Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-SNMP Configuration | 160.03 KB |
Configuring basic SNMP settings
Configuring basic SNMPv3 settings
Configuring basic SNMPv1 or SNMPv2c settings
Configuring trap sending parameters
Displaying and maintaining SNMP
SNMPv1/SNMPv2c configuration example
SNMP logging configuration example
Displaying and maintaining MIB
This chapter includes these sections:
· Configuring basic SNMP settings
· Displaying and maintaining SNMP
|
|
NOTE: · The term "switch" or "device" in this chapter refers to the switching engine on a WX3000E wireless switch. · The WX3000E series comprises WX3024E and WX3010E wireless switches. · The port numbers in this chapter are for illustration only. |
SNMP overview
The Simple Network Management Protocol (SNMP) is an Internet standard protocol widely used for a management station to access and operate the devices on a network, regardless of their vendors, physical characteristics and interconnect technologies.
SNMP enables network administrators to read and set the variables on managed devices for state monitoring, troubleshooting, statistics collection, and other management purposes.
SNMP mechanism
The SNMP framework comprises the following elements:
· SNMP manager—works on a network management workstation (NMS) to monitor and manage the SNMP-capable devices in the network.
· SNMP agent—works on a managed device to receive and handle requests from the NMS, and send traps to the NMS when some events, such as interface state change, occur.
· Management Information Base (MIB)—Specifies the variables (for example, interface status and CPU usage) maintained by the SNMP agent for the SNMP manager to read and set.
Figure 1 Relationship between an NMS, agent and MIB
A MIB stores variables called “nodes” or “objects” in a tree hierarchy and identifies each node with a unique OID. An OID is a string of numbers that describes the path from the root node to a leaf node. For example, the object B in Figure 2 is uniquely identified by the OID {1.2.1.1}.
SNMP provides the following basic operations:
· Get—The NMS retrieves SNMP object nodes in an agent MIB.
· Set—The NMS modifies the value of an object node in the agent MIB.
· Trap—The SNMP agent sends traps to report events to the NMS.
· Inform—The NMS sends alarms to other NMSs.
SNMP protocol versions
H3C supports SNMPv1, SNMPv2c, and SNMPv3.
· SNMPv1 uses community names for authentication. To access an SNMP agent, an NMS must use the same community name as set on the SNMP agent. If the community name used by the NMS is different from the community name set on the agent, the NMS cannot establish an SNMP session to access the agent or receive traps and notifications from the agent.
· SNMPv2c also uses community names for authentication. SNMPv2c is compatible with SNMPv1, but supports more operation modes, data types, and error codes.
· SNMPv3 uses a user-based security model (USM) to secure SNMP communication. You can configure authentication and privacy mechanisms to authenticate and encrypt SNMP packets for integrity, authenticity, and confidentiality.
|
|
IMPORTANT: An NMS and an SNMP agent must use the same SNMP version to communicate with each other. |
Configuring basic SNMP settings
SNMPv3 differs from SNMPv1 and SNMPv2c in many aspects. Their configuration procedures are described in separate sections.
Configuring basic SNMPv3 settings
Follow these steps to configure basic SNMPv3 settings:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the SNMP agent |
snmp-agent |
Optional Disabled by default. You can also enable the SNMP agent by using any command that begins with snmp-agent except the snmp-agent calculate-password command. |
|
Configure system information for the SNMP agent |
snmp-agent sys-info { contact sys-contact | location sys-location | version { all | { v1 | v2c | v3 }* } } |
Optional By default, the contact is Hangzhou H3C Tech. Co.,Ltd., the physical location is Hangzhou, China, and the protocol version is SNMPv3. |
|
Configure the local engine ID |
snmp-agent local-engineid engineid |
Optional The default local engine ID is the company ID plus the device ID. |
|
Create or update a MIB view |
snmp-agent mib-view { excluded | included } view-name oid-tree [ mask mask-value ] |
Optional By default, the MIB view ViewDefault is predefined and its OID is 1. |
|
Configure an SNMPv3 group |
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ] |
Required |
|
Convert a plain text key to an encrypted key |
snmp-agent calculate-password plain-password mode { 3desmd5 | 3dessha | md5 | sha } { local-engineid | specified-engineid engineid } |
Optional |
|
Add a user to the SNMPv3 group |
snmp-agent usm-user v3 user-name group-name [ [ cipher ] authentication-mode { md5 | sha } auth-password [ privacy-mode { 3des | aes128 | des56 } priv-password ] ] [ acl acl-number ] |
Required If the cipher keyword is specified, the arguments auth-password and priv-password are considered as encrypted keys. |
|
Configure the maximum size (in bytes) of SNMP packets for the SNMP agent |
snmp-agent packet max-size byte-count |
Optional By default, the SNMP agent can receive and send the SNMP packets up to 1,500 bytes. |
|
|
CAUTION: After you change the local engine ID, the existing SNMPv3 users become invalid, and you must re-create the SNMPv3 users. |
|
|
NOTE: Each view-name oid-tree pair represents a view record. If you specify the same record with different MIB subtree masks multiple times, the last configuration takes effect. Except the four subtrees in the default MIB view, you can create up to 16 unique MIB view records. |
Configuring basic SNMPv1 or SNMPv2c settings
Follow these steps to configure basic SNMPv1 or SNMPv2c settings:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the SNMP agent |
snmp-agent |
Optional Disabled by default You can also enable the SNMP agent by using any command that begins with snmp-agent except the snmp-agent calculate-password command. |
|
Configure system information for the SNMP agent |
snmp-agent sys-info { contact sys-contact | location sys-location | version { { v1 | v2c | v3 }* | all } } |
Required By default, the contact is Hangzhou H3C Tech. Co.,Ltd., the physical location is Hangzhou, China, and the protocol version is SNMPv3. |
|
Configure the local engine ID |
snmp-agent local-engineid engineid |
Optional The default local engine ID is the company ID plus the device ID. |
|
Create or update a MIB view |
snmp-agent mib-view { excluded | included } view-name oid-tree [ mask mask-value ] |
Optional By default, the MIB view ViewDefault is predefined and its OID is 1. |
|
Configure SNMP access right |
Approach 1: Create an SNMP community snmp-agent community { read | write } community-name [ acl acl-number | mib-view view-name ]* Approach 2: Create an SNMP group, and add a user to the SNMP group 1. snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ] 2. snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ] |
Required Use either approach. By default, no SNMP group exists. In approach 2, the username is equivalent to the community name in approach 1, and must be the same as the community name configured on the NMS. |
|
Configure the maximum size (in bytes) of SNMP packets for the SNMP agent |
snmp-agent packet max-size byte-count |
Optional By default, the SNMP agent can receive and send the SNMP packets up to 1,500 bytes. |
|
|
NOTE: Each view-name oid-tree pair represents a view record. If you specify the same record with different MIB subtree masks multiple times, the last configuration takes effect. Except the four subtrees in the default MIB view, you can create up to 16 unique MIB view records. |
Configuring SNMP logging
Introduction to SNMP logging
The SNMP agent logs Get requests, Set requests and Set responses, but does not log Get responses.
· For a GET operation, the agent logs the IP address of the NMS, name of the accessed node, and OID of the node.
· For a SET operation, the agent logs the IP address of the NMS, name of the accessed node, OID of the node, the assigned value and the error code and error index of the SET response.
The SNMP module sends these logs to the information center as informational messages. You can output these messages to certain destinations, for example, the console and the log buffer by configuring the information center to output informational messages to these destinations. For more information about the information center, see the chapter “Information center configuration.”
Enabling SNMP logging
Follow these steps to configure SNMP logging:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable SNMP logging |
snmp-agent log { all | get-operation | set-operation } |
Required Disabled by default. |
|
Configure SNMP log output rules |
info-center source { module-name | default } channel { channel-number | channel-name } [ debug { level severity | state state } * | log { level severity | state state } * | trap { level severity | state state } * ] * |
Optional By default, SNMP logs are output only to loghost and logfile. You can use this command to specify other SNMP log destinations such as the console or a monitor terminal. |
|
|
NOTE: · Disable SNMP logging in normal cases to prevent a large amount of SNMP logs from decreasing device performance. · The total output size for the node field (MIB node name) and the value field (value of the MIB node) in each log entry is 1024 bytes. If this limit is exceeded, the information center truncates the data in the fields. |
Configuring SNMP traps
Introduction to SNMP traps
The SNMP agent sends traps to inform the NMS of critical and important events such as a reboot.
Traps fall into generic traps and vendor-specific traps. Available generic traps include authentication, coldstart, linkdown, linkup and warmstart. All other traps are vendor-defined.
SNMP traps generated by a module are sent to the information center. The information center disables sending traps to the logbuffer and by default uses the following output destinations for SNMP traps:
· Console, monitor terminal (monitor), loghost, and logfile for all traps of all modules
· Trapbuffer and SNMP module (snmpagent) for warning and more severe traps of all modules
You can configure the information center to enable or disable outputting the traps from a module by their severity and set output destinations. For more information about the information center, see the chapter “Information center configuration.”
Enabling SNMP traps
Enable SNMP traps only when necessary. SNMP traps are memory-intensive and may affect device performance.
Follow these steps to enable traps:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable traps globally |
snmp-agent trap enable [configuration | standard [ authentication | coldstart | linkdown | linkup | warmstart ] * | system ] |
Optional By default, all traps are enabled. |
|
|
NOTE: After you enable a trap function for a module, whether the module generates traps also depends on the configuration of the module. For more information, see the configuration guide for each module. |
Configuring trap sending parameters
Configuration prerequisites
· Complete the basic SNMP settings and check that they are the same as on the NMS. If SNMPv1 or SNMPv2 is used, you must configure a community name. If SNMPv3 is used, you must configure an SNMPv3 user and MIB view.
· The device and the NMS can reach other.
Configuration procedure
The SNMP module buffers the traps received from a module in a trap queue. You can set the size of the queue, the duration that the queue holds a trap, and trap target (destination) hosts, typically the NMS.
Follow these steps to configure trap sending parameters:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure a target host |
snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ] |
Required if the trap destination is a host. The ip-address argument must be the IP address of the host. |
|
Configure the source address for traps |
snmp-agent trap source interface-type interface-number |
Optional |
|
Extend the standard linkUp/linkDown traps |
snmp-agent trap if-mib link extended |
Optional Standard linkUp/linkDown traps are used by default. |
|
Configure the trap queue size |
snmp-agent trap queue-size size |
Optional The default trap queue size is 100. |
|
Configure the trap holding time |
snmp-agent trap life seconds |
Optional 120 seconds by default. |
|
|
NOTE: · Extended linkUp/linkDown traps add interface description and interface type to standard linkUp/linkDown traps. If the NMS does not support extended SNMP messages, use standard linkUp/linkDown traps. · When the trap queue is full, the oldest traps are automatically deleted for new traps. · A trap is deleted when its holding time expires. |
Displaying and maintaining SNMP
|
To do… |
Use the command… |
Remarks |
|
Display SNMP agent system information, including the contact, physical location, and SNMP version |
display snmp-agent sys-info [ contact | location | version ]* [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display SNMP agent statistics |
display snmp-agent statistics [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display the local engine ID |
display snmp-agent local-engineid [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display SNMP group information |
display snmp-agent group [ group-name ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display basic information about the trap queue |
display snmp-agent trap queue [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display the modules that can send traps and their trap status (enable or disable) |
display snmp-agent trap-list [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display SNMPv3 user information |
display snmp-agent usm-user [ engineid engineid | username user-name | group group-name ] * [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display SNMPv1 or SNMPv2c community information |
display snmp-agent community [ read | write ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display MIB view information |
display snmp-agent mib-view [ exclude | include | viewname view-name ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
SNMP configuration examples
SNMPv1/SNMPv2c configuration example
Network requirements
As shown in Figure 3, the NMS (1.1.1.2/24) uses SNMPv1 or SNMPv2c to manage the SNMP agent (1.1.1.1/24), and the agent automatically sends traps to report events to the NMS.
Figure 3 Network diagram for SNMPv1/v2c
Configuration procedure
1. Configure the SNMP agent
# Configure the IP address of the agent and make sure that the agent and the NMS can reach each other. (Details not shown)
# Specify SNMPv1 and SNMPv2c, create a read-only community public, and a read and write community private.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v1 v2c
[Sysname] snmp-agent community read public
[Sysname] snmp-agent community write private
# Configure contact and physical location information for the agent.
[Sysname] snmp-agent sys-info contact Mr.Wang-Tel:3306
[Sysname] snmp-agent sys-info location telephone-closet,3rd-floor
# Enable SNMP traps, set the NMS at 1.1.1.2/24 as an SNMP trap destination, and use public as the community name. (To ensure that the NMS can receive traps, specify the same SNMP version in the snmp-agent target-host command as on the NMS.)
[Sysname] snmp-agent trap enable
[Sysname] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname public v1
2. Configure the SNMP NMS
Specify the read only community, the read and write community, the timeout time, and the number of retries.
|
|
NOTE: The SNMP settings on the agent and the NMS must match. |
3. Verify the configuration
· Check that the NMS and the agent can set up SNMP sessions, and the NMS can query and set MIB variables on the agent.
· Execute the shutdown and undo shutdown commands on an idle interface on the agent, and check that the NMS can receive linkUp and linkDown traps.
SNMPv3 configuration example
Network requirements
As shown in Figure 4, the NMS (1.1.1.2/24) uses SNMPv3 to monitor and manage the interface status of the agent (.1.1.1/24). The agent automatically sends traps to report events to the NMS, and the NMS uses UDP port 5000 for SNMP traps.
The NMS and the agent perform authentication when they set up an SNMP session. The authentication algorithm is MD5 and the authentication key is authkey. The NMS and the agent also encrypt the SNMP packets between them by using the DES algorithm and the privacy key prikey.
Figure 4 Network diagram for SNMPv3
Configuration procedure
1. Configure the agent
# Configure the IP address of the agent and make sure that the agent and the NMS can reach each other. (Details not shown)
# Assign the NMS (username managev3user) read and write access to the objects under the interfaces node (OID 1.3.6.1.2.1.2), and deny its access to any other MIB object. Set the authentication algorithm to MD5, authentication key to authkey, the encryption algorithm to DES56, and the privacy key to prikey.
<Sysname> system-view
[Sysname] undo snmp-agent mib-view ViewDefault
[Sysname] snmp-agent mib-view included test interfaces
[Sysname] snmp-agent group v3 managev3group read-view test write-view test
[Sysname] snmp-agent usm-user v3 managev3user managev3group authentication-mode md5 authkey privacy-mode des56 prikey
# Configure contact and physical location information for the device.
[Sysname] snmp-agent sys-info contact Mr.Wang-Tel:3306
[Sysname] snmp-agent sys-info location telephone-closet,3rd-floor
# Enable traps, specify the NMS at 1.1.1.2/24 as a trap destination, and set the username to managev3user for the traps.
[Sysname] snmp-agent trap enable
[Sysname] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname managev3user v3 privacy
2. Configure the SNMP NMS
· Specify SNMPv3.
· Create the SNMPv3 user managev3user.
· Enable both authentication and privacy functions
· Use MD5 for authentication and DES for encryption.
· Set the authentication key to authenkey and the privacy key to prikey.
· Set the timeout time and maximum number of retries.
For information about configuring the NMS, see the manual for the NMS.
|
|
NOTE: The SNMP settings on the agent and the NMS must match. |
3. Verify the configuration
· Check that the NMS and the agent can set up SNMP sessions, and the NMS can query and set MIB variables on the agent.
· Execute the shutdown and undo shutdown commands on an idle interface on the agent, and check that the NMS can receive linkUp and linkDown traps.
SNMP logging configuration example
Network requirements
An SNMP agent (1.1.1.1/24) connects to an NMS (1.1.1.2/24) over Ethernet, as shown in Figure 5.
Configure the agent to log the SNMP operations performed by the NMS.
Figure 5 Network diagram for SNMP logging
Configuration procedure
|
|
NOTE: This configuration example assumes that you have configured all required SNMP settings for the NMS and the agent (see “SNMPv1/SNMPv2c configuration example” and “SNMPv3 configuration example”). |
# Enable displaying log messages on the configuration terminal. (This function is enabled by default. Skip this step if you are using the default.)
<Sysname> terminal monitor
<Sysname> terminal logging
# Enable the information center to output the system events of the informational or higher severity to the console port.
<Sysname> system-view
[Sysname] info-center source snmp channel console log level informational
# Enable logging GET and SET operations.
[Sysname] snmp-agent log get-operation
[Sysname] snmp-agent log set-operation
# Verify the configuration.
· Use the NMS to get a MIB variable from the agent. The following is a sample log message displayed on the configuration terminal:
%Jan 1 02:49:40:566 2006 Sysname SNMP/6/GET:
seqNO = <10> srcIP = <1.1.1.2> op = <get> node = <sysName(1.3.6.1.2.1.1.5.0)> value=<>
· Use the NMS to set a MIB variable on the agent. The following is a sample log message displayed on the configuration terminal:
%Jan 1 02:59:42:576 2006 Sysname SNMP/6/SET:
seqNO = <11> srcIP = <1.1.1.2> op = <set> errorIndex = <0> errorStatus =<noError> node = <sysName(1.3.6.1.2.1.1.5.0)> value = <Sysname>
Table 1 Description of SNMP log message fields
|
Field |
Description |
|
Jan 1 02:49:40:566 2006 |
Time when the SNMP log was generated. |
|
seqNO |
Serial number automatically assigned to the SNMP log, starting from 0. |
|
srcIP |
IP address of the NMS. |
|
op |
SNMP operation type (GET or SET). |
|
node |
MIB node name and OID of the node instance. |
|
erroIndex |
Error index, with 0 meaning no error. |
|
errorstatus |
Error status, with noError meaning no error. |
|
value |
Value set by the SET operation (this field is null for a GET operation). If the value is a character string that has characters beyond the ASCII range 0 to 127 or invisible characters, the string is displayed in hexadecimal format, for example, value = <81-43>[hex]. |
|
|
NOTE: The information center can output system event messages to several destinations, including the terminal and the log buffer. In this example, SNMP log messages are output to the terminal. To configure other message destinations, see the chapter “Information center configuration.” |
This chapter includes these sections:
· Overview
· Displaying and maintaining MIB
|
|
NOTE: · The term "switch" or "device" in this chapter refers to the switching engine on a WX3000E wireless switch. · The WX3000E series comprises WX3024E and WX3010E wireless switches. · The port numbers in this chapter are for illustration only. |
Overview
MIBs fall into public MIBs and private MIBs. A private MIB is attached to a sub-node under the enterprises MIB node (1.3.6.1.4.1). The H3C private MIB has two styles: the H3C compatible MIB style and the H3C new MIB style:
· In the H3C compatible MIB style, the device public MIB is under the H3C’s enterprise ID 25506, and the private MIB is under the enterprise ID 2011.
· In the H3C new MIB style, both the device public MIB and the private MIB are under the H3C’s enterprise ID 25506.
These two styles of MIBs implement the same management function. Your device comes with a MIB loaded but the MIB style depends on the device model. You can change the MIB style as needed, but must make sure that the device is using the same MIB style as the NMS.
Setting the MIB style
Follow these steps to set the MIB style:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Set the MIB style |
mib-style [ new | compatible ] |
Optional new by default. |
|
|
NOTE: After changing the MIB style, reboot the device to validate the change. |
Displaying and maintaining MIB
|
To do… |
Use the command… |
Remarks |
|
Display the MIB style |
display mib-style [ | { begin | exclude | include } regular-expression ] |
Available in any view |
