l The configuration of adding “interface description” and “interface type” into a linkUp/linkDown trap is added. See section 1.1.21 snmp-agent trap ifmib.

1.1 SNMP Configuration Commands

1.1.1 display snmp-agent

Syntax

display snmp-agent { local-engineid | remote-engineid }

View

Any view

Parameters

local-engineid: Displays the local SNMP entity engine ID.

remote-engineid: Displays all the remote SNMP entity engine IDs. At present, the device does not support application of the keyword.

Description

Use the display snmp-agent command to display the local SNMP entity engine ID or all the remote SNMP entity engine IDs.

Each device managed by the NMS needs a unique engine ID to identify an SNMP agent. By default, each device has a default engine ID. You should ensure that each engine ID is unique within an SNMP domain.

The creation of username and generation of cipher text password are related to engine ID in SNMPv3. If you change an engine ID, the username and password configured on the agent with this engine ID become invalid.

You can use the snmp-agent local-engineid command to configure an engine ID for the device.

Examples

# Display the local SNMP entity engine ID.

<Sysname> display snmp-agent local-engineid

SNMP local EngineID: 800007DB000FE20F12346877

SNMP local EngineID in the above information represents the local SNMP entity engine ID.

1.1.2 display snmp-agent community

Syntax

display snmp-agent community [ read | write ]

View

Any view

Parameters

read: Displays the information about the SNMP communities with read-only permission.

write: Displays the information about the SNMP communities with read-write permission.

Description

Use the display snmp-agent community command to display the information about the SNMPv1/SNMPv2c communities with the specific access permission.

SNMPv1 and SNMPv2c use community name authentication. Therefore, the SNMPv1 and SNMPv2c messages carry community names; if the carried community names are not permitted by the NMS/agent, the messages will be discarded.

You need to create a read community name and a write community name separately, and these two kinds of community names on the NMS and on the device should be consistent.

If you execute the command when the SNMP agent is not started, the device prompts “SNMP Agent disabled”.

To display the current configuration username information of SNMPv3, use the display snmp-agent usm-user command.

Examples

# Display the information about all the existing SNMPv1/SNMPv2c communities.

<Sysname> display snmp-agent community

Community name:public

Group name:public

Storage-type: nonVolatile

Community name:private

Group name:private

Storage-type: nonVolatile

Table 1-1 display snmp-agent community command output description

Field	Description
Community name	Community name SNMPv1 and SNMPv2c use community name authentication. A community name functions like a password; it is used to restrict access between the NMS and the agent.
Group name	Group name If you use the snmp-agent community command to configure a community name for SNMPv1 or SNMPv2c, the group name is the community name. If you use the snmp-agent usm-user { v1 \| v2c } command to configure a username, the group name is the group to which the user belongs, and the corresponding community name has the attribute of the group.
Storage-type	Storage type, which can be: l volatile: Information will be lost if the system is rebooted l nonVolatile: Information will not be lost if the system is rebooted l permanent: Modification is permitted, but deletion is forbidden l readOnly: Read only, that is, no modification, no deletion l other: Other storage types

1.1.3 display snmp-agent group

Syntax

display snmp-agent group [ group-name ]

View

Any view

Parameters

group-name: Name of the desired SNMP group, a string of 1 to 32 characters.

Description

Use the display snmp-agent group command to display the information about an SNMP group, including group name, security mode, related views, and storage mode.

A group is used to define security mode and related views. Users in the same group have the common attributes.

Security mode falls into three types: authPriv (authentication with privacy), authNoPriv (authentication without privacy), noAuthNoPriv (no authentication no privacy).

Related views include: read MIB view, write MIB view, and MIB view in which traps can be sent.

For the configuration of an SNMP group, refer to the snmp-agent group command.

Examples

# Display the information about all the SNMP groups.

<Sysname> display snmp-agent group

Group name: v3group

Security model: v3 noAuthnoPriv

Readview: ViewDefault

Writeview: ViewDefault

Notifyview : ViewDefault

Storage-type: nonVolatile

Table 1-2 display snmp-agent group command output description

Field	Description
Group name	SNMP group name of the user
Security model	SNMP group security mode, which can be AuthPriv (authentication with privacy), AuthnoPriv (authentication without privacy), and noAuthnoPriv (no authentication no privacy).
Readview	Read-only MIB view corresponding to the SNMP group
Writeview	Writable MIB view corresponding to the SNMP group
Notifyview	Notify MIB view in which traps can be sent. It corresponds to the SNMP group
storage-type	Storage type, which can be: l volatile: Information will be lost if the system is rebooted l nonVolatile: Information will not be lost if the system is rebooted l permanent: Modification is permitted, but deletion is forbidden l readOnly: Read only, that is, no modification, no deletion l other: Other storage types

1.1.4 display snmp-agent mib-view

Syntax

display snmp-agent mib-view [ exclude | include | viewname view-name ]

View

Any view

Parameters

exclude: Specifies the SNMP MIB views that are of the excluded type.

Include: Specifies the SNMP MIB views that are of the included type.

view-name: Name of an SNMP MIB view to be displayed.

Description

Use the display snmp-agent mib-view command to display the MIB view configuration of the current Ethernet switch, including view name, MIB subtree, subtree mask, and so on.

For the description of the configuration items of MIB view, refer to the related description in the snmp-agent mib-view command.

Examples

# Display the information about the currently configured MIB view.

<Sysname> display snmp-agent mib-view

View name:ViewDefault

MIB Subtree:iso

Subtree mask:

Storage-type: nonVolatile

View Type:included

View status:active

View name:ViewDefault

MIB Subtree:snmpUsmMIB

Subtree mask:

Storage-type: nonVolatile

View Type:excluded

View status:active

View name:ViewDefault

MIB Subtree:snmpVacmMIB

Subtree mask:

Storage-type: nonVolatile

View Type:excluded

View status:active

View name:ViewDefault

MIB Subtree:snmpModules.18

Subtree mask:

Storage-type: nonVolatile

View Type:excluded

View status:active

The above output information indicates that MIB view ViewDefault includes all MIB objects under the ISO MIB subtree except snmpUsmMIB, snmpVacmMIB and snmpModules.18.

1.1.5 display snmp-agent statistics

Syntax

display snmp-agent statistics

View

Any view

Parameters

None

Description

Use the display snmp-agent statistics command to display the statistics on SNMP packets.

The statistics are collected from the time when the switch is started, and the statistics will not be cleared if the SNMP is restarted.

If you execute the command when SNMP agent is not started, the device prompts “SNMP Agent disabled”.

Examples

# Display the statistics on SNMP packets.

<Sysname> display snmp-agent statistics

1276 Messages delivered to the SNMP entity

0 Messages which were for an unsupported version

0 Messages which used a SNMP community name not known

0 Messages which represented an illegal operation for the community supplied

0 ASN.1 or BER errors in the process of decoding

1291 Messages passed from the SNMP entity

0 SNMP PDUs which had badValue error-status

0 SNMP PDUs which had genErr error-status

7 SNMP PDUs which had noSuchName error-status

0 SNMP PDUs which had tooBig error-status (Maximum packet size 1500)

3669 MIB objects retrieved successfully

26 MIB objects altered successfully

420 GetRequest-PDU accepted and processed

832 GetNextRequest-PDU accepted and processed

0 GetBulkRequest-PDU accepted and processed

1276 GetResponse-PDU accepted and processed

24 SetRequest-PDU accepted and processed

15 Trap PDUs accepted and processed

0 Alternate Response Class PDUs droped silently

0 Forwarded Confirmed Class PDUs droped silently

Table 1-3 display snmp-agent statistics command output description

Field	Description
Messages delivered to the SNMP entity	The total number of messages delivered to the SNMP entity from the transport service.
Messages which were for an unsupported version	The total number of SNMP messages delivered to the SNMP protocol entity and were for an unsupported SNMP version.
Messages which used a SNMP community name not known	The total number of SNMP messages delivered to the SNMP protocol entity which used an SNMP community name not known to said entity.
Messages which represented an illegal operation for the community supplied	The total number of SNMP messages delivered to the SNMP protocol entity which represented an SNMP operation which was not allowed by the SNMP community named in the message.
ASN.1 or BER errors in the process of decoding	The total number of ASN.1 or BER errors encountered by the SNMP protocol entity when decoding received SNMP messages.
Messages passed from the SNMP entity	The total number of SNMP messages which were passed from the SNMP protocol entity to the transport service.
SNMP PDUs which had badValue error-status	The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is `badValue'.
SNMP PDUs which had genErr error-status	The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is `genErr'.
SNMP PDUs which had noSuchName error-status	The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is `noSuchName'.
SNMP PDUs which had tooBig error-status (Maximum packet size 1500)	The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is `tooBig'.
MIB objects retrieved successfully	The total number of MIB objects which have been retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs.
MIB objects altered successfully	The total number of MIB objects which have been altered successfully by the SNMP protocol entity as the result of receiving valid SNMP Set-Request PDUs.
GetRequest-PDU accepted and processed	The total number of SNMP Get-Request PDUs which have been accepted and processed by the SNMP protocol entity.
GetNextRequest-PDU accepted and processed	The total number of SNMP Get-Next PDUs which have been accepted and processed by the SNMP protocol entity.
GetBulkRequest-PDU accepted and processed	The total number of SNMP Get-Bulk PDUs which have been accepted and processed by the SNMP protocol entity.
GetResponse-PDU accepted and processed	The total number of SNMP Get-Response PDUs which have been accepted and processed by the SNMP protocol entity.
SetRequest-PDU accepted and processed	The total number of SNMP Set-Request PDUs which have been accepted and processed by the SNMP protocol entity.
Trap PDUs accepted and processed	The total number of SNMP Trap PDUs which have been accepted and processed by the SNMP protocol entity.
Alternate Response Class PDUs dropped silently	The total number of GetRequest-PDUs, GetNextRequest-PDUs, GetBulkRequest-PDUs, SetRequest-PDUs, and InformRequest-PDUs delivered to the SNMP entity which were silently dropped because the size of a reply containing an alternate Response-PDU with an empty variable-bindings field was greater than either a local constraint or the maximum message size associated with the originator of the request.
Forwarded Confirmed Class PDUs dropped silently	The total number of Confirmed Class PDUs (such as GetRequest-PDUs, GetNextRequest-PDUs, GetBulkRequest-PDUs, SetRequest-PDUs, and InformRequest-PDUs) delivered to the SNMP entity which were silently dropped because the transmission of the (possibly translated) message to a proxy target failed in a manner (other than a time-out) such that no Response Class PDU (such as a Response-PDU) could be returned.

1.1.6 display snmp-agent sys-info

Syntax

display snmp-agent sys-info [ contact | location | version ]*

View

Any view

Parameters

contact: Displays the contact information of the current device.

location: Displays the physical location of the current device.

version: Displays the version information about the SNMP running in the system.

Description

Use the display snmp-agent sys-info command to display the system SNMP information about the current device, including contact information, geographical location of the device, and the employed SNMP version.

This command displays all the system SNMP information if you execute it with no keyword specified.

The display snmp-agent sys-info command displays the related information configured using the snmp-agent sys-info command. For the detailed configuration, refer to the snmp-agent sys-info command.

By default, the contact information of an S3100 Ethernet switch is "Hangzhou H3C Technologies Co., Ltd.", the geographical location is "Hangzhou China", and the SNMP version employed is SNMPv3.

Examples

# Display the system SNMP information about the device.

<Sysname> display snmp-agent sys-info

The contact person for this managed node:

Hangzhou H3C Technologies Co., Ltd.

The physical location of this node:

Hangzhou China

SNMP version running in the system:

SNMPv3

1.1.7 display snmp-agent trap-list

Syntax

display snmp-agent trap-list

View

Any view

Parameters

None

Description

Use the display snmp-agent trap-list command to display the modules that can generate traps and whether the sending of traps is enabled on the modules.

If a module contains multiple submodules, the trap function of the entire module is displayed as enabled as long as the trap function of any of the submodules is enabled.

Related commands: snmp-agent trap enable.

Examples

# Display the modules that can generate traps and whether the trap function is enabled on the modules.

<Sysname> display snmp-agent trap-list

configuration trap enable

flash trap enable

standard trap disable

system trap enable

oadp trap disable

Enable traps :4; Disable traps 1

In the above output information, enable indicates that traps are allowed to be generated on the module, and disable indicates that traps are not allowed to be generated on the module.

By default, the modules that can generate traps are allowed to generate traps. If you do not need traps of some modules, you can use the undo snmp-agent trap enable command to disable the trap function of the specific modules.

1.1.8 display snmp-agent usm-user

Syntax

display snmp-agent usm-user [ engineid engineid | username user-name | group group-name ]*

View

Any view

Parameters

engineid: Engine ID, a string of 10 to 64 hexadecimal digits.

user-name: SNMPv3 username, a string of 1 to 32 characters.

group-name: Name of an SNMP group, a string of 1 to 32 characters.

Description

Use the display snmp-agent usm-user command to display the information about a specific type of SNMPv3 users.

If you execute this command with no keyword specified, the information about all the SNMPv3 users is displayed, including username, group name, engine ID, storage type and user status.

SNMPv3 introduced the concepts of username and group. You can set the authentication and privacy functions. The former is used to authenticate the validity of the sending end of the packets, preventing access of illegal users; the latter is used to encrypt packets between the NMS and agent, preventing the packets from being intercepted. A more secure communication between SNMP NMS and SNMP agent can be ensured by configuring whether to perform authentication and privacy or not.

You can configure whether to perform authentication and privacy when you create an SNMPv3 group, and configure the specific algorithms and passwords for authentication and privacy when you create a user.

Examples

# Display the information about all the SNMP users.

<Sysname> display snmp-agent usm-user

User name: usm-user

Group name: usm-group9-0

Engine ID: 800007DB000FE20F12346877

Storage-type: nonVolatile

UserStatus: active

Table 1-4 display snmp-agent usm-user command output description

Field	Description
User name	SNMP username
Group name	The name of the SNMP group which the SNMP user belongs to
Engine ID	SNMP engine ID of the device
Storage-type	Storage type, which can be: l volatile: Information will be lost if the system is rebooted l nonVolatile: Information will not be lost if the system is rebooted l permanent: Modification is permitted, but deletion is forbidden l readOnly: Read only, that is, no modification, no deletion l other: Other storage types
UserStatus	SNMP user status

1.1.9 enable snmp trap updown

Syntax

enable snmp trap updown

undo enable snmp trap updown

View

Ethernet port view, interface view

Parameters

None

Description

Use the enable snmp trap updown command to enable the sending of port/interface linkUp/linkDown traps.

Use the undo enable snmp trap updown command to disable the sending of linkUp/linkDown traps.

By default, the sending of port/interface linkUp/linkDown traps is enabled.

Note that you need to enable the generation of port/interface linkUp/linkDown traps both on the port/interface and globally if you want a port/interface to generate port/interface linkUp/linkDown traps when the state of the port/interface changes.

To enable this function on a port/interface, use the enable snmp trap updown command; to enable this function globally, use the snmp-agent trap enable [ standard [ linkdown | linkup ] * ] command. By default, both are enabled.

Examples

# Enable the port Ethernet 1/0/1 to send linkUp/linkDown SNMP traps to the NMS whose IP address is 10.1.1.1 using the community name public.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent trap enable

[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] enable snmp trap updown

1.1.10 snmp-agent

Syntax

snmp-agent

undo snmp-agent

View

System view

Parameters

None

Description

Use the snmp-agent command to enable the SNMP agent.

Use the undo snmp-agent command to disable the SNMP agent.

Execution of the snmp-agent command or any of the commands used to configure the SNMP agent, you can start the SNMP agent.

By default, the SNMP agent is disabled.

Examples

# Start the SNMP agent.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent

& Note:

An S3100 Ethernet switch provides the following functions to prevent attacks through unused UDP ports.

l Starting the SNMP agent opens UDP port used by SNMP agents and the UDP port used by SNMP trap respectively.

l Shutting down the SNMP agent closes UDP ports used by SNMP agents and SNMP trap as well.

1.1.11 snmp-agent calculate-password

Syntax

snmp-agent calculate-password plain-password mode { md5 | sha } { local-engineid | specified-engineid engineid }

View

System view

Parameters

plain-password: The plain-text password to be encrypted, in the range 1 to 64 characters.

mode: Specifies the authentication algorithm used to encrypt a plain text password.

md5: Uses HMAC MD5 algorithm.

sha: Uses HMAC SHA algorithm, which is securer than MD5 algorithm.

local-engineid: Uses the local engine ID to calculate the key.

specified-engineid: Uses the specified engine ID to calculate the key.

engineid: A case-insensitive hexadecimal string used for key calculation. The system capitalizes the string. The length of the string must be an even number and in the range 10 to 64 characters.

Description

Use the snmp-agent calculate-password command to encrypt a plain-text password to generate a cipher-text one by using the specified encryption algorithm.

When creating an SNMPv3 user, if you specify an authentication or privacy password as in cipher text, you need to use this command to generate a cipher text password by using the specified algorithm, and copy the generated cipher text password to use.

The generated password is related to engine ID: password generated under an engine ID can only take effect on this engine ID.

Related commands: snmp-agent usm-user v3.

& Note:

SNMP agent must be enabled for you to encrypt a plain-text password.

Examples

# Use the local engine ID and the md5 algorithm to encrypt plain-text password aaaa.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent calculate-password aaaa mode md5 local-engineid

The result of the password is: B02A2E48346E2CBFFCE809C99CF1F6C

1.1.12 snmp-agent community

Syntax

snmp-agent community { read | write } community-name [ [ acl acl-number ] [ mib-view view-name ] ]*

undo snmp-agent community community-name

View

System view

Parameters

read: Specifies that the community to be created has read-only permission to MIB objects. Communities of this type can only query MIBs for device information.

write: Specifies that the community to be created has read-write permission to MIB objects. Communities of this type are capable of configuring devices.

community-name: Name of the community to be created, a string of 1 to 32 characters.

acl-number: ID of the ACL to be applied to the community, in the range 2000 to 2999. Using basic ACL can restrict the source addresses of SNMP messages, namely, permitting or refusing the SNMP messages with specific source addresses, thus restricting access between the NMS and the agent.

view-name: MIB view name, a string of 1 to 32 characters.

Description

Use the snmp-agent community command to create an SNMP community. SNMPv1 and SNMPv2c use community name to restrict access rights. You can use this command to configure a community name and configure read or write access right and ACL.

Use the undo snmp-agent community command to remove an SNMP community.

Typically, “public” is used as a read community name, and “private” is used as a write community name. For the security purposes, you are recommended to configure another community name except these two.

Examples

# Create an SNMP community named comaccess, which has read-only permission to MIB objects.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent community read comaccess

# Create an SNMP community named mgr, which has read-write permission to MIB objects

[Sysname] snmp-agent community write mgr

# Remove the community named comaccess.

[Sysname] undo snmp-agent community comaccess

1.1.13 snmp-agent group

Syntax

1) Version 1 and version 2c

snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]

undo snmp-agent group { v1 | v2c } group-name

2) Version 3

snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]

undo snmp-agent group v3 group-name [ authentication | privacy ]

View

System view

Parameters

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

v3: Specifies SNMPv3.

group-name: Name of the SNMP group to be created, a string of 1 to 32 characters.

authentication: Configures to authenticate but do not encrypt the packets.

privacy: Configures to authenticate and encrypt the packets.

read-view: Read-only view name, a string of 1 to 32 characters. The default value is ViewDefault.

write-view: Read-write view name, a string of 1 to 32 characters. By default, no write view is configured, namely, the NMS cannot perform the write operation on the MIB objects of the device.

notify-view: Notification view name in which traps can be sent, a string of 1 to 32 characters. By default, no notify view is configured, namely, the agent will not send traps to the NMS.

acl-number: ID of a basic ACL, in the range 2000 to 2999. Using basic ACL can restrict the source addresses of SNMP messages, namely, permitting or refusing the SNMP messages with specific source addresses, thus restricting access between the NMS and the agent.

Description

Use the snmp-agent group command to create an SNMP group, and set the security mode and corresponding SNMP view of the group.

Use the undo snmp-agent group command to remove an SNMP group.

For SNMPv3, group name and security mode (whether authentication and privacy are performed) can jointly define a group. Groups with the same group name but different security mode are different groups. For the details, see the following examples.

By default, the SNMP groups created using the snmp-agent group v3 command do not authenticate or encrypt packets.

Related commands: snmp-agent mib-view, snmp-agent usm-user.

Examples

# Create an SNMPv1 group named v1group.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent group v1 v1group

# Create an SNMPv3 group v3group, set the security mode to no authentication no privacy, and set the read view, write view and view in which traps can be sent to OSPF view.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent group v3 v3group read-view ospf write-view ospf notify-view ospf

# Create an SNMPv3 group v3group, set the security mode to authentication and privacy, and permit only access from the NMS whose IP address is 192.168.0.108 to the agent using ACL.

[Sysname] acl number 2001

[Sysname] rule 0 permit source 192.168.0.108 0

[Sysname] snmp-agent group v3 v3group privacy acl 2001

In this case, when you use the display snmp-agent group command to display group information, you can see that two groups with the name v3group are created, but their security modes are noAuthnoPriv and AuthPriv respectively.

<Sysname> display snmp-agent group

Group name: v3group

Security model: v3 noAuthnoPriv

Readview: ViewDefault

Writeview: ospf

Notifyview : ospf

Storage-type: ospf

Group name: v3group

Security model: v3 AuthPriv

Readview: ViewDefault

Writeview: <no specified>

Notifyview :<no specified>

Storage-type: nonVolatile

Acl:2001

1.1.14 snmp-agent local-engineid

Syntax

snmp-agent local-engineid engineid

undo snmp-agent local-engineid

View

System view

Parameters

engineid: Engine ID, an even number of hexadecimal characters, in the range 10 to 64.

Description

Use the snmp-agent local-engineid command to set an engine ID for the local SNMP entity.

Use the undo snmp-agent local-engineid command to restore the default engine ID.

By default, the engine ID of an SNMP entity is formed by appending the device information to the enterprise number. The device information can be determined according to the device, which can be an IP address, a MAC address, or a user-defined string comprising of hexadecimal digits.

The configurations with the snmp-agent usm-user v3 and snmp-agent calculate-password commands are related to engine ID. If you modify the engine ID, the corresponding configurations are invalid for the new engine ID.

Examples

# Set the local SNMP entity engine ID to 123456789A.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent local-engineid 123456789A

1.1.15 snmp-agent log

Syntax

snmp-agent log { set-operation | get-operation | all }

undo snmp-agent log { set-operation | get-operation | all }

View

System view

Parameters

set-operation: Logs the set operations.

get-operation: Logs the get operations.

all: Logs both the set operations and get operations.

Description

Use the snmp-agent log command to enable network management operation logging.

Use the undo snmp-agent log command to disable network management operation logging.

By default, network management operation logging is disabled.

After SNMP logging is enabled, when NMS performs specified operations on the SNMP agent, the SNMP agent records and then saves the information related to the operations into the information center of the device.

& Note:

l When SNMP logging is enabled on a device, SNMP logs are output to the information center of the device. With the output destinations of the information center set, the output destinations of SNMP logs will be decided.

l The severity level of SNMP logs is informational, that is, the logs are taken as general prompt information of the device. To view SNMP logs, you need to enable the information center to output system information with informational level.

l For detailed description on system information and information center, refer to the Information Center Configuration part in this manual.

Examples

# Enable logging for both the get and the set operations performed on the NMS.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent log all

1.1.16 snmp-agent mib-view

Syntax

snmp-agent mib-view { included | excluded } view-name oid-tree [ mask mask-value ]

undo snmp-agent mib-view view-name

View

System view

Parameters

included: Specifies that the MIB view includes this MIB subtree.

excluded: Specifies that the MIB view excludes this MIB subtree.

view-name: View name.

oid-tree: OID MIB subtree of a MIB subtree. It can be the ID of a node in OID MIB subtree (such as 1.4.5.3.1) or an OID (such as “system”).

mask mask-value: Mask of a MIB subtree, an even number of hexadecimal characters, in the range 2 to 32. An odd number of characters are invalid.

Description

Use snmp-agent mib-view command to create or update the information about a MIB view to limit the MIB objects the NMS can access.

Use the undo snmp-agent mib-view command to cancel the current setting.

Management Information Base (MIB) is a collection of all the managed objects. MIB view is a sub-set of MIB. You can bind a community name/username with a MIB view when configuring an agent, thus to control the MIB objects that NMS can access. You can configure the objects in the MIB view as excluded or included; excluded indicates that all the nodes on the subtree are excluded in the current MIB view, and included indicates that the current MIB includes all the nodes on the subtree.

By default, the view name is ViewDefault, which includes all the MIB objects under the ISO MIB subtree except snmpUsmMIB, snmpVacmMIB and snmpModules.18.

If you specify a mask value in hexadecimal number when creating a MIB view, each bit number of the mask value corresponds with each sub-OID of the MIB subtree OID, from left to right. In a binary mask value, 1 indicates exact matching, meaning the OID of the node to be accessed must be the same as the sub-OID at the corresponding position of the MIB subtree OID; 0 indicates fuzzy matching, meaning the OID of the node to be accessed is not necessarily the same as the sub-OID at the corresponding position of the MIB subtree OID.

Note the following when defining a MIB view with a mask:

l If the bit number of a mask value is more than the number of sub-OIDs of the MIB subtree OID, the bit number remains unchanged.

l If the bit number of a mask value is less than the number of sub-OIDs of the OID of a MIB subtree, the bit number is filled by 1(s) in a binary number by default.

l If no mask value is specified when you create a MIB view, the OID of the node to be accessed must be the same as the sub-OID at the corresponding position of the MIB subtree OID. The mask value is displayed as null when the system reads it.

You need to define the MIB view access right of the community name or group in the configuration of an SNMP community name or group name. For the configurations, refer to the snmp-agent community and snmp-agent group commands.

Examples

# Create an SNMP MIB view with the name of rip2, and MIB subtree of 1.3.6.1.2.1.23 to configure MIB view for the NMS to display or configure rip2.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent mib-view included rip2 1.3.6.1.2.1.23

# Create a read community name with the name of rip2read, and a write community name with the name of rip2write. Specify the MIB view as the configured rip2 MIB view, and the NMS using this community name to access the device can only display or configure rip2 related configurations.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname]snmp-agent community read rip2read mib-view rip2

[Sysname]snmp-agent community write rip2write mib-view rip2

# Create an SNMP MIB view with the name of view-a, MIB subtree of 1.3.6.1.5.4.3.4 and subtree mask of FE. MIB nodes with the OID of 1.3.6.1.5.4.3.x are included in this view, with x indicating any integer number.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent mib-view included view-a 1.3.6.1.5.4.3.4 mask FE

1.1.17 snmp-agent packet max-size

Syntax

snmp-agent packet max-size byte-count

undo snmp-agent packet max-size

View

System view

Parameters

byte-count: Maximum SNMP packet size (in bytes) to be set, ranging from 484 to 17,940.

Description

Use the snmp-agent packet max-size command to set the maximum SNMP packet size allowed by an agent.

Use undo snmp-agent packet max-size command to restore the default maximum SNMP packet size.

The configuration of the maximum SNMP packet size is to prevent giant packets being discarded due to existence of devices not supporting fragmentation on a routing path. Typically, the maximum size of a packet can keep the default value of 1500 bytes.

By default, the maximum SNMP packet size allowed by an agent is 1,500 bytes.

Examples

# Set the maximum SNMP packet size allowed by the agent to 1,042 bytes.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent packet max-size 1042

1.1.18 snmp-agent sys-info

Syntax

snmp-agent sys-info { contact sys-contact | location sys-location | version { { v1 | v2c | v3 }* | all } }

undo snmp-agent sys-info { contact [ location ] | location [contact ] | version { { v1 | v2c | v3 }* |all } }

View

System view

Parameters

sys-contact: Contact information for system maintenance, a string of up to 200 characters.

sys-location: Geographical location of the device, a string of up to 200 characters.

version: Specifies the SNMP version to be employed.

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

v3: Specifies SNMPv3.

all: Specifies all the SNMP versions available, that is, SNMPv1, SNMPv2c, and SNMPv3.

Description

Use the snmp-agent sys-info command to set the system information, including geographical location of the switch, contact information for system maintenance, and the SNMP version employed by the switch.

Use the undo snmp-agent sys-info location command to restore the default contact information and geographical location, or stop the running of the corresponding SNMP version.

If the switch fails, you can contact the switch manufacturer according to the system information.

The SNMP versions of the device and the NMS must be consistent; otherwise data exchange cannot be completed.

The device processes the SNMP messages of the corresponding SNMP version when the SNMP version is enabled on the device. If only SNMPv1 is enabled, while the device receives SNMPv2c messages, the messages will be discarded; if only SNMPv2c is enabled, the device discards the received SNMPv1 messages.

Multiple SNMP versions can be running the on the device at the same time to allow access of different NMSs.

By default, the contact information of an S3100 Ethernet switch is "Hangzhou H3C Technologies Co., Ltd.", the geographical location is "Hangzhou China", and the SNMP version employed is SNMPv3.

You can use the display snmp-agent sys-info command to display the current SNMP system information.

Examples

# Specify the contact information for system maintenance as Dial System Operator # 1234.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent sys-info contact Dial System Operator # 1234

1.1.19 snmp-agent target-host

Syntax

snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number ] params securityname security-string [ v1 | v2c | v3 [authentication | privacy ] ]

undo snmp-agent target-host ip-address securityname security-string

View

System view

Parameters

trap: Enables the host to receive SNMP traps.

address: Specifies the destination for the SNMP traps.

udp-domain: Specifies to use UDP to communicate with the target host.

ip-address: The IPv4 address of the host that is to receive the traps.

port-number: Number of the UDP port that is to receive the traps, in the range 1 to 65,535.

params: Specifies SNMP target host information to be used in the generation of SNMP traps.

security-string: SNMPv1/SNMPv2c community name or SNMPv3 username, a string of 1 to 32 characters.

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

v3: Specifies SNMPv3.

authentication: Configures to authenticate the packets without encryption.

privacy: Configures to authenticate and encrypt the packets.

Description

Use snmp-agent target-host command to set a destination host to receive the SNMP traps generated by the local device.

Use undo snmp-agent target-host command to cancel the current setting.

You can configure multiple destination hosts to receive traps with the command as needed.

To enable a device to send SNMP traps, the snmp-agent target-host command need to be coupled with a command among the snmp-agent trap enable command and the enable snmp trap updown command.

1) Use the snmp-agent trap enable or enable snmp trap updown command to specify the types of the SNMP traps a device can send (by default, a device can send all types of SNMP traps).

2) Use the snmp-agent target-host command to set the address of the destination for the SNMP traps.

Related commands: snmp-agent trap enable, snmp-agent trap source, and snmp-agent trap life.

Examples

# Enable sending SNMP traps to 10.1.1.1, and set the community name to public.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent trap enable standard

[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

1.1.20 snmp-agent trap enable

Syntax

View

System view

Parameters

configuration: Specifies to send configuration traps.

flash: Specifies to send Flash traps.

standard: Specifies to send SNMP standard notification or traps.

authentication: Specifies to send SNMP authentication failure traps in cases of authentication failures.

coldstart: Specifies to send SNMP cold start traps when the device is rebooted.

linkdown: Specifies to send SNMP linkDown traps when a port becomes down.

linkup: Specifies to send SNMP linkUp traps when a port becomes up.

warmstart: Specifies to send SNMP warm start traps when SNMP is newly launched.

system: Specifies to send H3C-SYS-MAN-MIB (proprietary MIB) traps.

Description

Use the snmp-agent trap enable command to enable a device to send SNMP traps that are of specified types.

Use the undo snmp-agent trap enable command to disable a device from sending SNMP traps that are of specified types.

By default, a device sends all types of SNMP traps.

The snmp-agent trap enable command need to be coupled with the snmp-agent target-host command. The snmp-agent target-host command specifies the destination hosts for SNMP traps. At least one destination host is required for SNMP traps.

Examples

# Enable sending of SNMP authentication failure traps, with the destination IP address being 10.1.1.1 and the community name being public.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent trap enable standard authentication

[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

1.1.21 snmp-agent trap ifmib

Syntax

snmp-agent trap ifmib link extended

undo snmp-agent trap ifmib link extended

View

System view

Parameters

None

Description

Use the snmp-agent trap ifmib link extended command to configure the extended trap. “Interface description” and “interface type” are added into the extended linkUp/linkDown trap.

Use the undo snmp-agent trap ifmib link extended command to restore the default setting.

By default, the linkUp/linkDown trap uses the standard format defined in IF-MIB (refer to RFC 1213 for detail). In this case, no MIB object name is added after the OID field of the MIB object.

Examples

# Before the configuration of the extended trap function, the trap information is as follows when a link is down:

#Apr 2 05:53:15:883 2000 H3C L2INF/2/PORT LINK STATUS CHANGE:- 1 -

Trap 1.3.6.1.6.3.1.1.5.3(linkDown): portIndex is 4227634, ifAdminStatus is 2, ifOperStatus is 2

#Apr 2 05:53:16:094 2000 H3C IFNET/5/TRAP:- 1 -1.3.6.1.6.3.1.1.5.3(linkDown) Interface 31 is Down

# Configure the extended linkUp/linkDown trap format to make traps include the interface description and interface type information.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent trap ifmib link extended

# After the configuration of the extended trap function, the trap information is as follows when a link is down:

#Apr 2 05:55:00:642 2000 H3C L2INF/2/PORT LINK STATUS CHANGE:- 1 -

Trap 1.3.6.1.6.3.1.1.5.3(linkDown): portIndex is 4227634, ifAdminStatus is 2, ifOperStatus is 2,ifDescr='Ethernet1/0/2', ifType=6

#Apr 2 05:55:00:893 2000 H3C IFNET/5/TRAP:- 1 -1.3.6.1.6.3.1.1.5.3(linkDown) Interface 31 is Down. ifAdminStatus=1, ifOperStatus=2, ifDescr='Vlan-interface1',ifType=136

The above output indicates that the interface description and interface type information is added into the traps, thus facilitating fault location.

1.1.22 snmp-agent trap life

Syntax

snmp-agent trap life seconds

undo snmp-agent trap life

View

System view

Parameters

seconds: SNMP trap aging time (in seconds) to be set, ranging from 1 to 2,592,000.

Description

Use the snmp-agent trap life command to set the SNMP trap aging time. SNMP traps exceeding the aging time will be discarded.

Use the undo snmp-agent trap life command to restore the default SNMP trap aging time.

By default, the SNMP trap aging time is 120 seconds.

The system discards the traps that timed out and not sent in the SNMP trap queue.

Related commands: snmp-agent trap enable, snmp-agent target-host.

Examples

# Set the SNMP trap aging time to 60 seconds.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent trap life 60

1.1.23 snmp-agent trap queue-size

Syntax

snmp-agent trap queue-size size

undo snmp-agent trap queue-size

View

System view

Parameters

size: The maximum number of traps that can be stored in the queue, an integer ranging from 1 to 1,000.

Description

Use the snmp-agent trap queue-size command to set the length of the queue of the SNMP traps to be sent to the destination.

Use the undo snmp-agent trap queue-size command to restore the default queue length.

By default, an SNMP trap queue can contain up to 100 SNMP traps.

After a trap is generated, it will enter the trap queue to be sent. The length of a trap queue decides the maximum number of traps in the queue. When a trap queue reaches the configured length, the newly generated traps will enter the queue, and the traps generated the earliest will be discarded.

Related commands: snmp-agent trap enable, snmp-agent target-host, and snmp-agent trap life.

Examples

# Set the SNMP trap queue length to 200.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent trap queue-size 200

1.1.24 snmp-agent trap source

Syntax

snmp-agent trap source interface-type interface-number

undo snmp-agent trap source

View

System view

Parameters

interface-type interface-number: Interface type and interface number. The source IP address of the trap is the IP address of this interface.

Description

Use the snmp-agent trap source command to configure the source address for the SNMP traps sent.

Use the undo snmp-agent trap source command to cancel the configuration.

By default, the outbound interface is determined by SNMP and the IP address of this interface is used as the source IP address of the traps.

After the command is executed, the system uses the primary IP address of the specified interface as the source IP address of the traps sent. Thus on the NMS you can use the IP address to uniquely identify the agent.

For example, although the agent uses different outbound interfaces to send traps, the NMS can still use the IP address to filter all the traps that the agent sends.

You can configure this command to track a specific event by the source addresses of SNMP traps.

& Note:

Before configuring an interface as the source interface for the SNMP traps sent, make sure the interface is assigned an IP address.

Related commands: snmp-agent trap enable, snmp-agent target-host.

Examples

# Configure VLAN-interface 1 as the source interface for the SNMP traps sent.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] snmp-agent trap source Vlan-interface 1

1.1.25 snmp-agent usm-user { v1 | v2c }

Syntax

snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]

undo snmp-agent usm-user { v1 | v2c } user-name group-name

View

System view

Parameters

v1: Creates an SNMPv1 user.

v2c: Creates an SNMPv2c user.

v3: Specifies to use SNMPv3 security mode.

user-name: Name of the user to be added, a string of 1 to 32 characters.

group-name: Name of the group corresponding to the user, a string of 1 to 32 characters.

Description

Use the snmp-agent usm-user { v1 | v2c } command to add a user to an SNMP group.

Use the undo snmp-agent usm-user { v1 | v2c } command to remove a user from an SNMP group.

This command is applicable to SNMPv1 and SNMPv2c, and is equal to using the snmp-agent community command to create a community.

As the SNMP protocol defines, in the networking of SNMPv1 and SNMPv2c, community name is used for authentication between NMS and agent, and in the networking of SNMPv3, username is used for authentication. If you want to configure a username and use the username for authentication, the device supports SNMPv1 and SNMPv2c users. Creating an SNMPv1 or SNMPv2c user is equal to adding a new community name. If you fill the newly created username into the community name field of the NMS, the NMS can establish a connection with the SNMP.

To make the configured user take effect, you must create a group first.

Related commands: snmp-agent group, snmp-agent community, and snmp-agent local-engineid.

Examples

# Create a group named readCom and an SNMPv2c user userv2c.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent group v2c readCom

[Sysname] snmp-agent usm-user v2c userv2c readCom

Specify the SNMP version of the NMS as SNMPv2c, fill the write community name field with userv2c. Then the NMS can access the agent.

# Create an SNMPv2c user userv2c in group readCom, permitting only the NMS with an IP address 1.1.1.1 to access the agent, and denying the access of other NMSs.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0

[Sysname-acl-basic-2001] rule deny source any

[Sysname-acl-basic-2001] quit

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent group v2c readCom

[Sysname] snmp-agent usm-user v2c userv2c readCom acl 2001

Specify the SNMP version of the NMS with an IP address 1.1.1.1 as SNMPv2c, fill the write community name field with userv2c. Then the NMS can access the agent.

1.1.26 snmp-agent usm-user v3

Syntax

snmp-agent usm-user v3 user-name group-name [ [ cipher ] authentication-mode { md5 | sha } auth-password [ privacy-mode { des56 | aes128 } priv-password ] ] [ acl acl-number ]

undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string }

View

System view

Parameters

user-name: Username, a string of 1 to 32 characters.

group-name: Name of the group corresponding to the user, a string of 1 to 32 characters.

cipher: Specifies the authentication password (auth-password) or encryption password (priv-password) to be in cipher text. The cipher text password can be calculated using the snmp-agent calculate-password command.

authentication-mode: Specifies the security mode as authentication required. If you do not specify this keyword, neither authentication nor encryption is performed.

md5: Uses HMAC MD5 algorithm for authentication.

sha: Uses HMAC SHA algorithm for authentication, which is securer than MD5.

auth-password: Authentication password, a string of 1 to 64 characters in plain text, a 32-bit hexadecimal number in cipher text if MD5 algorithm is used, and a 40-bit hexadecimal number in cipher text if SHA algorithm is used.

privacy: Specifies the security mode as encrypted.

des56: Specifies the encryption protocol as Data Encryption Standard (DES).

aes128: Specifies the encryption protocol as Advanced Encryption Standard (AES), which is securer than DES.

priv-password: Encryption password, a string of 1 to 64 characters in plain text, a 32-bit hexadecimal number in cipher text if MD5 algorithm is used, and a 40-bit hexadecimal number in cipher text if SHA algorithm is used.

acl-number: Binds a user with an ACL, where acl-number represents ACL number, in the range 2000 to 2999. Using ACLs can restrict the source addresses of SNMP messages, namely, permitting or refusing the SNMP messages with specific source addresses, thus restricting access between the NMS and the agent.

local: Specifies a local entity user.

engineid-string: Engine ID associated with the user, an even number of hexadecimal characters, in the range 10 to 64.

Description

Use the snmp-agent usm-user command to add a user to an SNMP group.

Use the undo snmp-agent usm-user command to remove a user from an SNMP group.

This command is applicable to SNMPv3. If the agent and the NMS communicate using SNMPv3 messages, you need to create an SNMPv3 user first.

To make the configured user take effect, you need to create a group first. You can configure whether to perform authentication or privacy when you create a group, and configure the algorithm and password for authentication or privacy when you create a user.

An SNMPv3 user is related the engine ID: if you change the engine ID after configuring a user, the user corresponding to the original engine ID becomes invalid.

Note that:

l If the password is in cipher text, the pri-password argument can be obtained by the snmp-agent calculate-password command. To make the calculated cipher text password applicable to the snmp-agent usm-user v3 cipher command, ensure that the same authentication algorithm is specified for the two commands and the local engine ID specified in the snmp-agent usm-user v3 cipher command is consistent with the SNMP entity engine ID specified in the snmp-agent calculate-password command.

l If you use the command repeatedly to configure the same user (namely, with the same username), the last configuration takes effect.

l You must enter a plain text password when the NMS accesses the device. Therefore, when you create a user, you need to memorize the username and the corresponding plain text password.

Related commands: snmp-agent group, snmp-agent community, snmp-agent local-engineid.

Examples

# Add a user named testUser to the SNMPv3 group named testGroup. Set the security mode to authentication without privacy, the authentication algorithm to md5, and authentication password authkey.

<Sysname> system-view

[Sysname] snmp-agent group v3 testGroup authentication

[Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey

On the NMS, set the version to SNMPv3, the username to testUser, the authentication algorithm to MD5, and the authentication password to authkey, and establish a connection with the device. Then the NMS can access the MIB objects in the view ViewDefault on the device.

# Add a user named testUser to the SNMPv3 group named testGroup. Set the security mode to authentication with privacy, the authentication algorithm to md5, the privacy algorithm to des56, the plain text authentication password to authkey, the plain text privacy password to prikey.

<Sysname> system-view

[Sysname] snmp-agent group v3 testgroup privacy

[Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey privacy-mode des56 prikey

On the NMS, set the version to SNMPv3, the username to testUser, the authentication algorithm to MD5, the authentication password to authkey, the privacy algorithm to DES, and the privacy password to prikey, and establish a connection with the device. Then the NMS can access the MIB objects in the view ViewDefault on the device.

# Add a user named testUser to the SNMPv3 group named testGroup in cipher mode (namely, the authentication and privacy passwords should be in cipher text). Set the security mode to authentication with privacy, the authentication algorithm to md5, the privacy algorithm to des56, the authentication password to authkey, and the cipher text privacy password to prikey.

<Sysname> system-view

[Sysname] snmp-agent group v3 testgroup privacy

[Sysname] snmp-agent calculate-password authkey mode md5 local-engineid

The secret key is: 09659EC5A9AE91BA189E5845E1DDE0CC

[Sysname] snmp-agent calculate-password prikey mode md5 local-engineid

The secret key is: 800D7F26E786C4BECE61BF01E0A22705

[Sysname] snmp-agent usm-user v3 testUser testGroup cipher authentication-mode md5 09659EC5A9AE91BA189E5845E1DDE0CC privacy-mode des56 800D7F26E786C4BECE61BF01E0A22705

Chapter 2 RMON Configuration Commands

2.1 RMON Configuration Commands

2.1.1 display rmon alarm

Syntax

display rmon alarm [ entry-number ]

View

Any view

Parameters

entry-number: Alarm entry index, in the range 1 to 65535.

Description

Use the display rmon alarm command to display the configuration of a specified alarm entry or all the alarm entries. The configuration information includes: sampling type, sampled node, sampling interval, rising and falling thresholds that trigger alarms, the condition under which an alarm is triggered, and the last sampled value.

Related commands: rmon alarm.

Examples

# Display the configuration of all the alarm entries.

<Sysname> display rmon alarm

Alarm table 1 owned by user1 is VALID.

Samples type : absolute

Variable formula : 1.3.6.1.2.1.16.1.1.1.4.1<etherStatsOctets.1>

Sampling interval : 20(sec)

Rising threshold : 100(linked with event 1)

Falling threshold : 10(linked with event 2)

When startup enables : risingOrFallingAlarm

Latest value : 5510006

Table 2-1 display rmon alarm command output description

Field	Description
Alarm table	Index of an entry in the alarm entry
user1	Entry owner: user1
Valid	The alarm entry identified by the index is valid.
Samples type	Sampling type, which can be absolute or delta
Variable formula	The sampled node
Sampling interval	Sampling interval, in seconds. The system performs absolute or delta sampling on the sampled node at this interval.
Rising threshold	Rising threshold. When the sampled value equals or exceeds the rising threshold, an alarm is triggered.
Falling threshold	Falling threshold. When the sampled value equals or falls under the falling threshold, an alarm is triggered.
When startup enables	The condition under which an alarm is triggered, which can be: l risingOrFallingAlarm: An alarm is triggered when the rising or falling threshold is reached. l risingAlarm: An alarm is triggered when the rising threshold is reached. l FallingAlarm: An alarm is triggered when the falling threshold is reached.
Latest value	The value of the latest sample

2.1.2 display rmon event

Syntax

display rmon event [ event-entry ]

View

Any view

Parameters

event-entry: RMON event entry index, in the range 1 to 65535. If you do not specify the event-entry argument, the configuration of all the RMON event entries is displayed.

Description

Use the display rmon event command to display the configuration of a specified RMON event entry.

RMON event information includes the following:

l Event entry index

l Event entry owner

l Event description

l The action triggered by the event (log or alarm messages)

l The time (in seconds) when the latest event is triggered (in terms of the time elapsed since the system is started/initialized).

Related commands: rmon event.

Examples

# Display the configuration of all the RMON event entries.

<Sysname> display rmon event

Event table 1 owned by user1 is VALID.

Description: null.

Will cause log-trap when triggered, last triggered at 0days 00h:02m:27s.

Table 2-2 display rmon event command output description

Field	Description
Event table	Index of an entry in the RMON event table
VALID	The status of the entry identified by the index is valid.
Description	RMON event description
Will cause log-trap when triggered	The event triggers logging and an alarm trap.
last triggered at	Time when the latest event is triggered

2.1.3 display rmon eventlog

Syntax

display rmon eventlog [ event-entry ]

View

Any view

Parameters

event-entry: RMON event entry index, in the range 1 to 65,535. If you do not specify the event-entry argument, the logs of all the RMON events are displayed.

Description

Use the display rmon eventlog command to display the log of an RMON event.

On creating an RMON event, you can configure to record the event information into the logbuffer when an event is triggered, thus facilitating displaying of the information. The recorded information includes:

l RMON event entry Index

l Current RMON event entry status

l The time (in seconds) when an event log is generated (in terms of the time elapsed since the system is started or initialized)

l RMON event description.

Examples

# Display the log generated by the event entry numbered 1.

<Sysname> display rmon eventlog 1

Event table 1 owned by user1 is VALID.

Generates eventLog 1.1 at 0days 00h:01m:39s.

Description: The 1.3.6.1.2.1.16.1.1.1.4.1 defined in alarm table 1,

less than(or =) 100 with alarm value 0. Alarm sample type is absolute.

Generates eventLog 1.2 at 0days 00h:02m:27s.

Description: The alarm formula defined in private alarm table 1,

less than(or =) 100 with alarm value 0. Alarm sample type is absolute.

Table 2-3 display rmon eventlog command output description

Field	Description
Event table	Index of an entry in the RMON event table
VALID	The status of the entry identified by the index is valid.
Generates eventLog 1.1 at 0days 00h:02m:27s	Time when the event is triggered. The event can be triggered for multiple times. 1.1 indicates the time when event 1 is first triggered.
Description	Description of the RMON event log

The above output indicates that two logs are generated due to event 1:

l Log 1.1 is generated from alarm entry 1, because the sampled value (0) of the alarm entry is lower than the falling threshold (100). The sampling type is absolute.

l Log 1.1 is generated from prialarm entry 1, because the sampled value (0) of the prialarm entry is lower than the falling threshold (100). The sampling type is absolute.

2.1.4 display rmon history

Syntax

display rmon history [ interface-type interface-number | unit unit-number ]

View

Any view

Parameters

interface-type: Interface type.

interface-number: Interface number.

unit unit-number: Specifies a unit number.

Description

Use the display rmon history command to display the RMON history information about a specified port. The information about the latest sample, including bandwidth utilization, the number of errors, the total number of packets, and so on, is also displayed.

After a history entry is created on a port, the system collects statistics of the port at a certain interval, and saves the information in the etherHistoryEntry table. You can use the command to display the records saved in the table.

If you do not provide the interface-type interface-number or unit-number argument, this command displays the RMON history information about all the ports/units.

Related commands: rmon history.

Examples

# Display the RMON history information about Ethernet 1/0/1.

<Sysname> display rmon history Ethernet 1/0/1

History control entry 1 owned by user1 is VALID

Samples interface : Ethernet1/0/1<ifIndex.4227625>

Sampling interval : 5(sec) with 10 buckets max

Latest sampled values :

Dropevents : 0 , octets : 10035

packets : 64 , broadcast packets : 35

multicast packets : 8 , CRC alignment errors : 0

undersize packets : 0 , oversize packets : 0

fragments : 0 , jabbers : 0

collisions : 0 , utilization : 0

Table 2-4 display rmon history command output description

Field	Description
History control entry	Index of an entry in the history control table
VALID	The status of the entry identified by the index is valid.
Samples interface	Interface on which statistics are collected
Sampling interval	Statistics interval in seconds. The system collects statistics of the port at this interval.
buckets	Number of the records in the history control table
Latest sampled values	Latest sampled values
dropevents	Number of the packet-dropping events
octets	Number of the received/transmitted bytes during sampling duration
packets	Number of the received/transmitted packets during sampling duration
broadcastpackets	Number of the broadcast packets
multicastpackets	Number of the multicast packets
CRC alignment errors	Number of the packet with CRC errors
undersize packets	Number of the undersize packets
oversize packets	Number of the oversize packets
fragments	Number of the undersize packets with CRC errors
jabbers	Number of the oversize packets with CRC errors
collisions	Number of the packets that cause collisions
utilization	Bandwidth utilization

2.1.5 display rmon prialarm

Syntax

display rmon prialarm [ prialarm-entry-number ]

View

Any view

Parameters

prialarm-entry-number: Extended alarm entry Index, in the range 1 to 65,535.

Description

Use the display rmon prialarm command to display the configuration of an RMON extended alarm entry. If you do not specify the prialarm-entry-number argument, the configuration of all the extended alarm entries is displayed.

The information in an extended alarm entry includes: sampling type, variable formula of the sampled node, sampling interval, rising and falling thresholds that trigger an alarm, the condition under which an alarm is triggered, and the last sampled value.

Related commands: rmon prialarm.

Examples

# Display the configuration of all the extended RMON alarm entries.

<Sysname> display rmon prialarm

Prialarm table 1 owned by user1 is VALID.

Samples type : absolute

Variable formula : ((.1.3.6.1.2.1.16.1.1.1.4.1)*100)

Description :

Sampling interval : 10(sec)

Rising threshold : 10000(linked with event 1)

Falling threshold : 2000(linked with event 1)

When startup enables : risingOrFallingAlarm

This entry will exist : forever.

Latest value : 0

Table 2-5 display rmon prialarm command output description

Field	Description
Prialarm table	Index of an entry in the extended alarm table
owned by user1	Entry owner: user 1
VALID	The alarm entry identified by the index is valid.
Samples type	Sampling type: absolute or delta
Variable formula	Variable formula of the sampled node
Description	Description
Sampling interval	Sampling interval in seconds. The system collects statistics of the port at this interval.
Rising threshold	Rising threshold. When the sampled value equals or exceeds the rising threshold, an alarm is triggered.
Falling threshold	Falling threshold. When the sampled value equals or falls under the falling threshold, an alarm is triggered.
Linked with event	Event index corresponding to an alarm
When startup enables: risingOrFallingAlarm	The condition under which an alarm is triggered, which can be: l risingOrFallingAlarm: An alarm is triggered when the rising or falling threshold is reached. l risingAlarm: An alarm is triggered when the rising threshold is reached. l FallingAlarm: An alarm is triggered when the falling threshold is reached.
This entry will exist: forever	Existing period. This entry can exist forever or exist in the specified cycle
Latest value	The value of the latest sample

2.1.6 display rmon statistics

Syntax

display rmon statistics [ interface-type interface-number | unit unit-number ]

View

Any view

Parameters

interface-type: Interface type.

interface-number: Interface number.

unit unit-number: Specifies a unit number.

Description

Use the display rmon statistics command to display the RMON statistics on a specified port or a specified unit. If you do not specify the port or the unit, this command displays the RMON statistics on all the ports or units.

The information displayed includes the number of:

l Collisions

l Packets with CRC errors

l Undersize/Oversize packets

l Broadcast/multicast packets

l Received bytes

l Received packets

Related commands: rmon statistics.

Examples

# Display the RMON statistics on Ethernet 1/0/1 port.

<Sysname> display rmon statistics Ethernet 1/0/1

Statistics entry 1 owned by user1-rmon is VALID.

Interface : Ethernet1/0/1<ifIndex.4227625>

etherStatsOctets : 30561 , etherStatsPkts : 217

etherStatsBroadcastPkts : 102 , etherStatsMulticastPkts : 25

etherStatsUndersizePkts : 0 , etherStatsOversizePkts : 0

etherStatsFragments : 0 , etherStatsJabbers : 0

etherStatsCRCAlignErrors : 0 , etherStatsCollisions : 0

etherStatsDropEvents (insufficient resources): 0

Packets received according to length:

64 : 177 , 65-127 : 27 , 128-255 : 2

256-511: 0 , 512-1023: 0 , 1024-1518: 11

Table 2-6 display rmon statistics command output description

Field	Description
Statistics entry	Index of the statistics information entry
VALID	The statistics table is valid.
Interface	Interface which the statistics is on
etherStatsOctets	Number of bytes received
etherStatsPkts	Number of the packets received
etherStatsBroadcastPkts	Number of broadcast packets received
etherStatsMulticastPkts	Number of multicast packets received
etherStatsUndersizePkts	Number of undersize packets received
etherStatsOversizePkts	Number of oversize packets received
etherStatsFragments	Number of undersize packets received with CRC errors
etherStatsJabbers	Number of oversize packets received with CRC errors
etherStatsCRCAlignErrors	Number of packets received with CRC errors
etherStatsCollisions	Number of the received packets that cause collisions
etherStatsDropEvents	Event about dropping packets
Packets received according to length	Number of the received packets that are of different lengths

2.1.7 rmon alarm

Syntax

rmon alarm entry-number alarm-variable sampling-time { delta | absolute } rising_threshold threshold-value1 event-entry1 falling_threshold threshold-value2 event-entry2 [ owner text ]

undo rmon alarm entry-number

View

System view

Parameters

entry-number: Index of the alarm entry to be added/removed, in the range 1 to 65535.

alarm-variable: Alarm variable, a string comprising 1 to 256 characters in dotted node OID format (such as 1.3.6.1.2.1.2.1.10.1). Only the variables that can be resolved to ASN.1 INTEGER data type (that is, INTEGER, Counter, Gauge, or TimeTicks) can be used as alarm variables.

sampling-time: Sampling interval (in seconds), in the range 5 to 65,535.

delta: Specifies to sample increments (that is, the current increment with regard to the latest sample)

absolute: Specifies to sample absolute values.

rising_threshold threshold-value1: Specifies the rising threshold. The threshold-value1 argument ranges from 0 to 2,147,483,647.

event-entry1: Index of the event entry corresponding to the rising threshold, in the range of 0 to 65535.

falling_threshold threshold-value2: Specifies the falling threshold. The threshold-value2 argument ranges from 0 to 2,147,483,647.

event-entry2: Index of the event entry corresponding to the falling threshold, in the range 0 to 65535.

owner text: Specifies the owner of the entry, a string of 1 to 127 characters.

Description

Use the rmon alarm command to add an alarm entry to the alarm table. If you do not specify the owner text keyword/argument combination, the owner of the entry is displayed as “null”.

Use the undo rmon alarm command to remove an alarm entry from the alarm table.

You can use the rmon alarm command to define an alarm entry so that a specific alarm event can be triggered under specific circumstances. The act (such as logging and sending traps to NMS) taken after an alarm event occurs is determined by the corresponding alarm entry.

& Note:

Before adding an alarm entry, make sure the events to be referenced in the alarm entry exist. Refer to the rmon event command for related information.

With an alarm entry defined in an alarm group, a network device performs the following operations accordingly:

l Sample the defined alarm variables (alarm-variable) once in each specified period, which is specified by the sampling-time argument.

l Comparing the sampled value with the set thresholds and performing the corresponding operations, as described in Table 2-7.

Table 2-7 Sample value and the corresponding operation

Comparison	Operation
The sample value is larger than or equal to the set upper threshold (threshold-value1)	Triggering the event identified by the event-entry1 argument
The sample value is smaller than the set lower threshold (threshold-value2)	Triggering the event identified by the event-entry2 argument

& Note:

l Before adding an alarm entry, you need to use the rmon event command to define the events to be referenced by the alarm entry.

l Make sure the node to be monitored exists before executing the rmon alarm command.

Examples

# Add the alarm entry numbered 1 as follows:

l The node to be monitored: 1.3.6.1.2.1.16.1.1.1.4.1

l Sampling interval: 10 seconds

l Upper threshold: 50

l The event-entry1 argument identifies event 1.

l Lower threshold: 5

l The event-entry2 argument identifies event 2

l Owner: user1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] rmon statistics 1

[Sysname-Ethernet1/0/1] quit

[Sysname] rmon event 1 log

[Sysname] rmon event 2 none

[Sysname] rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute rising_threshold 50 1 falling_threshold 5 2 owner user1

# Remove the alarm entry numbered 15 from the alarm table.

[Sysname] undo rmon alarm 15

2.1.8 rmon event

Syntax

rmon event event-entry [ description string ] { log | trap trap-community | log-trap log-trapcommunity | none } [ owner text ]

undo rmon event event-entry

View

System view

Parameters

event-entry: Event entry index, in the range of 1 to 65535.

description string: Specifies the event description, a string of 1 to 127 characters.

log: Logs events.

trap: Sends traps to the NMS.

trap-community: Community name of the NMS that receives the traps, a string of 1 to 127 characters.

log-trap: Logs the event and sends traps to the NMS.

log-trapcommunity: Community name of the NMS that receives the traps, a character string of 1 to 127 characters.

none: Specifies that the event triggers no action.

owner text: Specifies the owner of the event entry, a string of 1 to 127 characters.

Description

Use the rmon event command to add an entry to the event table. If you do not specify the owner text keyword/argument combination, the owner of the entry is displayed as “null”.

Use the undo rmon event command to remove an entry from the event table.

When adding an event entry to an event table, you need to specify the event index. You need also to specify the corresponding actions, including logging the event, sending traps to the NMS, and the both, for the network device to perform corresponding operation when an alarm referencing the event is triggered.

Examples

# Add the event entry numbered 10 to the event table and configure it to be a log event.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] rmon event 10 log

2.1.9 rmon history

Syntax

rmon history entry-number buckets number interval sampling-interval [ owner text ]

undo rmon history entry-number

View

Ethernet port view

Parameters

entry-number: History entry index, in the range of 1 to 65535.

buckets number: Specifies the size of the history table that corresponds to the entry, in the range 1 to 65535.

interval sampling-interval: Specifies the sampling interval (in seconds). The sampling-interval argument ranges from 5 to 3600.

owner text: Specifies the owner of the entry, a string of 1 to 127 characters.

Description

Use the rmon history command to add an entry to the history control table. If you do not specify the owner text keyword/argument combination, the owner of the entry is displayed as “null”.

Use the undo rmon history command to remove an entry from the history control table.

You can use the rmon history command to sample a specific port. You can also set the sampling interval and the number of the samples that can be saved. After you execute this command, the RMON system samples the port periodically and stores the samples for later retrieval. The sampled information includes utilization, the number of errors, and total number of packets.

You can use the display rmon history command to display the statistics of the history control table.

Examples

# Create the history control entry numbered 1 for Ethernet 1/0/1, with the table size being 10, the sampling interval being 5 seconds, and the owner being user1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname]interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1]rmon history 1 buckets 10 interval 5 owner user1

# Remove the history control entry numbered 15.

[Sysname-Ethernet1/0/1] undo rmon history 15

2.1.10 rmon prialarm

Syntax

rmon prialarm entry-number prialarm-formula prialarm-des sampling-timer { delta | absolute | changeratio } rising_threshold threshold-value1 event-entry1 falling_threshold threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ]

undo rmon prialarm entry-number

View

System view

Parameters

entry-number: Extended alarm entry index, in the range 1 to 65535.

prialarm-formula: Expression used to perform operations on the alarm variables, a string of 1 to 256 characters. The alarm variables in the expression must be represented by OIDs, for example, (.1.3.6.1.2.1.2.1.10.1)*8. The operations available are addition, subtraction, multiplication and division operations. The operation results are rounded to values that are of long integer type. To prevent invalid operation results, make sure the operation results of each step are valid long integers.

prialarm-des: Alarm description, a string of 1 to 128 characters.

sampling-timer: Sampling interval (in seconds), in the range 10 to 65535.

delta | absolute | changeratio: Specifies the sample type.

threshold-value1: Upper threshold, in the range 0 to 2147483647.

event-entry1: Index of the event entry that corresponds to the rising threshold, in the range 0 to 65535.

threshold-value2: Lower threshold, in the range 0 to 2147483647.

event-entry2: Index of the event entry that corresponds to the falling threshold, in the range 0 to 65535.

forever: Specifies the corresponding RMON alarm instance is valid permanently.

cycle: Specifies the corresponding RMON alarm instance is valid periodically.

cycle-period: Life time (in seconds) of the RMON alarm instance, in the range 0 to 2147483647.

owner text: Specifies the owner of the alarm entry, a string of 1 to 127 characters.

Description

Use the rmon prialarm command to create an extended entry in an extended RMON alarm table. If you do not specify the owner text keyword/argument combination, the owner of the entry is displayed as “null”.

Use the undo rmon prialarm command to remove an extended alarm entry.

& Note:

l Before adding an extended alarm entry, you need to use the rmon event command to define the events to be referenced by the entry.

l Make sure the node to be monitored exists before executing the rmon event command.

l You can define up to 50 extended alarm entries.

With an extended alarm entry defined in an extended alarm group, the device performs the following operations accordingly:

l Sampling the alarm variables referenced in the defined extended alarm expression (prialarm-formula) once in each period specified by the sampling-timer argument.

l Performing operations on the sampled values according to the defined extended alarm expression (prialarm-formula)

l Comparing the operation result with the set thresholds and perform corresponding operations, as described in Table 2-8.

Table 2-8 Operation result and corresponding operation

Comparison	Operation
The operation result is larger than or equal to the set upper threshold (threshold-value1)	Triggering the event identified by the event-entry1 argument
The operation result is smaller than or equal to the set lower threshold (threshold-value2)	Triggering the event identified by the event-entry2 argument

Examples

# Add the extended alarm entry numbered 2 as follows:

l Perform operations on the corresponding alarm variables using the expression ((1.3.6.1.2.1.16.1.1.1.4.1)*100).

l Sampling interval: 10 seconds

l Rising threshold: 50

l Falling threshold: 5

l Event 1 is triggered when the change ratio is larger than the rising threshold.

l Event 2 is triggered when the change ratio is less than the falling threshold.

l The alarm entry is valid forever.

l Entry owner: user1

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] rmon statistics 1

[Sysname-Ethernet1/0/1] quit

[Sysname] rmon prialarm 2 ((.1.3.6.1.2.1.16.1.1.1.4.1)*100) test 10 changeratio rising_threshold 50 1 falling_threshold 5 2 entrytype forever owner user1

# Remove the extended alarm entry numbered 2 from the extended alarm table.

[Sysname] undo rmon prialarm 2

2.1.11 rmon statistics

Syntax

rmon statistics entry-number [ owner text ]

undo rmon statistics entry-number

View

Ethernet port view

Parameters

entry-number: Statistics entry Index, in the range 1 to 65535.

owner text: Specifies the owner of the entry, a string of 1 to 127 characters.

Description

Use the rmon statistics command to add an entry to the statistics table. If you do not specify the owner text keyword/argument combination, the owner of the entry is displayed as “null”.

Use the undo rmon statistics command to remove an entry from the statistics table.

The RMON statistics management function is used to take statistics of the usage of the monitored ports and errors occurred on them. The statistics includes the number of the following items:

l Collisions

l Packets with CRC errors

l Undersize/Oversize packets

l Broadcast/Multicast packets

l Received packets

l Received bytes

& Note:

For each port, only one RMON statistics entry can be created. That is, if an RMON statistics entry was already created for a given port, you will fail to create a statistics entry with a different index for the port.

You can use the display rmon statistics command to display the information about the statistics entry.

Examples

# Add the statistics entry numbered 20 to take statistics of Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] rmon statistics 20

H3C S3100 Series Ethernet Switches Command Manual (For Soliton)(V1.02)

1.1.1 display snmp-agent

1.1.6 display snmp-agent sys-info

1.1.7 display snmp-agent trap-list

1.1.25 snmp-agent usm-user { v1 | v2c }

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us