Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
ACL ipv6 SNMP Ne20

ACL ipv6 SNMP Ne20

Created: Oct 19, 2019 11:56:36Latest reply: Jun 30, 2020 13:09:23 968 6 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hi,


I have a Ne20 router with SNMPv2c enabled and v3 disabled. However, it is responding SNMPv2c to IPv6 address. How to configure IPv6 ACL for SNMPv2c?


cerqueira:snmpwalk -v2c -c XXXXXXX udp6:[2804:xxx:F000:4009::1]

SNMPv2-MIB::sysDescr.0 = STRING: Huawei Versatile Routing Platform Software

VRP (R) software, Version 8.150 (NE20E V800R009C10SPC200)

Copyright (C) 2012-2017 Huawei Technologies Co., Ltd.

HUAWEINE20E-S2F


SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.2011.2.88.8

DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (92537102) 10 days, 17:02:51.02

SNMPv2-MIB::sysName.0 = STRING: HUAWEI-PTT-TOLEDO

SNMPv2-MIB::sysLocation.0 = STRING: Beijing China

SNMPv2-MIB::sysServices.0 = INTEGER: 78

SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00


snmp

Like (0) Dislike (0) Favorite(0) Share Report
Previous: Prevent replay attack
Next: SSH login
Featured Answers

Recommended answer

(0) (0)
chenhui
Admin Created Oct 21, 2019 01:33:36

@user_3324639 hello,
it's similar to configure the ipv6 acl compared with aconfiguring the ipv4 acl, only a extra parameter ipv6 is required.
for example, to create a ipv6 acl 3001,
acl ipv6 3001
rule 5 permit ipv6 source 2001::1/64

for more commands and details, please visit https://support.huawei.com/hedex/hdx.do?docid=EDOC1100075578&id=acl6_configuration_commands&text=ACL6%252520Configuration%252520Commands&lang=en
View more
  • x
  • convention:

BrunoCerqueira
BrunoCerqueira Created Dec 9, 2019 18:12:38 (0) (0)
Ok, but how can I configure an IPv6 ACL on SNMP?  
All Answers
(0) (0)
2#
ster
ster Created Oct 19, 2019 12:47:36

Hi friend
To configure SNMPV2C in ipv6, please refer to the link:https://support.huawei.com/hedex/hdx.do?docid=EDOC1100075578&id=dc_vrp_snmp_cfg_0010&text=Configuring%252520Basic%252520SNMPv2c%252520Functions&lang=en Hope it helps you
View more
  • x
  • convention:
(0) (0)
3#
wissal
wissal MVE Created Oct 19, 2019 13:32:36

Hello,


Please find below how to configure IPv6 ACL for SNMPv2c

Procedure

  1. Run system-view


    The system view is displayed.


  2. Run snmp-agent password min-length min-length


    The minimum SNMP password length is configured.



    After this command is run, the length of a configured SNMP password must be longer than or equal to the minimum SNMP password length.


  3. Configure SNMP proxy, as shown in Table 1. The configuration tasks listed in Table 1 do not need to be performed in sequence.


    3. Configure SNMP proxy

  • Increase the priority of notifications to ensure that the NMS receives them.

  • Increase the priority of GetResponse and SetResponse PDUs to facilitate management operations performed in the management information base (MIB) of a managed device by the NMS.

  • Reduce the priority of GetResponse PDUs, SetResponse PDUs, and notifications to prevent frequent packet sending when network congestion occurs.

  • The target host may be either the NMS or the managed device.

  • You can run this command multiple times with different parameters set to configure a middle-point device to send SNMP proxy packets to multiple NMSs.

  • The default number of the destination User Datagram Protocol (UDP) port is 162, a well-known port number. If you want to change this number to a non-well-known port number, ensure that the new UDP port number is the same as that on the NMS.

  • If you specify neither authentication nor privacy, SNMPv3 packets are neither authenticated nor encrypted.

  • If the NMS and managed device need to communicate over a virtual private network (VPN), use the vpn-instance vpn-instance-name parameter.

  • For an IPv4 network: snmp-agent proxy target-host target-host-name address udp-domain ip-address udp-port port-number [ source interface-type interface-number | { vpn-instance vpn-instance-name | public-net } | timeout timeout-interval ]* params securityname { security-name { v1 | v2c | v3 [ authentication | privacy ] } | cipher cipher-text { v1 | v2c } }

  • For an IPv6 network: snmp-agent proxy target-host target-host-name ipv6 address udp-domain ipv6-address udp-port port-number [ timeout timeout-interval ] params securityname { security-name { v1 | v2c | v3 [ authentication | privacy ] } | cipher cipher-text { v1 | v2c } }

  • For GetRequest protocol data units (PDUs), SetRequest PDUs, and traps: snmp-agent proxy rule rule-name { read | trap | write } remote-engineid remote-engineid target-host target-host-name params-in securityname { security-name { v1 | v2c | v3 [ authentication | privacy ] } | cipher cipher-text v1 | v2c } }

  • For informs: snmp-agent proxy rule rule-name inform remote-engineid remote-engineid target-host target-host-name params-in securityname { security-name { v2c | v3 [ authentication | privacy ] } | cipher cipher-text v2c }

Run commit


The configuration is committed.

For more details refer to the link belowhttps://support.huawei.com/hedex/hdx.do?lib=EDOC1100075578AEI0514L&docid=EDOC1100075578&lang=en&v=02&tocLib=EDOC1100075578AEI0514L&tocV=02&id=dc_vrp_snmp_cfg_0028&tocURL=resources/software/nev8r10_vrpv8r16/user/vrp/dc_vrp_snmp_cfg_0028.html&p=t&fe=1&ui=3&keyword=IPv6+ACL+++SNMPv2cThanks


View more
  • x
  • convention:
(0) (0)
4#
chenhui
chenhui Admin Created Oct 21, 2019 01:33:36

@user_3324639 hello,
it's similar to configure the ipv6 acl compared with aconfiguring the ipv4 acl, only a extra parameter ipv6 is required.
for example, to create a ipv6 acl 3001,
acl ipv6 3001
rule 5 permit ipv6 source 2001::1/64

for more commands and details, please visit https://support.huawei.com/hedex/hdx.do?docid=EDOC1100075578&id=acl6_configuration_commands&text=ACL6%252520Configuration%252520Commands&lang=en
View more
  • x
  • convention:

BrunoCerqueira
BrunoCerqueira Created Dec 9, 2019 18:12:38 (0) (0)
Ok, but how can I configure an IPv6 ACL on SNMP?  
(0) (0)
5#
chenhui
chenhui Admin Created Dec 10, 2019 01:50:09

@user_3324639 hi,
well, actually, what you want the ipv6 ACL do? to block some IPs or allow some IPs, I'm not sure about that. Would you please describe it detailedly.
View more
  • x
  • convention:
(10) (0)
6#
eonardshung
eonardshung Created Jun 30, 2020 13:09:23

Great job!
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.