You can configure up to 5 users who can access SNMP v3 information. User names must be no more than 32 characters long.

While configuring a user, you generate authentication and privacy hash values based on the user's authentication and privacy passwords and the SNMP agent's engine ID. If you change the engine ID, the authentication protocol, or the privacy protocol after configuring users, the users are no longer valid and must be reconfigured.

If you run ESXCLI commands through vCLI, you must supply connection options that specify the target host and login credentials. If you use ESXCLI commands directly on a host using the ESXi Shell, you can use the commands as given without specifying connection options. For more information on connection options see vSphere Command-Line Interface Concepts and Examples.

Prerequisites

  • Verify that you have configured the authentication and privacy protocols before configuring users.
  • Verify that you know the authentication and privacy passwords for each user you plan to configure. Passwords must be at least 7 characters long. Store these passwords in files on the host system.
  • Configure the ESXi SNMP agent by using the ESXCLI commands. See Getting Started with vSphere Command-Line Interfaces for more information on how to use ESXCLI.

Procedure

  1. If you are using authentication or privacy, get the authentication and privacy hash values for the user by running the esxcli system snmp hash command with the --auth-hash and --priv-hash flags.
    For example, run the following command:
    esxcli system snmp hash --auth-hash secret1 --priv-hash secret2
    Here, secret1 is the path to the file containing the user's authentication password and secret2 is the path to the file containing the user's privacy password.

    Alternatively, you can pass the --raw-secret flag and specify the passwords directly on the command line.

    For example, you can run the following command:
    esxcli system snmp hash --auth-hash authsecret --priv-hash privsecret --raw-secret
    The produced output might be the following:
    Authhash: 08248c6eb8b333e75a29ca0af06b224faa7d22d6
    Privhash: 232ba5cbe8c55b8f979455d3c9ca8b48812adb97
    The authentication and privacy hash values are displayed.
  2. Configure the user by running the esxcli system snmp set command with the --users flag.
    For example, you can run the following command:
    esxcli system snmp set --users userid/authhash/privhash/security
    The command accepts the following parameters:
    Parameter Description
    userid The user name.
    authhash The authentication hash value.
    privhash The privacy hash value.
    security The level of security enabled for that user, which can be auth (for authentication only), priv (for authentication and privacy), or none (for no authentication or privacy).
    For example, run the following command to configure user1 for access with authentication and privacy:
    esxcli system snmp set --users user1/08248c6eb8b333e75a29ca0af06b224faa7d22d6/
    232ba5cbe8c55b8f979455d3c9ca8b48812adb97/priv
    You must run the following command to configure user2 for access with no authentication or privacy:
    esxcli system snmp set --users user2/-/-/none
  3. (Optional) Test the user configuration by running the following command:
    esxcli system snmp test --users username --auth-hash secret1 --priv-hash secret2
    If the configuration is correct, this command returns the following message: "User username validated correctly using engine id and security level: protocols". Here, protocols indicates the security protocols configured.