Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

SNMPv3 authentication and privacy protocols





Details about algorithms used for SNMPv3 in authentication and privacy protocols.


Product: Flowmon OS

Version: Any

Platform: Any

Question/Problem Description:

Is it possible to use AES256 when obtaining flow source information via SNMPv3?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  

Flowmon OS uses standard implementations of SNMP, like net-snmp and PHP snmp functions. These are following the RFCs.

Authentication is defined in RFC 3414 ( and defines:

  • HMAC-MD5-96,
  • HMAC-SHA-96

The same RFC also defines privacy protocol as CBC-DES.

The privacy protocol was later extended by RFC 3826 ( to CFB128-AES-128.

If Flowmon OS is configured (Monitoring Center - Sources) to use SHA + AES for obtaining information via SNMPv3, it uses HMAC-SHA-96 and CFB128-AES-128 as defined by RFCs. Other algorithms are not supported. 

It might be possible to use SHA256 (proposal and AES256 (not defined by RFC) in SNMP, but it is pretty rare, and many tools do not support it.

CLI snmpwalk also uses HMAC-SHA-96 and CFB128-AES-128. 


Was this article helpful?
0 out of 0 found this helpful