1.1.1 display snmp-agent
Syntax
display snmp-agent { local-engineid |
remote-engineid }
View
Any view
Parameter
local-engineid: Specifies the local SNMP agent engine.
remote-engineid: Specifies remote SNMP agent engines.
Description
Use the display snmp-agent command
to display the local SNMP agent engine ID.
SNMP engine ID identifies an SNMP entity
uniquely within an SNMP domain. SNMP engine is an indispensable part of an SNMP
entity. It provides the SNMP message allocation, message handling, authentication,
and access control.
S5500-SI series
Ethernet switches do not support the remote engine configuration.
Example
# Display the engine ID of the local SNMP
agent.
<Sysname> display snmp-agent local-engineid
SNMP local EngineID: 000007DB7F0000013859
Syntax
display snmp-agent community [ read | write
]
View
Any view
Parameter
read:
Displays the information of communities with read-only access right.
write:
Displays information of communities with read and write access right.
Description
Use the display snmp-agent community
command to display the information about SNMPv1 or SNMPv2c communities.
Example
# Display the information about all the
current communities.
<Sysname> display snmp-agent
community
Community name:8040zlz
Group name:8040zlz
Storage-type: nonVolatile
Community name:8040core
Group name:8040core
Storage-type: nonVolatile
Table 1-1 Descriptions
on the fields of the display snmp-agent community command
|
Field
|
Description
|
|
Community name
|
Community name
|
|
Group name
|
SNMP group name
|
|
Storage-type
|
Storage type, which could be:
volatile: information will be lost if the
system is rebooted
nonVolatile: Information will not be lost
if the system is rebooted
permanent: Modification permitted, but
deletion forbidden
readOnly: read only, that is, no
modification, no deletion
other: other storage types
|
Syntax
display snmp-agent group [ group-name
]
View
Any view
Parameter
group-name:
Specifies the SNMP group name, a string of 1 to 32 characters. Note that SNMP
group names are case-sensitive.
Description
Use the display snmp-agent group
command to display information for the SNMP agent group, including group name,
security model, MIB view, storage type, and so on. Absence of the group-name
parameter indicates that information for all groups will be displayed.
Example
# Display the information of all SNMP agent
groups.
<Sysname> display snmp-agent
group
Group name: mygroup
Security model: v1 noAuthnoPriv
Readview: ViewDefault
Writeview: <no
specified>
Notifyview :<no
specified>
Storage-type: nonVolatile
Group name: managev3group
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: internet
Notifyview :<no
specified>
Storage-type: nonVolatile
Table 1-2 Descriptions on the fields of
the display snmp-agent group command
|
Field
|
Description
|
|
Group name
|
SNMP group
name
|
|
Security
model
|
Security
model of the SNMP group, which can be: authPriv (authentication with
privacy), authNoPriv (authentication without privacy), or noAuthNoPriv (no
authentication no privacy).
|
|
Readview
|
The read
only MIB view associated with the SNMP group
|
|
Writeview
|
The writable
MIB view associated with the SNMP group
|
|
Notifyview
|
The notify
MIB view associated with the SNMP group, the view with entries that can
generate Trap messages
|
|
Storage-type
|
Storage
type, which includes: volatile, nonvolatile, permanent, readOnly, and other.
For detailed information, refer to Table 1-1.
|
Syntax
display snmp-agent mib-view [ exclude | include | viewname view-name
]
View
Any view
Parameter
exclude: Specifies
to displays SNMP MIB views of the “excluded" type.
include: Specifies
to displays SNMP MIB views of the “included" type.
view-name: Name
of the specified MIB view, a string of 1 to 32 characters.
Description
Use the display snmp-agent mib-view command
to display SNMP MIB view information. Absence of the view-name parameter
indicates that information for all MIB views will be displayed.
Example
# Display the current SNMP MIB views.
<Sysname> display snmp-agent mib-view
View name:ViewDefault
MIB Subtree:iso
Subtree mask:
Storage-type: nonVolatile
View Type:included
View status:active
View name:ViewDefault
MIB Subtree:snmpUsmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpVacmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpModules.18
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
Table 1-3 Descriptions on the fields of
the display snmp-agent mib-view command
|
Field
|
Description
|
|
View name
|
MIB view name
|
|
MIB Subtree
|
MIB subtree
|
|
Subtree mask
|
Subtree mask
|
|
Storage-type
|
Storage type
|
|
ViewType: included/excluded
|
Indicates whether an MIB object can be
accessed
|
|
View status
|
The status of MIB view
|
Syntax
display snmp-agent statistics
View
Any view
Parameter
None
Description
Use the display snmp-agent statistics command
to display SNMP statistics.
Example
# Display the statistics on the current
SNMP.
<Sysname> display snmp-agent
statistics
0 Messages delivered to the SNMP
entity
0 Messages which were for an
unsupported version
0 Messages which used a SNMP
community name not known
0 Messages which represented an
illegal operation for the community supplied
0 ASN.1 or BER errors in the
process of decoding
0 Messages passed from the SNMP
entity
0 SNMP PDUs which had badValue
error-status
0 SNMP PDUs which had genErr
error-status
0 SNMP PDUs which had noSuchName
error-status
0 SNMP PDUs which had tooBig
error-status (Maximum packet size 1500)
0 MIB objects retrieved
successfully
0 MIB objects altered successfully
0 GetRequest-PDU accepted and
processed
0 GetNextRequest-PDU accepted and
processed
0 GetBulkRequest-PDU accepted and
processed
0 GetResponse-PDU accepted and
processed
0 SetRequest-PDU accepted and
processed
0 Trap PDUs accepted and processed
0 Alternate Response Class PDUs
dropped silently
0 Forwarded Confirmed Class PDUs
dropped silently
Table 1-4 Descriptions on the fields of
the display snmp-agent statistics command
|
Field
|
Description
|
|
Messages
delivered to the SNMP entity
|
The number
of packets delivered to the SNMP agent
|
|
Messages
which were for an unsupported version
|
The number
of packets from a device with an SNMP version that is not supported by the
current SNMP agent
|
|
Messages
which used a SNMP community name not known
|
The number
of packets that use an unknown community name
|
|
Messages which represented an illegal operation
for the community supplied
|
The number of packets with operations
that breach the access right of a community
|
|
ASN.1 or BER errors in the process of
decoding
|
The number of packets with decoding
errors, such as ASN.1 or BER errors.
|
|
Messages passed from the SNMP entity
|
The number of packets sent by an SNMP agent
|
|
SNMP PDUs which had badValue error-status
|
The number of SNMP PDUs with a badValue
error
|
|
SNMP PDUs which had genErr error-status
|
The number of SNMP PDUs with a genErr
error
|
|
SNMP PDUs which had noSuchName
error-status
|
Number of PDUs with a noSuchName error
|
|
SNMP PDUs which had tooBig error-status
(Maximum packet size 1500)
|
Number of PDUs with a tooBig error (the
maximum packet size is 1,500)
|
|
MIB objects retrieved successfully
|
Number of MIB objects that have been successfully
retrieved
|
|
MIB objects altered successfully
|
The number of MIB objects that have been successfully
modified
|
|
GetRequest-PDU accepted and processed
|
The number of get requests that have been
processed
|
|
GetNextRequest-PDU accepted and processed
|
The number of getNext requests that have
been received and processed
|
|
GetBulkRequest-PDU accepted and processed
|
The number of getBulk requests that have
been processed
|
|
GetResponse-PDU accepted and processed
|
The number of get responses that have
been processed
|
|
SetRequest-PDU accepted and processed
|
The number of set requests that have been
processed
|
|
Trap PDUs accepted and processed
|
The number of Trap messages that have
been processed
|
|
Alternate Response Class PDUs dropped
silently
|
The number of dropped response packets
|
|
Forwarded Confirmed Class PDUs dropped
silently
|
The number of forwarded packets that have
been dropped
|
1.1.6 display snmp-agent sys-info
Syntax
display snmp-agent sys-info [ contact |
location | version ] *
View
Any view
Parameter
contact:
Displays the contact information of the current network administrator.
location:
Displays the location information of the current device.
version:
Displays the version of the current SNMP agent.
Description
Use the display snmp-agent sys-info
command to display the current SNMP system information.
If no keyword is specified, all SNMP agent
system information will be displayed.
Example
# Display the current SNMP agent system information.
<Sysname> display snmp-agent sys-info
The contact person for this
managed node:
R&D Hangzhou, H3C
Technologies co.,Ltd.
The physical location of this
node:
Hangzhou China
SNMP version running in the
system:
SNMPv3
1.1.7 display
snmp-agent usm-user
Syntax
display snmp-agent usm-user [ engineid engineid | username user-name
| group group-name ] *
View
Any view
Parameter
engineid: Displays SNMPv3 user
information for a specified engine ID.
user-name:
Displays SNMPv3 user information for a specified user name, which is case sensitive.
group-name:
Displays SNMPv3 user information for a specified SNMP group name, which is case
sensitive.
Description
Use the display snmp-agent usm-user command
to display SNMPv3 user information.
Example
# Display SNMPv3 information for the current
user aa.
<Sysname> display snmp-agent usm-user
aa
User name: aa
Group name: mygroupv3
Engine ID:
800007DB0000000000006877
Storage-type: nonVolatile
UserStatus: active
Table 1-5 describes the displayed information above.
Table 1-5 Descriptions
on the fields of the display snmp-agent usm-user command
|
Field
|
Description
|
|
User name
|
SNMP user name
|
|
Group name
|
SNMP group name
|
|
Engine ID
|
Engine ID for an SNMP entity
|
|
Storage-type
|
Storage type
|
|
UserStatus
|
SNMP user status
|
Syntax
enable snmp trap updown
undo enable snmp trap updown
View
Ethernet port view
Parameter
None
Description
Use the enable snmp trap updown command
to enable the sending of trap messages about port state changes, including linkup/linkdown
trap messages.
Use the undo enable snmp trap updown command
to disable the sending of SNMP trap messages about port state changes, including
linkup/linkdown trap messages.
By default, the sending of trap messages about
port state changes is enabled.
Note that, if you want a port to send SNMP
trap messages when its port state changes, you must enable the function of
sending linkup/linkdown trap messages both in Ethernet port view and system
view. Use the enable snmp trap updown command to enable this function in
Ethernet port view and use the snmp-agent trap enable [ standard [ linkdown | linkup ]
* ] command to enable this function in system view.
Related command: snmp-agent
target-host, and snmp-agent trap enable.
Example
Enable the sending of linkup/linkdown SNMP
Trap messages on GigabitEthernet1/0/1 and use the community name public.
<Sysname> system-view
[Sysname] snmp-agent trap enable
[Sysname] snmp-agent target-host trap
address udp-domain 10.1.1.1 params securityname public
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] enable
snmp trap updown
1.1.9 snmp-agent
Syntax
snmp-agent
undo snmp-agent
View
System view
Parameter
None
Description
Use the snmp-agent command to enable
SNMP agent.
Use the undo snmp-agent command to
disable SNMP agent.
By default, SNMP agent is disabled.
Example
# Disable the current SNMP agent.
<Sysname> system-view
[Sysname] undo snmp-agent
1.1.10
snmp-agent community
Syntax
snmp-agent
community { read | write } community-name [ acl
acl-number | mib-view view-name ] *
undo snmp-agent
community community-name
View
System view
Parameter
read:
Indicates that the community have read only access right to the MIB objects,
that is, the community can only inquire MIB information.
write:
Indicates that the community have read and write access right to the MIB
objects, that is, the community can configure MIB information.
community-name:
Community name, a string of 1 to 32 characters.
view-name:
MIB view name, a string of 1 to 32 characters.
acl-number:
ACL for the community name, in the range of 2,000 to 2,999.
Description
Use the snmp-agent community command
to configure a new SNMP community. Parameters to be configured include access
right, community name, ACL, and accessible MIB views.
Use the undo snmp-agent community
command to delete a specified community.
The community name configured with this
command is only valid for the SNMP v1 and v2c agent.
Example
# Configure a community with the name of comaccess
that has read-only access right.
<Sysname> system-view
[Sysname] snmp-agent community read comaccess
# Delete the community comaccess.
[Sysname] undo snmp-agent community comaccess
1.1.11 snmp-agent group
Syntax
The following syntax applies to SNMPv1 and
SNMPv2c:
snmp-agent group { v1 | v2c } group-name [ read-view read-view
] [ write-view write-view ] [ notify-view notify-view
] [ acl acl-number ]
undo snmp-agent
group { v1 | v2c } group-name
The following syntax applies to SNMPv3:
snmp-agent group v3 group-name [ authentication | privacy ] [
read-view read-view ] [ write-view write-view ] [ notify-view
notify-view ] [ acl acl-number ]
undo snmp-agent
group v3 group-name [ authentication | privacy ]
View
System view
Parameter
v1: Specifies
SNMPv1.
v2c: Specifies
SNMPv2c.
v3: Specifies
SNMPv3.
group-name:
Group name, a string of 1 to 32 characters.
group-name: Group
name, a string of 1 to 32 characters.
authentication: Specifies the security model of the SNMP group to be
authentication only (without privacy).
privacy:
Specifies the security model of the SNMP group to be authentication and
privacy.
read-view:
Read view, a string of 1 to 32 characters.
write-view:
Write view, a string of 1 to 32 characters.
notify-view:
Notify view, for sending trap messages, a string of 1 to 32 characters.
acl-number: Basic
ACL specified by the group name, in the range of 2000 to 2999.
Description
Use the snmp-agent group command to
configure a new SNMP group and specify its access right.
Use the undo snmp-agent group
command to delete a specified SNMP group.
By default, SNMP groups configured by the snmp-agent
group v3 command use a no-authentication-no-privacy security model.
Related Command: snmp-agent mib-view,
snmp-agent usm-user.
Example
# Create an SNMPv3 group named group1,
without authentication and encryption.
<Sysname> system-view
[Sysname] snmp-agent group v3 group1
1.1.12 snmp-agent local-engineid
Syntax
snmp-agent local-engineid engineid
undo snmp-agent local-engineid
View
System view
Parameter
engineid:
Engine ID, an even number of hexadecimal characters, in the range 10 to 64. Its
length must not be an odd number, and the all-zero and all-F strings are
invalid.
Description
Use the snmp-agent local-engineid command
to configure a local engine ID for an SNMP entity.
Use the undo snmp-agent local-engineid command
to restore the default local engine ID.
By default, the engine ID of a device is
the combination of company ID and device ID. Device ID varies by product; it
could be an IP address, a MAC address, or a self-defined hexadecimal number.
Notice that if the newly configured engine
ID is not the same as the one used for creating the USM user, the user is
invalid.
Related command: snmp-agent usm-user.
Example
# Configure the local engine ID to be 123456789A.
<Sysname> system-view
[Sysname] snmp-agent local-engineid
123456789A
1.1.13
snmp-agent mib-view
Syntax
snmp-agent mib-view { included | excluded } view-name oid-tree [ mask
mask-value ]
undo snmp-agent mib-view view-name
View
System view
Parameter
view-name:
View name, a string of 1 to 32 characters.
oid-tree:
MIB object identifier tree. It can only be an OID string of 1 to 25 characters,
such as 1.4.5.3.1, or an object name string, such as “system”. OID
is made up of a series of integers, which marks the position of the node in the
MIB tree and uniquely identifies an MIB object.
included:
Indicates that all the nodes in the MIB tree are included in the current view.
excluded:
Indicates that all the nodes in the MIB tree are not included in the current
view.
mask-value: Mask
for an object tree, in the range 1 to 32 hexadecimal digits.
Description
Use the snmp-agent mib-view command
to create or update MIB view information to specify MIB objects that the
network management station (NMS) can access.
Use the undo snmp-agent mib-view
command to delete the current configuration.
By default, MIB view name is ViewDefault,
OID of which is 1.
Related command: snmp-agent group.
Example
# Create a MIB view that includes all
objects of mib2.
<Sysname> system-view
[Sysname] snmp-agent mib-view
included mib2 1.3.6.1
Syntax
snmp-agent packet max-size byte-count
undo snmp-agent packet max-size
View
System view
Parameter
byte-count: Maximum
number of bytes of an SNMP packet that can be received or sent by an agent, in
the range of 484 to 17,940. The default value is 1,500 bytes.
Description
Use the snmp-agent packet max-size command
to configure the maximum number of bytes in an SNMP packet that can be received
or sent by an agent.
Use the undo snmp-agent packet max-size command
to restore the default packet size.
Example
# Configure the maximum number of bytes
that can be received or sent by an SNMP agent to 1,042 bytes.
<Sysname> system-view
[Sysname] snmp-agent packet max-size
1042
1.1.15 snmp-agent sys-info
Syntax
snmp-agent sys-info { contact sys-contact | location sys-location
| version { { v1 | v2c | v3 } *| all } }
undo snmp-agent sys-info { contact | location | version { { v1 | v2c | v3 }*
| all } }
View
System view
Parameter
sys-contact:
String of 1 to 200 characters that describes the contact information for system
maintenance.
sys-location:
String of 1 to 200 characters that describes the location of the device.
version: The
SNMP version in use.
v1: SNMPv1.
v2c: SNMPv2c.
v3: SNMPv3.
all: Specifies
SNMPv1, SNMPv2c, and SNMPv3.
Description
Use the snmp-agent sys-info command
to configure system information, including the contact information, the
location, and the SNMP version in use.
Use the undo snmp-agent sys-info command
to restore the default configuration.
By default, the location information is Hangzhou
China, version is SNMPv3, and the contact is R&D Hangzhou, H3C Technologies
co.,Ltd.
Related command: display snmp-agent
sys-info.
Network maintenance
engineers can use the system contact information to get in touch with the
manufacturer in cases of network failures. The system location information is a
management variable under the system branch as defined in RFC1213-MIB, it identifies
the location of the managed object.
Example
# Configure the contact information as “Dial
System Operator at beeper # 27345”.
<Sysname> system-view
[Sysname] snmp-agent sys-info contact
Dial System Operator at beeper # 27345
1.1.16 snmp-agent target-host
Syntax
snmp-agent target-host trap address udp-domain { ip-address | ipv6
ipv6-address } [ udp-port port-number ] params securityname
security-string [ v1 | v2c | v3 [ authentication
| privacy ] ]
undo snmp-agent
target-host { ip-address | ipv6 ipv6-address } securityname
security-string
View
System view
Parameter
trap:
Specifies the host to be the Trap host.
address:
Specifies the IP address of the target host for the SNMP messages.
udp-domain:
Indicates that the Trap message is transmitted to the target host using UDP.
ip-address: IPv4
address of the Trap host.
ipv6: Specifies
that the target host that receives Trap messages uses the IPv6 address.
ipv6-address: IPv6 address of the Trap host.
port-number:
Number of the port that receives Trap packets, in the range of 0 to 65535.
params: Specifies
the target host information used for generating SNMP messages.
security-string: SNMPv1 or SNMPv2c community name or SNMPv3 user name, a string of
1 to 32 characters.
v1: Specifies
SNMPv1.
v2c: Specifies
SNMPv2c.
v3: Specifies
SNMPv3.
authentication: Specifies the security model to be authentication without privacy.
privacy:
Specifies the security model to be authentication with privacy.
Description
Use the snmp-agent target-host command
to configure the related settings for a Trap target host.
Use the undo snmp-agent target-host
command to delete the current settings.
Related Command: enable snmp trap updown,
snmp-agent trap enable, snmp-agent trap source, and snmp-agent
trap life.
Example
# Enable the device to send SNMP Traps to 10.1.1.1,
using the community name of “public”.
<Sysname> system-view
[Sysname] snmp-agent trap enable standard
[Sysname] snmp-agent target-host trap
address udp-domain 10.1.1.1 params securityname public
1.1.17 snmp-agent trap enable
Syntax
snmp-agent trap enable [ configuration | flash | standard [ authentication | coldstart
| linkdown | linkup | warmstart ] * | system ]
undo snmp-agent trap enable [ configuration | flash | standard [ authentication | coldstart
| linkdown | linkup | warmstart ] * | system ]
View
System view
Parameter
configuration: Enables the sending of configuration Trap packets.
flash:
Enables the sending of FLASH Trap packets.
standard:
Enables the sending of standard Trap packets.
authentication: Enables the sending of authentication failure Trap packets in the
event of authentication failure.
coldstart:
Sends coldstart Trap packets when the device restarts.
linkdown:
Sends linkdown Trap packets when the port is down. This keyword is specified
globally.
linkup:
Sends linkup Trap packets when the port is up. This keyword is specified
globally.
warmstart:
Sends warmstart Trap packets when the SNMP restarts.
system:
Sends H3C-SYS-MAN-MIB (a private MIB) Trap packets.
Description
Use the snmp-agent trap enable command
to enable the device to send Traps globally.
Use the undo snmp-agent trap enable command
to disable the device from sending Traps.
By default, the device is enabled to send
Trap messages of all types.
Note that, if you want a port to send SNMT
trap messages when its port state changes, you must enable the function of
sending linkup/linkdown trap messages both in Ethernet port view and system
view. Use the enable snmp trap updown command to enable this function in
Ethernet port view and use the snmp-agent trap enable [ standard [ linkdown | linkup ]
* ] command to enable this function in system view.
Related command: snmp-agent target-host, and enable snmp
trap updown.
Example
# Enable the device to send SNMP
authentication failure packets to 10.1.1.1, using the community name of “public”.
<Sysname> system-view
[Sysname] snmp-agent trap enable
standard authentication
[Sysname] snmp-agent target-host trap
address udp-domain 10.1.1.1 params securityname public
1.1.18
snmp-agent trap life
Syntax
snmp-agent trap life seconds
undo snmp-agent trap life
View
System view
Parameter
seconds:
Time-out time, in the range of 1 to 2,592,000 seconds.
Description
Use the snmp-agent trap life command
to configure the life time for Traps, which will be discarded when their life
time expires.
Use the undo snmp-agent trap life command
to restore the default life time for Trap packets.
By default, the life time for SNMP Traps is
120 seconds.
Related Command: snmp-agent trap enable,
snmp-agent target-host.
Example
# Configure the life time for Trap packets as
60 seconds.
<Sysname> system-view
[Sysname] snmp-agent trap life 60
Syntax
snmp-agent trap queue-size size
undo snmp-agent trap queue-size
View
System view
Parameter
size: The
queue size for the Trap messages, in the range of 1 to 1,000.
Description
Use the snmp-agent trap queue-size command
to configure the size of the Trap queue.
Use the undo snmp-agent trap queue-size command
to restore the default queue size.
By default, up to 100 Trap messages can be
stored in the Trap queue.
Related Command: snmp-agent trap enable,
snmp-agent target-host, snmp-agent trap life.
Example
# Configure the size of the Trap queue.
<Sysname> system-view
[Sysname] snmp-agent trap queue-size
200
1.1.20
snmp-agent trap source
Syntax
snmp-agent trap source interface-type interface-number
undo snmp-agent trap source
View
System view
Parameter
interface-type interface-number : Interface type and interface number.
Description
Use the snmp-agent trap source command
to specify the source IP address sending the Trap message.
Use the undo snmp-agent trap source command
to restore the default.
By default, SNMP chooses the IP address of
an outgoing interface to be the source IP address of the Trap message.
Use this command to trace a specific event
by the source IP address of a Trap message.
Note: Before you can configure the IP
address of a particular interface as the source IP address of the Trap message,
ensure that the interface already exists and that it has a legal IP address.
Otherwise, it is likely that the configurations will either fail or be invalid.
Related Command: snmp-agent trap enable, and snmp-agent target-host.
Example
# Configure the IP address of Vlan-interface
1 to be the source address for Trap messages.
<Sysname> system-view
[Sysname] snmp-agent trap source Vlan-interface
1
1.1.21 snmp-agent usm-user
Syntax
The following syntax applies to SNMPv1 and SNMPv2c:
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number
]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
The following syntax applies to SNMPv3.
snmp-agent usm-user v3 user-name group-name [ authentication-mode
{ md5 | sha } auth-password [ privacy-mode { des56
| aes128 } priv-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid
engineid-string }
View
System view
Parameter
v1: SNMPv1.
v2c: SNMPv2c.
v3: SNMPv3.
user-name:
User name, a case-sensitive string of 1 to 32 characters.
group-name:
Group name, a case-sensitive string of 1 to 32 characters.
authentication-mode: Specifies that the security mode is authentication.
md5:
Specifies the authentication protocol to be HMAC-MD5-96.
sha: Specifies
the authentication protocol to be HMAC-SHA-96.
auth-password: Authentication password, a string of 1 to 64 characters.
privacy:
Specifies that the security mode is privacy.
des56:
Specifies the privacy protocol to be DES.
aes128:
Specifies the privacy protocol to be Advanced Encryption Standard (AES for
short).
priv-password: The privacy password, a string of 1 to 64 characters.
acl-number: ACL, in the range of 2,000 to 2,999.
local:
Represents a local SNMP entity user.
engineid-string:
The engine ID string, an even number (in the range of 10 to 64) of hexadecimal
numbers. An odd number of hexadecimal numbers, all-zero, and all-F are all
regarded as invalid parameters.
Description
Use the snmp-agent usm-user command
to add a user to an SNMP group.
Use the undo snmp-agent usm-user command
to delete a user from an SNMP group.
You need to use the remote agent’s engineID
during authentication after configuring its users. If the engineID has changed,
the associated user becomes invalid.
For SNMPv1 and SNMPv2c, this command means
adding of a new SNMP group. For SNMPv3, this command adds a new user to an SNMP
group.
Related command: snmp-agent group, snmp-agent
community, snmp-agent local-engineid.
Example
# Add a user John to the SNMP group Johngroup.
Configure the security model to be authentication, the authentication protocol
to be HMAC-MD5-96, and the authentication password to be hello.
<Sysname> system-view
[Sysname] snmp-agent group v3 Johngroup
[Sysname] snmp-agent usm-user v3 John
Johngroup authentication-mode md5 hello
