본 한국어 번역은 사용자 편의를 위해 제공되는 기계 번역입니다. 영어 버전과 한국어 버전이 서로 어긋나는 경우에는 언제나 영어 버전이 우선합니다.
선택 사항: 스위치에 대해 SNMPv3를 구성합니다
기여자
변경 제안
PDF
SNMP는 스위치를 모니터링하는 데 사용됩니다. 이더넷 스위치 상태 모니터(CSHM)는 SNMP를 사용하여 클러스터 및 스토리지 스위치의 상태와 성능을 모니터링합니다. 기본적으로 SNMPv2c는 RCF(Reference Configuration File)를 통해 자동으로 구성됩니다.
SNMPv3는 인증, 암호화 및 메시지 무결성과 같은 강력한 보안 기능을 도입하여 무단 액세스로부터 보호하고 전송 중 데이터 기밀성과 무결성을 보장하기 때문에 SNMPv2보다 안전합니다.
|
SNMPv3는 ONTAP 9.12.1 이상에서만 지원됩니다. |
CSHM을 지원하는 특정 스위치에 대해 SNMPv3를 구성하려면 다음 절차를 따르십시오.
이 작업에 대해
다음 명령은 * Broadcom *, * Cisco * 및 * NVIDIA * 스위치에서 SNMPv3 사용자 이름을 구성하는 데 사용됩니다.
Broadcom 스위치
Broadcom BES-53248 스위치에서 SNMPv3 사용자 이름 네트워크 운영자를 구성합니다.
-
인증 없음 * 의 경우:
snmp-server user SNMPv3UserNoAuth NETWORK-OPERATOR noauth -
MD5/SHA 인증 * 의 경우:
snmp-server user SNMPv3UserAuth NETWORK-OPERATOR [auth-md5|auth-sha] -
AES/DES 암호화를 사용하는 * MD5/SHA 인증 *:
snmp-server user SNMPv3UserAuthEncrypt NETWORK-OPERATOR [auth-md5|auth-sha] [priv-aes128|priv-des]
다음 명령을 실행하면 ONTAP 측에서 SNMPv3 사용자 이름이 구성됩니다.
security login create -user-or-group-name SNMPv3_USER -application snmp -authentication-method usm -remote-switch-ipaddress ADDRESS다음 명령을 실행하면 CSHM에서 SNMPv3 사용자 이름이 설정됩니다.
cluster1::*> system switch ethernet modify -device DEVICE -snmp-version SNMPv3 -community-or-username SNMPv3_USER단계
-
인증 및 암호화를 사용하도록 스위치에서 SNMPv3 사용자를 설정합니다.
show snmp status(sw1)(Config)# snmp-server user <username> network-admin auth-md5 <password> priv-aes128 <password> (cs1)(Config)# show snmp user snmp Name Group Name Auth Priv Meth Meth Remote Engine ID ----------------- ------------------ ---- ------ ------------------------- <username> network-admin MD5 AES128 8000113d03d8c497710bee -
ONTAP 측에서 SNMPv3 사용자를 설정합니다.
security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212cluster1::*> security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212 Enter the authoritative entity's EngineID [remote EngineID]: Which authentication protocol do you want to choose (none, md5, sha, sha2-256) [none]: md5 Enter the authentication protocol password (minimum 8 characters long): Enter the authentication protocol password again: Which privacy protocol do you want to choose (none, des, aes128) [none]: aes128 Enter privacy protocol password (minimum 8 characters long): Enter privacy protocol password again:
-
새로운 SNMPv3 사용자와 함께 모니터링하도록 CSHM을 구성합니다.
system switch ethernet show-all -device "sw1" -instancecluster1::*> system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instance Device Name: sw1 IP Address: 10.228.136.24 SNMP Version: SNMPv2c Is Discovered: true DEPRECATED-Community String or SNMPv3 Username: - Community String or SNMPv3 Username: cshm1! Model Number: BES-53248 Switch Network: cluster-network Software Version: 3.9.0.2 Reason For Not Monitoring: None <---- should display this if SNMP settings are valid Source Of Switch Version: CDP/ISDP Is Monitored ?: true Serial Number of the Device: QTFCU3826001C RCF Version: v1.8X2 for Cluster/HA/RDMA cluster1::*> cluster1::*> system switch ethernet modify -device "sw1" -snmp-version SNMPv3 -community-or-username <username> -
새로 생성된 SNMPv3 사용자로 쿼리할 일련 번호가 CSHM 폴링 기간이 완료된 후 이전 단계에서 자세히 설명한 일련 번호와 동일한지 확인합니다.
system switch ethernet polling-interval showcluster1::*> system switch ethernet polling-interval show Polling Interval (in minutes): 5 cluster1::*> system switch ethernet show-all -device "sw1" -instance Device Name: sw1 IP Address: 10.228.136.24 SNMP Version: SNMPv3 Is Discovered: true DEPRECATED-Community String or SNMPv3 Username: - Community String or SNMPv3 Username: <username> Model Number: BES-53248 Switch Network: cluster-network Software Version: 3.9.0.2 Reason For Not Monitoring: None <---- should display this if SNMP settings are valid Source Of Switch Version: CDP/ISDP Is Monitored ?: true Serial Number of the Device: QTFCU3826001C RCF Version: v1.8X2 for Cluster/HA/RDMA
Cisco 스위치
Cisco 9336C-FX2 스위치에서 SNMPv3 사용자 이름 SNMPv3_user 구성:
-
인증 없음 * 의 경우:
snmp-server user SNMPv3_USER NoAuth -
MD5/SHA 인증 * 의 경우:
snmp-server user SNMPv3_USER auth [md5|sha] AUTH-PASSWORD -
AES/DES 암호화를 사용하는 * MD5/SHA 인증 *:
snmp-server user SNMPv3_USER AuthEncrypt auth [md5|sha] AUTH-PASSWORD priv aes-128 PRIV-PASSWORD
다음 명령을 실행하면 ONTAP 측에서 SNMPv3 사용자 이름이 구성됩니다.
security login create -user-or-group-name SNMPv3_USER -application snmp -authentication-method usm -remote-switch-ipaddress ADDRESS다음 명령을 실행하면 CSHM에서 SNMPv3 사용자 이름이 설정됩니다.
system switch ethernet modify -device DEVICE -snmp-version SNMPv3 -community-or-username SNMPv3_USER단계
-
인증 및 암호화를 사용하도록 스위치에서 SNMPv3 사용자를 설정합니다.
show snmp user(sw1)(Config)# snmp-server user SNMPv3User auth md5 <auth_password> priv aes-128 <priv_password> (sw1)(Config)# show snmp user ----------------------------------------------------------------------------- SNMP USERS ----------------------------------------------------------------------------- User Auth Priv(enforce) Groups acl_filter ----------------- --------------- --------------- --------------- ----------- admin md5 des(no) network-admin SNMPv3User md5 aes-128(no) network-operator ----------------------------------------------------------------------------- NOTIFICATION TARGET USERS (configured for sending V3 Inform) ----------------------------------------------------------------------------- User Auth Priv ----------------- ------------------ ------------ (sw1)(Config)# -
ONTAP 측에서 SNMPv3 사용자를 설정합니다.
security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212cluster1::*> system switch ethernet modify -device "sw1 (b8:59:9f:09:7c:22)" -is-monitoring-enabled-admin true cluster1::*> security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212 Enter the authoritative entity's EngineID [remote EngineID]: Which authentication protocol do you want to choose (none, md5, sha, sha2-256) [none]: md5 Enter the authentication protocol password (minimum 8 characters long): Enter the authentication protocol password again: Which privacy protocol do you want to choose (none, des, aes128) [none]: aes128 Enter privacy protocol password (minimum 8 characters long): Enter privacy protocol password again:
-
새로운 SNMPv3 사용자와 함께 모니터링하도록 CSHM을 구성합니다.
system switch ethernet show-all -device "sw1" -instancecluster1::*> system switch ethernet show-all -device "sw1" -instance Device Name: sw1 IP Address: 10.231.80.212 SNMP Version: SNMPv2c Is Discovered: true SNMPv2c Community String or SNMPv3 Username: cshm1! Model Number: N9K-C9336C-FX2 Switch Network: cluster-network Software Version: Cisco Nexus Operating System (NX-OS) Software, Version 9.3(7) Reason For Not Monitoring: None <---- displays when SNMP settings are valid Source Of Switch Version: CDP/ISDP Is Monitored ?: true Serial Number of the Device: QTFCU3826001C RCF Version: v1.8X2 for Cluster/HA/RDMA cluster1::*> cluster1::*> system switch ethernet modify -device "sw1" -snmp-version SNMPv3 -community-or-username <username> cluster1::*> -
새로 생성된 SNMPv3 사용자로 쿼리할 일련 번호가 CSHM 폴링 기간이 완료된 후 이전 단계에서 자세히 설명한 일련 번호와 동일한지 확인합니다.
system switch ethernet polling-interval showcluster1::*> system switch ethernet polling-interval show Polling Interval (in minutes): 5 cluster1::*> system switch ethernet show-all -device "sw1" -instance Device Name: sw1 IP Address: 10.231.80.212 SNMP Version: SNMPv3 Is Discovered: true SNMPv2c Community String or SNMPv3 Username: SNMPv3User Model Number: N9K-C9336C-FX2 Switch Network: cluster-network Software Version: Cisco Nexus Operating System (NX-OS) Software, Version 9.3(7) Reason For Not Monitoring: None <---- displays when SNMP settings are valid Source Of Switch Version: CDP/ISDP Is Monitored ?: true Serial Number of the Device: QTFCU3826001C RCF Version: v1.8X2 for Cluster/HA/RDMA cluster1::*>
NVIDIA - CLI 5.4
CLI 5.4를 실행하는 NVIDIA SN2100 스위치에서 SNMPv3 사용자 이름 SNMPv3_user 구성:
-
인증 없음 * 의 경우:
net add snmp-server username SNMPv3_USER auth-none -
MD5/SHA 인증 * 의 경우:
net add snmp-server username SNMPv3_USER [auth-md5|auth-sha] AUTH-PASSWORD -
AES/DES 암호화를 사용하는 * MD5/SHA 인증 *:
net add snmp-server username SNMPv3_USER [auth-md5|auth-sha] AUTH-PASSWORD [encrypt-aes|encrypt-des] PRIV-PASSWORD
다음 명령을 실행하면 ONTAP 측에서 SNMPv3 사용자 이름이 구성됩니다.
security login create -user-or-group-name SNMPv3_USER -application snmp -authentication-method usm -remote-switch-ipaddress ADDRESS다음 명령을 실행하면 CSHM에서 SNMPv3 사용자 이름이 설정됩니다.
system switch ethernet modify -device DEVICE -snmp-version SNMPv3 -community-or-username SNMPv3_USER단계
-
인증 및 암호화를 사용하도록 스위치에서 SNMPv3 사용자를 설정합니다.
net show snmp statuscumulus@sw1:~$ net show snmp status Simple Network Management Protocol (SNMP) Daemon. --------------------------------- ---------------- Current Status active (running) Reload Status enabled Listening IP Addresses all vrf mgmt Main snmpd PID 4318 Version 1 and 2c Community String Configured Version 3 Usernames Not Configured --------------------------------- ---------------- cumulus@sw1:~$ cumulus@sw1:~$ net add snmp-server username SNMPv3User auth-md5 <password> encrypt-aes <password> cumulus@sw1:~$ net commit --- /etc/snmp/snmpd.conf 2020-08-02 21:09:34.686949282 +0000 +++ /run/nclu/snmp/snmpd.conf 2020-08-11 00:13:51.826126655 +0000 @@ -1,26 +1,28 @@ # Auto-generated config file: do not edit. # agentaddress udp:@mgmt:161 agentxperms 777 777 snmp snmp agentxsocket /var/agentx/master createuser _snmptrapusernameX +createuser SNMPv3User MD5 <password> AES <password> ifmib_max_num_ifaces 500 iquerysecname _snmptrapusernameX master agentx monitor -r 60 -o laNames -o laErrMessage "laTable" laErrorFlag != 0 pass -p 10 1.3.6.1.2.1.1.1 /usr/share/snmp/sysDescr_pass.py pass_persist 1.2.840.10006.300.43 /usr/share/snmp/ieee8023_lag_pp.py pass_persist 1.3.6.1.2.1.17 /usr/share/snmp/bridge_pp.py pass_persist 1.3.6.1.2.1.31.1.1.1.18 /usr/share/snmp/snmpifAlias_pp.py pass_persist 1.3.6.1.2.1.47 /usr/share/snmp/entity_pp.py pass_persist 1.3.6.1.2.1.99 /usr/share/snmp/entity_sensor_pp.py pass_persist 1.3.6.1.4.1.40310.1 /usr/share/snmp/resq_pp.py pass_persist 1.3.6.1.4.1.40310.2 /usr/share/snmp/cl_drop_cntrs_pp.py pass_persist 1.3.6.1.4.1.40310.3 /usr/share/snmp/cl_poe_pp.py pass_persist 1.3.6.1.4.1.40310.4 /usr/share/snmp/bgpun_pp.py pass_persist 1.3.6.1.4.1.40310.5 /usr/share/snmp/cumulus-status.py pass_persist 1.3.6.1.4.1.40310.6 /usr/share/snmp/cumulus-sensor.py pass_persist 1.3.6.1.4.1.40310.7 /usr/share/snmp/vrf_bgpun_pp.py +rocommunity cshm1! default rouser _snmptrapusernameX +rouser SNMPv3User priv sysobjectid 1.3.6.1.4.1.40310 sysservices 72 -rocommunity cshm1! default net add/del commands since the last "net commit" User Timestamp Command ---------- -------------------------- ------------------------------------------------------------------------- SNMPv3User 2020-08-11 00:13:51.826987 net add snmp-server username SNMPv3User auth-md5 <password> encrypt-aes <password> cumulus@sw1:~$ cumulus@sw1:~$ net show snmp status Simple Network Management Protocol (SNMP) Daemon. --------------------------------- ---------------- Current Status active (running) Reload Status enabled Listening IP Addresses all vrf mgmt Main snmpd PID 24253 Version 1 and 2c Community String Configured Version 3 Usernames Configured <---- Configured here --------------------------------- ---------------- cumulus@sw1:~$
-
ONTAP 측에서 SNMPv3 사용자를 설정합니다.
security login create -user-or-group-name SNMPv3User -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212cluster1::*> security login create -user-or-group-name SNMPv3User -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212 Enter the authoritative entity's EngineID [remote EngineID]: Which authentication protocol do you want to choose (none, md5, sha, sha2-256) [none]: md5 Enter the authentication protocol password (minimum 8 characters long): Enter the authentication protocol password again: Which privacy protocol do you want to choose (none, des, aes128) [none]: aes128 Enter privacy protocol password (minimum 8 characters long): Enter privacy protocol password again:
-
새로운 SNMPv3 사용자와 함께 모니터링하도록 CSHM을 구성합니다.
system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instancecluster1::*> system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instance Device Name: sw1 (b8:59:9f:09:7c:22) IP Address: 10.231.80.212 SNMP Version: SNMPv2c Is Discovered: true DEPRECATED-Community String or SNMPv3 Username: - Community String or SNMPv3 Username: cshm1! Model Number: MSN2100-CB2FC Switch Network: cluster-network Software Version: Cumulus Linux version 4.4.3 running on Mellanox Technologies Ltd. MSN2100 Reason For Not Monitoring: None Source Of Switch Version: LLDP Is Monitored ?: true Serial Number of the Device: MT2110X06399 <---- serial number to check RCF Version: MSN2100-RCF-v1.9X6-Cluster-LLDP Aug-18-2022 cluster1::*> cluster1::*> system switch ethernet modify -device "sw1 (b8:59:9f:09:7c:22)" -snmp-version SNMPv3 -community-or-username SNMPv3User -
새로 생성된 SNMPv3 사용자로 쿼리할 일련 번호가 CSHM 폴링 기간이 완료된 후 이전 단계에서 자세히 설명한 일련 번호와 동일한지 확인합니다.
system switch ethernet polling-interval showcluster1::*> system switch ethernet polling-interval show Polling Interval (in minutes): 5 cluster1::*> system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instance Device Name: sw1 (b8:59:9f:09:7c:22) IP Address: 10.231.80.212 SNMP Version: SNMPv3 Is Discovered: true DEPRECATED-Community String or SNMPv3 Username: - Community String or SNMPv3 Username: SNMPv3User Model Number: MSN2100-CB2FC Switch Network: cluster-network Software Version: Cumulus Linux version 4.4.3 running on Mellanox Technologies Ltd. MSN2100 Reason For Not Monitoring: None Source Of Switch Version: LLDP Is Monitored ?: true Serial Number of the Device: MT2110X06399 <---- serial number to check RCF Version: MSN2100-RCF-v1.9X6-Cluster-LLDP Aug-18-2022