When configuring SNMP, go to these sections
for information you are interested in:
l
SNMP
Overview
l
SNMP
Configuration
l
Trap
Configuration
l
Displaying
and Maintaining SNMP
l
SNMP
Configuration Examples
1.1 SNMP Overview
Simple network management protocol (SNMP)
offers a framework to monitor network devices through TCP/IP protocol suite. It
provides a set of basic operations in monitoring and maintaining the Internet
and has the following characteristics:
l
Automatic network management: SNMP enables network
administrators to search and modify information, find and diagnose network
problems, plan for network growth, and generate reports on network nodes.
l
SNMP shields the physical differences between
various devices and thus realizes automatic management of products from different
manufacturers. Offering only the basic set of functions, SNMP makes the
management tasks independent of both the physical features of the managed
devices and the underlying networking technology. Thus, SNMP achieves effective
management of devices from different manufactures, especially so in small, high-speed
and low cost network environments.
An SNMP enabled network is comprised of network
management station (NMS) and Agent.
l
NMS is a station that runs the SNMP client
software. It offers a user friendly human computer interface, making it easier
for network administrators to perform most network management tasks. Currently,
the most commonly used NMSs include Sun NetManager and IBM NetView.
l
Agent is a program on the device. It receives
and handles requests sent from the NMS. Only under certain circumstances, such
as interface state change, will the Agent inform the NMS.
l
NMS manages an SNMP enabled network, whereas
Agent is the managed network device. They exchange management information
through the SNMP protocol.
SNMP provides the following four basic
operations:
l
Get operation: NMS gets the behavior information
of the Agent through this operation.
l
Set operation: NMS can reconfigure certain values
in the Agent MIB (management information base) to make the Agent perform
certain tasks by means of this operation.
l
Trap operation: Agent sends Trap information to
the NMS through this operation.
l
Inform operation: NMS sends Trap information to
other NMSs through this operation.
Currently, SNMP agents support SNMPv3 and
are compatible with SNMPv1 and SNMPv2c.
SNMPv1 and SNMPv2c authenticate by means of
community name, which defines the relationship between an SNMP NMS and an SNMP
Agent. SNMP packets with community names that did not pass the authentication
on the device will simply be discarded. A community name performs a similar role
as a key word and can be used to regulate access from NMS to Agent.
SNMPv3 offers an authentication that is
implemented with a User-Based Security Model (USM for short), which could be authentication
with privacy, authentication without privacy, or no authentication no privacy. USM
regulates the access from NMS to Agent in a more efficient way.
Management information base (MIB) is a
collection of all the objects managed by NMS. It defines the set of
characteristics associated with the managed objects, such as the object identifier
(OID), access right and data type of the objects.
MIB stores data using a tree structure. The
node of the tree is the managed object and can be uniquely identified by a path
starting from the root node. As illustrated in the following figure, the managed
object B can be uniquely identified by a string of numbers {1.2.1.1}. This
string of numbers is the OID of the managed object B.
Figure 1-1 MIB tree
1.2 SNMP
Configuration
As configurations for SNMPv3 differ
substantially from those of SNMPv1 and SNMPv2c, their SNMP functionalities will
be introduced separately below.
Follow these steps to configure SNMPv3:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable SNMP Agent
|
snmp-agent
|
Optional
Disabled by default
You can enable SNMP Agent through this
command or any commands that begin with “snmp-agent”.
|
|
Configure SNMP Agent system information
|
snmp-agent sys-info { contact sys-contact | location sys-location
| version { all | { v1 | v2c | v3 }* }
}
|
Optional
The defaults are as follows:
Hangzhou H3C Technologies Co., Ltd. for
contact,
Hangzhou, China for location, and <NONE>
for the version.
|
|
Configure an SNMP agent group
|
snmp-agent group v3 group-name [ authentication |
privacy ] [ read-view read-view ] [ write-view write-view
] [ notify-view notify-view ] [ acl acl-number ]
|
Required
|
|
Add a new user to an SNMP agent group
|
snmp-agent usm-user v3 user-name group-name [ authentication-mode
{ md5 | sha } auth-password [ privacy-mode { des56
| aes128 } priv-password ] ] [ acl acl-number ]
|
Required
|
|
Configure the maximum size of an SNMP
packet that can be received or sent by an SNMP agent
|
snmp-agent packet max-size byte-count
|
Optional
1,500 bytes by default
|
|
Configure the engine ID for a local SNMP
agent
|
snmp-agent local-engineid engineid
|
Optional
Company ID and device ID by default
|
|
Create or update the MIB view content for
an SNMP agent
|
snmp-agent mib-view { included | excluded } view-name oid-tree
[ mask mask-value ]
|
Optional
MIB view name is ViewDefault and OID is 1
by default.
|
Follow these steps to configure SNMPv1 and SNMPv2c:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable SNMP Agent
|
snmp-agent
|
Optional
Disabled by default
You can enable SNMP Agent through this
command or any commands that begin with “snmp-agent”.
|
|
Configure SNMP Agent system information
|
snmp-agent sys-info { contact sys-contact | location sys-location
| version { { v1 | v2c | v3 }* | all }
}
|
Required
The defaults are as follows:
Hangzhou H3C Technologies Co., Ltd. for
contact,
Hangzhou, China for location and <NONE>
for the version.
|
|
Configure SNMP NMS access right
|
Configure directly
|
Configure a community name
|
snmp-agent community { read | write } community-name [ acl
acl-number | mib-view view-name ]*
|
Use either approach.
The community name of SNMPv1 or SNMPv2c is used in direct configuration.
The second approach was introduced to be
compatible with SNMPv3. Adding a user to a specified group equals to the
configuration of the community name of SNMPv1 and SNMPv2c.
The community name configured on NMS
should be consistent with the corresponding username configured on the Agent.
|
|
Configure indirectly
|
Configure an SNMP group
|
snmp-agent group { v1 | v2c } group-name [ read-view read-view
] [ write-view write-view ] [ notify-view notify-view
] [ acl acl-number ]
|
|
Add a new user to an SNMP group
|
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl
acl-number ]
|
|
Configure the maximum size of an SNMP packet
that can be received or sent by an SNMP agent
|
snmp-agent packet max-size byte-count
|
Optional
15,00 bytes by default
|
|
Configure the engine ID for a local SNMP
agent
|
snmp-agent local-engineid engineid
|
Optional
Company ID and device ID by default
|
|
Create or update MIB view content for an
SNMP agent
|
snmp-agent mib-view { included | excluded } view-name oid-tree
[ mask mask-value ]
|
Optional
ViewDefault by default
|
Caution:
The validity of a
USM user depends on the engine ID of the SNMP agent. If the engine ID used for
USM user creation is not identical to the current engine ID, the USM user is
invalid.
1.3 Trap Configuration
SNMP Agent sends Trap messages to NMS to alert
the latter of critical and important events (such as restart of the managed device).
Basic SNMP configurations have been
completed.
I. Enabling Trap message transmission
Follow these steps to enable Trap packet
transmission:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Set to enable the device to send Trap
packets globally
|
snmp-agent trap enable [ bgp | configuration
| flash | mpls | ospf [ process-id ] [ ospf-trap-list
] | standard [ authentication | coldstart | linkdown |
linkup | warmstart ]* | system | vrrp [ authfailure
| newmaster ] ]
|
Optional
All types of Trap packets are allowed by
default.
|
|
Enter interface view
|
interface interface-type interface-number
|
—
|
|
Set to enable the device to send Trap
packets of interface state change
|
enable snmp trap updown
|
Optional
Transmission of Trap packets of interface
state change is allowed by default.
|
Caution:
To enable an
interface to send SNMP Trap packets when its state changes, you need to enable
the Link up/down Trap packet transmission function on an interface and
globally. Use the enable snmp trap updown command to enable this
function on an interface, and use the snmp-agent trap enable [ standard
[ linkdown | linkup ] * ] command to enable this function
globally.
II. Configuring Trap message transmission
parameters
Follow these steps to configure Trap:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Configure target host attribute for Trap
messages
|
snmp-agent target-host trap address udp-domain { ip-address |
ipv6 ipv6-address } [ udp-port port-number ]
params securityname security-string [ v1 | v2c
| v3 [ authentication | privacy ] ]
|
Required
|
|
Configure the source address for Trap
messages
|
snmp-agent trap source { interface-type interface-number }
|
Optional
|
|
Configure the queue size for sending Trap
messages
|
snmp-agent trap queue-size size
|
Optional
100 by default
|
|
Configure the life for Trap messages
|
snmp-agent trap life seconds
|
Optional
120 seconds by default
|
1.4 Displaying and Maintaining SNMP
|
To do…
|
Use the command…
|
Remarks
|
|
Display SNMP-agent system information,
including the contact, location, and version of the SNMP
|
display snmp-agent sys-info [ contact | location | version ]*
|
Available in any view
|
|
Display SNMP agent statistics
|
display snmp-agent statistics
|
|
Display the SNMP agent engine ID
|
display snmp-agent local-engineid
|
|
Display SNMP agent group information
|
display snmp-agent group [ group-name ]
|
|
Display SNMP v3 agent user information
|
display snmp-agent usm-user [ engineid engineid | username user-name
| group group-name ] *
|
|
Display SNMP v1 or v2c agent community
information
|
display snmp-agent community [ read | write ]
|
|
Display MIB view information for an SNMP
agent
|
display snmp-agent mib-view [ exclude | include | viewname view-name
]
|
|
Display the modules that can send Traps
and whether their Trap sending is enabled or not
|
display snmp-agent trap-list
|
1.5 SNMP Configuration Examples
I. Network requirements
l
The NMS connects to the agent, a switch, through
an Ethernet.
l
The IP address of the NMS is 129.102.149.23/16.
l
The IP address of VLAN interface on the switch
is 129.102.0.1/16.
l
On the switch, configure the following: community
name, access right, administrator ID, contact, location, enabling sending of
Trap messages.
II. Network diagram
Figure 1-2 Network diagram for SNMP
III. Configuration procedure
1)
Configuring SNMP Agent
# Configure the community name, the SNMP
agent group, and SNMP agent user.
<Sysname> system-view
[Sysname] snmp-agent sys-info version
all
[Sysname] snmp-agent community read public
[Sysname] snmp-agent community write private
[Sysname] snmp-agent mib-view include
internet 1.3.6.1
[Sysname] snmp-agent group v3 managev3group
write-view internet
[Sysname] snmp-agent usm-user v3 managev3user
managev3group
# Configure the IP address of
VLAN-interface 2 as 129.102.0.1/16 for network management. Add port Ethernet 2/1/3
used for network management to VLAN 2.
[Sysname] vlan 2
[Sysname-vlan2] port ethernet 2/1/3
[Sysname-vlan2] interface
Vlan-interface 2
[Sysname-Vlan-interface2] ip address
129.102.0.1 255.255.0.0
[Sysname-Vlan-interface2] quit
# Configure the system information of the switch.
[Sysname] snmp-agent sys-info version
all
[Sysname] snmp-agent sys-info contact
Mr.Wang-Tel:3306
[Sysname] snmp-agent sys-info location
telephone-closet,3rd-floor
# Enable the sending of Trap messages to
the NMS with an IP address of 129.102.149.23/16, using public as the
community name.
[Sysname] snmp-agent trap enable
[Sysname] snmp-agent target-host trap
address udp-domain 129.102.149.23 udp-port 5000 params securityname public
2)
Configuring SNMP NMS
SNMPv3 uses authentication and privacy
security model. In NMS, the user needs to specify username and security level,
and based on that level, configure the authentication mode, authentication password,
privacy mode, privacy password. In addition, the time-out time and number of
retries should also be configured. The user can inquire and configure the switch
through NMS. For detailed information, refer to the NMS manuals.
The configurations
on the agent and the NMS must match in order to perform the related operations.
