SNMP Configuration Commands
- Command Support
- bulk-file
- bulk-stat enable
- clear configuration snmp-agent trap enable
- collect enable
- collect interval
- display bulk-stat
- display snmp-agent
- display snmp-agent community
- display snmp-agent extend error-code status
- display snmp-agent group
- display snmp-agent heartbeat configuration
- display snmp-agent inform
- display snmp-agent mib-view
- display snmp-agent notification-log
- display snmp-agent notify-filter-profile
- display snmp-agent statistics
- display snmp-agent statistics mib
- display snmp-agent sys-info
- display snmp-agent target-host
- display snmp-agent trap all
- display snmp-agent trap feature-name all
- display snmp-agent trap feature-name bulkstat all
- display snmp-agent trap feature-name snmp all
- display snmp-agent usm-user
- enable snmp trap updown
- format (bulk file view)
- object
- reset snmp-agent statistics mib
- snmp-agent
- snmp-agent acl
- snmp-agent community
- snmp-agent community complexity-check disable
- snmp-agent extend error-code enable
- snmp-agent group
- snmp-agent heartbeat enable
- snmp-agent heartbeat interval
- snmp-agent inform
- snmp-agent inform address
- snmp-agent local-engineid
- snmp-agent mib-view
- snmp-agent notification-log
- snmp-agent notification-log enable
- snmp-agent notify-filter-profile
- snmp-agent packet contextengineid-check enable
- snmp-agent packet max-size
- snmp-agent packet-priority
- snmp-agent protocol get-bulk timeout
- snmp-agent protocol server disable
- snmp-agent protocol source-interface
- snmp-agent protocol server message queue
- snmp-agent set-cache enable
- snmp-agent statistics mib disable
- snmp-agent sys-info
- snmp-agent target-host inform
- snmp-agent target-host trap
- snmp-agent target-host trap ipv6
- snmp-agent trap disable
- snmp-agent trap enable
- snmp-agent trap enable feature-name
- snmp-agent trap enable feature-name bulkstat
- snmp-agent trap enable feature-name snmp
- snmp-agent trap life
- snmp-agent trap queue-size
- snmp-agent trap start-trap resend disable
- snmp-agent trap source
- snmp-agent trap source-port
- snmp-agent trap type
- snmp-agent udp-port
- snmp-agent usm-user
- snmp-agent usm-user password complexity-check disable
- storage
- transfer
- transfer interval
- transfer remain-time
- transfer retry
bulk-file
Function
The bulk-file command creates a bulk file for bulk statistics collection and displays the bulk file view. If the specified bulk file exists, the command displays the bulk file view directly.
The undo bulk-file command deletes a bulk file.
By default, no bulk file is configured in the system.
Parameters
| Parameter | Description | Value |
|---|---|---|
| file-name | Specifies the name of a bulk file. | The value is a string of 1 to 31 characters. It can only contain digits, letters, underlines (_), and hyphens (-). |
Usage Guidelines
Before creating a bulk file, run the bulk-stat enable command to enable bulk statistics collection.
Before deleting a bulk file, ensure that the bulk file exists and the bulk statistics collection task has been stopped. If the bulk file does not exist or the bulk statistics collection task is still running, the system displays an error message.
bulk-stat enable
Function
The bulk-stat enable command enables the bulk statistics collection function.
The undo bulk-stat enable command disables the bulk statistics collection function.
By default, the bulk statistics collection function is disabled.
Usage Guidelines
To enable the system to collect statistics about multiple objects on the local device, generate a statistics file, and send the file to the NMS through FTP or TFTP, use the bulk-stat enable command to enable the bulk statistics collection function.
When disabling the bulk statistics collection function, you need to confirm your action in interactive mode.
clear configuration snmp-agent trap enable
Function
The clear configuration snmp-agent trap enable command deletes alarm configurations related to one or all functions in a batch and restores the default alarm functions.
Parameters
| Parameter | Description | Value |
|---|---|---|
| feature-name feature-name | Deletes configurations of the trap function of a feature. | The value is the name of a feature that has been supported by the device. |
Usage Guidelines
Usage Scenario
After a feature trap function is enabled or disabled using the snmp-agent trap enable feature-name feature-name [ trap-name trap-name ] command, the trap functions of all features are enabled using the snmp-agent trap enable command, or the trap functions of all features are disabled using the snmp-agent trap disable command. To delete the configurations, run the clear configuration snmp-agent trap enable command.
Configuration Impact
- When the trap function is enabled or disabled globally, running the clear configuration snmp-agent trap enable feature-name feature-name command deletes configurations of the trap function of the feature specified by feature-name and restores the status of the trap function to be the same as that of the global trap function.
- When the global trap function is in the default state, running the clear configuration snmp-agent trap enable feature-name feature-name command deletes configurations of the trap function of the feature specified by feature-name and restores the status of the trap function to be the default status.
- Running the clear configuration snmp-agent trap enable command deletes configurations of the trap functions of all features and restores all feature alarm functions to the default status.
collect enable
Function
The collect enable command enables an existing bulk file.
The undo collect enable command disables an existing bulk file.
By default, no bulk file is enabled.Usage Guidelines
Usage Scenario
After a bulk file is created, it is in Stop state and does not participate in data collection and scheduling. After you run the collect enable command to enable the bulk file, the bulk file transitions to Ready state and can participate in data collection and scheduling. The undo collect enable command disables the bulk file and sets the file state to Stop.
Precautions
Before running the collect enable command in a bulk file, run the transfer command to configure the primary upload path for the bulk file.
The interval between running the undo collect enable and collect enable commands in a bulk file must be at least 10 seconds. If the interval is less than 10 seconds, the collect enable configuration files.
You can change the maximum number of retransmissions, collection interval, upload interval, and upload holding time, and delete the primary URL for a bulk file only when the bulk file is disabled.
The collect enable command takes effect only when the collection interval, upload interval, and upload holding time meet the following requirements: The upload interval is an integral multiple of the collection interval, and the upload holding time is smaller than or equal to the upload interval.
collect interval
Function
The collect interval command sets the statistics collection interval for a bulk file.
The undo collect interval command restores the default statistics collection interval.
By default, the statistics collection interval is 5 minutes.
Parameters
| Parameter | Description | Value |
|---|---|---|
| interval | Specifies statistics collection interval of a bulk file. | The value can be 5, 10, 15, or 30, in minutes. |
Usage Guidelines
The file upload interval configured using the transfer interval command must be an integral multiple of the statistics collection interval configured using this command.
Before changing the statistics collection interval, run the undo collect enable command to disable the statistics collection function.
display bulk-stat
Function
The display bulk-stat command displays the configuration of the bulk statistics collection function.
Parameters
| Parameter | Description | Value |
|---|---|---|
| file-name | Specifies the name of a bulk file. | The value is a string of 1 to 31 characters. It can only contain digits, letters, underlines (_), and hyphens (-). |
Usage Guidelines
The display bulk-stat command displays the configuration of the bulk statistics collection function, including:
- Maximum number of bulk files
- Number of configured bulk files
- Maximum number of instances that can be collected within 5 minutes
- Basic configurations and status of configured bulk files
File name, storage mode, and format of the bulk file
Statistics collection interval and upload interval of the bulk file
The primary URL and secondary URL where the bulk file will be uploaded
Maximum number of retransmissions of the bulk file
Storage time of the bulk file
Current status of the bulk file
Objects included in the bulk file
Example
# Display the configuration of the bulk statistics collection function.
<HUAWEI> display bulk-stat
bulk statistic info:
--------------------------------
max bulk file number : 10
current bulk file number: 10
current bulk object number: 2000
max data item per 5 minutes: 40000
--------------------------------
index bulk file name collect(min) transfer(min) status
-------------------------------------------------------------------------------------------------------------
1 bulk1 5 5 running
2 bulk2 5 15 ready
3 bulk3 5 10 stop
4 bulk4 5 15 ready
-------------------------------------------------------------------------------------------------------------
Item |
Description |
|---|---|
max bulk file number |
Maximum number of bulk files. |
current bulk file number |
Number of configured bulk files. |
current bulk object number |
Number of configured statistics objects. |
max data item per 5 minutes |
Maximum number of instances that can be collected within 5 minutes. |
index |
Index of a configured bulk file. |
bulk file name |
Name of a configured bulk file. You can run the bulk-file command to configure this parameter. |
collect(min) |
Statistics collection interval of a configured bulk file. You can run the collect interval command to configure this parameter. |
transfer(min) |
Upload interval of a configured bulk file. You can run the transfer interval command to configure this parameter. |
status |
Status of a configured bulk file. The value can be:
|
# Display detailed information about bulk file iftable.
<HUAWEI> display bulk-stat iftable
bulk file iftable:
--------------------------------
storage: ephemeral
format: bulkASCII
collect interval: 5 min
transfer interval: 15 min
primary transfer URL: ftp://user:password@host/folder/bulkstat1
secondary transfer URL: tftp://10.1.0.1/tftpboot/user/bulkstat1
transfer retry times: 3
file remain time: 15 min
status: running
last transfer success time: 2006-11-29 11:15
last transfer fail time: NULL
total object number: 2
--------------------------------
index: 1
class: single
OID: 1.3.6.1.2.1.10.94.1.1.10.1.1.0.1
start index: NULL
instance number: NULL
--------------------------------
index: 2
class: column
OID: 1.3.6.1.2.1.10.94.1.1.10.1.2
start index: 1
instance number: 3
Item |
Description |
|---|---|
storage |
Storage mode of the bulk file. Currently, only the ephemeral storage mode is supported. |
format |
Format of the bulk file. |
collect interval |
Statistics collection interval of the bulk file. You can run the collect interval command to configure this parameter. |
transfer interval |
Upload interval of the bulk file. You can run the transfer interval command to configure this parameter. |
transfer retry times |
Maximum number of retransmissions of the bulk file. You can run the transfer retry command to configure this parameter. |
primary transfer URL |
Primary URL where the bulk file will be uploaded. You can run the transfer command to configure this parameter. |
secondary transfer URL |
Secondary URL where the bulk file will be uploaded. You can run the transfer command to configure this parameter. |
file remain time |
Storage time of the bulk file. You can run the transfer remain-time command to configure this parameter. |
last transfer success time |
Time of the last file upload success. |
last transfer fail time |
Time of the last file upload failure. |
total object number |
Total number of objects in the bulk file. |
index |
Index of an object. |
class |
Type of an object. The value can be:
|
OID |
OID of an object. |
start index |
|
instance number |
|
display snmp-agent
Parameters
| Parameter | Description | Value |
|---|---|---|
| local-engineid | Displays the engine ID of the local SNMP agent. | - |
| remote-engineid | Displays the engine ID of a remote SNMP agent. | - |
Usage Guidelines
Usage Scenario
After the SNMP agent function is enabled, you can run the display snmp-agent { local-engineid | remote-engineid } command to view the engine ID of the local or remote SNMP agent.
The engine ID of the SNMP agent uniquely identifies an SNMP agent in a management domain. The engine ID of the SNMP agent is an important component of the SNMP agent. It schedules and processes SNMP messages, implements security authentication, access control and so on.
Prerequisites
Before running the display snmp-agent { local-engineid | remote-engineid } command to view the engine ID of the local or remote SNMP agent, you need to run the snmp-agent command to enable the SNMP agent function.
Precautions
To configure an engine ID for the local SNMP agent, you can run the snmp-agent local-engineid command.
display snmp-agent community
Parameters
| Parameter | Description | Value |
|---|---|---|
| read | Displays the name of a community with read-only permission. | - |
| write | Displays the name of a community with read and write permission. | - |
Usage Guidelines
When configuring a management entity, you can use the display snmp-agent community command to check the community name configured on the current agent.
If the parameter read or write is not specified, the names of all communities are displayed.
You have to configure the community name using the snmp-agent community command before you run the display snmp-agent community command.
Example
# Display the current community name.
<HUAWEI> display snmp-agent community Community name: %^%#.T|&Whvyf$<Gd"I,wXi5SP_6~Nakk6<<+3H:N-h@aJ6d,l0md%HCeAY8~>X=>xV\JKNAL=124r839v<*%^%# Group name: %^%#.T|&Whvyf$<Gd"I,wXi5SP_6~Nakk6<<+3H:N-h@aJ6d,l0md%HCeAY8~>X=>xV\JKNAL=124r839v<*%^%# Alias name:huawei Acl:2001 Storage type: nonVolatile
Item |
Description |
|---|---|
Community name |
Name of a community. You can run the snmp-agent community command to configure this parameter. |
Group name |
Name of a group. |
Alias name |
Alias name for a community This parameter is displayed only when it is specified in the snmp-agent community command. |
Acl |
Number of the ACL configured for the community. This parameter is displayed only when it is specified in the snmp-agent community command. |
Storage type |
Mode in which information is stored. Only nonVolatile is supported currently. In this mode, configuration can be restored after the device restarts. |
display snmp-agent extend error-code status
Function
The display snmp-agent extend error-code status command allows you to check whether the function of sending extended error codes to the NMS is enabled on the device.
Usage Guidelines
If the NMS does not receive the extended error codes sent from the device, you can run the display snmp-agent extend error-code status command to check whether the function of sending extended error codes to the NMS is enabled on the device.
Example
# Display whether the function of sending extended error codes to the NMS is enabled on the device.
<HUAWEI> display snmp-agent extend error-code status
Extend error-code status: enabled
Item |
Description |
|---|---|
Extend error-code status |
Whether the function of sending extended error codes to
the NMS is enabled on the device:
You can run the snmp-agent extend error-code enable command to configure this parameter. |
display snmp-agent group
Parameters
| Parameter | Description | Value |
|---|---|---|
| group-name | Displays information about a specified SNMP user group. If this parameter is not specified, the system displays information about all SNMP user groups. |
The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
Usage Guidelines
Usage Scenario
When configuring a management object according to the SNMP user group, you can run the display snmp-agent group command to view information about the SNMP user group, such as the group name and security model.
Prerequisites
An SNMP user group has been configured using the snmp-agent group command.
Example
<HUAWEI> display snmp-agent group
Group name: testgroup
Security model: v3 AuthPriv
Readview: ViewDefault
Writeview: dnsmib
Notifyview: dnsmib
Storage type: nonVolatile
Acl: 2001
Item |
Description |
|---|---|
Group name |
Name of the SNMP user group. You can run the snmp-agent group command to configure this parameter. |
Security model |
Security mode of the SNMP user group:
You can run the snmp-agent group command to configure this parameter. |
Readview |
Name of a MIB view with read-only permission of the SNMP user group. You can run the snmp-agent group command to configure this parameter. |
Writeview |
Name of a MIB view with read and write permission of the SNMP user group. You can run the snmp-agent group command to configure this parameter. |
Notifyview |
Name of a MIB view name with notification permission of the SNMP user group. You can run the snmp-agent group command to configure this parameter. |
Storage-type |
Mode in which information is stored. Only nonVolatile is supported currently. In this mode, configuration can be restored after the device restarts. |
Acl |
ACL number or name of the SNMP user group. You can run the snmp-agent group command to configure this parameter. |
display snmp-agent heartbeat configuration
Function
The display snmp-agent heartbeat configuration command displays the configuration of sending heartbeat packets to the NMS.
Usage Guidelines
When the NMS cannot initiatively obtain the status of the device, run the snmp-agent heartbeat enable command to enable the device to send heartbeat packets to the NMS. The device then periodically sends heartbeat packets to the NMS to notify the NMS of its status. To check whether the device is enabled to send heartbeat packets to the NMS, run the display snmp-agent heartbeat configuration command.
Example
# Display the configuration of sending heartbeat packets to the NMS.
<HUAWEI> display snmp-agent heartbeat configuration
SNMP agent heartbeat configuration:
Status : Enabled
Interval : 60(s)
Item |
Description |
|---|---|
SNMP agent heartbeat configuration |
Configuration of sending heartbeat packets to the NMS. |
Status |
Whether the device is enabled to send heartbeat packets
to the NMS:
You can run the snmp-agent heartbeat enable command to configure this parameter. |
Interval |
The interval at which the device sends heartbeat packets to the NMS. You can run the snmp-agent heartbeat interval command to configure this parameter. |
display snmp-agent inform
Function
The display snmp-agent inform command displays parameters for sending traps to the NMS through Inform packets and statistics about the Inform packets.
Format
display snmp-agent inform [ address udp-domain ip-address [ vpn-instance vpn-instance-name ] params securityname { security-name | cipher security-name } ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| address udp-domain ip-address | Specifies the IP address of the NMS, with the transmission
domain of the target host being based on the User Datagram Protocol
(UDP). NOTE:
The IP address specified by address and the security name specified by securityname together identify a NMS. |
The value is dotted decimal notation. |
| vpn-instance vpn-instance-name | Specifies the VPN instance to which the NMS belongs. NOTE:
On the VPN, the VPN instance specified by vpn-instance, IP address, and security name together identify an NMS. |
The value must be an existing VPN instance name. |
| params | Indicates information about the NMS. | - |
| securityname security-name | Specifies the user security name displayed on the NMS. | The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| cipher security-name | Indicates the unencrypted or encrypted string of security name. |
The value is a string of 1 to 32, 32, or 56 case-sensitive
characters without spaces. When double quotation marks are used around
the string, spaces are allowed in the string.
|
Usage Guidelines
- Number of times Inform packets are retransmitted when the device receives no acknowledgement message from the NMS.
- Timeout period for the acknowledgement from the NMS in response to Inform packets.
- Number of Inform packets retransmitted to the NMS.
- Number of Inform packets in the Inform buffer to be acknowledged by the NMS.
- Number of traps sent through Inform packets to the NMS.
- Number of Inform packets discarded when the Inform buffer is full.
- Number of retransmitted Inform packets that are not acknowledged.
- Number of packets acknowledged by the NMS.
If no parameter is specified in the display snmp-agent inform command, global parameters for sending traps through Inform packets, all NMS parameters, and packet statistics mode are displayed.
Example
# Displays global parameters for sending traps through Inform packets, all NMS parameters, and packets statistics mode.
<HUAWEI> display snmp-agent inform Global config: resend-times 3, timeout 15s, pending 39 Global status: current notification count 1 Target-host ID: VPN instance/IP-Address/Domain/Security name -/10.1.1.1/-/%^%#O>tf1ssv|~v3.\IY}|@Gk,:%/IX{!OrFazE#1lxR%^%#: Config: resend-times 3, timeout 15s Status: retries 0, pending 0, sent 0, dropped 0, failed 0, confirmed 0
Item |
Description |
|---|---|
Global config |
Global Inform parameters:
You can run the snmp-agent inform command to configure these parameters. |
Global status |
Statistics about global Inform packets. |
Target-host ID: VPN instance/IP-Address/Domain/Security name |
You can run the snmp-agent inform address command to configure these parameters (except Domain). |
Config |
Inform packet parameters of the NMS:
You can run the snmp-agent inform address command to configure these parameters. |
Status |
Statistics about Inform packets from the switch to the NMS:
|
display snmp-agent mib-view
Parameters
| Parameter | Description | Value |
|---|---|---|
| exclude | Displays all MIB views that have excluded MIB subtrees configured. | - |
| include | Displays all MIB views that have included MIB subtrees configured. | - |
| viewname view-name | Displays a specified MIB view. | The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
Usage Guidelines
Usage Scenario
The snmp-agent mib-view command creates or updates a MIB view. To check the current MIB view, you can run the display snmp-agent mib-view command.
Precautions
The snmp-agent command has been run to enable the SNMP Agent. Otherwise, an error message is displayed.
Example
# Display the current MIB view.
<HUAWEI> display snmp-agent mib-view
View name:ViewDefault
MIB Subtree:internet
Subtree mask:F0(Hex)
Storage-type: nonVolatile
View Type:included
View status:active
Item |
Description |
|---|---|
View name |
MIB view name. You can run the snmp-agent mib-view command to configure this parameter. |
MIB Subtree |
MIB subtree. You can run the snmp-agent mib-view command to configure this parameter. |
Subtree mask |
MIB subtree mask. |
Storage type |
Mode in which information is stored. Only nonVolatile is supported currently. In this mode, configuration can be restored after the device restarts. |
View Type |
Whether the MIB subtree can be accessed by a MIB view:
You can run the snmp-agent mib-view command to configure this parameter. |
View status |
Indicates the status of the MIB view. |
display snmp-agent notification-log
Function
The display snmp-agent notification-log command displays information saved in the trap log buffer.
Parameters
| Parameter | Description | Value |
|---|---|---|
| info | Displays parameters of trap logs recorded by the device and statistics about trap logs. |
- |
| logtime starttime to endtime | Specifies the start time and end time of trap logs to be displayed:
|
The value is in the HH:MM:SS YYYY/MM/DD format, where HH:MM:SS indicates the hour, minute, and second and YYYY/MM/DD indicates the year, month, and day. HH ranges from 0 to 23; MM and SS range from 0 to 59. YYYY ranges from 2000 to 2099; MM ranges from 1 to 12; DD ranges from 1 to 31. The end time must be later than the start time. |
| size size | Specifies the number of latest trap logs to be displayed. |
The value is an integer that ranges from 1 to 5000. |
Usage Guidelines
Specify the start time and end time of trap logs to be displayed.
Specify the number of latest trap logs to be displayed.
Specify no parameter to view all trap logs.
Example
# Display parameters of trap logs recorded by the device and statistics about trap logs.
<HUAWEI> display snmp-agent notification-log info
Notification log information :
Notification Admin Status: enable
GlobalNotificationsLogged: 0
GlobalNotificationsBumped: 0
GlobalNotificationsLimit: 500
GlobalNotificationsAgeout: 24
Total number of notification log(s): 0
Item |
Description |
|---|---|
Notification log information |
Parameters of trap logs recorded by the device and statistics about trap logs. |
Notification Admin Status |
Whether the function of recording trap logs is enabled on
the device:
You can run the snmp-agent notification-log enable command to configure this parameter. |
GlobalNotificationsLogged |
Number of trap logs recorded currently. |
GlobalNotificationsBumped |
Number of logs recording discarded traps. |
GlobalNotificationsLimit |
Maximum number of trap logs that can be saved. You can run the snmp-agent notification-log command to configure this parameter. |
GlobalNotificationsAgeout |
Aging time of trap logs. You can run the snmp-agent notification-log command to configure this parameter. |
Total number of notification log(s) |
Total number of recorded trap logs. |
# Display the latest 20 trap logs. (In this example, only one trap log is available in the system.)
<HUAWEI> display snmp-agent notification-log size 20
Total number of notifications log(s) : 1
LogTable :
LogIndex= 12
LogTime= 229323
LogDateAndTime= 2007/3/8 10:28:16
LogEngineID= 000007DB7F00000100004CFB
LogEngineTAddress= 192.168.39.1/162
LogEngineTDomain= snmpUDPDomain
LogContextEngineID= null
LogContextName= null
LogNotificationID= 1.3.6.1.4.1.2011.6.10.2.1
LogVariableTable :
LogVariableIndex= 1
LogVariableOID= 1.3.6.1.2.1.1.3
LogVariableValueType= TimeTicksLogVariableValue = 229323
LogVariableIndex= 2
LogVariableOID= 1.3.6.1.6.3.1.1.4.1
LogVariableValueType= OidLogVariableValue = 1
LogVariableIndex= 3
LogVariableOID= 1.3.6.1.4.1.2011.6.10.1.1.7.1.3.29
LogVariableValueType= Integer32LogVariableValue = 1
LogVariableIndex= 4
LogVariableOID= 1.3.6.1.4.1.2011.6.10.1.1.7.1.4.29
LogVariableValueType= Integer32LogVariableValue = 3
LogVariableIndex= 5
LogVariableOID= 1.3.6.1.4.1.2011.6.10.1.1.7.1.5.29
LogVariableValueType= Integer32LogVariableValue = 2
Item |
Description |
|---|---|
LogTable |
Log table. |
LogIndex |
Index of the log. |
LogTime |
Difference between the time when the log was recorded and the time when the system started. The unit is 10 ms. |
LogDateAndTime |
Absolute date and time when the log was recorded. |
LogEngineID |
Engine ID of the SNMP message recorded in the log. |
LogEngineTAddress |
IP address and port number of the SNMP message recorded in the log. |
LogEngineTDomain |
Transmission type of the SNMP message recorded in the log. |
LogContextEngineID |
Engine ID of context of the SNMP message recorded in the log. |
LogContextName |
Secure user name, IP address, and VPN instance name. |
LogNotificationID |
OID of the trap object recorded in the log. |
LogVariableTable |
Variable table of the log. |
LogVariableIndex |
Index of a variable. |
LogVariableOID |
OID of a variable. |
LogVariableValueType |
Value type of a variable. |
LogVariableValue |
Value of a variable. |
display snmp-agent notify-filter-profile
Function
The display snmp-agent notify-filter-profile command displays information about a specified trap filter profile or all trap filter profiles.
Parameters
| Parameter | Description | Value |
|---|---|---|
| profile-name | Specifies the name of a trap filter profile. | The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
Usage Guidelines
You can use the display snmp-agent notify-filter-profile command to view information about configured trap filter profiles. The command can display all the configured trap filter profiles or a specified trap file profile.
Example
<HUAWEI> display snmp-agent notify-filter-profile
Notify-filter name:snmpv2
Notify-filter Subtree:snmpV2
Notify-filter Subtree mask:F8(Hex)
Notify-filter Storage-type:nonVolatile
Notify-filter Type:included
Notify-filter status:active
Item |
Description |
|---|---|
Notify-filter name |
Name of a trap filter profile. You can run the snmp-agent notify-filter-profile command to configure this parameter. |
Notify-filter Subtree |
Filtered MIB subtree. You can run the snmp-agent notify-filter-profile command to configure this parameter. |
Notify-filter Subtree mask |
Mask of a MIB subtree. |
Notify-filter Storage-type |
Mode in which information is stored. Only nonVolatile is supported currently. In this mode, configuration can be restored after the device restarts. |
Notify-filter Type |
Whether traps of the MIB subtree are sent to the NMS:
You can run the snmp-agent notify-filter-profile command to configure this parameter. |
Notify-filter status |
Status of a trap filter profile. |
display snmp-agent statistics
Function
The display snmp-agent statistics command displays statistics about SNMP packets on the switch.
Usage Guidelines
- The NMS acts as a manager to send an SNMP Request message to the SNMP Agent.
- The SNMP Agent searches the MIB on the device for the required information and sends an SNMP Response message to the NMS.
- When the trap triggering conditions are met, the SNMP Agent sends a trap to the NMS to report the event occurring on the device. In this manner, the network administrator can process the event occurring on the network in time.
You can run the display snmp-agent statistics command to analyze the statistics about SNMP packets exchanged between the NMS and SNMP Agent, facilitating fault location.
NOTE: If large number of messages are received in short period, a great number of CPU resources are occupied. The number of received messages depends on the frequency at which the NMS sends the Request messages.
Example
# Display the statistics about SNMP packets on the switch.
<HUAWEI> display snmp-agent statistics
0 Messages delivered to the SNMP entity
0 Messages which were for an unsupported version
0 Messages which used a SNMP community name not known
0 Messages which represented an illegal operation for the community supplied
0 ASN.1 or BER errors in the process of decoding
7 Messages passed from the SNMP entity
0 SNMP PDUs which had badValue error-status
0 SNMP PDUs which had genErr error-status
0 SNMP PDUs which had noSuchName error-status
0 SNMP PDUs which had tooBig error-status
0 MIB objects retrieved successfully
0 MIB objects altered successfully
0 GetRequest-PDU accepted and processed
0 GetNextRequest-PDU accepted and processed
0 GetResponse-PDU accepted and processed
0 SetRequest-PDU accepted and processed
0 Trap-PDU accepted and processed
0 Inform-PDU sent
0 Inform ACK PDUs failed to be processed
0 Inform ACK PDUs successfully processed
Item |
Description |
|---|---|
Messages delivered to the SNMP entity |
Total number of received SNMP messages |
Messages which were for an unsupported version |
Number of SNMP messages with version errors |
Messages which used an SNMP community name not known |
Number of SNMP messages with community name errors |
Messages which represented an illegal operation for the community supplied |
Number of SNMP messages with authority errors corresponding to community name |
ASN.1 or BER errors in the process of decoding |
Number of SNMP messages with encoding errors |
Messages passed from the SNMP entity |
Total number of sent SNMP messages |
SNMP PDUs which had badValue error-status |
Number of SNMP messages with bad values |
SNMP PDUs which had genErr error-status |
Number of SNMP messages with general errors |
SNMP PDUs which had noSuchName error-status |
Number of SNMP messages with requests for non-existing MIB objects |
SNMP PDUs which had tooBig error-status |
Number of SNMP messages with Too_big errors |
MIB objects retrieved successfully |
Number of variables requested by NMS |
MIB objects altered successfully |
Number of variables set by NMS |
GetRequest-PDU accepted and processed |
Number of received SNMP Get-request messages |
GetNextRequest-PDU accepted and processed |
Number of received SNMP GetNext-request messages |
GetResponse-PDU accepted and processed |
Number of sent SNMP Get-response messages |
SetRequest-PDU accepted and processed |
Number of received SNMP Set-request messages |
Trap-PDU accepted and processed |
Number of sent SNMP Trap messages |
Inform-PDU sent |
Number of sent SNMP Inform messages |
Inform ACK PDUs failed to be processed |
Number of SNMP Inform messages received with no acknowledgement |
Inform ACK PDUs successfully processed |
Number of SNMP Inform messages received with acknowledgement |
display snmp-agent statistics mib
Function
The display snmp-agent statistics mib command displays statistics about the NMS's operations on MIB objects.
Format
display snmp-agent statistics mib [ [ vpn-instance vpn-instance-name ] { address ipv4-address | ipv6 ipv6-address } ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| vpn-instance vpn-instance-name | Specifies a VPN instance name. | The value must be an existing VPN instance name. |
| address ipv4-address | Specifies an IPv4 address. | - |
| ipv6 ipv6-address | Specifies an IPv6 address. | - |
Usage Guidelines
Usage Scenario
An NMS performs operations on MIB objects to manage devices. To check these operation statistics, run the display snmp-agent statistics mib command. The command output displays names, access frequencies, and handling dates of MIB objects.
If no NMS is specified, the display snmp-agent statistics mib command displays statistics about the operations performed by all NMSs (that is, IPv4+VPN, IPv6+VPN, IPv4, and IPv6 NMSs) on MIB objects.
Follow-up Procedure
If the NMS accesses a great amount of MIB node information and statistics do not need to be saved, run the reset snmp-agent statistics mib command to delete the statistics.
Example
# Display all statistics about the NMS's operations on MIB objects.
<HUAWEI> display snmp-agent statistics mib
-----------------------------------------------------------------------------------------
ip address:192.168.1.4, total mib node number:9
SUMMARY: Total set:0,Total get:9,Total get-next:75
-----------------------------------------------------------------------------------------
MibNode Set Get GetNext MaxTime MinTime AveTime
ifEntry 0 0 75 0 0 0
ifNumber 0 1 0 0 0 0
sysContact 0 1 0 0 0 0
sysDescr 0 1 0 0 0 0
sysLocation 0 1 0 0 0 0
sysName 0 1 0 0 0 0
sysObjectID 0 1 0 0 0 0
sysServices 0 1 0 0 0 0
sysUpTime 0 2 0 0 0 0
# Display the statistics about the operations performed by the NMS with the IP address of 192.168.1.3 in the VPN instance aa.
<HUAWEI> display snmp-agent statistics mib vpn-instance aa address 192.168.1.3
-----------------------------------------------------------------------------------------
vpn instance:aa, ip address:192.168.1.3, total mib node number:1
SUMMARY: Total set:0,Total get:1,Total get-next:0
-----------------------------------------------------------------------------------------
MibNode Set Get GetNext MaxTime MinTime AveTime
sysDescr 0 1 0 0 0 0
| Item | Description |
|---|---|
| ip address | IP address of the NMS. |
| vpn instance | VPN instance name |
| total mib node number | Total number of MIB objects accessed by the NMS. |
| SUMMARY | Abstract of statistics about the NMS's operations on MIB objects. |
| Total set | Total number of Set operations performed on all MIB objects. |
| Total get | Total number of Get operations performed on all MIB objects. |
| Total get-next | Total number of GetNext operations performed on all MIB objects. |
| MibNode | MIB object name. |
| Set | Number of the Set operations performed on a specified MIB object. |
| Get | Number of the Get operations performed on a specified MIB object. |
| GetNext | Number of the GetNext operations performed on a specified MIB object. |
| MaxTime | Maximum time for an operation performed on MIB objects. |
| MinTime | Minimum time for an operation performed on MIB objects. |
| AveTime | Average time for an operation performed on MIB objects. |
display snmp-agent sys-info
Function
The display snmp-agent sys-info command displays SNMP information about the device, including contact information of device maintenance personnel, physical location of the device, and SNMP version running on the device.
Parameters
| Parameter | Description | Value |
|---|---|---|
| contact | Displays contact information of device maintenance personnel. | - |
| location | Displays the physical location of the device. | - |
| version | Displays the SNMP version running on the device. | - |
Usage Guidelines
- Contact information of device maintenance personnel
- Physical location of the device
- SNMP version running on the device
If no parameter is specified, all information is displayed.
Example
# Display all SNMP information about the device.
<HUAWEI> display snmp-agent sys-info
The contact person for this managed node:
R&D Beijing, Huawei Technologies Co., Ltd.
The physical location of this node:
Beijing China
SNMP version running in the system:
Polling: SNMPv1:disable, SNMPv2c:disable, SNMPv3:enable
Trap : SNMPv1:disable, SNMPv2c:enable, SNMPv3:disable
# Display the SNMP version running on the device.
<HUAWEI> display snmp-agent sys-info version
SNMP version running in the system:
Polling: SNMPv1:disable, SNMPv2c:disable, SNMPv3:enable
Trap : SNMPv1:disable, SNMPv2c:enable, SNMPv3:disable
# Display contact information of device maintenance personnel.
<HUAWEI> display snmp-agent sys-info contact
The contact person for this managed node:
R&D Beijing, Huawei Technologies Co., Ltd.
# Display the physical location of the device.
<HUAWEI> display snmp-agent sys-info location
The physical location of this node:
Beijing China
Item |
Description |
|---|---|
| The contact person for this managed node | Contact information of device maintenance personnel, which is useful in event of emergencies. You can run the snmp-agent sys-info command to configure this parameter. |
| The physical location of this node | Physical location of the device. You can run the snmp-agent sys-info command to configure this parameter. |
SNMP version running in the system |
SNMP version running on the device. The value can be any combination of SNMPv1, SNMPv2c, and SNMPv3. When multiple versions are configured, the NMS manages the device using multiple SNMP versions. You can run the snmp-agent sys-info command to configure this parameter. |
Polling |
|
Trap |
|
display snmp-agent target-host
Function
The display snmp-agent target-host command displays the configurations of destination hosts of all alarms.
Usage Guidelines
You can use the display snmp-agent target-host command to display the configurations of destination hosts of all traps, including IP addresses of the hosts, modes in which traps are sent, security name used to send traps, and SNMP versions. At present, the system can save the configuration of a maximum of 20 destination hosts. Therefore, the display snmp-agent target-host command can view the configuration of a maximum of 20 destination hosts.
Example
# Display the configurations of destination hosts of all alarms.
<HUAWEI> display snmp-agent target-host Target-host NO. 1 ----------------------------------------------------------- IP-address : 10.1.2.1 Domain : - Source interface : - VPN instance : - Security name : %^%#uq/!YZfvW4*vf[~C|.:Cl}UqS(vXd#wwqR~5M(rU%%^%# Port : 162 Type : trap Version : v2c Level : No authentication and privacy NMS type : HW NMS With ext-vb: : No -----------------------------------------------------------
Parameter |
Description |
|---|---|
Target-host NO |
Target host number, which is generated based on the sequence in which the target host is configured. You can run the snmp-agent target-host inform or snmp-agent target-host trap command to configure parameters of the target host. |
IP-address |
IP address of the target host. |
| Domain | Domain name of the target host. |
Source interface |
Source interface that sends traps. |
VPN instance |
VPN instance to which the target host belongs. |
Security name |
Security name used to send traps. |
Port |
UDP port number used to send traps. |
Type |
Mode in which traps are sent:
|
Version |
SNMP version:
|
Level |
Security mode of packets:
|
NMS type |
Type of the target host:
|
With ext-vb |
Whether the trap sent to the target host carries extended
bound variables:
|
display snmp-agent trap all
Function
The display snmp-agent trap all command displays whether the switch is enabled to send alarms of all features to the NM station.
Usage Guidelines
You can run the display snmp-agent trap all command to check whether the switch is enabled to send alarms of specified features to the NMS. You can configure this function by running snmp-agent trap enable, snmp-agent trap enable feature-name, and snmp-agent trap disable.
Example
# Check whether the switch is enabled to send alarms of specified features to the NMS.
<HUAWEI> display snmp-agent trap all ------------------------------------------------------------------------------ Feature name: INFO Trap number : 2 ------------------------------------------------------------------------------ Trap name Default switch status Current switch status hwICLogFileAging on on hwICLogBufferLose on on ------------------------------------------------------------------------------ ---- More ----
Item |
Description |
|---|---|
Feature name |
Name of the feature that generates alarms. |
Trap number |
Number of alarms generated by this feature. |
Trap name |
Name of the alarm. |
Default switch status |
Default status of the alarm:
|
Current switch status |
Current status of the alarm:
This status can be configured using the snmp-agent trap enable feature-name command. |
display snmp-agent trap feature-name all
Function
The display snmp-agent trap feature-name all command displays whether the router is enabled to send alarms of specified features to the NM station.
Usage Guidelines
You can run the display snmp-agent trap feature-name all command to check whether the switch is enabled to send alarms of specified features to the NMS. You can use the snmp-agent trap enable feature-name command to enable this function. The following table lists the alarm information of related features.
Example
# Display the status of the MSDP alarms.
<HUAWEI> display snmp-agent trap feature-name msdp all
------------------------------------------------------------------------------
Feature name: MSDP
Trap number : 2
------------------------------------------------------------------------------
Trap name Default switch status Current switch status
establish off off
backward off off
Item |
Description |
|---|---|
Feature name |
Name of the feature that generates alarms. |
Trap number |
Number of alarms generated by this feature. |
Trap name |
Name of the alarm. |
Default switch status |
Default status of the alarm:
|
Current switch status |
Current status of the alarm:
This status can be configured using the snmp-agent trap enable feature-name command. |
display snmp-agent trap feature-name bulkstat all
Function
The display snmp-agent trap feature-name bulkstat all command displays whether the switch is enabled to send traps of bulk statistics collection feature to the NMS.
Usage Guidelines
After running the snmp-agent trap enable feature-name bulkstat command to configure the function of sending bulk statistics traps to the NMS, you can use the display snmp-agent trap feature-name bulkstat all command to check whether this function is enabled.
Example
# Display whether the switch is enabled to send traps of bulk statistics collection feature to the NMS.
<HUAWEI>display snmp-agent trap feature-name bulkstat all
------------------------------------------------------------------------------
Feature name: BULKSTAT
Trap number : 5
------------------------------------------------------------------------------
Trap name Default switch status Current switch status
hwBulkStatCollectIncomplete off off
hwBulkStatCollectResume off off
hwBulkStatURLConnectionFail off off
hwBulkStatURLConnectionResume off off
hwBulkStatTransferFileDiscard off off
Item |
Description |
|---|---|
Feature name |
Name of the feature that generates traps. |
Trap number |
Number of traps generated by bulk statistics collection feature. |
Trap name |
Name of the trap. The bulk statistics collection feature supports the following traps:
|
Default switch status |
Default status of a trap:
|
Current switch status |
Current status of a trap:
This status can be configured using the snmp-agent trap enable feature-name bulkstat command. |
display snmp-agent trap feature-name snmp all
Function
The display snmp-agent trap feature-name snmp all command displays whether the switch is enabled to send traps of the SNMP feature to the NMS.
Usage Guidelines
Usage Scenario
After running the snmp-agent trap enable feature-name snmp command to enable the function of sending traps of the SNMP feature to the NMS, you can run the display snmp-agent trap feature-name snmp all command to check whether this function is enabled.
Prerequisites
SNMP has been enabled. For details, see snmp-agent.
Example
# Display whether the switch is enabled to send traps of SNMP feature to the NMS.
<HUAWEI> display snmp-agent trap feature-name snmp all
------------------------------------------------------------------------------
Feature name: SNMP
Trap number : 5
------------------------------------------------------------------------------
Trap name Default switch status Current switch status
coldStart on on
warmStart on on
authenticationFailure off off
hwSNMPLockThreshold on on
hwSNMPLockThresholdResume on on
Item |
Description |
|---|---|
Feature name |
Name of the feature that generates traps. |
Trap number |
Number of traps generated by SNMP feature. |
Trap name |
Name of the trap. The SNMP feature supports the following traps:
|
Default switch status |
Default status of a trap:
|
Current switch status |
Current status of a trap:
This status can be configured using the snmp-agent trap enable feature-name snmp command. |
display snmp-agent usm-user
Parameters
| Parameter | Description | Value |
|---|---|---|
| engineid engineid | Displays information about an SNMPv3 user with a specified SNMP entity engine ID. |
- |
| group group-name | Displays the SNMPv3 user belonging to a specified user group. |
- |
| username user-name | Displays information about a specified SNMPv3 user. |
- |
Usage Guidelines
You can run the display snmp-agent usm-user command to display the SNMPv3 user information configured through the snmp-agent usm-user command. The SNMPv3 user here refers to the remote user that carries out SNMPv3 management. The displayed information about an SNMPv3 user includes the user name, authentication protocol, encryption algorithm, and user group to which the SNMPv3 user belongs.
Example
# Display information about all current SNMPv3 users.
<HUAWEI> display snmp-agent usm-user
User name: myuser
Engine ID: 800007DB03360102101100 active
Authentication Protocol: sha
Privacy Protocol: aes256
Group name: mygroup
Item |
Description |
|---|---|
User name |
SNMPv3 user name. You can run the snmp-agent usm-user command to configure this parameter. |
Engine ID |
Local SNMP engine ID. You can run the snmp-agent local-engineid command to configure this parameter. |
active |
Status of the SNMPv3 user. |
Authentication Protocol |
Authentication protocol used for the SNMPv3 user:
You can run the snmp-agent usm-user command to configure this parameter. |
Privacy Protocol |
Encryption algorithm used for the SNMPv3 user:
You can run the snmp-agent usm-user command to configure this parameter. |
Group name |
User group to which the SNMPv3 user belongs. You can run the snmp-agent usm-user command to configure this parameter. |
enable snmp trap updown
Function
The enable snmp trap updown command enables an interface to send a trap to the NMS when the protocol status of the interface changes.
The undo enable snmp trap updown command disables an interface from sending a trap to the NMS when the protocol status of the interface changes.
By default, an interface sends a Trap message to the NMS when the protocol status of the interface changes.
Usage Guidelines
Usage Scenario
The enable snmp trap updown command is used to enable an interface to send a Trap message to the NMS when the protocol status of the interface changes, which helps the NMS monitor the interface status in real time.
Precautions
By default, the function of sending a Trap message to the NMS when the protocol status of the interface changes is enabled. If an interface alternates between Up and Down, it will frequently send Trap messages to the NMS, causing the NMS to be busy processing these Trap messages. In this case, you can run the undo enable snmp trap updown command to disable the interface from sending trap messages to the NMS.
format (bulk file view)
Function
The format command configures the format for a bulk file.
The undo format command restores the default format of a bulk file.
By default, the format of a bulk file is bulkascii (text format).
object
Function
The object command creates a statistics object for a bulk file.
The undo object command deletes a statistics object.
By default, no statistics object exists in a bulk file.
Format
object oid class { single | column [ start-index start-index ] [ instance-number instance-number ] }
undo object oid class { single | column }
Parameters
| Parameter | Description | Value |
|---|---|---|
| oid | Specifies the OID of a statistics object.The value is a numeric string of 1 to 127 characters, in dotted notation. | - |
| class single | Creates a single statistics object. | - |
| class column | Creates a bulk statistics object. | - |
| start-index start-index | Specifies the start instance index when the object type is set to column. The value is a numeric string of 1 to 127 characters, in dotted notation. The value 0 indicates that the system collects statistics from the first instance in the column. The default value is 0. | - |
| instance-number instance-number | Specifies the number of consecutive instances to be collected from the start instance when the object type is set to column. The value is an integer that ranges from 0 to 65535. The value 0 indicates that the system stops collecting statistics at the end of the column. If the instance range specified by the start-index and instances-number parameters is beyond the actual instance range, the system collects statistics within the actual instance range. The default value is 0. | - |
Usage Guidelines
Usage Scenario
The object oid class single command creates a statistics object for the data item of a single instance. In this command, the oid parameter must contain the instance index. When the instance index is set to 0, the data item is a scalar quantity. When the instance index is set to a non-0 value, the data item is an instance in the column. If the object has been configured in the bulk file, the system displays an error message indicating that the OID already exists.
The object oid class column start-index start-index instance-number instance-number command creates a bulk statistics object to collect statistics about some or all types of instances in a column. You must specify the start-index and instances-number parameters to specify the start instance index and the number of instances. If the instance range specified by the start-index and instances-number parameters is beyond the actual instance range, the system collects statistics within the actual instance range. If the object has been configured in the bulk file, the system displays an error message indicating that the OID already exists.
Precautions
The configuration of object or undo object takes effect in the next collection interval.
The OID specified in the command must exist in the MIB tree. If the specified OID exists in the bulk file, the system displays a message indicating that the OID has been configured. Delete this OID and then reconfigure it.
Example
# Add a single statistics object to the bulk file ifOutOctets.
<HUAWEI> system-view
[HUAWEI] bulk-stat enable
Info: Succeeded in enabling the bulk stat function.
[HUAWEI] bulk-file ifOutOctets
[HUAWEI-bulk-file-ifOutOctets] object 1.3.6.1.2.1.2.2.1.16.1 class single
# Add a bulk statistics object to the bulk file iftable.
<HUAWEI> system-view
[HUAWEI] bulk-stat enable
Info: Succeeded in enabling the bulk stat function.
[HUAWEI] bulk-file iftable
[HUAWEI-bulk-file-iftable] object 1.3.6.1.2.1.2.2.1.16 class column start-index 1 instance-number 10
reset snmp-agent statistics mib
Function
The reset snmp-agent statistics mib command clears statistics about the NMS's operations on MIB objects.
Format
reset snmp-agent statistics mib [ address ipv4-address | ipv6 ipv6-address | vpn-instance vpn-instance-name address ipv4-address ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| address ipv4-address | Specifies an IPv4 address. | - |
| ipv6 ipv6-address | Specifies an IPv6 address. | - |
| vpn-instance vpn-instance-name | Specifies a VPN instance name. | The value must be an existing VPN instance name. |
Usage Guidelines
Usage Scenario
An NMS performs operations on MIB objects to manage devices. You can run the display snmp-agent statistics mib command to check the operation statistics.
If the NMS accesses a great amount of MIB node information and statistics do not need to be saved, run the reset snmp-agent statistics mib command to delete the statistics.
If no NMS is specified, the reset snmp-agent statistics mib command clears statistics about the operations performed by all NMSs (that is, IPv4+VPN, IPv6+VPN, IPv4, and IPv6 NMSs) on MIB objects.
Precautions
Operation statistics cannot be restored after they are cleared. Exercise caution when running the reset snmp-agent statistics mib command.
snmp-agent
Function
The snmp-agent command enables the SNMP agent function.
The undo snmp-agent command disables the SNMP agent function.
By default, the SNMP agent function is disabled.
Usage Guidelines
Usage Scenario
Before configuring SNMP, you need to enable the SNMP agent function.
By executing the snmp-agent command with any parameter enables the SNMP agent function. For example, if you execute the snmp-agent community command, the community name gets created and also SNMP agent function is enabled.
Precautions
After the snmp-agent command is executed, both the IPv4 and IPv6 services are enabled for the SNMP agent. By default, the switch listens on the IP address 0.0.0.0, that is, all IP addresses. This default setting is a threat to data confidentiality. You are advised to run the snmp-agent protocol source-interface interface-type interface-number command to specify the source interface that receives and responds to SNMP requests from the NMS.
snmp-agent acl
Function
The snmp-agent acl command configures an SNMP ACL.
The undo snmp-agent acl command deletes the configured SNMP ACL.
By default, no SNMP ACL is configured.
Parameters
| Parameter | Description | Value |
|---|---|---|
| acl-number | Specifies an ACL number. | The value is an integer ranging from 2000 to 3999. |
| acl-name | Specifies the name of a basic or an advanced Named ACL. | The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter. |
Usage Guidelines
Usage Scenario
When using the NMS to manage devices, you can run the snmp-agent acl command to configure an SNMP ACL on the devices and restrict the NMS's access to the devices to enhance network security.
Precautions
- The SNMP ACLs take precedence over ACLs based on SNMP community names, SNMP groups, and SNMP users.
- The ACL configured takes effect on both IPv4 and IPv6 networks.
snmp-agent community
Function
The snmp-agent community command configures the SNMPv1 or SNMPv2c read-write community name.
The undo snmp-agent community command is used to delete the configuration of the community name.
By default, the community name is not configured.
Format
snmp-agent community { read | write } { community-name | cipher community-name } [ mib-view view-name | acl { acl-number | acl-name } | alias alias-name ] *
undo snmp-agent community community-name
undo snmp-agent community { read | write } [ cipher ] community-name
Parameters
Usage Guidelines
Usage Scenario
The snmp-agent community command is used on SNMPv1 and SNMPv2c networks. The community is a combination of the NMS and SNMP agent and is identified by a community name. The community name functions as a password for authentication during device communication in a community. Devices can communicate if the community name of the NMS and that of the SNMP agent are the same. The snmp-agent community command configures a community name on a device so that the NMS can communicate with the device. Parameters of the snmp-agent community command set the access permission, ACL, and accessible MIB views of a community name.
To grant the NMS read-only permission in the specified view, configure read.
To grant the NMS read-write permission in the specified view, configure write.
To allow specified NMSs using this community name have the rights of ViewDefault, omit mib-view view-name.
To allow all NMSs using this community name to manage specified objects on a managed device, omit acl acl-number.
- To allow specified NMSs using this community name to manage specified objects on a managed device, configure mib-view and acl.
- The community name will be saved in encrypted format in the configuration file. To facilitate identification of community names, specify the alias alias-name parameter to set the alias names for the communities. The alias names are stored in plain text in the configuration file.
NOTE: When both community name and ACL are configured, the NMS verifies the community name before accessing the device, and then checks the ACL rules. If the community name does not exist, the packet is discarded and a log indicating that the community name is wrong is printed. The ACL rule is not checked. That is, the ACL rule is checked only when the community name exists.
Precautions
- The device checks the complexity of community names in simple
text rather than in ciphertext. The device has the following requirements
for community name complexity:
The minimum length of a community name is determined by the set password min-length command. By default, a password contains 8 characters.
The community name includes at least two kinds of characters: uppercase letters, lowercase letters, numbers, and special characters (excluding ?).
If a community name fails the complexity check, the community name cannot be configured. To disable the complexity check for a community name, run the snmp-agent community complexity-check disable command, and then the length of community names in simple text ranges from 1 to 32. However, if a community name is simple and does not meet complexity requirements, it is prone to be attacked and cracked by unauthorized users, which affects device security. Therefore, enabling complexity check of community names is recommended.
- Only one type of permission can be configured for a community. If a community has both the read-only and read-write permission configured, the permission configured later takes effect.
- If you specify the parameter mib-view or acl when running the snmp-agent community command, configure the MIB view and ACL rule. If the default MIB view is deleted, the NMS using this community name cannot communicate with managed devices. To continue to use this community name, specify an existing MIB view.
- The community name is saved in cipher text in the configuration file. To delete a community name, run the undo snmp-agent community community name in plain text or undo snmp-agent community community name in plain text command. To view a community name in cipher text, run the display snmp-agent community command.
- When a user with a level lower than the level configured using this command queries the password configured using the display this command, the password is displayed as asterisks (******).
Example
# Set the name of a community to comaccess1 and configure the read-only rights for the community.
<HUAWEI> system-view [HUAWEI] snmp-agent community read comaccess1
# Set the name of a community to comaccess2 and configure the read-write rights for the community.
<HUAWEI> system-view [HUAWEI] snmp-agent community write comaccess2
snmp-agent community complexity-check disable
Function
The snmp-agent community complexity-check disable command disables the complexity check of a community name.
The undo snmp-agent community complexity-check disable command enables the complexity check of a community name.
By default, the device enables the complexity check of a community name..
Format
snmp-agent community complexity-check disable
undo snmp-agent community complexity-check disable
Usage Guidelines
Usage Scenario
The minimum length of a community name is determined by the set password min-length command. By default, a password contains 8 characters.
The community name includes at least two kinds of characters: uppercase letters, lowercase letters, numbers, and special characters (excluding ?).
Precautions
To ensure the security of SNMP community names, enable the complexity check for community names. If a community name fails the complexity check, the community name cannot be configured. The complexity check can also be disabled for a community name. However, if a community name is simple and does not meet complexity requirements, it is prone to be attacked and cracked by unauthorized users, which affects device security.
snmp-agent extend error-code enable
Function
The snmp-agent extend error-code enable command enables the device to send extended error codes to the NMS.
The undo snmp-agent extend error-code enable command disables the function of sending extended error codes to the NMS.
By default, the function of sending extended error codes to the NMS is disabled.
Usage Guidelines
With the increasing number of features and scenarios supported by the system, the current types of SNMP standard error codes can hardly meet requirements in diversified scenarios. Therefore, the extended error code is introduced. The extended error code can define more scenarios for the NMS to correctly analyze the fault type of the current NE.
If both the NMS and managed device are Huawei products, error codes are extended and more scenarios are defined after the function of sending extended error codes is enabled. As a result, users are enabled to locate and troubleshoot faults quickly and accurately.
Support of the MIB for the extended error code:
- For the MIB that supports the extended error code, you can enable the SNMP extended error code function and use Huawei NMS to provide the NMS with various error codes.
- For the MIB that does not support the extended error code, after the SNMP extended error code function is enabled, NMS of either Huawei or other vendors can obtain only the standard error code.
snmp-agent group
Function
The snmp-agent group command creates an SNMP group by mapping SNMP users to SNMP views.
The undo snmp-agent group command deletes a specified SNMP user group.
By default, no SNMP group is configured.
Format
snmp-agent group v3 group-name { authentication | privacy | noauthentication } [ read-view read-view | write-view write-view | notify-view notify-view ]* [ acl { acl-number | acl-name } ]
undo snmp-agent group v3 group-name { authentication | privacy | noauthentication }
Parameters
| Parameter | Description | Value |
|---|---|---|
| v3 | Indicates that the SNMP group uses the security mode in SNMPv3. | - |
| group-name | Specifies the name of an SNMP group. | The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| authentication | privacy | noauthentication | Indicates the security level of
the SNMP group.
|
To ensure security, it is recommended that you set the security level of the SNMP group to privacy. |
| read-view read-view | Specifies a read-only view. |
The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. read-view specified by the snmp-agent mib-view command. |
| write-view write-view | Specifies a read-write view. |
The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. write-view is specified by the snmp-agent mib-view command. |
| notify-view notify-view | Specifies a notify view. |
The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. notify-view is specified by the snmp-agent mib-view command. |
| acl { acl-number | acl-name } | Specifies the ACL.
The ACL can be a basic ACL or an advanced ACL, and the ACL configured takes effect on both IPv4 and IPv6 networks. |
|
Usage Guidelines
Usage Scenario
SNMPv1 and SNMPv2c have serious defects in terms of security. The security authentication mechanism used by SNMPv1 and SNMPv2c is based on the community name. In this mechanism, the community name is transmitted in plain text. You are not advised to use SNMPv1 and SNMPv2c on untrusted networks.
By adopting the user-based security model, SNMPv3 eradicates the security defects in SNMPv1 and SNMPv2c and provides two services, authentication and privacy. The SNMP group name and security name determine an SNMP group. SNMPv3 defines the following security levels:
- noAuthNoPriv
- AuthNoPriv
- AuthPriv
NOTE: The security authentication level noAuthPriv does not exist. This is because the generation of a key is based on the authentication information and product information.
The snmp-agent group command can be used to configure the following:
- Authentication
- Privacy
- Access rights for users of SNMP group
- Bind the SNMP group to a MIB view
- To enhance security, configure the parameter authentication or privacy.
If the noauthentication parameter is set, SNMP messages are not authenticated or encrypted. This applies to the environment that is secure and has a fixed administrator.
To authenticate SNMP messages without encryption, configure the parameter authentication. This mode is applicable to secure networks managed by many administrators who may frequently perform operations on the same device. Authentication allows only the administrators with permission to access the device.
To authenticate and encrypt SNMP messages, configure the parameter privacy. This mode is applicable to insecure networks managed by many administrators who may frequently perform operations on the same device. Authentication and encryption allow only specified administrators to access the device and encrypts data before the transmission. This prevents data from being tampered or leaked.
To grant the NMS read-only permission in the specified view, configure read-view. To grant the NMS read-write permission in the specified view, configure write-view. To filter unnecessary alarms, configure notify-view. After this parameter is configured, only alarms generated on MIB objects specified by notify-view are delivered to the NMS.
By default, the read-only view of an SNMP group is the ViewDefault view, and the names of the read-write view and inform view are not specified.
To allow specified NMSs in the same SNMPv3 group to access the device, configure acl.
Configuration Impact
When you run the undo snmp-agent group command to delete an SNMP user group, you delete all SNMP users in the SNMP user group.
Precautions
To receive trap messages specified in notify-view, you need to ensure the target host for receiving SNMP traps is specified through the snmp-agent target-host trap command.
If non authentication and non encryption, or authentication and non encryption is configured for an SNMPv3 group, these modes bring security risks. To improve system security, delete the group and create a group with authentication and encryption.
Example
# Create an SNMPv3 group named Johngroup to authenticate and encrypt SNMP messages, and set the read-only view of the SNMPv3 group to public.
<HUAWEI> system-view [HUAWEI] snmp-agent [HUAWEI] snmp-agent mib-view excluded public 1.3.6.1.2.1 [HUAWEI] snmp-agent group v3 Johngroup privacy read-view public
# Create an SNMPv3 group named Johngroup to authenticate and encrypt SNMP messages, and set the write-only view of the SNMPv3 group to private.
<HUAWEI> system-view [HUAWEI] snmp-agent [HUAWEI] snmp-agent mib-view included private 1.3.6.1.2.1 [HUAWEI] snmp-agent group v3 Johngroup privacy write-view private
snmp-agent heartbeat enable
Function
The snmp-agent heartbeat enable command enables the device to send heartbeat packets to the NMS.
The undo snmp-agent heartbeat enable command disables the device from sending heartbeat packets to the NMS.
By default, the device does not send heartbeat packets to the NMS.
snmp-agent heartbeat interval
Function
The snmp-agent heartbeat interval command sets the interval at which the device sends heartbeat packets to the NMS.
The undo snmp-agent heartbeat interval command restores the interval at which the device sends heartbeat packets to the NMS to the default interval.
By default, the device sends heartbeat packets to the NMS at an interval of 60 seconds.
Parameters
| Parameter | Description | Value |
|---|---|---|
| interval | Specifies the interval at which the device sends heartbeat packets to the NMS. | The value is an integer that ranges from 60 to 86400, in seconds. |
Usage Guidelines
Usage Scenario
After enabling the device to send heartbeat packets to the NMS, you can use the snmp-agent heartbeat interval command to set the interval at which heartbeat packets are sent. On a stable network, increase the interval to reduce the bandwidth consumed for periodic transmission of heartbeat packets.
Prerequisites
The device has been enabled to send heartbeat packets to the NMS using the snmp-agent heartbeat enable command.
snmp-agent inform
Function
The snmp-agent inform command sets global parameters of informs, including the timeout period for waiting for inform ACK messages, number of times to retransmit informs, and maximum number of informs to be confirmed in the inform buffer.
The undo snmp-agent inform command restores the default setting.
By default, the timeout waiting period for inform ACK messages is 15 seconds, the number of times to retransmit informs is 3, and the maximum number of informs in the inform buffer is 39.
Format
snmp-agent inform { timeout seconds | resend-times times | pending number } *
undo snmp-agent inform { timeout | resend-times | pending } *
Parameters
| Parameter | Description | Value |
|---|---|---|
| timeout seconds | Specifies the timeout period for waiting for inform ACK messages from the NMS. | The value is an integer ranging from 1 to 1800, in seconds. The default value is 15 seconds. |
| resend-times times | Specifies the times to retransmit informs in the case that no inform ACK message is returned from the NMS. | The value is an integer ranging from 0 to 10. The default value is 3. |
| pending number | Specifies the maximum number of informs to be confirmed in the inform buffer. | The value is an integer ranging from 1 to 2048. The default value is 39. |
Usage Guidelines
Usage Scenario
After sending an inform, the SNMP agent waits for an inform ACK message from the NMS. You can run the snmp-agent inform command to set parameters timeout, resend-times, and pending of the inform.
These three parameters mutually affect each other. For example, if the timeout period for waiting for inform ACK messages prolongs or the times to retransmit informs increase, but the maximum number of informs to be confirmed is not changed, the number of informs to be confirmed is increased, causing the inform buffer to be quickly filled up.
Once the inform buffer is filled up, the earliest inform in the inform buffer is deleted each time a new inform enters the queue. The deleted informs are not retransmitted to the NMS. To avoid this problem, you can increase the maximum number of informs to be confirmed in the inform buffer.
You can configure the snmp-agent inform command to contain the parameter timeout, resend-times, or pending according to the network condition.
- When a large number of informs are dropped on the network, you can run the snmp-agent inform pending number command to increase the inform buffer.
- When the transmission speed on the network is low, you can increase the timeout period. Increasing the timeout period will increase the waiting time of informs in the inform buffer. You can also run the snmp-agent inform { timeout seconds | pending number } * command to increase the inform.
- When the transmission speed on the network is high, you can run the snmp-agent inform timeout seconds command to reduce the timeout period.
- When informs are transmitted on an unreliable network, you can increase the retransmission times. In this case, the informs in the inform buffer need to wait for a longer time to be confirmed. You can run the snmp-agent inform { resend-times times | pending number } * command to increase the inform buffer.
Prerequisites
Parameters for sending informs take effect only after the IP address of the target host for receiving informs is configured using the snmp-agent target-host inform command.
Precautions
You need to configure only parameters for sending informs using the snmp-agent inform command; you do not need to configure parameters for sending traps.
You must set the parameters timeout, resend-times, and pending according to the network condition. Otherwise, the SNMP working efficiency is greatly affected.
snmp-agent inform address
Function
The snmp-agent inform address command sets parameters for sending informs, including the timeout period for waiting for inform ACK messages from the NMS and times to retransmit an inform.
The undo snmp-agent inform address command restores the default setting for a particular inform host.
By default, the timeout waiting period for inform ACK messages is 15 seconds and the number of times to retransmit informs is 3.
Format
snmp-agent inform { timeout seconds | resend-times times } * address udp-domain ip-address [ vpn-instance vpn-instance-name ] params securityname { security-name | cipher security-name }
undo snmp-agent inform { timeout [ seconds ] | resend-times [ times ] } * address udp-domain ip-address [ vpn-instance vpn-instance-name ] params securityname { security-name | cipher security-name }
Parameters
| Parameter | Description | Value |
|---|---|---|
| timeout seconds | Specifies the timeout period for waiting for inform ACK messages from the NMS. | The value is an integer ranging from 1 to 1800, in seconds. The default value is 15, which is equal to the global timeout period configured using the snmp-agent inform command. |
| resend-times times | Specifies the number of times that informs are retransmitted when no inform ACK message is returned from the NMS. | The value is an integer ranging from 0 to 10. The default value is 3, which is equal to the global retransmission times configured using the snmp-agent inform command. |
| address | Indicates the address of the target host for receiving
SNMP traps. NOTE:
The IP address specified by address and the security name specified by securityname together identify a host. |
The value is dotted decimal notation. |
| udp-domain ip-address | Specifies the IP address of a specified target host, with the transmission domain based on UDP. | The value is dotted decimal notation. |
| vpn-instance vpn-instance-name | Specifies the name of a VPN instance. | The value must be an existing VPN instance name. The parameter vpn-instance is optional. On a VPN network, you need to use the VPN instance specified by vpn-instance, IP address, and security name to identify a target host. |
| params | Indicates information about the target host that generates SNMP notifications. | - |
| securityname security-name | Displays the name of the target host for receiving informs
on the NMS. For SNMPv3, securityname must be configured as the user name. securityname configured on the host needs to be the same as that configured on the NMS, or the NMS cannot receive the trap messages sent from the host. For SNMPv2c, the NMS can receive trap messages from all hosts without having securityname configured. securityname is used to distinguish multiple hosts that generate trap messages. |
The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| cipher security-name | Indicates the unencrypted or encrypted string of security name. |
The value is a string of 1 to 32, 32, 48, 56, or
68 case-sensitive characters without spaces. When double quotation
marks are used around the string, spaces are allowed in the string.
|
Usage Guidelines
Usage Scenario
You can use both the snmp-agent inform address command and the snmp-agent inform command to set parameters according to the network condition.
- When a large number of Inform messages are dropped on the network, you are recommended to run the snmp-agent inform pending number command to lengthen the trap queue and then the snmp-agent inform address command to specify the destination IP address and name of the target host.
- When the transmission speed on the network is low, you are recommended to increase the timeout period. Increasing the timeout period will surely increase the waiting time of informs in the trap queue for confirmation. In this case, you are also recommended to run the snmp-agent inform { timeout seconds | pending number } * command to lengthen the trap queue and then the snmp-agent inform address command to specify the destination address and the displayed user name.
- When the transmission speed on the network is high, you are recommended to run the snmp-agent inform timeout seconds address udp-domain ip-address params securityname security-name command to reduce the timeout period.
- When informs are transmitted on an unreliable network, you are recommended to increase the retransmission times. In this case, the informs in the trap queue need to wait for a longer time to be confirmed. This requires you to run the snmp-agent inform { resend-times times | pending number } * command to lengthen the trap queue and then the snmp-agent inform address command to specify the destination address and the displayed user name.
Prerequisites
Parameters for sending informs take effect only after the IP address of the target host for receiving informs is configured using the snmp-agent target-host inform command.
Precautions
- You need to configure only parameters for sending informs using the snmp-agent inform address command; you do not need to configure parameters for sending traps.
- You must set the parameters timeout and resend-times according to the network condition. Otherwise, the SNMP working efficiency is greatly affected.
- The priority set for the timeout and resend-times parameters using the snmp-agent inform address command is higher than that set for the timeout and resend-times parameters using the snmp-agent inform command. If both parameters in Inform mode and parameters using the snmp-agent inform address command are configured, parameters using the snmp-agent inform address command take effect for a specified destination host.
- For SNMPv2c, when a user with a level lower than the level configured using this command queries the securityname configured using the display this command, the securityname is displayed as asterisks (******).
snmp-agent local-engineid
Function
The snmp-agent local-engineid command sets an engine ID for the local SNMP agent.
The undo snmp-agent local-engineid command restores the engine ID of the local SNMP agent to the default value.
By default, the device uses an internal algorithm to automatically generate an engine ID for a device. The engine ID consists of the enterprise number and the device information.
Parameters
| Parameter | Description | Value |
|---|---|---|
| engineid | Specifies the engine ID of the local SNMP agent. | The value is string of 10 to 64 hexadecimal digits. It cannot be all 0s or all Fs. |
Usage Guidelines
Usage Scenario
You can run the snmp-agent local-engineid command to set an engine ID for the local SNMP agent for identification.
The SNMP engine ID uniquely identifies an SNMP agent in a management domain. The SNMP engine ID is an important component of the SNMP agent. It schedules and processes SNMP messages, and implements security authentication and access control. You can use the display snmp-agent local-engineid command to check the engine ID of the local SNMP entity.
When setting an engine ID, you need to comply with the following rules:
The length of the octet strings varies. The first four octets are set to the binary equivalent of the agent, which is SNMP management private enterprise number and is assigned by the Internet Assigned Numbers Authority (IANA).The engine ID of Huawei devices is 2011 in decimal notation. The first digit is in binary format, and has a fixed value 1. Therefore, the engine ID in hexadecimal format is 800007DB.
The device information can be configured manually. It is recommended that the IP address or MAC address of the device be used as the device information to uniquely identify the device.
Precautions
- After the SNMP agent function is enabled using the snmp-agent command, the system automatically adopts the default engine ID for the local SNMP agent.
- If the local engine ID is set or changed, the existing SNMPv3 user with this engine ID is deleted.
snmp-agent mib-view
Function
The snmp-agent mib-view command creates or updates a MIB view.
The undo snmp-agent mib-view command cancels the configuration of the current MIB view.
In SNMPv1 and SNMPv2c, the default MIB view name is the ViewDefault and the OID is 1.3.6.1. In SNMPv3, there is no default MIB view and must be configured.
Format
snmp-agent mib-view { excluded | included } view-name oid-tree
undo snmp-agent mib-view [ excluded | included ] view-name [ oid-tree ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| excluded | Indicates that the MIB view excludes the MIB subtree. | - |
| included | Indicates that the MIB view includes the MIB subtree. | - |
| view-name | Specifies the MIB view name. | The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| oid-tree | Specifies the OID for the MIB subtree. oid-tree can be the OID (such as 1.4.5.3.1) or the name (such as system) of the subtree. | It is a string of 1 to 255 case-sensitive characters without spaces. NOTE:
It must be a valid MIB subtree. |
Usage Guidelines
Usage Scenario
Most SNMP configuration commands contain the parameter view-name. The snmp-agent mib-view command is used to create or update a view. You cannot modify or delete the default ViewDefault MIB view.
- Displaying the parameter view-name as an OID: snmp-agent mib-view included myview 1.3.6.1.2.1.
- Displaying the parameter view-name as an object name: snmp-agent mib-view excluded myview system.7.
NOTE: To uniquely identify object identifiers in SNMP messages, SNMP uses a hierarchical naming structure to distinguish object identifiers from each other. This is a tree-like structure, with the nodes (such as {1.3.6.1.2.1}) representing object identifiers. The MIB is a collection of standard variables on monitored network devices.
excluded: If a few MIB objects on the device or some objects in the current MIB view do not or no longer need to be managed by the NM station, excluded needs to be specified in the command to exclude these MIB objects.
included: If a few MIB objects on the device or some objects in the current MIB view need to be managed by the NM station, included needs to be specified in the command to include these MIB objects.
If you forget which information you have configured for a MIB view, you can run the display snmp-agent mib-view command to check it.
Precautions
When you run the snmp-agent mib-view command for multiple times to define the MIB view, the new configuration overwrites the original configuration if the values of view-name and oid-tree are the same; the new and original configurations both take effect if the values of view-name and oid-tree are different. The system can store a maximum of 256 MIB view configurations, among which there are four default views.
If both the include and exclude parameters are configured for MIB objects that have an inclusion relationship, whether to include or exclude the lowest MIB object will be determined by the parameter configured for the lowest MIB object. For example, the snmpV2, snmpModules, and snmpUsmMIB objects are from top down in the MIB table. If the exclude parameter is configured for snmpUsmMIB objects and include is configured for snmpV2, snmpUsmMIB objects will still be excluded.
snmp-agent notification-log
Function
The snmp-agent notification-log command sets the aging time of trap logs and the maximum number of trap logs that can be saved in the trap log buffer.
The undo snmp-agent notification-log command restores the default configuration.
By default, the aging time of trap logs is 24 hours, and a maximum of 500 trap logs can be saved in the trap log buffer.
Format
snmp-agent notification-log { global-ageout ageout | global-limit limit } *
undo snmp-agent notification-log { global-ageout [ ageout ] | global-limit [ limit ] } *
Parameters
| Parameter | Description | Value |
|---|---|---|
| global-ageout ageout | Specifies the aging time of trap logs. | The value can be 0 or an integer that ranges from 12 to 36, in hours. The default value is 24. The value 0 indicates that trap logs are never aged out. |
| global-limit limit | Specifies the maximum number of trap logs that can be saved in the trap log buffer. | The value is an integer that ranges from 1 to 5000. |
Usage Guidelines
Usage Scenario
No Inform ACK message is returned when the number of times to resend the Inform message in the alarm queue reaches the set threshold.
Inform messages will be discarded because the number of logged Inform messages reaches the maximum that the alarm queue can support.
Precautions
- Only Inform logs are saved to the log buffer; trap logs are not saved to the log buffer.
- If notification logs in the log buffer do not need to be aged, you can set the aging time of these notification logs to 0.
- If the number of notification logs saved to the log buffer within the aging time exceeds the limit, new notification logs can still be saved but overwrites the earlier logs in the log buffer.
- The maximum number of alarm logs specified in the snmp-agent notification-log command cannot occupy more memory than the memory occupied by the log buffer. If the size of the log buffer is excessively large, more network resources are consumed. You are therefore recommended to set the size of the log buffer to a reasonable value.
snmp-agent notification-log enable
Function
The snmp-agent notification-log enable command enables the notification logging function.
The undo snmp-agent notification-log enable command disables the notification logging function.
By default, the notification logging function is disabled.
Usage Guidelines
Usage Scenario
When the route from a network element to the NMS is unreachable because of a link failure between the network element and NMS, the network element does not send any SNMP notifications to the NMS. If the notification logging function is enabled, the network element records trap logs. When the link between the network element and NMS recovers, the NMS can obtain the trap logs recorded when the link was faulty.
After the notification logging function is enabled, the system records informs in trap logs in either of the following conditions:
No ACK message is received after an inform in the notification queue is retransmitted the specified number of times.
Earliest informs are discarded because the number of notifications in the notification queue exceeds the limit. The system records the discarded informs in trap logs.
Precautions
Only informs are recorded in trap logs, and traps are not recorded.
snmp-agent notify-filter-profile
Function
The snmp-agent notify-filter-profile command creates or updates a trap filter profile.
The undo snmp-agent notify-filter-profile command deletes a trap filter profile.
By default, no trap is filtered.
Format
snmp-agent notify-filter-profile { included | excluded } profile-name oid-tree
undo snmp-agent notify-filter-profile [ included | excluded ] profile-name
Parameters
| Parameter | Description | Value |
|---|---|---|
| included | Includes the specified MIB subtree. | - |
| excluded | Excludes the specified MIB subtree. | - |
| profile-name | Specifies the name of a trap filter profile. | The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| oid-tree | Specifies the OID for the MIB subtree. oid-tree can be the OID (such as 1.4.5.3.1) or the name (such as system) of the subtree. | The value is a string of 1 to 255 case-sensitive
characters without spaces. NOTE:
It must be a valid MIB subtree. |
Usage Guidelines
Usage Scenario
To filter trap messages sent to a target host, run the snmp-agent notify-filter-profile command to add the MIB objects to be filtered to a filter profile to limit the number of MIB objects that can send trap messages to the NMS. After the filter profile is configured using the snmp-agent notify-filter-profile command, only the trap messages generated by eligible MIB objects are sent to the NMS.
Precautions
- If no trap filter profile is configured, all traps are sent to the destination host.
- The snmp-agent notify-filter-profile command creates or updates a trap filter profile. The value of oid-tree can be an OID or a subtree name. An OID can contain asterisks (*) as wildcards. An asterisk (*) cannot be placed at the beginning or end of the OID string.
- In Include filtering mode of an alarm, OIDs of all bound variables in the alarm must be specified in this command. Otherwise, the filtering fails.
- In Exclude filtering mode of an alarm, only the OID of the alarm or that of any bound variable need to be specified in this command.
snmp-agent packet contextengineid-check enable
Function
The snmp-agent packet contextengineid-check enable command enables the device to check consistency between the contextEngineID on the NMS and the local engine ID.
The undo snmp-agent packet contextengineid-check enable command disables the device from checking consistency between the contextEngineID on the NMS and the local engine ID.
By default, the device does not check consistency between the contextEngineID on the NMS and the local engine ID.
Format
snmp-agent packet contextengineid-check enable
undo snmp-agent packet contextengineid-check enable
Usage Guidelines
Usage Scenario
If the device does not check consistency between the contextEngineID on the NMS and the local engine ID, the NMS can connect to the device even if the contextEngineID is different from the local engine ID.
To improve system security, run the snmp-agent packet contextengineid-check enable command to enable the device to check consistency between the contextEngineID on the NMS and the local engine ID.
Configuration Impact
After this function is enabled, an NMS cannot connect to the device if the contextEngineID on the NMS is different from the local engine ID.
Precautions
This consistency check function applies only to SNMPv3.
snmp-agent packet max-size
Function
The snmp-agent packet max-size command sets the maximum size of an SNMP message.
The undo snmp-agent packet max-size command restores the default setting.
By default, the maximum size of an SNMP message is 12000 bytes.
Parameters
| Parameter | Description | Value |
|---|---|---|
| byte-count | Specifies the maximum size of an SNMP message that the SNMP agent can receive and send. | The value is an integer that ranges from 484 to 17940, in bytes. The default value is 12000. |
Usage Guidelines
Usage Scenario
You are recommended to run the snmp-agent packet max-size command to set the maximum size of an SNMP message that the SNMP agent receives or sends according to the network condition.
By increasing the maximum size of an SNMP message, you can prevent the NMS from obtaining the incomplete information about the device status.
By decreasing the maximum size of an SNMP message, you can prevent the NMS or device from discarding an SNMP message because its size exceeds the processing capability of the NMS or device.
Precautions
You need to increase the size of an SNMP message according to the network condition. Otherwise, the transmission efficiency of SNMP messages is affected.
Generally, the default value is recommended.
The maximum size set through the snmp-agent packet max-size command takes effect for the SNMP messages of all SNMP versions.
snmp-agent packet-priority
Function
The snmp-agent packet-priority command sets the priority of SNMP messages.
The undo snmp-agent packet-priority command restores the default priority of SNMP messages.
By default, the priority of SNMP messages is 6.
Format
snmp-agent packet-priority { snmp | trap } priority-level
undo snmp-agent packet-priority { snmp | trap }
Parameters
| Parameter | Description | Value |
|---|---|---|
| snmp | Sets the priority of common SNMP messages (excluding
trap messages), including:
|
- |
| trap | Sets the priority of SNMP trap messages, including:
|
- |
| priority-level | Specifies the priority of SNMP messages. | The value is an integer that ranges from 0 to 7. The default value is 6. The value 0 indicates the lowest priority, and the value 7 indicates the highest priority. |
Usage Guidelines
To prevent traps from being discarded, increase the priority of SNMP trap messages so that traps can be successfully sent to the NMS.
To improve reliability of MIB operations performed on the device by the NMS, increase the priority of common SNMP messages, excluding SNMP trap messages.
When the network is severely congested and traps are generated frequently, reduce the priority of all SNMP messages, including SNMP trap messages.
snmp-agent protocol get-bulk timeout
Function
The snmp-agent protocol get-bulk timeout command configures a get-bulk operation timeout period.
The undo snmp-agent protocol get-bulk timeout command restores the default get-bulk operation timeout period.
The default get-bulk operation timeout period is 2 seconds.
Parameters
| Parameter | Description | Value |
|---|---|---|
| time | Specifies a get-bulk operation timeout period. | The value is an integer ranging from 0 to 600, in seconds. NOTE:
The value 0 indicates that a get-bulk operation never expires. |
Usage Guidelines
Usage Scenario
A get-bulk operation allows an NMS to query information about multiple managed devices at a time, equaling multiple get-next operations.
If an NMS requests many data through a get-bulk operation, a long time is required to obtain the data. You can run the snmp-agent protocol get-bulk timeout command to change the get-bulk operation timeout period.
Precautions
You are not advised to change the get-bulk operation timeout period. The default get-bulk operation timeout period is recommended. To reconfigure a get-bulk operation timeout period, you must ensure that the configured period is less than an NMS's timeout period.
snmp-agent protocol server disable
Function
The snmp-agent protocol server disable command disables the SNMP IPv4 or IPv6 listening port.
The undo snmp-agent protocol server disable command enables the SNMP IPv4 or IPv6 listening port.
By default, the SNMP IPv4 or IPv6 listening port is disabled.
Format
snmp-agent protocol server [ ipv4 | ipv6 ] disable
undo snmp-agent protocol server [ ipv4 | ipv6 ] disable
Parameters
| Parameter | Description | Value |
|---|---|---|
| ipv4 | Disables the SNMP IPv4 listening port. | - |
| ipv6 | Disables the SNMP IPv6 listening port. | - |
Usage Guidelines
Usage Scenario
To enable alarm sending to the NMS without performing the Get/Set operation, SNMP port listening is not required. To disable the SNMP IPv4 or IPv6 listening port, run the snmp-agent protocol server disable command.
This command helps separately manage and control SNMP IPv4 and IPv6 listening ports.
If ipv4 or ipv6 is not selected, both SNMP IPv4 and IPv6 listening ports are disabled.
Precautions
After you disable the SNMP IPv4 or IPv6 listening port using the snmp-agent protocol server disable command, SNMP no longer processes SNMP packets. Exercise caution when you disable the SNMP IPv4 or IPv6 listening port.
snmp-agent protocol source-interface
Function
The snmp-agent protocol source-interface command configures a source interface for receiving and responding to NM station requests.
The undo snmp-agent protocol source-interface command restores the default configuration.
By default, the source interface is not configured for receiving and responding to NM station requests.
Format
snmp-agent protocol source-interface interface-type interface-number
undo snmp-agent protocol source-interface
Parameters
| Parameter | Description | Value |
|---|---|---|
| interface-type interface-number | Specifies an interface type and number. | Currently, only loopback interfaces are supported. |
Usage Guidelines
Usage Scenario
By default, a source interface is randomly selected for receiving and responding to NM station requests, which is inconvenient for unified data management. To resolve this problem, run the snmp-agent protocol source-interface command to configure a source interface for receiving and responding to NM station requests.
Prerequisites
The interface to be configured as the source interface must have been created, and a valid IP address must have been assigned to this interface. If the interface to be configured as the source interface is not created or a valid IP address is not assigned to the interface, the snmp-agent protocol source-interface command will not take effect. If a valid IP address is assigned to the interface, the snmp-agent protocol source-interface command will take effect automatically.
Precautions
If the interface on which the snmp-agent protocol source-interface command is configured is deleted, or an address is changed or deleted on the interface, SNMP configurations will not be affected.
After SNMP is bound to the source interface, SNMP listens only this interface, through which the NMS communicates with the device. If the source interface or its IP address is deleted, SNMP will stop receiving IP packets, and therefore communication between the NMS and devices will interrupt. After the source interface's IP address is changed, the NMS can communicate with devices only through the new IP address.
snmp-agent protocol server message queue
Function
The snmp-agent protocol server message queue command configures the size of a packet queue that can be received by an SNMP agent.
The snmp-agent protocol server message queue command restores the default size.
By default, the packet queue that can be received by an SNMP agent contains 30 packets.
Format
snmp-agent protocol server message queue message-queue
undo snmp-agent protocol server message queue
Parameters
| Parameter | Description | Value |
|---|---|---|
| message-queue | Specifies the size of a packet queue. | The value is an integer ranging from 10 to 100. |
snmp-agent set-cache enable
Function
The snmp-agent set-cache enable command enables the SET response packet caching function.
The undo snmp-agent set-cache enable command disables the SET response packet caching function.
By default, the SET response packet caching function is disabled.
Usage Guidelines
If you perform a SET operation using the NMS to set parameters of a device, the device sends SET Response messages to the NMS. SET Response messages may be lost if the number of SNMP messages on a network exceeds the processing capability of the NMS. Run the snmp-agent set-cache enable command to enable the SET Response message caching function to minimize the loss of SET Response messages.
snmp-agent statistics mib disable
Function
The snmp-agent statistics mib disable command disables the statistics function about the NMS's operations on MIB objects.
The undo snmp-agent statistics mib disable command restores the default statistics status.
By default, the statistics function about the NMS's operations on MIB objects is enabled.
Usage Guidelines
Usage Scenario
An NMS performs operations on MIB objects to manage devices. Currently, SNMP supports the statistics function about these operations.
By default, the statistics function is enabled. To disable this function due to some reasons, for example, high CPU usage caused by collecting statistics about the NMS accessing MIB objects, run the snmp-agent statistics mib disable command.
Follow-up Procedure
Run the display snmp-agent statistics mib command to check statistics about the NMS's operations on MIB objects.
If the NMS accesses a great amount of MIB node information and statistics do not need to be saved, run the reset snmp-agent statistics mib command to delete the statistics.
Precautions
After you run the snmp-agent statistics mib disable command, the statistics function is disabled, but statistics that have been collected are not deleted.
snmp-agent sys-info
Function
The snmp-agent sys-info command sets the SNMP system information.
The undo snmp-agent sys-info command restores the default setting.
By default, the system maintenance information is " R&D Beijing, Huawei Technologies Co., Ltd.", the system location is "Beijing China", and the version is SNMPv3.
Format
snmp-agent sys-info { contact contact | location location | version { { v1 | v2c | v3 } * | all } }
undo snmp-agent sys-info { contact | location | version { { v1 | v2c | v3 } * | all } }
Parameters
| Parameter | Description | Value |
|---|---|---|
| contact contact | Indicates contact information of system maintenance. | The value is a string of 1 to 225 case-sensitive characters that can contain spaces. |
| location location | Indicates the location of a device. | The value is a string of 1 to 255 case-sensitive characters that can contain spaces. |
| version { { v1 | v2c | v3 } * | all } | Indicates the SNMP version.
NOTE:
This parameter can be repeatedly configured. If a device runs multiple SNMP versions, the NMS can use any one of them to manage the device. |
- |
Usage Guidelines
Usage Scenario
To configure the contact information for the managed node, you can run the snmp-agent sys-info contact command in the system. If a device fails, maintenance personnel can contact the vendor for device maintenance.
To configure the physical location of the node, you can run the snmp-agent sys-info location command in the system.
To configure features in a specified version, you can run the snmp-agent sys-info version command to set the corresponding SNMP version in the system. SNMPv1 or SNMPv2c is not secure enough. Using SNMPv3 is recommended.
- Community-name-based access control
- MIB-view-based access control
- Community-name-based access control
- MIB-view-based access control
- Supporting Inform messages
- User group
- Group-based access control
- User-based access control
- Authentication and encryption mechanisms
NOTE: Use display snmp-agent sys-info command to view the information of the system maintenance, the physical location of the node and the SNMP version.
Precautions
A lack of authentication capabilities in SNMPv1 and SNMPv2c results in vulnerability to security threats, so SNMPv3 is recommended.
Example
# Set the contact information of the system maintenance as "call Operator at 010-12345678".
<HUAWEI> system-view [HUAWEI] snmp-agent sys-info contact call Operator at 010-12345678
# Set the location of a device as "shanghai China".
<HUAWEI> system-view [HUAWEI] snmp-agent sys-info location shanghai China
# Set the current SNMP version used by the system to v2c.
<HUAWEI> system-view [HUAWEI] snmp-agent sys-info version v2c
snmp-agent target-host inform
Function
The snmp-agent target-host inform command sets the target host for receiving Inform messages.
The undo snmp-agent target-host command cancels the target host set to receive Inform messages.
By default, the target host for receiving Inform messages is not set.
Format
snmp-agent target-host inform address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | [ vpn-instance vpn-instance-name | public-net ] ] * params securityname { security-name | cipher security-name } v2c [ notify-filter-profile profile-name | ext-vb ] *
snmp-agent target-host inform address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | [ vpn-instance vpn-instance-name | public-net ] ] * params securityname security-name v3 [ authentication | privacy ] [ notify-filter-profile profile-name | ext-vb ] *
undo snmp-agent target-host ip-address securityname { security-name | cipher security-name } [ vpn-instance vpn-instance-name ]
undo snmp-agent target-host inform address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | [ vpn-instance vpn-instance-name | public-net ] ] * params securityname { security-name | cipher security-name }
Parameters
| Parameter | Description | Value |
|---|---|---|
| address | Specifies the IP address of a specified target host. | - |
| udp-domain ip-address | Specifies the IP address of a specified target host, with the transmission domain being based on UDP. | It is dotted decimal notation. |
| udp-port port-number | Specifies the UDP port of the specified target host for receiving Inform messages. | The value is an integer ranging from 0 to 65535. The default value is 162. |
| source interface-type interface-number | Specifies the source interface of the device for sending Inform messages. | - |
| vpn-instance vpn-instance-name | Specifies VPN instance to which the target host belongs. | The value must be an existing VPN instance name. |
| public-net | Indicates the target host is on the public network. | - |
| params | Indicates information about the target host that generates SNMP notifications. | - |
| securityname security-name | Specifies the user security name displayed on the NMS. For SNMPv3, securityname must be configured as the user name. securityname configured on the host needs to be the same as that configured on the NMS, or the NMS cannot receive the trap messages sent from the host. Ensure that the security-name value is the same as the created user name; otherwise, the NMS cannot access the device. For SNMPv1 and SNMPv2c, the NMS can receive trap messages from all hosts without having securityname configured. securityname is used to distinguish multiple hosts that generate trap messages. |
The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| cipher security-name | Indicates the unencrypted or encrypted string of security name. |
The value is a string of 1 to 32, 32, 48, 56, or
68 case-sensitive characters without spaces. When double quotation
marks are used around the string, spaces are allowed in the string.
|
| v2c | Indicates the SNMP version is SNMPv2c. | - |
| v3 | Indicates the SNMP version is SNMPv3. | - |
| authentication | privacy | Specifies the security mode.
This parameter takes effect only in SNMPv3.
|
- |
| notify-filter-profile profile-name | Specifies the filtering view name. | The filtering view must exists. |
| ext-vb | Indicates that traps sent to a target host carry extended bound variables. If a Huawei data communication device extends the trap objects defined in the public MIB, you can configure this parameter to determine whether traps sent to the NMS carry extended bound variables.
|
- |
Usage Guidelines
Usage Scenario
After sending an Inform message, the device waits for an Inform ACK message from the NMS and will retransmit the same Inform message only when no Inform ACK message is received from the NMS within the specified period. If the SNMP agent does not receive the inform ACK message from the NMS during the retransmission period, the SNMP agent deletes this inform message from the trap queue. This ensures that the NMS can receive the SNMP Inform messages to the maximum extent.
If there are multiple target hosts, you need to run the snmp-agent target-host inform command on each target host. If the snmp-agent target-host inform command is executed for multiple times on the target host, only the last successful operation takes effect.
- If the public-net parameter is specified, the system accesses the target host on the public network.
- If the vpn-instance vpn-instance-name parameter is specified, the system accesses the target host in the specified VPN instance.
- If both the public-net and vpn-instance vpn-instance-name parameters
are not specified:
- If the source interface-type interface-number parameter is specified and a VPN instance is bound to the specified interface, the system accesses the target host in the VPN instance. If no VPN instance is bound to the specified interface, the system accesses the target host on the public network.
- If the snmp-agent trap source command is run to configure a source interface for sending trap packets and a VPN instance is bound to the interface, the system accesses the target host in the VPN instance. If no VPN instance is bound to the interface, the system accesses the target host on the public network.
- If the set net-manager vpn-instance command is run to configure a network management VPN instance, the system accesses the target host in this VPN instance.
- If none of the preceding conditions is met, the system accesses the target host on the public network.
Configuration Impact
The transmission of Inform messages, however, consumes more resources than that of traps.
Precautions
The snmp-agent notify-filter-profile command is used to create or update the trap filtering information. The NMS filters trap messages according to the profile and sends only the eligible trap messages to the target host. If notify-filter-profile is not configured, all trap messages are sent to the target host.
- Level 1: privacy (authentication and encryption)
- Level 2: authentication (without encryption)
- Level 3: noauthentication (no authentication or encryption)
When SNMPv3 is used to send Inform messages, run the snmp-agent remote-engineid usm-user v3 command to configure a remote SNMPv3 user whose remote engine ID must be the same as the engine ID of the destination host.
The securityname configuration of an SNMPv2c alarm host is displayed in ciphertext, whereas the securityname configuration of an SNMPv3 alarm host is displayed in simple text. For SNMPv2c, when a user with a level lower than the level configured using this command queries the securityname configured using the display this command, the securityname is displayed as asterisks (******).
Example
# Configure alarms to be sent in inform mode, set the security name of the host to 123 and protocol version to SNMPv2c, and send alarms to the NMS host with the IP address of 192.168.10.1.
<HUAWEI> system-view [HUAWEI] snmp-agent trap enable [HUAWEI] snmp-agent target-host inform address udp-domain 192.168.10.1 params securityname 123 v2c
snmp-agent target-host trap
Function
The snmp-agent target-host trap command configures the target host for receiving SNMP traps.
The undo snmp-agent target-host command deletes the target host configuration for receiving SNMP traps.
By default, the target host is not set.
Format
snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | [ public-net | vpn-instance vpn-instance-name ] ] * params securityname security-name [ [ v1 | v2c | v3 [ authentication | privacy ] ] | private-netmanager | notify-filter-profile profile-name | ext-vb ] *
snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | [ public-net | vpn-instance vpn-instance-name ] ] * params securityname cipher security-name [ [ v1 | v2c ] | private-netmanager | notify-filter-profile profile-name | ext-vb ] *
undo snmp-agent target-host ip-address securityname { security-name | cipher security-name } [ vpn-instance vpn-instance-name ]
undo snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | [ public-net | vpn-instance vpn-instance-name ] ] * params securityname { security-name | cipher security-name }
Parameters
| Parameter | Description | Value |
|---|---|---|
| address | Specifies the IP address of a specified target host. | - |
| udp-domain ip-address | Specifies the IP address of a specified target host, with the transmission domain being based on UDP. | - |
| udp-port port-number | Specifies the UDP port of the specified target host for receiving Trap messages. | The value is an integer ranging from 0 to 65535. The default value is 162. |
| source interface-type interface-number | Specifies the source interface of the device for sending Trap messages. | - |
| public-net | Specifies VPN instance to which the target host belongs. | - |
| vpn-instance vpn-instance-name | Indicates the target host is on the public network. | The value must be an existing VPN instance name. |
| params securityname security-name | Specifies the user security name displayed on the NMS. For SNMPv3, securityname must be configured as the user name. securityname configured on the host needs to be the same as that configured on the NMS, or the NMS cannot receive the trap messages sent from the host. Ensure that the security-name value is the same as the created user name; otherwise, the NMS cannot access the device. For SNMPv1 and SNMPv2c, the NMS can receive trap messages from all hosts without having securityname configured. securityname is used to distinguish multiple hosts that generate trap messages. |
The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| cipher security-name | Indicates the unencrypted or encrypted string of security name. |
The value is a string of 1 to 32, 32, 48, 56, or
68 case-sensitive characters without spaces. When double quotation
marks are used around the string, spaces are allowed in the string.
|
| v1 | v2c | v3 | Indicates the SNMP version.
|
- |
| authentication | privacy | Specifies the security mode.
This parameter takes effect only in SNMPv3.
|
- |
| private-netmanager | Indicates the Huawei NMS as the target host receiving a trap. When a Huawei NMS is deployed and this parameter is configured, a trap sent to the NMS contains more information, such as the trap type, sequence of the trap, and sending time. | - |
| notify-filter-profile profile-name | Specifies the filtering view name. If the trap filtering is not configured using the parameter notify-filter-profile, all traps will be sent to the destination host. | The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| ext-vb | Indicates that traps sent to a target host carry extended bound variables. If a Huawei data communication device extends the trap objects defined in the public MIB, you can configure this parameter to determine whether traps sent to the NMS carry extended bound variables.
|
- |
Usage Guidelines
Usage Scenario
SNMP notifications can be classified into traps and inform messages. Trap messages are less reliable than inform messages because the NMS does not send any acknowledgment when it receives a trap. In this case, the sender cannot verify whether the trap has been received. Informs are configured with an acknowledgment mechanism and therefore are reliable.
To configure multiple target hosts, you must run the snmp-agent target-host trap command on each target host. If you run the snmp-agent target-host trap command for multiple times on a host, only the latest configuration takes effect. For example, if you configure the trap function for a host that has been configured with trap, the second configuration takes effect.
- If the public-net parameter is specified, the system accesses the target host on the public network.
- If the vpn-instance vpn-instance-name parameter is specified, the system accesses the target host in the specified VPN instance.
- If both the public-net and vpn-instance vpn-instance-name parameters
are not specified:
- If the source interface-type interface-number parameter is specified and a VPN instance is bound to the specified interface, the system accesses the target host in the VPN instance. If no VPN instance is bound to the specified interface, the system accesses the target host on the public network.
- If the snmp-agent trap source command is run to configure a source interface for sending trap packets and a VPN instance is bound to the interface, the system accesses the target host in the VPN instance. If no VPN instance is bound to the interface, the system accesses the target host on the public network.
- If the set net-manager vpn-instance command is run to configure a network management VPN instance, the system accesses the target host in this VPN instance.
- If none of the preceding conditions is met, the system accesses the target host on the public network.
Configuration Impact
No matter whether a trap sent from the SNMP agent reaches the NMS, the SNMP agent deletes the trap to reduce the resource consumption.
Precautions
- Level 1: privacy (authentication and encryption)
- Level 2: authentication (without encryption)
- Level 3: noauthentication (no authentication or encryption)
If the SNMP trap function has been enabled, to ensure that SNMPv3-running devices normally send trap messages, notify-view notify-view must be configured in the snmp-agent group command for the user group to which securityname belongs to allow the devices to have the right to send trap messages.
For SNMPv1 and SNMPv2c, when a user with a level lower than the level configured using this command queries the securityname configured using the display this command, the securityname is displayed as asterisks (******).
Example
# Allow the SNMP agent to send SNMP traps to the target host with the IP address of 10.1.1.1.
<HUAWEI> system-view [HUAWEI] snmp-agent trap enable [HUAWEI] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname comaccess
# Allow the SNMP agent to send SNMP traps to the Huawei NMS with the IP address of 10.1.1.1.
<HUAWEI> system-view [HUAWEI] snmp-agent trap enable [HUAWEI] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname comaccess private-netmanager
snmp-agent target-host trap ipv6
Function
The snmp-agent target-host trap ipv6 command configures a target host to receive SNMP trap messages.
The undo snmp-agent target-host ipv6 command deletes the configuration of a target host to receive SNMP trap messages.
By default, the target host that receives SNMP trap messages is not set.
Format
snmp-agent target-host trap ipv6 address udp-domain ipv6-address [ udp-port port-number | vpn-instance vpn-instance-name ] * params securityname security-name [ [ v1 | v2c | v3 [ authentication | privacy ] ] | private-netmanager | notify-filter-profile profile-name | ext-vb ] *
snmp-agent target-host trap ipv6 address udp-domain ipv6-address [ udp-port port-number | vpn-instance vpn-instance-name ] * params securityname cipher security-name [ [ v1 | v2c ] | private-netmanager | notify-filter-profile profile-name | ext-vb ] *
undo snmp-agent target-host ipv6 ipv6-address securityname { security-name | cipher security-name } [ vpn-instance vpn-instance-name ]
undo snmp-agent target-host trap ipv6 address udp-domain ipv6-address [ udp-port port-number | vpn-instance vpn-instance-name ] * params securityname { security-name | cipher security-name }
Parameters
| Parameter | Description | Value |
|---|---|---|
| ipv6 address | Sets the IPv6 address of the target host used to receive SNMP trap messages. | - |
| udp-domain | Indicates that trap messages are sent to the target host through the User Datagram Protocol (UDP). | - |
| ipv6-address | Specifies the IPv6 address of the target host. | - |
| udp-port port-number | Specifies the port number used to receive trap messages. | The value is an integer that ranges from 0 to 65535. The default value is 162. |
| vpn-instance vpn-instance-name | Specifies a VPN instance name. If the vpn-instance vpn-instance-name parameter is not specified, the system accesses the target host on the public network. |
The vpn-instance parameter is optional. If vpn-instance is configured, the VPN instance specified by vpn-instance vpn-instance-name, IP address, and security name specified by securityname security-string form a 3-tuple to identify a host on a VPN. |
| params securityname security-name | Specifies the SNMP security name that is displayed as
the user name on the NMS. For SNMPv3, securityname must be configured as the user name. securityname configured on the host needs to be the same as that configured on the NMS, or the NMS cannot receive the trap messages sent from the host. For SNMPv1 and SNMPv2c, the NMS can receive trap messages from all hosts without having securityname configured. securityname is used to distinguish multiple hosts that generate trap messages. |
The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| cipher security-name | Indicates the unencrypted or encrypted string of security name. |
The value is a string of 1 to 32, 32, 48, 56, or
68 case-sensitive characters without spaces. When double quotation
marks are used around the string, spaces are allowed in the string.
|
| v1 | v2c | v3 | Specifies the SNMP version.
|
- |
| authentication | privacy | Specifies the security mode for SNMP trap messages.
|
- |
| private-netmanager | Indicates that the target host is a Huawei NMS. Specify this parameter when a Huawei NMS is used. This parameter enables trap messages sent to the NMS to contain more information, including types, sequence numbers, and transmission time of trap messages. | - |
| notify-filter-profile profile-name | Specifies the name of a trap filter profile. | The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| ext-vb | Indicates that trap messages sent to a target host carry extended bound variables. If alarm objects defined in public MIBs are extended on a Huawei data communication device, you can use ext-vb to determine whether the trap messages sent to the NMS carry extended bound variables.
|
- |
Usage Guidelines
Usage Scenario
This command is used to configure an IPv6 NMS host so that traps can be sent to the host using the IPv6 protocol.
Precautions
- Level 1: privacy (authentication and encryption)
- Level 2: authentication (without encryption)
- Level 3: noauthentication (no authentication or encryption)
For SNMPv1 and SNMPv2c, when a user with a level lower than the level configured using this command queries the securityname configured using the display this command, the securityname is displayed as asterisks (******).
Example
# Configure an IPv6 NMS host that uses SNMP v3. Set the security name to Huawei and configure traps to be authenticated and encrypted.
<HUAWEI> system-view [HUAWEI] snmp-agent trap enable Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:y [HUAWEI] snmp-agent target-host trap ipv6 address udp-domain FC00::1 params securityname Huawei v3 privacy
snmp-agent trap disable
Function
The snmp-agent trap disable command disables the trap function for all features.
The undo snmp-agent trap disable command restores the trap function for all features to the default status.
By default, the display snmp-agent trap all command can be used to view the status of the trap function for all features.
Usage Guidelines
To disable the trap function for all modules, run the snmp-agent trap disable command.
To restore the trap function for all features to the default status, run the undo snmp-agent trap disable or undo snmp-agent trap enable command.
NOTE: To disable the trap function for a specified module, run the undo snmp-agent trap enable feature-name command.
snmp-agent trap enable
Function
The snmp-agent trap enable command enables the switch to send traps.
The undo snmp-agent trap enable command restores the default setting.
The default configuration of the snmp-agent trap enable command can be checked by the display snmp-agent trap all command.
Usage Guidelines
- To enable the trap function for all modules, run the snmp-agent trap enable command.
- To disable the trap function for all modules, run the snmp-agent trap disable command.
- To enable the trap function for a specified module, run the snmp-agent trap enable feature-name feature-name command.
- To disable the trap function for a specified module, run the undo snmp-agent trap enable feature-name feature-name command.
- To enable a specified trap for a specified module, run the snmp-agent trap enable feature-name feature-name trap-name trap-name command.
- To disable a specified trap for a specified module, run the undo snmp-agent trap enable feature-name feature-name trap-name trap-name command.
- To restore the default trap status of all modules, run the undo snmp-agent trap disable or undo snmp-agent trap enable command.
The snmp-agent trap enable command must be used together with the snmp-agent target-host inform command or snmp-agent target-host trap command.
To enable a device to send traps, you need to run at least the snmp-agent target-host inform command or snmp-agent target-host trap command on the device to specify the destination address of the traps.
snmp-agent trap enable feature-name
Function
The snmp-agent trap enable feature-name command enables a specified trap for a specified feature.
The undo snmp-agent trap enable feature-name command disables a specified trap for a specified feature.
The default configuration of the snmp-agent trap enable feature-name command can be checked using the display snmp-agent trap all command.
Format
snmp-agent trap enable feature-name feature-name [ trap-name trap-name ]
undo snmp-agent trap enable feature-name feature-name [ trap-name trap-name ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| feature-name | Specifies the name of the feature that generates traps. | - |
| trap-name trap-name | Specifies the name of a trap. | - |
Usage Guidelines
If trap-name trap-name is not specified, the switch enables all traps about a specified feature after the snmp-agent trap enable feature-name feature-name command is used.
You can run the display snmp-agent trap feature-name all command to check the configuration result.
snmp-agent trap enable feature-name bulkstat
Function
The snmp-agent trap enable feature-name bulkstat command enables traps for the bulk statistics collection module.
The undo snmp-agent trap enable feature-name bulkstat command disables traps for the bulk statistics collection module.
By default, all traps of the bulk statistics collection module are disabled.
Format
snmp-agent trap enable feature-name bulkstat [ trap-name { hwbulkstatcollectincomplete | hwbulkstatcollectresume | hwbulkstattransferfilediscard | hwbulkstaturlconnectionfail | hwbulkstaturlconnectionresume } ]
undo snmp-agent trap enable feature-name bulkstat [ trap-name { hwbulkstatcollectincomplete | hwbulkstatcollectresume | hwbulkstattransferfilediscard | hwbulkstaturlconnectionfail | hwbulkstaturlconnectionresume } ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| trap-name | Enables the trap for a specified event. If the trap-name parameter is not specified, all traps of the bulk statistics collection module are enabled. |
- |
| hwbulkstatcollectincomplete | Indicates the trap generated when the statistics collected in a bulk file within a collection interval are incomplete. | - |
| hwbulkstatcollectresume | Indicates the trap generated when the statistics collected in a bulk file within a subsequent collection interval are complete. | - |
| hwbulkstattransferfilediscard | Indicates the trap generated when a bulk file fails to be transferred to the specified URL and is discarded. | - |
| hwbulkstaturlconnectionfail | Indicates the trap generated when the system fails to set up a connection to the URL for uploading the bulk file. | - |
| hwbulkstaturlconnectionresume | Indicates the trap generated when the connection to the URL for uploading the bulk file recovers. | - |
Usage Guidelines
To monitor the use of the bulk statistics collection function, enable all traps of the bulk statistics collection module or enable the trap of a specified event by specifying the trap-name parameter according to your own needs.
Example
# Enable the trap of the hwbulkstatcollectincomplete event for the bulk statistics collection module.
<HUAWEI> system-view
[HUAWEI] bulk-stat enable
Info: Succeeded in enabling the bulk stat function.
[HUAWEI] snmp-agent trap enable feature-name bulkstat trap-name hwbulkstatcollectincomplete
snmp-agent trap enable feature-name snmp
Function
The snmp-agent trap enable feature-name snmp command enables an SNMP trap.
The undo snmp-agent trap enable feature-name snmp command disables an SNMP trap.
By default, the coldStart and warmStart traps are enabled and the authenticationFailure trap is disabled.
Format
snmp-agent trap enable feature-name snmp [ trap-name trap-name ]
undo snmp-agent trap enable feature-name snmp [ trap-name trap-name ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| trap-name trap-name | Specifies the name of a trap. | The traps are as follows:
|
Usage Guidelines
- coldStart: This trap is generated when the device is powered off and restarted.
- warmStart: This trap is generated when the status of SNMP agent is changed from disable to enable.
- authenticationFailure: This trap is generated when a user uses an incorrect community name and is unable to log in to the device.
- hwSNMPLockThreshold: This trap is generated when the number of users who were locked due to an authentication failure reached the upper threshold.
- hwSNMPLockThresholdResume: This trap is generated when the number of users who were locked due to an authentication failure fell below the lower threshold.
You can run the display snmp-agent trap feature-name snmp all command to check the configuration result.
snmp-agent trap life
Function
The snmp-agent trap life command sets the lifetime of trap messages. When the lifetime expires, the trap messages are discarded.
The undo snmp-agent trap life command cancels the current settings.
By default, the lifetime of trap messages is 300 seconds.
Parameters
| Parameter | Description | Value |
|---|---|---|
| seconds | Specifies the lifetime of trap messages. | The value is an integer that ranges from 1 to 2592000, in seconds. The default value is 300. |
snmp-agent trap queue-size
Function
The snmp-agent trap queue-size command sets the queue length of the trap messages sent to a target host.
The undo snmp-agent trap queue-size command cancels the current settings.
The default value is 1000.
Parameters
| Parameter | Description | Value |
|---|---|---|
| size | Specifies the queue length of trap messages. | The value is an integer that ranges from 1 to 1000. The default value is 1000. |
Usage Guidelines
When a large number of trap messages need to be sent in a certain period of time, packets will be lost if the queue length of trap messages is insufficient. The queue length can be adjusted to reduce the packet loss ratio.
When the lifetime of trap messages is long, the queue length of trap messages needs to be lengthened. If the queue length is not lengthened, packet loss will occur.
snmp-agent trap start-trap resend disable
Function
The snmp-agent trap start-trap resend disable command disables the function of resending device cold-start or warm-start traps.
The undo snmp-agent trap start-trap resend disable command restores the default status of the function of resending device cold-start or warm-start traps.
By default, the function of resending device cold-start or warm-start traps is enabled.
Usage Guidelines
- The system resends a cold-start or warm-start trap for three consecutive times to ensure that the trap can be sent to the destination.
- The first trap that the device sends must be a cold-start or warm-start trap. If another alarm is generated before the cold-start or warm-start trap, the system buffers that alarm and sends it only after the cold-start or warm-start trap is sent. The system also resends the buffered alarm for three consecutive times.
If the function of resending device cold-start or warm-start traps is not required any more, run the snmp-agent trap start-trap resend disable command to disable it.
snmp-agent trap source
Function
The snmp-agent trap source command sets the source interface from which traps are sent.
The undo snmp-agent trap source command removes the set source interface configuration.
By default, source interface is not set.
Parameters
| Parameter | Description | Value |
|---|---|---|
| interface-type interface-number | Specifies the type and number of the source interface that sends traps. | - |
Usage Guidelines
Usage Scenario
You can run the snmp-agent trap source command to specify the type and number of the interface on the device from which traps are sent. The system specifies the IP address of this interface as the source IP address of traps. In this way, the trap source can be identified on the NMS.
Precautions
The source interface that sends traps must have an IP address; otherwise, the commands will fail to take effect. To ensure device security, it is recommended that you set the source IP address to the local loopback address.
The source interface in traps on the device must be the same as the source interface specified on the NM station. Otherwise, the NM station cannot receive traps.
snmp-agent trap source-port
Function
The snmp-agent trap source-port command configures the number of the source port that sends trap messages.
The undo snmp-agent trap source-port command restores the default number of the source port that sends trap messages.
By default, the source port that sends trap messages is a random port.
Parameters
| Parameter | Description | Value |
|---|---|---|
| port-num | Specifies the number of the source port that sends trap messages. | The value is an integer ranging from 1025 to 65535. |
Usage Guidelines
Usage Scenario
To improve security of network packets, run the snmp-agent trap source-port command to configure the source port that sends trap messages. Therefore, the user firewall filters packets based on the port number.
Precautions
By default, a random port is used to send trap messages, and no configuration file is generated. After you configure a specific source port, the corresponding configuration file is generated. If you delete the specified source port, no configuration file is generated.
If a device sends packets to the NMS in Inform mode and the snmp-agent trap source-port command is run to change the source port number, SNMP uses the new source port instead of the original port to receive response packets from the NMS. As a result, packets are retransmitted.
snmp-agent trap type
Function
The snmp-agent trap type command configures the device to send ENTITYTRAP traps or BASETRAP traps.
The undo snmp-agent trap type command restores the default configuration.
By default, the device sends BASETRAP traps.
Usage Guidelines
Usage Scenario
- The BASETRAP traps are sent when faults occur, so they are classified based on fault types. For example, the same BASETRAP trap is sent when a board or a fan is removed.
- The ENTITYTRAP traps are classified based on hardware types. For example, different ENTITYTRAP traps are sent when a board is removed and when a fan is removed.
Precautions
- The trap type is set to base-trap using the snmp-agent trap type command.
- The BASETRAP trap function is enabled.
- The trap type is set to entity-trap using the snmp-agent trap type command.
- The ENTITYTRAP trap function is enabled.
snmp-agent udp-port
Function
The snmp-agent udp-port command sets the listening port of the SNMP agent.
The undo snmp-agent udp-port command restores the default listening port of the SNMP agent.
By default, the listening port of the SNMP agent is 161.
Parameters
| Parameter | Description | Value |
|---|---|---|
| port-num | Specifies the listening port of the SNMP agent. | The value is 161 or an integer that ranges from 1025 to 65535. |
Usage Guidelines
Usage Scenario
The SNMP agent is a proxy process running on a network device. By default, the SNMP agent listens on port 161 to respond to instructions sent from the NMS. In this manner, the NMS can manage the network device. Fixing the listing port may threaten network security. For example, if all attack packets are sent to this listening port, the network is congested.
To improve device security, run the snmp-agent udp-port command to change the listening port of the SNMP agent.
Configuration Impact
After you run this command, the SNMP agent listens on the new port number. The original SNMP connection with the NMS is torn down, and the NMS must use the new port number to connect to the device.
Precautions
The listening port configured on the NMS must be the same as that specified by the snmp-agent udp-port command. Otherwise, the NMS cannot connect to the device.
snmp-agent usm-user
Function
The snmp-agent usm-user command adds a user to an SNMP user group.
The undo snmp-agent usm-user command deletes a user from an SNMP user group.
By default, the SNMP user group has no users added.
Format
snmp-agent [ remote-engineid engineid ] usm-user v3 user-name [ group group-name | acl { acl-number | acl-name } ] *
snmp-agent [ remote-engineid engineid ] usm-user v3 user-name authentication-mode { md5 | sha } [ localized-configuration cipher password | cipher password ]
snmp-agent [ remote-engineid engineid ] usm-user v3 user-name privacy-mode { des56 | aes128 | aes192 | aes256 | 3des } [ localized-configuration cipher password | cipher password ]
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } password [ privacy-mode { des56 | aes128 | aes192 | aes256 | 3des } encrypt-password ] ] [ acl acl-number ]
snmp-agent usm-user v3 user-name group-name [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name [ engineid engineid | local ]
undo snmp-agent [ remote-engineid engineid ] usm-user v3 user-name [ group | acl | authentication-mode | privacy-mode ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| remote-engineid engineid | Specifies the ID of the engine associated with a user. NOTE:
remote-engineid engineid must be set to the engine ID of the destination host that receives alarms. The engine IDs of the source and destination hosts must be different. |
The value is string of 10 to 64 hexadecimal digits. It cannot be all 0s or all Fs. |
| v3 | Indicates that the security mode in v3 is adopted. | - |
| user-name | Specifies the name of a user. | The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| group group-name | Specifies the name of the group to which a user belongs. | The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| authentication-mode | Sets the authentication mode. NOTE:
Authentication
is a process in which the SNMP agent (or the NMS) confirms that the
message is received from an authorized NMS (or SNMP agent) and the
message is not changed during transmission. RFC 2104 defines Keyed-Hashing
for Message Authentication Code (HMAC), an effective tool that uses
the security hash function and key to generate the message authentication
code. This tool is widely used in the Internet. HMAC used in SNMP
includes HMAC-MD5-96 and HMAC-SHA-96. The hash function of HMAC-MD5-96
is MD5 that uses 128-bit authKey to generate the key. The hash function
of HMAC-SHA-96 is SHA-1 that uses 160-bit authKey to generate the
key. |
- |
| md5 | sha | Indicates the authentication protocol.
NOTE:
The calculation speed of the HMAC-MD5-96 algorithm is faster than that of the HMAC-SHA-96 algorithm; the HMAC-SHA-96 algorithm is more secure than the HMAC-MD5-96 algorithm. To ensure high security, please use the HMAC-SHA-96 algorithm. |
- |
| privacy-mode | Specifies the authentication with encryption. The system adopts the cipher block chaining (CBC) code of the data encryption standard (DES) and uses 128-bit privKey to generate the key. The NMS uses the key to calculate the CBC code and then adds the CBC code to the message while the SNMP agent fetches the authentication code through the same key and then obtains the actual information. Like the identification authentication, the encryption requires the NMS and the SNMP agent to share the same key to encrypt and decrypt the message. |
- |
| des56 | aes128 | aes192 | aes256 | 3des | Indicates 3DES, AES–128, AES–192, AES–256, or DES–56
as the encryption protocol. NOTE:
To ensure high security, the DES56 or 3DES algorithm is not recommended. If the DES56 or 3DES algorithm is used, do not use passwords composed of repeated character strings. For example, in str*n, str is a repeated character string and n indicates the number of times this string repeats. Otherwise, the passwords containing any times of str can pass authentication. For example, if the password is Huawei@123Huawei@123, passwords Huawei@123, Huawei@123Huawei@123, and Huawei@123Huawei@123Huawei@123 can all pass authentication. |
- |
| localized-configuration | Specifies the localized password configuration mode. NOTE:
After authentication and encryption passwords are configured through MIB, this keyword is displayed in the commands recorded in configuration files. After authentication and encryption passwords are configured through command line, you are not advised to use this keyword. If this keyword is used, the cipher text passwords configured later use the local format. As a password with the localized-configuration keyword is related to the engine ID, copying configurations with this keyword from one device to another causes the password to be invalid. |
- |
| cipher password | Specifies the password. | The value is a case-insensitive string without spaces. It must be in cipher text format with 32 to 108 characters. When double quotation marks are used around the string, spaces are allowed in the string. |
| encrypt-password | Specifies the password. | The value is a case-insensitive string without spaces. It must be in cipher text format with 32 to 108 characters. When double quotation marks are used around the string, spaces are allowed in the string. |
| acl { acl-number | acl-name } | Specifies the ACL:
The ACL can be a basic ACL or an advanced ACL, and the ACL configured takes effect on both IPv4 and IPv6 networks. |
|
| engineid engineid | Specifies the ID of the engine associated with a user. | The value is string of 10 to 64 hexadecimal digits. It cannot be all 0s or all Fs. |
| local | Indicates the local entity user. | - |
Usage Guidelines
Usage Scenario
SNMPv1 and SNMPv2c have serious defects in terms of security. The security authentication mechanism used by SNMPv1 and SNMPv2c is based on the community name. In this mechanism, the community name is transmitted in plain text. You are not advised to use SNMPv1 and SNMPv2c on untrusted networks.
NOTE: The snmp-agent group command can be used to configure the authentication, encryption, and access rights for an SNMP group. The snmp-agent group command can be used to configure the rights for users in a specified SNMP group and bind the SNMP group to a MIB view. The MIB view is created through the snmp-agent mib-view command. For details, see the usage guideline of this command. After an SNMP user group is configured, the MIB-view-based access control is configured for the SNMP user group. Users cannot access objects in the MIB view through the SNMP user group. The purpose of adding SNMP users to an SNMP user group is to ensure that SNMP users in an SNMP user group have the same security level and access control list. When you run the snmp-agent usm-user command to configure a user in an SNMP user group, you configure the MIB-view-based access rights for the user. If an SNMP user group is configured with the AuthPriv access rights, you can configure the authentication mode and encryption mode when configuring SNMP users. Note that the authentication keys and encryption passwords configured on the NMS and the SNMP agent should be the same; otherwise, authentication fails.
To ensure that the NMS correctly receives the alarm in Inform mode sent by the switch, run the snmp-agent remote-engineid engineid usm-user v3 user-name command to specify the NMS engine ID on the host. After the command is run, the host encapsulates the NMS engine ID in the Authoritative Engine ID field of the SNMPv3 alarm packet before sending the alarm in Inform mode. After receiving the alarm, the NMS compares the engine ID carried in the received packet with its own engine ID. If the two IDs match, the NMS sends a response to the alarm host. If the two IDs do not match, the NMS discards the packet.
When the NMS and device are in an insecure network environment, for example, a network prone to attacks, it is recommended that you configure different authentication password and encryption password to improve security.
Configuration Impact
snmp-agent usm-user v3 user-name [ group group-name | acl acl-name ] *
snmp-agent usm-user v3 user-name authentication-mode { md5 | sha } [cipher password ]
snmp-agent usm-user v3 user-name privacy-mode { des56 | aes128 | aes192 | aes256 | 3des } [ cipher password ]
snmp-agent usm-user v3 user-name [ group group-name | acl acl-name ] *
The undo snmp-agent usm-user v3 user-name group-name [ engineid engineid | local ] command can be executed only when it is entered completely.
If an SNMP agent is configured with a remote user, the engine ID is required during the authentication. If the engine ID changes after the remote user is configured, the remote user becomes invalid.
Precautions
- Level 1: privacy (authentication and encryption)
- Level 2: authentication (without encryption)
- Level 3: none (neither authentication nor encryption)
If the user security level is set to neither authentication nor encryption, the user only has the read-only permission within MIB-2 (OID: 1.3.6.1.2.1).
To add an SNMP user to an SNMP group, ensure that the SNMP user group is valid.
If you run the snmp-agent usm-user command multiple times, only the latest configuration takes effect.
Keep your user name and plain-text password well when creating the user. The plain-text password is required when the NMS accesses the device.
The minimum length of a community name is determined by the set password min-length command. By default, a password contains 8 characters.
The password must contain at least two of the following characters: upper-case character, lower-case character, digit, and special character.
Special characters do not include the question mark (?) and space.
The password should not contain repeated character strings such as abc123abc123abc123 and **123abc**123abc.
The password entered in interactive mode is not displayed on the screen.
Users of the same name can only belong to one user group. If you add a user to a user group, delete a user from a user group, or change a user to another group, the operation takes effect for other users with the same name.
To ensure high security, do not use the MD5 algorithm for SNMPv3 authentication or use the DES56 or 3DES168 algorithm for SNMPv3 encryption.
When a user with a level lower than the level configured using this command queries the password configured using the display this command, the password is displayed as asterisks (******).
Example
# Configure an SNMPv3 user with user name u1, group name g1, authentication mode sha, authentication password 8937561bc, encryption mode aes128, and encryption password 68283asd.
<HUAWEI> system-view [HUAWEI] snmp-agent usm-user v3 u1 group g1 [HUAWEI] snmp-agent usm-user v3 u1 authentication-mode sha Please configure the authentication password (8-64) Enter Password: Confirm Password: [HUAWEI] snmp-agent usm-user v3 u1 privacy-mode aes128 Please configure the privacy password (8-64) Enter Password: Confirm Password: [HUAWEI]
snmp-agent usm-user password complexity-check disable
Function
The snmp-agent usm-user password complexity-check disable command disables the complexity check for SNMPv3 user passwords.
The undo snmp-agent usm-user password complexity-check disable command enables the complexity check for SNMPv3 user passwords.
By default, the complexity check is enabled for SNMPv3 user passwords.
Format
snmp-agent usm-user password complexity-check disable
undo snmp-agent usm-user password complexity-check disable
Usage Guidelines
Usage Scenario
After the complexity check is enabled for SNMPMv3 user passwords, a newly-configured SNMPv3 user password needs to meet the requirements for the complexity check. After complexity check is disabled for SNMPv3 user passwords, the complexity of the passwords is not checked.
The requirements for the complexity of SNMPv3 user passwords are as follows:
- The password cannot be the same as the user name and cannot be the same as the user name in reverse order (This is still checked even after the complexity check for SNMPv3 user passwords is disabled).
- The minimum length of a password is configured by using the set password min-length command. By default, a password contains 8 characters at least.
- A password includes at least two kinds of characters: uppercase letters, lowercase letters, numbers, and special characters (excluding question marks (?) and spaces).
Precautions
- After complexity check is disabled for SNMPv3 user passwords, if a configured SNMPv3 user password is simple and does not meet the complexity requirements, the password may be easily attacked and cracked down by unauthorized users, affecting device security. Therefore, enabling the complexity check for SNMPv3 user passwords is recommended.
- In the configuration restoration stage, complexity check is not performed for SNMPv3 user passwords.
- Enabling the complexity check for SNMPv3 user passwords does not affect the SNMPv3 user passwords that have been configured.
storage
Function
The storage command configures the storage mode for a bulk file.
The undo storage command restores the default storage mode for a bulk file.
By default, a bulk file is stored in ephemeral mode.
Parameters
| Parameter | Description | Value |
|---|---|---|
| ephemeral | Indicates the ephemeral storage mode in which the bulk file is deleted after a specified period. |
- |
transfer
Function
The transfer command configures the method of uploading a statistics file.
The undo transfer command removes the configured statistics file uploading method.
By default, the statistics file is not uploaded.
Format
transfer { primary | secondary } protocol { tftp | { { ftp | sftp } username user-name password password } } { host host-name } [ path destination-path ]
undo transfer { primary | secondary }
Parameters
| Parameter | Description | Value |
|---|---|---|
| primary | Indicates the primary method of uploading a statistics file. | - |
| secondary | Indicates the secondary method of uploading a statistics file. | - |
| protocol | Indicates the protocol used by uploading a statistics file. | - |
| tftp | Specifies uploading a statistics file using TFTP. |
- |
| ftp | Specifies uploading a statistics file using FTP. |
- |
| sftp | Specifies uploading a statistics file using SFTP. |
- |
| username user-name | Specifies the user name for uploading a statistics file using FTP or SFTP. |
The value is a string of 1 to 64 characters. |
| password password | Specifies the user password for uploading a statistics file using FTP or SFTP. | In simpletext mode, the value is a string of 1 to 16 characters. In cipher mode, the value is a string of 32 or 48characters. |
| host host-name | Specifies the host name of the server. | The value is a string of 1 to 20 characters. |
| path destination-path | Specifies the destination folder for uploaded files. | The value is a string of 1 to 64 characters. |
Usage Guidelines
Primary and secondary methods of uploading statistics files are supported. If the primary method fails, the secondary method is adopted.
You must configure a primary before enabling a statistics file. The secondary is optional.
You can modify a primary or secondary but cannot delete a primary when a statistics file is enabled; however, you can delete or configure a secondary when a statistics file is enabled.
Using SFTP as the upload mode is recommended to enhance security.
Example
# Configure a primary method of uploading the statistics file named iftable.
<HUAWEI> system-view [HUAWEI] bulk-stat enable [HUAWEI] bulk-file iftable [HUAWEI-bulk-file-iftable] transfer primary protocol sftp username user password pwd host host-name path folder/bulkstat1
# Configure a secondary method of uploading the statistics file named iftable.
<HUAWEI> system-view [HUAWEI] bulk-stat enable [HUAWEI] bulk-file iftable [HUAWEI-bulk-file-iftable] transfer secondary protocol tftp host 10.1.0.1 path folder/bulkstat2
# Remove the configured secondary method of uploading the statistics file named iftable.
<HUAWEI> system-view [HUAWEI] bulk-stat enable [HUAWEI] bulk-file iftable [HUAWEI-bulk-file-iftable] undo transfer secondary
transfer interval
Function
The transfer interval command sets the upload interval for a bulk file.
The undo transfer interval command restores the default upload interval for a bulk file.
By default, the upload interval for a bulk file is 5 minutes.
Parameters
| Parameter | Description | Value |
|---|---|---|
| interval | Specifies the upload interval for a bulk file. | The value can be 5, 10, 15, or 30, in minutes. |
transfer remain-time
Function
The transfer remain-time command sets the upload holding time for a bulk file.
The undo transfer remain-time command restores the default upload holding time for a bulk file.
By default, the upload holding time for a bulk file is 5 minutes.
Parameters
| Parameter | Description | Value |
|---|---|---|
| remain-time | Specifies the upload holding time for a bulk file. | The value is an integer that ranges from 1 to 30, in minutes. |
Usage Guidelines
Usage Scenario
When an upload interval expires, the compressed bulk file must be retained for a period to ensure enough time for the file to be uploaded. This period is the upload holding time.
When the network quality is high and the file transfer is fast, you can reduce the upload holding time. When the network quality is low and the file transfer is slow, increase the upload holding time to improve file transfer reliability.
Precautions
To ensure that only one copy of a bulk file is uploaded to the server, set remain-time to be smaller than or equal to the file upload interval.
transfer retry
Function
The transfer retry command sets the maximum number of retransmissions for a bulk file.
The undo transfer retry command restores the default maximum number of retransmissions for a bulk file.
By default, the maximum number of retransmissions for a bulk file is 5.
Parameters
| Parameter | Description | Value |
|---|---|---|
| retry-times | Specifies the maximum number of retransmissions for a bulk file. | The value is an integer that ranges from 0 to 5. |
Previous
