Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Gathering Information Using SNMP v3 from iDRAC7 1.30.30

Gathering Information from iDRAC7
1.30.30 Using SNMPv3
This Dell technical paper explains how to configure the SNMPv3
feature, and illustrates how to access iDRAC7 SNMP tables using
Windows CLI and a MIB browser.
Chris Langenfeld
Senior Software Engineer
Mark Bowling
Test Engineer
Enterprise Solutions Group
Contents
Introduction ........................................................................................................................................................... 3
Implementation ..................................................................................................................................................... 4
Objective of this document................................................................................................................................. 5
Hardware and software requirements ............................................................................................................... 5
SNMPv3 Authentication and Privacy type settings .......................................................................................... 5
Authentication types ......................................................................................................................................... 5
Privacy types ...................................................................................................................................................... 5
Supported and non-supported selections ................................................................................................... 6
Configuring the SNMP Agent for SNMPv3 in iDRAC7 .....................................................................................7
Access SNMP Agent .......................................................................................................................................... 8
Set iDRAC7 to SNMPv3..................................................................................................................................... 9
Configuring iDRAC7 users as SNMPv3 USM users ........................................................................................ 10
Create or modify an account ......................................................................................................................... 11
Enable the account ..........................................................................................................................................12
Enable SNMPv3 for iDRAC user .....................................................................................................................13
Select iDRAC user's privileges ....................................................................................................................... 14
Review user changes .......................................................................................................................................15
A Note on testing SNMPv3 ................................................................................................................................ 16
Windows CLI method of walking/getting iDRAC7 SNMP tables ................................................................ 16
SNMPWalk –h .................................................................................................................................................. 16
Testing SNMPv3 support in iDRAC7 using a MIB browser ........................................................................... 19
Configuring SNMPv3 users in the ManageEngine MIbBroswer tool ...................................................... 19
Executing SNMPv3-based query operations (GETs, GETNEXTs, SNMPWALKs) against iDRAC7 .......... 22
Summary ................................................................................................................................................................... 24
Appendix A: Using Racadm to configure SNMPv3 ........................................................................................ 25
SNMPv3 support .............................................................................................................................................. 25
Tables
Table 1.
2
SNMP Authentication/Privacy matrix ............................................................................................... 6
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Figures
Figure 1.
iDRAC7 login screen ............................................................................................................................7
Figure 2.
SNMP Agenct in iDRAC7 .................................................................................................................... 8
Figure 3.
SNMP Agent defaults .......................................................................................................................... 9
Figure 4.
Set iDRAC7 to SNMPv3 only .............................................................................................................. 9
Figure 5.
User Authentication .......................................................................................................................... 10
Figure 6.
User Configuration ............................................................................................................................. 11
Figure 7.
Enable User ..........................................................................................................................................12
Figure 8.
Authentication type and Privacy type .............................................................................................13
Figure 9.
iDRAC User Privileges ....................................................................................................................... 14
Figure 10.
Reviewing changes ............................................................................................................................15
Figure 11.
SnmpParameterPanel ....................................................................................................................... 20
Figure 12.
MibBrowser Settings ......................................................................................................................... 20
Figure 13.
Loading an iDRAC MIB file ............................................................................................................... 22
Figure 14.
GET operation in iDRAC-MIB .......................................................................................................... 23
Figure 15.
SNMPWALK operation in iDRAC-MIB ............................................................................................ 24
This document is for informational purposes only and may contain typographical errors and technical
inaccuracies. The content is provided as is, without express or implied warranties of any kind.
© 2012 Dell Inc. All rights reserved. Dell and its affiliates cannot be responsible for errors or omissions in
typography or photography. Dell, the Dell logo, and PowerEdge are trademarks of Dell Inc. Microsoft, Windows,
and Internet Explorer are either trademarks or registered trademarks of Microsoft Corporation in the United States
and/or other countries. Other trademarks and trade names may be used in this document to refer to either the
entities claiming the marks and names or their products. Dell disclaims proprietary interest in the marks and
names of others.
December 2012 | Version 1.0
3
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Introduction
The release of iDRAC7 1.30.30 has added SNMPv3 query support; specifically, SNMPv3 User Security
Model (USM). This newly added support allows for a more secure collection of information without an
agent or an OS being installed. This document focuses on the configuration and usage of the SNMPv3
as it relates to enhanced security.
The previous release of iDRAC7, and previous versions of iDRAC6, had only SNMPv1/v2 support.
SNMPv1/v2 provided minimal security through the use of the community name string. The industry
standard of SNMPv3 provides much more security, including user authentication and privacy
encryption. When using SNMPv3, the community name is no longer used nor required.
The new SNMPv3 USM query support in release 1.30.30 of iDRAC7 uses SHA/MD5 methods for
authentication types and DES/AES privacy encryptions types.
Implementation
In iDRAC7, the SNMPv3 configuration logically has two levels. First, at a high level, the SNMP Agent
option in iDRAC7 must be enabled for any SNMP query support at all, be it SNMPv1, SNMPv2, and/or
SNMPv3, and configured to have SNMPv3 support enabled.
The high-level SNMP Agent is configured in the SNMP Agent section of the Network > Services page
(see Figure 2) of the iDRAC7 web interface. The SNMP Agent is enabled by default, and the SNMPv3
protocol is always active with respect to the two SNMP Protocol choices (All SNMP v1/v2/v3 and
SNMP v3). Since it is included in both choices, you do not have to actively set or change any settings if
you want to test or use SNMPv3.
The second level is that one or more SNMPv3 USM users must be enabled and configured for SNMPv3
usage.
As part of the design of adding support for SNMPv3 in iDRAC7, iDRAC7 local users now have the
option to be SNMPv3 USM users. If you create or modify an iDRAC user through the User
Authentication pages in the iDRAC7 web interface, you will see that there is now a new SNMP v3
section on the User Configuration page under the existing IPMI User Privileges section (see Figure 7).
Each user is configured independently for SNMPv3. A user is not enabled as an SNMPv3 USM user
since the SNMP Enable v3 check box is unchecked by default. To enable a user, check the SNMP
Enable v3 check box.
Note: SNMPv3 USM (User-based Secruity Model, RFC# 2574) requires that a passphrase (password) be
associated with both the Authentication type and Privacy type, if either or both types are not None. In
theory, the passphrase for each type can be different. However, as far as iDRAC7 support of SNMPv3
goes, we internally use the iDRAC user’s password as the passphrase for both types, and do not give
the iDRAC user configuring an iDRAC user for v3 the option to explicitly specify passphrases for the
types. The end result is that when you later configure passphrases in the SNMP client tool, you will
enter the user’s iDRAC user password for any passphrases.
4
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Objective of this document
This document explains how to configure the SNMPv3 feature enabled in iDRAC7 including the
following:

Test environment used

Configuring the iDRAC7 SNMP agent to v3 only

Configuring an iDRAC7 user for SNMPv3

Windows CLI of gathering information

Demonstration of a MIB browser
Hardware and software requirements
Note: Some of the tools used for this paper are not Dell Proprietary tools. The tools are used to
illustrate the ability to gather information from the iDRAC7 SNMP tables.

Dell™ PowerEdge™ R720/R720xd server with iDRAC7 firmware revision 1.30.30 and an Express or
Enterprise license.

Dell network switch allowing connectivity between the host system and the management station
using IPv4/IPv6.

Management station with a web browser for access to the iDRAC7 web interface and tools to
®
®
®
browse the MIB. Environment used was Microsoft Windows 7 with Mozilla Firefox and Internet
®
Explorer 9.0. Tools used to browse the MIB using SNMP queries include:
—
ManageEngine MibBrowser 5 from http://www.manageengine.com/products/mibbrowserfree-tool/index.html
—
A Windows CLI SNMP tool that supports get/walk: SNMPGet and SNMPWalk tools from
http://www.snmpsoft.com/freetools/index.html
Note: The software tools were not developed or owned by Dell, and Dell makes no claims. The tools
are available from the website of their respective owners. The tools used were “as is” from the web; no
changes, modifications, or altering of the tools was done. Dell does not provide support for these
tools. These tools were used “as is” to illustrate usage of the SNMPv3 requests from the iDRAC7 with
1.30.30 firmware.
SNMPv3 Authentication and Privacy type settings
Authentication types
There are three options available: None, MD5, and SHA. Default value for authentication is SHA. Since
iDRAC7 uses SHA-1, in iDRAC7, “SHA” refers to “SHA-1”.
Privacy types
There are three options available: None, AES, DES. Default value for encryption is AES. Since iDRAC7
uses AES-128, in iDRAC7, “AES” refers to “AES-128”.
5
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Supported and non-supported selections
Note: AES and DES encryption cannot be selected if the authentication method is set to None.
There is a special restriction related to an Authentication type of None; if Authentication type is None,
then the Privacy type must also be None. Also note that the reverse is not a restriction, in that if Privacy
type is None, Authentication type can either be a value other than None or the value None.
Table 1 lists the supported and non-supported selections for authentication and privacy.
Table 1.
SNMP Authentication/Privacy matrix
Authentication
Privacy
Support
None
None
Supported
None
AES
Not supported
None
DES
Not supported
MD5
None
Supported
MD5
AES
Supported
MD5
DES
Supported
SHA
None
Supported
SHA
1
AES
1
Supported
SHA
DES
Supported
1
6
Default settings
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Configuring the SNMP Agent for SNMPv3 in iDRAC7
This feature requires an Express or Enterprise license. The login screen for iDRAC7 displays if iDRAC7
has an Express or Enterprise license as illustrated in Figure 1.
Figure 1.
7
iDRAC7 login screen
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Access SNMP Agent
After logging into the iDRAC7 web interface, select Network on the left-hand side.
Across the top menu, select Services, and then click SNMP Agent on the Jump to menu.
Figure 2.
8
SNMP Agent in iDRAC7
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
The default values for the SNMP Agent are:

Enabled

SNMP Community Name set to public

SNMP Protocol set to All (SNMP v1/v2/v3)
Figure 3.
SNMP Agent defaults
Set iDRAC7 to SNMPv3
To set the iDRAC7 SNMP Agent to only allow for only SNMP v3 communication and no longer
communicate using v1/v2, set SNMP Protocol to SNMP v3 only, select the SNMP v3 option.
Click Apply to accept the changes.
Figure 4.
9
Set iDRAC7 to SNMPv3 only
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Configuring iDRAC7 users as SNMPv3 USM users
After logging into iDRAC7, select User Authentication on the left-hand side as shown in Figure 5. .
Figure 5.
10
User Authentication
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Create or modify an account
Click the corresponding number of the User ID to create or modify the account. In Figure 6, User ID 3
is being used to create an account.
Click Next.
Figure 6.
11
User Configuration
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Enable the account
To enable an account, enter the user name and password for the desired user.
Reminder: In iDRAC7, the user account password is used as the passphrase for both the SNMPv3
Authentication type and the SNMPv3 Privacy type, when applicable (such as whenever either type is
set to a value other than None).
Figure 7.
12
Enable User
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Enable SNMPv3 for iDRAC user
Select the desired Authentication type and Privacy type. In Figure 8, MD5 was selected for the
Authentication type, and AES was selected for the Privacy type.
Figure 8.
13
Authentication type and Privacy type
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Select iDRAC user's privileges
Select the iDRAC user's privileges for the newly created or modified SNMP v3 iDRAC user. See the
sample selections in Figure 9.
Click Apply to accept the changes.
Figure 9.
14
iDRAC User Privileges
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Review user changes
In order to see the changes, navigate to any other selection on the left-hand side, and then select
User Authentication. The newly created or modified user will appear on the page, and the entry in the
SNMP v3 column will show as Enabled. See Figure 10.
Figure 10.
15
Reviewing changes
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
A Note on testing SNMPv3
The key to testing is that whatever authentication and privacy types are set and applied in iDRAC7 for a
user, should also be configured in the SNMP client tool used to do SNMPv3-based queries against the
iDRAC7.
Reminder: When testing in the SNMP client tool, the iDRAC SNMPv3 enabled user password is used
for any passphrases.
Windows CLI method of walking/getting iDRAC7 SNMP tables
As mentioned earlier, the Windows CLI tool used is a free downloadable tool from SNMPSoft, and can
be downloaded at http://www.snmpsoft.com/freetools/index.html. Dell makes no claims of ownership
or endorsements regarding this the tool, but we have found it useful for the purposes of this test and
demonstration.
This tool does not require a MIB file be loaded in order to collect data. The System Battery Table
1.3.6.1.4.1.674.10892.5.4.600.50 is being used for demonstration purposes.
Once the SNMPWalk.zip and SNMPGet.zip files are downloaded, extract them to a desired location.
Open a command prompt and go to the directory where the tools have been extracted. The
commands are straight forward. To obtain a list of the help for each tool, run SNMPWalk.exe /? or
SNMPGet.exe /?.
SNMPWalk –h
The command to display the arguments is SNMPWalk –h. The arguments highlighted below were
those used for the SNMPv3 testing:
c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -h
SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company
[ More useful network tools on http://www.snmpsoft.com ]
Description
Lists existing SNMP variables on any network device that supports SNMP. SNMP is widely used for
administration and monitoring purposes.
Usage
SnmpWalk.exe -r:host [-p:port] [-t:timeout] [-v:version] [-c:community]
[-sn:sec_name] [-ap:auth_proto] [-aw:auth_passwd]
[-pp:priv_proto] [-pw:priv_passwd]
[-os:start_oid] [-op:stop_oid] [-csv]
-r:host
Name or network address (IPv4/IPv6) of remote host.
-p:port
SNMP port number on remote host. Default: 161
-t:timeout
SNMP timeout in seconds (1-600). Default: 5
-v:version
SNMP version. Supported version: 1, 2c or 3. Default: 1
-c:community SNMP community string for SNMP v1/v2c. Default: public
-sn:sec_name SNMP security name for SNMPv3.
16
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
-ap:auth_proto Authentication protocol. Supported: MD5, SHA (SNMPv3).
-aw:auth_passwd Authentication password (SNMPv3).
-pp:priv_proto Privacy protocol. Supported: DES, IDEA, AES128, AES192, AES256, 3DES (SNMPv3).
-pw:priv_passwd Privacy password (SNMPv3).
-os:start_oid Object ID (OID) of first SNMP variable to walk. Default:.1
-op:stop_oid Object ID (OID) of last SNMP variable to walk.
Default: walk to the very last variable.
Successful Walk using enabled SNMPv3 user account with correct credentials
The following command will succeed because a valid, enabled v3 account is specified with all the
proper credentials:
c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User –v:3 -ap:MD5
-aw:v3Test -pp:AES128 -pw:v3Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60
SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company
[ More useful network tools on http://www.snmpsoft.com ]
OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.1.1.1, Type=Integer, Value=1
OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.2.1.1, Type=Integer, Value=1
OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.3.1.1, Type=Integer, Value=0
OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.4.1.1, Type=Integer, Value=2
OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.5.1.1, Type=Integer, Value=3
OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.6.1.1, Type=Integer, Value=4
OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.7.1.1, Type=OctetString, Value=System Board CMOS Battery
Total: 7
Using enabled SNMPv3 account without credentials using SNMPv2
The following command will fail because no credentials are supplied and the wrong version of SNMP
is used:
c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User -v:2 -os:
1.3.6.1.4.1.674.10892.5.4.600.50 -op:1.3.6.1.4.1.674.10892.5.4.600.60
SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company
[ More useful network tools on http://www.snmpsoft.com ]
%Failed to get value of SNMP variable. Timeout.
Using admin non-enabeld SNMPv3 account with correct credentials from enabled SNMPv3
account
The following command will fail because the specified user/security name (“admintest1”) is not an
enabled v3 user:
c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:adminTest1 -v:3 -ap:MD5 aw:v3Test -pp:AES128 -pw:v3Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60
SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company
[ More useful network tools on http://www.snmpsoft.com ]
%Received a report pdu from remote host: Unknown SecurityName (SNMPv3)
17
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Enabled SNMPv3 user not using any SNMP version listed (default is 1)
The following command will fail because no SNMP version (“-v:<n>” parameter) is specified:
c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User -ap:MD5 aw:v3Test -pp:AES128 -pw:v3Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60
SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company
[ More useful network tools on http://www.snmpsoft.com ]
%Failed to get value of SNMP variable. Timeout.
Enabled SNMPv3 user using SNMPv1
The following command will fail because the specified SNMP version (“-v:1”) is v1, and v3 security
parameters are passed, rather than a community string:
c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User -v:1 -ap:MD5 aw:v3Test -pp:AES128 -pw:v3Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60
SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company
[ More useful network tools on http://www.snmpsoft.com ]
%Failed to get value of SNMP variable. Timeout.
Enabled SNMPv3 user using SNMPv2
The following command will fail because the specified SNMP version (“-v:2”) is v2, and v3 security
parameters are passed, rather than a community string:
c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User -v:2 -ap:MD5
-aw:v3Test -pp:AES128 -pw:v3Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60
SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company
[ More useful network tools on http://www.snmpsoft.com ]
%Failed to get value of SNMP variable. Timeout.
Enabled SNMPv3 user using incorrect passphrase
The following command will fail because authentication passphrase is not correct:
c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User -v:3 -ap:MD5 aw:Test -pp:AES128 -pw:v3Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60
SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company
[ More useful network tools on http://www.snmpsoft.com ]
%Received a report pdu from remote host: Authentication failure (SNMPv3)
Enabled SNMPv3 user using incorrect Authentication type
The following command fails because Authentication type does not match type selected for the
Enabled SNMPv3 user account:
c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User -v:3 -ap:SHA aw:v3Test -pp:AES128 -pw:Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60
18
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company
[ More useful network tools on http://www.snmpsoft.com ]
%Received a report pdu from remote host: Authentication failure (SNMPv3)
Testing SNMPv3 support in iDRAC7 using a MIB browser
This section shows how to configure and test SNMPv3 USM using a freeware SNMP client tool called
ManageEngine MibBrowser. For this section, the Authentication type used is SHA and the Privacy type
used is AES to illustrate the range of authentication types. The previous section demonstrated the use
of the MD5.
To download the ManageEngine MibBrowser 5 tool, go to:
http://www.manageengine.com/products/mibbrowser-free-tool/index.html
You can run ManageEngine MibBrowser 5 on Microsoft Windows 7 based laptops.
Configuring SNMPv3 users in the ManageEngine MibBroswer tool
Install and launch the web-based ManageEngine MibBrowser tool on a Windows system
To configure SNMPv3 users:
1.
Select Edit > Settings to navigate to the MibBrowser Settings window.
2. For SNMP Version, select v3 to activate the V3 Settings.
3. In the V3 Settings section, click Add to add a new user. This displays the SnmpParameterPanel
window.
4. In the SnmpParameterPanel window, configure a user so as to match the user configuration of
one of the iDRAC users you configured for SNMPv3 in the iDRAC web interface.
As an example, let’s assume you enabled the root user in iDRAC for SNMPv3, and left the Auth and
Priv types set to their defaults, SHA and AES. Note that you must have already enabled and
configured the iDRAC user you want to test with.
5.
In the SnmpParameterPanel window, enter the IP address for iDRAC7 in the Target Host field.
6. Enter the user name of the iDRAC user, in this case “root.”
Note: Dell recommends changing the username root and default password.
7.
Select Auth,Priv in the Security Level dropdown list.
8. Select SHA in the Auth Protocol dropdown list.
9. Select CFB-AES-128 in the Priv Protocol dropdown list.
10. Enter “calvin” in both the Auth Password and Priv Password fields. Again note that while the
SNMPv3 protocol technically supports separate passwords and passphrases for the Auth and Priv
types, for iDRAC7 they must be the same and must match the password of the iDRAC user.
19
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
At this point, your user configuration information should look like Figure 11.
Figure 11.
SnmpParameterPanel
11. To accept the settings, click Apply.
If the configuration of the SNMPv3 user successfully validates against a user in the iDRAC7, you should
not see an error window. You should see a new “root” user line in the MibBrowser Settings windows
as shown in Figure 12.
Figure 12.
20
MibBrowser Settings
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Note: If you configure a user in the SnmpParameterPanel window that does not completely match
the SNMPv3 configuration of an IDRAC7 user, you will get an error when you click Apply or OK.
The error popups provide specific information on what configuration property or properties do not
match.
After successfully configuring or creating the root user, click OK to exit the SnmpParameterPanel
window and return control to the MibBrowser Settings window.
Add additional users
You can now optionally add additional V3 users.
1.
Click Add. Note that when you now click Add, the SnmpParameterPanel panel that pops up will be
pre-populated with the information from the existing user that was currently selected in the
MibBrowser Settings window.
2. To configure another user, change the information to match the iDRAC user you want to match,
and then click Apply or OK.
Follow these steps to add as many additional users as you would like.
Also note that you can partially modify users later by selecting a given user in the MibBrowser Settings
window and clicking Modify. The tool does not allow you to change the target host, user name, and
security level info for a user. If you want to change this information later, delete the given user and
re-create (add again) the user from scratch.
Lastly, once you are back in the MibBrowser Settings window, and have finished adding all the SNMPv3
users you want to add for now, you do need to select one user line before exiting this window.
Whatever user you select before leaving the window will become the user that is actively used for all
subsequent v3-based queries you attempt in the tool. Only one user can be active at a time.
To do so, select a user line, such as the “root” user line, and click OK. Be sure to leave the v3 protocol
selected in the SNMP Version section at the top of the window before you click OK.
To later change the active user or active protocol, come back to this window and either select a
different user (to continue using the v3 protocol, but with a different v3 user) or select v1 or v2 to use a
different protocol (in which, in either the case of v1 or v2, the selected v3 user will simply be ignored
during SNMP query operations).
21
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Executing SNMPv3-based query operations (GETs, GETNEXTs,
SNMPWALKs) against iDRAC7
Before attempting any query operations against the iDRAC7, load a copy of the iDRAC7 MIB file into
the tool.
1.
From the main ManageEngine MibBrowser Free Tool window, select File > Load MIB. This opens
a load a MIB File folder navigation popup.
Note that by default, it shows the MIB files that are located in the tools default MIB folder, such as
C:\Program Files (x86)\ManageEngine\MibBrowser Free Tool\mibs.
If you have previously copied a version of the iDRAC7 MIB file to that folder, you should see a copy
of it in the navigation window. If you want to use that version, then select it and click Open.
If you have not previously uploaded a version of the iDRAC7 MIB, or want to use a different
version, you can navigate to some other copy of the MIB file using the icon choices to the left to
help navigate to your copy of the iDRAC7 MIB file.
2. Select your file, then click Open.
If successfully loaded, you should now see IDRAC-MIB listed in the Loaded MibModules list as shown
in Figure 13:
Figure 13.
Loading an iDRAC MIB file
You are now ready to traverse the OID tree of the iDRAC7 MIB and execute SNMPv3-protocol-based
SNMP query operations.
22
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
For a GET operation:
1.
Expand the IDRAC-MIB branch down to racInfoGroup, as shown in Figure 14.
2. Right-click on the racName attribute and select GET.
3. Repeat the same steps with racVersion. In the output window, you should see valid data retrieved
for these, like in Figure 14.
Figure 14.
GET operation in iDRAC-MIB
For a GETNEXT operation, right-click on the same attributes and select GETNEXT. The first time you
do so, the data for that attribute is returned. But if you then repeat GETNEXT, the data for the next
attribute in the tree will be returned, and the GUI will move the focus in the left tree window to the
next attribute in the tree.
For a SNMPWALK operation, right-click on the same group OID (displayed as a folder icon) and select
SNMPWALK.
The tool will try to “walk” all the subgroups and attributes under the group and return the data for each
attribute. You can also walk tables and groups that contain tables. Figure 15 shows end of the results
of an SNMPWALK informationGroup.
23
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Figure 15.
SNMPWALK operation in iDRAC-MIB
Summary
In summary, the iDRAC7 1.30.30 release allows gathering of information in a more secure manner
than previous releases with the addition of support for the SNMPv3 protocol. The ability to gather
information without an agent or an OS installed directly from the iDRAC7 embedded SNMP Agent
allows for safer collection of information and puts more control in the hands of IT administrators.
24
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Appendix A: Using Racadm to configure SNMPv3
SNMPv3 support
iDRAC user can create/edit a user’s configuration and set the following attributes:

Enable/Disable SNMPv3

Choose Authentication type (None or MD5 or SHA-1)

Choose Privacy type (None or AES or DES)



Group: iDRAC.Users
Privilege: ‘Login’ and ‘Config User’ Privilege to Enable / Disable & Modify SNMP Attributes.
‘Login’ to view SNMP Attributes.
Command Syntax:
racadm get / set iDRAC.Users.<index>.SNMPv3Enable <value>
Legal Values: 0=Disable (default), 1=Enable
racadm get / set iDRAC.Users.<index>.SNMPv3AuthenticationType <value>
Legal Values: 0=None, 1=MD5, 2=SHA-1
Default: 2
Note : Unless user password is less than 8 characters, in which only choice is “None”
racadm get / set iDRAC.Users.<index>.SNMPv3PrivacyType <value>
Legal Values: 0=None, 1=AES, 2=DES
Default: 1
Note : Unless user password is less than 8 characters, in which only choice is “None”
iDRAC.SNMP.SNMPProtocol
0 - > SNMPv1/v2c/v3 (Default)
1 -> SNMPv3
Learn more
Visit Dell.com/PowerEdge for more information on Dell’s enterprise-class servers.
25
Gathering Information from iDRAC7 1.30.30 Using SNMPv3
Related documents
Theoretical and experimental investigations of SnO2 thin film for gas
Theoretical and experimental investigations of SnO2 thin film for gas
Security Services in SNMPv3
Security Services in SNMPv3
Module 6 - IT, Sligo
Module 6 - IT, Sligo
Introduction to SNMP
Introduction to SNMP
SNMP Configuration Manager
SNMP Configuration Manager
Download