AES192C from mibbrowser. Tool 'snmpget' fails.
It would help me if I know why CFB-AES192 (on silvercreek browser) fails with AES192 configured on snmp-agent. It works fine when AES192C configured on snmpd. On Wed, Sep 15, 2021 at 4:10 AM Craig Small <csm...@dropbear.xyz> wrote: > Hi Pushpa, > As you have discovered, there are two AES192 standards. > > When you select AES192 (with no C) this is the IETF draft Blumenthal > standard. > > When you select AES192C this is the Cisco "standard". > > What is the actual difference? As far as I can tell, it comes down to the > OID used for some of the parameters like the IV. > > The Cisco standard uses something under enterprises.Cisco, as you would > expect, while the draft IETF standard uses something under enterprises.ESO > ESO is Extended Security Options consortium, you can see their MIB at > http://www.snmp.com/eso/esoConsortiumMIB.txt > > To me, it looks like the same protocol, just how it identifies itself and > where it stores things changes. So it's not like one is doing CFB and the > other thought for some reason ECB was the way to go. > > If you look online for SNMP and AES 192 or 256, you can see this confuses > a bunch of people (e.g. AES192 works for device X, but not device Y, why?) > > - Craig > > ObXKCD https://xkcd.com/927/ > > > On Wed, 15 Sept 2021 at 01:51, Pushpa Thimmaiah < > pushpa.thimma...@gmail.com> wrote: > >> Hi Folks, >> >> I am using SilverCreek as mib browser(windows10) and net-snmp-.5.9 on >> snmp-agent(linux). >> >> *snmp-agent* >> creatUser testmd5aes192 MD5 testingauth AES192 testingpriv >> >> *SilverCreek* >> It provides CFB-AES192 option for privprotocol . So I selected >> authprotocol as 'MD5' and priv protocol 'CFB-AES192' >> snmpquery on fails for this >> >> So, I changed AES192 to AES192C at snmp-agent side as mentioned below >> and it works >> creatUser testmd5aes192 MD5 testingauth AES192C testingpriv >> >> Kindly let me know when to use AES192 and AES192C. Is it based on cipher >> methods of AES? >> >> Thanks, >> Pushpa.T >> >> >> _______________________________________________ >> Net-snmp-coders mailing list >> Net-snmp-coders@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders >> >
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders