Configuring SNMPv3 inform users in SNMP client software
search cancel

Configuring SNMPv3 inform users in SNMP client software

book

Article ID: 313036

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

An "inform request" is a Simple Network Management Protocol notification.which will be sent continually until the sending SNMP manager receives an acknowledgement that it was received. In order to receive informs, you must configure the SNMP client software with users who can receive the informs. Each user can optionally be configured with authentication and privacy protocols. For more information, see the vSphere Monitoring documentation.

Every SNMPv3 application has an engine ID, which serves as a unique identifier for the application. In an SNMPv3 transaction between two applications, one application is authoritative, meaning that it controls the flow of information. The User-Based Security Model (USM) in SNMPv3 makes use of the engine ID for the authoritative application in generating keys for authentication and encryption of SNMPv3 messages.

With SNMPv3 informs, the authoritative engine ID is the engine that receives the inform, unlike SNMPv3 traps, where the agent’s engine ID is authoritative. SNMP traps are requests which require no acknowledgement.


Environment

VMware vSphere ESXi 5.1

Resolution

Since the application receiving the inform protocol data unit (PDU) is authoritative, that means first users must be created within the client SNMP application, and then the users and the client application’s engine ID must be defined in the ESXi SNMP agent. For example, when using net-snmp 5.7, the snmptrapd program, do the following:

  1. Create the users in the /var/net-snmp/snmptrapd.conf file.

    The following example illustrates the creation of three users:

    • user1, with no authentication or privacy
    • user2, with authentication but no privacy
    • user3, with authentication and privacy
     
  2. Add the following entries to the snmptrapd.config file:

    disableAuthorization yes
    engineID 0x01234# expands to engine id: 80001f880430783031323334

    createUser user1
    authuser log user1

    createUser user2 SHA/MD5 auth-secret

    # SHA or MD5 depends on your Authorization Protocol

    authuser log user2

    createUser user3 SHA/MD5 auth-secret AES priv-secret

    # SHA or MD5 depends on your Authorization Protocol

    authuser log user3
     
  3. Start snmptrapd by typing snmptrapd -On -mALL -f -Le -c /var/net-snmp/snmptrapd.conf -d udp:2264
2264 is the port that snmptrapd listens on. snmptrapd runs in the foreground, uses the snmptrapd.conf file, and logs errors to stderr.

 

After you configure users in the SNMP client software, configure the same users in the ESXi SNMP agent. See KB 2033377: Configuring SNMPv3 inform remote users in the ESXi SNMP agent.
Powered by Wolken Software