Login
- Table of Contents
-
- H3C S9500 Operation Manual-Release2132[V2.03]-08 System Volume
- 00-1Cover
- 01-GR Configuration
- 02-VRRP Configuration
- 03-HA Configuration
- 04-Device Management Configuration
- 05-NQA Configuration
- 06-NetStream Configuration
- 07-NTP Configuration
- 08-RMON Configuration
- 09-SNMP Configuration
- 10-File System Management Configuration
- 11-System Maintaining and Debugging Configuration
- 12-Basic System Configuration
- 13-Information Center Configuration
- 14-User Interface Configuration
- 15-MAC Address Table Management Configuration
- 16-PoE Configuration
- 17-Clock Monitoring Configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 09-SNMP Configuration | 73 KB |
1.3.1 Configuration Prerequisites
1.4 Displaying and Maintaining SNMP
1.5 SNMP Configuration Examples
Chapter 1 SNMP Configuration
When configuring SNMP, go to these sections for information you are interested in:
l Displaying and Maintaining SNMP
1.1 SNMP Overview
Simple network management protocol (SNMP) offers a framework to monitor network devices through TCP/IP protocol suite. It provides a set of basic operations in monitoring and maintaining the Internet and has the following characteristics:
l Automatic network management: SNMP enables network administrators to search and modify information, find and diagnose network problems, plan for network growth, and generate reports on network nodes.
l SNMP shields the physical differences between various devices and thus realizes automatic management of products from different manufacturers. Offering only the basic set of functions, SNMP makes the management tasks independent of both the physical features of the managed devices and the underlying networking technology. Thus, SNMP achieves effective management of devices from different manufactures, especially so in small, high-speed and low cost network environments.
1.1.1 SNMP Mechanism
An SNMP enabled network is comprised of network management station (NMS) and Agent.
l NMS is a station that runs the SNMP client software. It offers a user friendly human computer interface, making it easier for network administrators to perform most network management tasks. Currently, the most commonly used NMSs include Sun NetManager and IBM NetView.
l Agent is a program on the device. It receives and handles requests sent from the NMS. Only under certain circumstances, such as interface state change, will the Agent inform the NMS.
l NMS manages an SNMP enabled network, whereas Agent is the managed network device. They exchange management information through the SNMP protocol.
SNMP provides the following four basic operations:
l Get operation: NMS gets the behavior information of the Agent through this operation.
l Set operation: NMS can reconfigure certain values in the Agent MIB (management information base) to make the Agent perform certain tasks by means of this operation.
l Trap operation: Agent sends Trap information to the NMS through this operation.
l Inform operation: NMS sends Trap information to other NMSs through this operation.
1.1.2 SNMP Protocol Version
Currently, SNMP agents support SNMPv3 and are compatible with SNMPv1 and SNMPv2c.
SNMPv1 and SNMPv2c authenticate by means of community name, which defines the relationship between an SNMP NMS and an SNMP Agent. SNMP packets with community names that did not pass the authentication on the device will simply be discarded. A community name performs a similar role as a key word and can be used to regulate access from NMS to Agent.
SNMPv3 offers an authentication that is implemented with a User-Based Security Model (USM for short), which could be authentication with privacy, authentication without privacy, or no authentication no privacy. USM regulates the access from NMS to Agent in a more efficient way.
1.1.3 MIB Overview
Management information base (MIB) is a collection of all the objects managed by NMS. It defines the set of characteristics associated with the managed objects, such as the object identifier (OID), access right and data type of the objects.
MIB stores data using a tree structure. The node of the tree is the managed object and can be uniquely identified by a path starting from the root node. As illustrated in the following figure, the managed object B can be uniquely identified by a string of numbers {1.2.1.1}. This string of numbers is the OID of the managed object B.
1.2 SNMP Configuration
As configurations for SNMPv3 differ substantially from those of SNMPv1 and SNMPv2c, their SNMP functionalities will be introduced separately below.
Follow these steps to configure SNMPv3:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable SNMP Agent |
snmp-agent |
Optional Disabled by default You can enable SNMP Agent through this command or any commands that begin with “snmp-agent”. |
|
Configure SNMP Agent system information |
snmp-agent sys-info { contact sys-contact | location sys-location | version { all | { v1 | v2c | v3 }* } } |
Optional The defaults are as follows: Hangzhou H3C Technologies Co., Ltd. for contact, Hangzhou, China for location, and <NONE> for the version. |
|
Configure an SNMP agent group |
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ] |
Required |
|
Add a new user to an SNMP agent group |
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } auth-password [ privacy-mode { des56 | aes128 } priv-password ] ] [ acl acl-number ] |
Required |
|
Configure the maximum size of an SNMP packet that can be received or sent by an SNMP agent |
snmp-agent packet max-size byte-count |
Optional 1,500 bytes by default |
|
Configure the engine ID for a local SNMP agent |
snmp-agent local-engineid engineid |
Optional Company ID and device ID by default |
|
Create or update the MIB view content for an SNMP agent |
snmp-agent mib-view { included | excluded } view-name oid-tree [ mask mask-value ] |
Optional MIB view name is ViewDefault and OID is 1 by default. |
Follow these steps to configure SNMPv1 and SNMPv2c:
|
To do… |
Use the command… |
Remarks |
||
|
Enter system view |
system-view |
— |
||
|
Enable SNMP Agent |
snmp-agent |
Optional Disabled by default You can enable SNMP Agent through this command or any commands that begin with “snmp-agent”. |
||
|
Configure SNMP Agent system information |
snmp-agent sys-info { contact sys-contact | location sys-location | version { { v1 | v2c | v3 }* | all } } |
Required The defaults are as follows: Hangzhou H3C Technologies Co., Ltd. for contact, Hangzhou, China for location and <NONE> for the version. |
||
|
Configure SNMP NMS access right |
Configure directly |
Configure a community name |
snmp-agent community { read | write } community-name [ acl acl-number | mib-view view-name ]* |
Use either approach. The community name of SNMPv1 or SNMPv2c is used in direct configuration. The second approach was introduced to be compatible with SNMPv3. Adding a user to a specified group equals to the configuration of the community name of SNMPv1 and SNMPv2c. The community name configured on NMS should be consistent with the corresponding username configured on the Agent. |
|
Configure indirectly |
Configure an SNMP group |
snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ] |
||
|
Add a new user to an SNMP group |
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ] |
|||
|
Configure the maximum size of an SNMP packet that can be received or sent by an SNMP agent |
snmp-agent packet max-size byte-count |
Optional 15,00 bytes by default |
||
|
Configure the engine ID for a local SNMP agent |
snmp-agent local-engineid engineid |
Optional Company ID and device ID by default |
||
|
Create or update MIB view content for an SNMP agent |
snmp-agent mib-view { included | excluded } view-name oid-tree [ mask mask-value ] |
Optional ViewDefault by default |
||
Caution:
The validity of a USM user depends on the engine ID of the SNMP agent. If the engine ID used for USM user creation is not identical to the current engine ID, the USM user is invalid.
1.3 Trap Configuration
SNMP Agent sends Trap messages to NMS to alert the latter of critical and important events (such as restart of the managed device).
1.3.1 Configuration Prerequisites
Basic SNMP configurations have been completed.
1.3.2 Configuration Procedure
I. Enabling Trap message transmission
Follow these steps to enable Trap packet transmission:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Set to enable the device to send Trap packets globally |
snmp-agent trap enable [ bgp | configuration | flash | mpls | ospf [ process-id ] [ ospf-trap-list ] | standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system | vrrp [ authfailure | newmaster ] ] |
Optional All types of Trap packets are allowed by default. |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Set to enable the device to send Trap packets of interface state change |
enable snmp trap updown |
Optional Transmission of Trap packets of interface state change is allowed by default. |
Caution:
To enable an interface to send SNMP Trap packets when its state changes, you need to enable the Link up/down Trap packet transmission function on an interface and globally. Use the enable snmp trap updown command to enable this function on an interface, and use the snmp-agent trap enable [ standard [ linkdown | linkup ] * ] command to enable this function globally.
II. Configuring Trap message transmission parameters
Follow these steps to configure Trap:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure target host attribute for Trap messages |
snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ] |
Required |
|
Configure the source address for Trap messages |
snmp-agent trap source { interface-type interface-number } |
Optional |
|
Configure the queue size for sending Trap messages |
snmp-agent trap queue-size size |
Optional 100 by default |
|
Configure the life for Trap messages |
snmp-agent trap life seconds |
Optional 120 seconds by default |
1.4 Displaying and Maintaining SNMP
|
To do… |
Use the command… |
Remarks |
|
Display SNMP-agent system information, including the contact, location, and version of the SNMP |
display snmp-agent sys-info [ contact | location | version ]* |
Available in any view |
|
Display SNMP agent statistics |
display snmp-agent statistics |
|
|
Display the SNMP agent engine ID |
display snmp-agent local-engineid |
|
|
Display SNMP agent group information |
display snmp-agent group [ group-name ] |
|
|
Display SNMP v3 agent user information |
display snmp-agent usm-user [ engineid engineid | username user-name | group group-name ] * |
|
|
Display SNMP v1 or v2c agent community information |
display snmp-agent community [ read | write ] |
|
|
Display MIB view information for an SNMP agent |
display snmp-agent mib-view [ exclude | include | viewname view-name ] |
|
|
Display the modules that can send Traps and whether their Trap sending is enabled or not |
display snmp-agent trap-list |
1.5 SNMP Configuration Examples
I. Network requirements
l The NMS connects to the agent, a switch, through an Ethernet.
l The IP address of the NMS is 129.102.149.23/16.
l The IP address of VLAN interface on the switch is 129.102.0.1/16.
l On the switch, configure the following: community name, access right, administrator ID, contact, location, enabling sending of Trap messages.
II. Network diagram
Figure 1-2 Network diagram for SNMP
III. Configuration procedure
1) Configuring SNMP Agent
# Configure the community name, the SNMP agent group, and SNMP agent user.
<Sysname> system-view
[Sysname] snmp-agent sys-info version all
[Sysname] snmp-agent community read public
[Sysname] snmp-agent community write private
[Sysname] snmp-agent mib-view include internet 1.3.6.1
[Sysname] snmp-agent group v3 managev3group write-view internet
[Sysname] snmp-agent usm-user v3 managev3user managev3group
# Configure the IP address of VLAN-interface 2 as 129.102.0.1/16 for network management. Add port Ethernet 2/1/3 used for network management to VLAN 2.
[Sysname] vlan 2
[Sysname-vlan2] port ethernet 2/1/3
[Sysname-vlan2] interface Vlan-interface 2
[Sysname-Vlan-interface2] ip address 129.102.0.1 255.255.0.0
[Sysname-Vlan-interface2] quit
# Configure the system information of the switch.
[Sysname] snmp-agent sys-info version all
[Sysname] snmp-agent sys-info contact Mr.Wang-Tel:3306
[Sysname] snmp-agent sys-info location telephone-closet,3rd-floor
# Enable the sending of Trap messages to the NMS with an IP address of 129.102.149.23/16, using public as the community name.
[Sysname] snmp-agent trap enable
[Sysname] snmp-agent target-host trap address udp-domain 129.102.149.23 udp-port 5000 params securityname public
2) Configuring SNMP NMS
SNMPv3 uses authentication and privacy security model. In NMS, the user needs to specify username and security level, and based on that level, configure the authentication mode, authentication password, privacy mode, privacy password. In addition, the time-out time and number of retries should also be configured. The user can inquire and configure the switch through NMS. For detailed information, refer to the NMS manuals.
& Note:
The configurations on the agent and the NMS must match in order to perform the related operations.
