For VMware hosts, you can enable SNMPv3 using the steps below. You’ll need CLI access to the host.
- Setting authentication and privacy protocols
- Generating authentication and privacy hashes
- Creating a user
- Enabling SNMP and test your configuration
Setting authentication and privacy protocols
Run the `esxcli system snmp set` command with the `--authentication` option to configure authentication. To set the default authentication protocol, the command options are `-a|--authentication=<str>`. Values: none, MD5, SHA1
Likewise, use the `esxcli system snmp set` command with the `--privacy` option to configure privacy. To set the default privacy protocol, the command options are `-x|--privacy=<str>`. Values: none, AES128
For example, if I want to set authentication to SHA and privacy to AES128:
esxcli system snmp set -a=SHA1
esxcli system snmp set -x=AES128
Generating authentication and privacy hashes
If you’re using authentication or privacy, set the authentication and privacy passphrases for users you want to set up and get their corresponding hash values by running the `esxcli system snmp hash command` with the `--auth-hash` and `--priv-hash` flags.
For example:
esxcli system snmp hash --auth-hash SHAsecret --priv-hash AESsecret --raw-secret
“SHAsecret” and “AESsecret” are used as examples only. Note that the passphrases you configure here will need to be entered as part of your SNMPv3 credentials in Auvik.
The output to the command above should look like this:
Authhash: f968ee1a4dbef4493e39351651ac01088bb23bbd
Privhash: 5ad72cc141fffaba8ece49ed151377bb0837ac02
You'll need those hash values for the next step.
Creating a user
Configure the user by running the `esxcli system snmp set` command with the `--users` flag. The syntax is shown below:
esxcli system snmp set --users userid/authhash/privhash/security
The command accepts the following parameters:
As an example, the command below will define the username (userid “Auvikadmin” is an example only) and associate it with the hash values obtained in the previous step:
esxcli system snmp set --users Auvikadmin/f968ee1a4dbef4493e39351651ac01088bb23bbd/5ad72cc141fffaba8ece49ed151377bb0837ac02/priv
Enabling SNMP and test your configuration
Enable SNMP by using the following command:
esxcli system snmp set -e yes
Once you are done, you can test the configuration by running the command below.
esxcli system snmp test -u=<username> -A=<SHAsecret> -X=<AESsecret> -r
The output should look like this and confirms the user has been validated correctly.
Comments:
Testing SNMPv3 user 'Auvikadmin'
User validated correctly for given engine id and security level: authPriv
To see a summary of your SNMP configuration, enter:
esxcli system snmp get
The output should be something like:
[root@Unknown:~] esxcli system snmp get
Authentication: SHA1
Communities:
Enable: false
Engineid: 00000063000000a100000000
Hwsrc: indications
Largestorage: true
Loglevel: info
Notraps:
Port: 161
Privacy: AES128
Remoteusers:
Syscontact:
Syslocation:
Targets:
Users: Auvikadmin/f968ee1a4dbef4493e39351651ac01088bb23bbd/5ad72cc141fffaba8ece49ed151377bb0837ac02/priv
V3targets:
You're done on the ESXi host side! Now add the new SNMPv3 credentials in Auvik, as shown here.