Hi Pushpa, It's a matter of identifying it. When the packet comes in, the receiver looks at the authentication protocol and sees one value or the other. That's why you need to specify which method you are using. In theory, I expect that the receiver could just look at the auth protocol and use the same method for both values, but they don't.
- Craig On Wed, 15 Sept 2021 at 15:44, Pushpa Thimmaiah <pushpa.thimma...@gmail.com> wrote: > Hi Craig Small, > > Thank you . This is really helpful. > If AES192 and AES192C are AES standard from different entity then are > they interchangeable ? > Eg: I did configure AES192 on snmpd and use AES192C from mibbrowser. > Tool 'snmpget' fails. > > It would help me if I know why CFB-AES192 (on silvercreek browser) fails > with AES192 configured on snmp-agent. It works fine when AES192C > configured on snmpd. > > > On Wed, Sep 15, 2021 at 4:10 AM Craig Small <csm...@dropbear.xyz> wrote: > >> Hi Pushpa, >> As you have discovered, there are two AES192 standards. >> >> When you select AES192 (with no C) this is the IETF draft Blumenthal >> standard. >> >> When you select AES192C this is the Cisco "standard". >> >> What is the actual difference? As far as I can tell, it comes down to the >> OID used for some of the parameters like the IV. >> >> The Cisco standard uses something under enterprises.Cisco, as you would >> expect, while the draft IETF standard uses something under enterprises.ESO >> ESO is Extended Security Options consortium, you can see their MIB at >> http://www.snmp.com/eso/esoConsortiumMIB.txt >> >> To me, it looks like the same protocol, just how it identifies itself and >> where it stores things changes. So it's not like one is doing CFB and the >> other thought for some reason ECB was the way to go. >> >> If you look online for SNMP and AES 192 or 256, you can see this confuses >> a bunch of people (e.g. AES192 works for device X, but not device Y, why?) >> >> - Craig >> >> ObXKCD https://xkcd.com/927/ >> >> >> On Wed, 15 Sept 2021 at 01:51, Pushpa Thimmaiah < >> pushpa.thimma...@gmail.com> wrote: >> >>> Hi Folks, >>> >>> I am using SilverCreek as mib browser(windows10) and net-snmp-.5.9 on >>> snmp-agent(linux). >>> >>> *snmp-agent* >>> creatUser testmd5aes192 MD5 testingauth AES192 testingpriv >>> >>> *SilverCreek* >>> It provides CFB-AES192 option for privprotocol . So I selected >>> authprotocol as 'MD5' and priv protocol 'CFB-AES192' >>> snmpquery on fails for this >>> >>> So, I changed AES192 to AES192C at snmp-agent side as mentioned below >>> and it works >>> creatUser testmd5aes192 MD5 testingauth AES192C testingpriv >>> >>> Kindly let me know when to use AES192 and AES192C. Is it based on cipher >>> methods of AES? >>> >>> Thanks, >>> Pushpa.T >>> >>> >>> _______________________________________________ >>> Net-snmp-coders mailing list >>> Net-snmp-coders@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders >>> >>
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
