How can we help?

How to enable SNMPv3 on VMware ESXi

Follow

For VMware hosts, you can enable SNMPv3 using the steps below. You’ll need CLI access to the host.

Setting authentication and privacy protocols

Run the `esxcli system snmp set` command with the `--authentication` option to configure authentication. To set the default authentication protocol, the command options are  `-a|--authentication=<str>`. Values: none, MD5, SHA1

Likewise, use the `esxcli system snmp set` command with the `--privacy` option to configure privacy. To set the default privacy protocol, the command options are `-x|--privacy=<str>`. Values: none, AES128

For example, if I want to set authentication to SHA and privacy to AES128: 

esxcli system snmp set -a=SHA1
esxcli system snmp set -x=AES128

Generating authentication and privacy hashes

If you’re using authentication or privacy, set the authentication and privacy passphrases for users you want to set up and get their corresponding hash values by running the `esxcli system snmp hash command` with the `--auth-hash` and `--priv-hash` flags.

For example:

esxcli system snmp hash --auth-hash SHAsecret --priv-hash AESsecret --raw-secret

“SHAsecret” and “AESsecret” are used as examples only. Note that the passphrases you configure here will need to be entered as part of your SNMPv3 credentials in Auvik.  

The output to the command above should look like this:

Authhash: f968ee1a4dbef4493e39351651ac01088bb23bbd
Privhash: 5ad72cc141fffaba8ece49ed151377bb0837ac02

You'll need those hash values for the next step.

Creating a user

Configure the user by running the `esxcli system snmp set` command with the `--users` flag. The syntax is shown below:

esxcli system snmp set --users userid/authhash/privhash/security

The command accepts the following parameters:

Screen_Shot_2021-01-27_at_11.30.15_PM.png

As an example, the command below will define the username (userid “Auvikadmin” is an example only) and associate it with the hash values obtained in the previous step:

esxcli system snmp set --users Auvikadmin/f968ee1a4dbef4493e39351651ac01088bb23bbd/5ad72cc141fffaba8ece49ed151377bb0837ac02/priv

Enabling SNMP and test your configuration

Enable SNMP by using the following command:

esxcli system snmp set -e yes

Once you are done, you can test the configuration by running the command below.

esxcli system snmp test -u=<username> -A=<SHAsecret> -X=<AESsecret> -r

The output should look like this and confirms the user has been validated correctly.

Comments:
Testing SNMPv3 user 'Auvikadmin'
User validated correctly for given engine id and security level: authPriv

To see a summary of your SNMP configuration, enter:

esxcli system snmp get

The output should be something like:

[root@Unknown:~] esxcli system snmp get
Authentication: SHA1
Communities:
Enable: false
Engineid: 00000063000000a100000000
Hwsrc: indications
Largestorage: true
Loglevel: info
Notraps:
Port: 161
Privacy: AES128
Remoteusers:
Syscontact:
Syslocation:
Targets:
Users: Auvikadmin/f968ee1a4dbef4493e39351651ac01088bb23bbd/5ad72cc141fffaba8ece49ed151377bb0837ac02/priv
V3targets:

You're done on the ESXi host side! Now add the new SNMPv3 credentials in Auvik, as shown here.

Was this article helpful?
3 out of 4 found this helpful
Have more questions? Submit a request