I use SNMP4J (version 2.5.3) to launch SNMP queries on a target configured in SNMP V3. It works fine for all combinations of auth / priv protocols except for the privacy AES 256 protocol ! I can only get a null response.
Here is the code :
public static void main(String[] args) throws Exception
{
String targetAddress = "udp:10.2.1.41/161";
String userName = "mip_aes256";
OID authProtocol = AuthSHA.ID;
String authPassphrase = "mip_user_AuthPassword";
OID privProtocol = PrivAES256.ID;
String privPassphrase = "mip_user_PrivPassword";
// build a PDU with all the OIDs
ScopedPDU requestPDU = new ScopedPDU();
requestPDU.add(new VariableBinding(new OID("1.3.6.1.2.1.1.1.0")));
requestPDU.setType(PDU.GET);
UserTarget target = new UserTarget();
target.setTimeout(5000);
target.setVersion(SnmpConstants.version3);
target.setAddress(GenericAddress.parse(targetAddress));
target.setSecurityLevel(SecurityLevel.AUTH_PRIV);
target.setSecurityName(new OctetString(userName));
TransportMapping<UdpAddress> transport = new DefaultUdpTransportMapping();
Snmp snmp = new Snmp(transport);
USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(MPv3.createLocalEngineID()), 0);
SecurityModels.getInstance().addSecurityModel(usm);
// add user to the USM
snmp.getUSM().addUser(new OctetString(userName),
new UsmUser(new OctetString(userName),
authProtocol,
new OctetString(authPassphrase),
privProtocol,
new OctetString(privPassphrase)));
transport.listen();
ResponseEvent re = snmp.send(requestPDU, target);
PDU responsePDU = re.getResponse();
if (responsePDU == null)
{
System.out.println("responsePDU == null :");
System.out.println("> Error : " + re.getError());
System.out.println("> Address : " + re.getPeerAddress());
System.out.println("> Source : " + re.getSource());
System.out.println("> User object : " + re.getUserObject());
}
else if (responsePDU.getVariableBindings() != null)
{
for (VariableBinding vb : responsePDU.getVariableBindings())
{
System.out.println(vb.getOid() + " --> " + vb.getVariable());
}
}
}
I am pretty sure the router config is fine (Network provider config on Cisco router). My Java 8 installation (on Ubuntu 64) includes the Java Cryptography extension for unlimited strength. Do you have any idea about this issue ?
Thank you for your help,
Best regards Sylvain
I have found a change to make it work for a Cisco 2900.
I hope that could help somebody !
SNMPv3 AES 256 is non-standard. A google for snmpv3 aes 256 will detail this. In our experience not all implementations will interoperate. That's what standardization is for.