SNMPv3 usage and configuration? - Dell OpenManage Essentials - Systems Management - Dell Community
Systems Management Forums

SNMPv3 usage and configuration?

Systems Management

Systems Management
Dell Systems Management Solutions: Dell OpenManage, iDRAC, Repository Manager, Microsoft SCCM, Chassis Managment Controller, and more

SNMPv3 usage and configuration?

This question has suggested answer(s)

Hi,

My first question here so please be patient with me ;-)

OME version 2.3 is installed.

I have read the SNMPv3 document you wrote in june2017 but it still leaves som questions open or not 100% answered.


I would like to use SNMPv3 for alerts from iDrac8 and 9 to OME and WSMAN for inventory and deployment.  Is that possible or do I need to switch to SNMPv3 for everything? Also the only way to see the SNMP configuration page in OME during discoverconfiguration is to choose SERVER + OMSA. iDRAC only doesn't work. Is the OS on the server in some way used for SNMPv3 discovering and inventory?

Do I really need to wireshark my approx 200 iDrac8:s for the equipment-ID just for alerts?  Is  the equipment-ID issue not possible to solve with a firmwareupdate of the iDrac8?

Regards Peter

All Replies
  • Hi Peter,

    You need SNMP to send alerts to OME and need WSM-MAN to do the inventory. With WS-MAN as inventory you will have the ability to do Out-of-Band updates directly to the iDRAC Lifecycle controller. That is also why you only see WS-MAN in the guided discovery wizard.
    Hope it makes sense what I'm trying to convey.

    I can't place the question about Wireshark, what exactly do you mean by that?

  • Hi,

    Thanks for your reply

    If you use SNMPv1 or v2 it works as you write. I have it working.  But if you try to use SNMPv3 it seem to be different.

    Read the whitepaper below on OME 2.3 and SNMPv3 and how to configure SNMPv3 and you might understand my questions or maybe I totally misunderstand the document.

    en.community.dell.com/techcenter/extras/m/white_papers/20444195/download

    Regards Peter

  • I hadn't seen that whitepaper yet.

    Yes than you are correct that you need to capture the Engine ID's with something like Wireshark. This is the first implementation in OME for SNMP v3 and it seems it is still quite rudimentary.

    To be honest I think you will also lose the ability to do Out-of-Band updates if you're not using WS-MAN to the iDRAC's so I would only use SNMP v3 to recieve traps or depending on your security policies just do SNMP v1/v2

  • Hi Peter,

    Thanks for the post.

    1. For iDRAC preferred way of discovery is still WSMan only. So choose iDRAC while discovering. (No need to discover with SNMPv3)

    For enabling SNMPv3 traps reception for this idrac, all you have to do is ensuring right set of credentials in Alerts-> SNMPv3 configuration page.

    For iDRAC9 :

    - WSMan discovery already retrieved correct engine id. So no need to update engine id

    - Enter user name & Authentication credentials

    - Save

    For iDRAC 8:

    - You need to capture the engine id using wireshark & update the engine id

    - iDRAC team is aware of this issue and working on the fix. Might take some time.

    - Enter user name & Authentication credentials

    - Save

    2. Where is encryption credentials in iDRAC ?

    - iDRAC uses same password for Authentication as well as Encryption.

    - Encryption protocol is user specific. So you can see the details under the iDRAC->Users. (Under SNMPv3 section)

    Let us know if it helps.

    Thanks,

    Arun
    Social Media Support
    #IWork4Dell

  • Thanks,  that information made it alot clearer and I finally got it to work. ow I need to script as much as possible so I don't need to spend about 15-30 minutes on every iDRAC we have today. About 200.

    I have some additional questions.

    Can the username/pass that is used for authentication/encryption between the iDrac and OME be a domain account if the iDrac is AD-connected?

    I can't use idrac computername when adding a device to the authorized SNMPv3 devices in OME. I can read that it say ip-address but fqdn name should be preferable. Is that possible or in the todolist for future versions?

    Regards Peter