No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, LLDP, NQA, Service Diagnosis, Mirroring, Packet Capture, sFlow, and NETCONF.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Middle-Point Device

Configuring the Middle-Point Device

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure SNMP proxy, as shown in Table 1-7. The configuration tasks listed in Table 1-7 do not need to be performed in sequence.

    Table 1-7 SNMP proxy configuration tasks

    Configuration Task

    Command

    Description

    Configure proxy rules for SNMP packets.

    • For GetRequest, SetRequest, or Trap packets:

      snmp-agent proxy rule rule-name { read | trap | write } remote-engineid remote-engineid target-host target-host-name params-in { securityname security-name { v1 | v2c | v3 [ authentication | privacy ] } | securityname cipher cipher-text { v1 | v2c } }

    • For Inform packets:

      snmp-agent proxy rule rule-name inform remote-engineid remote-engineid target-host target-host-name params-in { securityname security-name { v2c | v3 [ authentication | privacy ] } | securityname cipher cipher-text v2c }

    To enable an NMS to effectively manage a managed device, perform this operation to configure attributes of the target hosts for receiving SNMP proxy packets so that the middle-point device can filter out SNMP packets that do not match the specified attributes, you must correctly configure proxy rules for SNMP packets and ensure that these proxy rules are unique on the middle-point device.

    If you specify neither authentication nor privacy, SNMPv3 packets are neither authenticated nor encrypted.

    Create an SNMP proxy community.

    snmp-agent proxy community { community-name | cipher cipher-name } remote-engineid remote-engineid [ acl { acl-number | acl-name } | alias alias-name ] *

    An SNMP proxy community defines administrative relationships between NMSs and managed devices. The community name acts like a password to regulate access to a managed device. An NMS can access a managed device only if the community name carried in the SNMP request sent by the NMS is the same as the community name configured on the managed device.

    By default, no SNMP proxy community name is configured in the system. The SNMP proxy community name will be saved in encrypted format in the configuration file. To facilitate identification of SNMP proxy community names, set the alias names for the SNMP proxy communities. The alias names are stored in plain text in the configuration file.

    This operation applies only to SNMPv1 and SNMPv2c.

    Configure attributes of the target hosts for receiving SNMP proxy packets.

    • For an IPv4 network:

      snmp-agent proxy target-host target-host-name address udp-domain ip-address udp-port port-number [ { source interface-type interface-number | vpn-instance vpn-instance-name | public-net } | timeout timeout-interval ] * params { securityname security-name { v1 | v2c | v3 [ authentication | privacy ] } | securityname cipher cipher-text { v1 | v2c } }

    • For an IPv6 network:

      snmp-agent proxy target-host target-host-name ipv6 address udp-domain ipv6-address udp-port port-number [ timeout timeout-interval ] params { securityname security-name { v1 | v2c | v3 [ authentication | privacy ] } | securityname cipher cipher-text { v1 | v2c } }

    To enable the middle-point device to forward SNMP requests from the network management system (NMS) to the managed device and forward responses from the managed device to the NMS.

    • The target host may be either the NMS or the managed device.
    • You can run this command multiple times with different parameters set to configure a middle-point device to send SNMP proxy packets to multiple target hosts. An SNMP proxy supports a maximum of 20 target hosts.
    • The default number of the destination User Datagram Protocol (UDP) port is 162, a well-known port number. If you want to change this number to a lesser-known port number, ensure that the new UDP port number is the same as that on the NMS.
    • If you specify neither authentication nor privacy, SNMPv3 packets are neither authenticated nor encrypted.
    • If the NMS and managed device need to communicate over a virtual private network (VPN), use the vpn-instance vpn-instance-name parameter.

    Configure an SNMP proxy user.

    • Add a user (method 1)

      snmp-agent [ remote-engineid engineid ] usm-user v3 user-name group-name [ authentication-mode { md5 | sha } password [ privacy-mode { 3des168 | aes128 | aes192 | aes256 | des56 } password ] ] [ acl { acl-number | acl-name } ]

    • Add a user (method 2)

      snmp-agent [ remote-engineid engineid ] usm-user v3 user-name [ group group-name | acl { acl-number | acl-name } ] *

      snmp-agent [ remote-engineid engineid ] usm-user v3 user-name authentication-mode { md5 | sha } [ cipher password ]

      snmp-agent [ remote-engineid engineid ] usm-user v3 user-name privacy-mode { 3des168 | aes128 | aes192 | aes256 | des56 } [ cipher password ]

    SNMPv1 and SNMPv2c use community names for authentication, whereas SNMPv3 uses user names for authentication.

    Unlike SNMPv1 or SNMPv2c, SNMPv3 can implement access control, identity authentication, and data encryption using the local processing model and user-based security model (USM).

    SNMPv3 provides better security and encryption mechanisms than SNMPv1 and SNMPv2c, and is therefore widely used.

    When the NMS and device are in an insecure network environment, for example, a network prone to attacks, it is recommended that you configure different authentication password and encryption password to improve security. By default, none authentication and none encryption are performed on SNMPv3 users.

    This operation applies only to SNMPv3.

    To ensure high security, do not use the MD5 algorithm for SNMPv3 authentication or use the DES56 or 3DES168 algorithm for SNMPv3 encryption.

    (Optional) Configure the priority of SNMP packets.

    snmp-agent packet-priority { snmp | trap } priority-level

    Change the priority of SNMP packets in the following scenarios if necessary:
    • Increase the priority of notifications to ensure that the NMS receives them.
    • Increase the priority of GetResponse and SetResponse PDUs to facilitate management operations performed in the management information base (MIB) of a managed device by the NMS.
    • Reduce the priority of GetResponse PDUs, SetResponse PDUs, trap messages, and inform messages to prevent frequent packet sending when network congestion occurs.

  3. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100075344

Views: 19578

Downloads: 22

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next