No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the SNMP

Configuring the SNMP

Configuring a Device to Communicate with an NMS by Running SNMPv1

After SNMPv1 is configured, a managed device and an NMS can run SNMPv1 to communicate with each other. To ensure communication, you need to configure the agent and NMS. This section describes the configuration on a managed device (the agent side). For details about configuration on an NMS, see the pertaining NMS operation guide.

Pre-configuration Tasks

Before configuring a device to communicate with an NMS by running SNMPv1, configure a routing protocol to ensure that at least one route exist between access point and NMS.

Procedure

When you configure the device to communicate with the NMS using SNMPv1, Configuring Basic SNMPv1 Functions is mandatory and optional steps can be performed in any sequence.

After the SNMP basic functions are configured, the NMS can communicate with managed devices.
  • The access permission of the NMS that uses the configured community name is Viewdefault view. The internet MIB (OID: 1.3.6.1) and the lagMIB (OID: 1.2.840.10006.300.43) can be operated in this view.

  • The managed device sends traps generated by the modules that are enabled by default to the NMS.

If finer device management is required, follow directions below to configure a managed device:
  • To allow a specified NMS that uses the community name to manage specified objects on the device, follow the procedure described in Restricting Management Rights of the NMS.

  • To allow a specified module on the managed device to report traps to the NMS, follow the procedure described in Configuring the Trap Function.

  • If the NMS and managed device are both Huawei products, follow the procedure described in Enabling the SNMP Extended Error Code Function to allow the device to send more types of error codes. This allows more specific error identification and facilitates your fault location and rectification.

Configuring Basic SNMPv1 Functions

Context

For the configuration of basic SNMP functions, 1, 3, 4, 5 and 6 are mandatory steps. After the configuration is complete, basic SNMP communication can be established between the NMS and managed device.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. (Optional) Run:

    snmp-agent

    The SNMP agent function is enabled.

    By default, the SNMP agent function is disabled. Executing the snmp-agent command can enable the SNMP agent function no matter whether parameters are specified in the command.

  3. Run:

    snmp-agent sys-info version v1

    The SNMP version is set to SNMPv1.

    By default, SNMPv3 is enabled.

    NOTE:

    Using SNMPv1 has potential security risks. SNMPv3 is recommended.

  4. Run:

    snmp-agent community { read | write } community-name [ mib-view view-name | acl acl-number ] *

    The community name is set.

    By default, the community name is not configured.

    After the read-and-write community name is set, the NMS with this name has the right of the Viewdefault view (OID: 1.3.6.1 and OID: 1.2.840.10006.300.43). To change the access right of the NMS, see Restricting Management Rights of the NMS.
    NOTE:

    Ensure that the community name of the NMS is the same as that set on the agent. If the NMS and the agent have different community names, the NMS cannot access the agent.

  5. Run:

    snmp-agent target-host trap-paramsname paramsname v1 securityname securityname [ binding-private-value ] [ private-netmanager ]

    Parameters for sending trap messages are set.

  6. Run:

    snmp-agent target-host trap-hostname hostname address ipv4-addr [ udp-port udp-portid ] trap-paramsname paramsname

    The destination host for receiving trap messages and error codes is specified.

    Note the following when running the command:
    • The default destination UDP port number is 162. To ensure secure communication between the NMS and managed devices, run the udp-port command to change the UDP port number to a non-well-known port number.

  7. (Optional) Run:

    snmp-agent sys-info { contact contact | location location }

    The equipment administrators contact information or location is configured.

    By default, the vendor's contact information is "R&D Shenzhen, Huawei Technologies Co.,Ltd.". The default location is "Shenzhen China".

    This step is required for the NMS administrator to view contact information and locations of the equipment administrator when the NMS manages many devices. This helps the NMS administrator to contact the equipment administrators for fault location and rectification.

    To configure both the equipment administrators contact information and location, run the snmp-agent sys-info command twice.

(Optional) Restricting Management Rights of the NMS

Context

When multiple NMSs using the same community name manage one device, perform this configuration based on the site requirements.

Scenario

Steps

All NMSs using this community name have the right of the ViewDefault view.

No action required

Specified NMSs using this community name have the right of the ViewDefault view.

1, 3

All NMSs using this community name manage specified objects on the managed device.

1, 2, 3

Specified NMSs using this community name manage specified objects on the managed devices.

1, 2, 3

NOTE:

The ViewDefault view are the 1.3.6.1 view and 1.2.840.10006.300.43 view.

When an ACL is used to control the NMS access rights, the constraints are as follows:
  • When the ACL rule is permit, the NMS with the source IP address specified in this rule can access the local device.

  • When the ACL rule is deny, the NMS with the source IP address specified in this rule cannot access the local device.

  • If a packet matches no ACL rule, the NMS that sends the packet cannot access the local device.

  • When no ACL rule is configured, all NMSs can access the local device.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    snmp-agent mib-view view-name  { exclude | include } subtree-name [ mask mask ]

    A MIB view is created, and manageable MIB objects are specified.

    By default, an NMS has right to access the objects in the ViewDefault view.

    If both the included and excluded parameters are configured for MIB objects that have an inclusion relationship, whether to include or exclude the lowest MIB object will be determined by the parameter configured for the lowest MIB object. For example, the snmpV2, snmpModules, and snmpUsmMIB objects are from top down in the MIB table. If the excluded parameter is configured for snmpUsmMIB objects and included is configured for snmpV2, snmpUsmMIB objects will still be excluded.

  3. Configure NMS filtering based on community name.
    1. (Optional) Configure the basic ACL.

      Before configuring the access control rights, you must create a basic ACL. For the creation procedure, see ACL Configuration.

    2. Run:

      snmp-agent community { read | write } community-name [ mib-view view-name | acl acl-number ] *

      The NMS's access right are specified.

      By default, the community name is not configured.

      • To grant only the read permission to low-level administrators, specify the parameter read. To grant the read and write permissions to high-level administrators, specify the parameter write.

      • If the NMSs using this community name have the right of the ViewDefault view, the parameter mib-view view-name is not required.

      • If all NMSs using this community name manage specified objects on the managed devices, the parameter acl acl-number is not required.

      • If some NMSs using this community name manage specified objects on the managed devices, the parameters acl and mib-view must be configured.

      NOTE:

      Before specifying the NMS to manage devices with this community name, check the ACL rule. When the ACL rule is permit, the NMS with the source IP address specified in this rule can access the local device. When the ACL rule is deny, the NMS with the source IP address specified in this rule cannot access the local device.

Follow-up Procedure

After the access right are configured, especially after the IP address of the NMS is specified, if the IP address changes (for example, the NMS changes its location, or IP addresses are reallocated due to network adjustment), you need to change the IP address of the NMS in the ACL. Otherwise, the NMS cannot access the device.

(Optional) Configuring the Trap Function

Context

Users can enable the trap function for a specified module. The interface status trap is generated when the interface status changes. You need to enable the trap function for the standard module globally and enable the interface status trap function on the specified interface.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Enable the trap function.

    Enable the trap function for a module.

    • Run:

      snmp-agent trap enable

      The trap function is enabled for all modules.

    • Run:

      snmp-agent trap enable feature-name

      The trap function is enabled for a specified module.

    Enable the trap function for an interface.

    Run:

    snmp-agent trap enable feature-name ifnet trap-name { linkdown | linkup }

    The trap function is enabled on all interfaces.

    By default, the trap function is disabled on all interfaces. When parameters linkdown and linkup are configured for all ifnet modules, the device sends a trap to the NMS upon an interface status change. When an interface frequently sends traps to the NMS because of frequent status changes, you can disable the interface status trap function on the interface to reduce the NMS loads. The procedure is as follows:

    1. Run:

      interface interface-type interface-number

      The interface view is displayed.

    2. Run:

      undo enable snmp trap updown

      The interface status trap function is disabled.

    3. Run:

      quit

      Return to the system view.

  3. Run:

    snmp-agent trap source interface-type interface-number

    The source interface for traps is specified.

    After the source interface is specified, the IP address of the source interface is used as the source IP address for sending traps. This helps the NMS identify the trap source. The source interface that sends traps must have an IP address; otherwise, the commands will fail to take effect. To ensure device security, it is recommended that you set the source IP address to the local loopback address.

    The source interface specified on the access point for traps must be consistent with that specified on the NMS; otherwise, the NMS does not accept the traps sent from the access point.

  4. Run:

    snmp-agent trap queue-size size

    The queue length of traps sent to the destination host is set.

    The default queue length of traps sent to the destination host is 100.

    The queue length depends on the number of generated traps. If the access point frequently sends traps to the NMS, set a longer queue length to prevent traps from being lost.

  5. Run:

    snmp-agent trap life seconds

    The lifetime of traps is set.

    The default lifetime of traps is 120 seconds.

    The lifetime of each trap depends on the number of generated traps. If the access point frequently sends traps to the NMS, set a longer lifetime to prevent traps from being lost.

(Optional) Enabling the SNMP Extended Error Code Function

Context

This section describes how to enable the extended error code function on the SNMP agent when both the NMS and managed device are Huawei products. After this function is enabled, more types of error codes are provided to help you locate and rectify faults quickly and accurately.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    snmp-agent extend error-code enable

    The extended error code function is enabled on the SNMP agent.

    By default, SNMP sends standard error codes. It can send extended error codes to the NMS only after the extended error code function is enabled.

Checking the Configuration

Prerequisites

The configurations of basic SNMPv1 functions are complete.

Procedure

  • Run the display snmp-agent community { read | write } command to check the configured community name.
  • Run the display snmp-agent sys-info version command to check the enabled SNMP version.
  • Run the display acl acl-number command to check the ACL rules.
  • Run the display snmp-agent mib-view command to check the MIB view.
  • Run the display snmp-agent sys-info contact command to check the equipment administrator's contact information.
  • Run the display snmp-agent sys-info location command to check the location of the access point.
  • Run the display current-configuration | include trap command to check the configuration of the trap function.
  • Run the display snmp-agent trap all command to check current and default status of all traps in all features.
  • Run the display snmp-agent trap-source command to check the source interface for sending traps.
  • Run the display snmp-agent target-host command to check information about the target host.
  • Run the display snmp-agent extend error-code status command to check whether the function that the device sends extended error codes to the NMS is enabled.

Configuring a Device to Communicate with an NMS by Running SNMPv2c

After SNMPv2c is configured, a managed device and an NMS can run SNMPv2c to communicate with each other. To ensure communication, you need to configure the agent and NMS. This section describes the configuration on a managed device (the agent side). For details about configuration on an NMS, see the pertaining NMS operation guide.

Pre-configuration Tasks

Before configuring a device to communicate with an NMS by running SNMPv2c, configure a routing protocol to ensure that at least one route exist between access point and NMS.

Procedure

When you configure the device to communicate with the NMS using SNMPv2c, Configuring Basic SNMPv2c Functions is mandatory and optional steps can be performed in any sequence.

After the SNMP basic functions are configured, the NMS can communicate with managed devices.
  • The access permission of the NMS that uses the configured community name is Viewdefault view. The internet MIB (OID: 1.3.6.1) and the lagMIB (OID: 1.2.840.10006.300.43) can be operated in this view.

  • The managed device sends traps generated by the modules that are enabled by default to the NMS.

If finer device management is required, follow directions below to configure a managed device:
  • To allow a specified NMS that uses the community name to manage specified objects on the device, follow the procedure described in Restricting Management Rights of the NMS.

  • To allow a specified module on the managed device to report traps to the NMS, follow the procedure described in Configuring the Trap Function.

  • If the NMS and managed device are both Huawei products, follow the procedure described in Enabling the SNMP Extended Error Code Function to allow the device to send more types of error codes. This allows more specific error identification and facilitates your fault location and rectification.

Configuring Basic SNMPv2c Functions

Context

For the configuration of basic SNMP functions, 1, 3, 4, 5 and 6 are mandatory steps. After the configurations are complete, the NMS and managed device can communicate with each other.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. (Optional) Run:

    snmp-agent

    The SNMP agent function is enabled.

    By default, the SNMP agent function is disabled. Executing the snmp-agent command can enable the SNMP agent function no matter whether parameters are specified in the command.

  3. Run:

    snmp-agent sys-info version v2c

    The SNMP version is set to SNMPv2c.

    By default, SNMPv3 is enabled.

    NOTE:

    Using SNMPv2c has potential security risks. SNMPv3 is recommended.

  4. Run:

    snmp-agent community { read | write } community-name [ mib-view view-name | acl acl-number ] *

    The community name is configured for the device.

    By default, the community name is not configured.

    After the read-and-write community name is set, the NMS with this name has the right of the ViewDefault view (OID: 1.3.6.1 and OID: 1.2.840.10006.300.43). To change the access right of the NMS, see (Optional) Restricting Management Rights of the NMS.
    NOTE:

    Ensure that the community name of the NMS is the same as that set on the agent. If the NMS and the agent have different community names, the NMS cannot access the agent.

  5. Run:

    snmp-agent target-host trap-paramsname paramsname v2c securityname securityname  [ binding-private-value ] [ private-netmanager ]

    Parameters for sending trap messages are set.

  6. Run:

    snmp-agent target-host trap-hostname hostname address ipv4-addr [ udp-port udp-portid ] trap-paramsname paramsname

    The destination host for receiving trap messages and error codes is specified.

    Note the following when running the command:
    • The default destination UDP port number is 162. To ensure secure communication between the NMS and managed devices, run the udp-port command to change the UDP port number to a non-well-known port number.

  7. (Optional) Run:

    snmp-agent sys-info { contact contact | location location }

    The equipment administrators contact information or location is configured.

    By default, the vendor's contact information is "R&D Shenzhen, Huawei Technologies Co.,Ltd.". The default location is "Shenzhen China".

    This step is required for the NMS administrator to view contact information and locations of the equipment administrator when the NMS manages many devices. This helps the NMS administrator to contact the equipment administrators for fault location and rectification.

    To configure both the equipment administrators contact information and location, run the snmp-agent sys-info command twice.

(Optional) Restricting Management Rights of the NMS

Context

When multiple NMSs using the same community name manage one device, perform this configuration based on the site requirements.

Scenario

Steps

All NMSs using this community name have the right of the ViewDefault view.

No action required

Specified NMSs using this community name have the right of the ViewDefault view.

1, 3

All NMSs using this community name manage specified objects on the managed device.

1, 2, 3

Specified NMSs using this community name manage specified objects on the managed devices.

1, 2, 3

NOTE:

The ViewDefault view are the 1.3.6.1 view and 1.2.840.10006.300.43 view.

When an ACL is used to control the NMS access rights, the constraints are as follows:
  • When the ACL rule is permit, the NMS with the source IP address specified in this rule can access the local device.

  • When the ACL rule is deny, the NMS with the source IP address specified in this rule cannot access the local device.

  • If a packet matches no ACL rule, the NMS that sends the packet cannot access the local device.

  • When no ACL rule is configured, all NMSs can access the local device.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    snmp-agent mib-view view-name  { exclude | include } subtree-name [ mask mask ]

    A MIB view is created, and manageable MIB objects are specified.

    By default, an NMS has right to access the objects in the ViewDefault view.

    If both the included and excluded parameters are configured for MIB objects that have an inclusion relationship, whether to include or exclude the lowest MIB object will be determined by the parameter configured for the lowest MIB object. For example, the snmpV2, snmpModules, and snmpUsmMIB objects are from top down in the MIB table. If the excluded parameter is configured for snmpUsmMIB objects and included is configured for snmpV2, snmpUsmMIB objects will still be excluded.

  3. Configure NMS filtering based on community name.
    1. (Optional) Configure the basic ACL.

      Before configuring the access control rights, you must create a basic ACL. For the creation procedure, see ACL Configuration.

    2. Run:

      snmp-agent community { read | write } community-name [ mib-view view-name | acl acl-number ] *

      The NMS's access right are specified.

      By default, the community name is not configured.

      • To grant only the read permission to low-level administrators, specify the parameter read. To grant the read and write permissions to high-level administrators, specify the parameter write.

      • If the NMSs using this community name have the right of the ViewDefault view, the parameter mib-view view-name is not required.

      • If all NMSs using this community name manage specified objects on the managed devices, the parameter acl acl-number is not required.

      • If some NMSs using this community name manage specified objects on the managed devices, the parameters acl and mib-view must be configured.

      NOTE:

      Before specifying the NMS to manage devices with this community name, check the ACL rule. When the ACL rule is permit, the NMS with the source IP address specified in this rule can access the local device. When the ACL rule is deny, the NMS with the source IP address specified in this rule cannot access the local device.

Follow-up Procedure

After the access right are configured, especially after the IP address of the NMS is specified, if the IP address changes (for example, the NMS changes its location, or IP addresses are reallocated due to network adjustment), you need to change the IP address of the NMS in the ACL. Otherwise, the NMS cannot access the device.

(Optional) Configuring the Trap Function

Context

Users can enable the trap function for a specified module. The interface status trap is generated when the interface status changes. You need to enable the trap function for the standard module globally and enable the interface status trap function on the specified interface.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Enable the trap function.

    Enable the trap function for a module.

    • Run:

      snmp-agent trap enable

      The trap function is enabled for all modules.

    • Run:

      snmp-agent trap enable feature-name

      The trap function is enabled for a specified module.

    Enable the trap function for an interface.

    Run:

    snmp-agent trap enable feature-name ifnet trap-name { linkdown | linkup }

    The trap function is enabled on all interfaces.

    By default, the trap function is disabled on all interfaces. When parameters linkdown and linkup are configured for all ifnet modules, the device sends a trap to the NMS upon an interface status change. When an interface frequently sends traps to the NMS because of frequent status changes, you can disable the interface status trap function on the interface to reduce the NMS loads. The procedure is as follows:

    1. Run:

      interface interface-type interface-number

      The interface view is displayed.

    2. Run:

      undo enable snmp trap updown

      The interface status trap function is disabled.

    3. Run:

      quit

      Return to the system view.

  3. Run:

    snmp-agent trap source interface-type interface-number

    The source interface for traps is specified.

    After the source interface is specified, the IP address of the source interface is used as the source IP address for sending traps. This helps the NMS identify the trap source. The source interface that sends traps must have an IP address; otherwise, the commands will fail to take effect. To ensure device security, it is recommended that you set the source IP address to the local loopback address.

    The source interface specified on the access point for traps must be consistent with that specified on the NMS; otherwise, the NMS does not accept the traps sent from the access point.

  4. Run:

    snmp-agent trap queue-size size

    The queue length of traps sent to the destination host is set.

    The default queue length of traps sent to the destination host is 100.

    The queue length depends on the number of generated traps. If the access point frequently sends traps to the NMS, set a longer queue length to prevent traps from being lost.

  5. Run:

    snmp-agent trap life seconds

    The lifetime of traps is set.

    The default lifetime of traps is 120 seconds.

    The lifetime of each trap depends on the number of generated traps. If the access point frequently sends traps to the NMS, set a longer lifetime to prevent traps from being lost.

(Optional) Enabling the SNMP Extended Error Code Function

Context

This section describes how to enable the extended error code function on the SNMP agent when both the NMS and managed device are Huawei products. After this function is enabled, more types of error codes are provided to help you locate and rectify faults quickly and accurately.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    snmp-agent extend error-code enable

    The extended error code function is enabled on the SNMP agent.

    By default, SNMP sends standard error codes. It can send extended error codes to the NMS only after the extended error code function is enabled.

Checking the Configuration

Prerequisites

The configurations of basic SNMPv2c functions are complete.

Procedure

  • Run the display snmp-agent community { read | write } command to check the configured community name.
  • Run the display snmp-agent sys-info version command to check the enabled SNMP version.
  • Run the display acl acl-number command to check the ACL rules.
  • Run the display snmp-agent mib-view command to check the MIB view.
  • Run the display snmp-agent sys-info contact command to check the equipment administrator's contact information.
  • Run the display snmp-agent sys-info location command to check the location of the access point.
  • Run the display current-configuration | include trap command to check trap configuration.
  • Run the display snmp-agent trap all command to check current and default status of all traps in all features.
  • Run the display snmp-agent trap-source command to check the source interface for sending traps.
  • Run the display snmp-agent target-host command to check information about the target host.
  • Run the display snmp-agent extend error-code status command to check whether the function that the device sends extended error codes to the NMS is enabled.

Configuring a Device to Communicate with an NMS by Running SNMPv3

After SNMPv3 is configured, a managed device and an NMS can run SNMPv3 to communicate with each other. To ensure communication, you need to configure the agent and NMS. This section describes the configuration on a managed device (the agent side). For details about configuration on an NMS, see the pertaining NMS operation guide.

Pre-configuration Tasks

Before configuring a device to communicate with an NMS by running SNMPv3, configure a routing protocol to ensure that at least one route exist between access point and NMS.

Procedure

When you configure the device to communicate with the NMS using SNMPv3, Configuring Basic SNMPv3 Functions is mandatory and optional steps can be performed in any sequence.

After the SNMP basic functions are configured, the NMS can communicate with managed devices.
  • The access permission of the NMS that uses the configured user name is Viewdefault view. The internet MIB (OID: 1.3.6.1) and the lagMIB (OID: 1.2.840.10006.300.43) can be operated in this view.

  • The managed device sends traps generated by the modules that are enabled by default to the NMS.

The following lists the enhanced management functions:
Configuring Basic SNMPv3 Functions

Context

For the configuration of basic SNMP functions, 1, 3, 5, 6, 7, 8, 9 and 10 are mandatory steps. After the configurations are complete, the NMS and managed device can communicate with each other.

Precaution

The security levels from the highest to the lowest must be trap host security, user security, and user group security.

Among the security levels, privacy has the highest level and none has the lowest level. The security level description is as follows:
  • privacy: authentication and encryption
  • authentication: only authentication
  • none: no authentication and no encryption

If the security level of a user group is privacy, the security levels of user and trap host must be privacy. If the security level of a user group is authentication, the security levels of user and trap host can be privacy or authentication.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. (Optional) Run:

    snmp-agent

    The SNMP agent function is enabled.

    By default, the SNMP agent function is disabled. Executing the snmp-agent command can enable the SNMP agent function no matter whether parameters are specified in the command.

  3. Run:

    snmp-agent sys-info version v3

    The SNMP version is configured.

    By default, SNMPv3 is enabled.

  4. (Optional) Run:

    snmp-agent local-engineid engineid

    An engine ID is set for the local SNMP entity.

    By default, the device automatically generates an engine ID using the internal algorithm. The engine ID is composed of enterprise number and the device information.

    If the local engine ID is set or changed, the existing SNMPv3 user will be deleted.

  5. Run:

    snmp-agent group v3 group-name { authentication | noauth  | privacy }

    An SNMPv3 user group is configured.

    If the NMS or network devices are in an insecure environment (for example, the network is vulnerable to attacks), authentication or privacy can be configured in the command to enable data authentication or privacy.

  6. Run:

    snmp-agent usm-user version v3 user-name [ group group-name | acl acl-number ] *

    A user is added to the SNMPv3 user group.

  7. Run:

    snmp-agent usm-user version v3 user-name authentication-mode { md5 | sha }

    The authentication password of the SNMPv3 user is added.

    NOTE:

    SHA algorithm is recommended to improve data transmission security.

  8. Run:

    snmp-agent usm-user version v3 user-name privacy-mode { aes128 | des56 }

    The password of the SNMPv3 user is added.

    NOTE:

    AES128 algorithm is recommended to improve data transmission security.

  9. Run:

    snmp-agent target-host trap-paramsname paramsname v3 securityname securityname { authentication | noauthnopriv | privacy } [ binding-private-value ][ private-netmanager ]

    Parameters for sending trap messages are set.

  10. Run:

    snmp-agent target-host trap-hostname hostname address ipv4-addr [ udp-port udp-portid ] trap-paramsname paramsname

    The destination host for receiving trap messages and error codes is specified.

    Note the following when running the command:

    • The default destination UDP port number is 162. To ensure secure communication between the NMS and managed devices, run the udp-port command to change the UDP port number to a non-well-known port number.

  11. (Optional) Run:

    snmp-agent sys-info { contact contact | location location }

    The equipment administrators contact information or location is configured.

    By default, the vendor's contact information is "R&D Shenzhen, Huawei Technologies Co.,Ltd.". The default location is "Shenzhen China".

    This step is required for the NMS administrator to view contact information and locations of the equipment administrator when the NMS manages many devices. This helps the NMS administrator to contact the equipment administrators for fault location and rectification.

    To configure both the equipment administrators contact information and location, run the snmp-agent sys-info command twice.

(Optional) Restricting Management Rights of the NMS

Context

When multiple NMSs in the same SNMPv3 user group manage one device, perform this configuration based on the site requirements.

Scenario

Steps

All NMSs in this SNMPv3 user group have the right of the ViewDefault view.

No action required

Specified NMSs in this SNMPv3 user group have the right of the ViewDefault view.

1, 2, 4 (based on the user group)

1, 5, 6 (based on the user)

1, 2, 4, 5, 6 (based on the user group and user)

All NMSs in this SNMPv3 user group manage specified objects on the managed devices.

1, 3, 4

Specified NMSs in this SNMPv3 user group manage specified objects on the managed devices.

1, 2, 3, 4 (based on the user group)

1, 3, 4, 5, 6 (based on the user)

1, 2, 3, 4, 5, 6 (based on the user group and user)

When an ACL is used to control the NMS access rights, the constraints are as follows:
  • When the ACL rule is permit, the NMS with the source IP address specified in this rule can access the local device.

  • When the ACL rule is deny, the NMS with the source IP address specified in this rule cannot access the local device.

  • If a packet matches no ACL rule, the NMS that sends the packet cannot access the local device.

  • When no ACL rule is configured, all NMSs can access the local device.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Configure a basic ACL for an SNMP user group to filter the NMS that does not match the ACL.

    For the creation procedure, see ACL Configuration.

  3. Run:

    snmp-agent mib-view view-name  { exclude | include } subtree-name [ mask mask ]

    A MIB view is created, and manageable MIB objects are specified.

    By default, an NMS has right to access the objects in the ViewDefault view.

    If both the included and excluded parameters are configured for MIB objects that have an inclusion relationship, whether to include or exclude the lowest MIB object will be determined by the parameter configured for the lowest MIB object. For example, the snmpV2, snmpModules, and snmpUsmMIB objects are from top down in the MIB table. If the excluded parameter is configured for snmpUsmMIB objects and included is configured for snmpV2, snmpUsmMIB objects will still be excluded.

  4. Run:

    snmp-agent group v3 group-name { authentication | noauth | privacy } [ read-view read-view | write-view write-view | notify-view notify-view | acl acl-number ] *

    The write-read right is configured for a user group.

    By default, the read-only view of an SNMP group is the ViewDefault view, and the names of the read-write view and inform view are not specified.

    To configure the NMS to receive traps specified by notify-view, you must first configure the destination host for receiving traps.

  5. Configure a basic ACL for an SNMP user to filter the NMS that does not match the ACL.

    For the creation procedure, see "ACL Configuration" in the FATAP, Cloud AP Huawei Wireless Access Points Configuration Guide-Security.

  6. Run:

    snmp-agent usm-user version v3 user-name [ group group-name | acl acl-number ] *

    Authentication and encryption are configured for SNMPv3 users in the specified user group.

    • To allow all NMSs using the same SNMPv3 user name to access the agent, omit the parameter acl.

    • To allow specified NMSs to use this user name to access the agent, configure the parameter acl.

Follow-up Procedure

After the access right are configured, especially after the IP address of the NMS is specified, if the IP address changes (for example, the NMS changes its location, or IP addresses are reallocated due to network adjustment), you need to change the IP address of the NMS in the ACL. Otherwise, the NMS cannot access the device.

(Optional) Configuring the Trap Function

Context

Users can enable the trap function for a specified module. The interface status trap is generated when the interface status changes. You need to enable the trap function for the standard module globally and enable the interface status trap function on the specified interface.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Enable the trap function.

    Enable the trap function for a module.

    • Run:

      snmp-agent trap enable

      The trap function is enabled for all modules.

    • Run:

      snmp-agent trap enable feature-name

      The trap function is enabled for a specified module.

    Enable the trap function for an interface.

    Run:

    snmp-agent trap enable feature-name ifnet trap-name { linkdown | linkup }

    The trap function is enabled on all interfaces.

    By default, the trap function is disabled on all interfaces. When parameters linkdown and linkup are configured for all ifnet modules, the device sends a trap to the NMS upon an interface status change. When an interface frequently sends traps to the NMS because of frequent status changes, you can disable the interface status trap function on the interface to reduce the NMS loads. The procedure is as follows:

    1. Run:

      interface interface-type interface-number

      The interface view is displayed.

    2. Run:

      undo enable snmp trap updown

      The interface status trap function is disabled.

    3. Run:

      quit

      Return to the system view.

  3. Run:

    snmp-agent trap source interface-type interface-number

    The source interface for traps is specified.

    After the source interface is specified, the IP address of the source interface is used as the source IP address for sending traps. This helps the NMS identify the trap source. The source interface that sends traps must have an IP address; otherwise, the commands will fail to take effect. To ensure device security, it is recommended that you set the source IP address to the local loopback address.

    The source interface specified on the access point for traps must be consistent with that specified on the NMS; otherwise, the NMS does not accept the traps sent from the access point.

  4. Run:

    snmp-agent trap queue-size size

    The queue length of traps sent to the destination host is set.

    The default queue length of traps sent to the destination host is 100.

    The queue length depends on the number of generated traps. If the access point frequently sends traps to the NMS, set a longer queue length to prevent traps from being lost.

  5. Run:

    snmp-agent trap life seconds

    The lifetime of traps is set.

    The default lifetime of traps is 120 seconds.

    The lifetime of each trap depends on the number of generated traps. If the access point frequently sends traps to the NMS, set a longer lifetime to prevent traps from being lost.

(Optional) Enabling the SNMP Extended Error Code Function

Context

This section describes how to enable the extended error code function on the SNMP agent when both the NMS and managed device are Huawei products. After this function is enabled, more types of error codes are provided to help you locate and rectify faults quickly and accurately.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    snmp-agent extend error-code enable

    The extended error code function is enabled on the SNMP agent.

    By default, SNMP sends standard error codes. It can send extended error codes to the NMS only after the extended error code function is enabled.

Checking the Configuration

Prerequisites

The configurations of basic SNMPv3 functions are complete.

Procedure

  • Run the display snmp-agent usm-user [ user-name ] command to check user information.
  • Run the display snmp-agent group [ group-name ] command to view information about the SNMP user group.
  • Run the display snmp-agent sys-info version command to check the enabled SNMP version.
  • Run the display acl acl-number command to check the ACL rules.
  • Run the display snmp-agent mib-view command to check the MIB view.
  • Run the display snmp-agent sys-info contact command to check the equipment administrator's contact information.
  • Run the display snmp-agent sys-info location command to check the location of the access point.
  • Run the display current-configuration | include trap command to check trap configuration.
  • Run the display snmp-agent trap all command to check current and default status of all traps in all features.
  • Run the display snmp-agent trap-source command to check the source interface for sending traps.
  • Run the display snmp-agent target-host command to check information about the target host.
  • Run the display snmp-agent extend error-code status command to check whether the function that the device sends extended error codes to the NMS is enabled.
Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 115719

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next