To access the new SNMP namespace in ESXCLI, you just need to run the following command: esxcli system snmp
Note: ESXCLI is available in both the ESXi Shell as well as remotely via vCLI 5.1 or through PowerCLI’s Get-EsxCli cmdlet. You will also need to be running ESXi 5.1 to see the new SNMP namespace.We have a very thorough walk through of SNMP v1, v2c, and v3 configurations using ESXCLI in our documentation which can be found here, but I thought I quickly show you how easy it is to configure both a SNMP v1/v2c and v3 for your ESXi hosts.
SNMP v1 Configurations:
There are 4 steps:- Set the community string
- Set the SNMP target which includes the port and the community string
- Enable SNMP service on the ESXi host
- Validate SNMP configuration by performing a test operation
esxcli system snmp set –communities publicAnother way you can check to ensure you can reach the ESXi host from your SNMP target system is by using the snmpwalk utility which is available on most UNIX/Linux systems. Run the following command which requires you to specify the SNMP version, the community string and the hostname or IP Address of the ESXi host:
esxcli system snmp set --targets esxi-host.local@161/public
esxcli system snmp set --enable true
esxcli system snmp test
snmpwalk -v1 -c public esxi-hostIf the command was successful, then you should see a huge list of SNMP data being returned from the ESXi hosts.
SNMP v2c Configurations:
SNMP v2c configuration is similar to SNMP v3 configuration but without any authentication or privacy protocols configured.There are 4 steps:
- Set the community string
- Configure an SNMP user and we will use the “-” symbol for no authentication or privacy protocols.
- Set the SNMP target which includes the port and user in our previous step
- Enable SNMP service on the ESXi host
- Validate SNMP configuration by performing a test operation
esxcli system snmp set –c publicAgain, we can verify using the snmpwalk utility just like we did in the v1 example but now we will need to include the username that we had configured. To validate, run the following command:
esxcli system snmp set –users john/-/-/none
esxcli system snmp set –t x.x.x.x@161/community/none/trap
esxcli system snmp set –e true
esxcli system snmp test
snmpwalk -v2c -c public -u john esxi-hostNote: There currently is not an SNMP v2c specific example in the ESXCLI documentation, but we are looking to update the documentation with this example.
SNMP v3 Configurations:
There are 8 steps (not all are applicable):- Set the engine Id (need to convert string to hexidecimal string)
- Set the authentication protocol which either be SHA1, MD5 or none
- Set the privacy protocol which can be AES128 or none
- Generate the authentication and privacy hash from the user supplied passwords if either protocols were enabled. You can either provide a file that has the password or use the -r flag which specifies the raw input password
- Configure an SNMP user and associating the authentication and privacy hash from the previous step
- Set the SNMP target which includes the port and user
- Enable SNMP service on the ESXi host
- Validate SNMP configuration by performing a test operation
esxcli system snmp set –engineid 766d77617265You can also use the snmpwalk utility to query an SNMPv3 host and using the information we supplied earlier to configure SNMP on the ESXi host. To do so, run the following command (you will need to specify the v3 specific flags which includes the username, authentication/privacy password as well as the authentication & privacy protocols):
esxcli system snmp set –authentication SHA1
esxcli system snmp set –privacy AES128
esxcli system snmp hash -r -A secret1234 -X secret5678
esxcli system snmp set –users william/f9f7311379046ebcb5d134439ee5b7754da8a90f/d300f16eec59fb3b7ada7844ff764cbf4641fe5f/priv
esxcli system snmp set –v3targets esxi-host@161/john/priv/trap
esxcli system snmp set –enable true
esxcli system snmp test
snmpwalk -v3 -u john -l AuthPriv -a SHA -A secret1234 -x AES -X secret5678 esxi-host
Now that you know how to configure SNMP settings for a single ESXi host, how do you go about applying this across all your ESXi hosts, say 100 or 10,000? There are several ways which will depend on how your environment is setup. If you are using vCenter Server to centrally manage your ESXi hosts, then you can easily proxy ESXCLI authentication using vCenter Server and you do not need to specify the login credentials to each and every ESXi host. Here is an example of connecting to an ESXi host called esx-1.local which is being managed by vcenter-1.local and we will enable the SNMP test command:
esxcli –server vcenter-1.local –vihost esxi-1.local system –user administrator snmp testNotice, instead of specifying the hostname of the ESXi host we are using the –server flag, to specify the vCenter Server and –vihost to specify the specific ESXi host we would like to operate on. Finally, we will also need to provide the credentials to connect to the vCenter Server.
If you are not using vCenter Server or prefer to connect to each individual ESXi hosts, then you will need to specify the individual credentials to each ESXi host. You also can interact with the ESXCLI interface using PowerCLI if you are more familiar with that by using the Get-EsxCli cmdlet.
In all three options, you simply just need to specify a list of ESXi hosts which can then be read from a flat text file, CSV, etc. and place the ESXCLI commands in a “for” loop which will iterate through the list of ESXi hosts and apply the SNMP configurations.