No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - System Management 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - System Management
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring SNMP Proxy Using User-Defined Parameter Settings

Configuring SNMP Proxy Using User-Defined Parameter Settings

This section describes how to configure Simple Network Management Protocol (SNMP) proxy using user-defined parameter settings.

Usage Scenario

As shown in Figure 16-10, a middle-point device and the cabinet control unit (CCU) of a managed device are placed in an outdoor cabinet. The middle-point device needs to communicate management information between the network management station (NMS) and managed device, so that the NMS can manage the configurations and system software version of the managed device.
Figure 16-10 Networking diagram for configuring SNMP proxy using default parameter settings

If you want to use the NMS to manage the master device and the monitored device in a unified manner, deploy SNMP proxy on the master device. The NMS considers the master device and the monitored device as a virtual management unit, which significantly reduces the number of NEs to be managed by the NMS. This saves network management costs, monitors device running performance in real time, and improves service quality.

If you do not want the middle-point device to communicate with the managed device based on default parameter settings, configure SNMP proxy using user-defined parameter settings. After you configure SNMP proxy, the middle-point device communicates with the managed device based on the user-defined parameter settings.

Pre-configuration Tasks

Before you configure SNMP proxy using user-defined parameter settings, configure a routing protocol, so that the NMS, middle-point device, and managed device can communicate.

Precautions

In this type of SNMP proxy configuration, you must configure SNMP on the managed device.

Configuration Procedures

Figure 16-11 Flowchart for configuring SNMP proxy using user-defined parameter settings

Configuring the Middle-Point Device

This section describes how to use user-defined parameter settings to configure Simple Network Management Protocol (SNMP) proxy on the middle-point device.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run snmp-agent password min-length min-length

    The minimum SNMP password length is configured.

    After this command is run, the length of a configured SNMP password must be longer than or equal to the minimum SNMP password length.

  3. Configure SNMP proxy, as shown in Table 16-2. The configuration tasks listed in Table 16-2 do not need to be performed in sequence.

    Table 16-2 SNMP proxy configuration tasks

    Configuration Task

    Command

    Description

    Configure proxy rules for SNMP packets.

    • For GetRequest protocol data units (PDUs), SetRequest PDUs, and traps: snmp-agent proxy rule rule-name { read | trap | write } remote-engineid remote-engineid target-host target-host-name params-in securityname { security-name { v1 | v2c | v3 [ authentication | privacy ] } | cipher cipher-text { v1 | v2c } }
    • For informs: snmp-agent proxy rule rule-name inform remote-engineid remote-engineid target-host target-host-name params-in securityname { security-name { v2c | v3 [ authentication | privacy ] } | cipher cipher-text v2c }

    To enable an NMS to effectively manage a managed device, perform this operation to configure attributes of the target hosts for receiving SNMP proxy packets so that the middle-point device can filter out SNMP packets that do not match the specified attributes, you must correctly configure proxy rules for SNMP packets and ensure that these proxy rules are unique on the middle-point device.

    If you specify neither authentication nor privacy, SNMPv3 packets are neither authenticated nor encrypted.

    Create an SNMP proxy community.

    snmp-agent proxy community { community-name | cipher cipher-name } remote-engineid remote-engineid [ acl { acl-number | acl-name } | alias alias-name ] *

    An SNMP proxy community defines administrative relationships between NMSs and managed devices. The community name acts like a password to regulate access to a managed device. An NMS can access a managed device only if the community name carried in the SNMP request sent by the NMS is the same as the community name configured on the managed device.

    This operation applies only to SNMPv1 and SNMPv2c.

    Configure attributes of the target hosts for receiving SNMP proxy packets.

    • For an IPv4 network: snmp-agent proxy target-host target-host-name address udp-domain ip-address udp-port port-number [ source interface-type interface-number | { vpn-instance vpn-instance-name | public-net } | timeout timeout-interval ]* params securityname { security-name { v1 | v2c | v3 [ authentication | privacy ] } | cipher cipher-text { v1 | v2c } }
    • For an IPv6 network: snmp-agent proxy target-host target-host-name ipv6 address udp-domain ipv6-address udp-port port-number [ timeout timeout-interval ] params securityname { security-name { v1 | v2c | v3 [ authentication | privacy ] } | cipher cipher-text { v1 | v2c } }

    To enable the middle-point device to forward SNMP requests from the network management system (NMS) to the managed device and forward responses from the managed device to the NMS.

    • The target host may be either the NMS or the managed device.
    • You can run this command multiple times with different parameters set to configure a middle-point device to send SNMP proxy packets to multiple NMSs.
    • The default number of the destination User Datagram Protocol (UDP) port is 162, a well-known port number. If you want to change this number to a non-well-known port number, ensure that the new UDP port number is the same as that on the NMS.
    • If you specify neither authentication nor privacy, SNMPv3 packets are neither authenticated nor encrypted.
    • If the NMS and managed device need to communicate over a virtual private network (VPN), use the vpn-instance vpn-instance-name parameter.

    Create an SNMP proxy user.

    snmp-agent remote-engineid remote-engineid-name usm-user v3 user-name group-name authentication-mode { md5 | sha | sha2 } password privacy-mode { des56 | 3des168 | aes128 | aes192 | aes256 } password [ acl { acl-number | acl-name } ]

    SNMPv1 and SNMPv2c use community names for authentication, whereas SNMPv3 uses user names for authentication.

    Unlike SNMPv1 or SNMPv2c, SNMPv3 can implement access control, identity authentication, and data encryption using the local processing model and user-based security model (USM).

    SNMPv3 provides better security and encryption mechanisms than SNMPv1 and SNMPv2c, and is therefore widely used.

    This operation applies only to SNMPv3.

    (Optional) Configure the priority of SNMP packets.

    snmp-agent packet-priority { snmp | trap } priority-level

    Change the priority of SNMP packets in the following scenarios if necessary:
    • Increase the priority of notifications to ensure that the NMS receives them.
    • Increase the priority of GetResponse and SetResponse PDUs to facilitate management operations performed in the management information base (MIB) of a managed device by the NMS.
    • Reduce the priority of GetResponse PDUs, SetResponse PDUs, and notifications to prevent frequent packet sending when network congestion occurs.

  4. Run commit

    The configuration is committed.

Configuring the Managed Device

This section describes how to configure the Simple Network Management Protocol (SNMP) on the managed device, so that the managed device can communicate with the network management station (NMS).

Context

Verifying the Configuration of SNMP Proxy Using User-Defined Parameter Settings

After configuring SNMP proxy using user-defined parameters, verify the SNMP configuration on the managed device and check whether the middle-point device communicates with the managed device based on user-defined parameter settings.

Prerequisites

SNMP proxy has been configured using user-defined parameter settings.

Procedure

Example

The following examples use the middle-point device.

Run the display snmp-agent proxy community to view SNMP proxy community information.

<HUAWEI> display snmp-agent proxy community
   Proxy Community name : %@%@qDJdYS^]U~8#TCS4'"(%,"vm%@%@
       Remote engine ID : 01120025602101 active
       Alias name       : huawei
       Acl              : 2000
       Storage-type     : nonVolatile

   Proxy Community name : %@%@.yk)1|[~^.cpqZ/O(C}V,md[%@%@
       Remote engine ID : 01120025602101 active
       Storage-type     : nonVolatile 

Run the display snmp-agent proxy rule command to view proxy rules for SNMP packets.

<HUAWEI> display snmp-agent proxy rule
   Proxy Rule name : snmpv3_proxy@ccu
       Type             : read
       Remote engine ID : 01120025602101
       Host name        : tarter-host-v3
       Security name    : @%@%q83G98]}f!GZ-)97sO]K,5,#@%@%
       Version          : v3
       Level            : Authentication

Run the display snmp-agent proxy target-host command to view target host information.

<HUAWEI> display snmp-agent proxy target-host
Proxy target-host NO. 1
-----------------------------------------------------------
  Host-name        : target-host-v3
  IP-address       : 192.168.1.1
  Port             : 162
  Timeout          : 15
  Source interface : -
  VPN instance     : -
  Security name    : @%@%q83G98]}f!GZ-)97sO]K,5,#@%@%
  Version          : v3
  Level            : Authentication
----------------------------------------------------------- 
Run the display snmp-agent usm-user command to check SNMPv3 user information.
<HUAWEI> display snmp-agent usm-user
   User name : snmpv3_proxy@ccu
       Remote engine ID        : 01120025602101 active
       Authentication protocol : None
       Privacy protocol        : None
       Acl                     : 2000
       State                   : Active

Run the display snmp-agent proxy statistics command to view statistics about SNMP proxy packets.

<HUAWEI> display snmp-agent proxy statistics
 0 Messages delivered to the SNMP proxy
 0 GetResponse-PDU accepted and processed
 0 Trap-PDU accepted and processed
 0 Inform-PDU accepted and processed
 0 GetRequest-PDU accepted and processed
 0 GetNextRequest-PDU accepted and processed
 0 GetBulkRequest-PDU accepted and processed
 0 SetRequest-PDU accepted and processed
 0 Proxy messages are dropped
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055400

Views: 14629

Downloads: 26

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next