If SNMP is not properly configured, monitoring information can be sent to a malicious host. The malicious host can then use this information to plan an attack.

ESXi includes an SNMP agent that can send notifications (traps and informs) and receive GET, GETBULK, and GETNEXT requests. SNMP is not activated by default. SNMP must be configured on each ESXi host. You can use ESXCLI, PowerCLI, or the vSphere Web Services SDK for configuration.

See the vSphere Monitoring and Performance documentation for detailed information about configuring SNMP, including SNMP v3. SNMP v3 provides stronger security than SNMP v1 or SNMP v2c, including key authentication and encryption. See ESXCLI Reference for more information about the esxcli system snmp command options.

Procedure

  1. To determine whether SNMP is used, run the following command.
    esxcli system snmp get
  2. To activate SNMP, run the following command.
    esxcli system snmp set --enable true
  3. To deactivate SNMP, run the following command.
    esxcli system snmp set --enable false