Configuring the Middle-Point Device

This section describes how to use user-defined parameter settings to configure Simple Network Management Protocol (SNMP) proxy on the middle-point device.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run snmp-agent password min-length min-length

    The minimum SNMP password length is configured.

    After this command is run, the length of a configured SNMP password must be longer than or equal to the minimum SNMP password length.

  3. Configure SNMP proxy, as shown in Table 1. The configuration tasks listed in Table 1 do not need to be performed in sequence.

    Table 1 SNMP proxy configuration tasks

    Configuration Task

    Command

    Description

    Configure proxy rules for SNMP packets.
    • For GetRequest protocol data units (PDUs), SetRequest PDUs, and traps: snmp-agent proxy rule rule-name { read | trap | write } remote-engineid remote-engineid target-host target-host-name params-in securityname { security-string { v1 | v2c | v3 [ authentication | privacy ] } | cipher security-string-cipher { v1 | v2c } }
    • For informs: snmp-agent proxy rule rule-name inform remote-engineid remote-engineid target-host target-host-name params-in securityname { security-string { v2c | v3 [ authentication | privacy ] } | cipher security-string-cipher v2c }

    To enable an NMS to effectively manage a managed device, perform this operation to configure attributes of the target hosts for receiving SNMP proxy packets so that the middle-point device can filter out SNMP packets that do not match the specified attributes, you must correctly configure proxy rules for SNMP packets and ensure that these proxy rules are unique on the middle-point device.

    If you specify neither authentication nor privacy, SNMPv3 packets are neither authenticated nor encrypted.

    Create an SNMP proxy community.

    snmp-agent proxy community { community-name | cipher cipher-name } remote-engineid remote-engineid [ acl { acl-number | acl-name } | alias alias-name ] *

    An SNMP proxy community defines administrative relationships between NMSs and managed devices. The community name acts like a password to regulate access to a managed device. An NMS can access a managed device only if the community name carried in the SNMP request sent by the NMS is the same as the community name configured on the managed device.

    This operation applies only to SNMPv1 and SNMPv2c.

    Configure attributes of the target hosts for receiving SNMP proxy packets.
    • For an IPv4 network: snmp-agent proxy target-host target-host-name address udp-domain ip-address udp-port port-number [ source interface-type interface-number | { vpn-instance vpn-instance-name | public-net } | timeout timeout-value ]* params securityname { security-string { v1 | v2c | v3 [ authentication | privacy ] } | cipher security-string-cipher { v1 | v2c } }
    • For an IPv6 network: snmp-agent proxy target-host target-host-name ipv6 address udp-domain ipv6-address udp-port port-number [ timeout timeout-value ] params securityname { security-string { v1 | v2c | v3 [ authentication | privacy ] } | cipher security-string-cipher { v1 | v2c } }

    To enable the middle-point device to forward SNMP requests from the network management system (NMS) to the managed device and forward responses from the managed device to the NMS.

    • The target host may be either the NMS or the managed device.
    • You can run this command multiple times with different parameters set to configure a middle-point device to send SNMP proxy packets to multiple NMSs.
    • The default number of the destination User Datagram Protocol (UDP) port is 162, a well-known port number. If you want to change this number to a non-well-known port number, ensure that the new UDP port number is the same as that on the NMS.
    • If you specify neither authentication nor privacy, SNMPv3 packets are neither authenticated nor encrypted.
    • If the NMS and managed device need to communicate over a virtual private network (VPN), use the vpn-instance vpn-instance-name parameter.

    Create an SNMP proxy user.

    snmp-agentremote-engineidremote-engineid-nameusm-user v3user-namegroup-nameauthentication-mode { md5 | sha | sha2 } password privacy-mode { des56 | 3des168 | aes128 | aes192 | aes256 } password[ acl { acl-number | acl-name } ]

    SNMPv1 and SNMPv2c use community names for authentication, whereas SNMPv3 uses usernames for authentication.

    Unlike SNMPv1 or SNMPv2c, SNMPv3 can implement access control, identity authentication, and data encryption using the local processing model and user-based security model (USM).

    SNMPv3 provides better security and encryption mechanisms than SNMPv1 and SNMPv2c, and is therefore widely used.

    This operation applies only to SNMPv3.

    (Optional) Configure the priority of SNMP packets.

    snmp-agent packet-priority { snmp | trap } priority-level
    Change the priority of SNMP packets in the following scenarios if necessary:
    • Increase the priority of notifications to ensure that the NMS receives them.
    • Increase the priority of GetResponse and SetResponse PDUs to facilitate management operations performed in the management information base (MIB) of a managed device by the NMS.
    • Reduce the priority of GetResponse PDUs, SetResponse PDUs, and notifications to prevent frequent packet sending when network congestion occurs.

    Configure SNMP proxy for receiving and responding to requests from the CCU.

    To allow data to be managed in a unified manner, you can specify the source interface/IPv6 source address for the SNMP proxy to receive and respond to requests from the CCU or enable the function that allows all interfaces/IPv6 source addresses to be used by the SNMP proxy to receive and respond to requests from the CCU.

  4. Run commit

    The configuration is committed.

Parent Topic: Configuring SNMP Proxy Using User-Defined Parameter Settings
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >