Configuring SNMP

Prerequisites

The storage system is running properly.

Procedure

1. Log in to the CLI of the storage system. For details, see Logging In to the CLI of the Storage System (User Name + Password).
2. Run the change snmp port port_number=port number command to configure a port ID for the SNMP service.

   For example, the following command configures port ID 20000 for the SNMP service:

   admin:/>change snmp port port_number=20000 
   WARNING: You are about to change the listening port of the SNMP service. This operation may cause the restart of the SNMP service and use the newly configured listening port. 
   Suggestion: Before you perform this operation, disconnect the network management software and SNMP service. After the configuration is successful, use the new port to connect to SNMP service. 
   Have you read warning message carefully?(y/n)y 
    
   Are you sure you really want to perform the operation?(y/n)y 
   Command executed successfully. 
   admin:/>

   The default value of port number is 161, and the value ranges from 20000 to 20100.

3. Run the show snmp port command to query the port ID.

   The command output is as follows:

   admin:/>show snmp port 
    
     SNMP Listening Port : 20000  
   admin:/>

Prerequisites

You have logged in to the CLI of the storage system.

Context

There are SNMPv1, SNMPv2c, and SNMPv3 protocols. The storage system supports SNMPv3 by default. SNMPv1 and SNMPv2c are disabled because of their low security.

Procedure

1. Run the change snmp version v1v2c_switch=On command to enable SNMPv1 and SNMPv2c.

   The command output is as follows:

   admin:/>change snmp version v1v2c_switch=On 
   CAUTION: You are about to enable SNMPv1 and SNMPv2c. But you are advised to use the secure SNMPv3 protocol only. 
   Do you wish to continue?(y/n)y 
   Command executed successfully. 
   admin:/>     

2. Run the show snmp version command to check whether the change takes effect.

   The command output is as follows:

   admin:/>show snmp version 
    
     SNMP V1V2C Switch : On 
   admin:/>     

   If SNMP V1V2C Switch is On in the command output, the storage system supports SNMPv1 and SNMPv2c.

Prerequisites

You have logged in to the CLI of the storage system.

Context

If you use SNMPv1 or SNMPv2c, you must configure community strings. A third-party network management tool uses community strings to interwork with the SNMP service of the storage system.

On a storage system, the default SNMP read community string is storage_public and the default write community string is storage_private.

Procedure

1. Run the change snmp community read_community=********* write_community=********* command to configure community strings.

   When you enter a community string, asterisk signs (*) are displayed. Remember or record the community string.

   Parameter	Description	Usage
   read_community	Read-only community string that is used for reading device information. To obtain the security policy of the password, run the show snmp safe_strategy command.	To ensure system security, change the community strings when you log in to the system for the first time. The default read-only community string is storage_public, and the read-write community string is storage_private. The community string is subject to the following conditions: The community string consists of 4 to 32 characters and is case sensitive. Its length can be changed running the change snmp safe_strategy command. The community string must comply the password complexity requirements: When password complexity is Normal, the community string must contain special characters and at least two types of the following characters: uppercase letters, lowercase letters, and digits. When password complexity is High, the community string must contain special characters, uppercase letters, lowercase letters, and digits. When password complexity is low, the community string must contain any types of the following characters: special characters, uppercase letters, lowercase letters, and digits. The read-only community string must be different from the read-write community. NOTE: To ensure compatibility, the system is downward compatible with SNMPv1 and SNMPv2c. To ensure data security, SNMPv3 is recommended. You can run the change snmp safe_strategy command to change the policies of community strings. The special characters including `~!@#$%^&*()-_=+\|[{}];:'",<.>/? and space.
   write_community	Read-write community string that is used for reading or writing device information. To obtain the security policy of the password, run the show snmp safe_strategy command.

2. Use the third-party network management tool to verify that the community strings can be used to interwork with the storage system.

Procedure

1. Log in to DeviceManager.
2. Choose Settings > Alarm Settings > USM User Management.
3. Click Add.

   The Add USM User dialog box is displayed.

4. Set USM user parameters. For related parameters, see Table 5-15.
   Table 5-15 USM user parameters

   Parameter	Description	Value
   Username	Name of a USM user	[Rules] The user name is a 4 to 32 character string, can contain only letters, digits, underscores (_), and hyphens (-), and must start with a letter. [Example] usm001
   User authentication	Whether to enable user authentication	[Default Value] Enable
   Authentication Protocol	Authentication protocols of a USM user including MD5 and SHA	[Default Value] SHA
   Authentication Password	Authentication password of a USM user	[Default Rules] The password must meet the following complexity requirements: Contains 6 to 32 characters. Contains special characters. Special characters include !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and spaces. Contains any two types of uppercase letters, lowercase letters, and digits. Cannot be the same as the user name or reverse user name. NOTE: You can run the change snmp safe_strategy command on the CLI to change the default rules. [Example] usmuser@123
   Confirm Authentication Password	Confirming authentication password of a USM user	[Example] usmuser@123
   Data encryption	Whether to enable data encryption	[Default Value] Enable
   Encryption Protocol	Encryption protocols of a USM user, including DES, 3DES and AES NOTE: The security performance order of the three encryption protocols is as follows: AES > 3DES > DES. For security purposes, you are advised to select AES.	[Default Value] AES
   Data encryption password	Password used by a USM user to encrypt data	[Default Rules] The password must meet the following complexity requirements: Contains 6 to 32 characters. Contains a special character, such as a space or one of the following: !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~. Contains any two types of uppercase letters, lowercase letters, and digits. Cannot be the same as the user name or reverse user name. NOTE: You can run the change snmp safe_strategy command on the CLI to change the default rules. [Example] dataencrypt@123
   Confirm data encryption password	Confirming the password used by a USM user to encrypt data	[Example] dataencrypt@123
   User level	User level of a USM user, including Read-write and Read-only	[Default Value] Read-write

5. Click OK.
6. Click Save.

   The Execution Result dialog box is displayed, indicating that the operation succeeded.

7. Click Close.

Prerequisites

• The SNMP service has been enabled on the storage system. If the service has not been enabled, run the change snmp status command in the developer view to enable it. For details about how to use the command, see the Advanced O&M Command Reference specific to your product model and version.
• The SNMP service has been enabled on the server.
• A USM user has been created. For details about how to create a USM user, see Adding a USM User (Applicable to SNMPv3).
• A storage system only sends the alarms and events generated after the trap server is configured and does not send alarms or events generated before the configuration.
• Before configuring a domain name for the server, ensure that the DNS server communicates properly with the storage system or third-party server.

Context

Trap is a type of Simple Network Management Protocol (SNMP) message that indicates the occurrence of an event. These types of messages are sent using User Datagram Protocol (UDP) and are not reliable.

DeviceManager provides the trap function to send the alarm and event messages of managed storage devices to another network management system or to a device at a specific server address. If alarm and event messages are reported in SNMP mode, you must configure trap server addresses.

To enable the trap function, install the associated software on application servers. For example, you must install MIB interface software on the application servers that run Windows Server 2003. To download the software, click (here) and identify the required software as instructed in MIB_Interface_File_Usage_Guide.

Procedure

1. Log in to DeviceManager.
2. Choose Settings > Alarm Settings.
3. Add trap server addresses.
   1. In the navigation tree, choose Trap Server Address Management.
   2. Click Add.

      The Add Server IP Address dialog box is displayed.

   3. Set parameters for creating trap server addresses. Table 5-16 lists related parameters.
      Table 5-16 Server address parameters

      Parameter	Description	Value
      Server IP Address	Address of a network management system or storage device for receiving alarm and event messages.	[Value range] An IPv4 address has the following requirements: The 32-bit address is evenly divided into four fields. Each 8-bit field is expressed in dotted-decimal. Each field of the IP address cannot be blank and must be an integer. The value of the first field ranges from 1 to 223 (excluding 127). The values of other fields range from 0 to 255. The IP address cannot be a special address such as the broadcast address. An IPv6 address has the following requirements: The 128-bit address is evenly divided into eight fields. Each 16-bit field is expressed as four hexadecimal digits. The fields are separated by colons. In each 16-bit field, zeros before integers can be removed. However, at least one digit must be reserved in each field. If the IP address contains a long string of zeros, you can represent the neighboring zeros with double colons (::) in the colon-separated hexadecimal field. Each IP address contains only one double-colon (::). The double-colon (::) can also be used to represent neighboring zeros of the IP address. The IP address cannot be a special address such as a network address, loop address, or multicast address. [Example] 192.168.100.11 fc00::1234
      Port	Port for receiving alarm and event messages on the network management system or storage device.	[Value range] 1 to 65535 [Example] 2234
      Version	SNMP version of a network management system or storage device. The possible value can be SNMPv1, SNMPv2c, or SNMPv3. NOTE: To ensure the data security, you are advised to use SNMPv3.	[Example] SNMPv3
      USM User	The user report alarms and events from SNMP.	[Example] usm001
      Type	Type of an alarm or event sent by a storage device to the trap server. Parsed: parsed alarms and events of which IDs correspond to the same object identifier (OID). Original: alarms and events that have not been parsed. Parsed alarm oid: parsed alarms and events of which IDs correspond to different OIDs. Parsed time string: parsed alarms and events of which IDs correspond to the same OID. The data type of the event fields generated by alarms and events is OCTET STRING. Original time string: original alarms and events that have not been parsed. The data type of alarm and event occurring time (character string) and clearing time (character string) is OCTET STRING. All: alarms and events including the Parsed, Original, and Parsed alarm oid ones. NOTE: Parsed and original are two forms of one alarm or event. An alarm or event in the original form carries only original alarm or event parameters, whereas an alarm or event in the parsed form is readable and processed based on the original form. When the value of Version is SNMPv1, the value of Type cannot be Parsed alarm oid.	[Example] Parsed

   4. Click OK.

4. Confirm the creation of trap server addresses.
   1. Click Save.

      The Execution Result dialog box is displayed, indicating that the operation succeeded.

   2. Click Close.

Follow-up Procedure

A storage device can send multiple types of alarms or events to the trap server and each alarm or event has its own push format. For details, click (here) and identify the required software as instructed in MIB_Interface_File_Usage_Guide.