How Do I Configure a Switch to Communicate with an NMS Through SNMP?

Latest reply: May 11, 2018 06:53:22 1138 2 1 0
Q: How Do I Configure a Switch to Communicate with an NMS Through SNMP?

A: Three SNMP versions are available: v1, v2c, and v3. SNMPv1 and SNMPv2c use community name-based authentication, whereas SNMPv3 uses user security module and view-based access control module. SNMPv3 is recommended due to its enhanced security.

The following describes how to configure SNMPv2c and SNMPv3 on a switch.

Configuring SNMPv2c

Set the SNMP version to v2c and read/write community name to Private123, and configure access control.

<HUAWEI> system-view
[~HUAWEI] acl 2001
[*HUAWEI-acl4-basic-2001] rule permit source 192.168.1.0 0.0.0.255  //Allow only the NMS on network segment 192.168.1.0 to access the switch.
[*HUAWEI-acl4-basic-2001] commit
[~HUAWEI-acl4-basic-2001] quit
[~HUAWEI] snmp-agent mib-view included alliso iso  //Set the MIB view name to alliso and accessed view includes iso.
[*HUAWEI] snmp-agent sys-info version v2c  //The SNMP version used by the switch must be the same as the SNMP version used by the NMS; otherwise, the switch cannot communicate with the NMS.
[*HUAWEI] snmp-agent community write Private123 mib-view alliso acl 2001
[*HUAWEI] snmp-agent target-host trap address udp-domain 10.1.1.2 params securityname adminNMS1234 v2c
              //Set the IP address of trap host to 10.1.1.2, security name to adminNMS1234, and trap version to v2c.
[*HUAWEI] commit

After the preceding configuration is complete, the NMS can connect to the switch using the configured read/write community name.


Configuring SNMPv3

The security levels of the trap host, user, and user group are in descending order.

The security levels include:
  • privacy: authentication and encryption
  • authentication: authentication and no encryption
  • none: no authentication and no encryption


If the user group is at the privacy level, the user and trap host must be at the privacy level. If the user group is at the authentication level, the user and trap host must be at the privacy or authentication level.
Set the user group name to huawei_group and security level to privacy, and configure access control.

<HUAWEI> system-view
[~HUAWEI] acl 2001
[*HUAWEI-acl4-basic-2001] rule permit source 192.168.1.0 0.0.0.255  //Allow only the NMS on network segment 192.168.1.0 to access the switch.
[*HUAWEI-acl4-basic-2001] commit
[~HUAWEI-acl4-basic-2001] quit
[~HUAWEI] snmp-agent mib-view included alliso iso  //Set the MIB view name to alliso and accessed view includes iso.
[*HUAWEI] snmp-agent sys-info version v3  //The SNMP version used by the switch must be the same as the SNMP version used by the NMS; otherwise, the switch cannot communicate with the NMS.
[*HUAWEI] snmp-agent group v3 huawei_group privacy write-view alliso acl 2001
[*HUAWEI] snmp-agent usm-user v3 huawei_user group huawei_group  //Set the SNMPv3 user name to huawei_user and add the user to user group huawei_group.
[*HUAWEI] snmp-agent usm-user v3 huawei_user authentication-mode sha
Please configure the authentication password (8-255)
Enter Password:               //Enter the authentication password.
Confirm Password:             //Confirm the authentication password.
[*HUAWEI] snmp-agent usm-user v3 huawei_user privacy-mode aes256
Please configure the privacy password (8-255)
Enter Password:              //Enter the encryption password.
Confirm Password:            //Confirm the encryption password.
[*HUAWEI] snmp-agent target-host trap address udp-domain 10.1.1.2 params securityname huawei_user v3 privacy
              //Set the IP address of trap host to 10.1.1.2, security name to huawei_user, and trap version to v3.
[*HUAWEI] commit

After the preceding configuration is complete, the NMS can connect to the switch using the configured user name, authentication password, and encryption password. This post was last edited by t00277996 at 2018-04-13 02:13.
  • x
  • convention:

gululu
Admin Created Apr 13, 2018 00:34:23 Helpful(0) Helpful(0)

good!
  • x
  • convention:

Come on!
yangyong
Created May 11, 2018 06:53:22 Helpful(0) Helpful(0)

useful document, thanks
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login