cloudengine 6800&5800 v100r001c00 configuration guide - network management 04.pdf

CloudEngine 6800&5800 Series SwitchesV100R001C00

Configuration Guide - NetworkManagement

Issue 04Date 2013-07-10

HUAWEI TECHNOLOGIES CO., LTD.

Copyright Huawei Technologies Co., Ltd. 2013. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees or representationsof any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://enterprise.huawei.com

Issue 04 (2013-07-10) Huawei Proprietary and ConfidentialCopyright Huawei Technologies Co., Ltd.

i

About This Document

Intended AudienceThis document provides the basic concepts, configuration procedures, and configurationexamples in different application scenarios of the network management feature supported bythe device.This document is intended for:l Data configuration engineersl Commissioning engineersl Network monitoring engineersl System maintenance engineers

Symbol ConventionsThe symbols that may be found in this document are defined as follows.

Symbol Description

DANGERIndicates a hazard with a high level or medium level of riskwhich, if not avoided, could result in death or serious injury.

WARNINGIndicates a hazard with a low level of risk which, if notavoided, could result in minor or moderate injury.

CAUTIONIndicates a potentially hazardous situation that, if notavoided, could result in equipment damage, data loss,performance deterioration, or unanticipated results.

TIP Provides a tip that may help you solve a problem or save time.

NOTE Provides additional information to emphasize or supplementimportant points in the main text.

CloudEngine 6800&5800 Series SwitchesConfiguration Guide - Network Management About This Document


ii

Command ConventionsThe command conventions that may be found in this document are defined as follows.

Convention DescriptionBoldface The keywords of a command line are in boldface.Italic Command arguments are in italics.[ ] Items (keywords or arguments) in brackets [ ] are optional.{ x | y | ... } Optional items are grouped in braces and separated by

vertical bars. One item is selected.[ x | y | ... ] Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.{ x | y | ... }* Optional items are grouped in braces and separated by

vertical bars. A minimum of one item or a maximum of allitems can be selected.

[ x | y | ... ]* Optional items are grouped in brackets and separated byvertical bars. You can select one or several items, or selectno item.

& The parameter before the & sign can be repeated 1 to n times.# A line starting with the # sign is comments.

Interface Numbering ConventionsInterface numbers used in this manual are examples. In device configuration, use the existinginterface numbers on devices.

Change HistoryChanges between document issues are cumulative. Therefore, the latest document versioncontains all updates made to previous versions.

Changes in Issue 04 (2013-07-10)This version has the following updates:The following information is modified:l 7.5.1 Clearing LLDP Statisticsl 7.5.2 Monitoring LLDP Status



iii

Changes in Issue 03 (2013-05-10)This version has the following updates:The following information is modified:l 1.4.3 (Optional) Configuring the Trap Function

Changes in Issue 02 (2013-03-15)This version has the following updates:The following information is modified:l 1.4.1 Configuring Basic SNMPv1 Functionsl 1.5.1 Configuring Basic SNMPv2c Functionsl 1.5.3 (Optional) Configuring the Trap/Inform Functionl 1.5.5 Checking the Configuration

Changes in Issue 01 (2012-12-31)Initial commercial release.



iv

Contents

About This Document.....................................................................................................................ii1 SNMP Configuration....................................................................................................................11.1 SNMP Overview.............................................................................................................................................................31.2 SNMP Features Supported by the Device......................................................................................................................31.3 Default Configuration.....................................................................................................................................................51.4 Configuring a Device to Communicate with an NMS by Running SNMPv1................................................................61.4.1 Configuring Basic SNMPv1 Functions.......................................................................................................................61.4.2 (Optional) Restricting Management Rights of the NMS.............................................................................................81.4.3 (Optional) Configuring the Trap Function..................................................................................................................91.4.4 (Optional) Enhancing the Reliability for Transmitting SNMP Packets....................................................................111.4.5 Checking the Configuration.......................................................................................................................................111.5 Configuring a Device to Communicate with an NMS by Running SNMPv2c............................................................121.5.1 Configuring Basic SNMPv2c Functions...................................................................................................................131.5.2 (Optional) Restricting Management Rights of the NMS...........................................................................................141.5.3 (Optional) Configuring the Trap/Inform Function....................................................................................................161.5.4 (Optional) Enhancing the Reliability for Transmitting SNMP Packets....................................................................181.5.5 Checking the Configuration.......................................................................................................................................181.6 Configuring a Device to Communicate with an NMS by Running SNMPv3..............................................................191.6.1 Configuring Basic SNMPv3 Functions.....................................................................................................................201.6.2 (Optional) Restricting Management Rights of the NMS...........................................................................................221.6.3 (Optional) Configuring the Trap/Inform Function....................................................................................................251.6.4 (Optional) Enhancing the Reliability for Transmitting SNMP Packets....................................................................271.6.5 Checking the Configuration.......................................................................................................................................271.7 Maintaining SNMP.......................................................................................................................................................281.7.1 Checking the Statistics About SNMP Packets..........................................................................................................281.8 SNMP Configuration Examples...................................................................................................................................281.8.1 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv1................................291.8.2 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv2c..............................321.8.3 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv3................................352 RMON Configuration.................................................................................................................392.1 RMON Overview.........................................................................................................................................................402.2 RMON Supported by the Device..................................................................................................................................41

CloudEngine 6800&5800 Series SwitchesConfiguration Guide - Network Management Contents


v

2.3 Configuring RMON......................................................................................................................................................422.3.1 Configuring RMON Statistics Functions..................................................................................................................422.3.2 Configuring RMON Alarm Functions.......................................................................................................................442.3.3 Checking the Configuration.......................................................................................................................................452.4 Configuration Example.................................................................................................................................................452.4.1 Example for Configuring RMON..............................................................................................................................453 NETCONF Configuration..........................................................................................................503.1 Overview......................................................................................................................................................................513.2 Establishing Communication Between the NMS and a Device Using NETCONF.....................................................523.2.1 Configuring VTY User Interfaces to Support SSH...................................................................................................523.2.2 Configuring an SSH User..........................................................................................................................................533.2.3 Enabling NETCONF.................................................................................................................................................573.2.4 Logging in to the NETCONF Agent Using the NMS...............................................................................................583.2.5 Checking the Configuration.......................................................................................................................................593.3 Configuration Examples...............................................................................................................................................593.3.1 Example for Establishing Communication Between the NMS and a Device Using NETCONF.............................594 NTP Configuration......................................................................................................................644.1 NTP Overview..............................................................................................................................................................654.2 NTP Features Supported by the Device.......................................................................................................................654.3 Default Configuration...................................................................................................................................................664.4 Configuring Basic NTP Functions...............................................................................................................................674.4.1 Configuring an NTP primary clock...........................................................................................................................674.4.2 Configuring NTP Operating Modes..........................................................................................................................684.4.3 Checking the Configuration.......................................................................................................................................724.5 Configuring the Local Source Interface for Sending and Receiving NTP Packets......................................................734.6 Limit on the Number of Local Dynamic Sessions.......................................................................................................744.7 Configuring NTP Access Control.................................................................................................................................744.7.1 Disabling a Specified Interface from Receiving NTP Packets..................................................................................754.7.2 Configuring NTP Access Control Authority.............................................................................................................754.7.3 Configuring NTP Authentication..............................................................................................................................774.7.4 Checking the Configuration.......................................................................................................................................784.8 Maintaining NTP..........................................................................................................................................................784.8.1 Monitoring the Running Status of NTP.....................................................................................................................784.9 Configuration Examples of NTP..................................................................................................................................794.9.1 Example for Configuring Authenticated NTP Unicast Client/Server Mode.............................................................794.9.2 Example for Configuring NTP Symmetric Peer Mode.............................................................................................844.9.3 Example for Configuring Authenticated NTP Broadcast Mode................................................................................874.9.4 Example for Configuring NTP Multicast Mode........................................................................................................915 Ping and Tracert Configuration................................................................................................965.1 Ping/Tracert Overview.................................................................................................................................................975.1.1 Ping/Tracert...............................................................................................................................................................97



vi

5.1.2 TRILL Ping................................................................................................................................................................985.2 Checking IP Network Connectivity Through Ping/Tracert..........................................................................................995.2.1 Checking IP Network Connectivity Through Ping....................................................................................................995.2.2 Detecting IP Network Paths and Locating Faults Through Tracert..........................................................................995.3 Checking TRILL Network Connectivity Through Ping.............................................................................................1005.4 Configuration Examples.............................................................................................................................................1005.4.1 Example for Performing Ping and Tracert Operations............................................................................................1006 NQA Configuration..................................................................................................................1026.1 NQA Overview...........................................................................................................................................................1036.2 NQA Features Supported by the Device....................................................................................................................1036.3 Configuring an NQA Test Instance............................................................................................................................1046.3.1 Configuring an ICMP Test Instance........................................................................................................................1046.3.2 Configuring an ICMP Jitter Test Instance...............................................................................................................1066.3.3 Configuring a TCP Test Instance............................................................................................................................1086.3.4 Configuring a UDP Jitter Test Instance...................................................................................................................1106.3.5 Checking the Configuration.....................................................................................................................................1136.4 Configuring the NQA Transmission Delay Threshold and Alarm Threshold............................................................1136.4.1 Configuring the Two-Way Transmission Delay Threshold....................................................................................1146.4.2 Configuring the One-Way Transmission Delay Threshold.....................................................................................1146.5 Configuring the Trap Function...................................................................................................................................1156.5.1 Enabling the NQA Alarm Function.........................................................................................................................1166.5.2 Configuring the NQA Client to Send Traps When a Test Fails..............................................................................1166.5.3 Configuring the NQA Client to Send Traps When a Probe Fails............................................................................1176.5.4 Configuring the NQA Client to Send Traps After a Probe Succeeds......................................................................1186.5.5 Configuring the NQA Client to Send Traps When the Transmission Delay Exceeds the Threshold.....................1186.5.6 Checking the Configuration.....................................................................................................................................1196.6 Scheduling an NQA Test Instance..............................................................................................................................1196.6.1 Starting an NQA Test Instance................................................................................................................................1196.6.2 (Optional) Stopping an NQA Test Instance............................................................................................................1216.6.3 Checking Test Results.............................................................................................................................................1226.7 Maintaining NQA.......................................................................................................................................................1226.7.1 Clearing NQA Test Statistics..................................................................................................................................1236.8 Configuration Examples.............................................................................................................................................1236.8.1 Example for Configuring an ICMP Test Instance...................................................................................................1236.8.2 Example for Configuring an ICMP Jitter Test Instance..........................................................................................1256.8.3 Example for Configuring a TCP Test Instance.......................................................................................................1286.8.4 Example for Configuring a UDP Jitter Test Instance..............................................................................................1317 LLDP Configuration.................................................................................................................1347.1 LLDP Overview.........................................................................................................................................................1357.2 Default Configuration.................................................................................................................................................1357.3 Configuring Basic LLDP Functions...........................................................................................................................1357.3.1 Enabling LLDP........................................................................................................................................................136



vii

7.3.2 (Optional) Disabling LLDP on an Interface............................................................................................................1367.3.3 (Optional) Configuring an LLDP Management Address........................................................................................1377.3.4 (Optional) Configuring LLDP Time Parameters.....................................................................................................1387.3.5 (Optional) Configuring the Delay in Initializing Interfaces....................................................................................1397.3.6 (Optional) Configuring the Type of TLVs that an Interface Can Send...................................................................1397.3.7 (Optional) Configuring the Number of LLDP Packets Quickly Sent by the Device to a Neighbor.......................1407.3.8 (Optional) Configuring MDN..................................................................................................................................1417.3.9 Checking the Configuration.....................................................................................................................................1437.4 Configuring the LLDP Alarm Function.....................................................................................................................1437.4.1 Setting the Delay in Sending Traps About Neighbor Information Changes...........................................................1437.4.2 Enabling the LLDP Trap Function.........................................................................................................................1447.4.3 Checking the Configuration.....................................................................................................................................1457.5 Maintenance LLDP.....................................................................................................................................................1457.5.1 Clearing LLDP Statistics.........................................................................................................................................1457.5.2 Monitoring LLDP Status.........................................................................................................................................1467.6 Configuration Examples.............................................................................................................................................1467.6.1 Example for Configuring LLDP on the Device That Has a Single Neighbor.........................................................1467.6.2 Example for Configuring LLDP on the Device That Has Multiple Neighbors.......................................................1507.6.3 Example for Configuring LLDP on the Network with link aggregation configured..............................................1557.6.4 Example for Configuring MDN..............................................................................................................................1608 Packet Capture Configuration................................................................................................1648.1 Packet Capture Overview...........................................................................................................................................1658.2 Configuring the Device to Capture Forwarded Packets.............................................................................................1658.3 Configuring the Capture Function for Packets Sent to the CPU................................................................................1668.4 Configuration Examples.............................................................................................................................................1668.4.1 Example for Configuring Packet Capture Function................................................................................................167



viii

1 SNMP ConfigurationAbout This Chapter

The Simple Network Management Protocol (SNMP) is a standard network management protocolwidely used on TCP/IP networks. It uses a central computer (a network management station)that runs network management software to manage network elements. There are three SNMPversions, SNMPv1, SNMPv2c, and SNMPv3. Users can choose to configure one or moreversions if needed.

1.1 SNMP OverviewAs a network management standard protocol used on TCP/IP networks, SNMP uses a centralcomputer (NMS) that runs network management software to manage network elements.1.2 SNMP Features Supported by the DeviceThis section compares SNMP versions in terms of their support for features and usage scenariosto provide a reference for your SNMP version selection during network deployment.1.3 Default ConfigurationThis topic describes the default settings of common parameters.1.4 Configuring a Device to Communicate with an NMS by Running SNMPv1After SNMPv1 is configured, a managed device and an NMS can run SNMPv1 to communicatewith each other. To ensure communication, you need to configure the agent and NMS. Thissection describes the configuration on a managed device (the agent side). For details aboutconfiguration on an NMS, see the pertaining NMS operation guide.1.5 Configuring a Device to Communicate with an NMS by Running SNMPv2cAfter SNMPv2c is configured, a managed device and an NMS can run SNMPv2c tocommunicate with each other. To ensure communication, you need to configure the agent andNMS. This section describes the configuration on a managed device (the agent side). For detailsabout configuration on an NMS, see the pertaining NMS operation guide.1.6 Configuring a Device to Communicate with an NMS by Running SNMPv3After SNMPv3 is configured, a managed device and an NMS can run SNMPv3 to communicatewith each other. To ensure communication, you need to configure the agent and NMS. Thissection describes the configuration on a managed device (the agent side). For details aboutconfiguration on an NMS, see the pertaining NMS operation guide.1.7 Maintaining SNMP

CloudEngine 6800&5800 Series SwitchesConfiguration Guide - Network Management 1 SNMP Configuration


1

This chapter describes how to monitor SNMP running status after the SNMP configuration iscomplete.1.8 SNMP Configuration ExamplesThis section provides several examples for configuring SNMP. The configuration roadmap inthe examples helps you understand the configuration procedures. Each configuration exampleprovides information about the networking requirements and configuration roadmap.



2

1.1 SNMP OverviewAs a network management standard protocol used on TCP/IP networks, SNMP uses a centralcomputer (NMS) that runs network management software to manage network elements.In a large network, it is very difficult for network administrator to detect, locate and rectify thefault as the devices does not report the fault. This affects maintenance efficiency and increasesmaintenance workload. To solve this problem, equipment vendors have provided networkmanagement functions in some products. The NMS then can query the status of remote devices,and devices can send traps to the NMS in the case of particular events.SNMP is an application layer protocol that defines the transmission of management informationbetween the NMS and the agent. SNMP defines operations that the NMS can perform onmanaged devices and enables devices to report traps upon a fault.

1.2 SNMP Features Supported by the DeviceThis section compares SNMP versions in terms of their support for features and usage scenariosto provide a reference for your SNMP version selection during network deployment.The device supports SNMPv1, SNMPv2c, and SNMPv3. Table 1-1 lists the features supportedby SNMP, and Table 1-2 shows the support of different SNMP versions for the features. Table1-3 describes the usage scenarios of SNMP versions, which helps you choose a proper versionfor the communication between an NMS and managed devices based on the network operationconditions.

NOTE

When multiple NMSs using different SNMP versions manage the same device in a network SNMPv1,SNMPv2c, and SNMPv3 are configured on the device for its communication with all the NMSs.

Table 1-1 Description of features supported by SNMPFeature DescriptionAccess control This function is used to restrict a user's device administration rights.

It gives specific users the rights to manage specified objects ondevices and therefore provides fine management.

Authentication andprivacy

The authentication and privacy packets are transmitted between theNMS and managed devices. This prevents data packets from beingintercepted or modified, improving data sending security.

Error code Error codes help the administrator to identify and rectify faults. It iseasy for the administrator to manage the device if the error codes aremore with variety.

Trap Traps are sent from managed devices to the NMS. Traps helpadministrator to know device faults.The managed devices do not require the acknowledgement from theNMS after sending traps.



3

Feature DescriptionInform Informs are sent from managed devices to the NMS.

The managed devices require the acknowledgement from the NMSafter sending informs. If a managed device does not receive anacknowledgement after sending an inform.

GetBulk GetBulk allows an administrator to perform Get-Next operations inbatches. In a large network, GetBulk reduces the workload ofadministrator and improves management efficiency.

NOTE

After the restart, the NMS can receive the informs that are sent during the restart.

Table 1-2 Different SNMP versions support for the featuresFeature SNMPv1 SNMPv2c SNMPv3Access control Access control based

on the communityname and MIB view

Access control basedon the communityname and MIB view

Access control basedon the user, usergroup, and MIB view

Authentication andprivacy

Authentication basedon the communityname

Authenticationbased on thecommunity name

Supportedauthentication andprivacy modes are asfollows:Authenticationmode:l MD5l SHAEncryption mode:DES56

Error code 6 error codessupported

16 error codessupported

16 error codessupported

Trap Supported Supported SupportedInform Not supported Supported SupportedGetBulk Not supported Supported Supported



4

Table 1-3 Usage scenarios of different SNMP versionsVersion Usage ScenarioSNMPv1 This version is applicable to small-scale networks whose networking

is simple and security requirements are low or whose security andstability are good, such as campus networks and small enterprisenetworks.

SNMPv2c This version is applicable to medium and large-scale networks whosesecurity requirements are not strict or whose security is good (forexample, VPNs) but whose services are so busy that trafficcongestion may occur.Use inform to ensure the messages sent from managed devices arereceived by the NMS.

SNMPv3 This version is applicable to networks of various scales, especiallythe networks that have strict requirements on security and can bemanaged only by authorized administrators. For example, databetween the NMS and managed device needs to be transmitted overa public network.

If you plan to build a network, choose an SNMP version based on your usage scenario. If youplan to expand or upgrade an existing network, choose an SNMP version to match the SNMPversion running on the NMS to ensure the communication between managed devices and theNMS.

1.3 Default ConfigurationThis topic describes the default settings of common parameters.Table 1-4 lists the default settings of SNMP parameters.

Table 1-4 Default settings of SNMP parametersParameter Default ValueSNMP agent The SNMP agent function is disabled.SNMP trap receivehost

No host is configured to receive traps.

SNMP version SNMPv3.SNMPv3authentication modeand encryption mode

No authentication and no encryption.



5

1.4 Configuring a Device to Communicate with an NMS byRunning SNMPv1

After SNMPv1 is configured, a managed device and an NMS can run SNMPv1 to communicatewith each other. To ensure communication, you need to configure the agent and NMS. Thissection describes the configuration on a managed device (the agent side). For details aboutconfiguration on an NMS, see the pertaining NMS operation guide.

Pre-configuration TasksBefore configuring a device to communicate with an NMS by running SNMPv1, configure arouting protocol to ensure that at least one route exist between switch and NMS.

ProcedureWhen you configure the device to communicate with the NMS using SNMPv1, ConfiguringBasic SNMPv1 Functions is mandatory and optional steps can be performed in any sequence.After the SNMP basic functions are configured, the NMS can communicate with manageddevices.l The access permission of the NMS that uses the configured community name is

Viewdefault view (OID: 1.3.6.1).l The managed device sends traps generated by the modules that are enabled by default to

the NMS.If finer device management is required, follow directions below to configure a managed device:l To allow a specified NMS that uses the community name to manage specified objects on

the device, follow the procedure described in Restricting Management Rights of theNMS.

l To allow a specified module on the managed device to report traps to the NMS, follow theprocedure described in Configuring the Trap Function.

l To modify SNMP packet transmission parameters, see Enhancing the Reliability forTransmitting SNMP Packets.

1.4.1 Configuring Basic SNMPv1 FunctionsContext

For the configuration of basic SNMP functions, Step 1, Step 3, Step 4, Step 5 and Step 7 aremandatory steps. After the configuration is complete, basic SNMP communication can beestablished between the NMS and managed device.

ProcedureStep 1 Run:

system-view

The system view is displayed.



6

Step 2 (Optional) Run:snmp-agent

The SNMP agent function is enabled.By default, the SNMP agent function is disabled. By executing the snmp-agent command withany parameter enables the SNMP agent function.

Step 3 Run:snmp-agent sys-info version v1

The SNMP version is set to SNMPv1.By default, SNMPv3 is enabled.After SNMPv1 is enabled, the managed devices support SNMPv1 and SNMPv3 and can bemonitored and manged by both SNMPv1 and SNMPv3 NMSs.

Step 4 Run:snmp-agent community { read | write } { community-name | cipher community-name }

The community name is set.By default, the complexity check is enabled for a community name. If a community name failsthe complexity check, the community name cannot be configured. To disable the complexitycheck for a community name, run the snmp-agent community complexity-check disablecommand.

NOTE

The Switch has the following requirements for community name complexity:l The default minimum length of a community name is six characters.l A community name includes at least two kinds of characters, which can be uppercase letters, lowercase

letters, digits, and special characters except question marks (?) and spaces.

After the read-and-write community name is set, the NMS with this name has the right of theViewDefault view (OID: 1.3.6.1). To change the access right of the NMS, see RestrictingManagement Rights of the NMS.

NOTE

Ensure that the community name of the NMS is the same as that set on the agent. If the NMS and the agenthave different community names, the NMS cannot access the agent.

Step 5 Run:snmp-agent target-host [ host-name host-name ] trap address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | vpn-instance vpn-instance-name ] * params securityname { security-name | cipher security-name } [ v1 | private-netmanager | ext-vb | notify-filter-profile profile-name ] *

The destination IP address of traps and error codes is configured.Step 6 (Optional) Run:

snmp-agent sys-info { contact contact | location location }

The equipment administrators contact information or location is configured.By default, the vendor's contact information is "R&D Beijing, Huawei Technologies co.,Ltd.".The default location is "Beijing China".



7

This step is required for the NMS administrator to view contact information and locations of theequipment administrator when the NMS manages many devices. This helps the NMSadministrator to contact the equipment administrators for fault location and rectification.

Step 7 Run:commit

The configuration is committed.----End

1.4.2 (Optional) Restricting Management Rights of the NMSContext

When multiple NMSs using the same community name manage one device, perform thisconfiguration based on the site requirements.

Scenario StepsAll NMSs using this community namehave the right of the ViewDefault view.

No action required

Specified NMSs using this communityname have the right of the ViewDefaultview.

Step 1, Step 2, Step 4, Step 5

All NMSs using this community namemanage specified objects on themanaged device.


Specified NMSs using this communityname manage specified objects on themanaged devices.

Step 1, Step 2, Step 3, Step 4, Step 5

NOTE

The ViewDefault view is the 1.3.6.1 view.


system-view

The system view is displayed.Step 2 Run the following commands to configure the ACL to filter managed devices.

1. Run:acl { [ number ] acl-number | name acl-name basic }

A basic ACL is created.2. Run:

rule [ rule-id ] { deny | permit } source { source-ip-address source-wildcard | any }



8

A rule is added to the ACL.3. Run:

quit

Return to the system view.Step 3 Run:

snmp-agent mib-view { excluded | included } view-name oid-tree

A MIB view is created, and manageable MIB objects are specified.By default, an NMS has right to access the objects in the ViewDefault view.

Step 4 Run:snmp-agent community { read | write } { community-name | cipher community-name } [ mib-view view-name | acl { acl-number | acl-name } ] *

The NMS's access right are specified.By default, the community name has the right of the ViewDefault view.

NOTE

Before specifying the NMS to manage devices with this community name, check the ACL rule. When theACL rule is permit, the NMS with the source IP address specified in this rule can access the local device.When the ACL rule is deny, the NMS with the source IP address specified in this rule cannot access thelocal device.

Step 5 Run:commit


Follow-up ProcedureAfter the access right are configured, especially after the IP address of the NMS is specified, ifthe IP address changes (for example, the NMS changes its location, or IP addresses arereallocated due to network adjustment), you need to change the IP address of the NMS in theACL. Otherwise, the NMS cannot access the device.

1.4.3 (Optional) Configuring the Trap FunctionContext

Users can enable the trap function for a specified module. The interface status trap is generatedwhen the interface status changes. You need to enable the trap function for the standard moduleglobally and enable the interface status trap function on the specified interface.


system-view

The system view is displayed.Step 2 Enable the trap function.



9

Enable the trap function for a module.l Run:

snmp-agent trap enableThe trap function is enabled for all modules.

l Run:snmp-agent trap enable feature-nameThe trap function is enabled for a specified module.

Enable the trap function for an interface.Run:snmp-agent trap enable feature-name ifnet [ trap-name { linkdown | linkup } ]

The trap function is enabled on all interfaces.By default, the trap function is disabled on all interfaces. When parameters linkdown andlinkup are configured, the device sends a trap to the NMS upon an interface status change. Whenan interface frequently sends traps to the NMS because of frequent status changes, you candisable the interface status trap function on the interface to reduce the NMS loads. The procedureis as follows:1. Run:

interface interface-type interface-numberThe interface view is displayed.

2. Run:undo enable snmp trap updownThe interface status trap function is disabled.

3. Run:quitThe system view is displayed.

Step 3 Run:snmp-agent notify-filter-profile { excluded | included } profile-name oid-tree

A trap filtering rule is created or updated.By default, no trap is filtered.

Step 4 Run:snmp-agent trap source interface-type interface-number

The source interface for traps is specified.After the source interface is specified, the IP address of the source interface is used as the sourceIP address for sending traps. This helps the NMS identify the trap source. The source interfacethat sends traps must have an IP address; otherwise, the commands will fail to take effect. Toensure device security, it is recommended that you set the source IP address to the local loopbackaddress.The source interface specified on the switch for traps must be consistent with that specified onthe NMS; otherwise, the NMS does not accept the traps sent from the switch.

Step 5 Run:commit



10


1.4.4 (Optional) Enhancing the Reliability for Transmitting SNMPPackets


system-view

The system view is displayed.Step 2 Run:

snmp-agent packet max-size byte-count

The maximum size of an SNMP packet that the device can receive or send is set.By default, the maximum size of an SNMP packet that the device can receive or send is 12000bytes.

Step 3 Run:commit


1.4.5 Checking the ConfigurationPrerequisites

The configurations of basic SNMPv1 functions are complete.

Procedurel Run the display snmp-agent community [ read | write ] command to check the

configured community name.l Run the display snmp-agent sys-info version command to check the enabled SNMP

version.l Run the display acl { acl-number | name acl-name | all } command to check the ACL

rules.l Run the display snmp-agent mib-view [ exclude | include | viewname view-name ]

command to check the MIB view.l Run the display snmp-agent mib modules command to check information about loaded

MIB files.l Run the display snmp-agent sys-info contact command to check the equipment

administrator's contact information.l Run the display snmp-agent sys-info location command to check the location of the

switch.



11

l Run the display current-configuration | include max-size command to check themaximum size of an SNMP packet.

l Run the display current-configuration | include trap command to check the configurationof the trap function.

l Run the display snmp-agent trap all command to check current and default status of alltraps in all features.

l Run the display snmp-agent vacmgroup command to check all the configured View-based Access Control Model (VACM) groups.

l Run the display snmp-agent target-host command to check information about the targethost.

l Run the display snmp-agent notify-filter-profile profile-name command to check theconfigurations of the filtered traps.

----End

1.5 Configuring a Device to Communicate with an NMS byRunning SNMPv2c

After SNMPv2c is configured, a managed device and an NMS can run SNMPv2c tocommunicate with each other. To ensure communication, you need to configure the agent andNMS. This section describes the configuration on a managed device (the agent side). For detailsabout configuration on an NMS, see the pertaining NMS operation guide.

Pre-configuration TasksBefore configuring a device to communicate with an NMS by running SNMPv2c, configure arouting protocol to ensure that at least one route exist between switch and NMS.

ProcedureWhen you configure the device to communicate with the NMS using SNMPv2c, ConfiguringBasic SNMPv2c Functions is mandatory and optional steps can be performed in any sequence.After the SNMP basic functions are configured, the NMS can communicate with manageddevices.l The access permission of the NMS that uses the configured community name is




l To allow a specified module on the managed device to report traps to the NMS, follow theprocedure described in Configuring the Trap/Inform Function.




12

1.5.1 Configuring Basic SNMPv2c FunctionsContext

For the configuration of basic SNMP functions, Step 1, Step 3, Step 4, Step 5 and Step 7, aremandatory steps. After the configuration is complete, basic SNMP communication can beestablished between the NMS and managed device.When you configure a destination IP address for traps and error codes sent from the manageddevices, configure the trap or inform function as required.l The traps sent by the managed device do not need to be acknowledged by the NMS.l The informs sent by the managed device need to be acknowledged by the NMS. If no

acknowledgement message from the NMS is received within a specified time period, themanaged device resends the inform until the number of retransmissions reaches themaximum.When the managed device sends an inform, it records the inform in the log. If the NMSand link between the NMS and managed device recovers from a fault, the NMS can stilllearn the inform sent during the fault occurrence and rectification.

In this regard, informs are more reliable than traps, but the device may need to buffer a lot ofinforms because of the inform retransmission mechanism and this may consume many memoryresources. If the network is stable, using traps is recommended. If the network is unstable andthe device's memory capacity is sufficient, using inform is recommended.


system-view

The system view is displayed.Step 2 (Optional) Run:

snmp-agent


Step 3 Run:snmp-agent sys-info version v2c

The SNMP version is set to SNMPv2c.By default, SNMPv3 is enabled.After SNMPv2c is enabled, the managed devices support SNMPv2c and SNMPv3 and can bemonitored and manged by both SNMPv2c and SNMPv3 NMSs.

Step 4 Run:snmp-agent community { read | write } { community-name | cipher community-name }

The community name is configured for the device.By default, the complexity check is enabled for a community name. If a community name failsthe complexity check, the community name cannot be configured. To disable the complexity



13

check for a community name, run the snmp-agent community complexity-check disablecommand.

NOTE

The Switch has the following requirements for community name complexity:l The default minimum length of a community name is six characters.l A community name includes at least two kinds of characters, which can be uppercase letters, lowercase

letters, digits, and special characters except question marks (?) and spaces.

After the read-and-write community name is set, the NMS with this name has the right of theViewDefault view (OID: 1.3.6.1). To change the access right of the NMS, see RestrictingManagement Rights of the NMS.

NOTE

Ensure that the community name of the NMS is the same as that set on the agent. If the NMS and the agenthave different community names, the NMS cannot access the agent.

Step 5 Choose one of the following commands as needed to configure a destination IP address of trapsand code errors sent from the device.l To configure a destination IP address of traps and error codes, run:

snmp-agent target-host [ host-name host-name ] trap address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | vpn-instance vpn-instance-name ] * params securityname { security-name | cipher security-name } [ v2c | private-netmanager | ext-vb | notify-filter-profile profile-name ]*

l To configure a destination IP address of informs and error codes, run:snmp-agent target-host [ host-name host-name ] inform address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | vpn-instance vpn-instance-name ] * params securityname { security-name | cipher security-name } v2c [ ext-vb | notify-filter-profile profile-name ] *

Step 6 (Optional) Run:snmp-agent sys-info { contact contact | location location }

The equipment administrators contact information or location is configured.By default, the vendor's contact information is "R&D Beijing, Huawei Technologies co.,Ltd.".The default location is "Beijing China".This step is required for the NMS administrator to view contact information and locations of theequipment administrator when the NMS manages many devices. This helps the NMSadministrator to contact the equipment administrators for fault location and rectification.

Step 7 Run:commit



When multiple NMSs using the same community name manage one device, perform thisconfiguration based on the site requirements.



14

Scenario StepsAll NMSs using this community namehave the right of the ViewDefault view.

No action required

Specified NMSs using this communityname have the right of the ViewDefaultview.


All NMSs using this community namemanage specified objects on themanaged device.


Specified NMSs using this communityname manage specified objects on themanaged devices.

Step 1, Step 2, Step 3, Step 4, Step 5

NOTE



system-view

The system view is displayed.Step 2 Run the following commands to configure the ACL to filter managed devices.

1. Run:acl { [ number ] acl-number | name acl-name basic }




quit




Step 4 Run:snmp-agent community { read | write } { community-name | cipher community-name } [ mib-view view-name | acl { acl-number | acl-name } ] *

The NMS's access right are specified.



15

By default, the community name has the right of the ViewDefault view.NOTE

Before specifying the NMS to manage devices with this community name, check the ACL rule. When theACL rule is permit, the NMS with the source IP address specified in this rule can access the local device.When the ACL rule is deny, the NMS with the source IP address specified in this rule cannot access thelocal device.

Step 5 Run:commit



1.5.3 (Optional) Configuring the Trap/Inform Function

ContextUsers can enable the trap function for a specified module. The interface status trap is generatedwhen the interface status changes. You need to enable the trap function for the standard moduleglobally and enable the interface status trap function on the specified interface.


system-view



snmp-agent trap enable

The trap function is enabled for all modules.l Run:

snmp-agent trap enable feature-name

The trap function is enabled for a specified module.Enable the trap function for an interface.Run:snmp-agent trap enable feature-name ifnet [ trap-name { linkdown | linkup } ]

The trap function is enabled on all interfaces.



16

By default, the trap function is disabled on all interfaces. When parameters linkdown andlinkup are configured, the device sends a trap to the NMS upon an interface status change. Whenan interface frequently sends traps to the NMS because of frequent status changes, you candisable the interface status trap function on the interface to reduce the NMS loads. The procedureis as follows:1. Run:

interface interface-type interface-numberThe interface view is displayed.

2. Run:undo enable snmp trap updownThe interface status trap function is disabled.




Step 4 Configure trap function parameters based on the trap usage or inform usage selected during theconfiguration of basic SNMPv2c functions.Set trap parameters.l Run:

snmp-agent trap source interface-type interface-numberThe source interface for traps is specified.After the source interface is specified, its IP address becomes the source IP address of traps.Configuring the IP address of the local loopback interface as the source interface isrecommended, which can ensure device security.The source interface specified on the switch for traps must be consistent with that specifiedon the NMS; otherwise, the NMS does not accept the traps sent from the switch.

Set inform parameters.1. Run:

snmp-agent inform { { timeout seconds | resend-times times | pending number } * | { timeout seconds | resend-times times } * [ host-name host-name | address udp-domain ip-address [ vpn-instance vpn-instance-name ] params securityname { security-name | cipher security-name } ] }The timeout period for waiting for Inform ACK messages, number of informretransmissions, and allowable maximum number of informs to be acknowledged are set.If the network is unstable, you need to specify the number of inform retransmissions andallowable maximum number of informs to be acknowledged when you set a timeout periodfor waiting for Inform ACK messages. By default, the timeout period for waiting for InformACK messages is 15 seconds; the number of inform retransmissions is 3; the allowablemaximum number of informs waiting to be acknowledged is 39.

2. Run:snmp-agent notification-log enable



17

The alarm log function is enabled.If the NMS and managed device cannot communicate because of a link failure, the manageddevice no longer sends Inform messages but keeps recording alarm logs. When the linkrecovers, the destination host synchronizes the recorded alarm logs with the manageddevice.After the alarm log function is enabled, only Inform messages are recorded, and Trapmessages are not recorded.By default, the alarm log function is disabled.

3. Run:snmp-agent notification-log { global-ageout ageout | global-limit limit }*

The aging time of alarm logs and the maximum pieces of alarm logs in the log buffer areset.By default, the aging time of the alarm logs is 24 hours. If the aging time expires, the alarmlogs are automatically deleted.By default, the log buffer can store a maximum of 500 alarm logs. If the number of alarmlogs exceeds 500, the NMS deletes alarm logs from the earliest one.

Step 5 Run:commit




system-view




Step 3 Run:commit



The configurations of basic SNMPv2c functions are complete.



18

Procedurel Run the display snmp-agent community [ read | write ] command to check the configured

community name.l Run the display snmp-agent sys-info version command to check the enabled SNMP

version.l Run the display acl { acl-number | name acl-name | all } command to check the ACL rules.l Run the display snmp-agent mib-view [ exclude | include | viewname view-name ]

command to check the MIB view.l Run the display snmp-agent mib modules command to check information about loaded

MIB files.l Run the display snmp-agent sys-info contact command to check the equipment

administrator's contact information.l Run the display snmp-agent sys-info location command to check the location of the

switch.l Run the display current-configuration | include max-size command to check the

maximum size of an SNMP packet.l Run the display current-configuration | include trap command to check trap

configuration.l Run the display snmp-agent trap all command to check current and default status of all

traps in all features.l Run the display snmp-agent target-host command to check information about the target

host.l Run the display snmp-agent inform [ host-name host-name | address udp-domain ip-

address [ vpn-instance vpn-instance-name ] params securityname { security-name |cipher security-name } ] command to check inform parameters of all target hosts.


l Run the display snmp-agent notify-filter-profile [ profile-name ] command to check theconfigurations of the filtered traps.

l Run the display snmp-agent notification-log [ info | logtime starttime to endtime | sizesize ] command to view trap logs saved in the trap log buffer.

----End

1.6 Configuring a Device to Communicate with an NMS byRunning SNMPv3

After SNMPv3 is configured, a managed device and an NMS can run SNMPv3 to communicatewith each other. To ensure communication, you need to configure the agent and NMS. Thissection describes the configuration on a managed device (the agent side). For details aboutconfiguration on an NMS, see the pertaining NMS operation guide.

Pre-configuration TasksBefore configuring a device to communicate with an NMS by running SNMPv3, configure arouting protocol to ensure that at least one route exist between switch and NMS.



19

ProcedureWhen you configure the device to communicate with the NMS using SNMPv3, ConfiguringBasic SNMPv3 Functions is mandatory and optional steps can be performed in any sequence.After the SNMP basic functions are configured, the NMS can communicate with manageddevices.l The access permission of the NMS that uses the configured community name is




l To allow a specified module on the managed device to report traps to the NMS, follow theprocedure described in Configuring the Trap Function.


1.6.1 Configuring Basic SNMPv3 FunctionsContext

For the configuration of basic SNMP functions, Step 1, Step 5, Step 6, Step 7 and Step 9 aremandatory steps. After the configuration is complete, basic SNMP communication can beestablished between the NMS and managed device.When you configure a destination IP address for traps and error codes sent from the manageddevices, configure the trap or inform function as required.l The traps sent by the managed device do not need to be acknowledged by the NMS.l The informs sent by the managed device need to be acknowledged by the NMS. If no

acknowledgement message from the NMS is received within a specified time period, themanaged device resends the inform until the number of retransmissions reaches themaximum.When the managed device sends an inform, it records the inform in the log. If the NMSand link between the NMS and managed device recovers from a fault, the NMS can stilllearn the inform sent during the fault occurrence and rectification.

In this regard, informs are more reliable than traps, but the device may need to buffer a lot ofinforms because of the inform retransmission mechanism and this may consume many memoryresources. If the network is stable, using traps is recommended. If the network is unstable andthe device's memory capacity is sufficient, using inform is recommended.

PrecautionThe security levels from the highest to the lowest must be trap host security, user security, anduser group security.The security level description is as follows:l Level 1: privacy (authentication and encryption)



20

l Level 2: authentication (only authentication)l Level 3: none (no authentication and no encryption)If the security level of a user group is level 1, the security levels of user and trap host must belevel 1. If the security level of a user group is level 2, the security levels of user and trap hostcan be level 1 or level 2.


system-view

The system view is displayed.Step 2 (Optional) Run:

snmp-agent


Step 3 (Optional) Run:snmp-agent sys-info version v3

The SNMP version is configured.SNMPv3 is enabled by default; therefore, this step is optional.

Step 4 (Optional) Run:snmp-agent local-engineid engineid

An engine ID is set for the local SNMP entity.By default, the device automatically generates an engine ID using the internal algorithm. Theengine ID is composed of enterprise ID+device information.If the local engine ID is set or changed, the existing SNMPv3 user will be deleted.

Step 5 Run:snmp-agent group v3 group-name [ authentication | privacy ]

An SNMPv3 user group is configured.If the network or network devices are in an insecure environment (for example, the network isvulnerable to attacks), authentication or privacy can be configured in the command to enabledata authentication or privacy. By default, the created SNMP group is neither authenticated norencrypted.

Step 6 Run:snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } password [ privacy-mode { 3des168 | aes128 | aes192 | aes256 | des56 } encrypt-password ] ] [ acl { acl-number | acl-name } ]

A user is added to the SNMPv3 user group.NOTE

AES128 and AES256 algorithm are recommended to improve data transmission security.



21

After a user is added to the user group, the NMS that uses the name of the user can access theobjects in the ViewDefault view (OID: 1.3.6.1). If the local engine ID is set or changed, theexisting SNMPv3 user will be deleted.If authentication and privacy have been enabled for the user group, the following authenticationand privacy modes can be configured for the data transmitted on the network.

Step 7 Choose one of the following commands as needed to configure a destination IP address of trapsand code errors sent from the device.l To configure a destination IP address of traps and error codes, run:

snmp-agent target-host [ host-name host-name ] trap address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | vpn-instance vpn-instance-name ] * params securityname security-name [ v3 [ authentication | privacy ] | private-netmanager | ext-vb | notify-filter-profile profile-name ] *

l To configure a destination IP address of informs and error codes, run:snmp-agent target-host [ host-name host-name ] inform address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | vpn-instance vpn-instance-name ] * params securityname security-name v3 [ authentication | privacy ][ ext-vb | notify-filter-profile profile-name ] *

NOTE

Ensure that the security-name value is the same as the created user name; otherwise, the NMS cannot accessthe device.

Step 8 (Optional) Run:snmp-agent sys-info { contact contact | location location }

The equipment administrators contact information or location is configured.By default, the vendor's contact information is "R&D Beijing, Huawei Technologies co.,Ltd.".The default location is "Beijing China".This step is required for the NMS administrator to view contact information and locations of theequipment administrator when the NMS manages many devices. This helps the NMSadministrator to contact the equipment administrators for fault location and rectification.

Step 9 Run:commit



When multiple NMSs in the same SNMPv3 user group manage one device, perform thisconfiguration based on the site requirements.

Scenario StepsAll NMSs in this SNMPv3 usergroup have the right of theViewDefault view.

No action required



22

Scenario StepsSpecified NMSs in this SNMPv3user group have the right of theViewDefault view.

Step 1, Step 2, Step 4, Step 7 (based on the user group)Step 1, Step 5, Step 6, Step 7 (based on the user)Step 1, Step 2, Step 4, Step 5, Step 6, Step 7 (based onthe user group and user)

All NMSs in this SNMPv3 usergroup manage specified objectson the managed devices.


Specified NMSs in this SNMPv3user group manage specifiedobjects on the managed devices.

Step 1, Step 2, Step 3, Step 4, Step 7 (based on the usergroup)Step 1, Step 3, Step 4, Step 5, Step 6, Step 7 (based onthe user)Step 1, Step 2, Step 3, Step 4, Step 5, Step 6, Step 7(based on the user group and user)

NOTE



system-view

The system view is displayed.Step 2 Run the following command to configure an ACL for an SNMP user group to filter the NMS

that does not match the ACL.1. Run:

acl { [ number ] acl-number | name acl-name basic }




quit






23

Step 4 Run:snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view | write-view write-view | notify-view notify-view ] * [ acl { acl-number | acl-name } ]

The write-read right is configured for a user group.By default, the read-only view of an SNMP group is the ViewDefault view, and the names ofthe read-write view and inform view are not specified.To configure the NMS to receive traps or informsspecified by notify-view, you must firstconfigure the destination host for receiving traps.

NOTEBefore specifying the NMS to manage devices with this community name, check the ACL rule. When theACL rule is permit, the NMS with the source IP address specified in this rule can access the local device.When the ACL rule is deny, the NMS with the source IP address specified in this rule cannot access thelocal device.

Step 5 Run the following command to configure an ACL for users in the SNMP user group to filter theNMS that does not match the ACL.1. Run:

acl { [ number ] acl-number | name acl-name basic }




quit


snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } password [ privacy-mode { 3des168 | aes128 | aes192 | aes256 | des56 } encrypt-password ] ] [ acl { acl-number | acl-name } ]

Authentication and encryption are configured for SNMPv3 users in the specified user group.l To allow all NMSs using the same SNMPv3 user name to access the agent, omit the parameter

acl.l To allow specified NMSs to use this user name to access the agent, configure the parameter

acl.NOTEBefore specifying the NMS to manage devices with this community name, check the ACL rule. When theACL rule is permit, the NMS with the source IP address specified in this rule can access the local device.When the ACL rule is deny, the NMS with the source IP address specified in this rule cannot access thelocal device.

Step 7 Run:commit




24


1.6.3 (Optional) Configuring the Trap/Inform Function

ContextUsers can enable the trap function for a specified module. The interface status trap is generatedwhen the interface status changes. You need to enable the trap function for the standard moduleglobally and enable the interface status trap function on the specified interface.


system-view



snmp-agent trap enable

The trap function is enabled for all modules.l Run:

snmp-agent trap enable feature-name

The trap function is enabled for a specified module.Enable the trap function for an interface.Run:snmp-agent trap enable feature-name ifnet [ trap-name { linkdown | linkup } ]

The trap function is enabled on all interfaces.By default, the trap function is disabled on all interfaces. When parameters linkdown andlinkup are configured, the device sends a trap to the NMS upon an interface status change. Whenan interface frequently sends traps to the NMS because of frequent status changes, you candisable the interface status trap function on the interface to reduce the NMS loads. The procedureis as follows:1. Run:

interface interface-type interface-number

The interface view is displayed.2. Run:

undo enable snmp trap updown

The interface status trap function is disabled.



25




Step 4 Configure trap function parameters based on the trap usage or inform usage selected during theconfiguration of basic SNMPv3 functions.Set trap parameters.l Run:

snmp-agent trap source interface-type interface-numberThe source interface for traps is specified.After the source interface is specified, its IP address becomes the source IP address of traps.Configuring the IP address of the local loopback interface as the source interface isrecommended, which can ensure device security.The source interface specified on the switch for traps must be consistent with that specifiedon the NMS; otherwise, the NMS does not accept the traps sent from the switch.

Set inform parameters.1. Run:

snmp-agent inform { { timeout seconds | resend-times times | pending number } * | { timeout seconds | resend-times times } * [ host-name host-name | address udp-domain ip-address [ vpn-instance vpn-instance-name ] params securityname { security-name | cipher security-name } ] }The timeout period for waiting for Inform ACK messages, number of informretransmissions, and allowable maximum number of informs to be acknowledged are set.If the network is unstable, you need to specify the number of inform retransmissions andallowable maximum number of informs to be acknowledged when you set a timeout periodfor waiting for Inform ACK messages. By default, the timeout period for waiting for InformACK messages is 15 seconds; the number of inform retransmissions is 3; the allowablemaximum number of informs waiting to be acknowledged is 39.

2. Run:snmp-agent notification-log enableThe alarm log function is enabled.If the NMS and managed device cannot communicate because of a link failure, the manageddevice no longer sends Inform messages but keeps recording alarm logs. When the linkrecovers, the destination host synchronizes the recorded alarm logs with the manageddevice.After the alarm log function is enabled, only Inform messages are recorded, and Trapmessages are not recorded.By default, the alarm log function is disabled.

3. Run:snmp-agent notification-log { global-ageout ageout | global-limit limit }*

The aging time of alarm logs and the maximum pieces of alarm logs in the log buffer areset.



26

By default, the aging time of the alarm logs is 24 hours. If the aging time expires, the alarmlogs are automatically deleted.By default, the log buffer can store a maximum of 500 alarm logs. If the number of alarmlogs exceeds 500, the NMS deletes alarm logs from the earliest one.

Step 5 Run:commit




system-view




Step 3 Run:commit



The configurations of basic SNMPv3 functions are complete.

Procedurel Run the display snmp-agent usm-user [ engineid engineid | group group-name |

username user-name ] * command to check user information.l Run the display snmp-agent sys-info version command to check the enabled SNMP

version.l Run the display acl { acl-number | name acl-name | all } command to check the ACL rules.l Run the display snmp-agent mib-view [ exclude | include | viewname view-name ]

command to check the MIB view.



27

l Run the display snmp-agent mib modules command to check information about loadedMIB files.

l Run the display snmp-agent sys-info contact command to check the equipmentadministrator's contact information.

l Run the display snmp-agent sys-info location command to check the location of theswitch.

l Run the display current-configuration | include max-size command to check themaximum size of an SNMP packet.

l Run the display current-configuration | include trap command to check trapconfiguration.

l Run the display snmp-agent trap all command to check current and default status of alltraps in all features.

l Run the display snmp-agent target-host command to check information about the targethost.

l Run the display snmp-agent inform [ host-name host-name | address udp-domain ip-address [ vpn-instance vpn-instance-name ] params securityname { security-name |cipher security-name } ] command to check inform parameters of all target hosts or aspecified target host and information about host statistics.


l Run the display snmp-agent notify-filter-profile profile-name command to check theconfigurations of the filtered traps.

l Run the display snmp-agent notification-log [ info | logtime starttime to endtime | sizesize ] command to view trap logs saved in the trap log buffer.

----End

1.7 Maintaining SNMPThis chapter describes how to monitor SNMP running status after the SNMP configuration iscomplete.

1.7.1 Checking the Statistics About SNMP PacketsProcedure

l Run:display snmp-agent statistics

The statistics about SNMP messages are displayed.----End

1.8 SNMP Configuration ExamplesThis section provides several examples for configuring SNMP. The configuration roadmap inthe examples helps you understand the configuration procedures. Each configuration exampleprovides information about the networking requirements and configuration roadmap.



28

1.8.1 Example for Configuring a Device to Communicate with anNM Station by Using SNMPv1Networking Requirements

As shown in Figure 1-1, NMS1 and NMS2 monitor devices on the network. The network issmall and has high security, devices are configured to use SNMPv1 to communicate with theNMSs.A switch is added on the network for expansion and monitored by the NMSs. Users want tomonitor the switch using current network resources and quickly locate and troubleshoot faultson the switch. The NMS needs to manage objects excluding the ISIS object on the switch.

Figure 1-1 Networking diagram for configuring a device to communicate with an NMS by usingSNMPv1

1.1.2.1/2410GE1/0/1

Switch

1.1.1.1/24

1.1.1.2/24NMS2

IP NetworkNMS1

Configuration RoadmapSNMPv1 can be used after a device is added on the user network. To reduce the load of theNMS, configure NMS2 to monitor the switch and NMS1 not to monitor the switch.The configuration roadmap is as follows:1. Configure the SNMP version of the switch as SNMPv1.2. Configure the user access permission to allow NMS2 to manage obje

cloudengine 6800&5800 v100r001c00 configuration guide - network management 04.pdf

Documents

huawei trademarks

huawei proprietary

huawei industrial basebantian

additional information

high level

command line

italic command arguments

optional items