Werk #20033: Add AES-256-C privacy protocol for SNMPv3 pull monitoring
| Component | Core & setup | ||||||||
| Title | Add AES-256-C privacy protocol for SNMPv3 pull monitoring | ||||||||
| Date | Jun 4, 2026 | ||||||||
| Level | Trivial Change | ||||||||
| Class | New Feature | ||||||||
| Compatibility | Compatible - no manual interaction needed | ||||||||
| Checkmk versions & editions |
|
What changed
You can now select AES-256-C (Cisco) as the SNMPv3 privacy protocol when configuring SNMP credentials for a host. The option is available both in the Setup GUI (in the host's SNMP credentials) and via the REST API host-attribute configuration.
AES-256-C is Cisco's variant of AES-256 that uses a different key localization algorithm. A number of Cisco network devices require exactly this variant for SNMPv3 authPriv and will not accept the standard AES-256.
Why this matters
If you monitor Cisco devices that mandate AES-256-C, you previously had no matching option and had to fall back to a weaker or simply incompatible privacy protocol. You can now monitor these devices with their required encryption.
The new protocol works with all SNMP backends.
Event Console
The literal option AES-256-C is not added as a selectable option in the Event Console's SNMP credentials configuration, which uses a different library for processing incoming traps. In fact, the existing AES-256 option already applies Cisco-style key localization.