No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R011C10 Configuration Guide - Network Management and Monitoring

This document provides the configurations of network management and monitoring features supported by the product, including SNMP, RMON, LLDP, NQA, Service Diagnosis, Mirroring, Packet Capture, and sFlow.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Basic SNMPv3 Functions

Configuring Basic SNMPv3 Functions

Context

When you configure a destination IP address for traps and error codes sent from the managed devices, configure the trap or inform function as required.
  • The traps sent by the managed device do not need to be acknowledged by the NMS.

  • The informs sent by the managed device need to be acknowledged by the NMS. If no acknowledgement message is received from the NMS within a specified time period, the managed device resends the inform until the number of retransmissions reaches the maximum.

    When sending an inform to the NMS, the managed device also records the inform in the log. If an inform is sent to the NMS when the NMS or the link between NMS and managed device is faulty, the NMS can still receive the inform after fault recovery.

Informs are more reliable than traps. However, the device may need to buffer many informs because of the inform retransmission mechanism. This buffering may consume a lot of memory resources. If the network is stable, using traps is recommended. If the network is unstable and the device's memory capacity is sufficient, using inform is recommended.

Precaution

When configuring security levels, ensure that the security level of the SNMP user ≥ the security level of the alarm host ≥ the security level of the SNMP user group. SNMPv3 uses the following security levels, which are listed in a descending order:
  • privacy: authentication and encryption
  • authentication: only authentication
  • none: no authentication and no encryption

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Run snmp-agent

    The SNMP agent is enabled.

    By default, the SNMP agent is disabled. Executing the snmp-agent command can enable the SNMP agent, even if no parameter is specified in the command.

  3. (Optional) Run snmp-agent udp-port port-num

    The port number of the SNMP agent is changed.

    The default port number of the SNMP agent is 161.

    This command enhances device security. After this command is run on an SNMP agent connecting to the NMS, ensure that the port number on the NMS is the same as the changed port number. Otherwise, the SNMP agent cannot connect to the NMS.

  4. (Optional) Run snmp-agent sys-info version v3

    The SNMP version is set.

    By default, the device supports SNMPv3.

  5. (Optional) Run snmp-agent local-engineid engineid

    An engine ID is set for the local SNMP entity.

    By default, the device automatically generates an engine ID using the internal algorithm. An engine ID is composed of an enterprise number and device information.

    If you manually set the engine ID, the SNMPv3 user matching the default engine ID is deleted.

    NOTE:

    To improve system security, configure the device to check consistency between the contextEngineID on the NMS and the local engine ID by running the snmp-agent packet contextengineid-check enable command.

  6. Run snmp-agent group v3 group-name { authentication | privacy | noauthentication }

    An SNMPv3 user group is configured.

    If the NMS and device are in an insecure environment (for example, the network is vulnerable to attacks), authentication or privacy can be configured in the command to enable data authentication or privacy.

  7. Configure an SNMPv3 user.

    1. Run the snmp-agent [ remote-engineid engineid ] usm-user v3 user-name [ group group-name | acl { acl-number | acl-name } ] * command to configure an SNMPv3 user.

    2. Run the snmp-agent [ remote-engineid engineid ] usm-user v3 user-name authentication-mode { md5 | sha } [ cipher password ] command to set an authentication password for the SNMPv3 user.

    3. Run the snmp-agent [ remote-engineid engineid ] usm-user v3 user-name privacy-mode { des56 | aes128 |aes192 | aes256 | 3des } [ cipher password ] command to set an encryption password for the SNMPv3 user.

    NOTE:

    By default, none authentication and none encryption is performed on SNMPv3 users. To improve system security, configure an authentication password and encryption password, and ensure that the two passwords are different.

    In addition, you are recommended not to use the MD5 algorithm for SNMPv3 authentication or use the DES56 or 3DES168 algorithm for SNMPv3 encryption.

    By default, the complexity check is enabled for SNMPv3 user passwords. If the password fails in the check, the configuration fails. To ensure device security, you are advised to refrain from using the snmp-agent usm-user password complexity-check disable command to disable the complexity check for SNMPv3 user passwords, and change the password periodically.

  8. Configure the destination IP address for receiving traps and error codes.

    NOTE:

    Before configuring a device to send traps, confirm that the information center has been enabled. The information center can be enabled by running the info-center enable command.

    • When the managed device and NMS reside on an IPv4 network, configure the device to send either traps or informs to the NMS as follows:
      • To configure a destination IP address for the traps and error codes sent from the device, run the snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | [ public-net | vpn-instance vpn-instance-name ] ] * params securityname security-name v3 [ authentication | privacy ] [ private-netmanager | notify-filter-profile profile-name | ext-vb ] * command.

      • To configure a destination IP address for the informs and error codes sent from the device, run the snmp-agent target-host inform address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | [ vpn-instance vpn-instance-name | public-net ] ]* params securityname security-name v3 [ authentication | privacy ] [ notify-filter-profile profile-name | ext-vb ] * command.

    • When the managed device and NMS reside on an IPv6 network, run the snmp-agent target-host trap ipv6 address udp-domain ipv6-address [ udp-port port-number | vpn-instance vpn-instance-name ] * params securityname security-name [ v3 [ authentication | privacy ] | private-netmanager | notify-filter-profile profile-name | ext-vb ] * command to set the target host that receives traps and error codes.

      NOTE:

      An IPv6 network supports only traps, but does not support informs.

    Note the following before running the commands:

    • The default destination UDP port number is 162. To ensure secure communication between the NMS and managed devices, change the UDP port number to a lesser-known port number by running the udp-port command.
    • The security-name parameter identifies the devices that send traps to the NMS.
    • If the NMS and managed devices are both Huawei products, the private-netmanager parameter can be configured to add more information to trap messages to help you locate and solve problems more quickly. The additional information includes trap type, serial number, and sending time.
    NOTE:

    The value of security-name must be the same as the created user name. Otherwise, the NMS cannot access the managed device.

  9. (Optional) Run snmp-agent sys-info { contact contact | location location }

    The device administrator's contact information or location is configured.

    By default, the device administrator's contact information is "R&D Beijing, Huawei Technologies Co., Ltd." and location is "Beijing China."

    This step is required for the NMS administrator to view contact information and locations of the device administrator when the NMS manages many devices. This helps the NMS administrator to contact the device administrator for fault location and rectification.

  10. (Optional) Run snmp-agent packet max-size byte-count

    The maximum size of an SNMP packet that the device can receive and send is set.

    By default, the maximum size of an SNMP packet is 12000 bytes.

    When the size of an SNMP packet is larger than the configured value, the device discards the SNMP packet. To ensure that the NMS can process SNMP packets properly, set the byte-count parameter to the maximum size of an SNMP packet that the NMS can process.

  11. (Optional) Run snmp-agent protocol source-interface interface-type interface-number

    A source interface is configured for receiving and responding to NMS's requests.

    By default, a source interface is randomly selected for receiving and responding to NMS's requests.

    Currently, only a loopback interface can be set as the source interface.

  12. (Optional) Run snmp-agent protocol server [ ipv4 | ipv6 ] disable

    The SNMP IPv4 or IPv6 listening port is disabled.

    By default, the SNMP IPv4 or IPv6 listening port is disabled.

    If ipv4 or ipv6 is not selected, both SNMP IPv4 and IPv6 listening ports are disabled.

    If the managed device only needs to send traps to the NMS but does not need to perform Get/Set operation, SNMP port listening is not required. In this case, run this command so that SNMP no longer processes SNMP packets. Exercise caution when running this command.

Translation
Download
Updated: 2019-10-18

Document ID: EDOC1000178020

Views: 75038

Downloads: 10

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next