Configuring Basic SNMPv2c Functions

Procedure

1. Run system-view

   The system view is displayed.

2. Run snmp-agent password min-length min-length

   The minimum SNMP password length is configured.

   After this command is run, the length of a configured SNMP password must be longer than or equal to the minimum SNMP password length.

3. (Optional) Run snmp-agent

   The SNMP agent function is enabled.

   This step is optional because the SNMP agent function can be enabled by running any snmp-agent command, irrespective of whether any parameter is specified.

4. (Optional) Run snmp-agent udp-port port-number

   The port number monitored by the SNMP agent is changed.

   If this step is skipped, the default port number is used.

5. Run snmp-agent sys-info version v2c

   After SNMPv2c is enabled on the managed device, the device supports both SNMPv2c and SNMPv3. This means that the device can be monitored and managed by NMSs running SNMPv2c or SNMPv3.

   

   The SNMP version must be the same as that of the destination host that sends trap messages and error codes.

6. Run snmp-agent community { read | write } { community-name | cipher cipher-name } [ mib-view view-name | acl { acl-number | acl-name } | alias alias-name ] ^*

   The community name is set.

   The community name will be saved in encrypted format in the configuration file. The community alias will be saved in simple text format in the configuration file.

   To disable the complexity check for community names, run the snmp-agent community complexity-check disable command. To improve system security, enabling the complexity check for community names is recommended.

   

   HUAWEI has the following requirements on the complexity of community names:

   • The minimum length of a community name is eight characters.

   • A community name contains at least two types of characters: uppercase characters, lowercase characters, digits, and special characters, excluding question marks (?) and spaces.

   After the community name is set, if no MIB view is configured, the NMS that uses the community name has permission to access objects in the Viewdefault view (1.3.6.1).

   • read: If the NMS administrator needs the read permission in a specified view, configure read in this command. For example, a low-level administrator needs to read certain data.

   • write: If the NMS administrator needs the read and write permissions in a specified view, configure write in this command. For example, a high-level administrator needs to read and write certain data.

7. Choose one of the following commands as needed to configure the destination IP address for the alarms and error codes sent from the device.

   • If the network is an IPv4 network, configure the device to send either traps or informs to the NMS.

     

     The differences between traps and informs are as follows:

     • The traps sent by the managed device do not need to be acknowledged by the NMS.

     • The informs sent by the managed device need to be acknowledged by the NMS. If no acknowledgement message from the NMS is received within a specified time period, the managed device resends the inform until the number of retransmissions reaches the maximum that is configured.

       When the managed device sends an inform, it records the inform in the log. If the NMS and link between the NMS and managed device recovers from a fault, the NMS can still learn the inform sent during the fault occurrence and rectification.

     In this regard, informs are more reliable than traps, but the device may need to buffer a lot of informs because of the inform retransmission mechanism and this may consume many memory resources.

     If the network is stable, using traps is recommended. If the network is unstable and the device's memory capacity is sufficient, using informs is recommended.

     • To configure a destination IP address for the traps and error codes sent from the device, run snmp-agent target-host [ host-name host-name ] trap address udp-domain ip-address [ [ udp-port port-number ] | [ source interface-type interface-number ] | [ public-net | vpn-instance vpn-instance-name ] ] ^* params securityname { security-name [ v2c | private-netmanager | ext-vb | notify-filter-profile profile-name ] ^* | cipher cipher-name [ v2c | private-netmanager | ext-vb | notify-filter-profile profile-name ] ^* }

     • To configure a destination IP address for the informs and error codes sent from the device, run snmp-agent target-host [ host-name host-name ] inform address udp-domain ip-address [ [ udp-port port-number ] | [ source interface-type interface-number ] | [ public-net | vpn-instance vpn-instance-name ] ] ^* params securityname { security-name v2c | cipher cipher-name v2c } [ ext-vb | notify-filter-profile profile-name | private-netmanager ] ^*

     The descriptions of the command parameters are as follows:

     • udp-port: The default destination UDP port number is 162. In some special cases, the parameter udp-port can be used to specify a non-well-known UDP port number. This ensures communication between the NMS and managed device.

     • vpn-instance: If the alarms sent from the managed device to the NMS need to be transmitted over a private network, the parameter vpn-instance vpn-instance-name needs to be used to specify a VPN that takes over the sending task.

     • public-net: If the alarms sent from the managed device to the NMS need to be transmitted over a public network, the parameter public-net needs to be used to specified.

     • securityname: Identifies the alarm sender, which helps you learn the alarm source.

   • To configure a destination IPv6 address for the alarms and error codes sent from the device, run snmp-agent target-host [ host-name host-name ] trap ipv6 address udp-domain ipv6-address [ udp-port port-number | source interface-type interface-number ] ^* params securityname { security-name [ v2c | private-netmanager | ext-vb | notify-filter-profile profile-name ] ^* | cipher cipher-name [ v2c | private-netmanager | ext-vb | notify-filter-profile profile-name ] ^* }

   

   An IPv6 network supports only traps, not informs.

8. (Optional) Run snmp-agent sys-info { contact contact | location location }

   The device administrator contact information or location is configured.

   This step is required for the NMS administrator to view contact information and locations of the device administrator when the NMS manages many devices. This helps the NMS administrator contact the device administrators for fault location and rectification.

9. (Optional) Run snmp-agent packet max-size byte-count The maximum size of an SNMP packet that the device can receive or send is set.

   After the maximum size is set, the device discards any SNMP packet that is larger than the set size.

10. (Optional) Run snmp-agent extend error-code enable

    The extended error code function is enabled.

11. Run snmp-agent set-cache enable

    The SET Response message caching function is enabled.

12. Configure SNMP to receive and respond to NMS request packets. To achieve this, run one or more of the following commands as needed.
    • Run snmp-agent protocol source-interface interface-type interface-number

      A source interface is configured for SNMP to receive and respond to NMS request packets.

    • Run snmp-agent protocol source all-interface

      All interfaces on the device are configured for SNMP to receive and respond to NMS request packets.

    • Run snmp-agent protocol physic-isolate source-interface protocol-interface-name source-ip ip-address
      An isolated source address is specified for SNMP to receive and respond to NMS request packets.

      

      After the interface isolation attribute is set successfully, packets can be sent to the server only through the specified physical interface, and those sent through other interfaces are discarded.

    • Run snmp-agent protocol ipv6 source-ip ip-address

      An IPv6 source address is configured for SNMP to receive and respond to NMS request packets.

    • Run snmp-agent protocol ipv6 physic-isolate source-interface protocol-interface-name source-ip ip-address

      An isolated IPv6 source address is specified for the SNMP proxy to receive and respond to requests from the CCU.

    • Run snmp-agent protocol source ipv6 all-interface

      All IPv6 addresses on the device are configured for SNMP to receive and respond to NMS request packets.

    • Configure SNMP to receive and respond to NMS request packets through a VPN instance or public network.
      • For an IPv4 network, run the snmp-agent protocol { vpn-instance vpn-instance-name | public-net } command.
      • For an IPv6 network, run the snmp-agent protocol ipv6 { vpn-instance vpn-instance-name | public-net } command.
    

    In scenarios such as interface unnumbered, if an isolated source interface and a common source interface (non-isolated source interface) are configured to listen to the same IP address and VPN instance, the common source interface takes effect. When the TCP listening mode is set to all-interface and an isolated source interface is configured, the isolated source interface takes effect if it is matched based on the 5-tuple matching rule; the all-interface configuration takes effect if the isolated source interface is not matched based on the 5-tuple matching rule. The source IP address specified for the isolated source interface does not need to be the interface's IP address.

13. (Optional) Run snmp-agent local-engineid engineid

    An engine ID for the local SNMP entity is set.

    The MAC address of the management interface on the main control board is used as device information.

14. (Optional) Configure SNMP proxy for receiving and responding to requests from the CCU.
    • IPv4 network
      • To specify a source interface for the SNMP proxy to receive and respond to requests from the CCU, run the snmp-agent proxy protocol source-interface { protocol-interface-type protocol-interface-number | protocol-interface-name } command.
      • To allow all interfaces to be used by the SNMP proxy to receive and respond to requests from the CCU, run the snmp-agent proxy protocol source all-interface command.
    • IPv6 network
      • To specify an IPv6 source address for the SNMP proxy to receive and respond to requests from the CCU, run the snmp-agent proxy protocol ipv6 source-ip ipv6-address [ vpn-instance vpn-instance-name ] command.
      • To allow all IPv6 addresses to be used by the SNMP proxy to receive and respond to requests from the CCU, run the snmp-agent proxy protocol source ipv6 all-interface command.

15. (Optional) Run snmp-agent protocol get-bulk timeout time

    The get-bulk operation timeout period is configured.

    You are not advised to change the get-bulk operation timeout period. The default get-bulk operation timeout period is recommended. To reconfigure a get-bulk operation timeout period, you must ensure that the configured period is less than an NMS's timeout period.

16. (Optional) Run snmp-agent protocol server [ ipv4 | ipv6 ] disable

    The SNMP IPv4 or IPv6 listening port is disabled.

    After you disable the SNMP IPv4 or IPv6 listening port using the snmp-agent protocol server disable command, SNMP no longer processes SNMP packets. Exercise caution when you disable the SNMP IPv4 or IPv6 listening port.

17. Run commit

    The configuration is committed.