- Local User Groups
We have just enabled SNMP access to virtual systems on VSX hosts using direct SNMP access:
set snmp mode vs
set snmp vs-direct-access on
We have confirmed that this is working with both SNMP v2 and v3 using the internal interface of the virtual systems that is used for data traffic.
We are now planning to create a separate management interface for each vs, so that the SNMP traffic is separated and routed correctly. Would you recommend using the same VLAN for this interface as the management interface of the VSX hosts or do you see any advantage of using a separate monitoring VLAN on the virtual systems?
Thanks for your help!
I would personally keep out of the VSX Cluster Management Interface VLAN, I like to keep that just for the actual VSX Management Traffic
SNMPv3 is already encrypted (we always use the option to encrypt anyway) so not sure from a Security perspective too much benefit there and are you really generating enough traffic with SNMP that going to impact regular network traffic.
If you already have a separate Management Network that already using for monitoring/management of other Network Devices etc then would suggest that wouldn't hurt to add an Interface in the VS to that VLAN as already done the majority of the work.
Obviously need to ensure that the SNMP connection wouldn't be reachable by multiple interfaces though of course that would be normal network design practice anyway.
Thank you very much for the feedback!
We have a separate management network, but I agree that it is worth considering if a new VLAN only for the SNMP traffic is actually valuable.