5 Posts
0
3569
SNMP v3 Traps to Support Assist Enterprise
Hi there.
We have a security requirement to change all SNMP Traps on our iDRACs from v1/2 to v3. I've been doing a piece of work configuring our new Support Assist Enterprise installation, part of which is ensuring the "automatic case raising" function that SAE supports works as intended. So far I've noticed the following behaviour:
SAE reports full monitoring capability on discovered devices (manually added) only when the SNMP Trap Format is set to 1 or 2 on the target iDRAC. This extends to the automatic case generation. As soon as I switch the Trap Format on the iDRAC to 3 to comply with our network security requirements, however, SAE reports the following:
The IP Address of the server where SAE is installed is already listed as an IP destination. SNMPTrap.exe is bound to port 162 on the Windows Server where SAE is installed and there's no indication the traffic is being blocked.
Considering SNMPv3's improved authentication mechanisms and encryption, does SAE support receiving SNMP Traps of this format? I can't see anywhere in the SAE console to configure SNMP credentials as you would in other monitoring platforms such as DELL Open Manage or SolarWinds - though I'm happy to be shown I'm wrong!
The SAE installation is hosted on a Windows 2012 R2 server and is version 2.0.21.93.
The iDRAC I'm using to test is a version 8 iDRAC at Version 2.61.60.60 (Build 08).
Thanks.
Gwyn92
5 Posts
0
August 1st, 2019 01:00
Dell-DylanJ
2.9K Posts
1
July 19th, 2019 08:00
Hello,
I took a look at the user guide for SAE and it looks like it only supports SNMP v1 or v2. I'm basing this off of page 162. I'll update my post, if I can find anything about v3, though.
https://topics-cdn.dell.com/pdf/supportassist-enterprise-v20_users-guide_en-us.pdf
Gwyn92
5 Posts
0
July 29th, 2019 02:00
Hi Dylan,
Thank you for your response and my apologies for the late reply, I was away. Are you aware of any plans to implement SNMPv3 compatibility in future releases of SAE, or any way in which we can leverage SNMPv3 Traps from our iDRACs and still have SAE automatic call functionality?
No worries if not, I just need to feedback internally where I work so we can figure out our next steps.
Thanks.
Dell-DylanJ
2.9K Posts
1
July 29th, 2019 07:00
I haven't heard anything, but I'm on the support side and development is in a silo separate from us. So, it may very well be something on their roadmap that I'm just unaware of. Some of the devs post here from time to time, so we may get a better answer.