You can configure up to 5 users who can access SNMP v3 information. User names must be no more than 32 characters long.
While configuring a user, you generate authentication and privacy hash values based on the user's authentication and privacy passwords and the SNMP agent's engine ID. If you change the engine ID, the authentication protocol, or the privacy protocol after configuring users, the users are no longer valid and must be reconfigured.
If you run ESXCLI commands through vCLI, you must supply connection options that specify the target host and login credentials. If you use ESXCLI commands directly on a host using the ESXi Shell, you can use the commands as given without specifying connection options. For more information on connection options see vSphere Command-Line Interface Concepts and Examples.
Procedure
- If you are using authentication or privacy, get the authentication and privacy hash values for the user by running the esxcli system snmp hash command with the --auth-hash and --priv-hash flags.
For example, run the following command:
esxcli system snmp hash --auth-hash secret1 --priv-hash secret2
Here,
secret1 is the path to the file containing the user's authentication password and
secret2 is the path to the file containing the user's privacy password.
Alternatively, you can pass the --raw-secret flag and specify the passwords directly on the command line.
For example, you can run the following command:
esxcli system snmp hash --auth-hash authsecret --priv-hash privsecret --raw-secret
The produced output might be the following:
Authhash: 08248c6eb8b333e75a29ca0af06b224faa7d22d6
Privhash: 232ba5cbe8c55b8f979455d3c9ca8b48812adb97
The authentication and privacy hash values are displayed.
- Configure the user by running the esxcli system snmp set command with the --users flag.
For example, you can run the following command:
esxcli system snmp set --users userid/authhash/privhash/security
The command accepts the following parameters:
Parameter |
Description |
userid |
The user name. |
authhash |
The authentication hash value. |
privhash |
The privacy hash value. |
security |
The level of security enabled for that user, which can be auth (for authentication only), priv (for authentication and privacy), or none (for no authentication or privacy). |
For example, run the following command to configure user1 for access with authentication and privacy:
esxcli system snmp set --users user1/08248c6eb8b333e75a29ca0af06b224faa7d22d6/
232ba5cbe8c55b8f979455d3c9ca8b48812adb97/priv
You must run the following command to configure user2 for access with no authentication or privacy:
esxcli system snmp set --users user2/-/-/none
- (Optional) Test the user configuration by running the following command:
esxcli system snmp test --users username --auth-hash secret1 --priv-hash secret2
If the configuration is correct, this command returns the following message: "User
username validated correctly using engine id and security level:
protocols". Here,
protocols indicates the security protocols configured.