< Home

Data Model

The following lists SNMP configuration model files:
  • ietf-snmp.yang
  • ietf-snmp-engine.yang
  • ietf-snmp-target.yang
  • ietf-snmp-notification.yang
  • ietf-snmp-community.yang
  • ietf-snmp-usm.yang
  • ietf-snmp-vacm.yang
  • huawei-snmp.yang
Table 1 Configuration objects of SNMP

Object

Description

Value

Remarks

/ietf-snmp:snmp/engine/enabled

Indicates whether the SNMP agent function is enabled on a switch.

The value is of the enumerated type:

  • true: The SNMP agent function is enabled.
  • false: The SNMP agent function is disabled.

By default, the SNMP agent function is disabled on a switch.
  • Enable the SNMP agent function before configuring the SNMP function.
  • Delete all SNMP configurations before disabling the SNMP agent function.

/ietf-snmp:snmp/engine/listen/name

Indicates the name of a switch.

The value is a string of 1 to 32 case-sensitive characters.

This object is of no real significance and needs to have a valid value. Configure this object when /ietf-snmp:snmp/engine/listen/transport/udp/port is configured.

/ietf-snmp:snmp/engine/listen/transport/udp/ip

Indicates the IP address of a switch.

The value must be a valid IPv4 address in dotted decimal notation.

This object is of no real significance and needs to have a valid value. Configure this object when /ietf-snmp:snmp/engine/listen/transport/udp/port is configured.

/ietf-snmp:snmp/engine/listen/transport/udp/port

Indicates the UDP port that the switch uses to communicate with the NMS.

The value is an integer that can be 161 or ranges from 1025 to 65535. The default value is 161.

Configure /ietf-snmp:snmp/engine/listen/name and /ietf-snmp:snmp/engine/listen/transport/udp/ip simultaneously when this object is configured.

/ietf-snmp:snmp/engine/version/v1

Indicates that SNMPv1 is enabled on a switch. By default, SNMPv3 is enabled on a switch, and multiple SNMP versions can be enabled simultaneously on a switch.

This object does not need any data configuration.

N/A

/ietf-snmp:snmp/engine/version/v2c

Indicates that SNMPv2c is enabled on a switch. By default, SNMPv3 is enabled on a switch, and multiple SNMP versions can be enabled simultaneously on a switch.

This object does not need any data configuration.

N/A

/ietf-snmp:snmp/engine/version/v3

Indicates that SNMPv3 is enabled on a switch. By default, SNMPv3 is enabled on a switch, and multiple SNMP versions can be enabled simultaneously on a switch.

This object does not need any data configuration.

N/A

/ietf-snmp:snmp/engine/engine-id

Indicates the ID of the SNMP agent engine.

The value is a hexadecimal string that consists of 10 to 64 characters separated by colons (:). It cannot be all 0s or all Fs. For example: 80:00:07:DB:03:00:01:00:02:00:B1.

Delete all SNMPv3 users on the switch before configuring or modifying this object.

/ietf-snmp:snmp/engine/enable-authen-traps

Indicates whether the function of sending traps to the NMS in the case of community authentication failures is enabled.

The value is of the enumerated type:

  • true: The function is enabled.
  • false: The function is disabled.

By default, this function is disabled.

N/A

/ietf-snmp:snmp/community/index

Indicates the index of the SNMP community.

The value is a string of 1 to 32 case-sensitive characters.

This object is of no real significance and needs to have a valid value. Configure this object when /ietf-snmp:snmp/community/text-name is configured.

/ietf-snmp:snmp/community/security-name

Indicates the SNMP community security name.

The value is a string of 1 to 32 case-sensitive characters.

This object is of no real significance and needs to have a valid value. Configure this object when /ietf-snmp:snmp/community/text-name is configured.

/ietf-snmp:snmp/community/text-name

Indicates the SNMP community.
The value is a string of 8 to 32, 44, 56, 80, or 88 case-sensitive characters without spaces.
  • If the string is enclosed in double quotation marks (" "), the string can contain spaces.
  • If the community is a string of 8 to 32 characters, the string is processed as plain text by default and will be encrypted.
  • If the community is a string of 32, 44, 56, 80, or 88 characters, the string is processed as cipher text by default, and the system will determine whether the string can be parsed.
  • Configure /ietf-snmp:snmp/community/index and /ietf-snmp:snmp/community/security-name simultaneously when this object is configured.
  • The value of text-name must be unique for different index.
  • By default, complexity check on SNMP community names is enabled. A community name must contain at least two types of the following characters: uppercase letters, lowercase letters, digits, and special characters excluding question marks (?), and the minimum length is the length of a password in plaintext allowed by the device. You can use the /ietf-snmp:snmp/huawei-snmp:complexity-check object to disable complexity check on SNMP community names. However, if a community name does not meet complexity requirements, the system is prone to attacks from malicious users, affecting device security. Therefore, you are advised to enable complexity check on SNMP community names.

/ietf-snmp:snmp/community/huawei-snmp:authority

Indicates the permission of an SNMP community.

The value is of the enumerated type:

  • read-only: The community has the read-only right
  • read-write: The community has the read-write right

The default value is read-only.

N/A

/ietf-snmp:snmp/huawei-snmp:complexity-check

Indicates whether complexity check on SNMP community is enabled.

The value is of the Boolean type:

  • true: complexity check on SNMP community is enabled.
  • false: complexity check on SNMP community is disabled.

The default value is true.

N/A

/ietf-snmp:snmp/notify-filter-profile/name

Indicates the name of a filter profile.

The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/ietf-snmp:snmp/notify-filter-profile/include

Indicates a MIB subtree that can be accessed by a filter profile.

The value is a string of 1 to 255 case-sensitive characters without spaces. The value can be:

  • Root object OID of a MIB subtree, for example: 1.4.5.3.1.
  • Root object name of a MIB subtree, for example: system.
  • It must be a valid MIB subtree.
  • If a single object in the OID has two and more digits, it cannot start from 0. For example, 1.3.6.1.4.1.2011 can be set, but 1.3.6.1.4.1.02011 is not allowed.
  • The MIB subtree cannot be the same as that configured for the exclude object in the same filter profile.

/ietf-snmp:snmp/notify-filter-profile/exclude

Indicates a MIB subtree that cannot be accessed by a filter profile.

The value is a string of 1 to 255 case-sensitive characters without spaces. The value can be:

  • Root object OID of a MIB subtree, for example: 1.4.5.3.1.
  • Root object name of a MIB subtree, for example: system.
  • It must be a valid MIB subtree.
  • If a single object in the OID has two and more digits, it cannot start from 0. For example, 1.3.6.1.4.1.2011 can be set, but 1.3.6.1.4.1.02011 is not allowed.
  • The MIB subtree cannot be the same as that configured for the include object in the same filter profile.

/ietf-snmp:snmp/target/name

Indicates the name of the NMS.

The value is a string of 1 to 32 case-sensitive characters.

This object is of no real significance and needs to have a valid value. Configure this object when /ietf-snmp:snmp/target/transport/udp/udp/ip is configured.

/ietf-snmp:snmp/target/transport/udp/udp/ip

Indicates the IP address of the NMS.

The value is in dotted decimal notation.

N/A

/ietf-snmp:snmp/target/transport/udp/udp/port

Indicates the UDP port that the NMS users to communicate with the switch.

The value is an integer that ranges from 0 to 65535. The default value is 162.

N/A

/ietf-snmp:snmp/target/target-params

Indicates the name of the SNMP parameter set on the NMS.

The value is a string of 1 to 32 case-sensitive characters.

This object is mandatory when an NMS is configured.

/ietf-snmp:snmp/target-params/params/v1/v1/security-name

Indicates the switch security name displayed on the NMS when the switch and NMS communicate using SNMPv1.

The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

This parameter is used to identify the switches that send traps to the NMS.

/ietf-snmp:snmp/target-params/params/v2c/v2c/security-name

Indicates the switch security name displayed on the NMS when the switch and NMS communicate using SNMPv2c.

The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

This parameter is used to identify the switches that send traps to the NMS.

/ietf-snmp:snmp/target-params/params/usm/usm/user-name

Indicates the user security name displayed on the NMS when the switch and NMS communicate using SNMPv3.

The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

This parameter needs to be configured on the switch and NMS. If the NMS wants to receive traps from the switch, the user name must be authenticated and encrypted.

/ietf-snmp:snmp/target-params/params/usm/usm/security-level

Indicates the security level of an SNMPv3 user security name.

The value is of the enumerated type:

  • no-auth-no-priv: indicates that the user security name neither need to be authenticated nor encrypted.
  • auth-no-priv: indicates that the user security name only needs to be authenticated.
  • auth-priv: indicates that the user security name needs to be authenticated and encrypted.

N/A

/ietf-snmp:snmp/target-params/notify-filter-profile

Indicates the name of a filter profile applied to the NMS.

The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

The trap filter profile must be configured during or before the application.

/ietf-snmp:snmp/usm/local/user/name

Indicates an SNMPv3 user name.

The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/ietf-snmp:snmp/usm/local/user/huawei-snmp:acl

Indicates the ACL that an SNMPv3 user needs to match.
  • The value is an integer that ranges from 2000 to 3999.
  • The value is a string of 1 to 64 case-sensitive characters without spaces and must start with a letter.

It must be an existing ACL.

/ietf-snmp:snmp/usm/local/user/auth/protocol/md5/md5/key

Indicates the password for HMAC-MD5-96 authentication.

The value is a hexadecimal ASCII string separated by colons (:), for example: 48:75:61:77:65:69:40:31:32:33. The string after conversion contains 8 to 64 characters.
  • After the object value is converted to a string, the string must be a combination of two or more of the following: uppercase letters, lowercase letters, digits, and special characters, excluding question marks (?) and spaces.
  • This object and /ietf-snmp:snmp/usm/local/user/auth/protocol/sha/sha/key cannot be configured simultaneously.
  • Delete the encryption algorithm and password before deleting the authentication password.

/ietf-snmp:snmp/usm/local/user/auth/protocol/sha/sha/key

Indicates the password for HMAC-SHA-96 authentication.

The value is a hexadecimal ASCII string separated by colons (:), for example: 48:75:61:77:65:69:40:31:32:33. The string after conversion contains 8 to 64 characters.
  • After the object value is converted to a string, the string must be a combination of two or more of the following: uppercase letters, lowercase letters, digits, and special characters, excluding question marks (?) and spaces.
  • This object and /ietf-snmp:snmp/usm/local/user/auth/protocol/md5/md5/key cannot be configured simultaneously.
  • Delete the encryption algorithm and password before deleting the authentication password.

/ietf-snmp:snmp/usm/local/user/priv/protocol/des/des/key

Indicates the password for DES-56 or 3DES algorithm.

The value is a hexadecimal ASCII string separated by colons (:), for example: 48:75:61:77:65:69:40:31:32:33. The string after conversion contains 8 to 64 characters.
  • After the object value is converted to a string, the string must be a combination of two or more of the following: uppercase letters, lowercase letters, digits, and special characters, excluding question marks (?) and spaces.
  • Configure the authentication password before the encryption password is configured.
  • This object and /ietf-snmp:snmp/usm/local/user/priv/protocol/des/des/huawei-snmp:algorithm must be configured simultaneously.
  • This object and /ietf-snmp:snmp/usm/local/user/priv/protocol/aes/aes/key cannot be configured simultaneously.

/ietf-snmp:snmp/usm/local/user/priv/protocol/des/des/huawei-snmp:algorithm

Indicates the encryption algorithm.

The value is of the enumerated type:

  • des56: DES56
  • 3des: 3DES

N/A

/ietf-snmp:snmp/usm/local/user/priv/protocol/aes/aes/key

Indicates the password for the AES-128, AES-192, or AES-256 encryption algorithm.

The value is a hexadecimal ASCII string separated by colons (:), for example: 48:75:61:77:65:69:40:31:32:33. The string after conversion contains 8 to 64 characters.
  • After the object value is converted to a string, the string must be a combination of two or more of the following: uppercase letters, lowercase letters, digits, and special characters, excluding question marks (?) and spaces.
  • Configure the authentication password before the encryption password is configured.
  • This object and /ietf-snmp:snmp/usm/local/user/priv/protocol/aes/aes/huawei-snmp:algorithm must be configured simultaneously.
  • This object and /ietf-snmp:snmp/usm/local/user/priv/protocol/des/des/key cannot be configured simultaneously.

/ietf-snmp:snmp/usm/local/user/priv/protocol/aes/aes/huawei-snmp:algorithm

Indicates the encryption algorithm.

The value is of the enumerated type:

  • aes128: AES128
  • aes192: AES192
  • aes256: AES256

N/A

/ietf-snmp:snmp/vacm/view/name

Indicates the name of a MIB view.

The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/ietf-snmp:snmp/vacm/view/include

Indicates a MIB subtree that can be accessed by a trap filter profile.

The value is a string of 1 to 255 case-sensitive characters without spaces. The value can be:

  • Root object OID of a MIB subtree, for example: 1.4.5.3.1.
  • Root object name of a MIB subtree, for example: system.
  • It must be a valid MIB subtree.
  • If a single object in the OID has two and more digits, it cannot start from 0. For example, 1.3.6.1.4.1.2011 can be set, but 1.3.6.1.4.1.02011 is not allowed.
  • The same MIB subtree cannot be configured to the exclude object on the same trap filter profile.

/ietf-snmp:snmp/vacm/view/exclude

Indicates a MIB subtree that cannot be accessed by a trap filter profile.

The value is a string of 1 to 255 case-sensitive characters without spaces. The value can be:

  • Root object OID of a MIB subtree, for example: 1.4.5.3.1.
  • Root object name of a MIB subtree, for example: system.
  • It must be a valid MIB subtree.
  • If a single object in the OID has two and more digits, it cannot start from 0. For example, 1.3.6.1.4.1.2011 can be set, but 1.3.6.1.4.1.02011 is not allowed.
  • The same MIB subtree cannot be configured to the include object on the same trap filter profile.

/ietf-snmp:snmp/vacm/group/name

Indicates the name of an SNMPv3 user group.

The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/ietf-snmp:snmp/vacm/group/access/context

Indicates the context applicable to access rights.

The value is a string of 0 to 32 case-sensitive characters.

Configure this object when the SNMPv3 user group is configured.

/ietf-snmp:snmp/vacm/group/access/security-model

Indicates the security mode of an SNMPv3 user group.

The value is usm.

Configure this object when the SNMPv3 user group is configured.

/ietf-snmp:snmp/vacm/group/access/security-level

Indicates the security level of an SNMPv3 user group.

The value is of the enumerated type:

  • no-auth-no-priv: indicates that the user group name neither needs to be authenticated nor encrypted.
  • auth-no-priv: indicates that the user group name only needs to be authenticated.
  • auth-priv: indicates that the user group name needs to be authenticated and encrypted.

N/A

/ietf-snmp:snmp/vacm/group/access/read-view

Indicates the name of a MIB view with read-only permission applied to the SNMPv3 user group.

The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/ietf-snmp:snmp/vacm/group/access/write-view

Indicates the name of a MIB view with read and write permission applied to the SNMPv3 user group.

The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/ietf-snmp:snmp/vacm/group/access/notify-view

Indicates the name of a MIB view with notification permission applied to the SNMPv3 user group.

The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/ietf-snmp:snmp/vacm/group/access/huawei-snmp:acl

Indicates the ACL that an SNMPv3 user group needs to match.
  • The value is an integer that ranges from 2000 to 3999.
  • The value is a string of 1 to 64 case-sensitive characters without spaces and must start with a letter.

It must be an existing ACL.

/ietf-snmp:snmp/vacm/group/member/security-name

Indicates the name of an SNMPv3 user in the user group.

The value is a string of 1 to 32 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

It must be an existing SNMPv3 user.

/ietf-snmp:snmp/vacm/group/member/security-model

Indicates the security mode of an SNMPv3 user in the user group.

The value is usm.

N/A

/ietf-snmp:snmp/huawei-snmp:acl

Indicates the ACL for controlling an NMS that can access the switch.
  • The value is an integer that ranges from 2000 to 3999.
  • The value is a string of 1 to 64 case-sensitive characters without spaces and must start with a letter.

It must be an existing ACL.

/ietf-snmp:snmp/huawei-snmp:mms

Indicates the maximum size of SNMP packets received and sent by the switch.

The value is an integer that ranges from 484 to 17940, in bytes. The default value is 12000.

N/A

/ietf-snmp:snmp/huawei-snmp:trap-enable

Indicates whether the switch sends Trap messages of all modules to the NMS.

The value is of the Boolean type:

  • default-type: Whether the switch sends Trap messages of all modules to the NMS is restored to the default settings.
  • enable-all: The switch sends Trap messages of all modules to the NMS.
  • disable-all: The switch does not send Trap messages of any module to the NMS.

The default value is default-type.

To check whether the switch sends Trap messages of all modules to the NMS, run the display snmp-agent trap all command on the switch.

/ietf-snmp:snmp/huawei-snmp:source-interface

Specifies the IP address of an interface as the source IP address of the Trap messages sent to the NMS.

The value is a string of characters in the format of interface-typeinterface-number.

  • interface-type: specifies the type of an interface.
  • interface-number: specifies the number of an interface.

The interface must be available on the switch and has an IP address configured.
Parent Topic: SNMP
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >