No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - System Management 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - System Management
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Device to Communicate with an NMS Using SNMPv3 USM User

Configuring a Device to Communicate with an NMS Using SNMPv3 USM User

After SNMPv3 is configured, a managed device and an NMS can run SNMPv3 to communicate with each other. To ensure communication, you need to configure the agent and NMS. This section only describes the configuration on a managed device (the agent side). For details about configurations on an NMS, see the NMS operation guide.

Usage Scenario

The NMS manages a device by the following ways:
  • Sends requests to the managed device to perform the GetRequest, GetNextRequest, GetResponse, GetBulk, or SetRequest operation, obtaining data or setting values.

  • Receives alarms (traps or informs) from the managed device to locate and handle device faults based on the alarm information.

After completing the following configuration task, an NMS can manage a device using the preceding methods. To perform refined management, such as access control and specifying a module that can send traps, reference the configuration procedure.

Pre-configuration Tasks

Before configuring a device to communicate with an NMS using SNMPv3 USM User, configure a routing protocol to ensure that at least one route exists between the router and NMS.

Configuration Procedures

Figure 16-6 Flowchart for configuring a device to communicate with an NMS using SNMPv3 USM User

Configuring Basic SNMPv3 Functions

After basic SNMP functions are configured, the NMS can perform basic operations, such as Get and Set operations on the managed device, and the managed device can send alarms to the NMS.

Context

The NMS can communicate with managed devices after basic SNMPv3 functions have been configured.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run snmp-agent password min-length min-length

    The minimum SNMP password length is configured.

    After this command is run, the length of a configured SNMP password must be longer than or equal to the minimum SNMP password length.

  3. (Optional) Run snmp-agent

    The SNMP agent function is enabled.

    This step is optional because the SNMP agent function is enabled by running any snmp-agent command, irrespective of whether any parameter is specified.

  4. (Optional) Run snmp-agent udp-port port-number

    The port number monitored by the SNMP agent is changed.

  5. (Optional) Run snmp-agent sys-info version v3

    The SNMP version is set.

  6. Run snmp-agent group v3 group-name { authentication | privacy | noauthentication } [ read-view read-view | write-view write-view | notify-view notify-view ] * [ acl { acl-number | acl-name } ]

    An SNMPv3 user group is configured.

    If the NMS and network devices are in an insecure environment (for example, the network is vulnerable to attacks), authentication or privacy can be configured in the command to enable data authentication or privacy.

    The available authentication and privacy modes are as follows:
    • No authentication and no privacy: Neither authentication nor privacy or noauthentication is configured in the command. This mode is applicable to secure networks managed by a specified administrator.

    • Authentication without privacy: Only authentication is configured in the command. This mode is applicable to secure networks managed by many administrators who may frequently perform operations on the same device. In this mode, only the authenticated administrators can access the managed device.

    • Authentication and privacy: Both authentication and privacy is configured in the command. This mode is applicable to insecure networks managed by many administrators who may frequently perform operations on the same device. In this mode, only the authenticated administrators can access the managed device, and transmitted data is encrypted to guard against tampering and data leaking.

    read-view needs to be configured in the command if the NMS administrator needs the read permission in a specified view in some cases. For example, a low-level administrator needs to read certain data.

    write-view needs to be configured in the command if the NMS administrator needs the read and write permissions in a specified view in some cases. For example, a high-level administrator needs to read and write certain data.

    notify-view needs to be configured in the command if you want to filter out irrelevant alarms and configure the managed device to send only the alarms of specified MIB objects to the NMS. If the parameter is configured, only the alarms of the MIB objects specified by notify-view is sent to the NMS.

  7. Run the following commands as needed:

    • On an IPv4 network, a managed device can send alarms in Inform or trap mode.

      NOTE:

      The difference between alarms in trap and Inform modes is as follows:

      • A managed device does not need to receive a response from the NMS when sending an alarm in trap mode. Therefore, no remote engine ID needs to be configured on the managed device.

      • A managed device needs to receive a response from the NMS when sending an alarm in Inform mode. Therefore, specify the NMS engine ID on the managed device. The remote engine ID must be the same as the engine ID of the destination host that receives the alarm. If the managed device receives no response from the NMS within a timeout period, it resends the alarm until a response is returned or the number of alarms reaches the configured upper limit.

        The managed device sends the alarm in Inform mode and records an alarm log at the same time. If the NMS or a link fails, the NMS can synchronize alarms generated during this period after the fault is rectified.

      Therefore, the alarm in Inform mode is more reliable than that in trap mode. However, a device needs to cache massive alarm messages and consume a great number of memory resources due to the retransmission mechanism.

      If the network environment is stable, sending alarms in trap mode is recommended. If device resources are sufficient and the network environment is unstable, sending alarms in Inform mode is recommended.

      The same destination host cannot be configured for Inform and trap messages. If the Inform and trap messages share the same destination host, the latest configuration overrides the previous configuration.

      Configure an alarm in trap mode.
      1. Run snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } password [ privacy-mode { des56 | 3des168 | aes128 | aes192 | aes256 } password ] ] [ acl { acl-number | acl-name } ]

        An SNMP USM user is configured, and an authentication mode, an encryption mode, and passwords are set for the SNMP USM user.

      2. Run snmp-agent target-host [ host-name host-name ] trap address udp-domain ip-address [ [ udp-port port-number ] | [ source interface-type interface-number ] | [ public-net | vpn-instance vpn-instance-name ] ] * params securityname { security-name [ v3 [ authentication | privacy ] ] | private-netmanager | ext-vb | notify-filter-profile profile-name } ]*

        A destination host to which a device sends traps and error codes is specified.

      Configure an alarm in Inform mode.

      1. Run snmp-agent remote-engineid remote-engineid-name usm-user v3 user-name group-name [ authentication-mode { md5 | sha } password [ privacy-mode { des56 | 3des168 | aes128 | aes192 | aes256 } password ] ] [ acl { acl-number | acl-name } ]

        An SNMP USM user is configured, and an authentication mode, an encryption mode, and passwords are set for the SNMP USM user.

      2. Run snmp-agent target-host [ host-name host-name ] inform address udp-domain ip-address [ [ udp-port port-number ] | [ source interface-type interface-number ] | [ public-net | vpn-instance vpn-instance-name ] ] * params securityname { security-name { v3 [ authentication | privacy ] } } [ ext-vb | notify-filter-profile profile-name | private-netmanager ] *

        A destination host to which a device sends Inform alarms and error codes is specified.

    • On an IPv6 network, only trap alarms can be configured.
      1. Run snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } password [ privacy-mode { des56 | 3des168 | aes128 | aes192 | aes256 } password ] ] [ acl { acl-number | acl-name } ]

        An SNMP USM user is configured, and an authentication mode, an encryption mode, and passwords are set for the SNMP USM user.

      2. Run snmp-agent target-host [ host-name host-name ] trap ipv6 address udp-domain ipv6-address [ udp-port port-number | source interface-type interface-number ] * params securityname { security-name [ v3 [ authentication | privacy ] | private-netmanager | ext-vb | notify-filter-profile profile-name ] * }

        A destination host to which a device sends traps and error codes is specified.

    The following parameters can be configured as needed:

    • udp-port needs to be configured to change the default UDP port number of 162 to a non-well-known port number to meet special requirements.

    • public-net needs to be configured to allow a device that an NMS manages to send traps through a public network to the NMS. Alternatively, vpn-instance vpn-instance-name needs to be configured to allow the device that an NMS manages to send traps through a private network to the NMS.

    • securityname needs to be configured to identify a source device that sends traps.

    • private-netmanager needs to be configured to allow alarm messages to carry more information when the NMS and a device that the NMS manages are both Huawei devices. Alarm messages can carry alarm types, sequence number, and time when a message was sent. The information helps rectify faults.

    • notify-filter-profile needs to be configured to allow a device to send desired alarms to the NMS host, which reduces irrelevant alarms and speeds up fault identification. notify-view needs to be configured to allow the alarm filter policy to take effect when you configure a user group.

    he configured passwords must meet the password complexity requirements. To disable the password complexity check, run the snmp-agent usm-user password complexity-check disable command. Do not disable the password complexity check because the function improves system security.

    To improve system security, it is recommended to configure different authentication and encryption passwords for an SNMP USM user.

  8. (Optional) Run snmp-agent sys-info { contact contact | location location }

    The device administrator contact information or location is configured.

    This step is required for the NMS administrator to view contact information and locations of the device administrator when the NMS manages many devices. This helps the NMS administrator contact the device administrators for fault location and rectification.

  9. (Optional) Run snmp-agent packet max-size byte-count

    The maximum size of an SNMP packet that the device can receive or send is set.

    After the maximum size is set, the device discards any SNMP packet that is larger than the set size.

  10. (Optional) Run snmp-agent extend error-code enable

    The extended error code function is enabled.

  11. Run snmp-agent set-cache enable

    The SET Response message caching function is enabled.

  12. (Optional) Run snmp-agent get-cache disable

    The GET response message caching function is disabled.

  13. (Optional) Run snmp-agent get-cache age-out age-out

    An aging period is configured for the GET response message caching function.

  14. (Optional) Configure SNMP to receive and respond to NMS request packets. To achieve this, run one or more of the following commands as needed:

    • Run snmp-agent protocol source-interface interface-type interface-number

      A source interface is configured for SNMP to receive and respond to NMS request packets.

    • Run snmp-agent protocol ipv6 source-ip ip-address

      A source IPv6 address is configured for SNMP to receive and respond to NMS request packets.

    • Configure SNMP to receive and respond to NMS request packets through a VPN instance or public network.
      • For an IPv4 network, run the snmp-agent protocol { vpn-instance vpn-instance-name | public-net } command.
      • For an IPv6 network, run the snmp-agent protocol ipv6 { vpn-instance vpn-instance-name | public-net } command.

  15. (Optional) Run snmp-agent local-engineid engineid

    An engine ID for the local SNMP entity is seted.

    The MAC address of the management interface on the main control board is used as device information.

    NOTE:
    To improve system security, run the snmp-agent packet contextengineid-check enable command to check whether the contextEngineID is consistent with the local engine ID.

  16. (Optional) Run snmp-agent protocol get-bulk timeout time

    The get-bulk operation timeout period is configured.

    You are not advised to change the get-bulk operation timeout period. The default get-bulk operation timeout period is recommended. To reconfigure a get-bulk operation timeout period, you must ensure that the configured period is less than an NMS's timeout period.

  17. (Optional) Run snmp-agent protocol server [ ipv4 | ipv6 ] disable

    The SNMP IPv4 or IPv6 listening port is disabled.

    After you disable the SNMP IPv4 or IPv6 listening port using the snmp-agent protocol server disable command, SNMP no longer processes SNMP packets. Exercise caution when you disable the SNMP IPv4 or IPv6 listening port.

  18. Run commit

    The configuration is committed.

Follow-up Procedure

After the steps, basic communication is established between the NMS and managed device.
  • Access control allows any NMS in the configured SNMPv3 user group to monitor and manage all the objects on the managed device.

  • The managed device sends alarms generated by the modules that are open by default to the NMS.

If finer device management is required, follow directions below to configure the managed device:

(Optional) Controlling the NMS's Access to the Device

This section describes how to specify an NMS and manageable MIB objects for SNMPv3-based communication between the NMS and managed device to improve communication security.

Context

If a device is managed by multiple NMSs that are in the same SNMPv3 user group, note the following points:
  • If all the NMSs need to have rights to access the objects in the Viewdefault view, skip the following steps.

  • If some of the NMSs need to have rights to access the objects in the Viewdefault view, skip 6 and 8.

  • If all the NMSs are required to manage specified objects on the device, skip 2, 3, 5, 4, and 5.

  • If some of the NMSs are required to manage specified objects on the device, perform all the following steps.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run acl { name basic-acl-name { basic | [ basic ] number basic-acl-number } | [ number ] basic-acl-number } [ match-order { config | auto } ]

    A basic ACL is created to filter the NMS users to manage the device.
    NOTE:

    SNMP supports only basic ACLs whose numbers range from 2000 to 2999.

  3. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | [ vpn-instance vpn-instance-name | vpn-instance-any ] ] *

    A rule is configured for the basic ACL.

    • If the address of a login user matches an ACL rule in which the specified action is permit, the user is allowed to log in to the device.

    • If the address of a login user matches an ACL rule in which the specified action is deny, the user is not allowed to log in to the device.

    • If the address of a login user is not within the address range specified in an ACL rule, the login of the user is denied.

    • If the ACL does not contain any rules or does not exist, the login of users is not subject to the ACL, and users can log in to the device.

  4. Run commit

    The configuration is committed.

  5. Run quit

    Return to the system view.

  6. Run snmp-agent mib-view { excluded | included } view-name oid-tree

    A MIB view is created, and manageable MIB objects are specified.

    • excluded: If a few MIB objects on the device or some objects in the current MIB view do not or no longer need to be managed by the NMS, excluded needs to be specified in the command to exclude these MIB objects.

    • included: If a few MIB objects on the device or some objects in the current MIB view need to be managed by the NMS, included needs to be specified in the command to include these MIB objects.

  7. (Optional) Run snmp-agent acl { acl-number | acl-name }

    SNMP protocol level ACL is configured.

    By executing the snmp-agent acl command, you can control the user access.

  8. Run snmp-agent group v3 group-name { authentication | privacy | noauthentication } [ read-view read-view | write-view write-view | notify-view notify-view ] * [ acl { acl-number | acl-name } ]

    An SNMPv3 user group is configured.

    If the NMS and network devices are in an insecure environment (for example, the network is vulnerable to attacks), authentication or privacy can be configured in the command to enable data authentication or privacy.

    The available authentication and privacy modes are as follows:
    • No authentication and no privacy: Neither authentication nor privacy or noauthentication is configured in the command. This mode is applicable to secure networks managed by a specified administrator.

    • Authentication without privacy: Only authentication is configured in the command. This mode is applicable to secure networks managed by many administrators who may frequently perform operations on the same device. In this mode, only the authenticated administrators can access the managed device.

    • Authentication and privacy: Both authentication and privacy is configured in the command. This mode is applicable to insecure networks managed by many administrators who may frequently perform operations on the same device. In this mode, only the authenticated administrators can access the managed device, and transmitted data is encrypted to guard against tampering and data leaking.

    read-view needs to be configured in the command if the NMS administrator needs the read permission in a specified view in some cases. For example, a low-level administrator needs to read certain data.

    write-view needs to be configured in the command if the NMS administrator needs the read and write permissions in a specified view in some cases. For example, a high-level administrator needs to read and write certain data.

    notify-view needs to be configured in the command if you want to filter out irrelevant alarms and configure the managed device to send only the alarms of specified MIB objects to the NMS. If the parameter is configured, only the alarms of the MIB objects specified by notify-view is sent to the NMS.

  9. Run commit

    The configuration is committed.

Follow-up Procedure

After the access rights are configured, especially after the IP address of the NMS is specified, if the IP address changes (for example, the NMS changes its location, or IP addresses are reallocated due to network adjustment), you need to change the IP address of the NMS in the ACL. Otherwise, the NMS cannot access the device.

(Optional) Configuring the Trap Function

The device can be configured to send specified traps to the NMS, which facilitates fault locating. To enhance the trap transmission security, specify parameters for sending traps.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run snmp-agent trap enable

    The device is enabled to send traps to the NMS.

  3. Run snmp-agent trap enable feature-name feature-name trap-name trap-name

    The device is enabled to send a specified trap of a feature to the NMS.

    NOTE:
    If the snmp-agent trap enable command has been run to enable the trap functions of all modules, or the snmp-agent trap enable feature-name command has been run to enable three or more trap functions of a module, note the following points:
    • To disable the trap functions of all modules, run the snmp-agent trap disable command.

    • To restore the trap functions of all modules to the default status, run the undo snmp-agent trap enable or undo snmp-agent trap disable command.

    • To disable one trap function of a module, run the undo snmp-agent trap enable feature-name command.

    • To delete all the trap function configurations of a feature in a one-click manner, run the clear configuration snmp-agent trap enable command.

  4. Run snmp-agent trap source interface-type interface-number

    The source interface for sending traps is specified.

    After a source interface is specified, its IP address is used as the source IP address of traps. Configuring the IP address of the local loopback interface as the source interface is recommended, which can ensure device security.

    The source interface of traps specified on the router must be the same as that specified on the NMS. Otherwise, the NMS does not accept the traps sent from the router.

  5. Run snmp-agent trap source-port port-number

    The number of the source port that sends trap messages has been specified.

    To improve network security, configure a specific source port to send trap messages. Therefore, the user terminal's firewall filters packets based on the port number.

  6. Run snmp-agent trap type { base-trap | entity-trap }

    The format of traps sent to the NMS is set.

    This command is supported only on the Admin-VS.

  7. Run commit

    The configuration is committed.

(Optional) Configuring the Inform Function

The router enabled with the SNMP agent function can generate two types of notifications: trap messages and Inform messages. Trap messages are messages alerting the NMS to a condition on the network. Inform messages are trap messages that include a request for confirmation of receipt from the NMS (Inform messages are resent until a reply is received). Inform messages are more reliable than trap messages.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run snmp-agent trap enable

    Alarm sending is enabled.

  3. Run snmp-agent trap enable feature-name feature-name trap-name trap-name

    A trap function of a feature module is enabled. This means that an alarm of a specified feature can be sent to the NMS.

    NOTE:
    If the snmp-agent trap enable command has been run to enable the trap functions of all modules, or the snmp-agent trap enable feature-name command has been run to enable three or more trap functions of a module, note the following points:
    • To disable the trap functions of all modules, run the snmp-agent trap disable command.

    • To restore the trap functions of all modules to the default status, run the undo snmp-agent trap enable or undo snmp-agent trap disable command.

    • To disable one trap function of a module, run the undo snmp-agent trap enable feature-name command.

  4. (Optional) Run snmp-agent inform { timeout seconds | resend-times times | pending number } *

    The timeout period for waiting for inform Ack messages, number of times to resend Inform messages, and the maximum pieces of pending Inform messages (Inform messages need to be acknowledged) are set.

    NOTE:

    If the network is unstable, you need to increase the timeout period. At the same time, you need to increase the number of times to resend Inform messages and the maximum count of pending Inform messages.

  5. Run snmp-agent inform { timeout seconds | resend-times times } * [ host-name host-name | address udp-domain ip-address [ vpn-instance vpn-instance-name ] params securityname { security-name | cipher cipher-name } ]

    The timeout period for waiting for inform Ack messages and the number of times to resend Inform messages are set.

  6. Run snmp-agent notification-log enable

    The alarm logging function is enabled.

    If the link between a managed device and the NMS is faulty, the managed device stops sending Inform messages to the NMS but continues recording alarm logs. After the link recovers, the NMS obtains alarm logs generated during the fault period from the managed device.

    The alarm logging function logs only Inform messages.

  7. Run snmp-agent notification-log { global-ageout ageout | global-limit limit } *

    The aging time of alarm logs and maximum number of inform logs that can be stored in the log buffer are set.

    If the aging time expires, inform logs are automatically deleted.

    Newer inform logs replace the oldest ones.

  8. Run commit

    The configuration is committed.

(Optional) Configuring SNMPv3 Anti-Attack

To defense against a user's attack on other users' passwords, configuring the SNMPv3 blacklist function to improve security.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run undo snmp-agent blacklist ip-block disable

    The blacklist function for an IP address is enabled.

  3. Run undo snmp-agent blacklist user-block disable

    The blacklist function for an SNMPv3 user is enabled.

  4. Run snmp-agent blacklist user-block failed-times failed-times period period-time

    The maximum number of consecutive authentication failures allowed for an SNMPv3 user is configured.

  5. Run snmp-agent blacklist user-block reactive reactive-time

    The locking period for an SNMPv3 user is configured after the user's authentication failures exceed a specified number of consecutive times.

    After the period of time elapses, the user is automatically unlocked and can continue to be authenticated.

    To unlock users during the locking period, run the snmp-agent activateusm-user user-name [ remote-engineid remote-engineid ] command.

  6. Run commit

    The configuration is committed.

Verifying the Configuration for a Device to Communicate with an NMS Using SNMPv3 USM User

After configuring basic SNMPv3 functions, verify the configuration.

Prerequisites

Basic SNMPv3 functions have been configured.

Procedure

  • Run the display snmp-agent usm-user [ engineid engineid | group group-name | username user-name ] * command to check user information.
  • Run the display snmp-agent sys-info version command to check the enabled SNMP version.
  • Run the display acl acl-number command to check the rules in the specified ACL.
  • Run the display snmp-agent mib-view command to check the MIB view.
  • Run the display snmp-agent mib-view command to check information about a loaded MIB file.
  • Run the display snmp-agent sys-info contact command to check the device administrator's contact information.
  • Run the display snmp-agent sys-info location command to check the location of the router.
  • Run the display current-configuration | include max-size command to check the allowable maximum size of an SNMP packet.
  • Run the display current-configuration | include trap command to check trap configuration.
  • Run the display snmp-agent target-host command to check information about the target host.
  • Run the display snmp-agent inform [ host-name host-name | [ address udp-domain ip-address [ vpn-instance vpn-instance-name ] params securityname security-name ] ] command to check inform parameters of all target hosts or a specified target host and information about host statistics.
  • Run the display snmp-agent vacmgroup command to check all the configured View-based Access Control Model (VACM) groups.

Example

Run the display snmp-agent usm-user command. The command output shows SNMP user information.
<HUAWEI> display snmp-agent usm-user
   User name: John
       Engine ID: 800007DB03360102101100 active
       Authentication Protocol: sha
       Privacy Protocol: des56
       Group name: group1
       State: Active

Run the display snmp-agent sys-info version command. The command output shows the SNMP version running on the agent.
<HUAWEI> display snmp-agent sys-info version
 SNMP version running in the system:
           SNMPv3
Run the display acl acl-number command. The command output shows the rules in the specified ACL.
<HUAWEI> display acl 2000
Basic ACL  2000, 1 rule
ACL's step is 5
 rule 5 permit source 1.1.1.1 0 (0 times matched)
Run the display snmp-agent mib-view command. The command output shows the MIB view.
<HUAWEI> display snmp-agent mib-view
View name: ViewDefault
       MIB Subtree: internet
       Subtree mask: F0(Hex)
       Storage-type: nonVolatile
       View Type: included
       View status: active

   View name: ViewDefault
       MIB Subtree: snmpCommunityMIB
       Subtree mask: FE(Hex)
       Storage-type: nonVolatile
       View Type: excluded
       View status: active

   View name: ViewDefault
       MIB Subtree: snmpUsmMIB
       Subtree mask: FE(Hex)
       Storage-type: nonVolatile
       View Type: excluded
       View status: active

   View name: ViewDefault
       MIB Subtree: snmpVacmMIB
       Subtree mask: FE(Hex)
       Storage-type: nonVolatile
       View Type: excluded
       View status: active

Run the display snmp-agent mib modules command. The command output shows the information about a loaded MIB file.

<HUAWEI> display snmp-agent mib modules
BGP4-MIB:
    resource : allmibs_mib.bin
    mib      : bgp4-mib.mib

DISMAN-PING-MIB:
    resource : allmibs_mib.bin
    mib      : disman-ping-mib.mib

DISMAN-TRACEROUTE-MIB:
    resource : allmibs_mib.bin
    mib      : disman-traceroute-mib.mib
Run the display snmp-agent sys-info contact command. The command output shows the device administrator's contact information.
<HUAWEI> display snmp-agent sys-info contact
   The contact person for this managed node:
           R&D Beijing, Huawei Technologies co.,Ltd.
Run the display snmp-agent sys-info location command. The command output shows the location of the device.
<HUAWEI> display snmp-agent sys-info location
   The physical location of this node:
           Beijing China  

Run the display current-configuration | include max-size command. The command output shows the allowable maximum size of an SNMP packet.

<HUAWEI> display current-configuration | include max-size
 snmp-agent packet max-size 1800

Run the display current-configuration | include trap command. The command output shows trap configuration.

<HUAWEI> display current-configuration | include trap
 snmp-agent trap source GigabitEthernet0/1/1
snmp-agent target-host host-name targetHost_1_25846 trap ipv6 address udp-domain
 1:1::1:1 udp-port 111 params securityname cipher %#%#yowoL2.\8~LKL5*|k[h'3`Nv:DX;Y-$tU=SWNu[*%#%#
snmp-agent target-host host-name targetHost_2_51321 trap address udp-domain 1.1.
1.1 params securityname cipher %#%#[7SCH}$<HX.vZ8%7YS3L:IsCPA^LbRRK-`/6"i"$%#%#
snmp-agent trap enable
Run the display snmp-agent target-host command. The command output shows information about the target host.
<HUAWEI> display snmp-agent target-host
Target-host NO. 1
---------------------------------------------------------------------------
  Host-name                        : targetHost_1_55062
  IP-address                       : 10.18.27.183
  Source interface                 : -
  VPN instance                     : -
  Security name                    : Huawei-1234
  Port                             : 162
  Type                             : inform
  Version                          : v3
  Level                            : No authentication and privacy
  NMS type                         : NMS
  With ext-vb                      : No
  Notification filter profile name : -
---------------------------------------------------------------------------

Target-host NO. 2
---------------------------------------------------------------------------
  Host-name                        : targetHost_2_25846
  IP-address                       : 10.18.27.184
  Source interface                 : -
  VPN instance                     : -
  Security name                    : Huawei-1234
  Port                             : 162
  Type                             : trap
  Version                          : v3
  Level                            : No authentication and privacy
  NMS type                         : NMS
  With ext-vb                      : No
  Notification filter profile name : -
---------------------------------------------------------------------------

Run the display snmp-agent inform command. The command output shows the configuration of inform notifications.

<HUAWEI> display snmp-agent inform
Global config: resend-times 3, timeout 15s, pending 39
Global status: current notification count 0
Target-host ID: Host name/VPN instance/IP-Address/Security name
targetHost-/-/1.2.1.2/%#%#yowoL2.\8~LKL5*|k[h'3`Nv:DX;Y-$tU=SWNu[*%#%#:
    Config: resend-times 3, timeout 15s
    Status: retries 0, pending 0, sent 0, dropped 0, failed 0, confirmed 0

Run the display snmp-agent vacmgroup command to view VACM groups.

<HUAWEI> display snmp-agent vacmgroup
--------------------------------------------------
Security name  : john
Group name     : johngroup
Security model : USM
--------------------------------------------------
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055400

Views: 14540

Downloads: 26

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next