Symptom

SNMPv3 polling may fail using privacy algorithms AES192 or AES256. The output of the "show snmp-server statistics" commands shows that the "SNMP packets input" counter increases, while the "SNMP packets output" does not. fpr(config)# show snmp-server statistics 177 SNMP packets input <============== Incoming packets 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Get-bulk PDUs 0 Set-request PDUs (Not supported) 0 SNMP packets output <=========== 0 outgoing packets 0 Too big errors (Maximum packet size 1500) 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs These clients are tested: Linux netsnmp version 5.9 with AES192/AES256 support. root@ub1:~/bugs# snmpwalk -V NET-SNMP version: 5.9 Windows SnmpSoft Snmpwalk v1.01.

Conditions

The symptoms are observed when using the authentication algorithm SHA with the privacy algorithms AES192 or AES256.

Workaround

Need to use AES128 or AES192c or AES256c to do snmp v3walk. ('c' indicates cisco mib/oids)

Further Problem Description