Configuring Basic SNMPv1 Functions

After basic SNMP functions are configured, the NMS can perform basic operations such as Get and Set operations on a managed device, and the managed device can send alarms to the NMS.

Context

The NMS can communicate with managed devices after basic SNMPv1 functions have been configured.

Procedure

Run system-view
The system view is displayed.
Run snmp-agent password min-length min-length
The minimum SNMP password length is configured.

After this command is run, the length of a configured SNMP password must be longer than or equal to the minimum SNMP password length.
(Optional) Run snmp-agent
The SNMP agent function is enabled.

This step is optional because the SNMP agent function is enabled by running any snmp-agent command, irrespective of whether any parameter is specified.
(Optional) Run snmp-agent udp-port port-number
The port number monitored by the SNMP agent is changed.
Run snmp-agent sys-info version v1
The SNMP version is set.

After SNMPv1 is enabled on the managed device, the device supports both SNMPv1 and SNMPv3. This means that the device can be monitored and managed by NMSs running SNMPv1 or SNMPv3.
Run snmp-agent community { read | write } { community-name | cipher cipher-name } [ mib-view view-name | acl { acl-number | acl-name } | alias alias-name ] ^*
The community name is set.

The community name will be saved in encrypted format in the configuration file. The community alias will be saved in simple text format in the configuration file.
If a community name fails the complexity check, the community name cannot be configured. To disable the complexity check for community names, run the snmp-agent community complexity-check disable command. To improve system security, enabling the complexity check for community names is recommended.
HUAWEI has the following requirements on the complexity of community names:
- The minimum length of a community name is eight characters.
- A community name contains at least two types of characters: uppercase characters, lowercase characters, digits, and special characters, excluding question marks (?) and spaces.
After the community name is set, if no MIB view is configured, the NMS that uses the community name has permission to access objects in the Viewdefault view (1.3.6.1).
- read: If the NMS administrator needs the read permission in a specified view, configure read in this command. For example, a low-level administrator needs to read certain data.
- write: If the NMS administrator needs the read and write permissions in a specified view, configure write in this command. For example, a high-level administrator needs to read and write certain data.
Run either of the following commands:
- To configure a destination IPv4 address for the alarms and error codes sent from the device, run snmp-agent target-host [ host-name host-name ] trap address udp-domain ip-address [ [ udp-port port-number ] | [ source interface-type interface-number ] | [ public-net | vpn-instance vpn-instance-name ] ] ^* params securityname { security-name [ v1 | private-netmanager | ext-vb | notify-filter-profile profile-name ] ^* | cipher cipher-name [ v1 | private-netmanager | ext-vb | notify-filter-profile profile-name ] ^* }
- To configure a destination IPv6 address for the alarms and error codes sent from the device, run snmp-agent target-host[ host-name host-name ] trap ipv6 address udp-domain ipv6-address [ udp-port port-number | source interface-type interface-number ] ^* params securityname { security-name [ v1 | private-netmanager | ext-vb | notify-filter-profile profile-name ] ^* | cipher cipher-name [ v1 | private-netmanager | ext-vb | notify-filter-profile profile-name ] ^* }
(Optional) Run snmp-agent sys-info { contact contact | location location }
The device administrator contact information or location is configured.

This step is required for the NMS administrator to view contact information and locations of the device administrator when the NMS manages many devices. This helps the NMS administrator contact the device administrators for fault location and rectification.
(Optional) Run snmp-agent packet max-size byte-count
The maximum size of an SNMP packet that the device can receive or send is set.

After the maximum size is set, the device discards any SNMP packet that is larger than the set size.
(Optional) Run snmp-agent extend error-code enable
The extended error code function is enabled.
Run snmp-agent set-cache enable
The SET Response message caching function is enabled.
Configure SNMP to receive and respond to NMS request packets. To achieve this, run one or more of the following commands as needed.
- Run snmp-agent protocol source-interface interface-type interface-number
  A source interface is configured for SNMP to receive and respond to NMS request packets.
- Run snmp-agent protocol source all-interface
  All interfaces on the device are configured for SNMP to receive and respond to NMS request packets.
- Run snmp-agent protocol physic-isolate source-interface protocol-interface-name source-ip ip-address
  An isolated source address is specified for SNMP to receive and respond to NMS request packets.
  
  After the interface isolation attribute is set successfully, packets can be sent to the server only through the specified physical interface, and those sent through other interfaces are discarded.
- Run snmp-agent protocol ipv6 source-ip ip-address
  An IPv6 source address is configured for SNMP to receive and respond to NMS request packets.
- Run snmp-agent protocol ipv6 physic-isolate source-interface protocol-interface-name source-ip ip-address
  An isolated IPv6 source address is specified for the SNMP proxy to receive and respond to requests from the CCU.
- Run snmp-agent protocol source ipv6 all-interface
  All IPv6 addresses on the device are configured for SNMP to receive and respond to NMS request packets.
- Configure SNMP to receive and respond to NMS request packets through a VPN instance or public network.
  - For an IPv4 network, run the snmp-agent protocol { vpn-instance vpn-instance-name | public-net } command.
  - For an IPv6 network, run the snmp-agent protocol ipv6 { vpn-instance vpn-instance-name | public-net } command.
In scenarios such as interface unnumbered, if an isolated source interface and a common source interface (non-isolated source interface) are configured to listen to the same IP address and VPN instance, the common source interface takes effect. When the TCP listening mode is set to all-interface and an isolated source interface is configured, the isolated source interface takes effect if it is matched based on the 5-tuple matching rule; the all-interface configuration takes effect if the isolated source interface is not matched based on the 5-tuple matching rule. The source IP address specified for the isolated source interface does not need to be the interface's IP address.
(Optional) Run snmp-agent local-engineid engineid
An engine ID for the local SNMP entity is set.

The MAC address of the management interface on the main control board is used as device information.
(Optional) Run snmp-agent protocol server [ ipv4 | ipv6 ] disable
The SNMP IPv4 or IPv6 listening port is disabled.

After you disable the SNMP IPv4 or IPv6 listening port using the snmp-agent protocol server disable command, SNMP no longer processes SNMP packets. Exercise caution when you disable the SNMP IPv4 or IPv6 listening port.
(Optional) Configure SNMP proxy for receiving and responding to requests from the CCU.
- IPv4 network
  - To specify a source interface for the SNMP proxy to receive and respond to requests from the CCU, run the snmp-agent proxy protocol source-interface { protocol-interface-type protocol-interface-number | protocol-interface-name } command.
  - To allow all interfaces to be used by the SNMP proxy to receive and respond to requests from the CCU, run the snmp-agent proxy protocol source all-interface command.
- IPv6 network
  - To specify an IPv6 source address for the SNMP proxy to receive and respond to requests from the CCU, run the snmp-agent proxy protocol ipv6 source-ip ipv6-address [ vpn-instance vpn-instance-name ] command.
  - To allow all IPv6 addresses to be used by the SNMP proxy to receive and respond to requests from the CCU, run the snmp-agent proxy protocol source ipv6 all-interface command.
Run commit
The configuration is committed.

Follow-up Procedure

After the configuration is complete, the NMS and managed device can communicate.

Access control allows any NMS that uses the community name to monitor and manage all the objects on the managed device.
The managed device sends alarms generated by the modules that are enabled by default to the NMS.

If finer device management is required, follow directions below to configure the managed device:

To allow a specified NMS that uses the community name to manage specified objects on the device, follow the procedure described in Controlling the NMS's Access to the Device.
To allow a specified module on the managed device to report alarms to the NMS, follow the procedure described in Configuring the Trap Function.