In this short tutorial I will try to explain how to setup SNMPv3 to work with Dell iDRAC 9. In my case I’ll be configuring it on a Dell R740XD vSAN Ready Node.

First off, to configure it through iDRAC Web interface, log into the iDRAC 9 web interface using the IP address or RAC FQDN and login details that were specified while configuring iDRAC. Navigate to iDRAC Settings > Users > Local Users and in the Local Users section, select the user that you want to edit for SNMP v3 traps or create new one by clicking on +Add:

Fill in username, password and choose needed roles and privileges:

On the User Configuration tab, scroll down to the Advanced settings section and choose Enabled In the SNMP v3 field. Choose the required authentication and privacy type (I am using MD5 authentication type algorithm and the AES Privacy type algorithm) and click Save.

To configure SNMP traps navigate to Configuration > System settings > Alert Configuration > SNMP Traps Configuration and type in your values:

Select the State check box and enter the destination IP address of the SNMP receiver in the Destination Address field. In the SNMP v3 Users field, click the drop-down arrow and click the user account that is enabled for SNMP v3. In the Community String field, enter the SNMP community string value. In the SNMP Trap Format field, click the SNMP v3 as required value and click Apply. After the SNMP traps are configured, you can send a test SNMP trap to confirm the configuration by clicking the Send option in the Test SNMP Trap column.

To configure SNMP Alerts navigate to Configuration > System settings > Alert Configuration >  Alerts and enable alerts to enable alert generation or perform an event action:

In the Alert Configuration section, in the SNMP Trap column, select the required SNMP trap check boxes and click Apply to save the setting.

 

When configuring an SNMPv3 destination device the Engine ID from the source device may be required. To acquire the iDRAC EngineID you must open an SSH session into the iDRAC interface and query for the EngineID. To get iDRAC
EngineID login to the iDRAC using the user id associated with the SNMPv3 user account and type following command:
racadm get iDRAC.SNMP
or
racadm get iDRAC.SNMP.EngineID

 

Output should look like this:

With first command cases the EngineID along with other SNMP information is displayed, while second command shows only the EngineID. Now you can use the EngineID if required for the SNMPv3 destination device.

Once you have finished the iDRAC SNMPv3 configuration you can test it using the following commands on a Linux:

snmpwalk -v 3 -u snmpv3_idrac -l authPriv -a MD5 -A YourPassword -x AES -X YourPassword YourIpAddress

If you are missing the net-snmp package containing the snmpd service on your Linux you can simply install it with the following command:

sudo yum install net-snmp

To set the service to automatic start on boot, we use systemctl:

systemctl enable snmpd

Start the service:

systemctl start snmpd

And verify it’s running state:

systemctl status snmpd -l

And finally install the snmpwalk utility:

sudo yum install net-snmp-utils

Configure iDRAC SNMPv3 with PowerShell

 

If you don’t want to configure it manually through a web interface you can use remote racadm commands or maybe some Powershell scripts.  Here are mine which I used for a bulk configuration of multiple Dell servers:

Get iDRAC EngineID’s for multiple servers:

$ServerList = Get-Content “C:\tmp\idracSnmpHostList.txt”
$Filepath = “C:\tmp\”

 

foreach ($Server in $ServerList){

$root_password = ‘password’
$user = ‘root’
# get SNMP Engine ID
write-host SNMP Engine ID $Server -ForegroundColor Green
racadm -r $Server -u $user -p $root_password –nocertwarn get iDRAC.SNMP.EngineID

}

Configure iDRAC SNMPv3 on multiple servers:

$ServerList = Get-Content “C:\tmp\idracSnmpHostList.txt”
$Filepath = “C:\tmp\”

 

foreach ($Server in $ServerList){

$root_password = ‘password’
$user = ‘root’
# chaange/modify SNMP Settings
write-host SNMP Engine ID $Server -ForegroundColor Green
racadm -r $Server -u $user -p $root_password set iDRAC.Users.3.UserName snmpv3_idrac
racadm -r $Server -u $user -p $root_password set idrac.users.3.password password
racadm -r $Server -u $user -p $root_password set iDRAC.Users.3.Privilege 0x1f3
racadm -r $Server -u $user -p $root_password set iDRAC.Users.3.IpmiLanPrivilege 15
racadm -r $Server -u $user -p $root_password set iDRAC.Users.3.IpmiSerialPrivilege 15
racadm -r $Server -u $user -p $root_password set iDRAC.Users.3.Enable 1
racadm -r $Server -u $user -p $root_password set iDRAC.Users.3.AuthenticationProtocol MD5
racadm -r $Server -u $user -p $root_password set iDRAC.Users.3.PrivacyProtocol AES
racadm -r $Server -u $user -p $root_password set iDRAC.Users.3.SNMPv3Enable Enabled
racadm -r $Server -u $user -p $root_password set iDRAC.Users.3.ProtocolEnable Enabled
racadm -r $Server -u $user -p $root_password set iDRAC.IPMILan.CommunityName MyCommunity
racadm -r $Server -u $user -p $root_password set idrac.SNMP.Alert.1.SNMPv3Username snmpv3_idrac
racadm -r $Server -u $user -p $root_password set idrac.SNMP.AgentCommunity MyCommunity
racadm -r $Server -u $user -p $root_password set idrac.SNMP.TrapFormat SNMPv3

}