Enable SNMPv3 Only on AOS 7.5

Hi ​@drharrold 
Your are correct, and what you are running into is exactly what happens when referencing older CLI commands on modern AOS 7.x releases.

The system permanently disables SNMP v2c GET operations (inbound polling) by default in AOS 7.5.

Because the system inherently blocks v2c polling now, the old enable-snmpv3-only toggle command was completely removed.

SNMP v2c is now only supported for outbound traps, meaning your cluster is strictly v3 as long as you only configure v3 users and do not add any v2c trap destinations.

So your system is already hardened; just verify in Prism that no v2c receivers are configured and reference Nutanix KB 1333  - https://portal.nutanix.com/page/documents/kbs/details?targetId=kA0600000008bAECAY for your auditors.

Thanks 
Selvamani.S

Hi ​@drharrold 

Nutanix deprecated and removed the standalone SNMP management sub-commands from the local CVM OS hardening parameters.

if you type :
nutanix@NodeX-XXXXXXXXXX-A-CVM:X.X.X.X:~$ sudo egrep '^(rocommunity|rwcommunity)' /etc/snmp/snmpd.conf
nutanix@NodeX-XXXXXXXXXX-A-CVM:X.X.X.X:~$

returns a blank response means :

There are zero unencrypted SNMPv1 or SNMPv2c Read-Only (rocommunity) or Read-Write (rwcommunity) community strings defined in the configuration file.

The Security Verdict: Because SNMPv2c fundamentally requires a community string to authenticate inbound requests, inbound SNMPv2c polling is completely non-functional on this CVM.

To configure SNMP for Nutanix follow the steps in the following article : 
https://portal.nutanix.com/page/documents/kbs/details?targetId=kA0600000008bAECAY

This is an exemple for SNMP configuration with SolarWind : 
https://portal.nutanix.com/page/documents/kbs/details?targetId=kA0600000008hjtCAA