1.1.1 debugging
snmp-agent
Syntax
debugging snmp-agent { header | packet | process | trap }
undo debugging snmp-agent { header | packet | process | trap }
View
User view
Parameter
header:
Configures SNMP packet header debugging.
packet:
Configures SNMP packet debugging.
process:
Configures SNMP packet process debugging.
trap:
Configures Trap packet debugging.
Description
Use the debugging snmp-agent command
to enable SNMP Agent debugging.
Use the undo debugging snmp-agent command
to cancel the current setting.
By default, SNMP Agent debugging is
disabled.
Example
# Enable SNMP packet header debugging.
<H3C> debugging snmp-agent
header
Syntax
display snmp-agent { local-engineid | remote-engineid }
View
Any view
Parameter
local-engineid: Engine ID of a local SNMP entity.
remote-engineid: Engine ID of a remote SNMP entity.
Description
Use the display snmp-agent command
to view engine ID of the local or remote SNMP entity.
An SNMP engine ID identifies an SNMP entity
uniquely within an SNMP domain. As an indispensable part of an SNMP entity, an
SNMP engine performs the function of sending, receiving and authenticating SNMP
message, extracting PDU, packet encapsulation and the communication with SNMP
application.
Example
# Display the engine ID of a local device.
<H3C> display snmp-agent local-engineid
SNMP local EngineID: 800007DB000FE20F12346877
SNMP local EngineID in the above
information represents the engine ID of the local SNMP entity.
Syntax
display snmp-agent community [ read | write ]
View
Any view
Parameter
read:
Displays read-only community information.
write:
Displays read-write community information.
Description
Use the display snmp-agent community
command to view the information about the currently configured community names
for SNMPv1 or SNMPv2c.
Example
# Display the currently configured community names.
<H3C> display snmp-agent
community
Community name:public
Group name:public
Storage-type: nonVolatile
Community name:private
Group name:private
Storage-type: nonVolatile
Table 1-1 Description on the fields of
the display snmp-agent community command
|
Field
|
Description
|
|
Community name
|
Community name
|
|
Group name
|
Group name
|
|
Storage-type
|
Storage type, including volatile, nonVolatile,
permanent, readOnly and other.
|
Syntax
display snmp-agent group [ group-name ]
View
Any view
Parameter
groupname:
The group name, ranging from 1 to 32 bytes.
Description
Use the display snmp-agent group
command to view group name, security model, state of various views and storage
models.
Example
# Display SNMP group name and security model.
<H3C> display snmp-agent group
Group name: v3r2
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: <no
specified>
Notifyview :<no
specified>
Storage-type: nonvolatile
The following table describes the output
fields.
Table 1-2 Description on the fields of
the display snmp-agent group command
|
Field
|
Description
|
|
Group name
|
SNMP group
name of the user
|
|
Security
model
|
Security
model of that group, including authorization and encryption (AuthPriv),
authorization and no encryption (AuthnoPriv), no authorization and no
encryption (noAuthnoPriv).
|
|
Readview
|
Read-only
MIB view name corresponding to that group
|
|
Writeview
|
Writable
MIB view corresponding to that group
|
|
Notifyview
|
The name
of the notify MIB view corresponding to that group
|
|
storage-type
|
Storage type, including volatile, nonVolatile,
permanent, readOnly and other.
|
Syntax
display snmp-agent mib-view [ exclude | include | viewname view-name
]
View
Any view
Parameter
exclude:
Displays the SNMP MIB view (excluded).
Include:
Displays the SNMP MIB view (included).
view-name:
SNMP MIB view to be displayed.
Description
Use the display snmp-agent mib-view
command to view the MIB view configuration information of the current Ethernet
switch.
Example
# Display the information about the currently configured MIB view.
<H3C> display snmp-agent mib-view
View name:ViewDefault
MIB Subtree:internet
Subtree mask:
Storage-type: nonVolatile
View Type:included
View status:active
View name:ViewDefault
MIB Subtree:snmpUsmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpVacmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpModules.18
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
Table 1-3 describes the output fields.
Table 1-3 Description
on the fields of the display snmp-agent mib-view command
|
Field
|
Description
|
|
View name
|
View name
|
|
MIB Subtree
|
MIB subtree
|
|
Subtree mask
|
Subtree mask
|
|
Storage-type
|
Storage type
|
|
ViewType: included/excluded
|
Permit or forbid access to an MIB object
|
|
View status
|
Indicate the MIB view status
|
Syntax
display snmp-agent statistics
View
Any view
Parameter
None
Description
Use the display snmp-agent statistics command
to view the statistics information about SNMP packets.
Example
# Display the statistics information about
SNMP packets.
<H3C> display snmp-agent
statistics
1276 Messages delivered to the SNMP
entity
0 Messages which were for an
unsupported version
0 Messages which used a SNMP
community name not known
0 Messages which represented an
illegal operation for the community supplied
0 ASN.1 or BER errors in the
process of decoding
1291 Messages passed from the SNMP
entity
0 SNMP PDUs which had badValue
error-status
0 SNMP PDUs which had genErr
error-status
7 SNMP PDUs which had noSuchName
error-status
0 SNMP PDUs which had tooBig
error-status (Maximum packet size 1500)
3669 MIB objects retrieved
successfully
26 MIB objects altered successfully
420 GetRequest-PDU accepted and
processed
832 GetNextRequest-PDU accepted and
processed
0 GetBulkRequest-PDU accepted and
processed
1276 GetResponse-PDU accepted and
processed
24 SetRequest-PDU accepted and
processed
15 Trap PDUs accepted and processed
0 Alternate Response Class PDUs droped
silently
0 Forwarded Confirmed Class PDUs droped
silently
Syntax
display snmp-agent sys-info [ contact | location | version ]*
View
Any view
Parameter
contact:
Displays the contact information of the current device.
location:
Displays the physical location of the current device.
version:
Displays the version information about the SNMP running in the system.
Description
Use the display snmp-agent sys-info command
to view the system information about the current SNMP device.
This command displays all information if
you choose no parameter.
Example
# Display the system information about the
SNMP device.
<H3C> display snmp-agent
sys-info
The contact person for this
managed node:
R&D Hangzhou, H3C
Technologies Co.,Ltd.
The physical location of this
node:
Hangzhou China
SNMP version running in the
system:
SNMPv3
1.1.8 display snmp-agent trap-list
Syntax
display snmp-agent trap-list
View
Any view
Parameter
None
Description
Use the display snmp-agent trap-list
command to view Trap list information.
Related command: snmp-agent trap enable.
Example
# Display Trap list information.
<H3C> display snmp-agent
trap-list
configuration trap enable
flash trap enable
standard trap enable
system trap enable
Enable traps :4; Disable traps 0
Syntax
display snmp-agent usm-user [ engineid engineid | username user-name
| group group-name ]*
View
Any view
Parameter
engineid:
Displays the SNMPv3 user information of the specified engine ID, which ranges
from 10 to 64 hexadecimal numerals.
username:
Displays information about the specified SNMPv3 user, which ranges from 1 to 32
bytes.
groupname:
Displays information about users in the specified group name, which ranges from
1 to 32 bytes.
Description
Use the display snmp-agent usm-user
command to view SNMP user information.
If you do not specify a parameter, all the
information will be displayed.
Example
# Display all user information.
<H3C> display snmp-agent usm-user
User name: usm-user
Group name: usm-group
Engine ID: 800007DB000FE20F12346877
Storage-type: nonVolatile
UserStatus: active
Table 1-4 describes the output fields.
Table 1-4 Description
on the fields of the display snmp-agent usm-user command
|
Field
|
Description
|
|
User name
|
SNMP user name
|
|
Group name
|
The group name which the SNMP user name
belongs to
|
|
Engine ID
|
The character string identifying the SNMP
device
|
|
Storage-type
|
Storage type, including volatile, nonVolatile,
permanent, readOnly and other.
|
|
UserStatus
|
SNMP user status
|
Syntax
enable snmp trap updown
undo enable snmp trap updown
View
Ethernet port view/interface view
Parameter
None
Description
Use the enable snmp trap updown
command to enable the port to send LINK UP and LINK DOWN Trap information.
Use the undo enable
snmp trap command to disable the port to send LINK UP and LINK DOWN Trap information.
By default, the port is enabled to send
Trap information.
The enable snmp trap and snmp-agent
target-host commands are used at the same time. You can use the snmp-agent
target-host command to specify the hosts receiving Trap information.
To send Trap information, you must configure at least one snmp-agent
target-host command.
Example
# Enable port Ethernet1/0/1 to send LINK UP and LINK DOWN Trap information. The community name
public is used.
<H3C> system-view
[H3C] snmp-agent trap enable
[H3C] snmp-agent target-host trap
address udp-domain 10.1.1.1 params securityname public
[H3C] interface ethernet1/0/1
[H3C-Ethernet1/0/1] enable snmp trap updown
Syntax
snmp-agent
undo snmp-agent
View
System view
Parameter
None
Description
Use the snmp-agent command to enable
SNMP Agent.
Use the undo snmp-agent command to
disable SNMP Agent.
By default, SNMP Agent is disabled.
Example
# Disable running SNMP Agent.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] undo snmp-agent
An S3100-SI Ethernet switch acts as the following to prevent attacks
through unused sockets.
l
Opening UDP port 161 (which is used by SNMP
agents) and UDP port 1024 (which is used by SNMP-trap clients) only when SNMP
is enabled.
l
Closing UDP port 161 and UDP port 1024 when SNMP
is disabled.
This function is achieved in the following way.
l
Executing the snmp-agent command or any
of the commands used to configure the SNMP agent causes the SNMP agent being
enabled and UDP port 161 and UDP port 1024 being opened.
l
Executing the undo snmp-agent command
causes UDP port 161 and UDP port 1024 being closed as well.
Syntax
snmp-agent
community { read | write } community-name [ acl
acl-number | mib-view view-name ]*
undo snmp-agent
community community-name
View
System view
Parameter
read:
Indicates that MIB object can only be read. Only the read-only community can
query device information.
write: Indicates
that MIB object can be read and written. The read-write community can configure
the device.
community-name: The community name, a character string of 1 to 32 characters.
view-name:
The MIB view name, a character string of 1 to 32 characters.
acl-number:
The basic access control list (ACL) number specified by the community, ranging
from 2,000 to 2,999.
Description
Use the snmp-agent community
command to configure community access name and enable the access to SNMP.
Use the undo snmp-agent community
command to cancel the settings of community access name.
Example
# Configure community name as comaccess and permit read-only access by this
community name.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent community read comaccess
# Configure community name as mgr and permit read-write access.
[H3C] snmp-agent community write mgr
# Remove community name comaccess.
[H3C] undo snmp-agent community comaccess
Syntax
1)
Versions V1 and V2C
snmp-agent group { v1 | v2c } group-name [ read-view read-view
] [ write-view write-view ] [ notify-view notify-view
] [ acl acl-number ]
undo snmp-agent
group { v1 | v2c } group-name
2)
Version V3
snmp-agent group v3 group-name [ authentication | privacy ] [
read-view read-view ] [ write-view write-view ] [ notify-view
notify-view ] [ acl acl-number ]
undo snmp-agent
group v3 group-name [ authentication | privacy
]
View
System view
Parameter
v1:
Specifies SNMPv1.
v2c:
Specifies SNMPv2c.
v3:
Specifies SNMPv3.
groupname:
Group name, ranging from 1 to 32 bytes.
authentication: Configures to authenticate the packet without encryption.
privacy:
Configures to authenticate and encrypt the packet.
readview:
Read-only view name, ranging from 1 to 32 bytes.
writeview:
Name of read-write view, ranging from 1 to 32 bytes.
notifyview:
Notification view name, ranging from 1 to 32 bytes.
acl-number:
The basic access list number, ranging from 2,000 to 2,999.
Description
Use the snmp-agent group command to
configure a new SNMP group, that is, to map SNMP user to SNMP view.
Use the undo snmp-agent group
command to cancel a specified SNMP group.
By default, the SNMP group configured with
the snmp-agent group v3 command is not authenticated and
encrypted.
Related command: snmp-agent mib-view,
snmp-agent usm-user.
Example
# Create SNMPv3 group 1.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent group v3 group1
Syntax
snmp-agent local-engineid engineid
undo snmp-agent local-engineid
View
System view
Parameter
engineid:
Specifies the engine ID with a character string, only composed of 10 to 64
hexadecimal numbers. Two hexadecimal characters form an octet.
Description
Use the snmp-agent local-engineid
command to set the engine ID of the local SNMP entity.
Use the undo snmp-agent local-engineid command to restore the default
setting.
By default, the device engine ID is
"Enterprise Number + device information". Device information is
determined according to different products. It can be IP address, MAC address
or user-defined hexadecimal numeral string.
Related command: snmp-agent usm-user.
Example
# Configure the local device name as 123456789A.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent local-engineid
123456789A
Syntax
snmp-agent mib-view { included | excluded } view-name oid-tree
undo snmp-agent mib-view view-name
View
System view
Parameter
view-name: View name.
oid-tree:
The OID MIB subtree of the MIB object subtree. It can be a character string of
the variable OID (such as 1.4.5.3.1), or a variable name (such as system). The
character string can include wildcards (such as 1.4.5.*.*.1).
included:
Includes this MIB subtree.
excluded:
Excludes this MIB subtree.
Description
Use snmp-agent mib-view command to
create or update the view information, limiting the MIB objects to be accessed
by the NMS.
Use the undo snmp-agent mib-view command
to cancel the current setting.
By default, the view name is ViewDefault
and OID is 1.
Related command: snmp-agent group.
Example
# Create an SNMP MIB view that consists of all the objects of MIB2 (the
corresponding OID is 1.3.6.1.2.1).
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent mib-view included
mib2 1.3.6.1.2.1
Syntax
snmp-agent packet max-size byte-count
undo snmp-agent packet max-size
View
System view
Parameter
byte-count:
Maximum size of the SNMP packet (in bytes) that the Agent can send/receive,
ranging from 484 to 17,940.
Description
Use the snmp-agent packet max-size
command to set the maximum size of SNMP packet that the Agent can send/receive.
Use undo snmp-agent packet max-size
command to restore the default size of SNMP packet.
By default, the maximum size of the SNMP
packet (in bytes) that the Agent can send/receive is 1,500 bytes.
Example
# Set the maximum size of the SNMP packet that the Agent can send/receive
to 1,042 bytes.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent packet max-size 1042
Syntax
snmp-agent sys-info { contact sys-contact | location sys-location
| version { { v1 | v2c | v3 }* | all }
}
undo snmp-agent sys-info { contact | location | version { { v1
| v2c | v3 }* | all } }
View
System view
Parameter
sysContact:
The character string describing contact information for system maintenance.
sys-location:
The geographical location of the device.
version: Specifies version of running SNMP.
v1:SNMP V1.
v2c:SNMP
V2C.
v3:SNMP V3.
all: All
SNMP versions, including SNMP V1, SNMP V2C, SNMP V3.
Description
Use the snmp-agent sys-info command
to configure system information such as geographical location of the device,
contact information for system maintenance and version information of running
SNMP.
Use the undo snmp-agent sys-info
location command to restore the default value.
If the device fails, the device maintenance
person can use contact information to contact the manufacturer.
By default, the contact information is
" R&D Hangzhou, H3C Technologies Co.,Ltd.", the system location
is "Hangzhou China", the SNMP version is SNMP V3.
Related command: display snmp-agent
sys-info.
Example
# Set contact information for system maintenance as Dial System Operator
# 1234.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent sys-info contact
Dial System Operator # 1234
Syntax
snmp-agent target-host trap address udp-domain { ip-address }
[ udp-port port-number ] params securityname security-string
[ v1 | v2c | v3 [ authentication | privacy ]
]
undo snmp-agent
target-host ip-address securityname security-string
View
System view
Parameter
trap:
Specifies the host to be a Trap host.
address:
Specifies the address of the destination host for transmitting SNMP messages.
udp-domain:
Specifies transport domain over UDP for the target host.
ip-address:
The IPv4 address of the host receiving Trap packets.
port-number:
Number of the port receiving Trap packets.
params:
Specifies SNMP target host information to be used in the generation of SNMP
messages.
security-string: The community name of SNMP V1 and SNMP V2C, or SNMP V3 user name,
ranging from 1 to 32 characters.
v1:
Represents the version of SNMPV1.
v2c:
Represents the version of SNMPV2C.
v3:
Represents the version of SNMPV3.
authentication: Configures to authenticate the packet without encryption.
privacy:
Configures to authenticate and encrypt the packet.
Description
Use snmp-agent target-host command
to configure destination of SNMP Trap packets.
Use undo snmp-agent target-host
command to cancel the current setting.
The snmp-agent target-host command
and the snmp-agent trap enable or enable snmp trap updown command
must be used at the same time on the device to send Trap packets.
1)
Use the snmp-agent trap enable or enable
snmp trap updown command to set Trap packets allowed to send (all Trap
packets can be sent by default).
2)
Use the snmp-agent target-host command to
set the address of the destination host receiving SNMP Trap packets.
Related command: snmp-agent trap enable,
snmp-agent trap source and snmp-agent trap life.
Example
# Enable sending SNMP Trap packets to 10.1.1.1 with community name public.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent trap enable standard
[H3C] snmp-agent target-host trap
address udp-domain 10.1.1.1 params securityname public
Syntax
snmp-agent trap enable [configuration | flash | standard [ authentication | coldstart
| linkdown | linkup | warmstart ]* | system ]
undo snmp-agent
trap enable [configuration | flash | standard [
authentication | coldstart | linkdown | linkup | warmstart
]* | system ]
View
System view
Parameter
Configuration: Configures to send configuration Trap messages.
flash:
Configures to send flash Trap messages.
standard:
Configures to send SNMP standard notification or Trap messages.
authentication: Sends SNMP authentication failure Trap messages in cases of
authentication failures.
coldstart:
Configures to send SNMP cold start Trap messages when the device is rebooted.
linkdown:
Configures to send SNMP linkDown Trap messages when the port is down.
linkup:
Configures to send SNMP linkUp Trap messages when the port is up.
warmstart:
Configures to send SNMP warm start Trap messages when SNMP is rebooted.
system:
Configures to send H3C-SYS-MAN-MIB (private MIB) Trap messages.
Description
Use the snmp-agent trap enable
command to enable the device to send Trap packets.
Use the undo snmp-agent trap enable
command to disable the device to send Trap packets.
By default, the device is enabled to send
Trap messages.
The snmp-agent trap enable and
snmp-agent target-host commands must be used at the same
time. The snmp-agent target-host command specifies which hosts can
receive Trap message. However, to send Trap message, you must configure snmp-agent
target-host command.
Example
# Enable to send the Trap packet of SNMP authentication failure to 10.1.1.1.
The community name is public.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent trap enable
authentication
[H3C] snmp-agent target-host trap
address udp-domain 10.1.1.1 params securityname public
Syntax
snmp-agent trap life seconds
undo snmp-agent trap life
View
System view
Parameter
seconds:
Aging time, in seconds, ranging from 1 to 2,592,000.
Description
Use the snmp-agent trap life command
to set aging time for Trap packets. The Trap packets exceeding the aging time
are discarded.
Use the undo snmp-agent trap life
command to restore the default aging time for Trap packets.
By default, the aging time of SNMP Trap
packets is 120 seconds.
Related command: snmp-agent trap enable,
snmp-agent target-host.
Example
# Set the aging time for Trap packets as 60
seconds.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent trap life 60
Syntax
snmp-agent trap queue-size size
undo snmp-agent trap queue-size
View
System view
Parameter
size: Length
of a queue, ranging from 1 to 1,000.
Description
Use the snmp-agent trap queue-size
command to configure the information queue length of Trap packet sent to
destination host.
Use the undo snmp-agent trap queue-size
command to restore the default value.
Related command: snmp-agent trap enable,
snmp-agent target-host and snmp-agent trap life.
By default, the length is 100.
Example
# Configure the queue length to 200.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent trap queue-size 200
Syntax
snmp-agent trap source interface-type interface-number
undo snmp-agent trap source
View
System view
Parameter
nterface-type: Interface type.
interface-number: Interface number.
Description
Use the snmp-agent trap source
command to configure the source address for sending Trap message.
Use the undo snmp-agent trap source
command to cancel the source address for sending Trap message.
The SNMP Trap message sent from a server
has a source IP address no matter which interface the Trap message is sent
from.
By default, SNMP chooses an outgoing
interface.
You can configure this command to trace a
specific event using the source address of a Trap packet.
Before setting the
IP address of an interface address as the source address of the sent Trap
packet, you must configure an IP address for the interface.
Related command: snmp-agent trap enable,
snmp-agent target-host.
Example
# Configure the IP address of the VLAN interface 1 as the source address for
transmitting the Trap packets.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent trap source Vlan-interface
1
Syntax
1)
Versions V1 and V2C
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl
acl-number ]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
2)
Version V3
snmp-agent usm-user v3 user-name group-name [ authentication-mode
{ md5 | sha } auth-password [ privacy-mode des56
priv-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid
engineid-string }
View
System view
Parameter
v1:
Configures to use V1 security model.
v2c:
Configures to use V2c security model.
v3:
Configures to use V3 security model.
User-name:
User name, ranging from 1 to 32 bytes.
Group-name:
Group name corresponding to that user, a character string of 1 to 32
characters.
authentication-mode: Specifies the safety level as authentication required. Absence of
this parameter indicates that neither authentication nor encryption is
required.
md5:
Specifies the authentication protocol as HMAC MD5 algorithm.
sha:
Specifies the authentication protocol as HMAC SHA algorithm.
auth-password: Authentication password, a character string of 1 to 64 characters.
privacy:
Specifies the security level as encrypted.
des56:
Specifies the authentication protocol as DES.
Priv-password: Encryption password, a character string of 1 to 64 characters.
acl-number: The basic ACL number, ranging from 2,000 to 2,999.
local:
Represents a local entity user.
engineid-string:
Engine ID related to the user, ranging from 10 to 64 hexadecimal numerals.
Description
Use the snmp-agent usm-user command
to add a new user to an SNMP group.
Use the undo snmp-agent usm-user
command to cancel a user from the SNMP group.
While using SNMPv3, SNMP engineID (for
authentication) is required when you configure a remote user for an agent. If
you change engineID after configuring a user, the user corresponding to the
original engineID is not effective.
For SNMPv1 and SNMPv2C, this command will
add a new community name. For SNMPv3, it will add a new user for an SNMP group.
Related command: snmp-agent group, snmp-agent
community and snmp-agent local-engineid.
Example
# Add a user John to SNMPv3 group Johngroup. Configure to authenticate
using HMAC-MD5 algorithm, require authentication and set authentication
password as hello.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent group v3 Johngroup
[H3C] snmp-agent usm-user v3 John Johngroup
authentication-mode md5 hello
