1.1.1 display snmp-agent
Syntax
display snmp-agent { local-engineid | remote-engineid }
View
Any view
Parameter
local-engineid: Displays the local SNMP entity Engine ID.
remote-engineid: Displays all the remote SNMP entity Engine IDs.
Description
Use the display snmp-agent command
to display the local SNMP entity engine ID or all the remote SNMP entity engine
IDs.
An SNMP engine ID identifies an SNMP entity
uniquely within an SNMP domain. As an indispensable part of an SNMP entity, an
SNMP engine performs the function of sending, receiving and authenticating SNMP
messages, extracting PDUs, packet assembling and the communication with SNMP
applications.
Example
# Display the local SNMP entity engine ID.
<H3C> display snmp-agent local-engineid
SNMP local EngineID: 800007DB000FE20F12346877
SNMP local EngineID in the above
information represents the local SNMP entity engine ID.
Syntax
display snmp-agent community [ read | write ]
View
Any view
Parameter
read: Displays
the information about the SNMP communities with read-only permission.
write: Displays
the information about the SNMP communities with read-write permission.
Description
Use the display snmp-agent community
command to display the information about the SNMPv1/SNMPv2C communities with
the specific access permission.
If you specify no keyword when executing
this command, the information about all the existing SNMPv1/SNMPv2C communities
is displayed.
Example
# Display the information about all the existing SNMPv1/SNMPv2c communities.
<H3C> display snmp-agent
community
Community name:public
Group name:public
Storage-type: nonVolatile
Community name:private
Group name:private
Storage-type: nonVolatile
Table 1-1 Description
on the fields of the display snmp-agent community command
|
Field
|
Description
|
|
Community name
|
Community name
|
|
Group name
|
Group name
|
|
Storage-type
|
Storage type, which can be
“volatile”, “nonVolatile”, “permanent”, “readOnly”,
and “other”.
|
Syntax
display snmp-agent group [ group-name ]
View
Any view
Parameter
group-name: Name
of the desired SNMP group, a string of 1 to 32 characters.
Description
Use the display snmp-agent group
command to display the information about a SNMP group, including group name, security
mode, states of various views, and storage mode.
If you do not specify the group-name
argument, this command displays the information about all the existing SNMP
groups.
Example
# Display the information about all the SNMP groups.
<H3C> display snmp-agent group
Group name: v3r2
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: <no
specified>
Notifyview :<no
specified>
Storage-type: nonvolatile
Table 1-2 Description
on the fields of the display snmp-agent group command
|
Field
|
Description
|
|
Group name
|
SNMP group
name of the user
|
|
Security
model
|
SNMP group security mode, which can be
“AuthPriv” (authorization and encryption), “AuthnoPriv”
(authorization and no encryption), and “noAuthnoPriv” (no authorization
and no encryption).
|
|
Readview
|
Read-only MIB view corresponding to the
SNMP group
|
|
Writeview
|
Writable MIB view corresponding to the
SNMP group
|
|
Notifyview
|
Notify MIB view corresponding to the SNMP
group
|
|
storage-type
|
Storage type, which can be
“volatile”, “nonVolatile”, “permanent”, “readOnly”,
and “other”.
|
Syntax
display snmp-agent mib-view [ exclude | include | viewname view-name
]
View
Any view
Parameter
exclude: Specifies
the SNMP MIB views that are of the excluded type.
Include: Specifies
the SNMP MIB views that are of the included type.
view-name: Name
of an SNMP MIB view.
Description
Use the display snmp-agent mib-view
command to display the MIB view configuration of the current Ethernet switch.
If you specify no keyword when executing
this command, the configuration of all the MIB views is displayed.
Example
# Display the information about the currently configured MIB view.
<H3C> display snmp-agent mib-view
View name:ViewDefault
MIB Subtree:internet
Subtree mask:
Storage-type: nonVolatile
View Type:included
View status:active
View name:ViewDefault
MIB Subtree:snmpUsmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpVacmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpModules.18
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
Syntax
display snmp-agent statistics
View
Any view
Parameter
None
Description
Use the display snmp-agent statistics command
to display the statistics on SNMP packets.
Example
# Display the statistics on SNMP packets.
<H3C> display snmp-agent
statistics
1276 Messages delivered to the SNMP
entity
0 Messages which were for an
unsupported version
0 Messages which used a SNMP
community name not known
0 Messages which represented an
illegal operation for the community supplied
0 ASN.1 or BER errors in the
process of decoding
1291 Messages passed from the SNMP
entity
0 SNMP PDUs which had badValue
error-status
0 SNMP PDUs which had genErr
error-status
7 SNMP PDUs which had noSuchName
error-status
0 SNMP PDUs which had tooBig
error-status (Maximum packet size 1500)
3669 MIB objects retrieved
successfully
26 MIB objects altered successfully
420 GetRequest-PDU accepted and
processed
832 GetNextRequest-PDU accepted and
processed
0 GetBulkRequest-PDU accepted and processed
1276 GetResponse-PDU accepted and
processed
24 SetRequest-PDU accepted and
processed
15 Trap PDUs accepted and processed
0 Alternate Response Class PDUs droped
silently
0 Forwarded Confirmed Class PDUs droped
silently
Syntax
display snmp-agent sys-info [ contact | location | version ]*
View
Any view
Parameter
contact:
Displays the contact information of the current device.
location:
Displays the physical location of the current device.
version:
Displays the version information about the SNMP running in the system.
Description
Use the display snmp-agent sys-info command
to display the system SNMP information about the current device.
This command displays all the system SNMP information
if you execute it with no keyword specified.
Example
# Display the system SNMP information about
the device.
<H3C> display snmp-agent
sys-info
The contact person for this
managed node:
R&D Hangzhou, H3C
Technologies Co.,Ltd.
The physical location of this
node:
Hangzhou China
SNMP version running in the
system:
SNMPv1 SNMPv2c SNMPv3
1.1.7 display snmp-agent
trap-list
Syntax
display snmp-agent trap-list
View
Any view
Parameter
None
Description
Use the display snmp-agent trap-list
command to display the states of the Traps.
Related command: snmp-agent trap enable.
Example
# Display the states of the Traps.
<H3C> display snmp-agent
trap-list
configuration trap enable
flash trap enable
ospf trap enable
standard trap enable
system trap enable
vrrp trap disable
Enable traps :5; Disable traps 1
Syntax
display snmp-agent usm-user [ engineid engineid | username user-name
| group group-name ]*
View
Any view
Parameter
engineid: Engine
ID, a string comprising of 10 to 64 hexadecimal digits.
user-name: SNMPv3
user name, a string comprising of 1 to 32 characters.
group-name: Name
of an SNMP group, a string comprising of 1 to 32 characters.
Description
Use the display snmp-agent usm-user
command to display the information about a specific type of SNMP users.
If you execute this command with no keyword
specified, the information about all the SNMP users is displayed.
Example
# Display the information about all the
SNMP users.
<H3C> display snmp-agent usm-user
User name: usm-user
Group name: usm-group
Engine ID: 800007DB000FE20F12346877
Storage-type: nonVolatile
UserStatus: active
Table 1-3 Description on the fields of the display snmp-agent usm-user command
|
Field
|
Description
|
|
User name
|
SNMP user name
|
|
Group name
|
The name of the SNMP group which the SNMP
user belongs to
|
|
Engine ID
|
SNMP engine ID of the device
|
|
Storage-type
|
Storage type, which can be
“volatile”, “nonVolatile”, “permanent”, “readOnly”,
and “other”.
|
|
UserStatus
|
SNMP user status
|
Syntax
enable snmp trap updown
undo enable snmp trap updown
View
Ethernet port view, interface view
Parameter
None
Description
Use the enable snmp trap updown
command to enable the sending of port/interface Link Up and Link Down traps.
Use the undo enable
snmp trap updown command to disable the sending of Link Up and Link Down traps.
By default, the sending of port/interface Link
Up and Link Down traps is enabled.
The enable snmp trap updown command
need to be coupled with the snmp-agent target-host command. You can use
the snmp-agent target-host command to specify the hosts that can receive
Trap messages. To enable the sending of Trap messages, you need to specify at
least one host that is to receive the Trap messages using the snmp-agent
target-host command.
Example
# Enable the port Ethernet 1/0/1 to send Link Up and Link Down SNMP Trap massages to the NMS whose
IP address is 10.1.1.1 using the community name “public”.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent trap enable
[H3C] snmp-agent target-host trap
address udp-domain 10.1.1.1 params securityname public
[H3C] interface Ethernet1/0/1
[H3C-Ethernet1/0/1] enable snmp trap updown
Syntax
snmp-agent
undo snmp-agent
View
System view
Parameter
None
Description
Use the snmp-agent command to enable
the SNMP agent.
Use the undo snmp-agent command to disable
the SNMP agent.
By default, the SNMP agent is disabled.
Example
# Disable the SNMP agent (assuming that the
SNMP agent is currently enabled).
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] undo snmp-agent
An S3600 Ethernet switch acts as the following to prevent attacks
through unused sockets.
l
Opening UDP port 161 (which is used by SNMP
agents) and UDP port 1024 (which is used by SNMP-trap clients) only when SNMP
is enabled.
l
Closing UDP port 161 and UDP port 1024 when SNMP
is disabled.
This function is achieved in the following way.
l
Executing the snmp-agent command or any
of the commands used to configure the SNMP agent causes the SNMP agent being
enabled and UDP port 161 and UDP port 1024 being opened.
l
Executing the undo snmp-agent command
causes UDP port 161 and UDP port 1024 being closed as well.
Syntax
snmp-agent
community { read | write } community-name [ [ acl
acl-number ] [ mib-view view-name ] ]*
undo snmp-agent
community community-name
View
System view
Parameter
read: Specifies
that the community to be created has read-only permission to MIB objects. Communities
of this type can only query MIBs for device information.
write: Specifies
that the community to be created has read-write permission to MIB objects. Communities
of this type are capable of configuring devices.
community-name: Name of the community to be created, a string of 1 to 32 characters.
view-name:
MIB view name, a string of 1 to 32 characters.
acl-number: ID
of the ACL to be applied to the community, in the range 2000 to 2999.
Description
Use the snmp-agent community
command to create an SNMP community for accessing MIB objects.
Use the undo snmp-agent community
command to remove an SNMP community.
Example
# Create an SNMP community named “comaccess”,
which has read-only permission to MIB objects.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent community read comaccess
# Create an SNMP community named
“mgr”, which has read-write permission to MIB objects
[H3C] snmp-agent community write mgr
# Remove the community named “comaccess”.
[H3C] undo snmp-agent community comaccess
Syntax
1)
Version 1 and version 2C
snmp-agent group { v1 | v2c } group-name [ read-view read-view
] [ write-view write-view ] [ notify-view notify-view
] [ acl acl-number ]
undo snmp-agent
group { v1 | v2c } group-name
2)
Version 3
snmp-agent group v3 group-name [ authentication | privacy ] [
read-view read-view ] [ write-view write-view ] [ notify-view
notify-view ] [ acl acl-number ]
undo snmp-agent
group v3 group-name [ authentication | privacy
]
View
System view
Parameter
v1: Specifies
SNMPv1.
v2c:
Specifies SNMPv2C.
v3:
Specifies SNMPv3.
group-name: Name
of the SNMP group to be created, a string of 1 to 32 characters.
authentication: Configures to authenticate but do not encrypt the packets.
privacy:
Configures to authenticate and encrypt the packets.
read-view:
Read-only view name, a string of 1 to 32 characters.
write-view: Read-write
view name, a string of 1 to 32 characters.
notify-view:
Notification view name, a string of 1 to 32 characters.
acl-number: ID
of a basic ACL, in the range 2000 to 2999.
Description
Use the snmp-agent group command to create
an SNMP group to map SNMP users to the corresponding SNMP views.
Use the undo snmp-agent group
command to remove an SNMP group.
By default, the SNMP groups created using
the snmp-agent group v3 command do not authenticate or encrypt
packets.
Related command: snmp-agent mib-view,
snmp-agent usm-user.
Example
# Create an SNMPv3 group named
“group1”.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent group v3 group1
Syntax
snmp-agent local-engineid engineid
undo snmp-agent local-engineid
View
System view
Parameter
engineid: Engine
ID to be set, a string comprising of 10 to 64 hexadecimal digits.
Description
Use the snmp-agent local-engineid
command to set an engine ID for the local SNMP entity.
Use the undo snmp-agent local-engineid command to restore the default engine
ID.
By default, the engine ID of an SNMP entity
is formed by appending the device information to the enterprise number. The device
information can be determined according to the device, which can be an IP
address, a MAC address, or a user-defined string comprising of hexadecimal
digits.
Related command: snmp-agent usm-user.
Example
# Set the local SNMP entity engine ID to 123456789A.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent local-engineid
123456789A
Syntax
snmp-agent log { set-operation | get-operation | all }
undo snmp-agent log { set-operation | get-operation | all }
View
System view
Parameter
set-operation: Logs the set operations.
get-operation: Logs the get operations.
all: Logs both
the set operations and get operations.
Description
Use the snmp-agent log command to
enable network management operation logging.
Use the undo snmp-agent log command
to disable network management operation logging.
By default, network management operation
logging is disabled.
l
In the environment of a single device, use the display
logbuffer command to view the log of the get and set operations performed
on the NMS.
l
In the fabric environment, use the display logbuffer
command on the master device to view the log of the set operations. Use the display
logbuffer command on the devices receiving the get messages to view the log
of the get operations performed on the NMS.
Example
# Enable logging for both the get and the
set operations performed on the NMS.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent log all
Syntax
snmp-agent mib-view { included | excluded } view-name oid-tree
undo snmp-agent mib-view view-name
View
System view
Parameter
view-name:
View name.
oid-tree: OID
MIB subtree of a MIB object subtree. It can be the ID of a node in OID MIB subtree
(such as 1.4.5.3.1) or an OID (such as “system”). This argument can
contain wildcards (such as 1.4.5.*.*.1).
included:
Includes this MIB subtree.
excluded:
Excludes this MIB subtree.
Description
Use snmp-agent mib-view command to
create or update the information about a MIB view to limit the MIB objects the
NMS can access.
Use the undo snmp-agent mib-view command
to cancel the current setting.
By default, the view name is “ViewDefault”
and the OID is 1.
Related command: snmp-agent group.
Example
# Create an SNMP MIB view that contain all the objects of the MIB subtree
mib2 (assuming that the corresponding OID is 1.3.6.1.2.1).
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent mib-view included
mib2 1.3.6.1.2.1
Syntax
snmp-agent packet max-size byte-count
undo snmp-agent packet max-size
View
System view
Parameter
byte-count:
Maximum SNMP packet size (in bytes) to be set, ranging from 484 to 17,940.
Description
Use the snmp-agent packet max-size
command to set the maximum SNMP packet size allowed by an agent.
Use undo snmp-agent packet max-size
command to restore the default maximum SNMP packet size.
By default, the maximum SNMP packet size allowed
by an agent is 1,500 bytes.
Example
# Set the maximum SNMP packet size allowed by the agent to 1,042 bytes.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent packet max-size 1042
Syntax
snmp-agent sys-info { contact sys-contact | location sys-location
| version { { v1 | v2c | v3 }* | all }
}
undo snmp-agent sys-info { contact | location | version { { v1 |
v2c | v3 }* | all } }
View
System view
Parameter
sys-contact:
Contact information for system maintenance.
sys-location:
Geographical location of the device.
version: Specifies the SNMP version to be employed.
v1: Specifies
SNMPv1.
v2c: Specifies
SNMPv2C.
v3: Specifies
SNMPv3.
all: Specifies
all the SNMP versions available, that is, SNMPv1, SNMPv2C, and SNMPv3.
Description
Use the snmp-agent sys-info command
to set the system information, including geographical location of the device,
contact information for system maintenance, and the SNMP version employed.
Use the undo snmp-agent sys-info
location command to restore the default settings.
If the device fails, you can contact the
device manufacturer according to the system information.
By default, the contact information of an S3600
Ethernet switch is "R&D Hangzhou, H3C Technologies Co.,Ltd.", the
geographical location is "Hangzhou China", the SNMP version employed is
SNMPv3.
Related command: display snmp-agent
sys-info.
Example
# Set the contact information for system maintenance as “Dial
System Operator # 1234”.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent sys-info contact
Dial System Operator # 1234
Syntax
snmp-agent target-host trap address udp-domain { ip-address }
[ udp-port port-number ] params securityname security-string
[ v1 | v2c | v3 [authentication | privacy ]
]
undo snmp-agent
target-host ip-address securityname security-string
View
System view
Parameter
trap: Enables
the host to receive SNMP Traps.
address:
Specifies the destination for the SNMP Traps.
udp-domain:
Specifies to use UDP to communicate with the target host.
ip-address: The
IPv4 address of the host that is to receive the Traps.
port-number:
Number of the port that is to receive the Traps.
params: Specifies
SNMP target host information to be used in the generation of SNMP Traps.
security-string: SNMPv1/SNMPv2C community name or SNMPv3 user name, a string of 1
to 32 characters.
v1: Specifies
SNMPv1.
v2c: Specifies
SNMPv2C.
v3: Specifies
SNMPv3.
authentication: Configures to authenticate the packets without encryption.
privacy:
Configures to authenticate and encrypt the packets.
Description
Use snmp-agent target-host command
to configure a destination for the SNMP Traps generated by the local device.
Use undo snmp-agent target-host
command to cancel the current setting.
To enable a device to send SNMP Traps, the snmp-agent
target-host command need to be coupled with a command among the snmp-agent
trap enable command and the enable snmp trap updown command.
1)
Use the snmp-agent trap enable or enable
snmp trap updown command to specify the types of the SNMP Traps a device
can send (By default, a device can send all types of SNMP Traps).
2)
Use the snmp-agent target-host command to
set the address of the destination for the SNMP Traps.
Related command: snmp-agent trap enable,
snmp-agent trap source, and snmp-agent trap life.
Example
# Enable sending SNMP Traps to 10.1.1.1, setting the community name as
“public”.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent trap enable standard
[H3C] snmp-agent target-host trap
address udp-domain 10.1.1.1 params securityname public
Syntax
snmp-agent trap enable [ configuration | flash | ospf [ process-id ] [ ospf-trap-list
] | standard [ authentication | coldstart | linkdown |
linkup | warmstart ]* | system | vrrp [ authfailure
| newmaster ] ]
undo snmp-agent
trap enable [ configuration | flash | ospf [ process-id
] [ ospf-trap-list ] | standard [ authentication | coldstart
| linkdown | linkup | warmstart ]* | system | vrrp
[ authfailure | newmaster ] ]
View
System view
Parameter
configuration: Configures to send configuration Traps.
flash: Configures
to send Flash Traps.
ospf [ process-id
] [ ospf-trap-list ]: Configures to send OSPF Traps. The process-id argument
is a process ID. The ospf-trap-list argument indicates a list of Traps
to be sent.
standard: Configures
to send SNMP standard notification or Traps.
authentication: Sends SNMP authentication failure Traps in cases of authentication
failures.
coldstart:
Configures to send SNMP cold start Traps when the device is rebooted.
linkdown:
Configures to send SNMP LinkDown Traps when a port becomes down.
linkup:
Configures to send SNMP LinkUp Traps when a port becomes up.
warmstart:
Configures to send SNMP warm start Traps when SNMP is newly launched.
system: Configures
to send system management MIB (proprietary MIB) Traps.
vrrp [ authfailure
| newmaster ]: Configures to send VRRP Traps.
Description
Use the snmp-agent trap enable
command to enable a device to send SNMP Traps that are of specified types.
Use the undo snmp-agent trap enable
command to disable a device from sending SNMP Traps that are of specified types.
By default, a device sends all types of SNMP
Traps.
The snmp-agent trap enable command
need to be coupled with the snmp-agent target-host command.
The snmp-agent target-host command specifies the destination hosts for SNMP
Traps. At least one destination host is required for SNMP Traps.
Example
# Enable sending of SNMP authentication failure Traps, with the destination
IP address being 10.1.1.1 and the community name being “public”.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent trap enable
authentication
[H3C] snmp-agent target-host trap
address udp-domain 10.1.1.1 params securityname public
Syntax
snmp-agent trap life seconds
undo snmp-agent trap life
View
System view
Parameter
seconds: SNMP
Trap aging time (in seconds) to be set, ranging from 1 to 2,592,000.
Description
Use the snmp-agent trap life command
to set the SNMP Trap aging time. SNMP Traps exceeding the aging time will be discarded.
Use the undo snmp-agent trap life
command to restore the default SNMP Trap aging time.
By default, the SNMP Trap aging time is 120
seconds.
Related command: snmp-agent trap enable,
snmp-agent target-host.
Example
# Set the SNMP Trap aging time as 60
seconds.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent trap life 60
Syntax
snmp-agent trap queue-size size
undo snmp-agent trap queue-size
View
System view
Parameter
size: Length
of an SNMP Trap queue (that is, the maximum number of Traps the queue can
contain), an integer ranging from 1 to 1,000.
Description
Use the snmp-agent trap queue-size
command to set the length of the queue of the SNMP Traps to be sent to the destination.
Use the undo snmp-agent trap queue-size
command to restore the default queue length.
By default, an SNMP Trap queue can contain
up to 100 SNMP Traps.
Related command: snmp-agent trap enable,
snmp-agent target-host, and snmp-agent trap life.
Example
# Set the SNMP Trap queue length to 200.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent trap queue-size 200
Syntax
snmp-agent trap source interface-type interface-number
undo snmp-agent trap source
View
System view
Parameter
nterface-type: Interface type.
interface-number: Interface number.
Description
Use the snmp-agent trap source
command to configure the source address for the SNMP Traps sent.
Use the undo snmp-agent trap source
command to cancel the configuration.
SNMP Traps sent by a server share the same
source IP address regardless of the interfaces through which they are sent. You
can use the snmp-agent trap source command to specify the source IP
address.
By default, the outbound interface is
determined by SNMP.
You can configure this command to track a
specific event by the source addresses of SNMP Traps.
Before configuring an interface to be the source interface for the
SNMP traps sent, make sure the interface is assigned an IP address.
Related command: snmp-agent trap enable,
snmp-agent target-host.
Example
# Configure VLAN-interface 1 as the source interface for the SNMP Traps sent.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent trap source Vlan-interface
1
Syntax
1)
SNMPv1 and SNMPv2C
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl
acl-number ]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
2)
SNMPv3
snmp-agent usm-user v3 user-name group-name [ authentication-mode
{ md5 | sha } auth-password [ privacy-mode des56
priv-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid
engineid-string }
View
System view
Parameter
v1:
Configures to use SNMPv1 security mode.
v2c:
Configures to use SNMPv2C security mode.
v3:
Configures to use SNMPv3 security mode.
user-name: Name
of the user to be added, a string of 1 to 32 characters.
group-name: Name
of the group corresponding to the user, a string of 1 to 32 characters.
authentication-mode: Specifies the safety level as authentication required. If you do
not specify this keyword, neither authentication nor encryption is performed.
md5: Uses HMAC
MD5 algorithm for authentication.
sha: Uses
HMAC SHA algorithm for authentication.
auth-password: Authentication password, a string of 1 to 64 characters.
privacy-mode:
Specifies the security level as encrypted.
des56: Specifies
the encryption protocol as data encryption standard (DES).
priv-password: Encryption password, a string of 1 to 64 characters.
acl-number: ID of a basic ACL, in the range 2000 to 2999.
local: Specifies
a local entity user.
engineid-string:
Engine ID associated with the user, a string comprising of 10 to 64 hexadecimal
digits.
Description
Use the snmp-agent usm-user command
to add a user to an SNMP group.
Use the undo snmp-agent usm-user
command to remove a user from an SNMP group.
While using SNMPv3, SNMP engine ID (for
authentication) is required when you configure a remote user for an agent. If
you change the engine ID after configuring a user, the user corresponding to the
original engine ID becomes invalid.
For SNMPv1 and SNMPv2C, the snmp-agent usm-user
command creates a new community. For SNMPv3, the command adds a user to an SNMP
group.
Related command: snmp-agent group, snmp-agent
community, and snmp-agent local-engineid.
Example
# Add a user named “John” to the SNMPv3 group named “Johngroup”.
And set:
l
security to the level of needing authentication
and encryption
l
authentication protocol to HMAC-MD5
l
authentication password to hello
l
encryption protocol to DES
l
encryption password to cfb128cfb128
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] snmp-agent group v3 Johngroup
privacy
[H3C] snmp-agent usm-user v3 John Johngroup
authentication-mode md5 hello privacy-mode des56 cfb128cfb128
