跳转到主内容

如何在集群模式Data ONTAP中启用SNMP v3

Views:
2
Visibility:
Public
Votes:
0
Category:
clustered-data-ontap-8
Specialty:
core
Last Updated:

适用场景

  • 集群模式 Data ONTAP 8.3
  • 集群模式 Data ONTAP 8.2
  • 集群模式 Data ONTAP 8.1
  • 集群模式 Data ONTAP 8

描述

本文介绍如何在集群 模式下启用和配置SNMP v3以及如何让DFM识别集群模式Data ONTAP中的SNMP v3。

操作步骤

如何在集群模式Data ONTAP中启用SNMP v3

请按照以下步骤操作:

1.为SNMP创建用户。此角色可以是"仅读"、"无"或"管理员"。

对于无密码

filer::*> security login create -username snmp -application snmp -authmethod usm -role admin

Please enter the authoritative entity's EngineID [local EngineID]:

Please choose an authentication protocol (none, md5, sha) [none]:

要使用MD5或SHA实施密码

filer::*> security login create -username md5 -application snmp -authmethod usm -role admin

Please enter the authoritative entity's EngineID [local EngineID]:

Please choose an authentication protocol (none, md5, sha) [none]: md5

Please enter authentication protocol password (minimum 8 characters long):

Please enter authentication protocol password again:

Please choose a privacy protocol (none, des) [none]:

要使用DES加密

filer::*> security login create -username des -application snmp -authmethod usm -role admin

Please enter the authoritative entity's EngineID [local EngineID]:

Please choose an authentication protocol (none, md5, sha) [none]: md5

Please enter authentication protocol password (minimum 8 characters long):

Please enter authentication protocol password again:

Please choose a privacy protocol (none, des) [none]: des

Please enter privacy protocol password (minimum 8 characters long):

Please enter privacy protocol password again:

注意:如果SNMP主机的身份验证类型与为上面创建的已启用SNMPv3用户帐户选择的类型(-authMethod)不匹配,则会出现以下错误:

%Received a report pdu from remote host: Authentication failure (SNMPv3)

2.  验证是否已创建用户:

filer::*> security snmpusers -instance

User Name: des

Authentication Method: usm

Engine Id: 8000014603000000000000

Authentication Protocol: md5

Privacy Protocol: des

Security Group: readwrite

 

User Name: md5

Authentication Method: usm

Engine Id: 8000014603000000000000

Authentication Protocol: md5

Privacy Protocol: none

Security Group: readwrite

 

User Name: public

Authentication Method: community

Engine Id: 8000014603000000000000

Authentication Protocol: -

Privacy Protocol: -

Security Group: readonly

 

User Name: snmp

Authentication Method: usm

Engine Id: 8000014603000000000000

Authentication Protocol: none

Privacy Protocol: none

Security Group: readwrite

4 entries were displayed

 

3.  运行snmpwalk  测试连接:

:单击此处下载要运行的实用程序    SNMPWalk

在使用MD5或SHA且无加密的v3上测试smpwalk的语法:

snmpwalk -v [version] -a [auth_protocol] -A [password] -u [username] [hostname|IP]

例如:

snmpwalk -v 3 -a md5 -u md5 -A password21 10.10.10.10

用于测试采用MD5或SHA和DES加密的smpwalk的语法:

snmpwalk -v [version] -a [auth_protocol] -A [protocol_password] -u [username] -x [encryption] -A [encryption_password] [hostname|IP]

例如:

snmpwalk -v 3 -a MD5 -A password21 -l authNoPriv -u des -x DES -X password21 10.10.10.10

注意:在集群模式Data ONTAP 8.1.1及更高版本中,     -l    Snmpwalk命令需要使用 选项。有关详细信息,请参见错误498423

 

4.按照以下步骤将集群添加到DFM:

  • 按集群IP (通常为集群管理IP)添加存储系统:

dfm host add [IP_of_Cluster]

可在此处获取对象标识

  • 更改首选SNMP版本:

# dfm host get -q [ID_of_cluster]

host=cluster

hostLogin=

hostPassword=

hostPrimaryAddress=10.10.10.10

cpuTooBusyThreshold=95

cpuBusyThresholdInterval=00:15:00

hostAdminTransport=http

hostAdminPort=80

prefsnmpVersion=1 <-- set this

processHostIP=

autoClientStatEnabled=No

要设置选项:

dfm host set [ID_of_Cluster] optionname=[value]

例如:

# dfm host set 7553 prefsnmpVersion=3

主机集群的首选SNMP版本(7453)已更改为3。

要使XML正常工作、请确保为具有登录功能的用户设置了"hostlogin"和"hostpassword"。

  • 设置SNMP v3登录名和密码

# dfm snmp add -v 3 -U md5 -P password21 10.61.76.140/24

注意:DFM中的SNMP v3要求用户名和密码(长度为八个字符)。不支持空白密码。

  • 测试SNMP v3与DFM的交互

# dfm host diag [ID_of_cluster}

例如:

# dfm host diag 7553

Network Connectivity

IP Address 10.10.10.10

Network (discovery disabled)

DNS Aliases Failed <--dependent on DNS

DNS Addresses Failed <--dependent on DNS

SNMPv1 Failed: No community name given for SNMPv1 communication <--this needs to be set separately if using SNMPv1

SNMP Community

SNMPv3 Passed (132 ms) <-this should pass

SNMPv3 Auth Protocol MDS

SNMPv3 Privacy Enabled No

SNMPv3 Username md5

SNMPsysName br3040c

SNMP sysObjectID .1.3.6.1.4.1.789.2.5 (Cluster)

ICMP Echo Passed (0 ms)

HTTP Passed (0 ms)

NDMP (login not set) Skipped

RSH timed out

SSH Passed (9702 ms)

RLM Skipped (hostRLMAddress is empty) XML (http port 80) Passed (28 ms)

 

追加信息

其他信息文本

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.