Configure SNMPv3 on ESXi Host

I want to monitor our esxi hipervisors through SNMP but also I want to be encrypted 🙂 after all this information floating over the Internet so it is good to be at least encrypted somehow. That’s why we going to use SNMP v3 Enabling SSH on ESXi

  • Connect with the vSphere client to your node
  • Go to the configuration tab, then select Security Profile
  • Select Properties with Services, then select SSH Server
  • Click Options and select Start and Stop with host
  • Click the Start button once to start the service for now

Opening the firewall to allow SSH connections

  • Connect with the vSphere client to your node
  • Go to the _configuration_ tab, then select Security Profile
  • _Select __Properties_ with Firewall, then select SSH Server
  • Click SSH Server, select Firewall and allow an IP-range

and now the magic for engin ID we need to use hexadecimal value.

esxcli system snmp set --engineid 766d77617265
esxcli system snmp set --authentication SHA1
esxcli system snmp set --privacy AES128
esxcli system snmp hash -r -A secret1234 -X secret5678
esxcli system snmp set --users root/AuthHash/PrivHash/priv
esxcli system snmp set --enable true

And that’s all, you can test is it working with snmpwalk

snmpwalk -v3 -u root -l AuthPriv -a SHA -A Auth -x AES -X Priv %HOST%
  • One last thing, I want only my machines to talko to the esxi
esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false
esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address %IP%
esxcli network firewall ruleset set --ruleset-id snmp --enabled true