SNMP Configuration for vCenter Server Appliance (VCSA)
search cancel

SNMP Configuration for vCenter Server Appliance (VCSA)

book

Article ID: 325026

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

The vCenter Server Appliance (VCSA) includes a built-in SNMP agent capable of sending trap notifications and responding to GET, GETBULK, and GETNEXT requests. Proper configuration of this agent is a prerequisite for third-party discovery and monitoring platforms. To successfully extract system information and health metrics from the appliance.

This article provides the command-line interface (CLI) steps to configure the SNMP agent for both basic polling (v1/v2c) and secure polling (v3).

Environment

vCenter Server Appliance

Cause

SNMP configuration for vCenter Server Appliance

Resolution

1. Access the Appliance Shell

  1. Log in to the vCenter Server Appliance via SSH using root credentials.
  2. If the appliance is configured to use the BASH shell by default, type appliancesh to enter the VMware Appliance Management Shell.
  3. Run the following command to view the current configuration:
    bash
     
    snmp.get

2. Configure SNMP v1 / v2c (Basic Polling)

If your monitoring tool (e.g., BMC Helix) uses community-based polling, follow these steps:

  1. Set the Community String: Replace <community_string> with your password (e.g., public or a custom string).
     
    snmp.set --communities <community_string>
  2. Configure SNMP Targets (Optional for Traps): Specify the IP of the monitoring server and the port (default 162).
     
    snmp.set --targets <Monitoring_Server_IP>@162/<community_string>
  3. Set Logging Level: Set the verbosity to warning (recommended) or debug for troubleshooting.
     
    snmp.set --loglevel warning

3. Configure SNMP v3 (Secure Polling)

For environments requiring authentication and encryption, follow these steps:

  1. Set Protocols:
     
    snmp.set --authentication SHA1
# Note: Use AES128 for privacy/encryption
snmp.set --privacy AES128
  2. Generate Security Hashes: Create two text files containing your authentication and privacy passwords, then run:
     
    snmp.hash --auth_hash /path/to/auth_password.txt --priv_hash /path/to/priv_password.txt
    Note: Securely delete these text files after generating the hashes.
  3. Apply User Configuration: Use the hashes generated in the previous step to define the user.
     
    snmp.set --user <userid>/<auth_hash>/<priv_hash>/priv

4. Enable and Verify the Agent

  1. Enable the SNMP service:
     
    snmp.enable
  2. Verify the configuration: Ensure the Enable status is True and the EngineID is generated.
    bash
     
    snmp.get
  3. Test the configuration: This command sends a test trap to the configured targets to confirm end-to-end connectivity.
    bash
     
    snmp.test

Note: If you need to clear all settings and start over, use the snmp.reset command.

Additional Information

Monitoring VCSA using SNMP

Powered by Wolken Software