I use SNMP4J (version 2.5.3) to launch SNMP queries on a target configured in SNMP V3. It works fine for all combinations of auth / priv protocols except for the privacy AES 256 protocol ! I can only get a null response.

Here is the code :

public static void main(String[] args) throws Exception
{
    String targetAddress = "udp:10.2.1.41/161";
    String userName = "mip_aes256";
    OID authProtocol = AuthSHA.ID;
    String authPassphrase = "mip_user_AuthPassword";
    OID privProtocol = PrivAES256.ID;
    String privPassphrase = "mip_user_PrivPassword";

    // build a PDU with all the OIDs
    ScopedPDU requestPDU = new ScopedPDU();
    requestPDU.add(new VariableBinding(new OID("1.3.6.1.2.1.1.1.0")));
    requestPDU.setType(PDU.GET);

    UserTarget target = new UserTarget();
    target.setTimeout(5000);
    target.setVersion(SnmpConstants.version3);
    target.setAddress(GenericAddress.parse(targetAddress));
    target.setSecurityLevel(SecurityLevel.AUTH_PRIV);
    target.setSecurityName(new OctetString(userName));

    TransportMapping<UdpAddress> transport = new DefaultUdpTransportMapping();
    Snmp snmp = new Snmp(transport);
    USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(MPv3.createLocalEngineID()), 0);
    SecurityModels.getInstance().addSecurityModel(usm);

    // add user to the USM
    snmp.getUSM().addUser(new OctetString(userName),
            new UsmUser(new OctetString(userName),
                    authProtocol,
                    new OctetString(authPassphrase),
                    privProtocol,
                    new OctetString(privPassphrase)));

    transport.listen();

    ResponseEvent re = snmp.send(requestPDU, target);
    PDU responsePDU = re.getResponse();
    if (responsePDU == null)
    {
        System.out.println("responsePDU == null :");
        System.out.println("> Error     : " + re.getError());
        System.out.println("> Address     : " + re.getPeerAddress());
        System.out.println("> Source      : " + re.getSource());
        System.out.println("> User object : " + re.getUserObject());
    }
    else if (responsePDU.getVariableBindings() != null)
    {
        for (VariableBinding vb : responsePDU.getVariableBindings())
        {
            System.out.println(vb.getOid() + " --> " + vb.getVariable());
        }
    }
}

I am pretty sure the router config is fine (Network provider config on Cisco router). My Java 8 installation (on Ubuntu 64) includes the Java Cryptography extension for unlimited strength. Do you have any idea about this issue ?

Thank you for your help,

Best regards Sylvain

SNMPv3 AES 256 is non-standard. A google for snmpv3 aes 256 will detail this. In our experience not all implementations will interoperate. That's what standardization is for.

I have found a change to make it work for a Cisco 2900.

OID privProtocol = PrivAES256With3DESKeyExtension.ID;
SecurityProtocols.getInstance().addPrivacyProtocol(new PrivAES256With3DESKeyExtension());

I hope that could help somebody !