SNMP Quick Start Configuration Guide

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The information in this document is subject to change without notice.

Contents

Configuring SNMPv1/v2c· 1

Introduction· 1

Network configuration· 1

Restrictions and guidelines· 1

Procedure· 1

Verifying the configuration· 3

Configuration files· 3

Related documentation· 3

Configuring SNMPv3· 4

Introduction· 4

Network configuration· 4

Restrictions and guidelines· 4

Procedure· 5

Configuring the device· 5

Configuring the IMC server 6

Verifying the configuration· 7

Configuration files· 8

Related documentation· 8

 

Configuring SNMPv1/v2c

Introduction

The following information uses an example to describe the basic SNMPv1/v2c configuration procedure.

Network configuration

As shown in Figure 1, configure the device (agent) and IMC server (NMS) to meet the following requirements:

·     Enable the IMC server to monitor and manage the device through SNMPv1/SNMPv2c as an NMS.

·     Enable the device to automatically send notifications to report events to the NMS as an agent.

Figure 1 Network diagram

 

Restrictions and guidelines

·     The configuration procedure is the same for SNMPv1 and SNMPv2c. SNMPv2c is configured in this example.

·     Configure the same SNMP version and community string on the device and the NMS so that the NMS can monitor and manage the device.

·     The NMS configuration method varies by vendor. For information about configuring the NMS, see the manual for the NMS. This example uses the IMC PLAT 7.0 (E0202) NMS.

Procedure

Configuring the device

# Assign an IP address to VLAN-interface 2.

<Agent> system-view

[Agent] interface Vlan-interface 2

[Agent-Vlan-interface 2] ip address 192.168.100.68 24

[Agent-Vlan-interface 2] quit

# Specify SNMPv2c, and create read-only community string readtest and read-write community string writetest.

[Agent] snmp-agent sys-info version v2c

[Agent] snmp-agent community read readtest

[Agent] snmp-agent community write writetest

# Configure contact and physical location information for the device.

[Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306

[Agent] snmp-agent sys-info location telephone-closet,3rd-floor

# Enable the device to send SNMP notifications to the NMS (IMC server) at 192.168.100.4 by using community string readtest.

[Agent] snmp-agent trap enable

[Agent] snmp-agent target-host trap address udp-domain 192.168.100.4 params securityname readtest v2c

Configuring the IMC server

1.     Log in to the IMC server.

2.     Add the device to the IMC server:

a.     Click the Resource tab.

b.     From the navigation tree, select Add Device.

c.     Configure the following parameters on the page that opens:

-     Enter the host name or IP address of the device in the Host Name/IP field.

-     Use the default values for other parameters.

d.     Click Configure in the SNMP Settings area.

Figure 2 Adding the device

 

3.     Edit SNMP parameters:

a.     Select the SNMPv2c parameter type.

b.     Set the read-only community string to readtest.

c.     Set the read-write community string to writetest.

d.     Use the default values for other parameters.

e.     Click OK.

Figure 3 Configuring SNMP parameters

 

4.     On the Add Device page, click OK. If the configuration succeeds, IMC returns a message as shown in Figure 4. Then you can monitor and manage the device from the IMC server.

Figure 4 Device adding success message

 

Verifying the configuration

Verify that the device sends notifications to the NMS when the state of an interface changes:

1.     Execute the shutdown or undo shutdown command on an idle interface to shut down or bring up the interface.

2.     Navigate to the Alarm > Alarm Browse > All Alarms page on the IMC server to identify whether a notification about the interface state change exists.

Configuration files

#

 snmp-agent  

 snmp-agent community write writetest

 snmp-agent community read readtest

 snmp-agent sys-info contact Mr.Wang-Tel:3306

 snmp-agent sys-info location telephone-closet,3rd-floor

 snmp-agent sys-info version v2c

 snmp-agent trap enable arp

 snmp-agent trap enable syslog

 snmp-agent target-host trap address udp-domain 192.168.100.4 params securityname readtest v2c

#

Related documentation

·     SNMP configuration in the network management and monitoring configuration guide for the device.

·     SNMP commands in the network management and monitoring command reference for the device.

Configuring SNMPv3

Introduction

The following information uses an example to describe the basic SNMPv3 configuration procedure.

Network configuration

As shown in Figure 5, configure the device (agent) and IMC server (NMS) to meet the following requirements:

·     Enable the IMC server to monitor and manage the device through SNMPv3 as an NMS.

·     Enable the device to send notifications to report events to the NMS as an agent.

·     Ensure secure communication between the NMS and device.

Figure 5 Network diagram

 

Restrictions and guidelines

·     SNMPv3 supports view-based access control (VACM) and role-based access control (RBAC) models. This example provides the SNMPv3 configuration procedure in both access control models.

·     Configure the same SNMP version and community string on the NMS and device to make sure the NMS can monitor and manage the device.

·     The NMS configuration method varies by vendor. For information about configuring the NMS, see the manual for the NMS. This example uses the IMC PLAT 7.0 (E0202) NMS.

·     The security name used for the NMS to receive SNMPv3 notifications must be an existing SNMPv3 username.

·     The NMS and agent must use the same security model.

·     The SNMPv3 authentication and encryption passwords are saved to the configuration file in encrypted form. An encrypted-form password is calculated from the plaintext-form password and the local engine ID. To configure the same authentication and encryption passwords for two devices, configure plaintext-form passwords manually on the two devices. Do not copy the encrypted-from passwords in the configuration file from one device to another. If you do so, you will get different plaintext-form passwords on the two devices because the two devices use different local engine IDs.

Procedure

Configuring the device

Configuring SNMPv3 settings in RBAC model

# Assign an IP address to VLAN-interface 2.

<Agent> system-view

[Agent] interface Vlan-interface2

[Agent-Vlan-interface2] ip address 192.168.100.68 24

[Agent-Vlan-interface2] quit

# Enable SNMPv3.

[Agent] snmp-agent sys-info version v3

# Create user role test, and assign test read and write access to the objects of the internet subtree (OID: 1.3.6.1).

[Agent] role name test

[Agent-role-test] rule 1 permit read write oid 1.3.6.1

[Agent-role-test] quit

# Create SNMPv3 user managev3user. Assign user role test to managev3user. Set the authentication algorithm to sha, authentication key to 123456TESTauth&!, encryption algorithm to aes128, and encryption key to 123456TESTencr&! for the user.

[Agent] snmp-agent usm-user v3 managev3user user-role test simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!

# Configure contact and physical location information for the device.

[Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306

[Agent] snmp-agent sys-info location telephone-closet,3rd-floor

# Enable SNMP notifications.

[Agent] snmp-agent trap enable

# Specify the NMS at 192.168.100.4 as the notifications target host and set the security name to managev3user.

[Agent] snmp-agent target-host trap address udp-domain 192.168.100.4 params securityname managev3user v3 privacy

Configuring SNMPv3 settings in VACM model

# Assign an IP address to VLAN-interface 2.

<Agent> system-view

[Agent] interface Vlan-interface2

[Agent-Vlan-interface2] ip address 192.168.100.68 24

[Agent-Vlan-interface2] quit

# Enable SNMPv3.

<Agent> system-view

[Agent] snmp-agent sys-info version v3

# Create a MIB view named midtest to contain all objects in the internet subtree (OID 1.3.6.1).

[Agent] snmp-agent mib-view included mibtest 1.3.6.1

# Create SNMPv3 group managev3group, and specify the authentication with privacy security model for the group. Assign the group read, write, and notification accesses to the mibtest view.

[Agent] snmp-agent group v3 managev3group privacy read-view mibtest write-view mibtest notify-view mibtest

# Add user managev3user to SNMPv3 group managev3group, and set the authentication algorithm to sha, authentication key to 123456TESTauth&!, encryption algorithm to aes128, and encryption key to 123456TESTencr&! for the user.

[Agent] snmp-agent usm-user v3 managev3user managev3group simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!

# Configure contact and physical location information for the device.

[Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306

[Agent] snmp-agent sys-info location telephone-closet,3rd-floor

# Enable SNMP notifications.

[Agent] snmp-agent trap enable

# Specify the NMS at 192.168.100.4 as the notifications target host and set the security name to managev3user.

[Agent] snmp-agent target-host trap address udp-domain 192.168.100.4 params securityname managev3user v3 privacy

Configuring the IMC server

1.     Add an SNMP template:

a.     Click the System tab.

b.     From the navigation tree, select Resource Management > SNMP Template.

c.     On the SNMP Template page, click Add.

d.     On the Add SNMP Template page, configure the following parameters:

-     Set the SNMP template name to SNMPv3.

-     Select the SNMPv3 Priv-Aes128 Auth-Sha parameter type.

-     Set the username to managev3user.

-     Set the authentication password to 123456TESTauth&! in plaintext form.

-     Set the encryption password to 123456TESTencr&! in plaintext form.

-     Use the default values for other parameters.

-     Click OK.

Figure 6 Adding an SNMP template

 

2.     Add the device:

a.     Click the Resource tab.

b.     From the navigation tree, select Resource Management > Add Device.

c.     On the Add Device page, configure the following parameters:

-     Enter the IP address or host name of the device in the Host Name/IP field.

-     Use the default values for other parameters.

d.     Click Configure in the SNMP Settings area.

Figure 7 Adding the device

 

3.     Edit SNMP parameters:

a.     Select the Select an Existing Template option.

b.     Select the SNMP template named SNMPv3.

c.     Click OK.

Figure 8 Selecting SNMP parameters

 

4.     On the Add Device page, click OK. If the configuration succeeds, IMC returns a message as shown in Figure 9. Then you can monitor and manage the device from the IMC server.

Figure 9 Device added

 

Verifying the configuration

Verify that the device sends notifications to the NMS when the state of an interface changes:

1.     Execute the shutdown or undo shutdown command on an idle interface to shut down or bring up the interface.

2.     Navigate to the Alarm > Alarm Browse > All Alarms page on the IMC server to identify whether a notification about the interface state change exists..

Configuration files

·     SNMPv3 settings in RBAC model

#

 snmp-agent

 snmp-agent sys-info contact Mr.Wang-Tel:3306

 snmp-agent sys-info location telephone-closet,3rd-floor

 snmp-agent sys-info version v3

 snmp-agent trap enable arp

 snmp-agent trap enable syslog

 snmp-agent target-host trap address udp-domain 192.168.100.4 params securityname managev3user v3 privacy

 snmp-agent usm-user v3 managev3user user-role test cipher authentication-mode sha $c$3$5JaJZ6gNXlyNRq2FR2ELDT3QQH1exwJRWdYYq7eLfcBewuM5ncM= privacy-mode aes128 $c$3$+bbXZS4+PnsLDyr16OogzBckaLzR6XMDwZQuLBU8RM+dpw==

#

role name test

 rule 1 permit read write oid 1.3.6.1

#

·     SNMPv3 settings in VACM model

#

 snmp-agent

 snmp-agent sys-info contact Mr.Wang-Tel:3306

 snmp-agent sys-info location telephone-closet,3rd-floor

 snmp-agent sys-info version v3

 snmp-agent group v3 managev3group privacy read-view mibtest write-view mibtest notify-view mibtest

 snmp-agent mib-view included mibtest internet

 snmp-agent trap enable arp

 snmp-agent trap enable syslog

 snmp-agent target-host trap address udp-domain 192.168.100.4 params securityname managev3user v3 privacy

 snmp-agent usm-user v3 managev3user managev3group cipher authentication-mode sha $c$3$5JaJZ6gNXlyNRq2FR2ELDT3QQH1exwJRWdYYq7eLfcBewuM5ncM= privacy-mode aes128 $c$3$+bbXZS4+PnsLDyr16OogzBckaLzR6XMDwZQuLBU8RM+dpw==

#

Related documentation

·     SNMP configuration in the network management and monitoring configuration guide for the device.

·     SNMP commands in the network management and monitoring command reference for the device.