1. SNMP v3 Trap
The vSphere SNMP Agent added support for SNMP v3 in the vSphere 5.1 release, offering increased security and improved functionality.
SNMP v3 provides stronger security than v1 or v2c, including key authentication and encryption.
Test Configuration
Configuring the vSphere SNMP Agent
Execute the following esxcli commands to configure SNMP v3 for sending traps:
1. To set SNMP Agent configuration to factory defaults
[Optional]esxcli system snmp set –r
# -r option will set agent configuration to factory defaults
2. Enable the SNMP Agent
esxcli system snmp set -e 1
# -e 1/yes/true option will enable SNMP service. –e 0/no/false option will disable SNMP Service
3. Set the log level
esxcli system snmp set -l debug
# will set syslog log level to the highest
4. Set the authentication & Privacy protocols
esxcli system snmp set -a MD5 -x AES128
# Set the Authentication Protocol as SHA1 or MD5 and Privacy Protocol as AES128
5. Generate the hash value using the authentication secret key and privacy secret key
esxcli system snmp hash -A auth-secret -X priv-secret -r
Authhash: fe5021cc524a3f014100e0855bbc71ab
Privhash: ebc97f27893ae4c0e443063960cb5650
# Generate the hash using Authorization Password and Privacy Password
6. Set the users
esxcli system snmp set -u user1/-/-/none,
user2/fe5021cc524a3f014100e0855bbc71ab/-/auth, user3/fe5021cc524a3f014100e0855bbc71ab/ebc97f27893ae4c0e443063960cb5650/priv
# Configuring the local user for NoAuthNoPriv, authNoPriv, authPriv using –u option
7. Set the trap targets
esxcli system snmp set -i 192.168.0.200@1212/user1/none/trap, 192.168.0.200@1313/user2/auth/trap, 192.168.0.200@1414/user3/priv/trap
# Creating V3 trap targets
Result
Expected Result from SNMP Client
‘Esxcli system snmp test’ command results in a trap in the SNMP Client.
For example:
Expected Result from syslog.log
The following information is logged in /var/log/syslog.log when executing SNMP trap test:
2013-05-21T07:20:17Z snmpd: snmpd: Sending warmStart notification at operator request
2013-05-21T07:20:17Z snmpd: snmpd: SendToIpTransport: sendto(fd=6, length=150) rc = 150
2013-05-21T07:20:17Z snmpd: snmpd: Sr_send_trap_ctx: trap pdu sent to '192.168.0.200:1414' size=150 bytes
Expected Result from tcpdump
The following tcpdump information is logged when executing SNMP trap test:
~ # tcpdump-uw -v -i vmk0 -n -T snmp udp and port 1414
tcpdump-uw: listening on vmk0, link-type EN10MB (Ethernet), capture size 96 bytes
07:20:17.812837 IP truncated-ip - 96 bytes missing! (tos 0x0, ttl 64, id 56778, offset 0, flags [none], proto UDP (17), length 178)
- 192.168.0.1.13549 > 192.168.0.200.1414: { SNMPv3 { F=ap } { USM B=0 T=0 U=user3 [|snmp]} { ScopedPDU [|snmp]} }
Expected Result from Wireshark
The following information is delivered at the wireshark monitor when executing SNMP trap test: