Category Archives: NetApp

How to Enable SNMPv3 in ONTAP 7.3.3/8.x and DFM (OnCommand Core) 4.0/5.x

20 Wednesday Mar 2013

Posted by in NetApp, Security

Leave a comment

Tags

,

1)    On the filer:

> options snmp.enable on

> useradmin role add snmpv3role -a login-snmp

> useradmin group add snmpv3group -r snmpv3role

> useradmin user add snmpv3user -g snmpv3group

> Enter password:

> snmp traps enable

> snmp init 1

> snmp authtrap 1

> snmp traphost add <your DFM server hostname>

> snmp location <your filer location> (if spaces, put in quotes; snmp location “Area 51, Roswell New Mexico”)

2)    In the DFM browser based GUI:

a)     Control Center tab | Setup | Options | SNMP Trap Listener. Click Yes to enable and click Update.

b)    Control Center tab | Setup | Network Credentials.

i.        If you have SNMPv1 networks defined, find the network of the filer you want to change to SNMPv3 in the list at the bottom of the page and click Edit on the right.

ii.        Under Edit Network Credentials, select SNMPv3.

iii.        Under SNMPv1 Settings, clear whatever is shown in this field.

iv.        Under SNMPv3 Settings, enter the user and password you created above (snmpv3user) and click Update. DO NOT enter anything in the Privacy password field.  It is designated for future use. If you do, you will see “snmpd:error Encryption not enabled” on the filer. Harmless but annoying.

3)    At the command line on the DFM server:

a)     Click Start | Run | type cmd and press enter.

C:\> cd c:\Program Files\Network Appliance\DataFabric\DFM\bin

> dfm host list        (to get the filer’s ID and IP address)

> dfm host set <ip of filer> prefsnmpVersion=3

> dfm host get -q <ID of the filer you just changed to v3>    (to verify the snmp version)

> dfm host diag <your filer hostname>

SNMP Version in use                    SNMPv3

SNMPv1                                          Failed (this is good)

SNMP Community                         <blank> (this is good, if not blank, see notes below)

SNMPv3                                          Passed (297ms)

SNMPv3 Auth Protocol                 MD5

SNMPv3 Privacy Enabled             No  (this OK, reserved for future use of the Privacy password)

SNMPv3 Username                       root  (OK, diagnostics use root for this test, not the snmpv3user account)

SNMP sysName                             <I removed the value but it works>

SNMP sysObjectID                        <I removed the value but it works>

SNMP productID                            <I removed the value but it works>

  • Diags use the root or root equivalent user which is why this states root above.
  • If you don’t clear the read only community string in the DFM GUI it will still use SNMPv1 if the ro community string is defined on the filer. To remove it on the filer, issue a > snmp community delete ro <your ro string>
  • System Manager does not support SNMPv3. Hello NetApp?!?! To use System Manager with SNMPv3 enabled and SNMPV1 disabled, click Add, click the down-arrow and select Credentials. Enter a username in the admin group (try not to use root for security reasons) and click Add.