How to enable SNMP v3 in clustered Data ONTAP

Applies to

• Clustered Data ONTAP 8.3
• Clustered Data ONTAP 8.2
• Clustered Data ONTAP 8.1
• Clustered Data ONTAP 8

Description

This article includes instructions on enabling and configuring SNMP v3 in cluster mode and getting DFM to recognize SNMP v3 in clustered Data ONTAP.

Procedure

Follow these steps:

1. Create a user for SNMP. The role can be 'read only', 'none' or 'admin'.

For no password:

filer::*> security login create -username snmp -application snmp -authmethod usm -role admin

Please enter the authoritative entity's EngineID [local EngineID]:

Please choose an authentication protocol (none, md5, sha) [none]:

To implement a password using MD5 or SHA:

filer::*> security login create -username md5 -application snmp -authmethod usm -role admin

Please enter the authoritative entity's EngineID [local EngineID]:

Please choose an authentication protocol (none, md5, sha) [none]: md5

Please enter authentication protocol password (minimum 8 characters long):

Please enter authentication protocol password again:

Please choose a privacy protocol (none, des) [none]:

To use DES encryption:

filer::*> security login create -username des -application snmp -authmethod usm -role admin

Please enter the authoritative entity's EngineID [local EngineID]:

Please choose an authentication protocol (none, md5, sha) [none]: md5

Please enter authentication protocol password (minimum 8 characters long):

Please enter authentication protocol password again:

Please choose a privacy protocol (none, des) [none]: des

Please enter privacy protocol password (minimum 8 characters long):

Please enter privacy protocol password again:

Note: The Error below occurs when the Authentication type of the SNMP host does not match the type ( -authmethod) selected for the Enabled SNMPv3 user account created above:

%Received a report pdu from remote host: Authentication failure (SNMPv3)

2.  Verify the user is created:

filer::*> security snmpusers -instance

User Name: des

Authentication Method: usm

Engine Id: 8000014603000000000000

Authentication Protocol: md5

Privacy Protocol: des

Security Group: readwrite

 

User Name: md5

Authentication Method: usm

Engine Id: 8000014603000000000000

Authentication Protocol: md5

Privacy Protocol: none

Security Group: readwrite

 

User Name: public

Authentication Method: community

Engine Id: 8000014603000000000000

Authentication Protocol: -

Privacy Protocol: -

Security Group: readonly

 

User Name: snmp

Authentication Method: usm

Engine Id: 8000014603000000000000

Authentication Protocol: none

Privacy Protocol: none

Security Group: readwrite

4 entries were displayed

 

3.  Run snmpwalk   to test connectivity:

Note: Click here to download the utility to run    SNMPWalk

Syntax to test snmpwalk on v3 with md5 or sha and no encryption:

snmpwalk -v [version] -a [auth_protocol] -A [password] -u [username] [hostname|IP]

For example:

snmpwalk -v 3 -a md5 -u md5 -A password21 10.10.10.10

Syntax to test snmpwalk with md5 or sha and DES encryption:

snmpwalk -v [version] -a [auth_protocol] -A [protocol_password] -u [username] -x [encryption] -A [encryption_password] [hostname|IP]

For example:

snmpwalk -v 3 -a MD5 -A password21 -l authNoPriv -u des -x DES -X password21 10.10.10.10

Note: In Clustered Data ONTAP 8.1.1 and later, the     -l     option is required by snmpwalk commands. For more information, see BUG 498423.

 

4. Follow these steps to add the cluster to DFM:

• Add the storage system by cluster IP (usually the cluster mgmt IP):

dfm host add [IP_of_Cluster]

The object ID can be obtained here.

• Change the preferred SNMP version:

# dfm host get -q [ID_of_cluster]

host=cluster

hostLogin=

hostPassword=

hostPrimaryAddress=10.10.10.10

cpuTooBusyThreshold=95

cpuBusyThresholdInterval=00:15:00

hostAdminTransport=http

hostAdminPort=80

prefsnmpVersion=1 <-- set this

processHostIP=

autoClientStatEnabled=No

To set the options:

dfm host set [ID_of_Cluster] optionname=[value]

For example:

# dfm host set 7553 prefsnmpVersion=3

The preferred SNMP version for host cluster (7553) is changed to 3.

For XML to work correctly, be sure the 'hostlogin' and' hostpassword' are set for an user with login capability.

• Set the SNMP v3 login and password:

# dfm snmp add -v 3 -U md5 -P password21 10.61.76.140/24

Note: SNMP v3 in DFM requires a username with a password (eight characters in length). Blank passwords are not supported.

• Test SNMP v3 interaction with DFM:

# dfm host diag [ID_of_cluster}

For example:

# dfm host diag 7553

Network Connectivity

IP Address 10.10.10.10

Network (discovery disabled)

DNS Aliases Failed <--dependent on DNS

DNS Addresses Failed <--dependent on DNS

SNMPv1 Failed: No community name given for SNMPv1 communication <--this needs to be set separately if using SNMPv1

SNMP Community

SNMPv3 Passed (132 ms) <-this should pass

SNMPv3 Auth Protocol MDS

SNMPv3 Privacy Enabled No

SNMPv3 Username md5

SNMPsysName br3040c

SNMP sysObjectID .1.3.6.1.4.1.789.2.5 (Cluster)

ICMP Echo Passed (0 ms)

HTTP Passed (0 ms)

NDMP (login not set) Skipped

RSH timed out

SSH Passed (9702 ms)

RLM Skipped (hostRLMAddress is empty) XML (http port 80) Passed (28 ms)

Additional Information

N/A