No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Troubleshooting Guide

CloudEngine 16800, 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Configure a Switch to Communicate with an NMS Through SNMP?

How Do I Configure a Switch to Communicate with an NMS Through SNMP?

Three SNMP versions are available: v1, v2c, and v3. SNMPv1 and SNMPv2c use community name-based authentication, whereas SNMPv3 uses user security module and view-based access control module. SNMPv3 is recommended due to its enhanced security.

This section describes how to configure SNMPv2c and SNMPv3 on a switch.

Configuring SNMPv2c

Set the SNMP version to v2c and read/write community name to Private123, and configure access control.

<HUAWEI> system-view
[~HUAWEI] acl 2001
[*HUAWEI-acl4-basic-2001] rule permit source 192.168.1.0 0.0.0.255  //Allow only the NMS on network segment 192.168.1.0 to access the switch.
[*HUAWEI-acl4-basic-2001] commit
[~HUAWEI-acl4-basic-2001] quit
[~HUAWEI] snmp-agent mib-view included alliso iso  //Set the MIB view name to alliso and accessed view includes iso.
[*HUAWEI] snmp-agent sys-info version v2c  //The SNMP version used by the switch must be the same as the SNMP version used by the NMS; otherwise, the switch cannot communicate with the NMS.
[*HUAWEI] snmp-agent community write Private123 mib-view alliso acl 2001
[*HUAWEI] snmp-agent target-host trap address udp-domain 10.1.1.2 params securityname adminNMS1234 v2c
              //Set the IP address of trap host to 10.1.1.2, security name to adminNMS1234, and trap version to v2c.
[*HUAWEI] commit

After the preceding configuration is complete, the NMS can connect to the switch using the configured read/write community name.

Configuring SNMPv3

The security levels of the trap host, user, and user group are in descending order.

The security levels include:
  • privacy: authentication and encryption
  • authentication: authentication and no encryption
  • none: no authentication and no encryption

If the user group is at the privacy level, the user and trap host must be at the privacy level. If the user group is at the authentication level, the user and trap host must be at the privacy or authentication level.

Set the user group name to huawei_group and security level to privacy, and configure access control.

<HUAWEI> system-view
[~HUAWEI] acl 2001
[*HUAWEI-acl4-basic-2001] rule permit source 192.168.1.0 0.0.0.255  //Allow only the NMS on network segment 192.168.1.0 to access the switch.
[*HUAWEI-acl4-basic-2001] commit
[~HUAWEI-acl4-basic-2001] quit
[~HUAWEI] snmp-agent mib-view included alliso iso  //Set the MIB view name to alliso and accessed view includes iso.
[*HUAWEI] snmp-agent sys-info version v3  //The SNMP version used by the switch must be the same as the SNMP version used by the NMS; otherwise, the switch cannot communicate with the NMS.
[*HUAWEI] snmp-agent group v3 huawei_group privacy write-view alliso acl 2001
[*HUAWEI] snmp-agent usm-user v3 huawei_user group huawei_group  //Set the SNMPv3 user name to huawei_user and add the user to user group huawei_group.
[*HUAWEI] snmp-agent usm-user v3 huawei_user authentication-mode sha
Please configure the authentication password (8-255)
Enter Password:               //Enter the authentication password.
Confirm Password:             //Confirm the authentication password.
[*HUAWEI] snmp-agent usm-user v3 huawei_user privacy-mode aes256
Please configure the privacy password (8-255)
Enter Password:              //Enter the encryption password.
Confirm Password:            //Confirm the encryption password.
[*HUAWEI] snmp-agent target-host trap address udp-domain 10.1.1.2 params securityname huawei_user v3 privacy
              //Set the IP address of trap host to 10.1.1.2, security name to huawei_user, and trap version to v3.
[*HUAWEI] commit

After the preceding configuration is complete, the NMS can connect to the switch using the configured user name, authentication password, and encryption password.

Translation
Download
Updated: 2020-01-07

Document ID: EDOC1000060766

Views: 608475

Downloads: 2951

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next