Operation Manual – SNMP
H3C S9500 Series Routing Switches Table of Contents
i
Table of Contents
Chapter 1 SNMP Configuration....................................................................................................1-1
1.1 SNMP Overview.................................................................................................................1-1
1.1.1 SNMP Mechanism ..................................................................................................1-1
1.1.2 SNMP Protocol Version ..........................................................................................1-2
1.1.3 MIB Overview..........................................................................................................1-2
1.2 SNMP Configuration..........................................................................................................1-3
1.3 Trap Configuration.............................................................................................................1-5
1.3.1 Configuration Prerequisites.....................................................................................1-5
1.3.2 Configuration Procedure.........................................................................................1-5
1.4 Displaying and Maintaining SNMP ....................................................................................1-7
1.5 SNMP Configuration Examples.........................................................................................1-7
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-1
Chapter 1 SNMP Configuration
When configuring SNMP, go to these sections for information you are interested in:
z SNMP Overview
z SNMP Configuration
z Trap Configuration
z Displaying and Maintaining SNMP
z SNMP Configuration Examples
1.1 SNMP Overview
Simple network management protocol (SNMP) offers a framework to monitor network
devices through TCP/IP protocol suite. It provides a set of basic operations in
monitoring and maintaining the Internet and has the following characteristics:
z Automatic network management: SNMP enables network administrators to search
and modify information, find and diagnose network problems, plan for network
growth, and generate reports on network nodes.
z SNMP shields the physical differences between various devices and thus realizes
automatic management of products from different manufacturers. Offering only
the basic set of functions, SNMP makes the management tasks independent of
both the physical features of the managed devices and the underlying networking
technology. Thus, SNMP achieves effective management of devices from different
manufactures, especially so in small, high-speed and low cost network
environments.
1.1.1 SNMP Mechanism
An SNMP enabled network is comprised of network management station (NMS) and
Agent.
z NMS is a station that runs the SNMP client software. It offers a user friendly
human computer interface, making it easier for network administrators to perform
most network management tasks. Currently, the most commonly used NMSs
include Sun NetManager and IBM NetView.
z Agent is a program on the device. It receives and handles requests sent from the
NMS. Only under certain circumstances, such as interface state change, will the
Agent inform the NMS.
z NMS manages an SNMP enabled network, whereas Agent is the managed
network device. They exchange management information through the SNMP
protocol.
SNMP provides the following four basic operations:
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-2
z Get operation: NMS gets the behavior information of the Agent through this
operation.
z Set operation: NMS can reconfigure certain values in the Agent MIB (management
information base) to make the Agent perform certain tasks by means of this
operation.
z Trap operation: Agent sends Trap information to the NMS through this operation.
z Inform operation: NMS sends Trap information to other NMSs through this
operation.
1.1.2 SNMP Protocol Version
Currently, SNMP agents support SNMPv3 and are compatible with SNMPv1 and
SNMPv2c.
SNMPv1 and SNMPv2c authenticate by means of community name, which defines the
relationship between an SNMP NMS and an SNMP Agent. SNMP packets with
community names that did not pass the authentication on the device will simply be
discarded. A community name performs a similar role as a key word and can be used to
regulate access from NMS to Agent.
SNMPv3 offers an authentication that is implemented with a User-Based Security
Model (USM for short), which could be authentication with privacy, authentication
without privacy, or no authentication no privacy. USM regulates the access from NMS
to Agent in a more efficient way.
1.1.3 MIB Overview
Management information base (MIB) is a collection of all the objects managed by NMS.
It defines the set of characteristics associated with the managed objects, such as the
object identifier (OID), access right and data type of the objects.
MIB stores data using a tree structure. The node of the tree is the managed object and
can be uniquely identified by a path starting from the root node. As illustrated in the
following figure, the managed object B can be uniquely identified by a string of numbers
{1.2.1.1}. This string of numbers is the OID of the managed object B.
A
2
6
1
5
2
1
1
2
1
B
Figure 1-1 MIB tree
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-3
1.2 SNMP Configuration
As configurations for SNMPv3 differ substantially from those of SNMPv1 and SNMPv2c,
their SNMP functionalities will be introduced separately below.
Follow these steps to configure SNMPv3:
To do… Use the command… Remarks
Enter system view
system-view
—
Enable SNMP Agent
snmp-agent
Optional
Disabled by default
You can enable SNMP
Agent through this
command or any
commands that begin with
“snmp-agent”.
Configure SNMP Agent
system information
snmp-agent sys-info
{ contact sys-contact |
location sys-location |
version { all | { v1 | v2c |
v3 }* } }
Optional
The defaults are as
follows:
Hangzhou H3C
Technologies Co., Ltd. for
contact,
Hangzhou, China for
location, and <NONE> for
the version.
Configure an SNMP agent
group
snmp-agent group v3
group-name
[ authentication |
privacy ] [ read-view
read-view ] [ write-view
write-view ] [ notify-view
notify-view ] [ acl
acl-number ]
Required
Add a new user to an
SNMP agent group
snmp-agent usm-user
v3 user-name
group-name
[ authentication-mode
{ md5 | sha }
auth-password
[ privacy-mode { des56 |
aes128 } priv-password ] ]
[ acl acl-number ]
Required
Configure the maximum
size of an SNMP packet
that can be received or
sent by an SNMP agent
snmp-agent packet
max-size byte-count
Optional
1,500 bytes by default
Configure the engine ID
for a local SNMP agent
snmp-agent
local-engineid engineid
Optional
Company ID and device
ID by default
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-4
To do… Use the command… Remarks
Create or update the MIB
view content for an SNMP
agent
snmp-agent mib-view
{ included | excluded }
view-name oid-tree
[ mask mask-value ]
Optional
MIB view name is
ViewDefault and OID is 1
by default.
Follow these steps to configure SNMPv1 and SNMPv2c:
To do… Use the command… Remarks
Enter system view
system-view
—
Enable SNMP Agent
snmp-agent
Optional
Disabled by default
You can enable SNMP
Agent through this
command or any
commands that begin with
“snmp-agent”.
Configure SNMP Agent
system information
snmp-agent sys-info
{ contact sys-contact |
location sys-location |
version { { v1 | v2c | v3 }*
| all } }
Required
The defaults are as
follows:
Hangzhou H3C
Technologies Co., Ltd. for
contact,
Hangzhou, China for
location and <NONE> for
the version.
Config
ure
directl
y
Config
ure a
comm
unity
name
snmp-agent community
{ read | write }
community-name [ acl
acl-number | mib-view
view-name ]*
Config
ure an
SNMP
group
snmp-agent group { v1 |
v2c } group-name
[ read-view read-view ]
[ write-view write-view ]
[ notify-view notify-view ]
[ acl acl-number ]
Config
ure
SNMP
NMS
acces
s right
Config
ure
indirec
tly
Add a
new
user to
an
SNMP
group
snmp-agent usm-user
{ v1 | v2c } user-name
group-name [ acl
acl-number ]
Use either approach.
The community name of
SNMPv1 or SNMPv2c is
used in direct
configuration.
The second approach was
introduced to be
compatible with SNMPv3.
Adding a user to a
specified group equals to
the configuration of the
community name of
SNMPv1 and SNMPv2c.
The community name
configured on NMS should
be consistent with the
corresponding username
configured on the Agent.
Configure the maximum
size of an SNMP packet
that can be received or
sent by an SNMP agent
snmp-agent packet
max-size byte-count
Optional
15,00 bytes by default
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-5
To do… Use the command… Remarks
Configure the engine ID
for a local SNMP agent
snmp-agent
local-engineid engineid
Optional
Company ID and device
ID by default
Create or update MIB
view content for an SNMP
agent
snmp-agent mib-view
{ included | excluded }
view-name oid-tree
[ mask mask-value ]
Optional
ViewDefault by default
Caution:
The validity of a USM user depends on the engine ID of the SNMP agent. If the engine
ID used for USM user creation is not identical to the current engine ID, the USM user is
invalid.
1.3 Trap Configuration
SNMP Agent sends Trap messages to NMS to alert the latter of critical and important
events (such as restart of the managed device).
1.3.1 Configuration Prerequisites
Basic SNMP configurations have been completed.
1.3.2 Configuration Procedure
I. Enabling Trap message transmission
Follow these steps to enable Trap packet transmission:
To do… Use the command… Remarks
Enter system view
system-view
—
Set to enable the device
to send Trap packets
globally
snmp-agent trap enable
[ bgp | configuration |
flash | mpls | ospf
[ process-id ]
[ ospf-trap-list ] | standard
[ authentication |
coldstart | linkdown |
linkup | warmstart ]* |
system | vrrp
[ authfailure |
newmaster ] ]
Optional
All types of Trap packets
are allowed by default.
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-6
To do… Use the command… Remarks
Enter interface view
interface interface-type
interface-number
—
Set to enable the device
to send Trap packets of
interface state change
enable snmp trap
updown
Optional
Transmission of Trap
packets of interface state
change is allowed by
default.
Caution:
To enable an interface to send SNMP Trap packets when its state changes, you need
to enable the Link up/down Trap packet transmission function on an interface and
globally. Use the enable snmp trap updown command to enable this function on an
interface, and use the snmp-agent trap enable [ standard [ linkdown | linkup ] * ]
command to enable this function globally.
II. Configuring Trap message transmission parameters
Follow these steps to configure Trap:
To do… Use the command… Remarks
Enter system view
system-view
—
Configure target host
attribute for Trap
messages
snmp-agent target-host
trap address
udp-domain { ip-address
| ipv6 ipv6-address }
[ udp-port port-number ]
params securityname
security-string [ v1 | v2c |
v3 [ authentication |
privacy ] ]
Required
Configure the source
address for Trap
messages
snmp-agent trap source
{ interface-type
interface-number }
Optional
Configure the queue size
for sending Trap
messages
snmp-agent trap
queue-size size
Optional
100 by default
Configure the life for Trap
messages
snmp-agent trap life
seconds
Optional
120 seconds by default
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-7
1.4 Displaying and Maintaining SNMP
To do… Use the command… Remarks
Display SNMP-agent
system information,
including the contact,
location, and version of
the SNMP
display snmp-agent
sys-info [ contact |
location | version ]*
Display SNMP agent
statistics
display snmp-agent
statistics
Display the SNMP agent
engine ID
display snmp-agent
local-engineid
Display SNMP agent
group information
display snmp-agent
group [ group-name ]
Display SNMP v3 agent
user information
display snmp-agent
usm-user [ engineid
engineid | username
user-name | group
group-name ] *
Display SNMP v1 or v2c
agent community
information
display snmp-agent
community [ read |
write ]
Display MIB view
information for an SNMP
agent
display snmp-agent
mib-view [ exclude |
include | viewname
view-name ]
Display the modules that
can send Traps and
whether their Trap
sending is enabled or not
display snmp-agent
trap-list
Available in any view
1.5 SNMP Configuration Examples
I. Network requirements
z The NMS connects to the agent, a switch, through an Ethernet.
z The IP address of the NMS is 129.102.149.23/16.
z The IP address of VLAN interface on the switch is 129.102.0.1/16.
z On the switch, configure the following: community name, access right,
administrator ID, contact, location, enabling sending of Trap messages.
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-8
II. Network diagram
Figure 1-2 Network diagram for SNMP
III. Configuration procedure
1) Configuring SNMP Agent
# Configure the community name, the SNMP agent group, and SNMP agent user.
<Sysname> system-view
[Sysname] snmp-agent sys-info version all
[Sysname] snmp-agent community read public
[Sysname] snmp-agent community write private
[Sysname] snmp-agent mib-view include internet 1.3.6.1
[Sysname] snmp-agent group v3 managev3group write-view internet
[Sysname] snmp-agent usm-user v3 managev3user managev3group
# Configure the IP address of VLAN-interface 2 as 129.102.0.1/16 for network
management. Add port Ethernet 2/1/3 used for network management to VLAN 2.
[Sysname] vlan 2
[Sysname-vlan2] port ethernet 2/1/3
[Sysname-vlan2] interface Vlan-interface 2
[Sysname-Vlan-interface2] ip address 129.102.0.1 255.255.0.0
[Sysname-Vlan-interface2] quit
# Configure the system information of the switch.
[Sysname] snmp-agent sys-info version all
[Sysname] snmp-agent sys-info contact Mr.Wang-Tel:3306
[Sysname] snmp-agent sys-info location telephone-closet,3rd-floor
# Enable the sending of Trap messages to the NMS with an IP address of
129.102.149.23/16, using public as the community name.
[Sysname] snmp-agent trap enable
[Sysname] snmp-agent target-host trap address udp-domain 129.102.149.23
udp-port 5000 params securityname public
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-9
2) Configuring SNMP NMS
SNMPv3 uses authentication and privacy security model. In NMS, the user needs to
specify username and security level, and based on that level, configure the
authentication mode, authentication password, privacy mode, privacy password. In
addition, the time-out time and number of retries should also be configured. The user
can inquire and configure the switch through NMS. For detailed information, refer to the
NMS manuals.
Note:
The configurations on the agent and the NMS must match in order to perform the
related operations.
/