Junos OS

I have deployed a few systems with SNMP v3, mainly EX, QFX and SRX. I have never succeeded in using SHA for the authentication part, but MD5 works like a charm. As the SNMP v3 standard is limited to MD5 and SHA1 (authentication-md5 and authentication-sha respectively in Junos), I really would like to use SHA1. (I know some implementations do allow SHA-256 etc. but that is beyond the standard I think and not supported in Junos). Today, I'm supposed to activate SNMP on a few old, old EX4200's running the latest (and probably last) Junos 12.3R12-S21. I've also seen this in EX4100 with up to date Junos. Is this a Linux SNMP thing or a Junos thing? I cannot seem to get it to work with SHA at all.

Linux command:

snmpbulkwalk -v 3 -l authPriv -u [omitted] -a md5 -A [omitted] -x aes -X [omitted] 192.168.177.11 .1.3.6.1.2.1.1.1.0

This config works:

set snmp v3 vacm security-to-group security-model usm security-name [omitted] group [omitted]
set snmp v3 vacm access group [omitted] default-context-prefix security-model usm security-level privacy read-view [omitted]
set snmp view [omitted] oid .1 include
set snmp engine-id use-mac-address
commit confirmed
set snmp v3 usm local-engine user [omitted] authentication-md5 authentication-password [omitted]
set snmp v3 usm local-engine user [omitted] privacy-aes128 privacy-password [omitted]
commit confirmed
commit check

Replacing MD5 with SHA (in both the Linus command and Junos config) does not. The command just times out.

Any ideas?

Hello,

According to this link SHA256 is was introduced in JunOS 21.1R1 and later. Unfortunately the latest your EX4200s will run is 15.1 (or 12.3), so it will never work on those.  The EX4100 should be good to go for using SHA256 with SNMPv3. 

https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/authentication-sha256-edit-snmp.html