Configure SNMPv3
Suggest changes
PDFs
Follow this procedure to configure SNMPv3, which supports Ethernet switch health monitoring (CSHM).
The following commands configure an SNMPv3 username on Broadcom BES-53248 switches:
-
For no authentication:
snmp-server user SNMPv3UserNoAuth NETWORK-OPERATOR noauth -
For MD5/SHA authentication:
snmp-server user SNMPv3UserAuth NETWORK-OPERATOR [auth-md5|auth-sha] -
For MD5/SHA authentication with AES/DES encryption:
snmp-server user SNMPv3UserAuthEncrypt NETWORK-OPERATOR [auth-md5|auth-sha] [priv-aes128|priv-des]
The following command configures an SNMPv3 username on the ONTAP side:
cluster1::*> security login create -user-or-group-name SNMPv3_USER -application snmp -authentication-method usm -remote-switch-ipaddress ADDRESS
The following command establishes the SNMPv3 username with CSHM:
cluster1::*> system switch ethernet modify -device DEVICE -snmp-version SNMPv3 -community-or-username SNMPv3_USER
-
Set up the SNMPv3 user on the switch to use authentication and encryption:
show snmp statusShow example
(sw1)(Config)# snmp-server user <username> network-admin auth-md5 <password> priv-aes128 <password> (cs1)(Config)# show snmp user snmp Name Group Name Auth Priv Meth Meth Remote Engine ID ----------------- ------------------ ---- ------ ------------------------- <username> network-admin MD5 AES128 8000113d03d8c497710bee -
Set up the SNMPv3 user on the ONTAP side:
security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212Show example
cluster1::*> security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212 Enter the authoritative entity's EngineID [remote EngineID]: Which authentication protocol do you want to choose (none, md5, sha, sha2-256) [none]: md5 Enter the authentication protocol password (minimum 8 characters long): Enter the authentication protocol password again: Which privacy protocol do you want to choose (none, des, aes128) [none]: aes128 Enter privacy protocol password (minimum 8 characters long): Enter privacy protocol password again:
-
Configure CSHM to monitor with the new SNMPv3 user:
system switch ethernet show-all -device "sw1" -instanceShow example
cluster1::*> system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instance Device Name: sw1 IP Address: 10.228.136.24 SNMP Version: SNMPv2c Is Discovered: true DEPRECATED-Community String or SNMPv3 Username: - Community String or SNMPv3 Username: cshm1! Model Number: BES-53248 Switch Network: cluster-network Software Version: 3.9.0.2 Reason For Not Monitoring: None <---- should display this if SNMP settings are valid Source Of Switch Version: CDP/ISDP Is Monitored ?: true Serial Number of the Device: QTFCU3826001C RCF Version: v1.8X2 for Cluster/HA/RDMA cluster1::*> cluster1::*> system switch ethernet modify -device "sw1" -snmp-version SNMPv3 -community-or-username <username> -
Verify that the serial number to be queried with the newly created SNMPv3 user is the same as detailed in the previous step after the CSHM polling period has completed.
system switch ethernet polling-interval showShow example
cluster1::*> system switch ethernet polling-interval show Polling Interval (in minutes): 5 cluster1::*> system switch ethernet show-all -device "sw1" -instance Device Name: sw1 IP Address: 10.228.136.24 SNMP Version: SNMPv3 Is Discovered: true DEPRECATED-Community String or SNMPv3 Username: - Community String or SNMPv3 Username: <username> Model Number: BES-53248 Switch Network: cluster-network Software Version: 3.9.0.2 Reason For Not Monitoring: None <---- should display this if SNMP settings are valid Source Of Switch Version: CDP/ISDP Is Monitored ?: true Serial Number of the Device: QTFCU3826001C RCF Version: v1.8X2 for Cluster/HA/RDMA