No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R012C00 NETCONF YANG API Reference

This document describes the NETCONF YANG API functions supported by the switch, including the data model and samples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SNMP

SNMP

This section describes the configuration model of SNMP and provides examples of XML packets.

Data Model

The following lists SNMP configuration model files:
  • ietf-snmp.yang
  • ietf-snmp-engine.yang
  • ietf-snmp-target.yang
  • ietf-snmp-notification.yang
  • ietf-snmp-community.yang
  • ietf-snmp-usm.yang
  • ietf-snmp-vacm.yang
  • huawei-snmp.yang
Table 2-301  Configuration objects of SNMP

Object

Description

Value

Remarks

/ietf-snmp:snmp/engine/enabled Indicates whether the SNMP agent function is enabled on a switch. The value is of the enumerated type:
  • true: The SNMP agent function is enabled.
  • false: The SNMP agent function is disabled.
By default, the SNMP agent function is disabled on a switch.
  • Enable the SNMP agent function before configuring the SNMP function.
  • Delete all SNMP configurations before disabling the SNMP agent function.
/ietf-snmp:snmp/engine/listen/name Indicates the name of a switch. The value is a string of 1 to 32 case-sensitive characters.

This object is of no real significance and needs to have a valid value. Configure this object when /ietf-snmp:snmp/engine/listen/transport/udp/port is configured.

/ietf-snmp:snmp/engine/listen/transport/udp/ip Indicates the IP address of a switch. The value must be a valid IPv4 address in dotted decimal notation.

This object is of no real significance and needs to have a valid value. Configure this object when /ietf-snmp:snmp/engine/listen/transport/udp/port is configured.

/ietf-snmp:snmp/engine/listen/transport/udp/port Indicates the UDP port that the switch uses to communicate with the NMS. The value is an integer that can be 161 or ranges from 1025 to 65535. The default value is 161. Configure /ietf-snmp:snmp/engine/listen/name and /ietf-snmp:snmp/engine/listen/transport/udp/ip simultaneously when this object is configured.
/ietf-snmp:snmp/engine/version/v1 Indicates that SNMPv1 is enabled on a switch. By default, SNMPv3 is enabled on a switch, and multiple SNMP versions can be enabled simultaneously on a switch. This object does not need any data configuration.

N/A

/ietf-snmp:snmp/engine/version/v2c Indicates that SNMPv2c is enabled on a switch. By default, SNMPv3 is enabled on a switch, and multiple SNMP versions can be enabled simultaneously on a switch. This object does not need any data configuration.

N/A

/ietf-snmp:snmp/engine/version/v3 Indicates that SNMPv3 is enabled on a switch. By default, SNMPv3 is enabled on a switch, and multiple SNMP versions can be enabled simultaneously on a switch. This object does not need any data configuration.

N/A

/ietf-snmp:snmp/engine/engine-id Indicates the ID of the SNMP agent engine. The value is a hexadecimal string that consists of 10 to 64 characters separated by colons (:). It cannot be all 0s or all Fs. For example: 80:00:07:DB:03:00:01:00:02:00:B1.

Delete all SNMPv3 users on the switch before configuring or modifying this object.

/ietf-snmp:snmp/engine/enable-authen-traps Indicates whether the function of sending traps to the NMS in the case of community authentication failures is enabled. The value is of the enumerated type:
  • true: The function is enabled.
  • false: The function is disabled.
By default, this function is disabled.

N/A

/ietf-snmp:snmp/community/index Indicates the index of the SNMP community. The value is a string of 1 to 32 case-sensitive characters.

This object is of no real significance and needs to have a valid value. Configure this object when /ietf-snmp:snmp/community/text-name is configured.

/ietf-snmp:snmp/community/security-name Indicates the SNMP community security name. The value is a string of 1 to 32 case-sensitive characters.

This object is of no real significance and needs to have a valid value. Configure this object when /ietf-snmp:snmp/community/text-name is configured.

/ietf-snmp:snmp/community/text-name Indicates the SNMP community.
The value is a string of 8 to 32, 44, 56, 80, or 88 case-sensitive characters without spaces.
  • If the string is enclosed in double quotation marks (" "), the string can contain spaces.
  • If the community is a string of 8 to 32 characters, the string is processed as plain text by default and will be encrypted.
  • If the community is a string of 32, 44, 56, 80, or 88 characters, the string is processed as cipher text by default, and the system will determine whether the string can be parsed.
  • Configure /ietf-snmp:snmp/community/index and /ietf-snmp:snmp/community/security-name simultaneously when this object is configured.
  • The value of text-name must be unique for different index.
  • By default, complexity check on SNMP community names is enabled. A community name must contain at least two types of the following characters: uppercase letters, lowercase letters, digits, and special characters excluding question marks (?), and the minimum length is the length of a password in plaintext allowed by the device. You can use the /ietf-snmp:snmp/huawei-snmp:complexity-check object to disable complexity check on SNMP community names. However, if a community name does not meet complexity requirements, the system is prone to attacks from malicious users, affecting device security. Therefore, it is recommended to enable complexity check on SNMP community names.
/ietf-snmp:snmp/community/huawei-snmp:authority Indicates the permission of an SNMP community. The value is of the enumerated type:
  • read-only: The community has the read-only right
  • read-write: The community has the read-write right
The default value is read-only.
N/A
/ietf-snmp:snmp/huawei-snmp:complexity-check Indicates whether complexity check on SNMP community is enabled. The value is of the Boolean type:
  • true: complexity check on SNMP community is enabled.
  • false: complexity check on SNMP community is disabled.
The default value is true.
N/A
/ietf-snmp:snmp/notify-filter-profile/name Indicates the name of a filter profile. The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/ietf-snmp:snmp/notify-filter-profile/include Indicates a MIB subtree that can be accessed by a filter profile. The value is a string of 1 to 255 case-sensitive characters without spaces. The value can be:
  • Root object OID of a MIB subtree, for example: 1.4.5.3.1.
  • Root object name of a MIB subtree, for example: system.
  • It must be a valid MIB subtree.
  • If a single object in the OID has two and more digits, it cannot start from 0. For example, 1.3.6.1.4.1.2011 can be set, but 1.3.6.1.4.1.02011 is not allowed.
  • The MIB subtree cannot be the same as that configured for the exclude object in the same filter profile.
/ietf-snmp:snmp/notify-filter-profile/exclude Indicates a MIB subtree that cannot be accessed by a filter profile. The value is a string of 1 to 255 case-sensitive characters without spaces. The value can be:
  • Root object OID of a MIB subtree, for example: 1.4.5.3.1.
  • Root object name of a MIB subtree, for example: system.
  • It must be a valid MIB subtree.
  • If a single object in the OID has two and more digits, it cannot start from 0. For example, 1.3.6.1.4.1.2011 can be set, but 1.3.6.1.4.1.02011 is not allowed.
  • The MIB subtree cannot be the same as that configured for the include object in the same filter profile.
/ietf-snmp:snmp/target/name Indicates the name of the NMS. The value is a string of 1 to 32 case-sensitive characters.

This object is of no real significance and needs to have a valid value. Configure this object when /ietf-snmp:snmp/target/transport/udp/udp/ip is configured.

/ietf-snmp:snmp/target/transport/udp/udp/ip Indicates the IP address of the NMS. The value is in dotted decimal notation.

N/A

/ietf-snmp:snmp/target/transport/udp/udp/port Indicates the UDP port that the NMS users to communicate with the switch. The value is an integer that ranges from 0 to 65535. The default value is 162.

N/A

/ietf-snmp:snmp/target/target-params Indicates the name of the SNMP parameter set on the NMS. The value is a string of 1 to 32 case-sensitive characters.

This object is mandatory when an NMS is configured.

/ietf-snmp:snmp/target-params/params/v1/v1/security-name Indicates the switch security name displayed on the NMS when the switch and NMS communicate using SNMPv1. The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces. This parameter is used to identify the switches that send traps to the NMS.
/ietf-snmp:snmp/target-params/params/v2c/v2c/security-name Indicates the switch security name displayed on the NMS when the switch and NMS communicate using SNMPv2c. The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces. This parameter is used to identify the switches that send traps to the NMS.
/ietf-snmp:snmp/target-params/params/usm/usm/user-name Indicates the user security name displayed on the NMS when the switch and NMS communicate using SNMPv3. The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces. This parameter needs to be configured on the switch and NMS. If the NMS wants to receive traps from the switch, the user name must be authenticated and encrypted.
/ietf-snmp:snmp/target-params/params/usm/usm/security-level Indicates the security level of an SNMPv3 user security name. The value is of the enumerated type:
  • no-auth-no-priv: indicates that the user security name neither need to be authenticated nor encrypted.
  • auth-no-priv: indicates that the user security name only needs to be authenticated.
  • auth-priv: indicates that the user security name needs to be authenticated and encrypted.
N/A
/ietf-snmp:snmp/target-params/notify-filter-profile Indicates the name of a filter profile applied to the NMS. The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces. The trap filter profile must be configured during or before the application.
/ietf-snmp:snmp/usm/local/user/name Indicates an SNMPv3 user name. The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces. N/A
/ietf-snmp:snmp/usm/local/user/huawei-snmp:acl Indicates the ACL that an SNMPv3 user needs to match.
  • The value is an integer that ranges from 2000 to 3999.
  • The value is a string of 1 to 64 case-sensitive characters without spaces and must start with a letter.
It must be an existing ACL.
/ietf-snmp:snmp/usm/local/user/auth/protocol/md5/md5/key Indicates the password for HMAC-MD5-96 authentication. The value is a hexadecimal ASCII string separated by colons (:), for example: 48:75:61:77:65:69:40:31:32:33. The string after conversion contains 8 to 64 characters.
  • After the object value is converted to a string, the string must be a combination of two or more of the following: uppercase letters, lowercase letters, digits, and special characters, excluding question marks (?) and spaces.
  • This object and /ietf-snmp:snmp/usm/local/user/auth/protocol/sha/sha/key cannot be configured simultaneously.
  • Delete the encryption algorithm and password before deleting the authentication password.
/ietf-snmp:snmp/usm/local/user/auth/protocol/sha/sha/key Indicates the password for HMAC-SHA-96 authentication. The value is a hexadecimal ASCII string separated by colons (:), for example: 48:75:61:77:65:69:40:31:32:33. The string after conversion contains 8 to 64 characters.
  • After the object value is converted to a string, the string must be a combination of two or more of the following: uppercase letters, lowercase letters, digits, and special characters, excluding question marks (?) and spaces.
  • This object and /ietf-snmp:snmp/usm/local/user/auth/protocol/md5/md5/key cannot be configured simultaneously.
  • Delete the encryption algorithm and password before deleting the authentication password.
/ietf-snmp:snmp/usm/local/user/priv/protocol/des/des/key Indicates the password for DES-56 or 3DES algorithm. The value is a hexadecimal ASCII string separated by colons (:), for example: 48:75:61:77:65:69:40:31:32:33. The string after conversion contains 8 to 64 characters.
  • After the object value is converted to a string, the string must be a combination of two or more of the following: uppercase letters, lowercase letters, digits, and special characters, excluding question marks (?) and spaces.
  • Configure the authentication password before the encryption password is configured.
  • This object and /ietf-snmp:snmp/usm/local/user/priv/protocol/des/des/huawei-snmp:algorithm must be configured simultaneously.
  • This object and /ietf-snmp:snmp/usm/local/user/priv/protocol/aes/aes/key cannot be configured simultaneously.
/ietf-snmp:snmp/usm/local/user/priv/protocol/des/des/huawei-snmp:algorithm Indicates the encryption algorithm. The value is of the enumerated type:
  • des56: DES56
  • 3des: 3DES
N/A
/ietf-snmp:snmp/usm/local/user/priv/protocol/aes/aes/key Indicates the password for the AES-128, AES-192, or AES-256 encryption algorithm. The value is a hexadecimal ASCII string separated by colons (:), for example: 48:75:61:77:65:69:40:31:32:33. The string after conversion contains 8 to 64 characters.
  • After the object value is converted to a string, the string must be a combination of two or more of the following: uppercase letters, lowercase letters, digits, and special characters, excluding question marks (?) and spaces.
  • Configure the authentication password before the encryption password is configured.
  • This object and /ietf-snmp:snmp/usm/local/user/priv/protocol/aes/aes/huawei-snmp:algorithm must be configured simultaneously.
  • This object and /ietf-snmp:snmp/usm/local/user/priv/protocol/des/des/key cannot be configured simultaneously.
/ietf-snmp:snmp/usm/local/user/priv/protocol/aes/aes/huawei-snmp:algorithm Indicates the encryption algorithm. The value is of the enumerated type:
  • aes128: AES128
  • aes192: AES192
  • aes256: AES256
N/A
/ietf-snmp:snmp/vacm/view/name Indicates the name of a MIB view. The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces. N/A
/ietf-snmp:snmp/vacm/view/include Indicates a MIB subtree that can be accessed by a trap filter profile. The value is a string of 1 to 255 case-sensitive characters without spaces. The value can be:
  • Root object OID of a MIB subtree, for example: 1.4.5.3.1.
  • Root object name of a MIB subtree, for example: system.
  • It must be a valid MIB subtree.
  • If a single object in the OID has two and more digits, it cannot start from 0. For example, 1.3.6.1.4.1.2011 can be set, but 1.3.6.1.4.1.02011 is not allowed.
  • The same MIB subtree cannot be configured to the exclude object on the same trap filter profile.
/ietf-snmp:snmp/vacm/view/exclude Indicates a MIB subtree that cannot be accessed by a trap filter profile. The value is a string of 1 to 255 case-sensitive characters without spaces. The value can be:
  • Root object OID of a MIB subtree, for example: 1.4.5.3.1.
  • Root object name of a MIB subtree, for example: system.
  • It must be a valid MIB subtree.
  • If a single object in the OID has two and more digits, it cannot start from 0. For example, 1.3.6.1.4.1.2011 can be set, but 1.3.6.1.4.1.02011 is not allowed.
  • The same MIB subtree cannot be configured to the include object on the same trap filter profile.
/ietf-snmp:snmp/vacm/group/name Indicates the name of an SNMPv3 user group. The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces. N/A
/ietf-snmp:snmp/vacm/group/access/context Indicates the context applicable to access rights. The value is a string of 0 to 32 case-sensitive characters. Configure this object when the SNMPv3 user group is configured.
/ietf-snmp:snmp/vacm/group/access/security-model Indicates the security mode of an SNMPv3 user group. The value is usm. Configure this object when the SNMPv3 user group is configured.
/ietf-snmp:snmp/vacm/group/access/security-level Indicates the security level of an SNMPv3 user group. The value is of the enumerated type:
  • no-auth-no-priv: indicates that the user group name neither needs to be authenticated nor encrypted.
  • auth-no-priv: indicates that the user group name only needs to be authenticated.
  • auth-priv: indicates that the user group name needs to be authenticated and encrypted.
N/A
/ietf-snmp:snmp/vacm/group/access/read-view Indicates the name of a MIB view with read-only permission applied to the SNMPv3 user group. The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces. N/A
/ietf-snmp:snmp/vacm/group/access/write-view Indicates the name of a MIB view with read and write permission applied to the SNMPv3 user group. The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces. N/A
/ietf-snmp:snmp/vacm/group/access/notify-view Indicates the name of a MIB view with notification permission applied to the SNMPv3 user group. The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces. N/A
/ietf-snmp:snmp/vacm/group/access/huawei-snmp:acl Indicates the ACL that an SNMPv3 user group needs to match.
  • The value is an integer that ranges from 2000 to 3999.
  • The value is a string of 1 to 64 case-sensitive characters without spaces and must start with a letter.
It must be an existing ACL.
/ietf-snmp:snmp/vacm/group/member/security-name Indicates the name of an SNMPv3 user in the user group. The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces. It must be an existing SNMPv3 user.
/ietf-snmp:snmp/vacm/group/member/security-model Indicates the security mode of an SNMPv3 user in the user group. The value is usm. N/A
/ietf-snmp:snmp/huawei-snmp:acl Indicates the ACL for controlling an NMS that can access the switch.
  • The value is an integer that ranges from 2000 to 3999.
  • The value is a string of 1 to 64 case-sensitive characters without spaces and must start with a letter.
It must be an existing ACL.
/ietf-snmp:snmp/huawei-snmp:mms Indicates the maximum size of SNMP packets received and sent by the switch. The value is an integer that ranges from 484 to 17940, in bytes. The default value is 12000. N/A
/ietf-snmp:snmp/huawei-snmp:trap-enable Indicates whether the switch sends Trap messages of all modules to the NMS. The value is of the Boolean type:
  • default-type: Whether the switch sends Trap messages of all modules to the NMS is restored to the default settings.
  • enable-all: The switch sends Trap messages of all modules to the NMS.
  • disable-all: The switch does not send Trap messages of any module to the NMS.
The default value is default-type.
To check whether the switch sends Trap messages of all modules to the NMS, run the display snmp-agent trap all command on the switch.
/ietf-snmp:snmp/huawei-snmp:source-interface Specifies the IP address of an interface as the source IP address of the Trap messages sent to the NMS. The value is a string of characters in the format of interface-typeinterface-number.
  • interface-type: specifies the type of an interface.
  • interface-number: specifies the number of an interface.
The interface must be available on the switch and has an IP address configured.

Configuring an NMS to Manage Switches

This section describes how to configure an NMS to manage switches using the rpc method.

Table 2-302  Configuring an NMS to manage switches

Operation

XPATH

rpc

  • /ietf-snmp:snmp/engine/enabled
  • /ietf-snmp:snmp/notify-filter-profile/name
  • /ietf-snmp:snmp/notify-filter-profile/include
  • /ietf-snmp:snmp/notify-filter-profile/exclude
  • /ietf-snmp:snmp/target/name
  • /ietf-snmp:snmp/target/transport/udp/udp/ip
  • /ietf-snmp:snmp/target/transport/udp/udp/port
  • /ietf-snmp:snmp/target/target-params
  • /ietf-snmp:snmp/target-params/params/usm/usm/user-name
  • /ietf-snmp:snmp/target-params/params/usm/usm/security-level
  • /ietf-snmp:snmp/target-params/notify-filter-profile
Data Requirements

Item

Data

Description

Whether to enable the SNMP agent function on a switch

true

Enable the SNMP agent function on a switch.

Name of an NMS

test

Set the NMS name to test.

IP address of the NMS

10.1.1.1

Set the IP address of the NMS to 10.1.1.1.

UDP port that the switch uses to communicate with the NMS

50

Set UDP port that the switch uses to communicate with the NMS to 50.

Name of the SNMP parameter set on the NMS

abc

Configure the SNMP parameter set abc on the NMS.

User security name displayed on the NMS when the switch and NMS communicate using SNMPv3

abcd

Set the user security name displayed on the NMS when the switch and NMS communicate using SNMPv3 to abcd.

Security level of an SNMPv3 user security name

auth-priv

Set the security level of an SNMPv3 user security name to auth-priv which indicates that the user security name need to be authenticated and encrypted.

Name of a filter profile applied to the NMS

test_profile

Apply the trap filter profile test_profile to the NMS.

MIB subtree that can be accessed by a filter profile

1.3.6.1.4.1.2011.5.2.1.1.1.2

Set the MIB subtree that can be accessed by a trap filter profile to 1.3.6.1.4.1.2011.5.2.1.1.1.2.

MIB subtree that cannot be accessed by a filter profile

1.3.6.1.4.1.2011.5.2.1.1.1.3

Set the MIB subtree that cannot be accessed by a trap filter profile to 1.3.6.1.4.1.2011.5.2.1.1.1.3.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="5" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <snmp:snmp xmlns:snmp="urn:ietf:params:xml:ns:yang:ietf-snmp">
        <snmp:engine>
          <snmp:enabled>true</snmp:enabled>
        </snmp:engine>
        <snmp:target>
          <snmp:name>test</snmp:name>
          <snmp:udp>
            <snmp:ip>10.1.1.1</snmp:ip>
            <snmp:port>50</snmp:port>
          </snmp:udp>
          <snmp:target-params>abc</snmp:target-params>
        </snmp:target>
        <snmp:target-params>
          <snmp:name>abc</snmp:name>
          <snmp:usm>
            <snmp:user-name>abcd</snmp:user-name>
            <snmp:security-level>auth-priv</snmp:security-level>
          </snmp:usm>
          <snmp:notify-filter-profile>test_profile</snmp:notify-filter-profile>
        </snmp:target-params>
        <snmp:notify-filter-profile>
          <snmp:name>test_profile</snmp:name>
          <snmp:include>1.3.6.1.4.1.2011.5.2.1.1.1.2</snmp:include>
          <snmp:exclude>1.3.6.1.4.1.2011.5.2.1.1.1.3</snmp:exclude>
        </snmp:notify-filter-profile>
      </snmp:snmp>
    </config>
  </edit-config>
</rpc>
Response Example
# Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
  <ok/>
</rpc-reply>
# Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node/ietf-snmp:snmp/engine/enabled</error-info>
  </rpc-error>
</rpc-reply>

Configuring an SNMPv3 User and User Group

This section describes how to configure an SNMPv3 user and user group using the rpc method.

Table 2-303  Configuring an SNMPv3 user and user group

Operation

XPATH

rpc

  • /ietf-snmp:snmp/engine/enabled
  • /ietf-snmp:snmp/usm/local/user/name
  • /ietf-snmp:snmp/usm/local/user/auth/protocol/md5/md5/key
  • /ietf-snmp:snmp/usm/local/user/priv/protocol/des/des/key
  • /ietf-snmp:snmp/usm/local/user/priv/protocol/des/des/huawei-snmp:algorithm
  • /ietf-snmp:snmp/vacm/view/name
  • /ietf-snmp:snmp/vacm/view/include
  • /ietf-snmp:snmp/vacm/view/exclude
  • /ietf-snmp:snmp/vacm/group/name
  • /ietf-snmp:snmp/vacm/group/access/context
  • /ietf-snmp:snmp/vacm/group/access/security-model
  • /ietf-snmp:snmp/vacm/group/access/security-level
  • /ietf-snmp:snmp/vacm/group/access/read-view
  • /ietf-snmp:snmp/vacm/group/access/notify-view
  • /ietf-snmp:snmp/vacm/group/member/security-name
  • /ietf-snmp:snmp/vacm/group/member/security-model
Data Requirements

Item

Data

Description

Whether to enable the SNMP agent function on a switch

true

Enable the SNMP agent function on a switch.

SNMPv3 user name

test

Configure an SNMPv3 user named test.

Authentication password of an SNMPv3 user

48:75:61:77:65:69:40:31:32:33

Set the authentication protocol of an SNMPv3 user to HMAC-MD5-96, and the authentication password to 48:75:61:77:65:69:40:31:32:33.

Encryption password of an SNMPv3 user

48:75:61:77:65:69:40:31:32:34

Set the encryption password of an SNMPv3 user to 48:75:61:77:65:69:40:31:32:34.

Encryption algorithm of an SNMPv3 user

des56

Set the encryption algorithm of an SNMPv3 user to DES-56.

Name of an SNMPv3 user group

ssq

Configure an SNMPv3 user group named ssq.

Context applicable to access rights

1

Set the context applicable to access rights to 1.

Security mode of an SNMPv3 user group

usm

Set the security mode of an SNMPv3 user group to usm.

Security level of an SNMPv3 user group

auth-priv

Set the name security level of an SNMPv3 user group to auth-priv.

Name of a MIB view with read-only permission applied to the SNMPv3 user group

test_view

Apply the MIB view test_view with read-only permission to the SNMPv3 user group.

Name of a MIB view with notification permission applied to the SNMPv3 user group

test_view

Apply the MIB view test_view with notification permission to the SNMPv3 user group.

MIB subtree that can be accessed by a MIB view

1.3.6.1.2.1.1

Set the MIB subtree that can be accessed by a MIB view to 1.3.6.1.2.1.1.

MIB subtree that cannot be accessed by a MIB view

1.3.6.1.2.1.2

Set the MIB subtree that cannot be accessed by a MIB view to 1.3.6.1.2.1.2.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="3" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <snmp:snmp xmlns:snmp="urn:ietf:params:xml:ns:yang:ietf-snmp">
        <snmp:engine>
          <snmp:enabled>true</snmp:enabled>
        </snmp:engine>
        <snmp:usm>
          <snmp:local>
            <snmp:user>
              <snmp:name>test</snmp:name>
              <snmp:auth>
                <snmp:md5>
                  <snmp:key>48:75:61:77:65:69:40:31:32:33</snmp:key>
                </snmp:md5>
              </snmp:auth>
              <snmp:priv>
                <snmp:des>
                  <snmp:key>48:75:61:77:65:69:40:31:32:34</snmp:key>
                  <hw-snmp:algorithm xmlns:hw-snmp="urn:huawei:params:xml:ns:yang:huawei-snmp">des56</hw-snmp:algorithm>
                </snmp:des>
              </snmp:priv>
            </snmp:user>
          </snmp:local>
        </snmp:usm>
        <snmp:vacm>
          <snmp:group>
            <snmp:name>ssq</snmp:name>
            <snmp:member>
              <snmp:security-name>test</snmp:security-name>
              <snmp:security-model>usm</snmp:security-model>
            </snmp:member>
            <snmp:access>
              <snmp:context>1</snmp:context>
              <snmp:security-model>usm</snmp:security-model>
              <snmp:security-level>auth-priv</snmp:security-level>
              <snmp:read-view>test_view</snmp:read-view>
              <snmp:notify-view>test_view</snmp:notify-view>
            </snmp:access>
          </snmp:group>
          <snmp:view>
            <snmp:name>test_view</snmp:name>
            <snmp:include>1.3.6.1.2.1.1</snmp:include>
            <snmp:exclude>1.3.6.1.2.1.2</snmp:exclude>
          </snmp:view>
        </snmp:vacm>
      </snmp:snmp>
    </config>
  </edit-config>
</rpc>
Response Example
# Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3">
  <ok/>
</rpc-reply>
# Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node/ietf-snmp:snmp/engine/enabled</error-info>
  </rpc-error>
</rpc-reply>

Configuring an ACL for Controlling NMSs That Can Access the Switch

This section describes how to configure an ACL for controlling NMSs that can access the switch using the rpc method.

Table 2-304  Configuring an ACL for controlling NMSs that can access the switch

Operation

XPATH

rpc

  • /ietf-snmp:snmp/engine/enabled
  • /ietf-snmp:snmp/huawei-snmp:acl
Data Requirements

Item

Data

Description

Whether to enable the SNMP agent function on a switch

true

Enable the SNMP agent function on a switch.

ACL for controlling an NMS that can access the switch

3000

Set the ACL used to control the NMS that can access the switch to 3000.

Request Example
NOTE:

The ACL must already exist. For details about how to configure an ACL, see ACL Rule Management.

<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="10" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <snmp:snmp xmlns:snmp="urn:ietf:params:xml:ns:yang:ietf-snmp">
        <snmp:engine>
          <snmp:enabled>true</snmp:enabled>
        </snmp:engine>
        <hw-snmp:acl xmlns:hw-snmp="urn:huawei:params:xml:ns:yang:huawei-snmp">3000</hw-snmp:acl>
      </snmp:snmp>
    </config>
  </edit-config>
</rpc>
Response Example
# Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="10">
  <ok/>
</rpc-reply>
# Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="10">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node/ietf-snmp:snmp/engine/enabled</error-info>
  </rpc-error>
</rpc-reply>

Configuring the SNMP Version, SNMP Agent Engine ID, and other functions

This section describes how to configure the SNMP version, SNMP agent engine ID, and other functions using the rpc method.

Table 2-305  Configuring the SNMP version, SNMP Agent Engine ID, and other functions

Operation

XPATH

rpc

  • /ietf-snmp:snmp/engine/enabled
  • /ietf-snmp:snmp/engine/listen/name
  • /ietf-snmp:snmp/engine/listen/transport/udp/ip
  • /ietf-snmp:snmp/engine/listen/transport/udp/port
  • /ietf-snmp:snmp/engine/version/v1
  • /ietf-snmp:snmp/engine/engine-id
Data Requirements

Item

Data

Description

Whether to enable the SNMP agent function on a switch

true

Enable the SNMP agent function on a switch.

Name of the switch

test

Set the switch name to test.

IP address of the switch

10.1.1.1

Set the IP address of the switch to 10.1.1.1.

UDP port that the NMS users to communicate with the switch

2000

Set the UDP port that the NMS users to communicate with the switch to 2000.

SNMP version enabled on the switch

v1

Enable SNMPv1 on the switch.

SNMP agent engine ID

80:00:07:DB:03:00:01:00:02:00:B1

Set the SNMP agent engine ID to 80:00:07:DB:03:00:01:00:02:00:B1.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="4" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <snmp:snmp xmlns:snmp="urn:ietf:params:xml:ns:yang:ietf-snmp">
        <snmp:engine>
          <snmp:enabled>true</snmp:enabled>
          <snmp:listen>
            <snmp:name>test</snmp:name>
            <snmp:udp>
              <snmp:ip>10.1.1.1</snmp:ip>
              <snmp:port>2000</snmp:port>
            </snmp:udp>
          </snmp:listen>
          <snmp:version>
            <snmp:v1></snmp:v1>
          </snmp:version>
          <snmp:engine-id>80:00:07:DB:03:00:01:00:02:00:B1</snmp:engine-id>
        </snmp:engine>
      </snmp:snmp>
    </config>
  </edit-config>
</rpc>
Response Example
# Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="4">
  <ok/>
</rpc-reply>
# Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="4">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node/ietf-snmp:snmp/engine/enabled</error-info>
  </rpc-error>
</rpc-reply>

Configuring the Maximum Size of SNMP Packets Received and Sent by the Switch

This section provides a sample of configuring the maximum size of SNMP packets received and sent by the switch using the rpc method.

Table 2-306  Configuring the maximum size of SNMP packets received and sent by the switch

Operation

XPATH

rpc

/ietf-snmp:snmp/huawei-snmp:mms
Data Requirements

Item

Data

Description

Maximum size of SNMP packets received and sent by the switch

484

Set the maximum size of SNMP packets received and sent by the switch to 484 bytes.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="15" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <snmp:snmp xmlns:snmp="urn:ietf:params:xml:ns:yang:ietf-snmp">
        <snmp:engine>
          <snmp:enabled>true</snmp:enabled>
        </snmp:engine>
        <hw-snmp:mms xmlns:hw-snmp="urn:huawei:params:xml:ns:yang:huawei-snmp">484</hw-snmp:mms>
      </snmp:snmp>
    </config>
  </edit-config>
</rpc>
Response Example
# Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
  <ok/>
</rpc-reply>
# Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node/ietf-snmp:snmp/engine/enabled</error-info>
  </rpc-error>
</rpc-reply>

Configuring the Switch to Send Trap Messages of All Modules to the NMS

This section provides a sample of configuring the switch to send trap messages of all modules to the NMS using the rpc method.

Table 2-307  Configuring the switch to send trap messages of all modules to the NMS

Operation

XPATH

rpc

/ietf-snmp:snmp/huawei-snmp:trap-enable
Data Requirements

Item

Data

Description

Whether the switch sends trap messages of all modules to the NMS

enable-all

Configure the switch to send trap messages of all modules to the NMS.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="15" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <snmp:snmp xmlns:snmp="urn:ietf:params:xml:ns:yang:ietf-snmp">
        <snmp:engine>
          <snmp:enabled>true</snmp:enabled>
        </snmp:engine>
        <hw-snmp:trap-enable xmlns:hw-snmp="urn:huawei:params:xml:ns:yang:huawei-snmp">enable-all</hw-snmp:trap-enable>
      </snmp:snmp>
    </config>
  </edit-config>
</rpc>
Response Example
# Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
  <ok/>
</rpc-reply>
# Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node/ietf-snmp:snmp/engine/enabled</error-info>
  </rpc-error>
</rpc-reply>

Configuring the Source IP Address of Trap Messages Sent from the Switch to the NMS

This section provides a sample of configuring the source IP address of Trap messages sent from the switch to the NMS using the rpc method.

Table 2-308  Configuring the source IP address of Trap messages sent from the switch to the NMS

Operation

XPATH

rpc

/ietf-snmp:snmp/huawei-snmp:source-interface
Data Requirements

Item

Data

Description

Source IP address of Trap messages sent from the switch to the NMS

Vlanif5

Specify the IP address of VLANIF interface 5 as the source IP address of the Trap messages sent to the NMS.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="15" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <snmp:snmp xmlns:snmp="urn:ietf:params:xml:ns:yang:ietf-snmp">
        <snmp:engine>
          <snmp:enabled>true</snmp:enabled>
        </snmp:engine>
        <hw-snmp:source-interface xmlns:hw-snmp="urn:huawei:params:xml:ns:yang:huawei-snmp">Vlanif5</hw-snmp:source-interface>
      </snmp:snmp>
    </config>
  </edit-config>
</rpc>
Response Example
# Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
  <ok/>
</rpc-reply>
# Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node/ietf-snmp:snmp/engine/enabled</error-info>
  </rpc-error>
</rpc-reply>

Configuring Complexity Check on SNMP Community

This section provides a sample of configuring complexity check on SNMP community using the rpc method.

Table 2-309  Configuring complexity check on SNMP community

Operation

XPATH

rpc

/ietf-snmp:snmp/huawei-snmp:complexity-check
Data Requirements

Item

Data

Description

Whether complexity check on SNMP community is enabled

true

Enable complexity check on SNMP community.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="15" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <snmp:snmp xmlns:snmp="urn:ietf:params:xml:ns:yang:ietf-snmp">
        <snmp:engine>
          <snmp:enabled>true</snmp:enabled>
        </snmp:engine>
        <hw-snmp:complexity-check xmlns:hw-snmp="urn:huawei:params:xml:ns:yang:huawei-snmp">true</hw-snmp:complexity-check>
      </snmp:snmp>
    </config>
  </edit-config>
</rpc>
Response Example
# Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
  <ok/>
</rpc-reply>
# Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node/ietf-snmp:snmp/engine/enabled</error-info>
  </rpc-error>
</rpc-reply>

Configuring an SNMP Community

This section provides a sample of configuring an SNMP community using the rpc method.

Table 2-310  Configuring an SNMP community name

Operation

XPATH

rpc

  • /ietf-snmp:snmp/engine/enable-authen-traps
  • /ietf-snmp:snmp/community/index
  • /ietf-snmp:snmp/community/text-name
  • /ietf-snmp:snmp/community/security-name
  • /ietf-snmp:snmp/community/huawei-snmp:authority
Data Requirements

Item

Data

Description

Whether to enable the switch to send community authentication failure traps to the NMS

true

Enable the switch to send community name authentication failure traps to the NMS.

Community name index

1

Set the community index to 1.

Community name

root@123

Set the community to root@123.

Community security name

aa

Set the community security to aa.

Permission of the SNMP community

read-write

Set the permission of the SNMP community to read-write.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="15" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <snmp:snmp xmlns:snmp="urn:ietf:params:xml:ns:yang:ietf-snmp">
        <snmp:engine>
          <snmp:enabled>true</snmp:enabled>
          <snmp:enable-authen-traps>true</snmp:enable-authen-traps>
        </snmp:engine>
        <snmp:community>
          <snmp:index>1</snmp:index>
          <snmp:text-name>root@123</snmp:text-name>
          <snmp:security-name>aa</snmp:security-name>
          <hw-snmp:authority xmlns:hw-snmp="urn:huawei:params:xml:ns:yang:huawei-snmp">read-write</hw-snmp:authority>
        </snmp:community>
      </snmp:snmp>
    </config>
  </edit-config>
</rpc>
Response Example
# Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
  <ok/>
</rpc-reply>
# Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node/ietf-snmp:snmp/engine/enabled</error-info>
  </rpc-error>
</rpc-reply>
Translation
Download
Updated: 2018-09-01

Document ID: EDOC1100037962

Views: 6246

Downloads: 8

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next