When enabling SNMP on ESX the majority of the configuration can be done from the CLI. The configuration is stored in snmp.xml.
cat /etc/vmware/snmp.xmlView the current configuration esxcli system snmp getSee the current config
1. By default the service is stopped, can start in GUI or CLI.
/etc/init.d/snmpd start
2. Set the parameters.
esxcli system snmp set --communitiesmy_community esxcli system snmp set --enable trueesxcli system snmp set -tx.x.x.x@162/my_community
3. Allow through the firewall if is enabled.
esxcli network firewall ruleset set --ruleset-id snmp --allowed-all trueesxcli network firewall ruleset set --ruleset-id snmp --enabled true
Alternatively you can change the fw rule to only allow a specific subnet or host for SNMP.
esxcli network firewall ruleset set --ruleset-id snmp --allowed-all falseesxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-addressip/mask esxcli network firewall ruleset set --ruleset-id snmp --enabled true
4. Restart the service for the changes to take effect. Once you do this it will disable snmp so need to enable again.
/etc/init.d/snmpd restartesxcli system snmp set --enable true
Test the config and run tcpdump on the ESX host to see the packets.
esxcli system snmp testesxcli network ip connectionSee a list of interfaces tcpdump-uw -ivmk0 port 161
Run snmpwalk and tcpdump on the SNMP server.
snmpwalk -cmy_community -v 2cesx_host_ip tcpdump -i any port 161