How to configure SNMPv3 on the vCenter
search cancel

How to configure SNMPv3 on the vCenter

book

Article ID: 382878

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

The SNMP Version 3 feature provides secure access to devices by authenticating and encrypting data packets over the network.In a use case scenario, this can be utilized by monitoring tools like SolarWinds to receive the information as a TRAP.

Environment

vCenter 8.x. 7.x 

Resolution

Prerequisites:

  • There should be a user account created on the host server( Monitoring Server or any another device where TRAP has to be transferred) that will receive the SNMPv3 trap from the vCenter. To configure the user on vCenter , we need the following details about the account:
    • User name
    • Authorization password
    • Authorization type: Here, the protocol must be either none (for no authentication), SHA1, or MD5.
    • Privacy password
    • Privacy protocol: Here, the protocol must be either none (for no privacy) or AES128

 

  • Port number: The port on which the host (Monitoring Server or any another device where TRAP has to be transferred) will receive the SNMP trap.
  • FQDN or IP of the server(Monitoring Server or any another device where TRAP has to be transferred).

 

Once we have the above information, we will go to the vCenter and connect via PuTTY.

 

Note: The SNMP utility works only with the command line and doesn't work with the shell.

If the default is shell, please switch to command by running the following:

/bin/appliancesh
 
 
  • Once logged in, check the status of the SNMP service by running the following command:
 
         snmp.get
 
 
  • If SNMP is disabled, enable it by running the following command:
 
         snmp.enable
 
 
  • Once SNMP is enabled, you should be able to see the engine ID after running the snmp.get command
 
  • Set the authentication and privacy protocol by running the following commands:
 
         snmp.set --authentication SHA1/none/md5
         snmp.set --privacy aes128/none
 
 

Next step is configuring the user from the host server on the vCenter.

  • You need to generate an authentication hash and privacy hash.
  • Create two files containing the authentication password and the privacy password on the vCenter. Let's say two files are created, named secret1 and secret2, located at /usr/lib.
  • Run the following command:

         snmp.hash --auth_hash /usr/lib/secret1 --priv_hash /usr/lib/secret2

      * Please note that name of the file and location can be different. 

  • You should get an output similar to the following. Make a note of it. 

            Authhash: 08248c6eb8b333e75a29ca0af06b224faa7d22d6             
            Privhash: 232ba5cbe8c55b8f979455d3c9ca8b48812adb97

 

  • Configure the user by running the following command:

           snmp.set --user userid/authhash/privhash/security

           Where:

  • userid is the username from the host.
  • authhash and privhash are the hashes generated above.
  • security is the level of security enabled for that user, which can be:
    • auth for authentication only.
    • priv for authentication and privacy.
    • none for no authentication or privacy.

 

 

Next,

  • configure the SNMP target by running the following command:

           snmp.set --v3targets hostname@port/userid/secLevel/trap

 

  • You can test SNMP by running the following command:

          snmp.test

 

 

 
 
Powered by Wolken Software