如何在集群模式Data ONTAP中启用SNMP v3
适用场景
- 集群模式 Data ONTAP 8.3
- 集群模式 Data ONTAP 8.2
- 集群模式 Data ONTAP 8.1
- 集群模式 Data ONTAP 8
描述
本文介绍如何在集群 模式下启用和配置SNMP v3以及如何让DFM识别集群模式Data ONTAP中的SNMP v3。
操作步骤
请按照以下步骤操作:
1.为SNMP创建用户。此角色可以是"仅读"、"无"或"管理员"。
对于无密码:
filer::*> security login create -username snmp -application snmp -authmethod usm -role admin
Please enter the authoritative entity's EngineID [local EngineID]:
Please choose an authentication protocol (none, md5, sha) [none]:
要使用MD5或SHA实施密码:
filer::*> security login create -username md5 -application snmp -authmethod usm -role admin
Please enter the authoritative entity's EngineID [local EngineID]:
Please choose an authentication protocol (none, md5, sha) [none]: md5
Please enter authentication protocol password (minimum 8 characters long):
Please enter authentication protocol password again:
Please choose a privacy protocol (none, des) [none]:
要使用DES加密:
filer::*> security login create -username des -application snmp -authmethod usm -role admin
Please enter the authoritative entity's EngineID [local EngineID]:
Please choose an authentication protocol (none, md5, sha) [none]: md5
Please enter authentication protocol password (minimum 8 characters long):
Please enter authentication protocol password again:
Please choose a privacy protocol (none, des) [none]: des
Please enter privacy protocol password (minimum 8 characters long):
Please enter privacy protocol password again:
注意:如果SNMP主机的身份验证类型与为上面创建的已启用SNMPv3用户帐户选择的类型(-authMethod)不匹配,则会出现以下错误:
%Received a report pdu from remote host: Authentication failure (SNMPv3)
2. 验证是否已创建用户:
filer::*> security snmpusers -instance
User Name: des
Authentication Method: usm
Engine Id: 8000014603000000000000
Authentication Protocol: md5
Privacy Protocol: des
Security Group: readwrite
User Name: md5
Authentication Method: usm
Engine Id: 8000014603000000000000
Authentication Protocol: md5
Privacy Protocol: none
Security Group: readwrite
User Name: public
Authentication Method: community
Engine Id: 8000014603000000000000
Authentication Protocol: -
Privacy Protocol: -
Security Group: readonly
User Name: snmp
Authentication Method: usm
Engine Id: 8000014603000000000000
Authentication Protocol: none
Privacy Protocol: none
Security Group: readwrite
4 entries were displayed
3. 运行snmpwalk
以测试连接:
注:单击此处下载要运行的实用程序 SNMPWalk
在使用MD5或SHA且无加密的v3上测试smpwalk的语法:
snmpwalk -v [version] -a [auth_protocol] -A [password] -u [username] [hostname|IP]
例如:
snmpwalk -v 3 -a md5 -u md5 -A password21 10.10.10.10
用于测试采用MD5或SHA和DES加密的smpwalk的语法:
snmpwalk -v [version] -a [auth_protocol] -A [protocol_password] -u [username] -x [encryption] -A [encryption_password] [hostname|IP]
例如:
snmpwalk -v 3 -a MD5 -A password21 -l authNoPriv -u des -x DES -X password21 10.10.10.10
注意:在集群模式Data ONTAP 8.1.1及更高版本中, -l
Snmpwalk命令需要使用 选项。有关详细信息,请参见错误498423。
4.按照以下步骤将集群添加到DFM:
- 按集群IP (通常为集群管理IP)添加存储系统:
dfm host add [IP_of_Cluster]
可在此处获取对象标识。
- 更改首选SNMP版本:
# dfm host get -q [ID_of_cluster]
host=cluster
hostLogin=
hostPassword=
hostPrimaryAddress=10.10.10.10
cpuTooBusyThreshold=95
cpuBusyThresholdInterval=00:15:00
hostAdminTransport=http
hostAdminPort=80
prefsnmpVersion=1 <-- set this
processHostIP=
autoClientStatEnabled=No
要设置选项:
dfm host set [ID_of_Cluster] optionname=[value]
例如:
# dfm host set 7553 prefsnmpVersion=3
主机集群的首选SNMP版本(7453)已更改为3。
要使XML正常工作、请确保为具有登录功能的用户设置了"hostlogin"和"hostpassword"。
- 设置SNMP v3登录名和密码:
# dfm snmp add -v 3 -U md5 -P password21 10.61.76.140/24
注意:DFM中的SNMP v3要求用户名和密码(长度为八个字符)。不支持空白密码。
- 测试SNMP v3与DFM的交互:
# dfm host diag [ID_of_cluster}
例如:
# dfm host diag 7553
Network Connectivity
IP Address 10.10.10.10
Network (discovery disabled)
DNS Aliases Failed <--dependent on DNS
DNS Addresses Failed <--dependent on DNS
SNMPv1 Failed: No community name given for SNMPv1 communication <--this needs to be set separately if using SNMPv1
SNMP Community
SNMPv3 Passed (132 ms) <-this should pass
SNMPv3 Auth Protocol MDS
SNMPv3 Privacy Enabled No
SNMPv3 Username md5
SNMPsysName br3040c
SNMP sysObjectID .1.3.6.1.4.1.789.2.5 (Cluster)
ICMP Echo Passed (0 ms)
HTTP Passed (0 ms)
NDMP (login not set) Skipped
RSH timed out
SSH Passed (9702 ms)
RLM Skipped (hostRLMAddress is empty) XML (http port 80) Passed (28 ms)
追加信息
其他信息文本