Scripted configurations of SNMP v2

Today I went through the process of scripting the configuration of SNMP configurations for multiple OS/devices. The reason for this is that there has never been a formality or standardisation of this and sometimes we tend to forget this and or that. So, in case you would also like to script it, here is what we use.

The defaults:

sysLocation:
For this, you could either use “3rd floor, of some office” or, if you are a global company, with  monitoring system that makes use of the GoogleMaps API (e.g. Observium) and would like to show various location globally – use a google API name – e.g. London, UK or Cape Town, South Africa etc.

sysContact:
This could be a name or an email address or telephone number

Community:
Something that is configured on your server and on your device/workstation/server that allows communications. There is also a permission set that will get applied to this.

target:
This is the place you are sending information to

port:
This is by default, 161/UDP, unless you change it.

Setting SNMP for ESXi Hosts:

Single Host (Locally on the host):

Log in to the esxi host you want to configure and run the following:

Tested on esxi 5.1, 5.5 and 6.0

esxcli system snmp set -c community -C "syscontact" -L "syslocation" -t "target@161/community"
/etc/init.d/snmpd restart

Single Host (powerCLI):

Login via vSphere PowerCLI and run the below

#Set SNMP variables
$community = "community"
$syslocation = "syslocation"
$syscontact = "syscontact" 
$systarget = "target_ip_or_fqdn@161/community"
$root_password = "root password"
$esxHost = "ip_or_fqdn_of_esxi_host"
 
#Begin Script
Connect-VIServer $esxHost -User root -Password $root_password
 $esxcli = Get-EsxCli -VMhost $esxHost
 $esxcli.system.snmp.set($null,$community,"true",$null,$null,$null,$null,$null,$null,$null,$null,$null,$syscontact,$syslocation,$systarget)
 $esxcli.system.snmp.get()
 $snmpd = Get-VMHostService -Vmhost $esxHost | where {$_.Key -eq "snmpd"}
 Restart-VMHostService $snmpd -confirm:$false
Disconnect-VIServer $esxHost -Confirm:$false

Multiple Hosts (powerCLI):

Login via vSphere PowerCLI and run the below. Be sure to change “hostname1.example.com”,”hostname2.example.com” to your own host names. As this is an array, the format is: “”,””,”” until you have added all your hostnames.

#Set SNMP variables
$community = "community"
$syslocation = "syslocation"
$syscontact = "syscontact" 
$systarget = "target_ip_or_fqdn@161/community"
$root_password = "root password"
 
#Servers to configure
$esxHosts = "hostname.example.com","hostname2.example.com" #"keep","adding","more","to","the","array"
 
#Begin Script - Log on to each host and configure
Foreach ($esxHost in $esxHosts) {
 Connect-VIServer $esxHost -user root -password $root_password
 $esxcli = Get-EsxCli -VMhost $esxhost
 $esxcli.system.snmp.set($null,$community,"true",$null,$null,$null,$null,$null,$null,$null,$null,$null,$syscontact,$syslocation,$systarget)
 $esxcli.system.snmp.get()
 $snmpd = Get-VMHostService -Vmhost $esxHost | where {$_.Key -eq "snmpd"}
 Restart-VMHostService $snmpd -confirm:$false
} 
Disconnect-VIServer * -Confirm:$false

Windows Devices:

Tested on Server 2008, 2008R2, 2012, 2012R2. You also need to make sure you have installed the SNMP service via the server manager.

#Set SNMP variables
$community = "community"
$syslocation = "syslocation"
$syscontact = "syscontact" 
$systarget = "target_ip_or_fqdn@161/community"
$sysServices = "79" #enables Physical Service, Applications Service, Datalink and subnetwork Service, Internet Service, End to End Service

#Choose from the following permissions for the community. Be sure to change the corresponding $variable on the last line of this script. 
$readonly = "4"
#$none = "1"
#$notify = "2"
#$readwrite = "8"
#$readcreate = "16"

#Begin Script
#If you would like to remove all previous communities, uncomment the next line, otherwise, the line following that will simply add to the list of communities. 
#reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities" /v $community /t REG_DWORD /d $readonly /f 
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent" /v sysLocation /t REG_SZ /d $sysLocation /f 
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent" /v sysContact /t REG_SZ /d $sysContact /f 
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers" /v 1 /t REG_SZ /d $target /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent" /v sysServices /t REG_DWORD /d $sysServices /f 
net stop snmp
net start snmp

Cisco Devices

Cisco 3750 / 3850

snmp-server community community RO SNMP
snmp-server trap-source VlanID
snmp-server contact syscontact
snmp-server location syslocation
ip access-list standard SNMP
 permit IP_ADDRESS
 deny   any log

Cisco Nexus

snmp-server community community use-acl
snmp-server source-interface VlanID
snmp-server contact syscontact
snmp-server location syslocation
ip access-list standard SNMP
 permit IP_ADDRESS
 deny   any log

Cisco ASA

The second community listed in line 4 is the actual community string.

snmp-server community 0 community
snmp-server contact syscontact
snmp-server location syslocation
snmp-server host inside IP_ADDRESS community community version 2c
snmp-server enable traps snmp authentication linkup linkdown coldstart

Leave a Reply

Your email address will not be published.

*
*