Skip to main content
Cluster and storage switches
O português é fornecido por meio de tradução automática para sua conveniência. O inglês precede o português em caso de inconsistências.

Configurar SNMPv3

Colaboradores

Siga este procedimento para configurar o SNMPv3, que suporta monitoramento de integridade do switch Ethernet (CSHM).

Sobre esta tarefa

Os comandos a seguir configuram um nome de usuário SNMPv3 em switches Broadcom BES-53248:

  • Para sem autenticação: snmp-server user SNMPv3UserNoAuth NETWORK-OPERATOR noauth

  • Para MD5/SHA autenticação: snmp-server user SNMPv3UserAuth NETWORK-OPERATOR [auth-md5|auth-sha]

  • Para autenticação MD5/SHA com criptografia AES/DES: snmp-server user SNMPv3UserAuthEncrypt NETWORK-OPERATOR [auth-md5|auth-sha] [priv-aes128|priv-des]

O seguinte comando configura um nome de usuário SNMPv3 no lado ONTAP: cluster1::*> security login create -user-or-group-name SNMPv3_USER -application snmp -authentication-method usm -remote-switch-ipaddress ADDRESS

O seguinte comando estabelece o nome de usuário SNMPv3 com CSHM: cluster1::*> system switch ethernet modify -device DEVICE -snmp-version SNMPv3 -community-or-username SNMPv3_USER

Passos
  1. Configure o usuário SNMPv3 no switch para usar autenticação e criptografia:

    show snmp status

    Mostrar exemplo
    (sw1)(Config)# snmp-server user <username> network-admin auth-md5 <password> priv-aes128 <password>
    
    (cs1)(Config)# show snmp user snmp
    
         Name            Group Name      Auth Priv
                                         Meth Meth    Remote Engine ID
    ----------------- ------------------ ---- ------ -------------------------
    <username>        network-admin      MD5  AES128 8000113d03d8c497710bee
  2. Configure o usuário SNMPv3 no lado ONTAP:

    security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212

    Mostrar exemplo
    cluster1::*> security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212
    
    Enter the authoritative entity's EngineID [remote EngineID]:
    
    Which authentication protocol do you want to choose (none, md5, sha, sha2-256)
    [none]: md5
    
    Enter the authentication protocol password (minimum 8 characters long):
    
    Enter the authentication protocol password again:
    
    Which privacy protocol do you want to choose (none, des, aes128) [none]: aes128
    
    Enter privacy protocol password (minimum 8 characters long):
    Enter privacy protocol password again:
  3. Configure o CSHM para monitorar com o novo usuário SNMPv3:

    system switch ethernet show-all -device "sw1" -instance

    Mostrar exemplo
    cluster1::*> system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instance
    
                                       Device Name: sw1
                                        IP Address: 10.228.136.24
                                      SNMP Version: SNMPv2c
                                     Is Discovered: true
    DEPRECATED-Community String or SNMPv3 Username: -
               Community String or SNMPv3 Username: cshm1!
                                      Model Number: BES-53248
                                    Switch Network: cluster-network
                                  Software Version: 3.9.0.2
                         Reason For Not Monitoring: None  <---- should display this if SNMP settings are valid
                          Source Of Switch Version: CDP/ISDP
                                    Is Monitored ?: true
                       Serial Number of the Device: QTFCU3826001C
                                       RCF Version: v1.8X2 for Cluster/HA/RDMA
    
    cluster1::*>
    cluster1::*> system switch ethernet modify -device "sw1" -snmp-version SNMPv3 -community-or-username <username>
  4. Verifique se o número de série a ser consultado com o usuário SNMPv3 recém-criado é o mesmo que detalhado na etapa anterior após o período de polling CSHM ter sido concluído.

    system switch ethernet polling-interval show

    Mostrar exemplo
    cluster1::*> system switch ethernet polling-interval show
             Polling Interval (in minutes): 5
    
    cluster1::*> system switch ethernet show-all -device "sw1" -instance
                                       Device Name: sw1
                                        IP Address: 10.228.136.24
                                      SNMP Version: SNMPv3
                                     Is Discovered: true
    DEPRECATED-Community String or SNMPv3 Username: -
               Community String or SNMPv3 Username: <username>
                                      Model Number: BES-53248
                                    Switch Network: cluster-network
                                  Software Version: 3.9.0.2
                         Reason For Not Monitoring: None  <---- should display this if SNMP settings are valid
                          Source Of Switch Version: CDP/ISDP
                                    Is Monitored ?: true
                       Serial Number of the Device: QTFCU3826001C
                                       RCF Version: v1.8X2 for Cluster/HA/RDMA