SNMP Research International, Inc.

Secure Your Network

Information about SNMP

Technology Initiatives

SNMPv3 with AES-256

SNMPv3 Security with 256 bit AES encryption is available in many products today. AES-256 enhances encryption capabilities of SNMPv3 beyond the SNMPv3 standard.

Some network devices, including most Cisco devices, support SNMP with 256 bit AES. Some other devices do not. The net-snmp agent does not support AES256 with SNMPv3/USM. While most operating system platforms like Windows, Linux, and FreeBSD do not support it off-the-shelf, there are 3rd party SNMPv3 agents available for these platforms that support SNMPv3 with AES-256. One such agent is CIAgent.

There are only a few SNMP Managers that support SNMP with 256 bit AES; however, adapters exist that allow older managers to use AES-256. Examples of managers that support AES-256 are CA eHealth, LogMatix NerveCenter, and SNMP Research BRASS. Other managers may be able to take advantage of the Distributed SNMP Security Pack (DSSP) as an adapter layer to allow existing managers to speak AES-256.

When using AES-256 with authentication protocols with key lengths less than 256 bits (such as md5 and sha1), there needs to be a standard mechanism to produce the localized keys. Since SNMPv3 does not currently provide such a standard, there needs to be an agreed upon way to do key localization. The most common approach is the one used by Cisco which is based on a variation of the Reeder 3DES draft. This is not an issue when using SHA-2 with 256 or more bits for authentication; therefore, it is recommended to use SHA-2 for authentication when using AES-256 for encryption because no key extension is needed.

MIB support for 128-bit AES is defined in the SNMPv3 standard MIB SNMP-USM-AES-MIB. Private extensions for 256-bit AES are available in private MIBs such as CISCO-SNMP-USM-OIDS-MIB or ESO-CONSORTIUM-MIB.

Sources for More Information

Contact Information

For more information about SNMPv3 with AES-256, please contact SNMP Research International, Inc.
You can fill out a Sales Query and one of our sales people will respond to your request quickly.

SNMP Research International, Inc.
3001 Kimberlin Heights Rd.
Knoxville, TN 37920
Tel: +1 865 579 3311
Fax: +1 865 579 6565