Configure SNMP v3 targets to allow the ESXi SNMP agent to send SNMP v3 traps and informs.
SNMP v3 allows for sending both traps and informs. An inform message is a type of a message that the sender resends a maximum of three times. The sender waits for 5 seconds between each attempt, unless the message is acknowledged by the receiver.
You can configure a maximum of three SNMP v3 targets, in addition to a maximum of three SNMP v1/v2c targets.
To configure a target, you must specify a hostname or IP address of the system that receives the traps or informs, a user name, a security level, and whether to send traps or informs. The security level can be either none (for no security), auth (for authentication only), or priv (for authentication and privacy).
If you run ESXCLI commands through vCLI, you must supply connection options that specify the target host and login credentials. If you use ESXCLI commands directly on a host using the ESXi Shell, you can use the commands as given without specifying connection options. For more information on connection options see vSphere Command-Line Interface Concepts and Examples.
Prerequisites
-
Ensure that the users who access the traps or informs are configured as SNMP users for both the ESXi SNMP agent and the target management system.
- If you are configuring informs, you need the engine ID for the SNMP agent on the remote system that receives the inform message.
-
Configure the ESXi SNMP agent by using the ESXCLI commands. See Getting Started with vSphere Command-Line Interfaces for more information on how to use ESXCLI.
Procedure
- (Optional) If you are configuring informs, configure the remote users by running the esxcli system snmp set command with the --remote-users option.
For example, run the following command:
esxcli system snmp set --remote-users userid/auth-protocol/auth-hash/priv-protocol/priv-hash/engine-id
The command accepts the following parameters:
Parameter |
Description |
userid |
The user name. |
auth-protocol |
The authentication protocol, none (for no authentication), MD5, or SHA1. |
auth-hash |
The authentication hash or - if the authentication protocol is none. |
priv-protocol |
The privacy protocol, AES128, or none. |
priv-hash |
The privacy hash, or - if the privacy protocol is none. |
engine-id |
The engine ID of the SNMP agent on the remote system that receives the inform message. |
- Run the esxcli system snmp set command with the --v3targets option.
For example, run the following command:
esxcli system snmp set --v3targets hostname@port/userid/secLevel/message-type
The parameters of the command are as follows.
Parameter |
Description |
hostname |
The host name or IP address of the management system that receives the traps or informs. |
port |
The port on the management system that receives the traps or informs. If you do not specify a port, the default port, 162, is used. |
userid |
The user name. |
secLevel |
The level of authentication and privacy you have configured. Use auth if you have configured authentication only, priv if you have configured both authentication and privacy, and none if you have configured neither. |
message-type |
The type of the messages received by the management system. Use trap or inform. |
- (Optional) If the ESXi SNMP agent is not enabled, run the following command:
esxcli system snmp set --enable true
- (Optional) Send a test notification to verify that the agent is configured correctly by running the esxcli system snmp test command.
The agent sends a
warmStart notification to the configured target.