HOW TO ENABLE SNMP ON VMWARE ESXI HOST & CONFIGURE ESXI FIREWALL TO ALLOW OR BLOCK ACCESS TO THE SNMP SERVICE

In this article we will show you how to enable SNMP on your VMware ESXi hostconfigure SNMP Community string and configure your ESXi firewall to allow or block access to the SNMP service from specific host(s) or network(s).

Enabling SNMP service on a VMware ESXi host is considered mandatory in any production environment as it allows a Network Monitoring System (NMS) access and monitor the ESXi host(s) and obtain valuable information such as CPURAM and Storage usagevmnic (network) utilization and much more.

how to enable snmp on esxi host

Furthermore, an enterprise grade NMS system can connect to your VMware infrastructure and provide alertingperformance and statistical analysis reports to help better determine sizing requirements but also identify bottlenecks and other problems that might be impacting the virtualization environment.

Execution Time: 10 minutes

Related Articles:

ENABLE SSH ON ESXI

First step it to enable SSH on ESXi. This can be easily perform via the vSphere client, ESXi console or Web GUI. All these methods are covered in details in our article How to Enable SSH on VMware ESXi.

ENABLE AND CONFIGURE ESXI SNMP SERVICE

Once SSH has been enabled, ssh to your ESXi host and use the following commands to enable and configure the SNMP service:

esxcli system snmp set --communities COMMUNITY_STRING
esxcli system snmp set --enable true

Replace “COMMUNITY_STRING” with the SNMP string of your choice.

ENABLE SNMP ON ESXI FIREWALL

Next step is to add a firewall rule to allow inbound SNMP queries to the ESXi host. There are two scenarios here:

  • Allow traffic from everywhere
  • Allow traffic from specific hosts or networks

ALLOW SNMP TRAFFIC FROM EVERYWHERE

The below rules allow SNMP traffic from everywhere – all hosts and networks:

esxcli network firewall ruleset set --ruleset-id snmp --allowed-all true
esxcli network firewall ruleset set --ruleset-id snmp --enabled true

ALLOW SNMP TRAFFIC FROM SPECIFIC HOSTS OR NETWORKS

The below rules allow SNMP traffic from host 192.168.5.25 and network 192.168.1.0/24:

esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false
esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address 192.168.5.25
esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address 192.168.1.0/24
esxcli network firewall ruleset set --ruleset-id snmp --enabled true

BLOCK HOST OR NETWORK FROM ACCESSING SNMP SERVICE

To block a previously allowed host or network from accessing the SNMP service simply execute the following command(s):

esxcli network firewall ruleset allowedip remove --ruleset-id snmp --ip-address 192.168.5.25
esxcli network firewall ruleset allowedip remove --ruleset-id snmp --ip-address 192.168.1.0/24

RESTART SNMP SERVICE

Now that everything is configured, all we need to do is restart the SNMP service using the following command:

/etc/init.d/snmpd restart

SUMMARY

In this article we explained the importance and usage of the SNMP Service for VMware ESXi Hosts and vCenter. We explained how to enable the SNMP Service on an ESXi hostconfigure the SNMP community string (public/private) and provided examples on how to configure the ESXi Firewall to control SNMP access to the ESXi host.

Archives