How to enable SNMP v3 in clustered Data ONTAP
- Views:
- 2,218
- Visibility:
- Public
- Votes:
- 4
- Category:
- clustered-data-ontap-8
- Specialty:
- CORE
- Last Updated:
- 4/25/2025, 6:22:23 AM
Applies to
- Clustered Data ONTAP 8.3
- Clustered Data ONTAP 8.2
- Clustered Data ONTAP 8.1
- Clustered Data ONTAP 8
Description
This article includes instructions on enabling and configuring SNMP v3 in cluster mode and getting DFM to recognize SNMP v3 in clustered Data ONTAP.
Procedure
Follow these steps:
1. Create a user for SNMP. The role can be 'read only', 'none' or 'admin'.
For no password:
filer::*> security login create -username snmp -application snmp -authmethod usm -role admin
Please enter the authoritative entity's EngineID [local EngineID]:
Please choose an authentication protocol (none, md5, sha) [none]:
To implement a password using MD5 or SHA:
filer::*> security login create -username md5 -application snmp -authmethod usm -role admin
Please enter the authoritative entity's EngineID [local EngineID]:
Please choose an authentication protocol (none, md5, sha) [none]: md5
Please enter authentication protocol password (minimum 8 characters long):
Please enter authentication protocol password again:
Please choose a privacy protocol (none, des) [none]:
To use DES encryption:
filer::*> security login create -username des -application snmp -authmethod usm -role admin
Please enter the authoritative entity's EngineID [local EngineID]:
Please choose an authentication protocol (none, md5, sha) [none]: md5
Please enter authentication protocol password (minimum 8 characters long):
Please enter authentication protocol password again:
Please choose a privacy protocol (none, des) [none]: des
Please enter privacy protocol password (minimum 8 characters long):
Please enter privacy protocol password again:
Note: The Error below occurs when the Authentication type of the SNMP host does not match the type ( -authmethod) selected for the Enabled SNMPv3 user account created above:
%Received a report pdu from remote host: Authentication failure (SNMPv3)
2. Verify the user is created:
filer::*> security snmpusers -instance
User Name: des
Authentication Method: usm
Engine Id: 8000014603000000000000
Authentication Protocol: md5
Privacy Protocol: des
Security Group: readwrite
User Name: md5
Authentication Method: usm
Engine Id: 8000014603000000000000
Authentication Protocol: md5
Privacy Protocol: none
Security Group: readwrite
User Name: public
Authentication Method: community
Engine Id: 8000014603000000000000
Authentication Protocol: -
Privacy Protocol: -
Security Group: readonly
User Name: snmp
Authentication Method: usm
Engine Id: 8000014603000000000000
Authentication Protocol: none
Privacy Protocol: none
Security Group: readwrite
4 entries were displayed
3. Run snmpwalk
to test connectivity:
Note: Click here to download the utility to run SNMPWalk
Syntax to test snmpwalk on v3 with md5 or sha and no encryption:
snmpwalk -v [version] -a [auth_protocol] -A [password] -u [username] [hostname|IP]
For example:
snmpwalk -v 3 -a md5 -u md5 -A password21 10.10.10.10
Syntax to test snmpwalk with md5 or sha and DES encryption:
snmpwalk -v [version] -a [auth_protocol] -A [protocol_password] -u [username] -x [encryption] -A [encryption_password] [hostname|IP]
For example:
snmpwalk -v 3 -a MD5 -A password21 -l authNoPriv -u des -x DES -X password21 10.10.10.10
Note: In Clustered Data ONTAP 8.1.1 and later, the -l
option is required by snmpwalk commands. For more information, see BUG 498423.
4. Follow these steps to add the cluster to DFM:
- Add the storage system by cluster IP (usually the cluster mgmt IP):
dfm host add [IP_of_Cluster]
The object ID can be obtained here.
- Change the preferred SNMP version:
# dfm host get -q [ID_of_cluster]
host=cluster
hostLogin=
hostPassword=
hostPrimaryAddress=10.10.10.10
cpuTooBusyThreshold=95
cpuBusyThresholdInterval=00:15:00
hostAdminTransport=http
hostAdminPort=80
prefsnmpVersion=1 <-- set this
processHostIP=
autoClientStatEnabled=No
To set the options:
dfm host set [ID_of_Cluster] optionname=[value]
For example:
# dfm host set 7553 prefsnmpVersion=3
The preferred SNMP version for host cluster (7553) is changed to 3.
For XML to work correctly, be sure the 'hostlogin' and' hostpassword' are set for an user with login capability.
- Set the SNMP v3 login and password:
# dfm snmp add -v 3 -U md5 -P password21 10.61.76.140/24
Note: SNMP v3 in DFM requires a username with a password (eight characters in length). Blank passwords are not supported.
- Test SNMP v3 interaction with DFM:
# dfm host diag [ID_of_cluster}
For example:
# dfm host diag 7553
Network Connectivity
IP Address 10.10.10.10
Network (discovery disabled)
DNS Aliases Failed <--dependent on DNS
DNS Addresses Failed <--dependent on DNS
SNMPv1 Failed: No community name given for SNMPv1 communication <--this needs to be set separately if using SNMPv1
SNMP Community
SNMPv3 Passed (132 ms) <-this should pass
SNMPv3 Auth Protocol MDS
SNMPv3 Privacy Enabled No
SNMPv3 Username md5
SNMPsysName br3040c
SNMP sysObjectID .1.3.6.1.4.1.789.2.5 (Cluster)
ICMP Echo Passed (0 ms)
HTTP Passed (0 ms)
NDMP (login not set) Skipped
RSH timed out
SSH Passed (9702 ms)
RLM Skipped (hostRLMAddress is empty) XML (http port 80) Passed (28 ms)
Additional Information
N/A