No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 13

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SNMP Configuration Examples

SNMP Configuration Examples

Example for Configuring a Device to Communicate with an NM Station by Using SNMPv1

Networking Requirements

As shown in Figure 14-10, NMS1 and NMS2 monitor devices on the network. The network is small and has high security, devices are configured to use SNMPv1 to communicate with the NMSs.

A switch modules is added on the network for expansion and monitored by the NMSs. Users want to monitor the switch modules using current network resources and quickly locate and troubleshoot faults on the switch modules. The NMS needs to manage objects excluding the ISIS object on the switch modules.

Figure 14-10 Networking diagram for configuring a device to communicate with an NMS by using SNMPv1

Configuration Roadmap

SNMPv1 can be used after a device is added on the user network. To reduce the load of the NMS, configure NMS2 to monitor the switch modules and NMS1 not to monitor the switch modules.

The configuration roadmap is as follows:

  1. Configure the SNMP version of the switch modules as SNMPv1.

  2. Configure the NMS access right to enable NMS2 to manage MIB objects except ISIS objects on the switch modules.

  3. Configure the trap host for the switch modules to deliver traps generated on the switch modules to NMS2. Only modules that are enabled by default can deliver traps, which helps locate traps and prevent unwanted traps.

  4. Configure the NMS2.

Procedure

  1. Configure available routes between the switch modules and the NMSs. Details for the configuration procedure are not provided here.
  2. Configure the switch modules to run SNMPv1.

    <HUAWEI> system-view
    [~HUAWEI] snmp-agent sys-info version v1
    

  3. Configure the access rights.

    # Configure an ACL to allow NMS2 to manage and disable NMS1 from managing the switch modules.

    [*HUAWEI] acl 2001
    [*HUAWEI-acl4-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
    [*HUAWEI-acl4-basic-2001] quit

    # Configure a MIB view and allow NMS2 to manage every MIB object except ISIS on the switch modules.

    [*HUAWEI] snmp-agent mib-view excluded allextisis 1.3.6.1.3.37
    

    # Configure the community name and apply the ACL and MIB views.

    [*HUAWEI] snmp-agent community write adminNMS1234 mib-view allextisis acl 2001
    

  4. Configure the trap host.

    [*HUAWEI] snmp-agent target-host host-name NMS2 trap address udp-domain 1.1.1.2 params securityname adminNMS1234
    [*HUAWEI] commit
    [~HUAWEI] quit

  5. Configure NMS2.

    Configure the read-and-write community name on the SNMPv1 NMS. For details about the NMS configuration, see the related NMS manual.

    Keep the authentication parameters on the NMS the same as those on the device; If the parameters are inconsistent, the NMS cannot manage devices. If only the write community name is configured on the device, the read and write community names on the NMS must be the same as the write community name configured on the device.

  6. Verify the configuration.

    After the configurations are complete, the switch modules sets up a connection with NMS2. You can manage the switch modules through NMS2 and NMS2 can receive the traps from the switch modules.

    Check the following configurations.

    # Check information about the SNMP community name.

    <HUAWEI> display snmp-agent community
       Community name: %@%@emYDL$qPUTma0F4MK#[N"SJA)>9u=!60s,lX*DNyV,Y(BYPKv3-n619,}>vf}EBy$(d!w]TQ%@%@
           Group name:SnmpCommunity1[55062]
           Acl:2001
           Storage-type: nonVolatile

    # Check the target host.

    <HUAWEI> display snmp-agent target-host
    Target-host NO. 1
    -----------------------------------------------------------
      Host-name                        : NMS2
      IP-address                       : 1.1.1.2
      Source interface                 : -
      VPN instance                     : -
      Security name                    : %@%@=(0O:mkfjFz^&@,ZsSx0,$_-%@%@
      Port                             : 162
      Type                             : trap
      Version                          : v1
      Level                            : No authentication and privacy
      NMS type                         : NMS
      With ext-vb                      : No
      Notification filter profile name : -
    ----------------------------------------------------------- 

Configuration Files

Configuration file of the switch modules

#
vlan batch 100
#
acl number 2001
 rule 5 permit source 1.1.1.2 0
#
interface Vlanif100
 ip address 1.1.2.1 255.255.255.0
#
interface 10GE1/17/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
ospf 1
 area 0.0.0.0
  network 1.1.2.0 0.0.0.255
#
snmp-agent
snmp-agent local-engineid 800007DB03360102101100
snmp-agent community write cipher %@%@emYDL$qPUTma0F4MK#[N"SJA)>9u=!60s,lX*DNyV,Y(BYPKv3-n619,}>vf}EBy$(d!w]TQ%@%@ mib-view allextisis acl 2001
# 
snmp-agent sys-info version v1 v3
snmp-agent target-host host-name NMS2 trap address udp-domain 1.1.1.2 params securityname cipher %@%@=(0O:mkfjFz^&@,ZsSx0,$_-%@%@
#
snmp-agent mib-view excluded allextisis isisMIB
#
return

Example for Configuring a Device to Communicate with an NM Station by Using SNMPv2c

Networking Requirements

As shown in Figure 14-11, NMS1 and NMS2 monitor devices on the network. The network is large and has high security, devices are configured to use SNMPv2c to communicate with NMSs. A switch modules is added on the network for expansion and monitored by the NMSs.

Users want to monitor the switch modules using current network resources and quickly locate and troubleshoot faults on the switch modules. The NMS needs to manage objects excluding the ISIS object on the switch modules.

Figure 14-11 Networking diagram for configuring a device to communicate with an NMS by using SNMPv2c

Configuration Roadmap

SNMPv2c can still be used after a device is added on the user network. To reduce the load of the NMS, configure NMS2 to monitor the switch modules and NMS1 not to monitor the switch modules.

The configuration roadmap is as follows:

  1. Configure the SNMP version of the switch modules as SNMPv2c.

  2. Configure the access right to enable NMS2 to manage MIB objects except ISIS objects on the switch modules.

  3. Configure the trap host for the switch modules to deliver traps generated on the switch modules to NMS2. Only modules that are enabled by default can deliver traps, which helps locate traps and prevent unwanted traps.

  4. Configure the NMS2.

Procedure

  1. Configure available routes between the switch modules and the NMSs. Details for the configuration procedure are not provided here.
  2. Configure the switch modules to run SNMPv2c.

    <HUAWEI> system-view
    [~HUAWEI] snmp-agent sys-info version v2c
    

  3. Configure the access rights.

    # Configure an ACL rule to allow NMS2 to manage only the switch modules.

    [*HUAWEI] acl 2001
    [*HUAWEI-acl-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
    [*HUAWEI-acl-basic-2001] quit

    # Configure the MIB view and configure NMS2 to manage objects excluding the ISIS object.

    [*HUAWEI] snmp-agent mib-view excluded allextisis 1.3.6.1.3.37
    

    # Configure the community name and apply the ACL and MIB views.

    [*HUAWEI] snmp-agent community write adminNMS1234 mib-view allextisis acl 2001
    

  4. Configure the trap host.

    [*HUAWEI] snmp-agent target-host host-name NMS2 inform address udp-domain 1.1.1.2 params securityname adminNMS1234 v2c 
    [*HUAWEI] snmp-agent inform timeout 5 resend-times 6 pending 7
    [*HUAWEI] commit
    [~HUAWEI] quit

  5. Configure NMS2.

    Configure the read-and-write community name on the SNMPv2 NMS. For details about the NMS configuration, see the related NMS manual.

    Keep the authentication parameters on the NMS the same as those on the device; If the parameters are inconsistent, the NMS cannot manage devices. If only the write community name is configured on the device, the read and write community names on the NMS must be the same as the write community name configured on the device.

  6. Verify the configuration.

    After the configurations are complete, the switch modules sets up a connection with NMS2. You can manage the switch modules through NMS2 and NMS2 can receive the traps from the switch modules.

    Check the following configurations.

    # Check information about the SNMP community name.

    <HUAWEI> display snmp-agent community
       Community name: %@%@emYDL$qPUTma0F4MK#[N"SJA)>9u=!60s,lX*DNyV,Y(BYPKv3-n619,}>vf}EBy$(d!w]TQ%@%@
           Group name:SnmpCommunity1[55062]
           Acl:2001
           Storage-type: nonVolatile

    # Check the target host.

    <HUAWEI> display snmp-agent target-host
    Target-host NO. 1
    -----------------------------------------------------------
      Host-name                        : NMS2
      IP-address                       : 1.1.1.2
      Source interface                 : -
      VPN instance                     : -
    
      Port                             : 162
      Type                             : inform
      Version                          : v2c
      Level                            : No authentication and privacy
      NMS type                         : NMS
      With ext-vb                      : No
      Notification filter profile name : -
    -----------------------------------------------------------

Configuration Files

Configuration file of the switch modules

#
vlan batch 100
#
acl number 2001
 rule 5 permit source 1.1.1.2 0
#
interface Vlanif100
 ip address 1.1.2.1 255.255.255.0
#
interface 10GE1/17/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
ospf 1
 area 0.0.0.0
  network 1.1.2.0 0.0.0.255
#
snmp-agent
snmp-agent local-engineid 800007DB03360102101100
snmp-agent community write cipher %@%@emYDL$qPUTma0F4MK#[N"SJA)>9u=!60s,lX*DNyV,Y(BYPKv3-n619,}>vf}EBy$(d!w]TQ%@%@ mib-view allextisis acl 2001
# 
snmp-agent sys-info version v2c v3
snmp-agent target-host host-name NMS2 inform address udp-domain 1.1.1.2 params securityname cipher %@%@"G$=CG6)eIk.k>(vH"G.,";(%@%@ v2c
#
snmp-agent mib-view excluded allextisis isisMIB
#
snmp-agent inform timeout 5
snmp-agent inform resend-times 6
snmp-agent inform pending 7
#
return

Example for Configuring a Device to Communicate with an NM Station by Using SNMPv3 (USM User)

Networking Requirements

As shown in Figure 14-12, NMS1 and NMS2 monitor devices on the network. The network is large and has high security, devices are configured to use SNMPv3 to communicate with NMSs and configured with authentication and encryption. A switch modules is added on the network for expansion and monitored by the NMSs.

Users want to monitor the switch modules using current network resources and quickly locate and troubleshoot faults on the switch modules. The NMS needs to manage objects excluding the ISIS object on the switch modules.

Figure 14-12 Networking diagram for configuring a device to communicate with an NMS by using SNMPv3 (USM User)

Configuration Roadmap

SNMPv3 can still be used after a device is added on the user network. To reduce the load of the NMS, configure NMS2 to monitor the switch modules and NMS1 not to monitor the switch modules.

The configuration roadmap is as follows:

  1. Configure the access right to enable NMS2 to manage MIB objects except ISIS objects on the switch modules. Configure a user and user group so that NMS2 can connect to the device through the user group and user.

  2. Configure the trap host for the switch modules to deliver traps generated on the switch modules to NMS2. Only modules that are enabled by default can deliver traps, which helps locate traps and prevent unwanted traps.

  3. Configure the NMS2.

Procedure

  1. Configure available routes between the switch modules and the NMSs. Details for the configuration procedure are not provided here.
  2. Configure the access rights.

    # Configure an ACL to allow NMS2 to manage and disable NMS1 from managing the switch modules.

    [*HUAWEI] acl 2001
    [*HUAWEI-acl4-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
    [*HUAWEI-acl4-basic-2001] rule 6 deny source 1.1.1.1 0.0.0.0
    [*HUAWEI-acl4-basic-2001] quit

    # Configure the MIB view to allow NMS2 to manage objects except ISIS objects on the switch.

    [*HUAWEI] snmp-agent mib-view excluded allextisis 1.3.6.1.3.37
    

  3. Configure the user group and user.

    # Configure the user group and user and set the authentication and encryption method.

    [*HUAWEI] snmp-agent group v3 admin privacy write-view allextisis acl 2001
    [*HUAWEI] snmp-agent usm-user v3 nms2-admin group admin
    [*HUAWEI] snmp-agent usm-user v3 nms2-admin authentication-mode md5
    Please configure the authentication password (8-255)
    Enter Password:               //Enter the authentication password. It is Authe@1234 in this example.
    Confirm Password:             //Confirm the password. It is Authe@1234 in this example.
    [*HUAWEI] snmp-agent usm-user v3 nms2-admin privacy-mode aes128
    Please configure the privacy password (8-255)
    Enter Password:              //Enter the encryption password. It is Priva@1234 in this example.
    Confirm Password:            //Confirm the password. It is Priva@1234 in this example.
    

  4. Configure the trap function.

    [*HUAWEI] snmp-agent target-host host-name NMS2 trap address udp-domain 1.1.1.2 params securityname nms2-admin v3 privacy
    [*HUAWEI] commit
    [~HUAWEI] quit

  5. Configure the NMS.

    You need to set the user name and security level for the NMS using SNMPv3. You can set the security level by specifying the authentication mode, authentication password, encryption mode, and encryption password. For details about the NMS configuration, see the related NMS manual.

    Keep the authentication parameters on the NMS the same as those on the device; If the parameters are inconsistent, the NMS cannot manage devices.

  6. Verify the configuration.

    After the configurations are complete, the switch modules sets up a connection with NMS2. You can manage the switch modules through NMS2 and NMS2 can receive the traps from the switch modules.

    Check the following configurations.

    # Check the user group information.

    <HUAWEI> display snmp-agent group admin
    
       Group name: admin
           Security model: USM privacy
           Readview: ViewDefault
           Writeview: allextisis
           Notifyview :<no specified>
           Storage-type: nonVolatile
           Acl:2001
    

    # Check the user information.

    <HUAWEI> display snmp-agent usm-user
       User name: nms2-admin
           Engine ID: 800007DB0300259E0370C3 active
           Authentication Protocol: md5
           Privacy Protocol: aes128
           Group name: admin

    # Check the target host.

    <HUAWEI> display snmp-agent target-host
    Target-host NO. 1
    ----------------------------------------------------------------------
      Host-name                        : NMS2
      IP-address                       : 1.1.1.2
      Source interface                 : -
      VPN instance                     : -
      Security name                    : nms2-admin
      Port                             : 162
      Type                             : trap
      Version                          : v3
      Level                            : Privacy
      NMS type                         : NMS
      With ext-vb                      : No
      Notification filter profile name : -
    --------------------------------------------------------------------

Configuration Files

Configuration file of the switch modules

#
vlan batch 100
#
acl number 2001
 rule 5 permit source 1.1.1.2 0
#
interface Vlanif100
 ip address 1.1.2.1 255.255.255.0
#
interface 10GE1/17/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
ospf 1
 area 0.0.0.0
  network 1.1.2.0 0.0.0.255
#
snmp-agent
snmp-agent local-engineid 800007DB03360102101100
#
snmp-agent sys-info version v3
snmp-agent group v3 admin privacy write-view allextisis acl 2001
snmp-agent target-host host-name NMS2 trap address udp-domain 1.1.1.2 params securityname nms2-admin v3 privacy
#
snmp-agent mib-view excluded allextisis isisMIB
snmp-agent usm-user v3 nms2-admin
snmp-agent usm-user v3 nms2-admin group admin
snmp-agent usm-user v3 nms2-admin authentication-mode md5 cipher %@%@]QQZ)Fgy/Bt5g:9:4h|&%@7.%@%@
snmp-agent usm-user v3 nms2-admin privacy-mode aes128 cipher %@%@QivK9sICS!)j^XJtg{n=%JA8%@%@
#
return

Example for Configuring the Device to Communicate with an NM Station by Using SNMPv3 (AAA Local User)

Networking Requirements

As shown in Figure 14-13, the NMS monitors the devices on the network. An AAA user has been configured on the device. The administrator wants to manage the device by using the same user name, so SNMPv3 can be configured to use the AAA user for authentication.

Figure 14-13 Configuring the device to communicate with an NMS using SNMPv3 (AAA local user)

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an IP address for switch A so that switch A can have a reachable route to the NMS.

  2. Configure an AAA local user and a user group, set the service type of AAA local user to SNMP, and configure task authorization for the user group.

  3. Configure the AAA local user as an SNMPv3 user, and configure authentication and encryption to improve data transmission security between switch A and NMS.

  4. Configure the NMS to allow the device to connect to the NMS.

Procedure

  1. Configure the IP address for switch A.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchA
    [*HUAWEI] commit
    [~SwitchA] vlan batch 100
    [*SwitchA] interface 10ge 1/17/1
    [*SwitchA-10GE1/17/1] port link-type trunk
    [*SwitchA-10GE1/17/1] port trunk pvid vlan 100
    [*SwitchA-10GE1/17/1] port trunk allow-pass vlan 100
    [*SwitchA-10GE1/17/1] quit
    [*SwitchA] interface vlanif 100
    [*SwitchA-Vlanif100] ip address 10.1.1.2 24
    [*SwitchA-Vlanif100] quit
    [*SwitchA] commit

  2. Configure the AAA local user and user group.

    # Configure the AAA local user and set the service type to SNMP.

    [~SwitchA] aaa
    [*SwitchA-aaa] local-user usersnmp password irreversible-cipher Helloworld@6789
    [*SwitchA-aaa] local-user usersnmp service-type snmp
    

    # Configure an AAA user group and task authorization, and add the user to the user group.

    [*SwitchA-aaa] task-group tasksnmp
    [*SwitchA-aaa-task-group-tasksnmp] task snmp read write
    [*SwitchA-aaa-task-group-tasksnmp] quit
    [*SwitchA-aaa] user-group groupsnmp
    [*SwitchA-aaa-user-group-groupsnmp] task-group tasksnmp
    [*SwitchA-aaa-user-group-groupsnmp] quit
    [*SwitchA-aaa] local-user usersnmp user-group groupsnmp
    [*SwitchA-aaa] quit
    

  3. Apply the AAA user to SNMPv3. The authentication and encryption passwords are entered in an interaction manner.

    [*SwitchA] snmp-agent local-user v3 usersnmp authentication-mode sha privacy-mode aes256
    Please configure the authentication password (8-255)
    Enter Password:               //Enter the authentication password. It is Authe@1234 in this example.
    Confirm Password:             //Confirm the password. It is Authe@1234 in this example.
    Please configure the privacy password (8-255)
    Enter Password:              //Enter the encryption password. It is Priva@1234 in this example.
    Confirm Password:            //Confirm the password. It is Priva@1234 in this example.
    [*SwitchA] commit
    [~SwitchA] quit

  4. Configure the NMS.

    On an NMS running SNMPv3, configure the user name and select a security level. Then set the authentication mode, authentication password, encryption mode, and encryption password according to the security level you select. For the usage and configuration of NMS, see the product manual of the NMS.

    The authentication and encryption configurations of the NMS must be the same as those configured on switch A; otherwise, the NMS cannot communicate with switch A.

  5. Verify the configuration.

    Switch A and NMS can communicate with each other, and the NMS can manage switch A.

    # Run the following command on the device to check SNMPv3 local user information.

    <SwitchA> display snmp-agent local-user
       User name: usersnmp
           Engine ID: 800007DB03360102101100
           Authentication Protocol: sha
           Privacy Protocol: aes256
           State: Active   

Configuration Files

Configuration file of switch A

#
sysname SwitchA
#
vlan batch 100
#
aaa 
 local-user usersnmp password irreversible-cipher $1a$w0k#Q5-ftA$FwmO"4nfp00CK*ZIcPy>XCTiW{n&#F]Evp1JFu4#$
 local-user usersnmp service-type snmp
 local-user usersnmp user-group groupsnmp
 # 
 task-group tasksnmp
  task interface-mgr read write execute
  task config read write execute
  task snmp read write
  task vlan read write execute
  task shell read write execute
  task cli read execute
 #   
 user-group groupsnmp    
  task-group tasksnmp  
#
 interface Vlanif100
 ip address 10.1.1.2 255.255.255.0
#
interface 10GE1/17/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100
#
snmp-agent
snmp-agent local-engineid 800007DB03360102101100
#
snmp-agent sys-info version v3  
# 
snmp-agent local-user v3 usersnmp authentication-mode sha cipher @%@%husx3YiaZP"]eDWuk1@2,k1!@%@% privacy-mode aes256 cipher @%@%(m{7+`1~98/IdR;ds'b&,k1(@%@%
#
return

Example for Configuring the Device to Communicate with NMS Through the SNMP Proxy

Networking Requirements

The SNMP protocol allows the network management system to manage network elements. When there are a lot of network elements on the network, management cost is high.

To reduce the management cost, configure the SNMP proxy on the middle-point device, as shown in Figure 14-14. The NMS considers the middle-point device and managed devices as an independent network element; therefore, the NMS does not need to manage too many network elements, reducing management cost.
Figure 14-14 Networking diagram for configuring the device to communicate with NMS through SNMP proxy

Configuration Roadmap

The configuration roadmap is as follows:

  • Configure the middle-point device.

    1. Configure the IP addresses of interfaces that connect the middle-point device to the NMS and managed device.
    2. Configure SNMP proxy on the middle-point device using user-defined parameter settings, so that you can use the middle-point device to manage the managed device.
  • Configure the managed device.

    1. Configure the IP address of the interface that connects the managed device to the middle-point device.
    2. Configure SNMP for the managed device to communicate with the NMS.

Procedure

  • Configure the middle-point device.

    1. Configure IP addresses for interfaces.

      <HUAWEI> system-view
      [~HUAWEI] sysname Switch ModuleA
      [*HUAWEI] commit
      [~Switch ModuleA] vlan 100
      [*Switch ModuleA-vlan100] quit
      [*Switch ModuleA] interface vlanif 100
      [*Switch ModuleA-Vlanif100] ip address 3.1.1.1 24
      [*Switch ModuleA-Vlanif100] quit
      [*Switch ModuleA] interface 10ge 1/17/1
      [*Switch ModuleA-10GE1/17/1] port link-type trunk
      [*Switch ModuleA-10GE1/17/1] port trunk pvid vlan 100
      [*Switch ModuleA-10GE1/17/1] port trunk allow-pass vlan 100
      [*Switch ModuleA-10GE1/17/1] quit
      [*Switch ModuleA] vlan 200
      [*Switch ModuleA-vlan200] quit
      [*Switch ModuleA] interface vlanif 200
      [*Switch ModuleA-Vlanif200] ip address 192.168.1.1 24
      [*Switch ModuleA-Vlanif200] quit
      [*Switch ModuleA] interface 10ge 1/17/2
      [*Switch ModuleA-10GE1/17/2] port link-type trunk
      [*Switch ModuleA-10GE1/17/2] port trunk pvid vlan 200
      [*Switch ModuleA-10GE1/17/2] port trunk allow-pass vlan 200
      [*Switch ModuleA-10GE1/17/2] quit
    2. Configure the SNMP proxy.

      [*Switch ModuleA] snmp-agent remote-engineid 800007DB0338EBD9210010 usm-user v3 snmpv3
      [*Switch ModuleA] snmp-agent remote-engineid 800007DB0338EBD9210010 usm-user v3 snmpv3 authentication-mode md5
      Please configure the authentication password (8-255)                            
      Enter Password:               //Enter the authentication password. It is Authe@1234 in this example.
      Confirm Password:             //Confirm the password. It is Authe@1234 in this example.
      [*Switch ModuleA] snmp-agent remote-engineid 800007DB0338EBD9210010 usm-user v3 snmpv3 privacy-mode aes128
      Please configure the privacy password (8-255)                                   
      Enter Password:              //Enter the encryption password. It is Priva@1234 in this example.
      Confirm Password:            //Confirm the password. It is Priva@1234 in this example.
      [*Switch ModuleA] snmp-agent proxy rule proxy_rule_read read remote-engineid 800007DB0338EBD9210010 target-host proxy_host params-in securityname snmpv3 v3 privacy
      [*Switch ModuleA] snmp-agent proxy rule proxy_rule_write write remote-engineid 800007DB0338EBD9210010 target-host proxy_host params-in securityname snmpv3 v3 privacy
      [*Switch ModuleA] snmp-agent proxy target-host proxy_host@NMS address udp-domain 2.1.1.1 udp-port 162 params securityname snmpv3 v3 privacy
      [*Switch ModuleA] commit
      [~Switch ModuleA] quit

  • Configure the managed device.

    To configure SNMPv3, see Example for Configuring a Device to Communicate with an NM Station by Using SNMPv3 (USM User).

    SNMPv3 is used in this example.

  • Verify the configuration.

    The following operations can be performed only on the middle-point device.

    # View the proxy rules for SNMP packets.

    <Switch ModuleA> display snmp-agent proxy rule
      Proxy Rule name : proxy_rule_read                      
           Type             : read                                                  
           Remote engine ID : 800007DB0338EBD9210010                                
           Host name        : proxy_host                                            
           Security name    : snmpv3                                                
           Version          : v3                                                    
           Level            : Privacy                                               
                                                                                    
       Proxy Rule name : proxy_rule_write                                           
           Type             : write                                                 
           Remote engine ID : 800007DB0338EBD9210010                                
           Host name        : proxy_host                                            
           Security name    : snmpv3                                                
           Version          : v3                                                    
           Level            : Privacy             

    # View the target host information of the SNMP proxy.

    <Switch ModuleA> display snmp-agent proxy target-host
    Proxy target-host NO. 1                                                         
    -----------------------------------------------------------                     
      Host-name        : proxy_host@NMS                                             
      IP-address       : 2.1.1.1                                                    
      Port             : 162                                                        
      Timeout          : 15                                                         
      Source interface : -                                                          
      VPN instance     : -                                                          
      Security name    : snmpv3                                                     
      Version          : v3                                                         
      Level            : Privacy                                             
    -----------------------------------------------------------   

Configuration File

Configuration file of SwitchA

#
sysname SwitchA
#
vlan batch 100 200
#
interface Vlanif100
 ip address 3.1.1.1 255.255.255.0
#
interface Vlanif200
 ip address 192.168.1.1 255.255.255.0
#
interface 10GE1/17/1
 port link-type trunk                                                           
 port trunk pvid vlan 100                                                       
 port trunk allow-pass vlan 100      
#
interface 10GE1/17/2
 port link-type trunk                                                           
 port trunk pvid vlan 200                                                       
 port trunk allow-pass vlan 200      
#
snmp-agent                                                                      
snmp-agent local-engineid 800007DB03001974593301 
#
snmp-agent sys-info version v3  
#                                                                              
snmp-agent remote-engineid 800007DB0338EBD9210010 usm-user v3 snmpv3         
snmp-agent remote-engineid 800007DB0338EBD9210010 usm-user v3 snmpv3 authentication-mode md5 cipher %@%@16[[FhkK>HZ0z}0,C;KP,0]f%@%@                         
snmp-agent remote-engineid 800007DB0338EBD9210010 usm-user v3 snmpv3 privacy-mode aes128 cipher %@%@n2YI>t7awSfu=DKi6^R>,0f#%@%@                             
#                                                                               
snmp-agent proxy target-host proxy_host@NMS address udp-domain 2.1.1.1 udp-port 162 params securityname snmpv3 v3 privacy                                
#                                                                               
snmp-agent proxy rule proxy_rule_read read remote-engineid 800007DB0338EBD9210010 target-host proxy_host params-in securityname snmpv3 v3 privacy               
snmp-agent proxy rule proxy_rule_write write remote-engineid 800007DB0338EBD9210010 target-host proxy_host params-in securityname snmpv3 v3 privacy             
#                                                    
return
Translation
Download
Updated: 2019-12-13

Document ID: EDOC1000041694

Views: 60254

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next