Configure SNMP v3 targets to allow the ESXi SNMP agent to send SNMP v3 traps and informs.

Before you begin

  • Ensure that the users who will access the traps or informs are configured as SNMP users for both the ESXi SNMP agent and the target management system.

  • If you are configuring informs, you need the engine ID for the SNMP agent on the remote system that will receive the informs.

  • SNMP configuration for ESXi requires the ESXCLI command set. See Getting Started with vSphere Command-Line Interfaces for more information on how to access ESXCLI.

About this task

SNMP v3 allows for sending both traps and informs. An inform is a message that the sender will resend a maximum of three times, waiting 5 seconds between each attempt, unless the message is acknowledged by the receiver.

You can configure a maximum of three SNMP v3 targets, in addition to a maximum of three SNMP v1/v2c targets.

To configure a target, you must specify a hostname or IP address of the system that will receive the traps or informs, a user name, a security level, and whether to send traps or informs. The security level can be either none (for no security), auth (for authentication only), or priv (for authentication and privacy).

If you use ESXCLI commands through vCLI, you must supply connection options that specify the target host and login credentials. If you use ESXCLI commands directly on a host using the ESXi Shell, you can use the commands as given without specifying connection options. For more information on connection options see vSphere Command-Line Interface Concepts and Examples.

Procedure

  1. (Optional) : If you are configuring informs, configure the remote users by typing esxcli system snmp set --remote-users userid/auth-protocol/auth-hash/priv-protocol/priv-hash/engine-id.

    Replace the parameters in the above command as follows.

    Parameter

    Description

    userid

    Replace with the user name.

    auth-protocol

    Replace with the authentication protocol, , none, MD5, or SHA1.

    auth-hash

    Replace with the authentication hash or - if authentication is none.

    priv-protocol

    Replace with the privacy protocol, AES128 or none.

    priv-hash

    Replace with the privacy hash, or - if the privacy protocol is none.

    engine-id

    Replace with the engine ID of the SNMP agent on the remote system that will receive the informs.

  2. Type esxcli system snmp set --v3targets hostname@port/userid/secLevel/message-type.

    Parameter

    Description

    hostname

    Replace with the host name or IP address of the management system that will receive the traps or informs.

    port

    Replace with the port on the management system that will receive the traps or informs. If you do not specify a port, the default port, 162, is used.

    userid

    Replace with the user name.

    secLevel

    Replace with either none, auth, or priv to indicate the level of authentication and privacy you have configured. Use auth if you have configured authentication only, priv if you have configured both authentication and privacy, and none if you have configured neither.

    message-type

    Replace with either trap or inform.

  3. (Optional) : If the SNMP agent is not enabled, enable it by typing esxcli system snmp set --enable true.
  4. (Optional) : Send a test notification to verify that the agent is configured correctly by typing esxcli system snmp test.

    The agent sends a warmStart notification to the configured target.