An SNMP engine ID identifies an SNMP entity uniquely within an SNMP domain. As an indispensable part of an SNMP entity, an SNMP engine performs the function of sending, receiving and authenticating SNMP messages, extracting PDUs, packet assembling and the communication with SNMP applications.

Example

# Display the local SNMP entity engine ID.

<H3C> display snmp-agent local-engineid

SNMP local EngineID: 800007DB00E0FC0031006877

SNMP local EngineID in the above information represents the local SNMP entity engine ID.

1.1.2 display snmp-agent community

Syntax

display snmp-agent community [ read | write ]

View

Any view

Parameter

read: Displays the information about the SNMP communities with read-only permission.

write: Displays the information about the SNMP communities with read-write permission.

Description

Use the display snmp-agent community command to display the information about the SNMPv1/SNMPv2C communities with the specific access permission.

If you specify no keyword when executing this command, the information about all the existing SNMPv1/SNMPv2C communities is displayed.

Example

# Display the information about all the existing SNMPv1/SNMPv2C communities.

<H3C> display snmp-agent community

Community name:public

Group name:public

Storage-type: nonVolatile

Community name:private

Group name:private

Storage-type: nonVolatile

Table 1-1 Description on the fields of the display snmp-agent community command

Field	Description
Community name	Community name
Group name	Group name
Storage-type	Storage type, which can be “volatile”, “nonVolatile”, “permanent”, “readOnly”, and “other”.

1.1.3 display snmp-agent group

Syntax

display snmp-agent group [ group-name ]

View

Any view

Parameter

group-name: Name of the desired SNMP group, a string of 1 to 32 characters.

Description

Use the display snmp-agent group command to display the information about a SNMP group, including group name, security mode, states of various views, and storage mode.

If you do not specify the group-name argument, this command displays the information about all the existing SNMP groups.

Example

# Display the information about all the SNMP groups.

<H3C> display snmp-agent group

Group name: v3r2

Security model: v3 noAuthnoPriv

Readview: ViewDefault

Writeview: <no specified>

Notifyview :<no specified>

Storage-type: nonvolatile

Table 1-2 Description on the fields of the display snmp-agent group command

Field	Description
Group name	SNMP group name of the user
Security model	SNMP group security mode, which can be “AuthPriv” (authorization and encryption), “AuthnoPriv” (authorization and no encryption), and “noAuthnoPriv” (no authorization and no encryption).
Readview	Read-only MIB view corresponding to the SNMP group
Writeview	Writable MIB view corresponding to the SNMP group
Notifyview	Notify MIB view corresponding to the SNMP group
storage-type	Storage type, which can be “volatile”, “nonVolatile”, “permanent”, “readOnly”, and “other”.

1.1.4 display snmp-agent mib-view

Syntax

display snmp-agent mib-view [ exclude | include | viewname view-name ]

View

Any view

Parameter

exclude: Specifies the SNMP MIB views that are of the excluded type.

Include: Specifies the SNMP MIB views that are of the included type.

view-name: Name of an SNMP MIB view.

Description

Use the display snmp-agent mib-view command to display the MIB view configuration of the current Ethernet switch.

If you specify no keyword when executing this command, the configuration of all the MIB views is displayed.

Example

# Display the information about the currently configured MIB view.

<H3C> display snmp-agent mib-view

View name:ViewDefault

MIB Subtree:internet

Subtree mask:

Storage-type: nonVolatile

View Type:included

View status:active

View name:ViewDefault

MIB Subtree:snmpUsmMIB

Subtree mask:

Storage-type: nonVolatile

View Type:excluded

View status:active

View name:ViewDefault

MIB Subtree:snmpVacmMIB

Subtree mask:

Storage-type: nonVolatile

View Type:excluded

View status:active

View name:ViewDefault

MIB Subtree:snmpModules.18

Subtree mask:

Storage-type: nonVolatile

View Type:excluded

View status:active

1.1.5 display snmp-agent statistics

Syntax

display snmp-agent statistics

View

Any view

Parameter

None

Description

Use the display snmp-agent statistics command to display the statistics on SNMP packets.

Example

# Display the statistics on SNMP packets.

<H3C> display snmp-agent statistics

1276 Messages delivered to the SNMP entity

0 Messages which were for an unsupported version

0 Messages which used a SNMP community name not known

0 Messages which represented an illegal operation for the community supplied

0 ASN.1 or BER errors in the process of decoding

1291 Messages passed from the SNMP entity

0 SNMP PDUs which had badValue error-status

0 SNMP PDUs which had genErr error-status

7 SNMP PDUs which had noSuchName error-status

0 SNMP PDUs which had tooBig error-status (Maximum packet size 1500)

3669 MIB objects retrieved successfully

26 MIB objects altered successfully

420 GetRequest-PDU accepted and processed

832 GetNextRequest-PDU accepted and processed

0 GetBulkRequest-PDU accepted and processed

1276 GetResponse-PDU accepted and processed

24 SetRequest-PDU accepted and processed

15 Trap PDUs accepted and processed

0 Alternate Response Class PDUs droped silently

0 Forwarded Confirmed Class PDUs droped silently

1.1.6 display snmp-agent sys-info

Syntax

display snmp-agent sys-info [ contact | location | version ]*

View

Any view

Parameter

contact: Displays the contact information of the current device.

location: Displays the physical location of the current device.

version: Displays the version information about the SNMP running in the system.

Description

Use the display snmp-agent sys-info command to display the system SNMP information about the current device.

This command displays all the system SNMP information if you execute it with no keyword specified.

Example

# Display the system SNMP information about the device.

<H3C> display snmp-agent sys-info

The contact person for this managed node:

Hangzhou H3C Technologies. Co.,Ltd.

The physical location of this node:

Hangzhou China

SNMP version running in the system:

SNMPv1 SNMPv2c SNMPv3

1.1.7 display snmp-agent trap-list

Syntax

display snmp-agent trap-list

View

Any view

Parameter

None

Description

Use the display snmp-agent trap-list command to display the states of the Traps.

Related command: snmp-agent trap enable.

Example

# Display the states of the Traps.

<H3C> display snmp-agent trap-list

configuration trap enable

flash trap enable

ospf trap enable

standard trap enable

system trap enable

vrrp trap disable

Enable traps :5; Disable traps 1

1.1.8 display snmp-agent usm-user

Syntax

display snmp-agent usm-user [ engineid engineid | username user-name | group group-name ]*

View

Any view

Parameter

engineid: Engine ID, a string comprising of 10 to 64 hexadecimal digits.

user-name: SNMPv3 user name, a string comprising of 1 to 32 characters.

group-name: Name of an SNMP group, a string comprising of 1 to 32 characters.

Description

Use the display snmp-agent usm-user command to display the information about a specific type of SNMP users.

If you execute this command with no keyword specified, the information about all the SNMP users is displayed.

Example

# Display the information about all the SNMP users.

<H3C> display snmp-agent usm-user

User name: usm-user

Group name: usm-group

Engine ID: 800007DB00E0FC0031006877

Storage-type: nonVolatile

UserStatus: active

Table 1-3 Description on the fields of the display snmp-agent usm-user command

Field	Description
User name	SNMP user name
Group name	The name of the SNMP group which the SNMP user belongs to
Engine ID	SNMP engine ID of the device
Storage-type	Storage type, which can be “volatile”, “nonVolatile”, “permanent”, “readOnly”, and “other”.
UserStatus	SNMP user status

1.1.9 enable snmp trap updown

Syntax

enable snmp trap updown

undo enable snmp trap updown

View

Ethernet port view, interface view

Parameter

None

Description

Use the enable snmp trap updown command to enable the sending of port/interface Link Up and Link Down traps.

Use the undo enable snmp trap updown command to disable the sending of Link Up and Link Down traps.

By default, the sending of port/interface Link Up and Link Down traps is enabled.

The enable snmp trap updown command need to be coupled with the snmp-agent target-host command. You can use the snmp-agent target-host command to specify the hosts that can receive Trap messages. To enable the sending of Trap messages, you need to specify at least one host that is to receive the Trap messages using the snmp-agent target-host command.

Example

# Enable the port Ethernet 1/0/1 to send Link Up and Link Down SNMP Trap massages to the NMS whose IP address is 10.1.1.1 using the community name “public”.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent trap enable

[H3C] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

[H3C] interface Ethernet1/0/1

[H3C-Ethernet1/0/1] enable snmp trap updown

1.1.10 snmp-agent

Syntax

snmp-agent

undo snmp-agent

View

System view

Parameter

None

Description

Use the snmp-agent command to enable the SNMP agent.

Use the undo snmp-agent command to disable the SNMP agent.

By default, the SNMP agent is disabled.

Example

# Disable the SNMP agent (assuming that the SNMP agent is currently enabled).

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] undo snmp-agent

& Note:

An S3100-52P Ethernet switch acts as the following to prevent attacks through unused sockets.

l Opening UDP port 161 (which is used by SNMP agents) and UDP port 1024 (which is used by SNMP-trap clients) only when SNMP is enabled.

l Closing UDP port 161 and UDP port 1024 when SNMP is disabled.

This function is achieved in the following way.

l Executing the snmp-agent command or any of the commands used to configure the SNMP agent causes the SNMP agent being enabled and UDP port 161 and UDP port 1024 being opened.

l Executing the undo snmp-agent command causes UDP port 161 and UDP port 1024 being closed as well.

1.1.11 snmp-agent community

Syntax

snmp-agent community { read | write } community-name [ [ acl acl-number ] [ mib-view view-name ] ]*

undo snmp-agent community community-name

View

System view

Parameter

read: Specifies that the community to be created has read-only permission to MIB objects. Communities of this type can only query MIBs for device information.

write: Specifies that the community to be created has read-write permission to MIB objects. Communities of this type are capable of configuring devices.

community-name: Name of the community to be created, a string of 1 to 32 characters.

view-name: MIB view name, a string of 1 to 32 characters.

acl-number: ID of the ACL to be applied to the community, in the range 2000 to 2999.

Description

Use the snmp-agent community command to create an SNMP community for accessing MIB objects.

Use the undo snmp-agent community command to remove an SNMP community.

Example

# Create an SNMP community named “comaccess”, which has read-only permission to MIB objects.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent community read comaccess

# Create an SNMP community named “mgr”, which has read-write permission to MIB objects

[H3C] snmp-agent community write mgr

# Remove the community named “comaccess”.

[H3C] undo snmp-agent community comaccess

1.1.12 snmp-agent group

Syntax

1) Version 1 and version 2C

snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]

undo snmp-agent group { v1 | v2c } group-name

2) Version 3

snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]

undo snmp-agent group v3 group-name [ authentication | privacy ]

View

System view

Parameter

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2C.

v3: Specifies SNMPv3.

group-name: Name of the SNMP group to be created, a string of 1 to 32 characters.

authentication: Configures to authenticate but do not encrypt the packets.

privacy: Configures to authenticate and encrypt the packets.

read-view: Read-only view name, a string of 1 to 32 characters.

write-view: Read-write view name, a string of 1 to 32 characters.

notify-view: Notification view name, a string of 1 to 32 characters.

acl-number: ID of a basic ACL, in the range 2000 to 2999.

Description

Use the snmp-agent group command to create an SNMP group to map SNMP users to the corresponding SNMP views.

Use the undo snmp-agent group command to remove an SNMP group.

By default, the SNMP groups created using the snmp-agent group v3 command do not authenticate or encrypt packets.

Related command: snmp-agent mib-view, snmp-agent usm-user.

Example

# Create an SNMPv3 group named “group1”.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent group v3 group1

1.1.13 snmp-agent local-engineid

Syntax

snmp-agent local-engineid engineid

undo snmp-agent local-engineid

View

System view

Parameter

engineid: Engine ID to be set, a string comprising of 10 to 64 hexadecimal digits.

Description

Use the snmp-agent local-engineid command to set an engine ID for the local SNMP entity.

Use the undo snmp-agent local-engineid command to restore the default engine ID.

By default, the engine ID of an SNMP entity is formed by appending the device information to the enterprise number. The device information can be determined according to the device, which can be an IP address, a MAC address, or a user-defined string comprising of hexadecimal digits.

Related command: snmp-agent usm-user.

Example

# Set the local SNMP entity engine ID to 123456789A.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent local-engineid 123456789A

1.1.14 snmp-agent log

Syntax

snmp-agent log { set-operation | get-operation | all }

undo snmp-agent log { set-operation | get-operation | all }

View

System view

Parameter

set-operation: Logs the set operations.

get-operation: Logs the get operations.

all: Logs both the set operations and get operations.

Description

Use the snmp-agent log command to enable network management operation logging.

Use the undo snmp-agent log command to disable network management operation logging.

By default, network management operation logging is disabled.

& Note:

l In the environment of a single device, use the display logbuffer command to view the log of the get and set operations performed on the NMS.

l In the fabric environment, use the display logbuffer command on the master device to view the log of the set operations. Use the display logbuffer command on the devices receiving the get messages to view the log of the get operations performed on the NMS.

Example

# Enable logging for both the get and the set operations performed on the NMS.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent log all

1.1.15 snmp-agent mib-view

Syntax

snmp-agent mib-view { included | excluded } view-name oid-tree

undo snmp-agent mib-view view-name

View

System view

Parameter

view-name: View name.

oid-tree: OID MIB subtree of a MIB object subtree. It can be the ID of a node in OID MIB subtree (such as 1.4.5.3.1) or an OID (such as “system”). This argument can contain wildcards (such as 1.4.5.*.*.1).

included: Includes this MIB subtree.

excluded: Excludes this MIB subtree.

Description

Use snmp-agent mib-view command to create or update the information about a MIB view to limit the MIB objects the NMS can access.

Use the undo snmp-agent mib-view command to cancel the current setting.

By default, the view name is “ViewDefault” and the OID is 1.

Related command: snmp-agent group.

Example

# Create an SNMP MIB view that contain all the objects of the MIB subtree mib2 (assuming that the corresponding OID is 1.3.6.1.2.1).

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent mib-view included mib2 1.3.6.1.2.1

1.1.16 snmp-agent packet max-size

Syntax

snmp-agent packet max-size byte-count

undo snmp-agent packet max-size

View

System view

Parameter

byte-count: Maximum SNMP packet size (in bytes) to be set, ranging from 484 to 17,940.

Description

Use the snmp-agent packet max-size command to set the maximum SNMP packet size allowed by an agent.

Use undo snmp-agent packet max-size command to restore the default maximum SNMP packet size.

By default, the maximum SNMP packet size allowed by an agent is 1,500 bytes.

Example

# Set the maximum SNMP packet size allowed by the agent to 1,042 bytes.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent packet max-size 1042

1.1.17 snmp-agent sys-info

Syntax

snmp-agent sys-info { contact sys-contact | location sys-location | version { { v1 | v2c | v3 }* | all } }

undo snmp-agent sys-info { contact | location | version { { v1 | v2c | v3 }* | all } }

View

System view

Parameter

sys-contact: Contact information for system maintenance.

sys-location: Geographical location of the device.

version: Specifies the SNMP version to be employed.

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2C.

v3: Specifies SNMPv3.

all: Specifies all the SNMP versions available, that is, SNMPv1, SNMPv2C, and SNMPv3.

Description

Use the snmp-agent sys-info command to set the system information, including geographical location of the device, contact information for system maintenance, and the SNMP version employed.

Use the undo snmp-agent sys-info location command to restore the default settings.

If the device fails, you can contact the device manufacturer according to the system information.

By default, the contact information of an S3100-52P Ethernet switch is "Hangzhou H3C Technologies. Co.,Ltd.", the geographical location is "Hangzhou China", the SNMP version employed is SNMPv3.

Related command: display snmp-agent sys-info.

Example

# Set the contact information for system maintenance as “Dial System Operator # 1234”.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent sys-info contact Dial System Operator # 1234

1.1.18 snmp-agent target-host

Syntax

snmp-agent target-host trap address udp-domain { ip-address } [ udp-port port-number ] params securityname security-string [ v1 | v2c | v3 [authentication | privacy ] ]

undo snmp-agent target-host ip-address securityname security-string

View

System view

Parameter

trap: Enables the host to receive SNMP Traps.

address: Specifies the destination for the SNMP Traps.

udp-domain: Specifies to use UDP to communicate with the target host.

ip-address: The IPv4 address of the host that is to receive the Traps.

port-number: Number of the port that is to receive the Traps.

params: Specifies SNMP target host information to be used in the generation of SNMP Traps.

security-string: SNMPv1/SNMPv2C community name or SNMPv3 user name, a string of 1 to 32 characters.

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2C.

v3: Specifies SNMPv3.

authentication: Configures to authenticate the packets without encryption.

privacy: Configures to authenticate and encrypt the packets.

Description

Use snmp-agent target-host command to configure a destination for the SNMP Traps generated by the local device.

Use undo snmp-agent target-host command to cancel the current setting.

To enable a device to send SNMP Traps, the snmp-agent target-host command need to be coupled with a command among the snmp-agent trap enable command and the enable snmp trap updown command.

1) Use the snmp-agent trap enable or enable snmp trap updown command to specify the types of the SNMP Traps a device can send (By default, a device can send all types of SNMP Traps).

2) Use the snmp-agent target-host command to set the address of the destination for the SNMP Traps.

Related command: snmp-agent trap enable, snmp-agent trap source, and snmp-agent trap life.

Example

# Enable sending SNMP Traps to 10.1.1.1, setting the community name as “public”.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent trap enable standard

[H3C] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

1.1.19 snmp-agent trap enable

Syntax

View

System view

Parameter

Configuration: Configures to send configuration Traps.

flash: Configures to send Flash Traps.

ospf [ process-id ] [ ospf-trap-list ]: Configures to send OSPF Traps. The process-id argument is a process ID. The ospf-trap-list argument indicates a list of Traps to be sent.

standard: Configures to send SNMP standard notification or Traps.

authentication: Sends SNMP authentication failure Traps in cases of authentication failures.

coldstart: Configures to send SNMP cold start Traps when the device is rebooted.

linkdown: Configures to send SNMP LinkDown Traps when a port becomes down.

linkup: Configures to send SNMP LinkUp Traps when a port becomes up.

warmstart: Configures to send SNMP warm start Traps when SNMP is newly launched.

system: Configures to send H3C-SYS-MAN-MIB (proprietary MIB) Traps.

vrrp [ authfailure | newmaster ]: Configures to send VRRP Traps.

Description

Use the snmp-agent trap enable command to enable a device to send SNMP Traps that are of specified types.

Use the undo snmp-agent trap enable command to disable a device from sending SNMP Traps that are of specified types.

By default, a device sends all types of SNMP Traps.

The snmp-agent trap enable command need to be coupled with the snmp-agent target-host command. The snmp-agent target-host command specifies the destination hosts for SNMP Traps. At least one destination host is required for SNMP Traps.

Example

# Enable sending of SNMP authentication failure Traps, with the destination IP address being 10.1.1.1 and the community name being “public”.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent trap enable authentication

[H3C] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

1.1.20 snmp-agent trap life

Syntax

snmp-agent trap life seconds

undo snmp-agent trap life

View

System view

Parameter

seconds: SNMP Trap aging time (in seconds) to be set, ranging from 1 to 2,592,000.

Description

Use the snmp-agent trap life command to set the SNMP Trap aging time. SNMP Traps exceeding the aging time will be discarded.

Use the undo snmp-agent trap life command to restore the default SNMP Trap aging time.

By default, the SNMP Trap aging time is 120 seconds.

Related command: snmp-agent trap enable, snmp-agent target-host.

Example

# Set the SNMP Trap aging time as 60 seconds.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent trap life 60

1.1.21 snmp-agent trap queue-size

Syntax

snmp-agent trap queue-size size

undo snmp-agent trap queue-size

View

System view

Parameter

size: Length of an SNMP Trap queue (that is, the maximum number of Traps the queue can contain), an integer ranging from 1 to 1,000.

Description

Use the snmp-agent trap queue-size command to set the length of the queue of the SNMP Traps to be sent to the destination.

Use the undo snmp-agent trap queue-size command to restore the default queue length.

By default, an SNMP Trap queue can contain up to 100 SNMP Traps.

Related command: snmp-agent trap enable, snmp-agent target-host, and snmp-agent trap life.

Example

# Set the SNMP Trap queue length to 200.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent trap queue-size 200

1.1.22 snmp-agent trap source

Syntax

snmp-agent trap source interface-type interface-number

undo snmp-agent trap source

View

System view

Parameter

interface-type: Interface type.

interface-number: Interface number.

Description

Use the snmp-agent trap source command to configure the source address for the SNMP Traps sent.

Use the undo snmp-agent trap source command to cancel the configuration.

SNMP Traps sent by a server share the same source IP address regardless of the interfaces through which they are sent. You can use the snmp-agent trap source command to specify the source IP address.

By default, the outbound interface is determined by SNMP.

You can configure this command to track a specific event by the source addresses of SNMP Traps.

& Note:

Before configuring an interface to be the source interface for the SNMP traps sent, make sure the interface is assigned an IP address.

Related command: snmp-agent trap enable, snmp-agent target-host.

Example

# Configure VLAN-interface 1 as the source interface for the SNMP Traps sent.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent trap source Vlan-interface 1

1.1.23 snmp-agent usm-user

Syntax

1) SNMPv1 and SNMPv2C

snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]

undo snmp-agent usm-user { v1 | v2c } user-name group-name

2) SNMPv3

snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } auth-password [ privacy-mode des56 priv-password ] ] [ acl acl-number ]

undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string }

View

System view

Parameter

v1: Configures to use SNMPv1 security mode.

v2c: Configures to use SNMPv2C security mode.

v3: Configures to use SNMPv3 security mode.

user-name: Name of the user to be added, a string of 1 to 32 characters.

group-name: Name of the group corresponding to the user, a string of 1 to 32 characters.

authentication-mode: Specifies the safety level as authentication required. If you do not specify this keyword, neither authentication nor encryption is performed.

md5: Uses HMAC MD5 algorithm for authentication.

sha: Uses HMAC SHA algorithm for authentication.

auth-password: Authentication password, a string of 1 to 64 characters.

privacy: Specifies the security level as encrypted.

des56: Specifies the authentication protocol as DES.

priv-password: Encryption password, a string of 1 to 64 characters.

acl-number: ID of a basic ACL, in the range 2000 to 2999.

local: Specifies a local entity user.

engineid-string: Engine ID associated with the user, a string comprising of 10 to 64 hexadecimal digits.

Description

Use the snmp-agent usm-user command to add a user to an SNMP group.

Use the undo snmp-agent usm-user command to remove a user from an SNMP group.

While using SNMPv3, SNMP engine ID (for authentication) is required when you configure a remote user for an agent. If you change the engine ID after configuring a user, the user corresponding to the original engine ID becomes invalid.

For SNMPv1 and SNMPv2C, the snmp-agent usm-user command creates a new community. For SNMPv3, the command adds a user to an SNMP group.

Related command: snmp-agent group, snmp-agent community, and snmp-agent local-engineid.

Example

# Add a user named “John” to the SNMPv3 group named “Johngroup”, specifying to use HMAC-MD5 algorithm for authentication and setting the authentication password as “hello”.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] snmp-agent group v3 Johngroup

[H3C] snmp-agent usm-user v3 John Johngroup authentication-mode md5 hello

Chapter 2 RMON Configuration Commands

2.1 RMON Configuration Commands

2.1.1 display rmon alarm

Syntax

display rmon alarm [ entry-number ]

View

Any view

Parameter

entry-number: Alarm entry index, in the range 1 to 65535.

Description

Use the display rmon alarm command to display the configuration of a specified alarm entry or all the alarm entries. If you do not specify the entry-number argument, the configuration of all the alarm entries is displayed.

Related command: rmon alarm.

Example

# Display the configuration of all the alarm entries.

<H3C> display rmon alarm

Alarm table 1 owned by user1 is Valid.

Samples type : absolute

Variable formula : 1.3.6.1.2.1.2.2.1.10.4228009<ifInOctets.4228009>

Sampling interval : 6(sec)

Rising threshold : 10000(linked with event 1)

Falling threshold : 2000(linked with event 1)

When startup enables : risingOrFallingAlarm

Latest value : 0

Table 2-1 Description on the fields of the display rmon alarm command

Field	Description
Alarm table	Index of an entry in the alarm entry
user1	Entry owner: user1
Valid	The alarm entry identified by the index is valid.
Samples type	Sample type: increment or absolute value
Variable formula	Variable form of the sampled node
Sampling interval	Sampling interval
Rising threshold	Rising threshold
Falling threshold	Falling threshold
When startup enables	The condition under which an alarm is triggered, which can be: l risingOrFallingAlarm: An alarm is triggered when the rising or falling threshold is reached. l risingAlarm: An alarm is triggered when the rising threshold is reached. l FallingAlarm: An alarm is triggered when the falling threshold is reached.
Latest value	The value of the latest sample

2.1.2 display rmon event

Syntax

display rmon event [ event-entry ]

View

Any view

Parameter

event-entry: RMON event entry index, in the range 1 to 65535.

Description

Use the display rmon event command to display the configuration of a specified RMON event entry. If you do not specify the event-entry argument, the configuration of all the RMON event entries is displayed.

This command displays the following information:

l Event entry index

l Event entry owner

l Event description

l The action triggered by the event (log or alarm messages)

l The time (in seconds) when the latest event is triggered (in terms of the time elapsed since the system is started/initialized).

Related command: rmon event.

Example

# Display the configuration of all the RMON event entries.

<H3C> display rmon event

Event table 1 owned by user1 is VALID.

Description: null.

Will cause log-trap when triggered, last triggered at 0days 00h:02m:27s.

Table 2-2 Description on the fields of the display rmon event command

Field	Description
Event table	Index of an entry in the RMON event table
VALID	The status of the entry identified by the index is valid.
Description	RMON event description
Will cause log-trap when triggered	The event triggers logging and an alarm trap.
last triggered at	Time the latest event is triggered

2.1.3 display rmon eventlog

Syntax

display rmon eventlog [ event-entry ]

View

Any view

Parameter

event-entry: RMON event entry index, in the range of 1 to 65535.

Description

Use the display rmon eventlog command to display the log of an RMON event. If you do not specify the event-entry argument, the log of all the RMON events is displayed.

This command displays the following information:

l RMON event entry Index

l Current RMON event entry status

l The time (in seconds) when an event log is generated (in terms of the time elapsed since the system is started or initialized)

l RMON event description.

Example

# Display the log generated by the event entry numbered 1.

<H3C> display rmon eventlog 1

Event table 1 owned by user1 is VALID.

Generates eventLog 1.1 at 0days 00h:01m:39s.

Description: The 1.3.6.1.2.1.16.1.1.1.4.1 defined in alarm table 1,

less than(or =) 100 with alarm value 0. Alarm sample type is absolute.

Generates eventLog 1.2 at 0days 00h:02m:27s.

Description: The alarm formula defined in private alarm table 1,

less than(or =) 100 with alarm value 0. Alarm sample type is absolute.

Table 2-3 Description on the fields of the display rmon eventlog command

Field	Description
Event table	Index of an entry in the RMON event table
VALID	The status of the entry identified by the index is valid.
Generates eventLog 1.1 at 0days 00h:02m:27s	Time when the event is triggered. The event can be triggered for multiple times. 1.1 indicates the time when event 1 is first triggered.
Description	Description of the RMON event log

2.1.4 display rmon history

Syntax

display rmon history [ interface-type interface-number | unit unit-number ]

View

Any view

Parameter

interface-type: Interface type.

interface-number: Interface number.

unit unit-number: Specifies a unit number.

Description

Use the display rmon history command to display the RMON history information about a specified port. The information about the latest sample, including bandwidth utilization, the number of errors, the total number of packets, and so on, is also displayed. If you do not provide the interface-type interface-number or unit-number argument, this command displays the RMON history information about all the ports/units.

Related command: rmon history.

Example

# Display the RMON history information about Ethernet1/0/1.

<H3C> display rmon history Ethernet 1/0/1

History control entry 1 owned by user1 is VALID

Samples interface : Ethernet1/0/1<ifIndex.4227817>

Sampling interval : 5(sec) with 10 buckets max

Latest sampled values :

dropevents : 0 , octets : 0

packets : 0 , broadcast packets : 0

multicast packets : 0 , CRC alignment errors : 0

undersize packets : 0 , oversize packets : 0

fragments : 0 , jabbers : 0

collisions : 0 , utilization : 0

Table 2-4 Description on the fields of the display rmon history command

Field	Description
History control entry	Index of an entry in the history control table
VALID	The status of the entry identified by the index is valid.
Samples interface	Sampled interface
Sampling interval	Sampling interval
buckets	Number of the records in the history control table
Latest sampled values	Latest sampled values
dropevents	Number of the packet-dropping events
octets	Number of the received/transmitted bytes during sampling duration
packets	Number of the received/transmitted packets during sampling duration
broadcastpackets	Number of the broadcast packets
multicastpackets	Number of the multicast packets
CRC alignment errors	Number of the packet with CRC errors
undersize packets	Number of the undersize packets
oversize packets	Number of the oversize packets
fragments	Number of the undersize packets with CRC errors
jabbers	Number of the oversize packets with CRC errors
collisions	Number of the packets that cause collisions
utilization	Bandwidth utilization

2.1.5 display rmon prialarm

Syntax

display rmon prialarm [ prialarm-entry-number ]

View

Any view

Parameter

prialarm-entry-number: Extended alarm entry Index, in the range of 1 to 65535.

Description

Use the display rmon prialarm command to display the configuration of a RMON extended alarm entry. If you do not specify the prialarm-entry-number argument, the configuration of all the extended alarm entries is displayed.

Related command: rmon prialarm.

Example

# Display the configuration of all the extended RMON alarm entries.

<H3C> display rmon prialarm

Prialarm table 1 owned by user1 is VALID.

Samples type : absolute

Variable formula : .1.3.6.1.2.1.16.1.1.1.4.1

Description :

Sampling interval : 10(sec)

Rising threshold : 10000(linked with event 1)

Falling threshold : 2000(linked with event 1)

When startup enables : risingOrFallingAlarm

This entry will exist : forever.

Latest value : 0

Table 2-5 Description on the fields of the display rmon prialarm command

Field	Description
Prialarm table	Index of an entry in the extended alarm table
owned by user1	Entry owner: user 1
VALID	The alarm entry identified by the index is valid.
Samples type	Sample type: increment or absolute value
Variable formula	Variable form of the sampled node
Description	Description
Sampling interval	Sampling interval
Rising threshold	Rising threshold
Falling threshold	Falling threshold
Linked with event	Event index corresponding to an alarm
When startup enables: risingOrFallingAlarm	The condition under which an alarm is triggered, which can be: l risingOrFallingAlarm: An alarm is triggered when the rising or falling threshold is reached. l risingAlarm: An alarm is triggered when the rising threshold is reached. l FallingAlarm: An alarm is triggered when the falling threshold is reached.
This entry will exist: forever	Existing period. This entry can exist forever or exist in the specified cycle
Latest value	The value of the latest sample

2.1.6 display rmon statistics

Syntax

display rmon statistics [ interface-type interface-number | unit unit-number ]

View

Any view

Parameter

interface-type: Interface type.

interface-number: Interface number.

unit unit-number: Specifies a unit number.

Description

Use the display rmon statistics command to display the RMON statistics on a specified port or a specified unit. If you do not specify the port or the unit, this command displays the RMON statistics on all the ports or units.

The information displayed includes the number of:

l Collisions

l Packets with CRC errors

l Undersize/Oversize packets

l Broadcast/multicast packets

l Received bytes

l Received packets

Related command: rmon statistics.

Example

# Display the RMON statistics on Ethernet1/0/1 port.

<H3C> display rmon statistics Ethernet 1/0/1

Statistics entry 1 owned by user1-rmon is VALID.

Interface : Ethernet1/0/1<ifIndex.4227817>

etherStatsOctets : 0 , etherStatsPkts : 0

etherStatsBroadcastPkts : 0 , etherStatsMulticastPkts : 0

etherStatsUndersizePkts : 0 , etherStatsOversizePkts : 0

etherStatsFragments : 0 , etherStatsJabbers : 0

etherStatsCRCAlignErrors : 0 , etherStatsCollisions : 0

etherStatsDropEvents (insufficient resources): 0

Packets received according to length:

64 : 0 , 65-127 : 0 , 128-255 : 0

256-511: 0 , 512-1023: 0 , 1024-1518: 0

Table 2-6 Description on the fields of the display rmon statistics command

Field	Description
Statistics entry	Index of the statistics information entry
VALID	The statistics table is valid.
Interface	Interface which the statistics is on
etherStatsOctets	Number of bytes received
etherStatsPkts	Number of the packets received
etherStatsBroadcastPkts	Number of broadcast packets received
etherStatsMulticastPkts	Number of multicast packets received
etherStatsUndersizePkts	Number of undersize packets received
etherStatsOversizePkts	Number of oversize packets received
etherStatsFragments	Number of undersize packets received with CRC errors
etherStatsJabbers	Number of oversize packets received with CRC errors
etherStatsCRCAlignErrors	Number of packets received with CRC errors
etherStatsCollisions	Number of the received packets that cause collisions
etherStatsDropEvents	Event about dropping packets
Packets received according to length	Number of the received packets that are of different lengths

2.1.7 rmon alarm

Syntax

rmon alarm entry-number alarm-variable sampling-time { delta | absolute } rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 [ owner text ]

undo rmon alarm entry-number

View

System view

Parameter

entry-number: Index of the alarm entry to be added/removed, in the range 1 to 65535.

alarm-variable: Alarm variable, a string comprising 1 to 256 characters in dotted node OID format (such as 1.3.6.1.2.1.2.1.10.1). Only the variables that can be resolved to ASN.1 INTEGER data type (that is, INTEGER, Counter, Gauge, or TimeTicks) can be used as alarm variables.

sampling-time: Sampling interval (in seconds), in the range 5 to 65,535.

delta: Specifies to sample increments (that is, the current increment with regard to the latest sample)

absolute: Specifies to sample absolute values.

rising-threshold threshold-value1: Specifies the upper threshold. The threshold-value1 argument ranges from 0 to 2,147,483,647.

event-entry1: Index of the event entry corresponding to the upper threshold, in the range of 0 to 65535.

falling-threshold threshold-value2: Specifies the lower threshold. The threshold-value2 argument ranges from 0 to 2,147,483,647.

event-entry2: Index of the event entry corresponding to the lower threshold, in the range of 0 to 65535.

owner text: Specifies the owner of the entry, a string of 1 to 127 characters.

Description

Use the rmon alarm command to add an alarm entry to the alarm table. If you do not specify the owner text keyword/argument combination, the owner of the entry is displayed as “null”.

Use the undo rmon alarm command to remove an alarm entry from the alarm table.

You can use the rmon alarm command to define an alarm entry so that a specific alarm event can be triggered under specific circumstances. The act (such as logging and sending Traps to NMS) taken after an alarm event occurs is determined by the corresponding alarm entry.

& Note:

Before adding an alarm entry, make sure the events to be referenced in the alarm entry exist. Refer to the rmon event command for related information.

With an alarm entry defined in an alarm group, a network device performs the following operations accordingly:

l Sample the defined alarm variables (alarm-variable) once in each specified period, which is specified by the sampling-time argument.

l Comparing the sampled value with the set thresholds and performing the corresponding operations, as described in Table 2-7.

Table 2-7 Sample value and the corresponding operation

Comparison	Operation
The sample value is larger than or equal to the set upper threshold (threshold-value1)	Triggering the event identified by the event-entry1 argument
The sample value is smaller than the set lower threshold (threshold-value2)	Triggering the event identified by the event-entry2 argument

& Note:

l Before adding an alarm entry, you need to use the rmon event command to define the events to be referenced by the alarm entry.

l Make sure the node to be monitored exists before executing the rmon alarm command.

Example

# Add the alarm entry numbered 1 as follows:

l The node to be monitored: 1.3.6.1.2.1.16.1.1.1.4.1

l Sampling interval: 10 seconds

l Upper threshold: 50

l The event-entry1 argument identifies event 1.

l Lower threshold: 5

l The event-entry2 argument identifies event 2

l Owner: user1.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rmon event 1 log

[H3C] rmon event 2 none

[H3C]rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute rising_threshold 50 1 falling_threshold 5 2 owner user1

# Remove the alarm entry numbered 15 from the alarm table.

[H3C] undo rmon alarm 15

2.1.8 rmon event

Syntax

rmon event event-entry [ description string ] { log | trap trap-community | log-trap log-trapcommunity | none } [ owner text ]

undo rmon event event-entry

View

System view

Parameter

event-entry: Event entry index, in the range of 1 to 65535.

description string: Specifies the event description, a string of 1 to 127 characters.

log: Logs events.

trap: Sends Traps to the NMS.

trap-community: Community name of the NMS that receives the Traps, a string of 1 to 127 characters.

log-trap: Logs the event and sends Traps to NMS.

log-trapcommunity: Community name of the NMS that receives the Traps, a character string of 1 to 127 characters.

none: Specifies that the event triggers no action.

owner text: Specifies the owner of the event entry, a string of 1 to 127 characters.

Description

Use the rmon event command to add an entry to the event table. If you do not specify the owner text keyword/argument combination, the owner of the entry is displayed as “null”.

Use the undo rmon event command to remove an entry from the event table.

When adding an event entry to an event table, you need to specify the event index. You need also to specify the corresponding actions, including logging the event, sending Traps to the NMS, and the both, for the network device to perform corresponding operation when an alarm referencing the event is triggered.

Example

# Add the event entry numbered 10 to the event table and configure it to be a log event.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rmon event 10 log

2.1.9 rmon history

Syntax

rmon history entry-number buckets number interval sampling-interval [ owner text ]

undo rmon history entry-number

View

Ethernet port view

Parameter

entry-number: History entry index, in the range of 1 to 65535.

buckets number: Specifies the size of the history table that corresponds to the entry, in the range 1 to 65535.

interval sampling-interval: Specifies the sampling interval (in seconds). The sampling-interval argument ranges from 5 to 3,600.

owner text: Specifies the owner of the entry, a string of 1 to 127 characters.

Description

Use the rmon history command to add an entry to the history control table. If you do not specify the owner text keyword/argument combination, the owner of the entry is displayed as “null”.

Use the undo rmon history command to remove an entry from the history control table.

You can use the rmon history command to sample a specific port. You can also set the sampling interval and the number of the samples that can be saved. After you execute this command, the RMON system samples the port periodically and stores the samples for later retrieval. The sampled information includes utilization, the number of errors, and total number of packets.

You can use the display rmon history command to display the statistics of the history control table.

Example

# Create the history control entry numbered 1 for Ethernet1/0/1 port, with the table size being 10, the sampling interval being 5 seconds, and the owner being “user1”.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C]interface Ethernet 1/0/1

[H3C-Ethernet1/0/1]rmon history 1 buckets 10 interval 5 owner user1

# Remove the history control entry numbered 15.

[H3C-Ethernet1/0/1] undo rmon history 15

2.1.10 rmon prialarm

Syntax

rmon prialarm entry-number prialarm-formula prialarm-des sampling-timer { delta | absolute | changeratio } rising_threshold threshold-value1 event-entry1 falling_threshold threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ]

undo rmon prialarm entry-number

View

System view

Parameter

entry-number: Extended alarm entry index, in the range of 1 to 65535.

prialarm-formula: Expression used to perform operations on the alarm variables, a string of 1 to 256 characters. The alarm variables in the expression must be represented by OIDs, for example, (.1.3.6.1.2.1.2.1.10.1)*8. The operations available are addition, subtraction, multiplication and division operations. The operation results are rounded to values that are of long integer type. To prevent invalid operation results, make sure the operation results of each step are valid long integers.

prialarm-des: Alarm description, a string of 1 to 128 characters.

sampling-timer: Sampling interval (in seconds), in the range of 10 to 65,535.

delta | absolute | changeratio: Specifies the sample type.

threshold-value1: Upper threshold, in the range of 0 to 2,147,483,647.

event-entry1: Index of the event entry that corresponds to the upper threshold, in the range of 0 to 65535.

threshold-value2: Lower threshold, in the range of 0 to 2,147,483,647.

event-entry2: Index of the event entry that corresponds to the lower threshold, in the range of 0 to 65535.

forever: Specifies the corresponding RMON alarm instance is valid permanently.

cycle: Specifies the corresponding RMON alarm instance is valid periodically.

cycle-period: Life time (in seconds) of the RMON alarm instance, in the range 0 to 2,147,483,647.

owner text: Specifies the owner of the alarm entry, a string of 1 to 127 characters.

Description

Use the rmon prialarm command to create an extended entry in an extended RMON alarm table. If you do not specify the owner text keyword/argument combination, the owner of the entry is displayed as “null”.

Use the undo rmon prialarm command to remove an extended alarm entry.

& Note:

l Before adding an extended alarm entry, you need to use the rmon event command to define the events to be referenced by the entry.

l Make sure the node to be monitored exists before executing the rmon event command.

l You can define up to 50 extended alarm entries.

With an extended alarm entry defined in an extended alarm group, the device performs the following operations accordingly:

l Sampling the alarm variables referenced in the defined extended alarm expression (prialarm-formula) once in each period specified by the sampling-timer argument.

l Performing operations on the sampled values according to the defined extended alarm expression (prialarm-formula)

l Comparing the operation result with the set thresholds and perform corresponding operations, as described in Table 2-8.

Table 2-8 Operation result and corresponding operation

Comparison	Operation
The operation result is larger than or equal to the set upper threshold (threshold-value1)	Triggering the event identified by the event-entry1 argument
The operation result is smaller than or equal to the set lower threshold (threshold-value2)	Triggering the event identified by the event-entry2 argument

Example

# Add the extended alarm entry numbered 2 as follows:

l Perform operations on the corresponding alarm variables using the expression ((1.3.6.1.2.1.16.1.1.1.4.1)*100).

l Sampling interval: 10 seconds

l Upper threshold: 50

l Lower threshold: 5

l Event 1 is triggered when the change ratio is larger than the upper threshold.

l Event 2 is triggered when the change ratio is less than the lower threshold.

l The alarm entry is valid forever.

l Entry owner: user1

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C]interface Ethernet 1/0/1

[H3C-Ethernet1/0/1] rmon statistics 1

[H3C-Ethernet1/0/1] quit

[H3C] rmon prialarm 2 ((.1.3.6.1.2.1.16.1.1.1.4.1)*100) test 10 changeratio rising_threshold 50 1 falling_threshold 5 2 entrytype forever owner user1

# Remove the extended alarm entry numbered 2 from the extended alarm table.

[H3C] undo rmon prialarm 2

2.1.11 rmon statistics

Syntax

rmon statistics entry-number [ owner text ]

undo rmon statistics entry-number

View

Ethernet port view

Parameter

entry-number: Statistics entry Index, in the range of 1 to 65535.

owner text: Specifies the owner of the entry, a string of 1 to 127 characters.

Description

Use the rmon statistics command to add an entry to the statistics table. If you do not specify the owner text keyword/argument combination, the owner of the entry is displayed as “null”.

Use the undo rmon statistics command to remove an entry from the statistics table.

The RMON statistics management function is used to take statistics of the usage of the monitored ports and errors occurred on them. The statistics includes the number of the following items:

l Collisions

l Packets with CRC errors

l Undersize/Oversize packets

l Broadcast/Multicast packets

l Received packets

l Received bytes

& Note:

For each port, only one RMON statistics entry can be created. That is, if an RMON statistics entry was already created for a given port, you will fail to create a statistics entry with a different index for the port.

You can use the display rmon statistics command to display the information about the statistics entry.

Example

# Add the statistics entry numbered 20 to take statistics of Ethernet1/0/1 port.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C]interface Ethernet 1/0/1

[H3C-Ethernet1/0/1] rmon statistics 20

H3C S3100-52P Ethernet Switch Command Manual-Release 1500(V1.01)

1.1.1 display snmp-agent

1.1.6 display snmp-agent sys-info

1.1.7 display snmp-agent trap-list

1.1.20 snmp-agent trap life

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us