08-SNMP Commands
Chapters Download (134.39 KB)
display snmp-agent local-engineid
snmp-agent trap if-mib link extended·
snmp-agent usm-user { v1 | v2c }
Syntax
display snmp-agent community [ read | write ]
View
Any view
Default Level
1: Monitor level
Parameters
read: Displays information about communities with read-only access right.
write: Displays information about communities with read and write access right.
Description
Use the display snmp-agent community command to display community information for SNMPv1 or SNMPv2c.
Examples
# Display information about all the communities that have been configured.
<Sysname> display snmp-agent community
Community name: aa
Group name: aa
Acl:2001
Storage-type: nonVolatile
Community name: bb
Group name: bb
Storage-type: nonVolatile
Community name: userv1
Group name: testv1
Storage-type: nonVolatile
Table 1-1 display snmp-agent community command output description
|
Field |
Description |
|
Community name |
Community name. l If a community name is created by using the snmp-agent community command, the community name is displayed. l If a community name is created by using the snmp-agent usm-user { v1 | v2c } command, the user name is displayed. |
|
Group name |
SNMP group name. l If a community name is created by using the snmp-agent community command, the group name and the community name are the same, which means the community name is displayed. l If a community name is created by using the snmp-agent usm-user { v1 | v2c } command, the name of the group to which the user belongs is displayed. |
|
Acl |
The number of the ACL in use. After an ACL is configured, only the Network Management Station (NMS) with the IP address that matches the ACL rule can access the device. |
|
Storage-type |
Storage type, which could be: l volatile: Information is lost if the system is rebooted l nonVolatile: Information is not lost if the system is rebooted l permanent: Information is not lost if the system is rebooted. Modification is permitted, but deletion is forbidden l readOnly: Information is not lost if the system is rebooted. Read only, that is, no modification, no deletion l other: Other storage types |
Syntax
display snmp-agent group [ group-name ]
View
Any view
Default Level
1: Monitor level
Parameters
group-name: Specifies the SNMP group name, a case sensitive string of 1 to 32 characters.
Description
Use the display snmp-agent group command to display information for the SNMPv3 agent group, including group name, security model, MIB view, storage type, and so on. Absence of the group-name parameter indicates that information about all groups is displayed.
Examples
# Display information about all SNMP agent groups.
<Sysname> display snmp-agent group
Group name: groupv3
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview: <no specified>
Storage-type: nonVolatile
Table 1-2 display snmp-agent group command output description
|
Field |
Description |
|
Group name |
SNMP group name |
|
Security model |
Security model of the SNMP group, which can be: l authPriv (authentication with privacy) l authNoPriv (authentication without privacy) l noAuthNoPriv (no authentication no privacy) |
|
Readview |
The read only MIB view associated with the SNMP group |
|
Writeview |
The writable MIB view associated with the SNMP group |
|
Notifyview |
The notify MIB view associated with the SNMP group, the view with entries that can generate traps |
|
Storage-type |
Storage type, which includes: volatile, nonVolatile, permanent, readOnly, and other. For detailed information, refer to Table 1-1. |
Syntax
display snmp-agent local-engineid
View
Any view
Default Level
1: Monitor level
Parameters
None
Description
Use the display snmp-agent local-engineid command to display the local SNMP agent engine ID.
SNMP engine ID identifies an SNMP entity uniquely within an SNMP domain. SNMP engine is an indispensable part of an SNMP entity. It provides the SNMP message allocation, message handling, authentication, and access control.
Examples
# Display the local SNMP agent engine ID.
<Sysname> display snmp-agent local-engineid
SNMP local EngineID: 800007DB7F0000013859
Syntax
display snmp-agent mib-view [ exclude | include | viewname view-name ]
View
Any view
Default Level
1: Monitor level
Parameters
exclude: Displays MIB view information of the excluded type.
include: Displays MIB view information of the included type.
viewname view-name: Displays MIB view information with a specified MIB view name, where view-name is the name of the specified MIB view.
Description
Use the display snmp-agent mib-view command to display MIB view information. Absence of parameters indicates that information for all MIB views will be displayed.
Examples
# Display all SNMP MIB views of the device.
<Sysname> display snmp-agent mib-view
View name:ViewDefault
MIB Subtree:iso
Subtree mask:
Storage-type: nonVolatile
View Type:included
View status:active
View name:ViewDefault
MIB Subtree:snmpUsmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpVacmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpModules.18
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
ViewDefault is the default view of the device. When you access the device through the ViewDefault view, you can access all the MIB objects of the iso subtree except for the MIB objects under the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees.
Table 1-3 display snmp-agent mib-view command output description
|
Field |
Description |
|
View name |
MIB view name |
|
MIB Subtree |
MIB subtree corresponding to the MIB view |
|
Subtree mask |
MIB subtree mask |
|
Storage-type |
Storage type |
|
View Type |
View type, which can be included or excluded: l Included indicates that all nodes of the MIB tree are included in current view. In other words, you are allowed to access all the MIB objects of the subtree. l Excluded indicates that none of the nodes of the MIB tree are included in current view. In other words, you are allowed to access none of the MIB objects of the subtree. |
|
View status |
The status of MIB view |
Syntax
display snmp-agent statistics
View
Any view
Default Level
1: Monitor level
Parameters
None
Description
Use the display snmp-agent statistics command to display SNMP statistics.
Examples
# Display the statistics of the current SNMP.
<Sysname> display snmp-agent statistics
1684 Messages delivered to the SNMP entity
5 Messages which were for an unsupported version
0 Messages which used a SNMP community name not known
0 Messages which represented an illegal operation for the community supplied
0 ASN.1 or BER errors in the process of decoding
1679 Messages passed from the SNMP entity
0 SNMP PDUs which had badValue error-status
0 SNMP PDUs which had genErr error-status
0 SNMP PDUs which had noSuchName error-status
0 SNMP PDUs which had tooBig error-status (Maximum packet size 1500)
16544 MIB objects retrieved successfully
2 MIB objects altered successfully
7 GetRequest-PDU accepted and processed
7 GetNextRequest-PDU accepted and processed
1653 GetBulkRequest-PDU accepted and processed
1669 GetResponse-PDU accepted and processed
2 SetRequest-PDU accepted and processed
0 Trap PDUs accepted and processed
0 Alternate Response Class PDUs dropped silently
0 Forwarded Confirmed Class PDUs dropped silently
Table 1-4 display snmp-agent statistics command output description
|
Field |
Description |
|
Messages delivered to the SNMP entity |
Number of packets delivered to the SNMP agent |
|
Messages which were for an unsupported version |
Number of packets from a device with an SNMP version that is not supported by the current SNMP agent |
|
Messages which used a SNMP community name not known |
Number of packets that use an unknown community name |
|
Messages which represented an illegal operation for the community supplied |
Number of packets carrying an operation that the community has no right to perform |
|
ASN.1 or BER errors in the process of decoding |
Number of packets with ASN.1 or BER errors in the process of decoding |
|
Messages passed from the SNMP entity |
Number of packets sent by the SNMP agent |
|
SNMP PDUs which had badValue error-status |
Number of SNMP PDUs with a badValue error |
|
SNMP PDUs which had genErr error-status |
Number of SNMP PDUs with a genErr error |
|
SNMP PDUs which had noSuchName error-status |
Number of PDUs with a noSuchName error |
|
SNMP PDUs which had tooBig error-status (Maximum packet size 1500) |
Number of PDUs with a tooBig error (the maximum packet size is 1,500 bytes) |
|
MIB objects retrieved successfully |
Number of MIB objects that have been successfully retrieved |
|
MIB objects altered successfully |
Number of MIB objects that have been successfully modified |
|
GetRequest-PDU accepted and processed |
Number of get requests that have been received and processed |
|
GetNextRequest-PDU accepted and processed |
Number of getNext requests that have been received and processed |
|
GetBulkRequest-PDU accepted and processed |
Number of getBulk requests that have been received and processed |
|
GetResponse-PDU accepted and processed |
Number of get responses that have been received and processed |
|
SetRequest-PDU accepted and processed |
Number of set requests that have been received and processed |
|
Trap PDUs accepted and processed |
Number of traps that have been received and processed |
|
Alternate Response Class PDUs dropped silently |
Number of dropped response packets |
|
Forwarded Confirmed Class PDUs dropped silently |
Number of forwarded packets that have been dropped |
Syntax
display snmp-agent sys-info [ contact | location | version ] *
View
Any view
Default Level
1: Monitor level
Parameters
contact: Displays the contact information of the current network administrator.
location: Displays the location information of the current device.
version: Displays the version of the current SNMP agent.
Description
Use the display snmp-agent sys-info command to display the current SNMP system information.
If no keyword is specified, all SNMP agent system information is displayed.
Examples
# Display the current SNMP agent system information.
<Sysname> display snmp-agent sys-info
The contact person for this managed node:
Hangzhou H3C Technologies Co., Ltd.
The physical location of this node:
Hangzhou, China
SNMP version running in the system:
SNMPv3
Syntax
display snmp-agent trap queue
View
Any view
Default Level
1: Monitor level
Parameters
None
Description
Use the display snmp-agent trap queue command to display basic information of the trap queue, including trap queue name, queue length and the number of traps in the queue currently.
Related commands: snmp-agent trap life, snmp-agent trap queue-size.
Examples
# Display the current configuration and usage of the trap queue.
<Sysname> display snmp-agent trap queue
Queue name: SNTP
Queue size: 100
Message number: 6
Table 1-5 display snmp-agent trap queue command output description
|
Field |
Description |
|
Queue name |
Trap queue name |
|
Queue size |
Trap queue size |
|
Message number |
Number of traps in the current trap queue |
Syntax
display snmp-agent trap-list
View
Any view
Default Level
1: Monitor level
Parameters
None
Description
Use the display snmp-agent trap-list command to display the modules that can generate traps and whether their trap function is enabled or not. If a module comprises multiple sub-modules, the whole module is displayed as enabled with the trap function as long as one sub-module has the trap function enabled.
Related commands: snmp-agent trap enable.
Examples
# Display the modules that can generate traps and whether their trap function is enabled or not.
<Sysname> display snmp-agent trap-list
acfp trap enable
bfd trap enable
bgp trap enable
configuration trap enable
flash trap enable
ospf trap enable
standard trap enable
system trap enable
vrrp trap enable
Enable traps: 9; Disable traps: 0
In the above output, enable indicates that the module is allowed to generate traps whereas disable indicates the module is not allowed to generate traps. You can configure the trap function (enable or disable) of each module at the command line interface (CLI).
Syntax
display snmp-agent usm-user [ engineid engineid | username user-name | group group-name ] *
View
Any view
Default Level
1: Monitor level
Parameters
engineid engineid: Displays SNMPv3 user information for a specified engine ID, where engineid indicates the SNMP engine ID. When an SNMPv3 user is created, the system records the current local SNMP entity engine ID of the device. If the engine ID is modified, the user becomes invalid and becomes valid again if the engine ID is restored.
username user-name: Displays SNMPv3 user information for a specified user name. It is case sensitive.
group group-name: Displays SNMPv3 user information for a specified SNMP group name. It is case sensitive.
Description
Use the display snmp-agent usm-user command to display SNMPv3 user information.
Examples
# Display SNMPv3 information of all created users.
<Sysname> display snmp-agent usm-user
User name: userv3
Group name: mygroupv3
Engine ID: 800063A203000FE240A1A6
Storage-type: nonVolatile
UserStatus: active
User name: userv3code
Group name: groupv3code
Engine ID: 800063A203000FE240A1A6
Storage-type: nonVolatile
UserStatus: active
Table 1-6 display snmp-agent usm-user command output description
|
Field |
Description |
|
User name |
SNMP user name |
|
Group name |
SNMP group name |
|
Engine ID |
Engine ID for an SNMP entity |
|
Storage-type |
Storage type, which can be the following: l volatile l nonvolatile l permanent l readOnly l other See Table 1-1 for details. |
|
UserStatus |
SNMP user status |
Syntax
enable snmp trap updown
undo enable snmp trap updown
View
Interface view
Default Level
2: System level
Parameters
None
Description
Use the enable snmp trap updown command to enable the trap function for interface state changes.
Use the undo enable snmp trap updown command to disable the trap function for interface state changes.
By default, the trap function for interface state changes is enabled.
Note that:
To enable an interface to generate linkUp/linkDown traps when its state changes, enable the linkUp/linkDown trap function on the interface and globally. To enable this function on an interface, use the enable snmp trap updown command. To enable this function globally, use the snmp-agent trap enable [ standard [ linkdown | linkup ] * ] command.
Related commands: snmp-agent target-host, snmp-agent trap enable.
Examples
# Enable the sending of linkUp/linkDown SNMP traps on port GigabitEthernet 1/0/1 and use the community name public.
<Sysname> system-view
[Sysname] snmp-agent trap enable
[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] enable snmp trap updown
Syntax
snmp-agent
undo snmp-agent
View
System view
Default Level
3: Manage level
Parameters
None
Description
Use the snmp-agent command to enable SNMP agent.
Use the undo snmp-agent command to disable SNMP agent.
By default, SNMP agent is disabled.
To enable SNMP agent, use any commands that begin with snmp-agent.
Examples
# Enable SNMP agent on the device.
<Sysname> system-view
[Sysname] snmp-agent
Syntax
snmp-agent calculate-password plain-password mode { 3desmd5 | 3dessha | md5 | sha } { local-engineid | specified-engineid engineid }
View
System view
Default Level
3: Manage level
Parameters
plain-password: Plain text password to be encrypted.
mode: Specifies the encryption algorithm and authentication algorithm. The three encryption algorithms Advanced Encryption Standard (AES), triple data encryption standard (3DES), and Data Encryption Standard (DES) are in descending order in terms of security. Higher security means more complex implementation mechanism and lower speed. DES is enough to meet general requirements. Message-Digest Algorithm 5 (MD5) and Secure Hash Algorithm (SHA-1) are the two authentication algorithms. MD5 is faster than SHA-1, while SHA-1 provides higher security than MD5.
l 3desmd5: Converts a plain text encryption password to a cipher text encryption password. In this case, the authentication protocol must be MD5, and the encryption algorithm must be 3DES.
l 3dessha: Converts a plain text encryption password to a cipher text encryption password. In this case, the authentication protocol must be SHA-1, and the encryption algorithm must be 3DES.
l md5: Converts a plain text authentication password to a cipher text authentication password. In this case, the authentication protocol must be MD5. Or, this algorithm can convert the plain text encryption password to a cipher text encryption password, In this case, the authentication protocol must be MD5, and the encryption algorithm can be either AES or DES (when the authentication protocol is specified as MD5, cipher text passwords are the same by using the encryption algorithms AES and DES).
l sha: Converts the plain text authentication password to a cipher text authentication password. In this case, the authentication protocol must be SHA-1. Or, this algorithm can convert the plain text encryption password to a cipher text encryption password, In this case, the authentication protocol must be SHA-1, and the encryption algorithm can be either AES or DES (when the authentication protocol is specified as SHA-1, cipher text passwords are the same by using the encryption algorithms AES and DES).
local-engineid: Uses local engine ID to calculate cipher text password. For engine ID-related configuration, refer to the snmp-agent local-engineid command.
specified-engineid: Uses user-defined engine ID to calculate cipher text password.
engineid: The engine ID string, an even number of hexadecimal characters, in the range 10 to 64. Its length must not be an odd number, and the all-zero and all-F strings are invalid.
Description
Use the snmp-agent calculate-password command to convert the user-defined plain text password to a cipher text password.
Note that:
l The cipher text password converted with the sha keyword specified in this command is a string of 40 hexadecimal characters. For an authentication password, all of the 40 hexadecimal characters are valid; while for a privacy password, only the first 32 hexadecimal characters are valid.
l Enable SNMP on the device before executing the command.
When creating an SNMPv3 user, if you specify to use the cipher text authentication/encryption password, this command to generate a cipher text password.
The converted password is associated with the engine ID. In other words, the password is valid only under the specified engine ID based on which the password was configured.
Related commands: snmp-agent usm-user v3.
Examples
# Use local engine ID and MD5 authentication protocol to convert the plain text password authkey.
<Sysname> system-view
[Sysname] snmp-agent calculate-password authkey mode md5 local-engineid
The secret key is: 09659EC5A9AE91BA189E5845E1DDE0CC
Syntax
snmp-agent community { read | write } community-name [ acl acl-number | mib-view view-name ] *
undo snmp-agent community { read | write } community-name
View
System view
Default Level
3: Manage level
Parameters
read: Indicates that the community has read only access right to the MIB objects. In other words, the NMS can perform read-only operations when it uses this community name to access the agent.
write: Indicates that the community has read and write access right to the MIB objects. In other words, the NMS can perform read and write operations when it uses this community name to access the agent.
community-name: Community name, which is a string of 1 to 32 characters.
acl acl-number: Associates a basic ACL with the community name. acl-number is in the range 2,000 to 2,999. By using an ACL, you can configure to allow or prohibit the access to the agent from the NMS with the specified source IP address.
mib-view view-name: Specifies the MIB view name associated with community-name, where view-name represents the MIB view name, a string of 1 to 32 characters. If no keyword is specified, the default view is ViewDefault (The view created by the system after SNMP agent is enabled).
Description
Use the snmp-agent community command to create a new SNMP community. Parameters to be configured include access right, community name, ACL, and accessible MIB views.
Use the undo snmp-agent community command to delete a specified community.
The community name configured with this command is only valid for the SNMP v1 and v2c agent.
A community comprises NMSs and SNMP agents, and is identified by the community name, which functions as a password. In a community, devices use community name for authentication. The NMS and the SNMP agent can access each other only when they are configured with the same community name. Typically, public is used as the read-only community name, and private is used as the read and write community name. For security, you are recommended to configure a community name other than public and private.
l Keyword acl specifies that only the NMS with a qualified IP address can access the agent.
l Argument community-name specifies the community name used by the NMS when it accesses the agent.
l Keyword mib-view specifies the MIB objects which the NMS can access.
l Keywords read and write specify the access type.
Related commands: snmp-agent mib-view.
Examples
# Create a community with the name of readaccess, allowing read-only access right by using this community name.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v1 v2c
[Sysname] snmp-agent community read readaccess
l Set the SNMP version on the NMS to SNMPv1 or SNMPv2c
l Fill in the read-only community name readaccess
l Establish a connection, and the NMS can perform read-only operations to the MIB objects in the ViewDefault view on the device
# Create a community with the name of writeaccess, allowing only the NMS with the IP address of 1.1.1.1 to configure the values of the agent MIB objects by using this community name; other NMSs are not allowed to perform the write operations by using this community name.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0
[Sysname-acl-basic-2001] rule deny source any
[Sysname-acl-basic-2001] quit
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent community write writeaccess acl 2001
l Set the IP address of the NMS to 1.1.1.1
l Set the SNMP version on the NMS to SNMPv2c
l Fill in the write community name writeaccess. In other words, the NMS can perform read-only operations to the MIB objects in the ViewDefault view on the device
# Create a community with the name of wr-sys-acc. The NMS can perform the read and write operations to the MIB objects of the system subtree (with the OID of 1.3.6.1.2.1.1).
<Sysname> system-view
[Sysname] snmp-agent sys-info version v1 v2c
[Sysname] snmp-agent mib-view included test system
[Sysname] snmp-agent community write wr-sys-acc mib-view system
l Set the SNMP version on the NMS to SNMPv1 or SNMPv2c
l Fill in the write community name wr-sys-acc.
l Establish a connection, and the NMS can perform read and write operations to the MIB objects in system view on the device
Syntax
The following syntax applies to SNMPv1 and SNMP v2c:
snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group { v1 | v2c } group-name
The following syntax applies to SNMPv3:
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
View
System view
Default Level
3: Manage level
Parameters
v1: SNMPv1.
v2c: SNMPv2c.
v3: SNMPv3.
group-name: Group name, a string of 1 to 32 characters.
authentication: Specifies the security model of the SNMP group to be authentication only (without privacy).
privacy: Specifies the security model of the SNMP group to be authentication and privacy.
read-view read-view: Read view, a string of 1 to 32 characters. The default read view is ViewDefault.
write-view write-view: Write view, a string of 1 to 32 characters. By default, no write view is configured, which means the NMS cannot perform the write operations to all MIB objects on the device.
notify-view notify-view: Notify view, for sending traps, a string of 1 to 32 characters. By default, no notify view is configured, which means the agent does not send traps to the NMS.
acl acl-number: Associates a basic ACL with the group. acl-number is in the range 2000 to 2999. By using a basic ACL, you can restrict the source IP address of SNMP packets. In other words, you can configure to allow or prohibit SNMP packets with a specific source IP address to restrict the intercommunication between the NMS and the agent.
Description
Use the snmp-agent group command to configure a new SNMP group and specify its access right.
Use the undo snmp-agent group command to delete a specified SNMP group.
By default, SNMP groups configured by the snmp-agent group v3 command use a no-authentication-no-privacy security model.
An SNMP group defines security model, access right, and so on. A user in this SNMP group has all these public properties.
Related commands: snmp-agent mib-view, snmp-agent usm-user.
Examples
# Create an SNMP group group1 on an SNMPv3 enabled device, no authentication, no privacy.
<Sysname> system-view
[Sysname] snmp-agent group v3 group1
Syntax
snmp-agent local-engineid engineid
undo snmp-agent local-engineid
View
System view
Default Level
3: Manage level
Parameters
engineid: Engine ID, an even number of hexadecimal characters, in the range 10 to 64. Its length must not be an odd number, and the all-zero and all-F strings are invalid.
Description
Use the snmp-agent local-engineid command to configure a local engine ID for an SNMP entity.
Use the undo snmp-agent local-engineid command to restore the default local engine ID.
By default, the engine ID of a device is the combination of company ID and device ID. Device ID varies by product; it could be an IP address, a MAC address, or a self-defined string of hexadecimal numbers.
An engine ID has two functions:
l For all devices managed by one NMS, each device needs a unique engine ID to identify the SNMP agent. By default, each device has an engine ID. The network administrator has to ensure that there is no repeated engine ID within an SNMP domain.
l In SNMPv3, the user name and cipher text password are associated with the engine ID. Therefore, if the engine ID changes, the user name and cipher text password configured under the engine ID become invalid.
Typically, the device uses its default engine ID. For ease of remembrance, set engine IDs for the devices according to the network planning. For example, if both device 1 and device 2 are on the first floor of building A, set the engine ID of device 1 to 000Af0010001, and that of device 2 to 000Af0010002.
Related commands: snmp-agent usm-user.
Examples
# Configure the local engine ID as 123456789A.
<Sysname> system-view
[Sysname] snmp-agent local-engineid 123456789A
Syntax
snmp-agent log { all | get-operation | set-operation }
undo snmp-agent log { all | get-operation | set-operation }
View
System view
Default Level
3: Manage level
Parameters
all: Enables logging of SNMP GET and SET operations.
get-operation: Enables logging of SNMP GET operation.
set-operation: Enables logging of SNMP SET operation.
Description
Use the snmp-agent log command to enable SNMP logging.
Use the undo snmp-agent log command to restore the default.
By default, SNMP logging is disabled.
If specified SNMP logging is enabled, when the NMS performs a specified operation to the SNMP agent, the latter records the operation-related information and saves it to the information center. With parameters for the information center set, output rules of the SNMP logs are determined (that is, whether logs are permitted to output and the output destinations).
Examples
# Enable logging of SNMP GET operation.
<Sysname> system-view
[Sysname] snmp-agent log get-operation
# Enable logging of SNMP SET operation.
<Sysname> system-view
[Sysname] snmp-agent log set-operation
Syntax
snmp-agent mib-view { excluded | included } view-name oid-tree [ mask mask-value ]
undo snmp-agent mib-view view-name
View
System view
Default Level
3: Manage level
Parameters
excluded: Indicates that no nodes of the MIB tree are included in current view.
included: Indicates that all nodes of the MIB tree are included in current view.
view-name: View name, a string of 1 to 32 characters.
oid-tree: MIB subtree, identified by the OID of the subtree root node, such as 1.4.5.3.1, or the name of the subtree root node, such as “system”. OID is made up of a series of integers, which marks the position of the node in the MIB tree and uniquely identifies a MIB object.
mask mask-value: Mask for a MIB subtree, in the range 1 to 32 hexadecimal digits. It must be an even digit.
Description
Use the snmp-agent mib-view command to create or update MIB view information so that MIB objects can be specified.
Use the undo snmp-agent mib-view command to delete the current configuration.
By default, MIB view name is ViewDefault.
MIB view is a subset of MIB, and it may include all nodes of a MIB subtree (that is, the access to all nodes of this MIB subtree is permitted), or may exclude all nodes of a MIB subtree, which means the access to all nodes of this MIB subtree is forbidden.
To view the access right of the default view, use the display snmp-agent mib-view command.. To remove the default view, use the undo snmp-agent mib-view command, but you may not be able to read or write all MIB nodes on the agent.
Related commands: snmp-agent group.
Examples
# Create a MIB view mibtest, which includes all objects of the subtree mib-2, and excludes all objects of the subtree ip.
<Sysname> system-view
[Sysname] snmp-agent mib-view included mibtest 1.3.6.1
[Sysname] snmp-agent mib-view excluded mibtest ip
[Sysname] snmp-agent community read public mib-view mibtest
If the SNMP version on the NMS is set to SNMPv1, when the NMS uses the community name public to access the device, it cannot access all objects of the ip subtree (such as the ipForwarding node, the ipDefaultTTL node, and so on), but it can access all objects of the mib-2 subtree.
Syntax
snmp-agent packet max-size byte-count
undo snmp-agent packet max-size
View
System view
Default Level
3: Manage level
Parameters
byte-count: Maximum size of the SNMP packets that can be received or sent by the agent, in the range 484 to 17,940.
Description
Use the snmp-agent packet max-size command to configure the maximum size of the SNMP packets that can be received or sent by the agent.
Use the undo snmp-agent packet max-size command to restore the default packet size.
By default, the maximum size of the SNMP packets that can be received or sent by the agent is 1,500 bytes.
If devices that do not support fragmentation exist on the routing path between the NMS and the agent, use the command to configure the maximum SNMP packet size, preventing giant packets from being discarded.
Typically, you are recommended to apply the default value.
Examples
# Configure the maximum size of the SNMP packets that can be received or sent by the SNMP agent as 1,042 bytes.
<Sysname> system-view
[Sysname] snmp-agent packet max-size 1042
Syntax
snmp-agent sys-info { contact sys-contact | location sys-location | version { all | { v1 | v2c | v3 }* } }
undo snmp-agent sys-info { contact | location | version { all | { v1 | v2c | v3 }* } }
View
System view
Default Level
3: Manage level
Parameters
contact sys-contact: A string of 1 to 200 characters that describes the contact information for system maintenance.
location sys-location: A string of 1 to 200 characters that describes the location of the device.
version: The SNMP version in use.
l all: Specifies SNMPv1, SNMPv2c, and SNMPv3.
l v1: SNMPv1.
l v2c: SNMPv2c.
l v3: SNMPv3.
Description
Use the snmp-agent sys-info command to configure system information, including the contact information, the location, and the SNMP version in use.
Use the undo snmp-agent sys-info contact and undo snmp-agent sys-info location command to restore the default.
Use the undo snmp-agent sys-info version command to disable use of the SNMP function of the specified version.
By default, the location information is Hangzhou China, version is SNMPv3, and the contact information is Hangzhou H3C Technologies Co., Ltd.
The device can process the SNMP packets of the corresponding version only if SNMP of a specific version is enabled. If SNMPv1 is enabled, the device drops the received SNMPv2c packets; if SNMPv2c is enabled, the device drops the received SNMPv1 packets. To enable the device to communicate with different NMSs, enable SNMP of different versions on a device.
Related commands: display snmp-agent sys-info.
Network maintenance engineers can use the system contact information to get in touch with the manufacturer in case of network failures. The system location information is a management variable under the system branch as defined in RFC1213-MIB, identifying the location of the managed object.
Examples
# Configure the contact information as “Dial System Operator at beeper # 27345”.
<Sysname> system-view
[Sysname] snmp-agent sys-info contact Dial System Operator at beeper # 27345
Syntax
snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ]
undo snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ]
View
System view
Default Level
3: Manage level
Parameters
trap: Specifies the host to be the target host that receives traps and notifications from the device.
address: Specifies the destination IP address in the SNMP messages sent from the device.
udp-domain: Indicates that the trap is transmitted using UDP.
ip-address: The IPv4 address of the trap target host.
ipv6 ipv6-address: Specifies the IPv6 address of the trap target host.
udp-port port-number: Specifies the number of the port on the target host to receive traps. The value defaults to 162.
vpn-instance vpn-instance-name: Specifies the VPN where the target host resides, where vpn-instance-name indicates the VPN instance name and is a case sensitive string of 1 to 31 characters. It is applicable only in a network supporting IPv4. If you execute the command with the vpn-instance vpn-instance-name parameter, add the agent into this VPN domain, and ensure that the route between the agent and the NMS is available.
params securityname security-string: Specifies the authentication related parameter, which is an SNMPv1 or SNMPv2c community name or an SNMPv3 user name, a string of 1 to 32 characters.
v1: SNMPv1. This keyword must be the same as the SNMP version on the NMS; otherwise, the NMS cannot receive any trap.
v2c: SNMPv2c. This keyword must be the same as the SNMP version on the NMS; otherwise, the NMS cannot receive any trap.
v3: SNMPv3. This keyword must be the same as the SNMP version on the NMS; otherwise, the NMS cannot receive any trap.
l authentication: Specifies the security model to be authentication without privacy. Authentication is a process to check whether the packet is integral and whether it has been tampered. Configure the authentication password when creating an SNMPv3 user.
l privacy: Specifies the security model to be authentication with privacy. Privacy is to encrypt the data part of a packet to prevent it from being intercepted. Configure the authentication password and privacy password when creating an SNMPv3 user.
Description
Use the snmp-agent target-host command to configure the related settings for a trap target host.
Use the undo snmp-agent target-host command to remove the current settings. According to the networking requirements, use this command for multiple times to configure different settings for a target host, enabling the device to send trap messages to different NMSs. The number of target hosts that can be configured is 20.
l If udp-port port-number is not specified, port number 162 is used. Port 162 is the SNMP-specified port used for receiving traps on the NMS. Generally (such as using iMC or MIB Browser as the NMS), use the default port number. To change this parameter to another value, make sure that the configuration is the same as that on the NMS.
l If the key words v1, v2 and v3 are not specified, v1 is used.
l If the key words authentication and privacy are not specified, the authentication mode is no authentication, no privacy.
Related commands: enable snmp trap updown, snmp-agent trap enable, snmp-agent trap source, snmp-agent trap life.
Examples
# Enable the device to send SNMPv1 traps to 10.1.1.1, using the community name of public.
<Sysname> system-view
[Sysname] snmp-agent trap enable standard
[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public
# Enable the device to send SNMPv3 traps to the device with the IP address of 10.1.1.1, using the user name of v3test.
<Sysname> system-view
[Sysname] snmp-agent trap enable standard
[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 vpn-instance vpn1 params securityname v3test v3
Syntax
snmp-agent trap enable [ acfp [ client | policy | rule | server ] | bfd | bgp | configuration | flash | ospf [ process-id ] [ ifauthfail | ifcfgerror | ifrxbadpkt | ifstatechange | iftxretransmit | lsdbapproachoverflow | lsdboverflow | maxagelsa | nbrstatechange | originatelsa | vifcfgerror | virifauthfail | virifrxbadpkt | virifstatechange | viriftxretransmit | virnbrstatechange ] * | standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system | vrrp [ authfailure | newmaster ] ]
undo snmp-agent trap enable [ acfp [ client | policy | rule | server ] | bfd | bgp | configuration | flash | ospf [ process-id ] [ ifauthfail | ifcfgerror | ifrxbadpkt | ifstatechange | iftxretransmit | lsdbapproachoverflow | lsdboverflow | maxagelsa | nbrstatechange | originatelsa | vifcfgerror | virifauthfail | virifrxbadpkt | virifstatechange | viriftxretransmit | virnbrstatechange ] * | standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system | vrrp [ authfailure | newmaster ] ]
View
System view
Default Level
3: Manage level
Parameters
acfp: Enables the sending of traps of the ACFP module.
l client: Enables the sending of ACFP client traps.
l policy: Enables the sending of ACFP policy traps.
l rule: Enables the sending of ACFP rule traps.
l server: Enables the sending of ACFP server traps.
bfd: Enables the sending of traps of the BFD module.
bgp: Enables the sending of traps of the BGP module.
configuration: Enables the sending of configuration traps.
flash: Enables the sending of FLASH-related traps.
ospf: Enables the sending of traps of the OSPF module.
l process-id: OSPF process ID, in the range 1 to 65535.
l ifauthfail: Traps for interface authentication failure.
l ifcfgerror: Traps for interface configuration error.
l ifrxbadpkt: Traps for receiving incorrect packets.
l ifstatechange: Traps for interface state change.
l iftxretransmit: Traps for the interface to receive and forward packets.
l lsdbapproachoverflow: Traps for LSDB to be overflowed.
l lsdboverflow: Traps for LSDB overflow.
l maxagelsa: Traps for LSA max age.
l nbrstatechange: Traps for neighbor state change.
l originatelsa: Traps for local LSA generation.
l vifcfgerror: Traps for virtual interface configuration error.
l virifauthfail: Traps for virtual interface authentication failure.
l virifrxbadpkt: Traps for virtual interface receiving error packets.
l virifstatechange: Traps for virtual interface state changes.
l viriftxretransmit: Traps for virtual interface receiving and forwarding packets.
l virnbrstatechange: Traps for neighbor state change of the virtual interface.
standard: Standard traps.
l authentication: Enables the sending of authentication failure traps in the event of authentication failure.
l coldstart: Sends coldstart traps when the device restarts.
l linkdown: Sends linkdown traps when the port is in a linkdown status. It should be configured globally.
l linkup: Sends linkup traps when the port is in a linkup status. It should be configured globally.
l warmstart: Sends warmstart traps when the SNMP restarts.
system: Sends H3C-SYS-MAN-MIB (a private MIB) traps.
vrrp: Traps of the VRRP module.
l authfailure: Traps for VRRP authentication failure.
l newmaster: Enables the sending of VRRP newmaster traps when the device becomes the master.
Description
Use the snmp-agent trap enable command to enable the trap function globally.
Use the undo snmp-agent trap enable command to disable the trap function globally.
By default, the trap function is enabled.
A module can generate corresponding traps only when the trap function is enabled.
Note that:
To enable an interface to generate Linkup/Linkdown traps when its state changes, enable the linkUp/linkDown trap function on the interface and globally. To enable this function on an interface, use the enable snmp trap updown command. To enable this function globally, use the snmp-agent trap enable [ standard [ linkdown | linkup ] * ] command.
Related commands: snmp-agent target-host, enable snmp trap updown.
Examples
# Enable the device to send SNMP authentication failure packets to 10.1.1.1, using the community name public.
<Sysname> system-view
[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public
[Sysname] snmp-agent trap enable standard authentication
Syntax
snmp-agent trap if-mib link extended
undo snmp-agent trap if-mib link extended
View
System view
Default Level
3: Manage level
Parameters
None
Description
Use the snmp-agent trap if-mib link extended command to extend the standard linkUp/linkDown traps defined in RFC. An extended linkUp/linkDown trap is the standard linkUp/linkDown trap defined in RFC appended with the interface description and interface type information.
Use the undo snmp-agent trap if-mib link extended command to restore the default.
By default, standard linkUp/linkDown traps defined in RFC are used.
l A standard linkUp trap is in the following format:
#Apr 24 11:48:04:896 2008 Sysname IFNET/4/INTERFACE UPDOWN:
Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: Interface 983555 is Up, ifAdminStatus is 1, ifOperStatus is 1
l An extended linkUp trap is in the following format:
#Apr 24 11:43:09:896 2008 Sysname IFNET/4/INTERFACE UPDOWN:
Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: Interface 983555 is Up, ifAdminStatus is 1, ifOperStatus is 1, ifDescr is GigabitEthernet1/0/1, ifType is 6
l A standard linkDown trap is in the following format:
#Apr 24 11:47:35:224 2008 Sysname IFNET/4/INTERFACE UPDOWN:
Trap 1.3.6.1.6.3.1.1.5.3<linkDown>: Interface 983555 is Down, ifAdminStatus is 2, ifOperStatus is 2
l An extended linkDown trap is in the following format:
#Apr 24 11:42:54:314 2008 AR29.46 IFNET/4/INTERFACE UPDOWN:
Trap 1.3.6.1.6.3.1.1.5.3<linkDown>: Interface 983555 is Down, ifAdminStatus is 2, ifOperStatus is 2, ifDescr is GigabitEthernet1/0/1, ifType is 6
The format of an extended linkup/ linkDown trap is the standard format followed with the ifDescr and ifType information, facilitating problem location.
Note that the device sends extended linkUp/linkDown traps when this command is configured. If the extended messages are not supported on NMS, the device may not be able to resolve the messages.
Examples
# Extend standard linkUp/linkDown traps defined in RFC.
[Sysname] snmp-agent trap if-mib link extended
Syntax
snmp-agent trap life seconds
undo snmp-agent trap life
View
System view
Default Level
3: Manage level
Parameters
seconds: Timeout time, in the range 1 to 2,592,000 seconds.
Description
Use the snmp-agent trap life command to configure the holding time of the traps in the queue. Traps are discarded when the holding time expires.
Use the undo snmp-agent trap life command to restore the default holding time of traps in the queue.
By default, the holding time of SNMP traps in the queue is 120 seconds.
The SNMP module sends traps in queues. As soon as the traps are saved in the trap queue, a timer is started. If traps are not sent out until the timer times out, which means the holding time configured by using this command expires, the system removes the traps from the trap sending queue.
Related commands: snmp-agent trap enable, snmp-agent target-host.
Examples
# Configure the holding time of traps in the queue as 60 seconds.
<Sysname> system-view
[Sysname] snmp-agent trap life 60
Syntax
snmp-agent trap queue-size size
undo snmp-agent trap queue-size
View
System view
Default Level
3: Manage level
Parameters
size: Number of traps that can be stored in the trap sending queue, in the range 1 to 1,000.
Description
Use the snmp-agent trap queue-size command to set the size of the trap sending queue.
Use the undo snmp-agent trap queue-size command to restore the default queue size.
By default, up to 100 traps can be stored in the trap sending queue.
When generated, traps are saved into the trap sending queue. The size of the queue determines the maximum number of the traps that can be stored in the queue. When the size of the trap sending queue reaches the configured value, the newly generated traps are saved into the queue, and the earliest ones are discarded.
Related commands: snmp-agent trap enable, snmp-agent target-host, snmp-agent trap life.
Examples
# Set the maximum number of traps that can be stored in the trap sending queue to 200.
<Sysname> system-view
[Sysname] snmp-agent trap queue-size 200
Syntax
snmp-agent trap source interface-type interface-number
undo snmp-agent trap source
View
System view
Default Level
3: Manage level
Parameters
interface-type interface-number: Specifies the interface type and interface number.
Description
Use the snmp-agent trap source command to specify the source IP address contained in the trap.
Use the undo snmp-agent trap source command to restore the default.
By default, SNMP uses the IP address of an interface as the source IP address of the trap.
Upon execution of this command, the system uses the primary IP address of the specified interface as the source IP address of the traps, and the NMS uses this IP address to uniquely identify the agent. Even if the agent sends out traps through different interfaces, the NMS uses this IP address to filter all traps sent from the agent.
Use this command to trace a specific event by the source IP address of a trap.
Note that:
Before configuring the IP address of a particular interface as the source IP address of the trap, ensure that the interface already exists and that it has a legal IP address. Otherwise, the configuration fails if the configured interface does not exist. If the specified IP address is illegal, the configuration becomes invalid. When a legal IP address is configured for the interface, the configuration automatically becomes valid.
Related commands: snmp-agent trap enable, snmp-agent target-host.
Examples
# Configure the IP address of VLAN-interface 1 as the source address for traps.
<Sysname> system-view
[Sysname] snmp-agent trap source Vlan-interface 1
Syntax
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
View
System view
Default Level
3: Manage level
Parameters
v1: The configured user name should be applied in the SNMPv1 networking environment. If the agent and the NMS use SNMPv1 packets to communicate with each other, this keyword is needed.
v2c: The configured user name should be applied in the SNMPv2c networking environment. If the agent and the NMS use SNMPv2c packets to communicate with each other, this keyword is needed.
user-name: User name, which is a case sensitive string of 1 to 32 characters.
group-name: Group name, which is a case sensitive string of 1 to 32 characters.
acl acl-number: Associates a basic ACL with the user. acl-number is in the range 2000 to 2999. By using a basic ACL, you can restrict the source IP address of SNMP packets. In other words, you can configure to allow or prohibit SNMP packets with a specific source IP address, so as to allow or prohibit the specified NMS to access the agent by using this user name.
Use the snmp-agent usm-user { v1 | v2c } command to add a user to an SNMP group.
Use the undo snmp-agent usm-user { v1 | v2c } command to delete a user from an SNMP group.
As defined in the SNMP protocol, in SNMPv1 and SNMPv2c networking applications, the NMS and the agent use community name to authenticate each other; in SNMPv3 networking applications, they use user name to authenticate each other. If you prefer using the user name in authentication, the device supports configuration of SNMPv1 and SNMPv2c users. Creating an SNMPv1 or SNMPv2c user equals adding a new read-only community name. When you add the user name into the read-only community name field of the NMS, the NMS can establish SNMP connection with the device.
To make the configured user take effect, create an SNMP group first.
Related commands: snmp-agent group, snmp-agent community, snmp-agent usm-user v3.
Examples
# Create a v2c user userv2c in group readCom.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent group v2c readCom
[Sysname] snmp-agent usm-user v2c userv2c readCom
l Set the SNMP version on the NMS to SNMPv2c
l Fill in the read community name userv2c, and then the NMS can access the agent
# Create a v2c user userv2c in group readCom, allowing only the NMS with the IP address of 1.1.1.1 to access the agent by using this user name; other NMSs are not allowed to access the agent by using this user name.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0
[Sysname-acl-basic-2001] rule deny source any
[Sysname-acl-basic-2001] quit
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent group v2c readCom
[Sysname] snmp-agent usm-user v2c userv2c readCom acl 2001
l Set the IP address of the NMS to 1.1.1.1
l Set the SNMP version on the NMS to SNMPv2c
l Fill in both the read community and write community options with userv2c, and then the NMS can access the agent.
Syntax
snmp-agent usm-user v3 user-name group-name [ cipher ] [ authentication-mode { md5 | sha } auth-password [ privacy-mode { 3des | aes128 | des56 } priv-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string }
View
System view
Default Level
3: Manage level
Parameters
user-name: User name, a case sensitive string of 1 to 32 characters.
group-name: Group name, a case sensitive string of 1 to 32 characters.
cipher: Specifies that auth-password and priv-password are cipher text passwords, which can be calculated by using the snmp-agent calculate-password command.
authentication-mode: Specifies the security model to be authentication. MD5 is faster than SHA, while SHA provides a higher security than MD5.
l md5: Specifies the authentication protocol as MD5.
l sha: Specifies the authentication protocol as SHA-1.
auth-password: Authentication password. If the cipher keyword is not specified, auth-password indicates a plain text password, which is a string of 1 to 64 visible characters. If the cipher keyword is specified, auth-password indicates a cipher text password. If the md5 keyword is specified, auth-password is a string of 32 hexadecimal characters. If the sha keyword is specified, auth-password is a string of 40 hexadecimal characters.
privacy-mode: Specifies the security model to be privacy. The three encryption algorithms AES, 3DES, and DES are in descending order in terms of security. Higher security means more complex implementation mechanism and lower speed. DES is enough to meet general requirements.
l 3des: Specifies the privacy protocol as 3DES.
l des56: Specifies the privacy protocol as DES.
l aes128: Specifies the privacy protocol as AES.
priv-password: The privacy password. If the cipher keyword is not specified, priv-password indicates a plain text password, which is a string of 1 to 64 characters; if the cipher keyword is specified, priv-password indicates a cipher text password; if the 3des keyword is specified, priv-password is a string of 80 hexadecimal characters; if the aes128 keyword is specified, priv-password is a string of 40 hexadecimal characters; if the des56 keyword is specified, priv-password is a string of 40 hexadecimal characters.
acl acl-number: Associates a basic ACL with the user. acl-number is in the range 2000 to 2999. By using a basic ACL, you can restrict the source IP address of SNMP packets. In other words, you can configure to allow or prohibit SNMP packets with a specific source IP address, so as to allow or prohibit the specified NMS to access the agent by using this user name.
local: Represents a local SNMP entity user.
engineid engineid-string: The engine ID string, an even number of hexadecimal characters, in the range 10 to 64. Its length must not be an odd number, and the all-zero and all-F strings are invalid.
Description
Use the snmp-agent usm-user v3 command to add a user to an SNMP group.
Use the undo snmp-agent usm-user v3 command to delete a user from an SNMP group.
The user name configured by using this command is applicable to the SNMPv3 networking environments. If the agent and the NMS use SNMPv3 packets to communicate with each other, create an SNMPv3 user.
Each SNMP user belongs to an SNMP group. Before creating a user, create an SNMP group first. Otherwise, the user can be created successfully but does not take effect. An SNMP group may contain multiple users. It defines SNMP objects that can be accessed by the group of users through the MIB view and specifies whether to enable authentication and privacy functions. The authentication and privacy protocols are defined when a user is created.
l If you specify the cipher keyword, the system considers the arguments auth-password and priv-password as cipher text passwords. In this case, the command supports copy and paste, meaning if the engine IDs of the two devices are the same, you can copy and paste the SNMPv3 configuration commands in the configuration file on device A to device B and execute the commands on device B. The cipher text password and plain text password on the two devices are the same.
l If you do not specify the cipher keyword, the system considers the arguments auth-password and priv-password as plain text passwords. In this case, if you perform the copy and paste operation, the system encrypts these two passwords, resulting in inconsistency of the cipher text and plain text passwords of the two devices.
Note that:
l If you use the snmp-agent usm-user v3 cipher command, the pri-password argument in this command can be obtained by the snmp-agent calculate-password command. To make the calculated cipher text password applicable to the snmp-agent usm-user v3 cipher command and have the same effect as that in the snmp-agent usm-user v3 cipher command, ensure that the same privacy protocol is specified for the two commands and the local engine ID specified in the snmp-agent usm-user v3 cipher command is consistent with the SNMP entity engine ID specified in the snmp-agent calculate-password command.
l If you execute this command repeatedly to configure the same user (in other words, the user names are the same, no limitation to other keywords and arguments), the last configuration takes effect.
l A plain text password is required when the NMS accesses the device; therefore, please remember the user name and the plain text password when you create a user.
Related commands: snmp-agent calculate-password, snmp-agent group, snmp-agent usm-user { v1 | v2c }.
Examples
# Add a user testUser to the SNMPv3 group testGroup. Configure the security model as authentication without privacy, the authentication protocol as MD5, the plain-text authentication password as authkey.
<Sysname> system-view
[Sysname] snmp-agent group v3 testGroup authentication
[Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey
l Set the SNMP version on the NMS to SNMPv3.
l Fill in the user name testUser.
l Set the authentication protocol to MD5.
l Set the authentication password to authkey.
l Establish a connection, and the NMS can access the MIB objects in the ViewDefault view on the device.
# Add a user testUser to the SNMPv3 group testGroup. Configure the security model as authentication and privacy, the authentication protocol as MD5, the privacy protocol as DES56, the plain-text authentication password as authkey, and the plain-text privacy password as prikey.
<Sysname> system-view
[Sysname] snmp-agent group v3 testGroup privacy
[Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey privacy-mode des56 prikey
l Set the SNMP version on the NMS to SNMPv3.
l Fill in the user name testUser.
l Set the authentication protocol to MD5.
l Set the authentication password to authkey.
l Set the privacy protocol to DES.
l Set the privacy password to prikey.
l Establish a connection, and the NMS can access the MIB objects in the ViewDefault view on the device.
# Add a user testUser to the SNMPv3 group testGroup with the cipher keyword specified. Configure the security model as authentication and privacy, the authentication protocol as MD5, the privacy protocol as DES56, the plain-text authentication password as authkey, and the plain-text privacy password as prikey
<Sysname> system-view
[Sysname] snmp-agent group v3 testGroup privacy
[Sysname] snmp-agent calculate-password authkey mode md5 local-engineid
The secret key is: 09659EC5A9AE91BA189E5845E1DDE0CC
[Sysname] snmp-agent calculate-password prikey mode md5 local-engineid
The secret key is: 800D7F26E786C4BECE61BF01E0A22705
[Sysname] snmp-agent usm-user v3 testUser testGroup cipher authentication-mode md5 09659EC5A9AE91BA189E5845E1DDE0CC privacy-mode des56 800D7F26E786C4BECE61BF01E0A22705
l Set the SNMP version on the NMS to SNMPv3.
l Fill in the user name testUser.
l Set the authentication protocol to MD5.
l Set the authentication password to authkey.
l Set the privacy protocol to DES.
l Set the privacy password to prikey.
l Establish a connection, and the NMS can access the MIB objects in the ViewDefault view on the device
