Gathering Information from iDRAC7 1.30.30 Using SNMPv3 This Dell technical paper explains how to configure the SNMPv3 feature, and illustrates how to access iDRAC7 SNMP tables using Windows CLI and a MIB browser. Chris Langenfeld Senior Software Engineer Mark Bowling Test Engineer Enterprise Solutions Group Contents Introduction ........................................................................................................................................................... 3 Implementation ..................................................................................................................................................... 4 Objective of this document................................................................................................................................. 5 Hardware and software requirements ............................................................................................................... 5 SNMPv3 Authentication and Privacy type settings .......................................................................................... 5 Authentication types ......................................................................................................................................... 5 Privacy types ...................................................................................................................................................... 5 Supported and non-supported selections ................................................................................................... 6 Configuring the SNMP Agent for SNMPv3 in iDRAC7 .....................................................................................7 Access SNMP Agent .......................................................................................................................................... 8 Set iDRAC7 to SNMPv3..................................................................................................................................... 9 Configuring iDRAC7 users as SNMPv3 USM users ........................................................................................ 10 Create or modify an account ......................................................................................................................... 11 Enable the account ..........................................................................................................................................12 Enable SNMPv3 for iDRAC user .....................................................................................................................13 Select iDRAC user's privileges ....................................................................................................................... 14 Review user changes .......................................................................................................................................15 A Note on testing SNMPv3 ................................................................................................................................ 16 Windows CLI method of walking/getting iDRAC7 SNMP tables ................................................................ 16 SNMPWalk –h .................................................................................................................................................. 16 Testing SNMPv3 support in iDRAC7 using a MIB browser ........................................................................... 19 Configuring SNMPv3 users in the ManageEngine MIbBroswer tool ...................................................... 19 Executing SNMPv3-based query operations (GETs, GETNEXTs, SNMPWALKs) against iDRAC7 .......... 22 Summary ................................................................................................................................................................... 24 Appendix A: Using Racadm to configure SNMPv3 ........................................................................................ 25 SNMPv3 support .............................................................................................................................................. 25 Tables Table 1. 2 SNMP Authentication/Privacy matrix ............................................................................................... 6 Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Figures Figure 1. iDRAC7 login screen ............................................................................................................................7 Figure 2. SNMP Agenct in iDRAC7 .................................................................................................................... 8 Figure 3. SNMP Agent defaults .......................................................................................................................... 9 Figure 4. Set iDRAC7 to SNMPv3 only .............................................................................................................. 9 Figure 5. User Authentication .......................................................................................................................... 10 Figure 6. User Configuration ............................................................................................................................. 11 Figure 7. Enable User ..........................................................................................................................................12 Figure 8. Authentication type and Privacy type .............................................................................................13 Figure 9. iDRAC User Privileges ....................................................................................................................... 14 Figure 10. Reviewing changes ............................................................................................................................15 Figure 11. SnmpParameterPanel ....................................................................................................................... 20 Figure 12. MibBrowser Settings ......................................................................................................................... 20 Figure 13. Loading an iDRAC MIB file ............................................................................................................... 22 Figure 14. GET operation in iDRAC-MIB .......................................................................................................... 23 Figure 15. SNMPWALK operation in iDRAC-MIB ............................................................................................ 24 This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The content is provided as is, without express or implied warranties of any kind. © 2012 Dell Inc. All rights reserved. Dell and its affiliates cannot be responsible for errors or omissions in typography or photography. Dell, the Dell logo, and PowerEdge are trademarks of Dell Inc. Microsoft, Windows, and Internet Explorer are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims proprietary interest in the marks and names of others. December 2012 | Version 1.0 3 Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Introduction The release of iDRAC7 1.30.30 has added SNMPv3 query support; specifically, SNMPv3 User Security Model (USM). This newly added support allows for a more secure collection of information without an agent or an OS being installed. This document focuses on the configuration and usage of the SNMPv3 as it relates to enhanced security. The previous release of iDRAC7, and previous versions of iDRAC6, had only SNMPv1/v2 support. SNMPv1/v2 provided minimal security through the use of the community name string. The industry standard of SNMPv3 provides much more security, including user authentication and privacy encryption. When using SNMPv3, the community name is no longer used nor required. The new SNMPv3 USM query support in release 1.30.30 of iDRAC7 uses SHA/MD5 methods for authentication types and DES/AES privacy encryptions types. Implementation In iDRAC7, the SNMPv3 configuration logically has two levels. First, at a high level, the SNMP Agent option in iDRAC7 must be enabled for any SNMP query support at all, be it SNMPv1, SNMPv2, and/or SNMPv3, and configured to have SNMPv3 support enabled. The high-level SNMP Agent is configured in the SNMP Agent section of the Network > Services page (see Figure 2) of the iDRAC7 web interface. The SNMP Agent is enabled by default, and the SNMPv3 protocol is always active with respect to the two SNMP Protocol choices (All SNMP v1/v2/v3 and SNMP v3). Since it is included in both choices, you do not have to actively set or change any settings if you want to test or use SNMPv3. The second level is that one or more SNMPv3 USM users must be enabled and configured for SNMPv3 usage. As part of the design of adding support for SNMPv3 in iDRAC7, iDRAC7 local users now have the option to be SNMPv3 USM users. If you create or modify an iDRAC user through the User Authentication pages in the iDRAC7 web interface, you will see that there is now a new SNMP v3 section on the User Configuration page under the existing IPMI User Privileges section (see Figure 7). Each user is configured independently for SNMPv3. A user is not enabled as an SNMPv3 USM user since the SNMP Enable v3 check box is unchecked by default. To enable a user, check the SNMP Enable v3 check box. Note: SNMPv3 USM (User-based Secruity Model, RFC# 2574) requires that a passphrase (password) be associated with both the Authentication type and Privacy type, if either or both types are not None. In theory, the passphrase for each type can be different. However, as far as iDRAC7 support of SNMPv3 goes, we internally use the iDRAC user’s password as the passphrase for both types, and do not give the iDRAC user configuring an iDRAC user for v3 the option to explicitly specify passphrases for the types. The end result is that when you later configure passphrases in the SNMP client tool, you will enter the user’s iDRAC user password for any passphrases. 4 Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Objective of this document This document explains how to configure the SNMPv3 feature enabled in iDRAC7 including the following: Test environment used Configuring the iDRAC7 SNMP agent to v3 only Configuring an iDRAC7 user for SNMPv3 Windows CLI of gathering information Demonstration of a MIB browser Hardware and software requirements Note: Some of the tools used for this paper are not Dell Proprietary tools. The tools are used to illustrate the ability to gather information from the iDRAC7 SNMP tables. Dell™ PowerEdge™ R720/R720xd server with iDRAC7 firmware revision 1.30.30 and an Express or Enterprise license. Dell network switch allowing connectivity between the host system and the management station using IPv4/IPv6. Management station with a web browser for access to the iDRAC7 web interface and tools to ® ® ® browse the MIB. Environment used was Microsoft Windows 7 with Mozilla Firefox and Internet ® Explorer 9.0. Tools used to browse the MIB using SNMP queries include: — ManageEngine MibBrowser 5 from http://www.manageengine.com/products/mibbrowserfree-tool/index.html — A Windows CLI SNMP tool that supports get/walk: SNMPGet and SNMPWalk tools from http://www.snmpsoft.com/freetools/index.html Note: The software tools were not developed or owned by Dell, and Dell makes no claims. The tools are available from the website of their respective owners. The tools used were “as is” from the web; no changes, modifications, or altering of the tools was done. Dell does not provide support for these tools. These tools were used “as is” to illustrate usage of the SNMPv3 requests from the iDRAC7 with 1.30.30 firmware. SNMPv3 Authentication and Privacy type settings Authentication types There are three options available: None, MD5, and SHA. Default value for authentication is SHA. Since iDRAC7 uses SHA-1, in iDRAC7, “SHA” refers to “SHA-1”. Privacy types There are three options available: None, AES, DES. Default value for encryption is AES. Since iDRAC7 uses AES-128, in iDRAC7, “AES” refers to “AES-128”. 5 Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Supported and non-supported selections Note: AES and DES encryption cannot be selected if the authentication method is set to None. There is a special restriction related to an Authentication type of None; if Authentication type is None, then the Privacy type must also be None. Also note that the reverse is not a restriction, in that if Privacy type is None, Authentication type can either be a value other than None or the value None. Table 1 lists the supported and non-supported selections for authentication and privacy. Table 1. SNMP Authentication/Privacy matrix Authentication Privacy Support None None Supported None AES Not supported None DES Not supported MD5 None Supported MD5 AES Supported MD5 DES Supported SHA None Supported SHA 1 AES 1 Supported SHA DES Supported 1 6 Default settings Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Configuring the SNMP Agent for SNMPv3 in iDRAC7 This feature requires an Express or Enterprise license. The login screen for iDRAC7 displays if iDRAC7 has an Express or Enterprise license as illustrated in Figure 1. Figure 1. 7 iDRAC7 login screen Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Access SNMP Agent After logging into the iDRAC7 web interface, select Network on the left-hand side. Across the top menu, select Services, and then click SNMP Agent on the Jump to menu. Figure 2. 8 SNMP Agent in iDRAC7 Gathering Information from iDRAC7 1.30.30 Using SNMPv3 The default values for the SNMP Agent are: Enabled SNMP Community Name set to public SNMP Protocol set to All (SNMP v1/v2/v3) Figure 3. SNMP Agent defaults Set iDRAC7 to SNMPv3 To set the iDRAC7 SNMP Agent to only allow for only SNMP v3 communication and no longer communicate using v1/v2, set SNMP Protocol to SNMP v3 only, select the SNMP v3 option. Click Apply to accept the changes. Figure 4. 9 Set iDRAC7 to SNMPv3 only Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Configuring iDRAC7 users as SNMPv3 USM users After logging into iDRAC7, select User Authentication on the left-hand side as shown in Figure 5. . Figure 5. 10 User Authentication Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Create or modify an account Click the corresponding number of the User ID to create or modify the account. In Figure 6, User ID 3 is being used to create an account. Click Next. Figure 6. 11 User Configuration Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Enable the account To enable an account, enter the user name and password for the desired user. Reminder: In iDRAC7, the user account password is used as the passphrase for both the SNMPv3 Authentication type and the SNMPv3 Privacy type, when applicable (such as whenever either type is set to a value other than None). Figure 7. 12 Enable User Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Enable SNMPv3 for iDRAC user Select the desired Authentication type and Privacy type. In Figure 8, MD5 was selected for the Authentication type, and AES was selected for the Privacy type. Figure 8. 13 Authentication type and Privacy type Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Select iDRAC user's privileges Select the iDRAC user's privileges for the newly created or modified SNMP v3 iDRAC user. See the sample selections in Figure 9. Click Apply to accept the changes. Figure 9. 14 iDRAC User Privileges Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Review user changes In order to see the changes, navigate to any other selection on the left-hand side, and then select User Authentication. The newly created or modified user will appear on the page, and the entry in the SNMP v3 column will show as Enabled. See Figure 10. Figure 10. 15 Reviewing changes Gathering Information from iDRAC7 1.30.30 Using SNMPv3 A Note on testing SNMPv3 The key to testing is that whatever authentication and privacy types are set and applied in iDRAC7 for a user, should also be configured in the SNMP client tool used to do SNMPv3-based queries against the iDRAC7. Reminder: When testing in the SNMP client tool, the iDRAC SNMPv3 enabled user password is used for any passphrases. Windows CLI method of walking/getting iDRAC7 SNMP tables As mentioned earlier, the Windows CLI tool used is a free downloadable tool from SNMPSoft, and can be downloaded at http://www.snmpsoft.com/freetools/index.html. Dell makes no claims of ownership or endorsements regarding this the tool, but we have found it useful for the purposes of this test and demonstration. This tool does not require a MIB file be loaded in order to collect data. The System Battery Table 1.3.6.1.4.1.674.10892.5.4.600.50 is being used for demonstration purposes. Once the SNMPWalk.zip and SNMPGet.zip files are downloaded, extract them to a desired location. Open a command prompt and go to the directory where the tools have been extracted. The commands are straight forward. To obtain a list of the help for each tool, run SNMPWalk.exe /? or SNMPGet.exe /?. SNMPWalk –h The command to display the arguments is SNMPWalk –h. The arguments highlighted below were those used for the SNMPv3 testing: c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -h SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company [ More useful network tools on http://www.snmpsoft.com ] Description Lists existing SNMP variables on any network device that supports SNMP. SNMP is widely used for administration and monitoring purposes. Usage SnmpWalk.exe -r:host [-p:port] [-t:timeout] [-v:version] [-c:community] [-sn:sec_name] [-ap:auth_proto] [-aw:auth_passwd] [-pp:priv_proto] [-pw:priv_passwd] [-os:start_oid] [-op:stop_oid] [-csv] -r:host Name or network address (IPv4/IPv6) of remote host. -p:port SNMP port number on remote host. Default: 161 -t:timeout SNMP timeout in seconds (1-600). Default: 5 -v:version SNMP version. Supported version: 1, 2c or 3. Default: 1 -c:community SNMP community string for SNMP v1/v2c. Default: public -sn:sec_name SNMP security name for SNMPv3. 16 Gathering Information from iDRAC7 1.30.30 Using SNMPv3 -ap:auth_proto Authentication protocol. Supported: MD5, SHA (SNMPv3). -aw:auth_passwd Authentication password (SNMPv3). -pp:priv_proto Privacy protocol. Supported: DES, IDEA, AES128, AES192, AES256, 3DES (SNMPv3). -pw:priv_passwd Privacy password (SNMPv3). -os:start_oid Object ID (OID) of first SNMP variable to walk. Default:.1 -op:stop_oid Object ID (OID) of last SNMP variable to walk. Default: walk to the very last variable. Successful Walk using enabled SNMPv3 user account with correct credentials The following command will succeed because a valid, enabled v3 account is specified with all the proper credentials: c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User –v:3 -ap:MD5 -aw:v3Test -pp:AES128 -pw:v3Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60 SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company [ More useful network tools on http://www.snmpsoft.com ] OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.1.1.1, Type=Integer, Value=1 OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.2.1.1, Type=Integer, Value=1 OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.3.1.1, Type=Integer, Value=0 OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.4.1.1, Type=Integer, Value=2 OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.5.1.1, Type=Integer, Value=3 OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.6.1.1, Type=Integer, Value=4 OID=.1.3.6.1.4.1.674.10892.5.4.600.50.1.7.1.1, Type=OctetString, Value=System Board CMOS Battery Total: 7 Using enabled SNMPv3 account without credentials using SNMPv2 The following command will fail because no credentials are supplied and the wrong version of SNMP is used: c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User -v:2 -os: 1.3.6.1.4.1.674.10892.5.4.600.50 -op:1.3.6.1.4.1.674.10892.5.4.600.60 SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company [ More useful network tools on http://www.snmpsoft.com ] %Failed to get value of SNMP variable. Timeout. Using admin non-enabeld SNMPv3 account with correct credentials from enabled SNMPv3 account The following command will fail because the specified user/security name (“admintest1”) is not an enabled v3 user: c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:adminTest1 -v:3 -ap:MD5 aw:v3Test -pp:AES128 -pw:v3Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60 SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company [ More useful network tools on http://www.snmpsoft.com ] %Received a report pdu from remote host: Unknown SecurityName (SNMPv3) 17 Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Enabled SNMPv3 user not using any SNMP version listed (default is 1) The following command will fail because no SNMP version (“-v:<n>” parameter) is specified: c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User -ap:MD5 aw:v3Test -pp:AES128 -pw:v3Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60 SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company [ More useful network tools on http://www.snmpsoft.com ] %Failed to get value of SNMP variable. Timeout. Enabled SNMPv3 user using SNMPv1 The following command will fail because the specified SNMP version (“-v:1”) is v1, and v3 security parameters are passed, rather than a community string: c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User -v:1 -ap:MD5 aw:v3Test -pp:AES128 -pw:v3Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60 SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company [ More useful network tools on http://www.snmpsoft.com ] %Failed to get value of SNMP variable. Timeout. Enabled SNMPv3 user using SNMPv2 The following command will fail because the specified SNMP version (“-v:2”) is v2, and v3 security parameters are passed, rather than a community string: c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User -v:2 -ap:MD5 -aw:v3Test -pp:AES128 -pw:v3Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60 SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company [ More useful network tools on http://www.snmpsoft.com ] %Failed to get value of SNMP variable. Timeout. Enabled SNMPv3 user using incorrect passphrase The following command will fail because authentication passphrase is not correct: c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User -v:3 -ap:MD5 aw:Test -pp:AES128 -pw:v3Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60 SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company [ More useful network tools on http://www.snmpsoft.com ] %Received a report pdu from remote host: Authentication failure (SNMPv3) Enabled SNMPv3 user using incorrect Authentication type The following command fails because Authentication type does not match type selected for the Enabled SNMPv3 user account: c:\tools\SNMP_WINCLI_Tools\SnmpWalk>snmpwalk -r:172.26.7.51 -sn:SNMPv3User -v:3 -ap:SHA aw:v3Test -pp:AES128 -pw:Test -os:1.3.6.1.4.1.674.10892.5.4.600.50 op:1.3.6.1.4.1.674.10892.5.4.600.60 18 Gathering Information from iDRAC7 1.30.30 Using SNMPv3 SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company [ More useful network tools on http://www.snmpsoft.com ] %Received a report pdu from remote host: Authentication failure (SNMPv3) Testing SNMPv3 support in iDRAC7 using a MIB browser This section shows how to configure and test SNMPv3 USM using a freeware SNMP client tool called ManageEngine MibBrowser. For this section, the Authentication type used is SHA and the Privacy type used is AES to illustrate the range of authentication types. The previous section demonstrated the use of the MD5. To download the ManageEngine MibBrowser 5 tool, go to: http://www.manageengine.com/products/mibbrowser-free-tool/index.html You can run ManageEngine MibBrowser 5 on Microsoft Windows 7 based laptops. Configuring SNMPv3 users in the ManageEngine MibBroswer tool Install and launch the web-based ManageEngine MibBrowser tool on a Windows system To configure SNMPv3 users: 1. Select Edit > Settings to navigate to the MibBrowser Settings window. 2. For SNMP Version, select v3 to activate the V3 Settings. 3. In the V3 Settings section, click Add to add a new user. This displays the SnmpParameterPanel window. 4. In the SnmpParameterPanel window, configure a user so as to match the user configuration of one of the iDRAC users you configured for SNMPv3 in the iDRAC web interface. As an example, let’s assume you enabled the root user in iDRAC for SNMPv3, and left the Auth and Priv types set to their defaults, SHA and AES. Note that you must have already enabled and configured the iDRAC user you want to test with. 5. In the SnmpParameterPanel window, enter the IP address for iDRAC7 in the Target Host field. 6. Enter the user name of the iDRAC user, in this case “root.” Note: Dell recommends changing the username root and default password. 7. Select Auth,Priv in the Security Level dropdown list. 8. Select SHA in the Auth Protocol dropdown list. 9. Select CFB-AES-128 in the Priv Protocol dropdown list. 10. Enter “calvin” in both the Auth Password and Priv Password fields. Again note that while the SNMPv3 protocol technically supports separate passwords and passphrases for the Auth and Priv types, for iDRAC7 they must be the same and must match the password of the iDRAC user. 19 Gathering Information from iDRAC7 1.30.30 Using SNMPv3 At this point, your user configuration information should look like Figure 11. Figure 11. SnmpParameterPanel 11. To accept the settings, click Apply. If the configuration of the SNMPv3 user successfully validates against a user in the iDRAC7, you should not see an error window. You should see a new “root” user line in the MibBrowser Settings windows as shown in Figure 12. Figure 12. 20 MibBrowser Settings Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Note: If you configure a user in the SnmpParameterPanel window that does not completely match the SNMPv3 configuration of an IDRAC7 user, you will get an error when you click Apply or OK. The error popups provide specific information on what configuration property or properties do not match. After successfully configuring or creating the root user, click OK to exit the SnmpParameterPanel window and return control to the MibBrowser Settings window. Add additional users You can now optionally add additional V3 users. 1. Click Add. Note that when you now click Add, the SnmpParameterPanel panel that pops up will be pre-populated with the information from the existing user that was currently selected in the MibBrowser Settings window. 2. To configure another user, change the information to match the iDRAC user you want to match, and then click Apply or OK. Follow these steps to add as many additional users as you would like. Also note that you can partially modify users later by selecting a given user in the MibBrowser Settings window and clicking Modify. The tool does not allow you to change the target host, user name, and security level info for a user. If you want to change this information later, delete the given user and re-create (add again) the user from scratch. Lastly, once you are back in the MibBrowser Settings window, and have finished adding all the SNMPv3 users you want to add for now, you do need to select one user line before exiting this window. Whatever user you select before leaving the window will become the user that is actively used for all subsequent v3-based queries you attempt in the tool. Only one user can be active at a time. To do so, select a user line, such as the “root” user line, and click OK. Be sure to leave the v3 protocol selected in the SNMP Version section at the top of the window before you click OK. To later change the active user or active protocol, come back to this window and either select a different user (to continue using the v3 protocol, but with a different v3 user) or select v1 or v2 to use a different protocol (in which, in either the case of v1 or v2, the selected v3 user will simply be ignored during SNMP query operations). 21 Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Executing SNMPv3-based query operations (GETs, GETNEXTs, SNMPWALKs) against iDRAC7 Before attempting any query operations against the iDRAC7, load a copy of the iDRAC7 MIB file into the tool. 1. From the main ManageEngine MibBrowser Free Tool window, select File > Load MIB. This opens a load a MIB File folder navigation popup. Note that by default, it shows the MIB files that are located in the tools default MIB folder, such as C:\Program Files (x86)\ManageEngine\MibBrowser Free Tool\mibs. If you have previously copied a version of the iDRAC7 MIB file to that folder, you should see a copy of it in the navigation window. If you want to use that version, then select it and click Open. If you have not previously uploaded a version of the iDRAC7 MIB, or want to use a different version, you can navigate to some other copy of the MIB file using the icon choices to the left to help navigate to your copy of the iDRAC7 MIB file. 2. Select your file, then click Open. If successfully loaded, you should now see IDRAC-MIB listed in the Loaded MibModules list as shown in Figure 13: Figure 13. Loading an iDRAC MIB file You are now ready to traverse the OID tree of the iDRAC7 MIB and execute SNMPv3-protocol-based SNMP query operations. 22 Gathering Information from iDRAC7 1.30.30 Using SNMPv3 For a GET operation: 1. Expand the IDRAC-MIB branch down to racInfoGroup, as shown in Figure 14. 2. Right-click on the racName attribute and select GET. 3. Repeat the same steps with racVersion. In the output window, you should see valid data retrieved for these, like in Figure 14. Figure 14. GET operation in iDRAC-MIB For a GETNEXT operation, right-click on the same attributes and select GETNEXT. The first time you do so, the data for that attribute is returned. But if you then repeat GETNEXT, the data for the next attribute in the tree will be returned, and the GUI will move the focus in the left tree window to the next attribute in the tree. For a SNMPWALK operation, right-click on the same group OID (displayed as a folder icon) and select SNMPWALK. The tool will try to “walk” all the subgroups and attributes under the group and return the data for each attribute. You can also walk tables and groups that contain tables. Figure 15 shows end of the results of an SNMPWALK informationGroup. 23 Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Figure 15. SNMPWALK operation in iDRAC-MIB Summary In summary, the iDRAC7 1.30.30 release allows gathering of information in a more secure manner than previous releases with the addition of support for the SNMPv3 protocol. The ability to gather information without an agent or an OS installed directly from the iDRAC7 embedded SNMP Agent allows for safer collection of information and puts more control in the hands of IT administrators. 24 Gathering Information from iDRAC7 1.30.30 Using SNMPv3 Appendix A: Using Racadm to configure SNMPv3 SNMPv3 support iDRAC user can create/edit a user’s configuration and set the following attributes: Enable/Disable SNMPv3 Choose Authentication type (None or MD5 or SHA-1) Choose Privacy type (None or AES or DES) Group: iDRAC.Users Privilege: ‘Login’ and ‘Config User’ Privilege to Enable / Disable & Modify SNMP Attributes. ‘Login’ to view SNMP Attributes. Command Syntax: racadm get / set iDRAC.Users.<index>.SNMPv3Enable <value> Legal Values: 0=Disable (default), 1=Enable racadm get / set iDRAC.Users.<index>.SNMPv3AuthenticationType <value> Legal Values: 0=None, 1=MD5, 2=SHA-1 Default: 2 Note : Unless user password is less than 8 characters, in which only choice is “None” racadm get / set iDRAC.Users.<index>.SNMPv3PrivacyType <value> Legal Values: 0=None, 1=AES, 2=DES Default: 1 Note : Unless user password is less than 8 characters, in which only choice is “None” iDRAC.SNMP.SNMPProtocol 0 - > SNMPv1/v2c/v3 (Default) 1 -> SNMPv3 Learn more Visit Dell.com/PowerEdge for more information on Dell’s enterprise-class servers. 25 Gathering Information from iDRAC7 1.30.30 Using SNMPv3