Before configuring remote users on the ESXi SNMP agent, you must first configure these users in the SNMP client software that will receive the informs from the ESXi agent. See Configuring SNMPv3 inform users in SNMP clinet software.

Configuring remote users requires using the esxcli command-line interface. For more information, see Getting Started with vSphere Command-Line Interfaces.

VMware vSphere ESXi 5.x
VMware vSphere ESXi 6.x
VMware vSphere ESXi 7.x

To configure remote users in the ESXi SNMP agent:

1. Determine the engine ID of the SNMP client application.
   You can do this by examining what is sent back from the ESXi SNMP agent in the /var/log/syslog.log file or by other means.
2. From the ESXi command line, enable the SNMP agent by typing esxcli system snmp set -r -e 1 -l debug.
3. Determine and note down the engine ID of the SNMP agent by typing esxcli system snmp get.
   The command displays the following information:
   Authentication:
   Communities:
   Enable: true
   Engineid: 00000063000000a10a70a977 # Generated EngineID of ESXi SNMP Agent
   Hwsrc: indications
   Loglevel: debug
   Notraps:
   Port: 161
   Privacy:
   Remoteusers:
   Syscontact:
   Syslocation:
   Targets:
   Users:
   V3targets:
4. Temporarily assign the remote engine ID of the SNMP client application by typing esxcli system snmp set -E remote-engine-ID.
   
   remote-engine-ID is the engine ID for the SNMP client application that you determined in step 1. For example, if the engine ID of the remote client is E80001f880430783031323334, you would type:
   esxcli system snmp set -E 80001f880430783031323334
5. Set the authentication protocol by typing esxcli system snmp set -a auth-proto -x AES128.
   auth-proto is either MD5 or SHA1.
6. Generate the hash using the authentication password and privacy password by typing esxcli system snmp hash -A auth-key -X priv-key -r.
   The command displays the authentication and privacy hashes. For example:
   Authhash: 0283a199a828b5106caa0c439b78a4be
   Privhash: 1e9ea5ce85d6dc49878c2597642009d5
7. Set the engine ID back to the initial value defined by ESXi as determined in step 2 by typing esxcli system snmp set -E local-engine-ID.
   For example: esxcli system snmp set -E 00000063000000a10a70a977
8. Configure the remote user by typing esxcli system snmp set –R username/auth-protocol/auth-hash/priv-protocol/priv-hash/remote-engine-ID.
   
   For example:
   
   To configure user1 with no authentication and no privacy, type:
   esxcli system snmp set -R user1/none/-/none/-/80001f880430783031323334
   To configure user2 with authorization, but no privacy, type:
   esxcli system snmp set –R user2/MD5/0283a199a828b5106caa0c439b78a4be/none/-/80001f880430783031323334
   To configure user3 with authorization and privacy, type:
   esxcli system snmp set –R user3/MD5/0283a199a828b5106caa0c439b78a4be/AES128/1e9ea5ce85d6dc49878c2597642009d5/80001f880430783031323334
9. Create SNMPv3 inform targets by typing esxcli system snmp set -i hostname@port/userid/secLevel/inform.
   For example, to create a target for user1 with no authentication or privacy on the host 10.112.170.205, type:
   esxcli system snmp set -i 10.112.170.205@2262/user1/none/inform
   To create a target for user2 with authentication but no privacy, type:
   esxcli system snmp set –i 10.112.170.205@2263/user2/auth/inform
   To create a target for user3 with authentication and privacy, type:
   esxcli system snmp set –i 10.112.170.205@2264/user3/priv/inform

SNMP inform test

After you have configured the SNMP agent for informs, test the configuration by typing esxcli system snmp test.

The SNMP client software should receive a notification similar to the following:

2012-07-05 14:09:19 <UNKNOWN> [UDP: [10.112.169.119]:57878->[10.112.170.205]:2264]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (9100) 0:01:31.00 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.6876.4.90.0.401 SNMPv2-SMI::enterprises.6876.4.30.3.0 = Hex-STRING: 07 DC 07 05 09 02 21 00

For more information on how to verify that SNMPv3 is configured properly, see ESXi SNMP agent log entries for informs.