You can configure up to 5 users who can access SNMP v3 information. Usernames must be no more than 32 characters long.
About this task
As part of configuring a user, you generate authentication and privacy hash values based on the user's authentication and privacy passwords and the SNMP agent's engine ID. If you change the engine ID, the authentication protocol, or the privacy protocol after configuring users, the users are no longer valid and you must reconfigure them.
If you use ESXCLI commands through vCLI, you must supply connection options that specify the target host and login credentials. If you use ESXCLI commands directly on a host using the ESXi Shell, you can use the commands as given without specifying connection options. For more information on connection options see vSphere Command-Line Interface Concepts and Examples.
Configure the authentication and privacy protocols before configuring users.
Determine the authentication and privacy passwords for each user you will configure. Passwords must be a minimum of 7 characters long. VMware recommends storing these passwords in files on the host system.
SNMP configuration for ESXi requires the ESXCLI command set. See Getting Started with vSphere Command-Line Interfaces for more information on how to access ESXCLI.
- If you are using authentication or authentication and privacy, get the authentication and privacy hash values for the user by typing esxcli system snmp hash --auth-hash secret1 --priv-hash secret2.
Replace secret1 with the path to the file containing the user's authentication password and secret2 with the path to the file containing the user's privacy password.
Alternatively, you can specify the flag --raw-secret and specify the passwords directly on the command line.
For example, typing esxcli system snmp hash --auth-hash authsecret --priv-hash privsecret --raw-secret might produce the following output:
Authhash: 08248c6eb8b333e75a29ca0af06b224faa7d22d6 Privhash: 232ba5cbe8c55b8f979455d3c9ca8b48812adb97
The authentication and privacy hash values are displayed.
- Configure the user by typing esxcli system snmp set --users userid/authhash/privhash/security.
Replace the parameters in the above command as follows.
Replace with the user name.
Replace with the authentication hash value.
Replace with the privacy hash value.
Replace with the level of security enabled for that user, which can be auth (for authentication only), priv (for authentication and privacy), or none (for no authentication or privacy).
For example: To configure user1 for access with authentication and privacy, you might type esxcli system snmp set --users user1/08248c6eb8b333e75a29ca0af06b224faa7d22d6/232ba5cbe8c55b8f979455d3c9ca8b48812adb97/priv. To configure user2 for access with no authentication or privacy, you might type esxcli system snmp set --users user2/-/-/none.
- (Optional) Test the user configuration by typing esxcli system snmp test --users username --auth-hash secret1 --priv-hash secret2.
If the configuration is correct, this command returns the message, "User username validated correctly using engine id and security level: protocols," where protocols indicates the security protocols configured.