Configure SNMP v3 targets to allow the ESXi SNMP agent to send SNMP v3 traps and informs.

SNMP v3 allows for sending both traps and informs. An inform is a message that the sender will resend a maximum of three times, waiting 5 seconds between each attempt, unless the message is acknowledged by the receiver.

You can configure a maximum of three SNMP v3 targets, in addition to a maximum of three SNMP v1/v2c targets.

To configure a target, you must specify a hostname or IP address of the system that will receive the traps or informs, a user name, a security level, and whether to send traps or informs. The security level can be either none (for no security), auth (for authentication only), or priv (for authentication and privacy).

If you run ESXCLI commands through vCLI, you must supply connection options that specify the target host and login credentials. If you use ESXCLI commands directly on a host using the ESXi Shell, you can use the commands as given without specifying connection options. For more information on connection options see vSphere Command-Line Interface Concepts and Examples.

Ensure that the users who will access the traps or informs are configured as SNMP users for both the ESXi SNMP agent and the target management system.

If you are configuring informs, you need the engine ID for the SNMP agent on the remote system that will receive the informs.

Configure the ESXi SNMP agent by using the ESXCLI commands. See Getting Started with vSphere Command-Line Interfaces for more information on how to use ESXCLI.

1

(Optional) If you are configuring informs, configure the remote users by running the esxcli system snmp set command with the --remote-users option.

For example, run the following command:

esxcli system snmp set --remote-users userid/auth-protocol/auth-hash/priv-protocol/priv-hash/engine-id

The command accepts the following parameters:

Parameter

Description

userid

The user name.

auth-protocol

The authentication protocol, none (for no authentication), MD5, or SHA1.

auth-hash

The authentication hash or - if the authentication protocol is none.

priv-protocol

The privacy protocol, AES128 or none.

priv-hash

The privacy hash, or - if the privacy protocol is none.

engine-id

The engine ID of the SNMP agent on the remote system that will receive the informs.

2

Run the esxcli system snmp set command with the --v3targets option.

For example, run the following command:

esxcli system snmp set --v3targets hostname@port/userid/secLevel/message-type

The parameters of the command are as follows.

Parameter

Description

hostname

The host name or IP address of the management system that will receive the traps or informs.

port

The port on the management system that will receive the traps or informs. If you do not specify a port, the default port, 162, is used.

userid

The user name.

secLevel

The level of authentication and privacy you have configured. Use auth if you have configured authentication only, priv if you have configured both authentication and privacy, and none if you have configured neither.

message-type

The type of the messages received by the management system. Use trap or inform.

3

(Optional) If the ESXi SNMP agent is not enabled, run the following command:

esxcli system snmp set --enable true
4

(Optional) Send a test notification to verify that the agent is configured correctly by running the esxcli system snmp test command.

The agent sends a warmStart notification to the configured target.