When configuring SNMP V3 on a Cisco Catalyst 1000 device running IOS V15.2, SHA-2 Authentication is not available and so the device is configured with SHA-1 Authentication with AES-256 Encryption.
When setting up the Element SNMP V3 in DataMiner, this combination is not allowed and the element states that the algorithm combination is invalid or unsupported. This is also stated in the DataMiner help.
Is there a particular reason this combination is not allowed in DataMiner or is there a workaround available to set up the Element with SHA-1 and AES-256, as this is our preferred configuration choice in this case?
Hi Chris,
According to this SNMP research page, this is because the authentication key is shorter than the encryption key length while using AES-256 with SHA-1. They also mention the Reeder 3DES implementation can fix this, which DataMiner does not support. We could look into adding this through a new software feature.
To fix your problem, you could try using AES-128 authentication (if your device supports that).