O português é fornecido por meio de tradução automática para sua conveniência. O inglês precede o português em caso de inconsistências.
Configurar SNMPv3 para monitorar a integridade dos switches IP do MetroCluster
Colaboradores
Sugerir alterações
PDFs
Nas configurações IP do MetroCluster, você pode configurar o SNMPv3 para monitorar a integridade dos switches IP.
Este procedimento mostra as etapas genéricas para configurar o SNMPv3 em um switch. Algumas das versões de firmware de switch listadas podem não ser suportadas em uma configuração de IP do MetroCluster.
Você deve seguir as etapas para uma versão de firmware do switch compatível com uma configuração de IP do MetroCluster. Consulte a "Hardware Universe" para verificar as versões de firmware suportadas.
|
|
Sobre esta tarefa
Os comandos a seguir são usados para configurar um nome de usuário SNMPv3 nos switches Broadcom, Cisco e NVIDIA:
Switches Broadcom
Configure um OPERADOR DE REDE de nome de usuário SNMPv3 em switches Broadcom BES-53248.
-
Para sem autenticação:
snmp-server user SNMPv3UserNoAuth NETWORK-OPERATOR noauth -
Para MD5/SHA autenticação:
snmp-server user SNMPv3UserAuth NETWORK-OPERATOR [auth-md5|auth-sha] -
Para autenticação MD5/SHA com criptografia AES/DES:
snmp-server user SNMPv3UserAuthEncrypt NETWORK-OPERATOR [auth-md5|auth-sha] [priv-aes128|priv-des]
O seguinte comando configura um nome de usuário SNMPv3 no lado ONTAP:
security login create -user-or-group-name SNMPv3_USER -application snmp -authentication-method usm -remote-switch-ipaddress ADDRESSO seguinte comando estabelece o nome de usuário SNMPv3 com CSHM:
cluster1::*> system switch ethernet modify -device DEVICE -snmp-version SNMPv3 -community-or-username SNMPv3_USERPassos
-
Configure o usuário SNMPv3 no switch para usar autenticação e criptografia:
show snmp status(sw1)(Config)# snmp-server user <username> network-admin auth-md5 <password> priv-aes128 <password> (cs1)(Config)# show snmp user snmp Name Group Name Auth Priv Meth Meth Remote Engine ID ----------------- ------------------ ---- ------ ------------------------- <username> network-admin MD5 AES128 8000113d03d8c497710bee -
Configure o usuário SNMPv3 no lado ONTAP:
security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212cluster1::*> security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212 Enter the authoritative entity's EngineID [remote EngineID]: Which authentication protocol do you want to choose (none, md5, sha, sha2-256) [none]: md5 Enter the authentication protocol password (minimum 8 characters long): Enter the authentication protocol password again: Which privacy protocol do you want to choose (none, des, aes128) [none]: aes128 Enter privacy protocol password (minimum 8 characters long): Enter privacy protocol password again:
-
Configure o CSHM para monitorar com o novo usuário SNMPv3:
system switch ethernet show-all -device "sw1" -instancecluster1::*> system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instance Device Name: sw1 IP Address: 10.228.136.24 SNMP Version: SNMPv2c Is Discovered: true DEPRECATED-Community String or SNMPv3 Username: - Community String or SNMPv3 Username: cshm1! Model Number: BES-53248 Switch Network: cluster-network Software Version: 3.9.0.2 Reason For Not Monitoring: None <---- should display this if SNMP settings are valid Source Of Switch Version: CDP/ISDP Is Monitored ?: true Serial Number of the Device: QTFCU3826001C RCF Version: v1.8X2 for Cluster/HA/RDMA cluster1::*> cluster1::*> system switch ethernet modify -device "sw1" -snmp-version SNMPv3 -community-or-username <username> -
Após aguardar o período de pesquisa do CSHM, verifique se o número de série do switch Ethernet está preenchido.
system switch ethernet polling-interval showcluster1::*> system switch ethernet polling-interval show Polling Interval (in minutes): 5 cluster1::*> system switch ethernet show-all -device "sw1" -instance Device Name: sw1 IP Address: 10.228.136.24 SNMP Version: SNMPv3 Is Discovered: true DEPRECATED-Community String or SNMPv3 Username: - Community String or SNMPv3 Username: <username> Model Number: BES-53248 Switch Network: cluster-network Software Version: 3.9.0.2 Reason For Not Monitoring: None <---- should display this if SNMP settings are valid Source Of Switch Version: CDP/ISDP Is Monitored ?: true Serial Number of the Device: QTFCU3826001C RCF Version: v1.8X2 for Cluster/HA/RDMA
Switches Cisco
Configure um nome de usuário SNMPv3 SNMPv3_USER em switches Cisco 9336C-FX2:
-
Para sem autenticação:
snmp-server user SNMPv3_USER NoAuth -
Para MD5/SHA autenticação:
snmp-server user SNMPv3_USER auth [md5|sha] AUTH-PASSWORD -
Para autenticação MD5/SHA com criptografia AES/DES:
snmp-server user SNMPv3_USER AuthEncrypt auth [md5|sha] AUTH-PASSWORD priv aes-128 PRIV-PASSWORD
O seguinte comando configura um nome de usuário SNMPv3 no lado ONTAP:
security login create -user-or-group-name SNMPv3_USER -application snmp -authentication-method usm -remote-switch-ipaddress ADDRESSO seguinte comando estabelece o nome de usuário SNMPv3 com CSHM:
system switch ethernet modify -device DEVICE -snmp-version SNMPv3 -community-or-username SNMPv3_USERPassos
-
Configure o usuário SNMPv3 no switch para usar autenticação e criptografia:
show snmp user(sw1)(Config)# snmp-server user SNMPv3User auth md5 <auth_password> priv aes-128 <priv_password> (sw1)(Config)# show snmp user ----------------------------------------------------------------------------- SNMP USERS ----------------------------------------------------------------------------- User Auth Priv(enforce) Groups acl_filter ----------------- --------------- --------------- --------------- ----------- admin md5 des(no) network-admin SNMPv3User md5 aes-128(no) network-operator ----------------------------------------------------------------------------- NOTIFICATION TARGET USERS (configured for sending V3 Inform) ----------------------------------------------------------------------------- User Auth Priv ----------------- ------------------ ------------ (sw1)(Config)# -
Configure o usuário SNMPv3 no lado ONTAP:
security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212cluster1::*> system switch ethernet modify -device "sw1 (b8:59:9f:09:7c:22)" -is-monitoring-enabled-admin true cluster1::*> security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212 Enter the authoritative entity's EngineID [remote EngineID]: Which authentication protocol do you want to choose (none, md5, sha, sha2-256) [none]: md5 Enter the authentication protocol password (minimum 8 characters long): Enter the authentication protocol password again: Which privacy protocol do you want to choose (none, des, aes128) [none]: aes128 Enter privacy protocol password (minimum 8 characters long): Enter privacy protocol password again:
-
Configure o CSHM para monitorar com o novo usuário SNMPv3:
system switch ethernet show-all -device "sw1" -instancecluster1::*> system switch ethernet show-all -device "sw1" -instance Device Name: sw1 IP Address: 10.231.80.212 SNMP Version: SNMPv2c Is Discovered: true SNMPv2c Community String or SNMPv3 Username: cshm1! Model Number: N9K-C9336C-FX2 Switch Network: cluster-network Software Version: Cisco Nexus Operating System (NX-OS) Software, Version 9.3(7) Reason For Not Monitoring: None <---- displays when SNMP settings are valid Source Of Switch Version: CDP/ISDP Is Monitored ?: true Serial Number of the Device: QTFCU3826001C RCF Version: v1.8X2 for Cluster/HA/RDMA cluster1::*> cluster1::*> system switch ethernet modify -device "sw1" -snmp-version SNMPv3 -community-or-username <username> cluster1::*> -
Verifique se o número de série a ser consultado com o usuário SNMPv3 recém-criado é o mesmo que detalhado na etapa anterior após o período de polling CSHM ter sido concluído.
system switch ethernet polling-interval showcluster1::*> system switch ethernet polling-interval show Polling Interval (in minutes): 5 cluster1::*> system switch ethernet show-all -device "sw1" -instance Device Name: sw1 IP Address: 10.231.80.212 SNMP Version: SNMPv3 Is Discovered: true SNMPv2c Community String or SNMPv3 Username: SNMPv3User Model Number: N9K-C9336C-FX2 Switch Network: cluster-network Software Version: Cisco Nexus Operating System (NX-OS) Software, Version 9.3(7) Reason For Not Monitoring: None <---- displays when SNMP settings are valid Source Of Switch Version: CDP/ISDP Is Monitored ?: true Serial Number of the Device: QTFCU3826001C RCF Version: v1.8X2 for Cluster/HA/RDMA cluster1::*>
NVIDIA - CL 5.4.0
Configure um nome de usuário SNMPv3 SNMPv3_USER em switches NVIDIA SN2100 executando CLI 5.4.0:
-
Para sem autenticação:
nv set service snmp-server username SNMPv3_USER auth-none -
Para MD5/SHA autenticação:
nv set service snmp-server username SNMPv3_USER [auth-md5|auth-sha] AUTH-PASSWORD -
Para autenticação MD5/SHA com criptografia AES/DES:
nv set service snmp-server username SNMPv3_USER [auth-md5|auth-sha] AUTH-PASSWORD [encrypt-aes|encrypt-des] PRIV-PASSWORD
O seguinte comando configura um nome de usuário SNMPv3 no lado ONTAP:
security login create -user-or-group-name SNMPv3_USER -application snmp -authentication-method usm -remote-switch-ipaddress ADDRESSO seguinte comando estabelece o nome de usuário SNMPv3 com CSHM:
system switch ethernet modify -device DEVICE -snmp-version SNMPv3 -community-or-username SNMPv3_USERPassos
-
Configure o usuário SNMPv3 no switch para usar autenticação e criptografia:
net show snmp statuscumulus@sw1:~$ net show snmp status Simple Network Management Protocol (SNMP) Daemon. --------------------------------- ---------------- Current Status active (running) Reload Status enabled Listening IP Addresses all vrf mgmt Main snmpd PID 4318 Version 1 and 2c Community String Configured Version 3 Usernames Not Configured --------------------------------- ---------------- cumulus@sw1:~$ cumulus@sw1:~$ net add snmp-server username SNMPv3User auth-md5 <password> encrypt-aes <password> cumulus@sw1:~$ net commit --- /etc/snmp/snmpd.conf 2020-08-02 21:09:34.686949282 +0000 +++ /run/nclu/snmp/snmpd.conf 2020-08-11 00:13:51.826126655 +0000 @@ -1,26 +1,28 @@ # Auto-generated config file: do not edit. # agentaddress udp:@mgmt:161 agentxperms 777 777 snmp snmp agentxsocket /var/agentx/master createuser _snmptrapusernameX +createuser SNMPv3User MD5 <password> AES <password> ifmib_max_num_ifaces 500 iquerysecname _snmptrapusernameX master agentx monitor -r 60 -o laNames -o laErrMessage "laTable" laErrorFlag != 0 pass -p 10 1.3.6.1.2.1.1.1 /usr/share/snmp/sysDescr_pass.py pass_persist 1.2.840.10006.300.43 /usr/share/snmp/ieee8023_lag_pp.py pass_persist 1.3.6.1.2.1.17 /usr/share/snmp/bridge_pp.py pass_persist 1.3.6.1.2.1.31.1.1.1.18 /usr/share/snmp/snmpifAlias_pp.py pass_persist 1.3.6.1.2.1.47 /usr/share/snmp/entity_pp.py pass_persist 1.3.6.1.2.1.99 /usr/share/snmp/entity_sensor_pp.py pass_persist 1.3.6.1.4.1.40310.1 /usr/share/snmp/resq_pp.py pass_persist 1.3.6.1.4.1.40310.2 /usr/share/snmp/cl_drop_cntrs_pp.py pass_persist 1.3.6.1.4.1.40310.3 /usr/share/snmp/cl_poe_pp.py pass_persist 1.3.6.1.4.1.40310.4 /usr/share/snmp/bgpun_pp.py pass_persist 1.3.6.1.4.1.40310.5 /usr/share/snmp/cumulus-status.py pass_persist 1.3.6.1.4.1.40310.6 /usr/share/snmp/cumulus-sensor.py pass_persist 1.3.6.1.4.1.40310.7 /usr/share/snmp/vrf_bgpun_pp.py +rocommunity cshm1! default rouser _snmptrapusernameX +rouser SNMPv3User priv sysobjectid 1.3.6.1.4.1.40310 sysservices 72 -rocommunity cshm1! default net add/del commands since the last "net commit" User Timestamp Command ---------- -------------------------- ------------------------------------------------------------------------- SNMPv3User 2020-08-11 00:13:51.826987 net add snmp-server username SNMPv3User auth-md5 <password> encrypt-aes <password> cumulus@sw1:~$ cumulus@sw1:~$ net show snmp status Simple Network Management Protocol (SNMP) Daemon. --------------------------------- ---------------- Current Status active (running) Reload Status enabled Listening IP Addresses all vrf mgmt Main snmpd PID 24253 Version 1 and 2c Community String Configured Version 3 Usernames Configured <---- Configured here --------------------------------- ---------------- cumulus@sw1:~$
-
Configure o usuário SNMPv3 no lado ONTAP:
security login create -user-or-group-name SNMPv3User -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212cluster1::*> security login create -user-or-group-name SNMPv3User -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212 Enter the authoritative entity's EngineID [remote EngineID]: Which authentication protocol do you want to choose (none, md5, sha, sha2-256) [none]: md5 Enter the authentication protocol password (minimum 8 characters long): Enter the authentication protocol password again: Which privacy protocol do you want to choose (none, des, aes128) [none]: aes128 Enter privacy protocol password (minimum 8 characters long): Enter privacy protocol password again:
-
Configure o CSHM para monitorar com o novo usuário SNMPv3:
system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instancecluster1::*> system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instance Device Name: sw1 (b8:59:9f:09:7c:22) IP Address: 10.231.80.212 SNMP Version: SNMPv2c Is Discovered: true DEPRECATED-Community String or SNMPv3 Username: - Community String or SNMPv3 Username: cshm1! Model Number: MSN2100-CB2FC Switch Network: cluster-network Software Version: Cumulus Linux version 5.4.0 running on Mellanox Technologies Ltd. MSN2100 Reason For Not Monitoring: None Source Of Switch Version: LLDP Is Monitored ?: true Serial Number of the Device: MT2110X06399 <---- serial number to check RCF Version: MSN2100-RCF-v1.9X6-Cluster-LLDP Aug-18-2022 cluster1::*> cluster1::*> system switch ethernet modify -device "sw1 (b8:59:9f:09:7c:22)" -snmp-version SNMPv3 -community-or-username SNMPv3User -
Verifique se o número de série a ser consultado com o usuário SNMPv3 recém-criado é o mesmo que detalhado na etapa anterior após o período de polling CSHM ter sido concluído.
system switch ethernet polling-interval showcluster1::*> system switch ethernet polling-interval show Polling Interval (in minutes): 5 cluster1::*> system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instance Device Name: sw1 (b8:59:9f:09:7c:22) IP Address: 10.231.80.212 SNMP Version: SNMPv3 Is Discovered: true DEPRECATED-Community String or SNMPv3 Username: - Community String or SNMPv3 Username: SNMPv3User Model Number: MSN2100-CB2FC Switch Network: cluster-network Software Version: Cumulus Linux version 5.4.0 running on Mellanox Technologies Ltd. MSN2100 Reason For Not Monitoring: None Source Of Switch Version: LLDP Is Monitored ?: true Serial Number of the Device: MT2110X06399 <---- serial number to check RCF Version: MSN2100-RCF-v1.9X6-Cluster-LLDP Aug-18-2022
NVIDIA - CL 5.11.0
Configure um nome de usuário SNMPv3 SNMPv3_USER em switches NVIDIA SN2100 executando CLI 5.11.0:
-
Para sem autenticação:
nv set system snmp-server username SNMPv3_USER auth-none -
Para MD5/SHA autenticação:
nv set system snmp-server username SNMPv3_USER [auth-md5|auth-sha] AUTH-PASSWORD -
Para autenticação MD5/SHA com criptografia AES/DES:
nv set system snmp-server username SNMPv3_USER [auth-md5|auth-sha] AUTH-PASSWORD [encrypt-aes|encrypt-des] PRIV-PASSWORD
O seguinte comando configura um nome de usuário SNMPv3 no lado ONTAP:
security login create -user-or-group-name SNMPv3_USER -application snmp -authentication-method usm -remote-switch-ipaddress ADDRESSO seguinte comando estabelece o nome de usuário SNMPv3 com CSHM:
system switch ethernet modify -device DEVICE -snmp-version SNMPv3 -community-or-username SNMPv3_USERPassos
-
Configure o usuário SNMPv3 no switch para usar autenticação e criptografia:
nv show system snmp-servercumulus@sw1:~$ nv show system snmp-server applied -------------------- --------------------------------------- [username] SNMPv3_USER [username] limiteduser1 [username] testuserauth [username] testuserauthaes [username] testusernoauth trap-link-up check-frequency 60 trap-link-down check-frequency 60 [listening-address] all [readonly-community] $nvsec$94d69b56e921aec1790844eb53e772bf state enabled cumulus@sw1:~$ -
Configure o usuário SNMPv3 no lado ONTAP:
security login create -user-or-group-name SNMPv3User -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212cluster1::*> security login create -user-or-group-name SNMPv3User -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212 Enter the authoritative entity's EngineID [remote EngineID]: Which authentication protocol do you want to choose (none, md5, sha, sha2-256) [none]: md5 Enter the authentication protocol password (minimum 8 characters long): Enter the authentication protocol password again: Which privacy protocol do you want to choose (none, des, aes128) [none]: aes128 Enter privacy protocol password (minimum 8 characters long): Enter privacy protocol password again:
-
Configure o CSHM para monitorar com o novo usuário SNMPv3:
system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instancecluster1::*> system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instance Device Name: sw1 (b8:59:9f:09:7c:22) IP Address: 10.231.80.212 SNMP Version: SNMPv2c Is Discovered: true DEPRECATED-Community String or SNMPv3 Username: - Community String or SNMPv3 Username: cshm1! Model Number: MSN2100-CB2FC Switch Network: cluster-network Software Version: Cumulus Linux version 5.11.0 running on Mellanox Technologies Ltd. MSN2100 Reason For Not Monitoring: None Source Of Switch Version: LLDP Is Monitored ?: true Serial Number of the Device: MT2110X06399 <---- serial number to check RCF Version: MSN2100-RCF-v1.9X6-Cluster-LLDP Aug-18-2022 cluster1::*> cluster1::*> system switch ethernet modify -device "sw1 (b8:59:9f:09:7c:22)" -snmp-version SNMPv3 -community-or-username SNMPv3User -
Verifique se o número de série a ser consultado com o usuário SNMPv3 recém-criado é o mesmo que detalhado na etapa anterior após o período de polling CSHM ter sido concluído.
system switch ethernet polling-interval showcluster1::*> system switch ethernet polling-interval show Polling Interval (in minutes): 5 cluster1::*> system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instance Device Name: sw1 (b8:59:9f:09:7c:22) IP Address: 10.231.80.212 SNMP Version: SNMPv3 Is Discovered: true DEPRECATED-Community String or SNMPv3 Username: - Community String or SNMPv3 Username: SNMPv3User Model Number: MSN2100-CB2FC Switch Network: cluster-network Software Version: Cumulus Linux version 5.11.0 running on Mellanox Technologies Ltd. MSN2100 Reason For Not Monitoring: None Source Of Switch Version: LLDP Is Monitored ?: true Serial Number of the Device: MT2110X06399 <---- serial number to check RCF Version: MSN2100-RCF-v1.9X6-Cluster-LLDP Aug-18-2022