01-01 SNMP Configuration
Uploaded by
baleethiopia01-01 SNMP Configuration
Uploaded by
baleethiopiaS300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
1 SNMP Configuration
1.1 Overview of SNMP
1.2 Understanding SNMP
1.3 Application Scenarios for SNMP
1.4 Summary of SNMP Configuration Tasks
1.5 Licensing Requirements and Limitations for SNMP
1.6 Default Settings for SNMP
1.7 Configuring a Device to Communicate with an NMS Through SNMPv1
1.8 Configuring a Device to Communicate with an NMS Through SNMPv2c
1.9 Configuring a Device to Communicate with an NMS Through SNMPv3
1.10 Configuring Bulk Statistics Collection
1.11 Maintaining SNMP
1.12 Configuration Examples for SNMP
1.13 Troubleshooting SNMP
1.14 FAQ About SNMP
1.1 Overview of SNMP
Definition
SNMP is a standard network management protocol that is widely used on TCP/IP
networks. The SNMP framework manages network elements using a central
computer, known as a network management station (NMS), on which network
management software is installed. SNMP offers simplicity and power.
● Simplicity: SNMP uses a polling mechanism and provides basic network
management functions, making it applicable to small-scale networks that are
sensitive to speed and cost. Moreover, SNMP messages are carried in UDP
packets, which are supported by most network devices.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 1
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
● Power: SNMP allows management information exchange between any two
devices on a network, allowing network administrators to query information
and locate faults anywhere on the network.
Purpose
As networks rapidly grow in scale and applications become more diversified,
network administrators face the following problems:
● The rapid growth in the number of network devices increases the workload
for network administrators. In addition, networks' coverage areas are
constantly being expanded, making real-time monitoring and fault location of
network devices difficult.
● Networks have many types of devices, and the management interfaces on
devices of different vendors conform to different standards. This makes
network management complex.
SNMP was developed to address these problems. SNMP supports batch
management of network devices and implements unified management of devices
of different types and vendors.
Version Evolution
SNMPv1 is the initial version of the SNMP protocol. It is defined in RFC 1157
drafted in May 1990. RFC 1157 provides a systematic method for monitoring and
managing networks. However, SNMPv1 cannot ensure the security of networks
because it is implemented based on community names and provides only a few
error codes.
In 1996, the Internet Engineering Task Force (IETF) defined SNMPv2c in RFC 1901.
SNMPv2c uses GetBulk and Inform operations and provides more error codes and
data types (including Counter64 and Counter32) than SNMPv1.
To provide improved security protection measures, IETF released SNMPv3. SNMPv3
provides encryption and authentication based on the user-based security model
(USM) and access control based on the view-based access control model (VACM).
Benefits
● Improved work efficiency: A network administrator can use SNMP to query
information, modify information, and locate faults on any device.
● Reduced management costs: SNMP provides a basic function set to manage
devices that have different management tasks, physical attributes, and
network types.
● Reduced impact of feature configuration operations on devices: SNMP is
simple in terms of hardware/software installation, packet type, and packet
format.
1.2 Understanding SNMP
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 2
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
1.2.1 SNMP Management Model
An SNMP system consists of four key components: network management station
(NMS), agent, managed object, and Management Information Base (MIB).
The NMS manages network elements on a network.
Each managed device contains an agent process, MIB, and multiple managed
objects. The NMS interacts with the agent on a managed device. When receiving a
command from the NMS, the agent performs operations on the MIB in the
managed device.
Figure 1-1 shows an SNMP management model.
Figure 1-1 SNMP management model
The following describes the components in an SNMP-managed system:
● NMS
The NMS is a network manager that uses SNMP to monitor and control
network devices. The NMS software runs on NMS servers to implement the
following functions:
– Send requests to agents on managed devices to query or modify
variables.
– Receive traps from agents on managed devices to learn device status.
● Agent
The agent is a process running on a managed device. The agent maintains
data on the managed device, responds to requests from the NMS, and returns
management data to the NMS.
– Upon receiving a request from the NMS, the agent performs the required
operation on the MIB and sends the operation result to the NMS.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 3
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
– If a fault or an event occurs on the managed device, the agent sends a
notification containing the current device status to the NMS.
● Managed object
A managed object is an object to be managed on a network device. A
managed device may contain multiple managed objects, for example, a
hardware component and parameters configured for the hardware or
software (such as a routing protocol).
● MIB
A MIB contains the variables that the managed device maintains and can be
queried or set by the agent. MIB defines the attributes of the managed
device, including the name, status, access rights, and data type of managed
objects.
An agent can use the MIB to learn and set the device status.
An SNMP MIB uses a tree structure similar to that of the Domain Name
System (DNS), with an unnamed root at the top. Figure 1-2 shows a part of
the MIB, called an object naming tree. Each object identifier (OID) identifies a
managed object; for example, a system OID is 1.3.6.1.2.1.1 and an interface
OID is 1.3.6.1.2.1.2.
The OID tree facilitates information management and improves management
efficiency. With the OID tree, the network administrator can query
information in a batch.
When configuring the agent, you can specify the MIB objects that the NMS
can access in MIB views. A MIB view is a subset of a MIB.
Figure 1-2 OID tree
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 4
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
1.2.2 SNMPv1/SNMPv2c
SNMPv1/SNMPv2c Packet Format
As shown in Figure 1-3, an SNMPv1/SNMPv2c packet is composed of the version,
community name, and SNMP Protocol Date Unit (PDU) fields.
Figure 1-3 SNMPv1/SNMPv2c packet format
The following describes the fields in an SNMPv1/SNMPv2c packet:
● Version: specifies the SNMP version. The value for SNMPv1 is 0 and for
SNMPv2c is 1.
● Community name: used for authentication between agents and NMSs. A
community name is a configurable character string. There are two types of
community names:
– Read community names are used for the GetRequest and
GetNextRequest operations.
– Write community names are used for the Set operation.
● SNMPv1/SNMPv2c PDU: includes the PDU type, request ID, and binding
variable list.
– SNMPv1 PDUs include the GetRequest PDU, GetNextRequest PDU,
SetRequest PDU, Response PDU, and Trap PDU.
– SNMPv2c PDUs include SNMPv1 PDUs and introduce the GetBulkRequest
PDU and InformRequest PDU.
For simplification, the SNMP operations are described as the Get, GetNext,
Set, Response, Trap, GetBulk, and Inform operations.
SNMPv1/SNMPv2c Operations
As shown in Table 1-1, SNMPv1/SNMPv2c defines seven types of operations for
exchanging information between the NMS and agents.
Table 1-1 SNMPv1/SNMPv2c operations
Operation Description
Get Retrieves one or several variables from the MIB of an agent
process.
GetNext Retrieves the next variables in alphabetic order from the MIB of
the agent process.
Set Sets one or several variables in the MIB of the agent process.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 5
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Operation Description
Response Returns one or several variables. The agent performs this
operation in response to the GetRequest, GetNextRequest,
SetRequest, and GetBulkRequest operations. Upon receiving a
Get or Set request from the NMS, the agent queries or modifies
the variables in the MIB, and returns variables to the NMS.
Trap Notifies the NMS of a fault or event occurring on a managed
device. This operation is performed by the agent.
GetBulk Batch queries variables on managed devices. This operation is
performed by the NMS.
Inform Notifies the NMS of a fault or event occurring on a managed
device. After a managed device sends an inform request, the
NMS must send an InformResponse packet as a response to the
managed device.
NOTE
SNMPv1 does not support the GetBulk and Inform operations.
Working Mechanisms of SNMPv1/SNMPv2c
The working mechanisms of SNMPv1 and SNMPv2c are similar, as shown in
Figure 1-4.
Figure 1-4 Basic operations
● Get
In this example, the NMS intends to use the read community name public to
obtain the value of the sysContact object on a managed device. The
procedure is as follows:
a. The NMS sends a GetRequest packet to the agent. The fields in the
packet are as follows:
▪ Version: SNMP version that the NMS is using
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 6
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
▪ Community name: public
▪ PDU type: Get
▪ MIB object: sysContact
b. The agent authenticates the SNMP version and community name in the
packet. If authentication is successful, the agent queries the sysContact
value from the MIB, encapsulates the sysContact value into the PDU of a
response packet, and sends the response packet to the NMS. If the agent
fails to obtain the sysContact value, the agent returns an error message
to the NMS.
● GetNext
In this example, the NMS intends to use the community name public to
obtain the value of the sysName object (next to sysContact) on a managed
device. The procedure is as follows:
a. The NMS sends a GetNextRequest packet to the agent. The fields in the
packet are as follows:
▪ Version: SNMP version that the NMS is using
▪ Community name: public
▪ PDU type: GetNext
▪ MIB object: sysContact
b. The agent authenticates the SNMP version and community name in the
packet. If authentication is successful, the agent queries the sysName
value from the MIB, encapsulates the sysName value into the PDU of a
response packet, and sends the response packet to the NMS. If the agent
fails to obtain the sysName value, the agent returns an error message to
the NMS.
● Set
In this example, the NMS intends to use the read community name private to
set the sysName object on a managed device to Device1. The procedure is as
follows:
a. The NMS sends a SetRequest packet to the agent. The fields in the packet
are as follows:
▪ Version: SNMP version that the NMS is using
▪ Community name: private
▪ PDU type: Set
▪ MIB object: sysName
▪ Expected MIB object value: Device1
b. The agent authenticates the SNMP version and community name in the
packet. If authentication is successful, the agent sets the sysName object
to the expected value and sends a response packet to the NMS. If the
setting fails, the agent returns an error message to the NMS.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 7
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
● Trap
Trap is a spontaneous activity of a managed device. The Trap operation is not
a basic operation that the NMS performs on the managed device. If a trap
triggering condition is met, a managed device sends a trap to notify the NMS
of the exception. For example, when a managed device completes a warm
start, the agent sends a warmStart trap to the NMS.
The agent sends a trap to the NMS only when a module on the managed
device meets the trap triggering condition. This reduces management
information exchange between the NMS and managed devices.
Figure 1-5 shows the operations that are added in SNMPv2c.
Figure 1-5 Operations added in SNMPv2c
● GetBulk
A GetBulk operation is equal to consecutive GetNext operations. You can set
the number of GetNext operations to be included in one GetBulk operation.
● Inform
Inform is also a spontaneous activity of a managed device. In contrast to the
trap operation, the inform operation requires an acknowledgement. After a
managed device sends an inform request to the NMS, the NMS returns an
InformResponse packet. If the managed device does not receive an
acknowledgement, it performs the following operations:
a. Saves the inform in the buffer.
b. Repeatedly sends the inform request until the NMS returns an
acknowledgement or the maximum number of retransmissions is
reached.
c. Records a log for the inform request.
Therefore, the inform requests occupy more system resources than traps.
1.2.3 SNMPv3
SNMPv3 Packet Format
SNMPv3 defines a new packet format, as shown in Figure 1-6.
Figure 1-6 SNMPv3 packet format
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 8
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
The following describes the fields in an SNMPv3 packet:
● Version: specifies the SNMP version. The value for SNMPv3 is 3.
● Header: includes information such as the maximum message size that the
transmitter supports and the security mode of messages.
● Security parameters: includes the entity engine information, user name,
authentication parameter, and encryption information.
● Context EngineID: indicates the unique SNMP ID. The combination of this field
and the PDU type determines to which application the PDUs are to be sent.
● Context Name: determines the Context EngineID MIB view of the managed
device.
● SNMPv3 PDU: includes the PDU type, request ID, and binding variable list. The
SNMPv3 PDU includes GetRequest PDU, GetNextRequest PDU, SetRequest
PDU, Response PDU, Trap PDU, GetBulkRequest PDU, and InformRequest
PDU.
SNMPv3 Architecture
SNMPv3 provides SNMPv3 entities through which all SNMP-enabled NMSs can
manage SNMP-enabled network elements. An SNMPv3 entity consists of SNMPv3
engines and applications, which in turn consist of multiple modules.
The modular architecture of the SNMPv3 entity has the following advantages:
● Strong adaptability: Adapts to both simple and complex networks.
● Simple management: Consists of multiple independent sub-systems and
applications. When a fault occurs in an SNMP system, it is easy to locate the
sub-system where the fault originated according to the fault type.
● Good expansibility: Supports addition of modules to extend an SNMP system.
For example, a module can be added to the security subsystem to run a new
security protocol.
SNMPv3 improves security through the User-based Security Model (USM) and
view-based access control model (VACM):
● USM: provides a shared key between the NMS and agents to authenticate
user identities and encrypt data.
– Identity authentication: a process in which an agent (or NMS) determines
whether a received message is from an authorized NMS (or agent) and
whether the message is modified during transmission. RFC 2104 defines
Keyed-Hashing for Message Authentication Code (HMAC), which is a tool
that uses the security hash function and key to generate message
authentication codes and is widely used on the Internet. HMAC
mechanisms that SNMP uses include HMAC-MD5-96 and HMAC-SHA-96.
The hash function of HMAC-MD5-96 is MD5, which uses a 128-bit
authKey to generate keys. The hash function of HMAC-SHA-96 is SHA-1,
which uses a 160-bit authKey to generate keys.
– Data encryption: Encryption algorithms are implemented using a
symmetric key system, which uses the same key to encrypt and decrypt
data. Like identity authentication, data encryption also requires the
network management station and the agent to use a shared key for
encryption or decryption.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 9
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
▪ Data Encryption Standard (DES): encrypts 64-bit plain text by using a
56-bit key.
▪ Triple Data Encryption Standard (3DES): encrypts plain text by using
three 56-bit DES keys (a 168-bit key).
▪ Advanced Encryption Standard (AES): encrypts plain text by using a
128-bit, 192-bit, or 256-bit key.
NOTE
The following are the three encryption algorithms, listed from most to least
secure: AES, 3DES, and DES. A more secure encryption algorithm requires more
system resources, which slows down the computing speed. To ensure device
security, it is advised to use the more secure encryption algorithms AES.
● VACM: controls access of user groups or community names based on views.
You must pre-configure a view and specify its authority. Then, when you
configure a user, user group, or community, you must load this view to
implement read/write restrictions or Inform/trap functions.
SNMPv3 Mechanism
SNMPv3 has a similar mechanism to SNMPv1 and SNMPv2c. The only difference is
that SNMPv3 supports identity authentication and encryption. The following uses
the Get operation as an example to describe the SNMPv3 mechanism.
As shown in Figure 1-7, an NMS intends to obtain the value of the sysContact
object on a managed device in authentication and encryption mode.
Figure 1-7 Get operation of SNMPv3
1. The NMS sends a GetRequest packet without security parameters to the
agent and requests the values of Context EngineID, Context Name, and
security parameter.
2. The agent returns a response that contains the requested parameters.
3. The NMS sends a GetRequest packet to the agent again. The fields in the
packet are as follows:
– Version: SNMPv3.
– Header: authentication and encryption modes.
– Security parameters: The NMS calculates the authentication and
encryption parameters in accordance with the security parameters
obtained from the agent. Then, the NMS fills the authentication,
encryption, and security parameters in the corresponding fields.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 10
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
– PDU: The NMS fills the obtained Context EngineID and Context Name in
the corresponding fields. The PDU type is set to Get, the MIB object name
is sysContact, and the configured encryption algorithm is used to encrypt
the PDU.
4. The agent authenticates the GetRequest packet sent from the NMS. If
authentication is successful, the agent decrypts the PDU. If decryption is
successful, the agent obtains the value of sysContact and encapsulates it in
the PDU of the response packet. The agent encrypts the PDU and sends the
response packet to the NMS. If the query, authentication, or encryption
operation fails, the agent sends an error message to the NMS.
1.3 Application Scenarios for SNMP
Device Management Through SNMP
Figure 1-8 illustrates an example network on which SNMP may be applied. On
this network, the network administrator needs to configure and manage all
devices. However, these devices are sparsely-located around the site, making it
impossible for the network administrator to configure and manage them all. To
make matters worse, these devices are from different vendors and provide
different management interfaces, making network management complex. To
reduce operation cost and improve work efficiency, the network administrator can
use SNMP to remotely manage, configure, and monitor network devices.
Figure 1-8 Diagram for device management through SNMP
To configure SNMP on the network, configure the NMS program on the
management end and an agent on each managed device.
SNMP allows:
● The NMS to learn managed device status by sending requests to agents and
control the devices remotely.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 11
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
● Each agent to report the managed device status and faults to the NMS in real
time.
Interconnection with Huawei eSight
As shown in Figure 1-9, devices report alarms to eSight, a Huawei NMS, through
SNMP. To quickly locate and rectify faults based on alarms, users want to the
devices also to report the alarm type, alarm sequence number, and reporting time.
In addition, for the alarms defined by common MIBs, users want to extend the
alarms for alarm analysis.
As such, the parameters private-netmanager and ext-vb are defined for
interconnection between Huawei devices and eSight. When the private-
netmanager parameter is specified, the alarm information reported by the device
contains the alarm type, alarm sequence number, and reporting time. When the
ext-vb parameter is specified, the alarm information reported by the device
contains Huawei-defined parameters.
Figure 1-9 Interconnection between devices and Huawei eSight
1.4 Summary of SNMP Configuration Tasks
This section compares SNMP versions in terms of their support for features and
usage scenarios to help you select the appropriate SNMP version for your network.
The device supports SNMPv1, SNMPv2c, and SNMPv3. Table 1-2 lists the features
supported by SNMP, and Table 1-3 lists the SNMP versions supported by each
feature. Table 1-4 describes the usage scenarios of SNMP versions, helping you
choose the appropriate version for the communication between an NMS and
managed devices according to the operation conditions of your network.
NOTE
When a device is managed by multiple NMSs running different SNMP versions, configure
SNMPv1, SNMPv2c, and SNMPv3 on the device so that it can communicate with all the
NMSs.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 12
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Table 1-2 Description of features supported by SNMP
Feature Description
Access control This function restricts a user's device administration rights.
It gives specific users the rights to manage specified
objects on devices, providing fine-grained management.
Authentication Authentication and privacy packets are transmitted
and privacy between the NMS and managed devices. This prevents
data packets from being intercepted or modified,
improving data sending security.
Error code Error codes help the administrator to identify and rectify
faults. More varied error codes make it easier for the
administrator to manage the device.
Trap Traps are sent from managed devices to the NMS. Traps
help administrators to find device faults.
The managed devices do not require the acknowledgement
from the NMS after sending traps.
Inform Informs are sent from managed devices to the NMS.
The managed devices require the acknowledgement from
the NMS after sending informs.
GetBulk GetBulk allows an administrator to perform GetNext
operations in batches. In a large network, GetBulk reduces
the workload of administrators and improves management
efficiency.
NOTE
After a restart, an NMS can receive the informs that are sent by managed devices during
the restart.
Table 1-3 SNMP versions supported by each feature
Feature SNMPv1 SNMPv2c SNMPv3
Access control Access control Access control Access control
based on the based on the based on the user,
community name community name user group, and
and MIB view and MIB view MIB view
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 13
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Feature SNMPv1 SNMPv2c SNMPv3
Authentication Authentication Authentication Supported
and privacy based on the based on the authentication
community name community name and encryption
modes are as
follows:
Authentication
mode:
● MD5
● SHA
Encryption mode:
● DES56
● AES128
● AES192
● AES256
● 3DES
Error code 6 error codes 16 error codes 16 error codes
supported supported supported
Trap Supported Supported Supported
Inform Not supported Supported Supported
GetBulk Not supported Supported Supported
Table 1-4 Usage scenarios of different SNMP versions
Version Usage Scenario
SNMPv1 Small networks with simple networking and low security
requirements or small networks with good security and
stability, such as campus networks and small enterprise
networks.
SNMPv2c Medium and large networks with low security
requirements or with good security (for example, VPNs)
but on which there are many services running, leading to
traffic congestion.
Configure the managed devices to send SNMP notifications
as informs to ensure that the NMS can receive them.
SNMPv3 Networks of various scales, in particular, networks that
have strict security requirements and can be managed only
by authorized network administrators. For example,
SNMPv3 can be used if data between the NMS and
managed device needs to be transmitted over a public
network.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 14
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
If you plan to build a network, choose an SNMP version according to your usage
scenario. If you plan to expand or upgrade an existing network, run the same
SNMP version on the managed devices as that running on the NMS to ensure that
they can communicate.
1.5 Licensing Requirements and Limitations for SNMP
Involved Network Elements
The switch needs to work with a network management system.
Licensing Requirements
SNMP is a basic feature of a switch and is not under License control.
Feature Support in V200R024C00
All models of S300, S500, S2700, S5700, and S6700 series switches (except the
S5751-L, S5731-L, and S5731S-L) support SNMP.
NOTE
For details about the hardware specifications and matched parts of the switch, visit
Hardware Center. For details about the key specifications and full software specifications of
the switch, visit Specifications Query.
The S5751-L, S5731-L, and S5731S-L are remote units and do not support web-based
management, YANG, or commands. They can be configured only through configuration
delivery by the central device. For details, see "Simplified Architecture Configuration (the
Solar System Solution)" in the S300, S500, S2700, S5700, and S6700 V200R024C00
Configuration Guide - Device Management.
Feature Limitations
● SNMPv1 and SNMPv2c lack of authentication capabilities, resulting in
vulnerability to security threats. When security is a concern, SNMPv3 is
recommended.
● If an NMS frequently accesses a switch or multiple NMSs access a switch
simultaneously, the CPU usage of the switch may increase, causing the switch
to respond to the NMS slowly. In this case, you can decrease the NMS access
frequency to ensure that the switch can respond to SNMP packets sent by the
NMS promptly.
● When an NMS connects to a switch through a management interface and
traverses a large number of nodes, the CPU usage may be high on some
switch models. You are advised to run the qos lr pps command to adjust the
rate limit of the management interface or use a service interface to connect
to the NMS.
● The device can send traps, but not logs, to the NMS through SNMP.
● For security purposes, in V200R022C00 and later versions, no interface or IPv6
address can be used to receive or respond to NMS requests by default. When
a device needs to establish a connection with the NMS, you can run any one
of the following commands to allow the device to receive and respond to
NMS requests:
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 15
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
– snmp-agent protocol source-status: Enables all interfaces or IPv6
addresses to receive and respond to NMS requests.
– snmp-agent protocol source-interface: Enables a specified interface to
receive and respond to NMS requests.
– snmp-agent protocol ipv6 source-ip: Enables a specified IPv6 address to
receive and respond to NMS requests.
1.6 Default Settings for SNMP
Parameter Default Setting
SNMP agent Disabled
SNMP trap receive None
host
SNMP version SNMPv3
SNMPv3 No authentication and no encryption
authentication
and encryption
1.7 Configuring a Device to Communicate with an NMS
Through SNMPv1
Context
To allow a device to communicate with an NMS through SNMPv1, configure
SNMPv1 on the device. The SNMP parameters must be configured on both the
managed device (agent) and NMS. This section describes only the SNMP
configurations on the agent side. For details about SNMP configurations on an
NMS, see the NMS operation guide.
Pre-configuration Tasks
Before configuring the switch to communicate with an NMS through SNMPv1,
configure a routing protocol to ensure that a reachable route exists between the
switch and NMS.
Configuration Procedure
When you configure the switch to communicate with the NMS through SNMPv1,
only Configuring Basic SNMPv1 Functions is mandatory. The other steps are
optional and can be performed in any sequence.
After the SNMP basic functions are configured, the switch and NMS can
communicate with each other.
● The NMS using the specified community name can access the ViewDefault
view, in which the internet MIB (OID: 1.3.6.1) can be operated.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 16
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
● The managed device sends traps generated by the modules that are enabled
by default to the NMS.
The following are optional SNMPv1 configurations to implement refined
management:
● To allow the NMS that uses the specified community name to manage
specified objects on the device, perform the operations in Restricting
Management Rights of the NMS.
● To allow a specified module on the managed device to report traps to the
NMS, perform the operations in Configuring the Trap Function.
● To allow the managed device to send traps to the NMS periodically, perform
the operations in Configuring the Device to Send Heartbeat Traps to the
NMS.
● To modify SNMP packet transmission parameters, perform the operations in
Enhancing the Reliability for Transmitting SNMP Packets.
● If the NMS and managed device are both Huawei products, perform the
operations in Enabling the SNMP Extended Error Code Function so that the
device can send more types of error codes. This allows more specific error
identification and facilitates your fault location and rectification.
1.7.1 Configuring Basic SNMPv1 Functions
Context
For the configuration of basic SNMP functions, steps 1, 4, 5, and 6 are mandatory.
After the configuration is complete, basic SNMP communication can be
established between the NMS and managed device.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run snmp-agent
The SNMP agent is enabled.
By default, the SNMP agent is disabled. Executing the snmp-agent command can
enable the SNMP agent, even if no parameter is specified in the command.
Step 3 (Optional) Run snmp-agent udp-port port-num
The port number of the SNMP agent is changed.
The default port number of the SNMP agent is 161.
This command enhances device security. After this command is run on an SNMP
agent connecting to the NMS, ensure that the port number on the NMS is the
same as the changed port number. Otherwise, the SNMP agent cannot connect to
the NMS.
Step 4 Run snmp-agent sys-info version v1
The SNMP version is set to SNMPv1.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 17
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
By default, the device supports SNMPv3. After you set the SNMP version to
SNMPv1, the device supports both SNMPv1 and SNMPv3, and can be managed by
NMSs running SNMPv1 and SNMPv3.
Step 5 Run snmp-agent community { read | write } { community-name | cipher
community-name } [ mib-view view-name | acl { acl-number | acl-name } | alias
alias-name ] *, snmp-agent community { read | write } [ cipher ] community-
name [ mib-view view-name ] acl-ipv4 { acl-number | acl-name } [ acl-ipv6 { acl-
number | acl-name } ] [ alias alias-name ] or snmp-agent community { read |
write } [ cipher ] community-name [ mib-view view-name ] acl-ipv6 { acl-
number | acl-name } [ alias alias-name ]
The community name is set.
By default, no community name exists on the device, and the device checks
complexity of community names. If the check fails, the community name cannot
be configured. To ensure the security of SNMP community names, you are advised
to refrain from using the snmp-agent community complexity-check disable
command to disable community name complexity check. The device has the
following requirements for community name complexity:
● The minimum length of a community name is determined by the set
password min-length command. By default, a password contains 8
characters.
● A community name includes at least two kinds of characters, which can be
uppercase letters, lowercase letters, digits, and special characters (excluding
question marks and spaces). When double quotation marks are used around
the string, spaces are allowed in the string.
To change the access right of the NMS, see Restricting Management Rights of
the NMS. Ensure that the community name of the NMS is the same as that set on
the agent; otherwise, the NMS cannot access the agent.
Step 6 Choose one of the following commands according to your network requirements
to configure a destination IP address of the traps and error codes sent from the
device.
NOTE
Before configuring a device to send traps, confirm that the information center has been enabled.
The information center can be enabled by running the info-center enable command.
● To configure a destination IPv4 address for the traps and error codes sent
from the device, run the snmp-agent target-host trap address udp-domain
ip-address [ udp-port port-number | source interface-type interface-number |
[ public-net | vpn-instance vpn-instance-name ] ] * params securityname
{ security-name | cipher security-name } [ v1 | private-netmanager | notify-
filter-profile profile-name | ext-vb ] * command.
● To configure a destination IPv6 address for the traps and error codes sent
from the device, run the snmp-agent target-host trap ipv6 address udp-
domain ipv6-address [ udp-port port-number | vpn-instance vpn-instance-
name ] * params securityname { security-name | cipher security-name } [ v1
| private-netmanager | notify-filter-profile profile-name | ext-vb ] *
command.
Note the following before running the command:
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 18
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
● The default destination UDP port number is 162. To ensure secure
communication between the NMS and managed devices, run the udp-port
command to change the UDP port number to a lesser-known port number.
● The securityname parameter identifies the devices that send traps on the
NMS.
● If the NMS and managed devices are both Huawei products, the private-
netmanager parameter can be configured to add more information to trap
messages to help you locate and solve problems more quickly. The additional
information includes trap type, serial number, and sending time.
● If traps sent from a managed device to the NMS need to be transmitted over
a public network, the public-net parameter needs to be configured. If traps
sent from the managed device to the NMS need to be transmitted over a
private network, the vpn-instance vpn-instance-name parameter needs to be
configured. This parameter is used to specify a VPN that will take over the
transmission task.
Step 7 (Optional) Run snmp-agent sys-info { contact contact | location location }
The device administrator's contact information or location is configured.
By default, the device administrator's contact information is "R&D Beijing, Huawei
Technologies Co., Ltd." and location is "Beijing China."
This step is required for the NMS administrator to view contact information and
locations of the device administrator when the NMS manages many devices. This
helps the NMS administrator to contact the device administrator for fault location
and rectification.
Step 8 (Optional) Run snmp-agent packet max-size byte-count
The maximum size of an SNMP packet is set.
By default, the maximum size of an SNMP packet is 12000 bytes.
When the size of an SNMP packet is larger than the configured value, the device
discards the SNMP packet. To ensure that the NMS can process SNMP packets
properly, set the parameter byte-count to the maximum size of an SNMP packet
that the NMS can process.
Step 9 Configure an interface or IPv6 address for receiving and responding to NMS
requests. By default, no interface or IPv6 address can be used to receive or
respond to NMS requests. Run any one of the following commands:
● Run the snmp-agent protocol source-interface interface-type interface-
number command to configure a specified interface to receive and respond to
NMS requests.
● Run the snmp-agent protocol ipv6 source-ip ipv6-address command to
configure an IPv6 address to receive and respond to NMS requests.
● Run the snmp-agent protocol source-status [ ipv6 ] all-interface command
to configure all interfaces or IPv6 addresses to receive and respond to NMS
requests.
Step 10 (Optional) Run snmp-agent protocol server [ ipv4 | ipv6 ] disable
The SNMP IPv4 or IPv6 listening port is disabled.
By default, the SNMP IPv4 or IPv6 listening port is enabled.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 19
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
If ipv4 or ipv6 is not selected, both SNMP IPv4 and IPv6 listening ports are
disabled.
If the managed device only needs to send traps to the NMS but does not need to
perform Get/Set operation, SNMP port listening is not required. In this case, run
this command so that SNMP no longer processes SNMP packets. Exercise caution
when running this command.
----End
1.7.2 (Optional) Restricting Management Rights of the NMS
Context
When multiple NMSs manage the same device using the same community name,
perform this configuration according to the scenario.
Scenario Steps
The NMS accesses the ViewDefault All NMSs access the ViewDefault view of
view of the managed device. the managed device.
No action required
1, 2 (NMS filtering based on SNMP agent)
1, 4 (NMS filtering based on community
name)
1, 2, 4 (NMS filtering based on SNMP
agent and community name)
The NMS accesses the specified All NMSs access the specified object on
object on the managed device. the managed device: 1, 3
1, 2, 3 (NMS filtering based on SNMP
agent)
1, 3, 4 (NMS filtering based on community
name)
1, 2, 3, 4 (NMS filtering based on SNMP
agent and community name)
NOTE
The ViewDefault view is the 1.3.6.1 view.
The following describes how an ACL is used to control the access rights of NMSs:
● When the ACL rule is permit, the NMS with the source IP address specified in
this rule can access the local device.
● When the ACL rule is deny, the NMS with the source IP address specified in
this rule cannot access the local device.
● If a packet does not match any ACL rule, the NMS that sends the packet
cannot access the local device.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 20
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
● When no ACL rule is configured, all NMSs can access the local device.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Configure NMS filtering based on SNMP agent.
1. Configure an ACL.
Before configuring the access control rights, you must create an ACL. For
instructions on how to create an ACL, see ACL Configuration in the S300,
S500, S2700, S5700, and S6700 V200R024C00 Configuration Guide - Security.
2. Run the snmp-agent acl { acl-number | acl-name }, snmp-agent acl-ipv4
{ acl-number | acl-name } [ acl-ipv6 { acl-number | acl-name } ], or snmp-
agent acl-ipv6 { acl-number | acl-name } command to configure an ACL for
SNMP.
Step 3 Run snmp-agent mib-view { excluded | included } view-name oid-tree
A MIB view is created, and manageable MIB objects are specified.
By default, an NMS has right to access the objects in the ViewDefault view.
You can run this command multiple times. If it is run multiple times and the
values of view-name and oid-tree are the same each time, the new configuration
overwrites the original configuration. In contrast, if the values of view-name and
oid-tree are different, the new and original configurations both take effect. The
system can store a maximum of 256 MIB views, including four default views.
If both the included and excluded parameters are configured for MIB objects that
have an inclusion relationship, whether the lowest MIB object is included or
excluded depends on the parameter configured for it. For example, the snmpV2,
snmpModules, and snmpUsmMIB objects have a top-down inclusion relationship
in the MIB tree. If the excluded parameter is configured for snmpUsmMIB objects
and included is configured for snmpV2, snmpUsmMIB objects will still be
excluded.
Step 4 Configure NMS filtering based on community name.
1. (Optional) Configure a basic ACL or an advanced ACL.
Before configuring the access control rights, you must create a basic ACL or
an advanced ACL. For instructions on how to create an ACL, see ACL
Configuration in the S300, S500, S2700, S5700, and S6700 V200R024C00
Configuration Guide - Security.
2. Run the snmp-agent community { read | write } { community-name | cipher
community-name } [ mib-view view-name | acl { acl-number | acl-name } |
alias alias-name ] *, snmp-agent community { read | write } [ cipher ]
community-name [ mib-view view-name ] acl-ipv4 { acl-number | acl-
name } [ acl-ipv6 { acl-number | acl-name } ] [ alias alias-name ] or snmp-
agent community { read | write } [ cipher ] community-name [ mib-view
view-name ] acl-ipv6 { acl-number | acl-name } [ alias alias-name ]
command to specify the NMS's access right.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 21
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
By default, the created community name allows the NMS to access the
ViewDefault view.
– To grant only the read permission (for example, to low-level
administrators), specify the parameter read. To grant the read and write
permissions (for example, to high-level administrators), specify the
parameter write.
– For security purposes, use the parameter cipher to configure the
community name to be displayed in cipher text. The community name in
cipher text cannot be queried on the device, so ensure you keep it safely
for future reference.
– If the NMSs using this community name can access the ViewDefault view,
the parameter mib-view view-name is not required.
– If all NMSs using this community name manage specified objects on the
managed devices, the acl acl-number parameter is not required.
– If some NMSs using this community name manage specified objects on
the managed devices, the acl and mib-view parameters must be
configured.
NOTE
If both community name and ACL are configured, the device checks the community
name and then the ACL before allowing the NMS to access it.
----End
Follow-up Procedure
After the access right is configured and the IP address of the NMS is specified, if
the IP address changes, you need to change the IP address of the NMS in the ACL.
(The IP address may change, for example, if the NMS changes its location, or IP
addresses are reallocated due to network adjustment.) If the IP address is not
updated, the NMS cannot access the device.
1.7.3 (Optional) Configuring the Trap Function
Context
You can enable the device to send traps of a specified type to the NMS, which
facilitates fault location. You can also specify trap parameters to improve the
reliability of trap transmission.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Enable the trap function.
Enable the trap function for a module:
● To enable the trap function of all modules, run the snmp-agent trap enable
command.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 22
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
● To enable the trap function of a specified module, run the snmp-agent trap
enable feature-name feature-name [ trap-name trap-name ] command.
● To restore the trap functions of all modules to the default status, run the
undo snmp-agent trap enable or undo snmp-agent trap disable command.
● To delete all trap functions in a batch, run the clear configuration snmp-
agent trap enable command.
Enable the trap function for an interface:
Run the snmp-agent trap enable feature-name ifnet trap-name { linkdown |
linkup } command to enable the interface status trap function globally.
By default, the trap function is disabled on all interfaces. When the linkdown and
linkup parameters are configured for ifnet module, the device sends a trap to the
NMS upon an interface status change. If the interface status frequently changes,
the interface frequently sends traps to the NMS, subjecting the NMS to a heavy
load. To combat this problem, disable the interface status trap function on the
interface. The procedure is as follows:
1. Run the interface interface-type interface-number command to enter the
interface view.
2. Run the undo enable snmp trap updown command to disable the interface
status trap function.
3. Run the quit command to return to the system view.
Step 3 Run snmp-agent trap type { base-trap | entity-trap }
The trap format is set.
By default, the device sends BASETRAP traps.
Step 4 Run snmp-agent notify-filter-profile { excluded | included } profile-name oid-
tree
A trap filtering rule is created or updated.
By default, traps are not filtered.
Step 5 Run snmp-agent trap source interface-type interface-number
The source interface for sending traps is specified.
By default, source interface of traps is not set. After the source interface is
specified, the IP address of the source interface is used as the source IP address for
sending traps. This helps the NMS identify the trap source. The source interface
that sends traps must have an IP address; otherwise, the command will fail to take
effect. To ensure device security, it is recommended that you set the source IP
address to the local loopback address.
The source interface set on the switch must be consistent with that specified on
the NMS. Otherwise, the NMS does not accept the traps sent from the switch.
Step 6 Run snmp-agent trap source-port port-number
The source port to send trap is set.
The source port needs to be fixed. Packets can be filtered by a firewall to improve
network security.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 23
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Step 7 Run snmp-agent trap queue-size size
The queue length of traps sent to the target host is set.
The default queue length of traps sent to the target host is 1000.
Set the queue length according to the number of generated traps. For example, if
the switch frequently sends traps to the NMS, set a longer queue length to
prevent traps from being lost.
Step 8 Run snmp-agent trap life seconds
The lifetime of traps is set.
The default lifetime of traps is 300 seconds.
Set the lifetime of each trap according to the number of generated traps. For
example, if the switch frequently sends traps to the NMS, set a longer lifetime to
prevent traps from being lost.
Step 9 Run snmp-agent trap start-trap resend disable
The function of resending cold-start and warm-start traps is disabled.
By default, the function of resending cold-start and warm-start traps is enabled.
----End
1.7.4 (Optional) Configuring the Device to Send Heartbeat
Traps to the NMS
Context
When the NMS cannot actively obtain the status of the device, enable the device
to send heartbeat traps to the NMS, which periodically notifies the NMS of the
device's status.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run snmp-agent heartbeat enable
The device is enabled to send heartbeat traps to the NMS.
By default, the device does not send heartbeat traps to the NMS.
Step 3 Run snmp-agent heartbeat interval interval
The interval at which the device sends heartbeat traps to the NMS is set.
By default, the device sends heartbeat traps to the NMS at an interval of 60
seconds.
----End
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 24
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
1.7.5 (Optional) Enhancing Reliability of SNMP Packet
Transmission
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run snmp-agent packet max-size byte-count
The maximum size of an SNMP packet that the device can receive and send is set.
By default, the maximum size of an SNMP packet that the device can receive or
send is 12000 bytes.
After the maximum size is set, the device discards any SNMP packet that is larger
than the set size. Typically, the default value is recommended.
Step 3 Run snmp-agent packet-priority { snmp | trap } priority-level
The transmission level of SNMP packets is set.
The default transmission level of SNMP packets is 6.
Step 4 Run snmp-agent protocol server message queue message-queue
The size of a packet queue that can be received by an SNMP agent is set.
By default, the packet queue that can be received by an SNMP agent contains 30
packets.
----End
1.7.6 (Optional) Enabling the SNMP Extended Error Code
Function
Context
If both the NMS and managed device are Huawei products, enabling this function
extends error codes and defines more scenarios. This enables users to locate and
troubleshoot faults quickly and accurately.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run snmp-agent extend error-code enable
The extended error code function is enabled.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 25
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
By default, SNMP sends only standard error codes. More error codes will be sent
to the NMS after the extended error code function is enabled.
----End
1.7.7 (Optional) Enabling the SNMP Blacklist Function
Context
After the SNMP blacklist function is enabled, if an SNMP user fails to connect to
the device, the IP address used by the user is recorded in the SNMP blacklist on
the device; that is, the IP address is locked. Within the locking period, the SNMP
user cannot connect to the device.
If the connection fails to be established several times in succession, the device
locks the IP address for 8 seconds on the first attempt, 16 seconds on the second
attempt, and 32 seconds on the third attempt. Any subsequent failed attempts
result in the IP address being locked for 5 minutes. When the locking period
arrives, the IP address is automatically unlocked.
After the SNMP blacklist function is disabled, the IP addresses of SNMP users who
fail to connect to the device are not locked. The device is vulnerable to attacks and
cracking by unauthorized users, affecting device security. Therefore, you are
advised to enable the IP blacklist function.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run undo snmp-agent blacklist ip-block disable
The SNMP blacklist function is enabled.
By default, the SNMP blacklist function is enabled.
----End
1.7.8 Verifying the Basic SNMPv1 Function Configuration
Prerequisites
The configurations of basic SNMPv1 functions are complete.
Procedure
● Run the display snmp-agent community command to check community
names.
● Run the display snmp-agent sys-info version command to check the
enabled SNMP version.
● Run the display acl acl-number command to check ACL rules.
● Run the display snmp-agent mib-view command to check MIB views.
● Run the display snmp-agent sys-info contact command to check the
administrator's contact information.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 26
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
● Run the display snmp-agent sys-info location command to check the
location of the switch.
● Run the display current-configuration | include max-size command to
check the maximum size of an SNMP packet that can be sent and received by
the device.
● Run the display current-configuration | include trap command to check the
configuration of the trap function.
● Run the display snmp-agent trap all command to check current and default
status of all traps of all features.
● Run the display snmp-agent target-host command to check information
about the target host.
● Run the display snmp-agent extend error-code status command to check
whether the device is enabled to send extended error codes to the NMS.
● Run the display snmp-agent notify-filter-profile command to check the
configurations of the filtered traps.
----End
1.8 Configuring a Device to Communicate with an NMS
Through SNMPv2c
Context
To allow a device to communicate with an NMS through SNMPv2c, configure
SNMPv2c on the device. The SNMP parameters must be configured on both the
managed device (agent) and NMS. This section describes only the SNMP
configurations on the agent side. For details about SNMP configurations on an
NMS, see the NMS operation guide.
Pre-configuration Tasks
Before configuring a device to communicate with an NMS through SNMPv2c,
configure a routing protocol to ensure that at least one route exists between the
switch and NMS.
Configuration Procedure
When you configure a device to communicate with the NMS through SNMPv2c,
only Configuring Basic SNMPv2c Functions is mandatory. The other steps are
optional and can be performed in any sequence.
After the SNMP basic functions are configured, the switch and NMS can
communicate with each other.
● The NMS using the specified community name can access the ViewDefault
view, in which the internet MIB (OID: 1.3.6.1) can be operated.
● The managed device sends traps generated by the modules that are enabled
by default to the NMS.
The following are optional SNMPv2c configurations to implement refined
management:
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 27
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
● To allow an NMS that uses a specified community name to manage specified
objects on the device, perform the operations in Restricting Management
Rights of the NMS.
● To allow a specified module on the managed device to report traps to the
NMS, perform the operations in Configuring the Trap/Inform Function.
● To allow the device to send traps to the NMS periodically, perform the
operations in Configuring the Device to Send Heartbeat Traps to the NMS.
● To modify SNMP packet transmission parameters, perform the operations in
Enhancing the Reliability for Transmitting SNMP Packets.
● If the NMS and managed device are both Huawei products, perform the
operations in Enabling the SNMP Extended Error Code Function so that the
managed device can send more types of error codes. More error codes
facilitate your fault location and rectification.
1.8.1 Configuring Basic SNMPv2c Functions
Context
For the configuration of basic SNMP functions, steps 1, 4, 5, and 6 are mandatory.
After the configuration is complete, the NMS and managed device can
communicate with each other through SNMP.
When you configure a destination IP address for traps and error codes sent from
the managed devices, configure the trap or inform function as required.
● The traps sent by the managed device do not need to be acknowledged by
the NMS.
● The informs sent by the managed device need to be acknowledged by the
NMS. If no acknowledgement message is received from the NMS within a
specified time period, the managed device resends the inform until the
number of retransmissions reaches the maximum.
When sending an inform to the NMS, the managed device also records the
inform in the log. If an inform is sent to the NMS when the NMS or the link
between NMS and managed device is faulty, the NMS can still receive the
inform after fault recovery.
Informs are more reliable than traps. However, the device may need to buffer
many informs because of the inform retransmission mechanism. This buffering
may consume a lot of memory resources. If the network is stable, using traps is
recommended. If the network is unstable and the device's memory capacity is
sufficient, using inform is recommended.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run snmp-agent
The SNMP agent is enabled.
By default, the SNMP agent is disabled. Executing the snmp-agent command can
enable the SNMP agent, even if no parameter is specified in the command.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 28
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Step 3 (Optional) Run snmp-agent udp-port port-num
The port number of the SNMP agent is changed.
The default port number of the SNMP agent is 161.
This command enhances device security. After this command is run on an SNMP
agent connecting to the NMS, ensure that the port number on the NMS is the
same as the changed port number. Otherwise, the SNMP agent cannot connect to
the NMS.
Step 4 Run snmp-agent sys-info version v2c
The SNMP version is set to SNMPv2c.
By default, the device supports SNMPv3. If the SNMP version is set to SNMPv2c,
the device supports both SNMPv2c and SNMPv3, and can be managed by NMSs
running SNMPv2c and SNMPv3.
Step 5 Run snmp-agent community { read | write } { community-name | cipher
community-name } [ mib-view view-name | acl { acl-number | acl-name } | alias
alias-name ] *, snmp-agent community { read | write } [ cipher ] community-
name [ mib-view view-name ] acl-ipv4 { acl-number | acl-name } [ acl-ipv6 { acl-
number | acl-name } ] [ alias alias-name ] or snmp-agent community { read |
write } [ cipher ] community-name [ mib-view view-name ] acl-ipv6 { acl-
number | acl-name } [ alias alias-name ]
The community name is set.
By default, no community name exists on the device, and the device checks
complexity of community names. If the check fails, the community name cannot
be configured. To ensure the security of SNMP community names, you are advised
to refrain from using the snmp-agent community complexity-check disable
command to disable community name complexity check. The device has the
following requirements for community name complexity:
● The minimum length of a community name is determined by the set
password min-length command. By default, a password contains 8
characters.
● A community name includes at least two kinds of characters, which can be
uppercase letters, lowercase letters, digits, and special characters (excluding
question marks and spaces). When double quotation marks are used around
the string, spaces are allowed in the string.
To change the access right of the NMS, see Restricting Management Rights of
the NMS. Ensure that the community name of the NMS is the same as that set on
the agent; otherwise, the NMS cannot access the agent.
Step 6 Choose one of the following commands according to your network requirements
to configure a destination IP address of the traps and error codes sent from the
device.
NOTE
Before configuring a device to send traps, confirm that the information center has been enabled.
The information center can be enabled by running the info-center enable command.
● When the managed device and NMS reside on an IPv4 network, configure the
device to send either traps or informs to the NMS as follows:
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 29
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
– To configure a destination IP address for the traps and error codes sent
from the device, run the snmp-agent target-host trap address udp-
domain ip-address [ udp-port port-number | source interface-type
interface-number | [ public-net | vpn-instance vpn-instance-name ] ] *
params securityname { security-name | cipher security-name } [ v2c |
private-netmanager | notify-filter-profile profile-name | ext-vb ] *
command.
– To configure a destination IP address for the informs and error codes sent
from the device, run the snmp-agent target-host inform address udp-
domain ip-address [ udp-port port-number | source interface-type
interface-number | [ vpn-instance vpn-instance-name | public-net ] ]*
params securityname { security-name | cipher security-name } v2c
[ notify-filter-profile profile-name | ext-vb ] * command.
● When the managed device and NMS reside on an IPv6 network, run the
snmp-agent target-host trap ipv6 address udp-domain ipv6-address [ udp-
port port-number | vpn-instance vpn-instance-name ] * params
securityname { security-name | cipher security-name } [ v2c | private-
netmanager | notify-filter-profile profile-name | ext-vb ] * command to set
the target host that receives traps and error codes.
NOTE
An IPv6 network supports only traps, but does not support informs.
Note the following before running the command:
● The default destination UDP port number is 162. To ensure secure
communication between the NMS and managed devices, change the UDP
port number to a lesser-known port number by using the udp-port command.
● The securityname parameter identifies the devices that send traps to the
NMS.
● If the NMS and managed device are both Huawei products, the private-
netmanager parameter can be configured to add more information to trap
messages to help you locate and solve problems more quickly. The additional
information includes trap type, serial number, and sending time.
● If traps sent from the managed device to the NMS need to be transmitted
over a public network, the public-net parameter needs to be configured. If
traps sent from the managed device to the NMS need to be transmitted over
a private network, the vpn-instance vpn-instance-name parameter needs to
be configured. This parameter is used to specify a VPN that will take over the
transmission task.
Step 7 (Optional) Run snmp-agent sys-info { contact contact | location location }
The device administrator's contact information or location is configured.
By default, the device administrator's contact information is "R&D Beijing, Huawei
Technologies Co., Ltd." and location is "Beijing China."
This step is required for the NMS administrator to view contact information and
locations of the device administrator when the NMS manages many devices. This
helps the NMS administrator to contact the device administrator for fault location
and rectification.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 30
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Step 8 (Optional) Run snmp-agent packet max-size byte-count
The maximum size of an SNMP packet that the device can receive and send is set.
By default, the maximum size of an SNMP packet is 12000 bytes.
When the size of an SNMP packet is larger than the configured value, the device
discards the SNMP packet. To ensure that the NMS can process SNMP packets
properly, set the byte-count parameter to the maximum size of an SNMP packet
that the NMS can process.
Step 9 Configure an interface or IPv6 address for receiving and responding to NMS
requests. By default, no interface or IPv6 address can be used to receive or
respond to NMS requests. Run any one of the following commands:
● Run the snmp-agent protocol source-interface interface-type interface-
number command to configure a specified interface to receive and respond to
NMS requests.
● Run the snmp-agent protocol ipv6 source-ip ipv6-address command to
configure an IPv6 address to receive and respond to NMS requests.
● Run the snmp-agent protocol source-status [ ipv6 ] all-interface command
to configure all interfaces or IPv6 addresses to receive and respond to NMS
requests.
Step 10 (Optional) Run snmp-agent protocol server [ ipv4 | ipv6 ] disable
The SNMP IPv4 or IPv6 listening port is disabled.
By default, the SNMP IPv4 or IPv6 listening port is enabled.
If ipv4 or ipv6 is not selected, both SNMP IPv4 and IPv6 listening ports are
disabled.
If the managed device only needs to send traps to the NMS but does not need to
perform Get/Set operation, SNMP port listening is not required. In this case, run
this command so that SNMP no longer processes SNMP packets. Exercise caution
when running this command.
----End
1.8.2 (Optional) Restricting Management Rights of the NMS
Context
When multiple NMSs manage the same device using the same community name,
perform this configuration according to the scenario.
Scenario Steps
The NMS accesses the ViewDefault All NMSs access the ViewDefault view of
view of the managed device. the managed device.
No action required
1, 2 (NMS filtering based on SNMP agent)
1, 4 (NMS filtering based on community
name)
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 31
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Scenario Steps
1, 2, 4 (NMS filtering based on SNMP
agent and community name)
The NMS accesses the specified All NMSs access the specified object on
object on the managed device. the managed device: 1, 3
1, 2, 3 (NMS filtering based on SNMP
agent)
1, 3, 4 (NMS filtering based on community
name)
1, 2, 3, 4 (NMS filtering based on SNMP
agent and community name)
NOTE
The ViewDefault view is the 1.3.6.1 view.
The following describes how an ACL is used to control the access rights of NMSs:
● When the ACL rule is permit, the NMS with the source IP address specified in
this rule can access the local device.
● When the ACL rule is deny, the NMS with the source IP address specified in
this rule cannot access the local device.
● If a packet does not match any ACL rule, the NMS that sends the packet
cannot access the local device.
● When no ACL rule is configured, all NMSs can access the local device.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Configure NMS filtering based on SNMP agent.
1. Configure an ACL.
Before configuring the access control rights, you must create an ACL. For
instructions on how to create an ACL, see ACL Configuration in the S300,
S500, S2700, S5700, and S6700 V200R024C00 Configuration Guide - Security.
2. Run the snmp-agent acl { acl-number | acl-name }, snmp-agent acl-ipv4
{ acl-number | acl-name } [ acl-ipv6 { acl-number | acl-name } ], or snmp-
agent acl-ipv6 { acl-number | acl-name } command to configure an ACL for
SNMP.
Step 3 Run snmp-agent mib-view { excluded | included } view-name oid-tree
A MIB view is created, and manageable MIB objects are specified.
By default, an NMS has right to access the objects in the ViewDefault view.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 32
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
You can run this command multiple times. If it is run multiple times and the
values of view-name and oid-tree are the same each time, the new configuration
overwrites the original configuration. In contrast, if the values of view-name and
oid-tree are different, the new and original configurations both take effect. The
system can store a maximum of 256 MIB views, including four default views.
If both the included and excluded parameters are configured for MIB objects that
have an inclusion relationship, whether the lowest MIB object is included or
excluded depends on the parameter configured for it. For example, the snmpV2,
snmpModules, and snmpUsmMIB objects have a top-down inclusion relationship
in the MIB tree. If the excluded parameter is configured for snmpUsmMIB objects
and included is configured for snmpV2, snmpUsmMIB objects will still be
excluded.
Step 4 Configure NMS filtering based on community name.
1. (Optional) Configure a basic ACL or an advanced ACL.
Before configuring the access control rights, you must create a basic ACL or
an advanced ACL. For instructions on how to create an ACL, see ACL
Configuration in the S300, S500, S2700, S5700, and S6700 V200R024C00
Configuration Guide - Security.
2. Run the snmp-agent community { read | write } { community-name | cipher
community-name } [ mib-view view-name | acl { acl-number | acl-name } |
alias alias-name ] *, snmp-agent community { read | write } [ cipher ]
community-name [ mib-view view-name ] acl-ipv4 { acl-number | acl-
name } [ acl-ipv6 { acl-number | acl-name } ] [ alias alias-name ] or snmp-
agent community { read | write } [ cipher ] community-name [ mib-view
view-name ] acl-ipv6 { acl-number | acl-name } [ alias alias-name ]
command to specify the NMS's access right.
By default, the created community name allows the NMS to access the
ViewDefault view.
– To grant only the read permission (for example, to low-level
administrators), specify the parameter read. To grant the read and write
permissions (for example, to high-level administrators), specify the
parameter write.
– For security purposes, use the parameter cipher to configure the
community name to be displayed in cipher text. The community name in
cipher text cannot be queried on the device, so ensure you keep it safely
for future reference.
– If the NMSs using this community name can access the ViewDefault view,
the parameter mib-view view-name is not required.
– If all NMSs using this community name manage specified objects on the
managed devices, the acl acl-number parameter is not required.
– If some NMSs using this community name manage specified objects on
the managed devices, the acl and mib-view parameters must be
configured.
NOTE
If both community name and ACL are configured, the device checks the community
name and then the ACL before allowing the NMS to access it.
----End
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 33
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Follow-up Procedure
After the access right is configured and the IP address of the NMS is specified, if
the IP address changes, you need to change the IP address of the NMS in the ACL.
(The IP address may change, for example, if the NMS changes its location, or IP
addresses are reallocated due to network adjustment.) If the IP address is not
updated, the NMS cannot access the device.
1.8.3 (Optional) Configuring the Trap/Inform Function
Context
You can enable the device to send traps of a specified type to the NMS, which
facilitates fault location. You can also specify trap parameters to improve the
reliability of trap transmission.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Enable the trap function.
Enable the trap function for a module:
● To enable the trap function of all modules, run the snmp-agent trap enable
command.
● To enable the trap function of a specified module, run the snmp-agent trap
enable feature-name feature-name [ trap-name trap-name ] command.
● To restore the trap functions of all modules to the default status, run the
undo snmp-agent trap enable or undo snmp-agent trap disable command.
● To delete all trap functions in a batch, run the clear configuration snmp-
agent trap enable command.
Enable the trap function for an interface:
Run the snmp-agent trap enable feature-name ifnet trap-name { linkdown |
linkup } command to enable the interface status trap function globally.
By default, the trap function is disabled on all interfaces. When the linkdown and
linkup parameters are configured for ifnet module, the device sends a trap to the
NMS upon an interface status change. If the interface status frequently changes,
the interface frequently sends traps to the NMS, subjecting the NMS to a heavy
load. To combat this problem, disable the interface status trap function on the
interface. The procedure is as follows:
1. Run the interface interface-type interface-number command to enter the
interface view.
2. Run the undo enable snmp trap updown command to disable the interface
status trap function.
3. Run the quit command to return to the system view.
Step 3 Run snmp-agent trap type { base-trap | entity-trap }
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 34
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
The trap format is set.
By default, the device sends BASETRAP traps.
Step 4 Run snmp-agent notify-filter-profile { excluded | included } profile-name oid-
tree
A trap filtering rule is created or updated.
By default, traps are not filtered.
Step 5 Set trap parameters based on the configuration of basic SNMP functions.
Set trap parameters:
1. Run the snmp-agent trap source interface-type interface-number command
to specify the source interface that sends traps.
After the source interface is specified, the IP address of the source interface is
used as the source IP address for sending traps. To ensure device security, it is
recommended that you set the address of the local loopback interface as the
source interface address.
The source interface in traps sent by the switch must be the same as the
source interface specified on the NMS. Otherwise, the NMS cannot receive
traps.
2. Run the snmp-agent trap source-port port-number command to specify the
source interface that sends traps.
If you configure a fixed source interface, firewalls on user networks can filter
packets based on this source interface. Therefore, a fixed source interface
improves network security.
3. Run the snmp-agent trap queue-size size command to set the queue length
of traps sent to the target host.
The default queue length of traps sent to the target host is 1000.
Set the queue length according to the number of generated traps. For
example, if the switch frequently sends traps to the NMS, set a longer queue
length to prevent traps from being lost.
4. Run the snmp-agent trap life seconds command to set the lifetime of traps.
The default lifetime of traps is 300 seconds.
Set the lifetime of each trap according to the number of generated traps. For
example, if the switch frequently sends traps to the NMS, set a longer lifetime
to prevent traps from being lost.
5. Run the snmp-agent trap start-trap resend disable command to disable the
function of resending device cold-start or warm-start traps.
By default, the function of resending device cold-start or warm-start traps is
enabled.
Set inform parameters:
1. Run the snmp-agent inform { timeout seconds | resend-times times |
pending number }* command to set global inform parameters.
The parameters include the timeout period for waiting for ACK messages,
number of times to retransmit informs, and maximum number of informs to
be confirmed in the inform buffer.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 35
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
When setting the timeout period on a network that is unstable, specify the
number of inform retransmissions and maximum number of informs to be
acknowledged. By default, this timeout period is 15 seconds. The default
number of inform retransmissions and the maximum number of informs
waiting to be acknowledged are 3 and 39, respectively.
2. Run the snmp-agent inform { timeout seconds | resend-times times } *
address udp-domain ip-address [ vpn-instance vpn-instance-name ] params
securityname { security-name | cipher security-name } command to set the
timeout period for waiting for inform ACK messages from a specified NMS
and the number of inform retransmissions.
If the network is unstable, you need to specify the number of inform
retransmissions when you set a timeout period for waiting for inform ACK
messages. By default, the timeout period for waiting for inform ACK messages
is 15 seconds, and the number of inform retransmissions is 3.
3. Run the snmp-agent notification-log enable command to enable the inform
log function.
If the NMS and managed device cannot communicate because of a link
failure, the managed device no longer sends informs but keeps recording
inform logs. When the link recovers, the target host synchronizes the recorded
inform logs from the managed device.
After the inform log function is enabled, the device records informs it sends.
Traps sent by the device are not recorded.
By default, the trap log function is disabled.
4. Run the snmp-agent notification-log { global-ageout ageout | global-limit
limit }* command to set the aging time of trap logs and the maximum
number of trap logs in the log buffer.
By default, the aging time of trap logs is 24 hours. When the aging time
expires, the trap logs are automatically deleted.
By default, the log buffer can store a maximum of 500 trap logs. If the
number of trap logs to be stored exceeds 500, the NMS deletes trap logs from
the earliest one.
----End
1.8.4 (Optional) Configuring the Device to Send Heartbeat
Traps to the NMS
Context
When the NMS cannot actively obtain the status of the device, enable the device
to send heartbeat traps to the NMS, which periodically notifies the NMS of the
device's status.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run snmp-agent heartbeat enable
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 36
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
The device is enabled to send heartbeat traps to the NMS.
By default, the device does not send heartbeat traps to the NMS.
Step 3 Run snmp-agent heartbeat interval interval
The interval at which the device sends heartbeat traps to the NMS is set.
By default, the device sends heartbeat traps to the NMS at an interval of 60
seconds.
----End
1.8.5 (Optional) Enhancing Reliability of SNMP Packet
Transmission
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run snmp-agent packet max-size byte-count
The maximum size of an SNMP packet that the device can receive and send is set.
By default, the maximum size of an SNMP packet that the device can receive or
send is 12000 bytes.
After the maximum size is set, the device discards any SNMP packet that is larger
than the set size. Typically, the default value is recommended.
Step 3 Run snmp-agent packet-priority { snmp | trap } priority-level
The transmission level of SNMP packets is set.
The default transmission level of SNMP packets is 6.
Step 4 Run snmp-agent protocol server message queue message-queue
The size of a packet queue that can be received by an SNMP agent is set.
By default, the packet queue that can be received by an SNMP agent contains 30
packets.
----End
1.8.6 (Optional) Enabling the SNMP Extended Error Code
Function
Context
If both the NMS and managed device are Huawei products, enabling this function
extends error codes and defines more scenarios. This enables users to locate and
troubleshoot faults quickly and accurately.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 37
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run snmp-agent extend error-code enable
The extended error code function is enabled.
By default, SNMP sends only standard error codes. More error codes will be sent
to the NMS after the extended error code function is enabled.
----End
1.8.7 (Optional) Enabling the SNMP Blacklist Function
Context
After the SNMP blacklist function is enabled, if an SNMP user fails to connect to
the device, the IP address used by the user is recorded in the SNMP blacklist on
the device; that is, the IP address is locked. Within the locking period, the SNMP
user cannot connect to the device.
If the connection fails to be established several times in succession, the device
locks the IP address for 8 seconds on the first attempt, 16 seconds on the second
attempt, and 32 seconds on the third attempt. Any subsequent failed attempts
result in the IP address being locked for 5 minutes. When the locking period
arrives, the IP address is automatically unlocked.
After the SNMP blacklist function is disabled, the IP addresses of SNMP users who
fail to connect to the device are not locked. The device is vulnerable to attacks and
cracking by unauthorized users, affecting device security. Therefore, you are
advised to enable the IP blacklist function.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run undo snmp-agent blacklist ip-block disable
The SNMP blacklist function is enabled.
By default, the SNMP blacklist function is enabled.
----End
1.8.8 Verifying the Basic SNMPv2c Function Configuration
Prerequisites
The configurations of basic SNMPv2c functions are complete.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 38
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Procedure
● Run the display snmp-agent community command to check community
names.
● Run the display snmp-agent sys-info version command to check the
enabled SNMP version.
● Run the display acl acl-number command to check ACL rules.
● Run the display snmp-agent mib-view command to check MIB views.
● Run the display snmp-agent sys-info contact command to check the
administrator's contact information.
● Run the display snmp-agent sys-info location command to check the
location of the switch.
● Run the display current-configuration | include max-size command to
check the maximum size of an SNMP packet.
● Run the display current-configuration | include trap command to check trap
configuration.
● Run the display snmp-agent trap all command to check current and default
status of all traps of all features.
● Run the display snmp-agent target-host command to check information
about the target host.
● Run the display snmp-agent inform [ address udp-domain ip-address
[ vpn-instance vpn-instance-name ] params securityname { security-name |
cipher security-name } ] command to check configurations of all or specified
target hosts that send informs.
● Run the display snmp-agent extend error-code status command to check
whether the function that the device sends extended error codes to the NMS
is enabled.
● Run the display snmp-agent notification-log command to view the inform
logs saved in the inform log buffer.
----End
1.9 Configuring a Device to Communicate with an NMS
Through SNMPv3
Context
To allow a device to communicate with an NMS through SNMPv3, configure
SNMPv3 on the device. The SNMP parameters must be configured on both the
managed device (agent) and NMS. This section describes only the SNMP
configurations on the agent side. For details about SNMP configurations on an
NMS, see the NMS operation guide.
Pre-configuration Tasks
Before configuring a device to communicate with an NMS through SNMPv3,
configure a routing protocol to ensure that at least one route exists between the
switch and NMS.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 39
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Configuration Procedure
When you configure the device to communicate with the NMS through SNMPv3,
only Configuring Basic SNMPv3 Functions is mandatory. The other steps are
optional and can be performed in any sequence.
After basic the SNMP functions are configured, the NMS can communicate with
managed devices.
● The NMS using the specified community name can access the ViewDefault
view, in which the internet MIB (OID: 1.3.6.1) can be operated.
● The managed device sends traps generated by the modules that are enabled
by default to the NMS.
The following are optional SNMPv3 configurations to implement refined
management:
● To allow an NMS that uses a specified community name to manage specified
objects on the device, perform the operations in Restricting Management
Rights of the NMS.
● To allow a specified module on the managed device to report traps to the
NMS, perform the operations in Configuring the Trap Function.
● To allow the device to send traps to the NMS periodically, perform the
operations in Configuring the Device to Send Heartbeat Traps to the NMS.
● To modify SNMP packet transmission parameters, perform the operations in
Enhancing the Reliability for Transmitting SNMP Packets.
● If the NMS and managed device are both Huawei products, perform the
operations in Enabling the SNMP Extended Error Code Function so that the
managed device can send more types of error codes. More error codes
facilitate your fault location and rectification.
1.9.1 Configuring Basic SNMPv3 Functions
Context
When you configure a destination IP address for traps and error codes sent from
the managed devices, configure the trap or inform function as required.
● The traps sent by the managed device do not need to be acknowledged by
the NMS.
● The informs sent by the managed device need to be acknowledged by the
NMS. If no acknowledgement message is received from the NMS within a
specified time period, the managed device resends the inform until the
number of retransmissions reaches the maximum.
When sending an inform to the NMS, the managed device also records the
inform in the log. If an inform is sent to the NMS when the NMS or the link
between NMS and managed device is faulty, the NMS can still receive the
inform after fault recovery.
Informs are more reliable than traps. However, the device may need to buffer
many informs because of the inform retransmission mechanism. This buffering
may consume a lot of memory resources. If the network is stable, using traps is
recommended. If the network is unstable and the device's memory capacity is
sufficient, using inform is recommended.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 40
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Precaution
When configuring security levels, ensure that the security level of the SNMP user ≥
the security level of the alarm host ≥ the security level of the SNMP user group.
SNMPv3 uses the following security levels, which are listed in a descending order:
● privacy: authentication and encryption
● authentication: only authentication
● none: no authentication and no encryption
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run snmp-agent
The SNMP agent is enabled.
By default, the SNMP agent is disabled. Executing the snmp-agent command can
enable the SNMP agent, even if no parameter is specified in the command.
Step 3 (Optional) Run snmp-agent udp-port port-num
The port number of the SNMP agent is changed.
The default port number of the SNMP agent is 161.
This command enhances device security. After this command is run on an SNMP
agent connecting to the NMS, ensure that the port number on the NMS is the
same as the changed port number. Otherwise, the SNMP agent cannot connect to
the NMS.
Step 4 (Optional) Run snmp-agent sys-info version v3
The SNMP version is set.
By default, the device supports SNMPv3.
Step 5 (Optional) Run snmp-agent local-engineid engineid
An engine ID is set for the local SNMP entity.
By default, the device automatically generates an engine ID using the internal
algorithm. An engine ID is composed of an enterprise number and device
information.
If you manually set the engine ID, the SNMPv3 user matching the default engine
ID is deleted.
NOTE
To improve system security, configure the device to check consistency between the
contextEngineID on the NMS and the local engine ID by running the snmp-agent packet
contextengineid-check enable command.
Step 6 Run snmp-agent group v3 group-name { authentication | privacy |
noauthentication } [ read-view read-view | write-view write-view | notify-view
notify-view ]* [ acl { acl-number | acl-name } ], snmp-agent group v3 group-
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 41
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
name { authentication | privacy | noauthentication } [ read-view read-view |
write-view write-view | notify-view notify-view ]* acl-ipv4 { acl-number | acl-
name } [ acl-ipv6 { acl-number | acl-name } ], or snmp-agent group v3 group-
name { authentication | privacy | noauthentication } [ read-view read-view |
write-view write-view | notify-view notify-view ]* acl-ipv6 { acl-number | acl-
name }
An SNMPv3 user group is configured.
If the NMS and device are in an insecure environment (for example, the network
is vulnerable to attacks), authentication or privacy can be configured in the
command to enable data authentication or privacy.
Step 7 Configure an SNMPv3 user.
1. Run the snmp-agent [ remote-engineid engineid ] usm-user v3 user-name
[ group group-name | acl { acl-number | acl-name } ] *, snmp-agent
[ remote-engineid engineid ] usm-user v3 user-name group group-name
acl-ipv4 { acl-number | acl-name } [ acl-ipv6 { acl-number | acl-name } ], or
snmp-agent [ remote-engineid engineid ] usm-user v3 user-name group
group-name acl-ipv6 { acl-number | acl-name } command to configure an
SNMPv3 user.
2. Run the snmp-agent [ remote-engineid engineid ] usm-user v3 user-name
authentication-mode { md5 | sha | sha2-256 } [ cipher password ]
command to set an authentication password for the SNMPv3 user.
3. Run the snmp-agent [ remote-engineid engineid ] usm-user v3 user-name
privacy-mode { des56 | aes128 |aes192 | aes256 | 3des } [ cipher password ]
command to set an encryption password for the SNMPv3 user.
NOTE
By default, none authentication and none encryption is performed on SNMPv3 users. To
improve system security, configure an authentication password and encryption password,
and ensure that the two passwords are different.
In addition, you are recommended not to use the MD5 algorithm for SNMPv3
authentication or use the DES56 or 3DES168 algorithm for SNMPv3 encryption.
By default, the complexity check is enabled for SNMPv3 user passwords. If the password
fails the check, the configuration fails. To ensure device security, you are advised to refrain
from using the snmp-agent usm-user password complexity-check disable command to
disable the complexity check for SNMPv3 user passwords, and change the password
periodically.
Step 8 Configure the destination IP address for receiving traps and error codes.
NOTE
Before configuring a device to send traps, confirm that the information center has been enabled.
The information center can be enabled by running the info-center enable command.
● When the managed device and NMS reside on an IPv4 network, configure the
device to send either traps or informs to the NMS as follows:
– To configure a destination IP address for the traps and error codes sent
from the device, run the snmp-agent target-host trap address udp-
domain ip-address [ udp-port port-number | source interface-type
interface-number | [ public-net | vpn-instance vpn-instance-name ] ] *
params securityname security-name v3 [ authentication | privacy ]
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 42
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
[ private-netmanager | notify-filter-profile profile-name | ext-vb ] *
command.
– To configure a destination IP address for the informs and error codes sent
from the device, run the snmp-agent target-host inform address udp-
domain ip-address [ udp-port port-number | source interface-type
interface-number | [ vpn-instance vpn-instance-name | public-net ] ]*
params securityname security-name v3 [ authentication | privacy ]
[ notify-filter-profile profile-name | ext-vb ] * command.
● When the managed device and NMS reside on an IPv6 network, run the
snmp-agent target-host trap ipv6 address udp-domain ipv6-address [ udp-
port port-number | vpn-instance vpn-instance-name ] * params
securityname security-name [ v3 [ authentication | privacy ] | private-
netmanager | notify-filter-profile profile-name | ext-vb ] * command to set
the target host that receives traps and error codes.
NOTE
An IPv6 network supports only traps, but does not support informs.
Note the following before running the command:
● The default destination UDP port number is 162. To ensure secure
communication between the NMS and managed devices, change the UDP
port number to a lesser-known port number by running the udp-port
command.
● The security-name parameter identifies the devices that send traps to the
NMS.
● If the NMS and managed device are both Huawei products, the private-
netmanager parameter can be configured to add more information to trap
messages to help you locate and solve problems more quickly. The additional
information includes trap type, serial number, and sending time.
NOTE
The value of security-name must be the same as the created user name. Otherwise, the NMS
cannot access the managed device.
Step 9 (Optional) Run snmp-agent sys-info { contact contact | location location }
The device administrator's contact information or location is configured.
By default, the device administrator's contact information is "R&D Beijing, Huawei
Technologies Co., Ltd." and location is "Beijing China."
This step is required for the NMS administrator to view contact information and
locations of the device administrator when the NMS manages many devices. This
helps the NMS administrator to contact the device administrator for fault location
and rectification.
Step 10 (Optional) Run snmp-agent packet max-size byte-count
The maximum size of an SNMP packet that the device can receive and send is set.
By default, the maximum size of an SNMP packet is 12000 bytes.
When the size of an SNMP packet is larger than the configured value, the device
discards the SNMP packet. To ensure that the NMS can process SNMP packets
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 43
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
properly, set the byte-count parameter to the maximum size of an SNMP packet
that the NMS can process.
Step 11 Configure an interface or IPv6 address for receiving and responding to NMS
requests. By default, no interface or IPv6 address can be used to receive or
respond to NMS requests. Run any one of the following commands:
● Run the snmp-agent protocol source-interface interface-type interface-
number command to configure a specified interface to receive and respond to
NMS requests.
● Run the snmp-agent protocol ipv6 source-ip ipv6-address command to
configure an IPv6 address to receive and respond to NMS requests.
● Run the snmp-agent protocol source-status [ ipv6 ] all-interface command
to configure all interfaces or IPv6 addresses to receive and respond to NMS
requests.
Step 12 (Optional) Run snmp-agent protocol server [ ipv4 | ipv6 ] disable
The SNMP IPv4 or IPv6 listening port is disabled.
By default, the SNMP IPv4 or IPv6 listening port is enabled.
If ipv4 or ipv6 is not selected, both SNMP IPv4 and IPv6 listening ports are
disabled.
If the managed device only needs to send traps to the NMS but does not need to
perform Get/Set operation, SNMP port listening is not required. In this case, run
this command so that SNMP no longer processes SNMP packets. Exercise caution
when running this command.
----End
1.9.2 (Optional) Restricting Management Rights of the NMS
Context
When multiple NMSs in the same SNMPv3 user group manage one device,
perform this configuration according to the scenario.
Scenario Steps
The NMSs access the All NMSs access the ViewDefault view of the
ViewDefault view. managed device.
No action required
1, 2 (NMS filtering based on SNMP agent)
1, 3, 5 (NMS filtering based on user group)
1, 6, 7 (NMS filtering based on user)
1, 3, 5, 6, 7 (NMS filtering based on user group
and user)
1, 2, 3, 5 (NMS filtering based on SNMP agent
and user group)
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 44
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Scenario Steps
1, 2, 6, 7 (NMS filtering based on SNMP agent
and user)
1, 2, 3, 5, 6, 7 (NMS filtering based on SNMP
agent, user group, and user)
The NMSs access the All NMSs access the specified node on the
specified objects on the managed device:
managed device. 1, 4, 5
1, 2, 4, 5 (NMS filtering based on SNMP agent)
1, 3, 4, 5 (NMS filtering based on user group)
1, 4, 5, 6, 7 (NMS filtering based on user)
1, 3, 4, 5, 6, 7 (NMS filtering based on user
group and user)
1, 2, 3, 4, 5 (NMS filtering based on SNMP agent
and user group)
1, 2, 4, 5, 6, 7 (NMS filtering based on SNMP
agent and user)
1, 2, 3, 4, 5, 6, 7 (NMS filtering based on SNMP
agent, user group, and user)
The following describes how an ACL is used to control the access rights of NMSs:
● When the ACL rule is permit, the NMS with the source IP address specified in
this rule can access the local device.
● When the ACL rule is deny, the NMS with the source IP address specified in
this rule cannot access the local device.
● If a packet does not match any ACL rule, the NMS that sends the packet
cannot access the local device.
● When no ACL rule is configured, all NMSs can access the local device.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Configure NMS filtering based on SNMP agent.
1. Configure an ACL.
Before configuring the access control rights, you must create an ACL. For
instructions on how to create an ACL, see ACL Configuration in the S300,
S500, S2700, S5700, and S6700 V200R024C00 Configuration Guide - Security.
2. Run the snmp-agent acl { acl-number | acl-name }, snmp-agent acl-ipv4
{ acl-number | acl-name } [ acl-ipv6 { acl-number | acl-name } ], or snmp-
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 45
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
agent acl-ipv6 { acl-number | acl-name } command to configure an ACL for
SNMP.
Step 3 Configure an ACL for an SNMP user group to allow only the NMS matching the
ACL to access the managed device.
For instructions on how to create an ACL, see ACL Configuration in the S300, S500,
S2700, S5700, and S6700 V200R024C00 Configuration Guide - Security.
Step 4 Run snmp-agent mib-view { excluded | included } view-name oid-tree
A MIB view is created, and manageable MIB objects are specified.
By default, an NMS has no right to access the objects.
You can run this command multiple times. If it is run multiple times and the
values of view-name and oid-tree are the same each time, the new configuration
overwrites the original configuration. In contrast, if the values of view-name and
oid-tree are different, the new and original configurations both take effect. The
system can store a maximum of 256 MIB views, including four default views.
If both the included and excluded parameters are configured for MIB objects that
have an inclusion relationship, whether the lowest MIB object is included or
excluded depends on the parameter configured for it. For example, the snmpV2,
snmpModules, and snmpUsmMIB objects have a top-down inclusion relationship
in the MIB tree. If the excluded parameter is configured for snmpUsmMIB objects
and included is configured for snmpV2, snmpUsmMIB objects will still be
excluded.
Step 5 Run snmp-agent group v3 group-name { authentication | privacy |
noauthentication } [ read-view read-view | write-view write-view | notify-view
notify-view ]* [ acl { acl-number | acl-name } ], snmp-agent group v3 group-
name { authentication | privacy | noauthentication } [ read-view read-view |
write-view write-view | notify-view notify-view ]* acl-ipv4 { acl-number | acl-
name } [ acl-ipv6 { acl-number | acl-name } ] or snmp-agent group v3 group-
name { authentication | privacy | noauthentication } [ read-view read-view |
write-view write-view | notify-view notify-view ]* acl-ipv6 { acl-number | acl-
name }
The write-read right is configured for a user group.
By default, the read-only view of an SNMP user group is the ViewDefault view,
and the names of the read-write view and inform view are not specified.
To configure the NMS to receive traps specified by notify-view, you must first
configure a target host for receiving traps.
Step 6 Configure a basic ACL or an advanced ACL for an SNMP user to allow only the
NMS matching the ACL to access the managed device.
For instructions on how to create an ACL, see ACL Configuration in the S300, S500,
S2700, S5700, and S6700 V200R024C00 Configuration Guide - Security.
Step 7 Run snmp-agent [ remote-engineid engineid ] usm-user v3 user-name [ group
group-name | acl { acl-number | acl-name } ] *, snmp-agent [ remote-engineid
engineid ] usm-user v3 user-name group group-name acl-ipv4 { acl-number |
acl-name } [ acl-ipv6 { acl-number | acl-name } ] or snmp-agent [ remote-
engineid engineid ] usm-user v3 user-name group group-name acl-ipv6 { acl-
number | acl-name }
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 46
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Authentication and encryption are configured for SNMPv3 users in the specified
user group.
● To allow all NMSs using the same SNMPv3 user name to access the agent, do
not specify the acl parameter.
● To allow only the specified NMSs using this user name to access the agent,
configure the acl parameter.
----End
Follow-up Procedure
If the NMS allowed to access the managed device changed its IP address for some
reasons, for example, there is a location change or IP address reallocation, change
the IP address in the ACL rule accordingly; otherwise, the NMS cannot access the
managed device.
1.9.3 (Optional) Configuring the Trap/Inform Function
Context
You can enable the device to send traps of a specified type to the NMS, which
facilitates fault location. You can also specify trap parameters to improve the
reliability of trap transmission.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Enable the trap function.
Enable the trap function for a module:
● To enable the trap function of all modules, run the snmp-agent trap enable
command.
● To enable the trap function of a specified module, run the snmp-agent trap
enable feature-name feature-name [ trap-name trap-name ] command.
● To restore the trap functions of all modules to the default status, run the
undo snmp-agent trap enable or undo snmp-agent trap disable command.
● To delete all trap functions in a batch, run the clear configuration snmp-
agent trap enable command.
Enable the trap function for an interface:
Run the snmp-agent trap enable feature-name ifnet trap-name { linkdown |
linkup } command to enable the interface status trap function globally.
By default, the trap function is disabled on all interfaces. When the linkdown and
linkup parameters are configured for ifnet module, the device sends a trap to the
NMS upon an interface status change. If the interface status frequently changes,
the interface frequently sends traps to the NMS, subjecting the NMS to a heavy
load. To combat this problem, disable the interface status trap function on the
interface. The procedure is as follows:
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 47
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
1. Run the interface interface-type interface-number command to enter the
interface view.
2. Run the undo enable snmp trap updown command to disable the interface
status trap function.
3. Run the quit command to return to the system view.
Step 3 Run snmp-agent trap type { base-trap | entity-trap }
The trap format is set.
By default, the device sends BASETRAP traps.
Step 4 Run snmp-agent notify-filter-profile { excluded | included } profile-name oid-
tree
A trap filtering rule is created or updated.
By default, traps are not filtered.
Step 5 Set trap parameters based on the configuration of basic SNMP functions.
Set trap parameters:
1. Run the snmp-agent trap source interface-type interface-number command
to specify the source interface that sends traps.
After the source interface is specified, the IP address of the source interface is
used as the source IP address for sending traps. To ensure device security, it is
recommended that you set the address of the local loopback interface as the
source interface address.
The source interface in traps sent by the switch must be the same as the
source interface specified on the NMS. Otherwise, the NMS cannot receive
traps.
2. Run the snmp-agent trap source-port port-number command to specify the
source interface that sends traps.
If you configure a fixed source interface, firewalls on user networks can filter
packets based on this source interface. Therefore, a fixed source interface
improves network security.
3. Run the snmp-agent trap queue-size size command to set the queue length
of traps sent to the target host.
The default queue length of traps sent to the target host is 1000.
Set the queue length according to the number of generated traps. For
example, if the switch frequently sends traps to the NMS, set a longer queue
length to prevent traps from being lost.
4. Run the snmp-agent trap life seconds command to set the lifetime of traps.
The default lifetime of traps is 300 seconds.
Set the lifetime of each trap according to the number of generated traps. For
example, if the switch frequently sends traps to the NMS, set a longer lifetime
to prevent traps from being lost.
5. Run the snmp-agent trap start-trap resend disable command to disable the
function of resending device cold-start or warm-start traps.
By default, the function of resending device cold-start or warm-start traps is
enabled.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 48
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Set inform parameters:
1. Run the snmp-agent inform { timeout seconds | resend-times times |
pending number }* command to set global inform parameters.
The parameters include the timeout period for waiting for ACK messages,
number of times to retransmit informs, and maximum number of informs to
be confirmed in the inform buffer.
When setting the timeout period on a network that is unstable, specify the
number of inform retransmissions and maximum number of informs to be
acknowledged. By default, this timeout period is 15 seconds. The default
number of inform retransmissions and the maximum number of informs
waiting to be acknowledged are 3 and 39, respectively.
2. Run the snmp-agent inform { timeout seconds | resend-times times } *
address udp-domain ip-address [ vpn-instance vpn-instance-name ] params
securityname { security-name | cipher security-name } command to set the
timeout period for waiting for inform ACK messages from a specified NMS
and the number of inform retransmissions.
If the network is unstable, you need to specify the number of inform
retransmissions when you set a timeout period for waiting for inform ACK
messages. By default, the timeout period for waiting for inform ACK messages
is 15 seconds, and the number of inform retransmissions is 3.
3. Run the snmp-agent notification-log enable command to enable the inform
log function.
If the NMS and managed device cannot communicate because of a link
failure, the managed device no longer sends informs but keeps recording
inform logs. When the link recovers, the target host synchronizes the recorded
inform logs from the managed device.
After the inform log function is enabled, the device records informs it sends.
Traps sent by the device are not recorded.
By default, the trap log function is disabled.
4. Run the snmp-agent notification-log { global-ageout ageout | global-limit
limit }* command to set the aging time of trap logs and the maximum
number of trap logs in the log buffer.
By default, the aging time of trap logs is 24 hours. When the aging time
expires, the trap logs are automatically deleted.
By default, the log buffer can store a maximum of 500 trap logs. If the
number of trap logs to be stored exceeds 500, the NMS deletes trap logs from
the earliest one.
----End
1.9.4 (Optional) Configuring the Device to Send Heartbeat
Traps to the NMS
Context
When the NMS cannot actively obtain the status of the device, enable the device
to send heartbeat traps to the NMS, which periodically notifies the NMS of the
device's status.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 49
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run snmp-agent heartbeat enable
The device is enabled to send heartbeat traps to the NMS.
By default, the device does not send heartbeat traps to the NMS.
Step 3 Run snmp-agent heartbeat interval interval
The interval at which the device sends heartbeat traps to the NMS is set.
By default, the device sends heartbeat traps to the NMS at an interval of 60
seconds.
----End
1.9.5 (Optional) Enhancing Reliability of SNMP Packet
Transmission
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run snmp-agent packet max-size byte-count
The maximum size of an SNMP packet that the device can receive and send is set.
By default, the maximum size of an SNMP packet that the device can receive or
send is 12000 bytes.
After the maximum size is set, the device discards any SNMP packet that is larger
than the set size. Typically, the default value is recommended.
Step 3 Run snmp-agent packet-priority { snmp | trap } priority-level
The transmission level of SNMP packets is set.
The default transmission level of SNMP packets is 6.
Step 4 Run snmp-agent protocol server message queue message-queue
The size of a packet queue that can be received by an SNMP agent is set.
By default, the packet queue that can be received by an SNMP agent contains 30
packets.
----End
1.9.6 (Optional) Enabling the SNMP Extended Error Code
Function
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 50
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Context
If both the NMS and managed device are Huawei products, enabling this function
extends error codes and defines more scenarios. This enables users to locate and
troubleshoot faults quickly and accurately.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run snmp-agent extend error-code enable
The extended error code function is enabled.
By default, SNMP sends only standard error codes. More error codes will be sent
to the NMS after the extended error code function is enabled.
----End
1.9.7 (Optional) Enabling the SNMP Blacklist Function
Context
After the SNMP blacklist function is enabled, if an SNMP user fails to connect to
the device, the IP address used by the user is recorded in the SNMP blacklist on
the device; that is, the IP address is locked. Within the locking period, the SNMP
user cannot connect to the device.
If the connection fails to be established several times in succession, the device
locks the IP address for 8 seconds on the first attempt, 16 seconds on the second
attempt, and 32 seconds on the third attempt. Any subsequent failed attempts
result in the IP address being locked for 5 minutes. When the locking period
arrives, the IP address is automatically unlocked.
After the SNMP blacklist function is disabled, the IP addresses of SNMP users who
fail to connect to the device are not locked. The device is vulnerable to attacks and
cracking by unauthorized users, affecting device security. Therefore, you are
advised to enable the IP blacklist function.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run undo snmp-agent blacklist ip-block disable
The SNMP blacklist function is enabled.
By default, the SNMP blacklist function is enabled.
----End
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 51
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
1.9.8 Verifying the Basic SNMPv3 Function Configuration
Prerequisites
The configurations of basic SNMPv3 functions are complete.
Procedure
● Run the display snmp-agent usm-user [ engineid engineid | group group-
name | username user-name ] * command to check user information.
● Run the display snmp-agent sys-info version command to check the
enabled SNMP version.
● Run the display acl acl-number command to check ACL rules.
● Run the display snmp-agent mib-view command to check MIB views.
● Run the display snmp-agent sys-info contact command to check the
administrator's contact information.
● Run the display snmp-agent sys-info location command to check the
location of the switch.
● Run the display current-configuration | include max-size command to
check the maximum size of an SNMP packet.
● Run the display current-configuration | include trap command to check trap
configuration.
● Run the display snmp-agent trap all command to check current and default
status of all traps of all features.
● Run the display snmp-agent target-host command to check information
about the target host.
● Run the display snmp-agent inform [ address udp-domain ip-address
[ vpn-instance vpn-instance-name ] params securityname { security-name |
cipher security-name } ] command to check configurations of all or specified
target hosts that send informs.
● Run the display snmp-agent extend error-code status command to check
whether the function that the device sends extended error codes to the NMS
is enabled.
----End
1.10 Configuring Bulk Statistics Collection
Context
Frequent access of an NMS to a managed device degrades performance of the
device. The bulk statistics collection function enables a managed device to
periodically send statistics to an NMS through FTP or TFTP.
Pre-configuration Tasks
Before configuring bulk statistics collection, configure a routing protocol to ensure
reachable routes between the switch and NMS.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 52
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Configuration Procedure
Among the following configuration tasks, the task of configuring basic functions
for bulk statistics collection is mandatory, and the other tasks are optional and can
be performed in any sequence.
1.10.1 Configuring Basic Functions for Bulk Statistics
Collection
Context
An NMS sends SNMP request messages one by one in polling mode to obtain
information from a device, and the device sends response messages one by one.
As a result, a large number of messages are exchanged between the NMS and
device. These messages consume high bandwidth and many system resources on
the device. The bulk statistics collection function of the switch enables the NMS to
obtain device information more efficiently. This function uses MIB interfaces to
obtain device information, as defined in SNMP.
To enable the NMS to monitor an object on a device, associate the SNMP agent
with the corresponding MIB object on the device. Then the device uses the MIB
interface to periodically collect statistics about the specified object. The statistics
collection interval can be set to 5 minutes, 10 minutes, 15 minutes, or 30 minutes.
The default statistics collection interval is 5 minutes. After collecting statistics
about the object within the collection interval, the device compresses the collected
data and sends the data to the NMS through FTP or TFTP.
Statistics objects can be added to the device dynamically. You can configure new
statistics objects when the device is collecting statistics about an object. The
device starts to collect statistics about another object when it finishes collecting
statistics about the current object.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run bulk-stat enable
The bulk statistics collection function is enabled.
Step 3 Run bulk-file file-name
A bulk file is created and the bulk file view is displayed.
Step 4 Run object oid class { single | column [ start-index start-index ] [ instance-
number instance-number ] }
A statistic object is added to the bulk file.
Step 5 (Optional) Run collect interval interval
The statistics collection interval is set for the bulk file.
By default, the statistics collection interval is 5 minutes.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 53
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Step 6 (Optional) Run transfer interval interval
The upload interval of the statistics is set for the bulk file.
By default, the upload interval is 5 minutes.
Step 7 Run transfer { primary | secondary } protocol { tftp | { { ftp | sftp } username
user-name password password } } { host host-name } [ path destination-path ]
The upload mode is set for the bulk file.
Step 8 Run collect enable
The bulk file is enabled.
----End
1.10.2 (Optional) Configuring Upload Reliability for a Bulk
File
Context
To ensure reliable file uploading, the system provides a retransmission mechanism.
When a file upload fails, the system retransmits the file for the specified number
of times. If the file still fails to be uploaded, the system discards statistics data in
the file. When the network quality is low, run the transfer remain-time command
to increase the upload holding time to improve reliability of file uploading.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run bulk-file file-name
A bulk file is created and the bulk file view is displayed.
Step 3 Run transfer retry retry-times
The maximum number of retransmissions is set for the bulk file.
By default, the maximum number of retransmissions for a bulk file is 5.
Step 4 Run transfer remain-time remain-time
The upload holding time is set for the bulk file.
By default, the upload holding time is 5 minutes.
To ensure that only one copy of a bulk file is uploaded to the server, set remain-
time to be less than or equal to the file upload interval.
----End
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 54
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
1.10.3 (Optional) Configuring the Trap Function for Bulk
Statistics Collection
Context
To monitor the use of the bulk statistics collection function, enable all traps of the
bulk statistics collection module or enable the trap of a specified event by
specifying the trap-name parameter according to your own needs.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run snmp-agent trap enable feature-name bulkstat [ trap-name
{ hwbulkstatcollectincomplete | hwbulkstatcollectresume |
hwbulkstattransferfilediscard | hwbulkstaturlconnectionfail |
hwbulkstaturlconnectionresume } ]
Traps are enabled for the bulk statistics collection module.
By default, all traps of the bulk statistics collection module are disabled.
If the trap-name parameter is not specified in the command, all traps of the
batch statistics module are enabled.
----End
1.10.4 Verifying the Bulk Statistics Collection Configuration
Context
All configuration of the bulk statistics collection function is complete.
Procedure
● Run the display bulk-stat [ file-name ] command to check information about
a bulk file.
● Run the display snmp-agent trap feature-name bulkstat all command to
check the status of all traps of the bulk statistics collection module.
----End
1.11 Maintaining SNMP
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 55
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
1.11.1 Checking SNMP Packet Statistics
Procedure
● Run the display snmp-agent statistics command to check SNMP packet
statistics.
----End
1.11.2 Clearing Statistics About Operations Performed by the
NMS
Context
NOTICE
Operation statistics cannot be restored after they are cleared. Exercise caution
when running the reset snmp-agent statistics mib command.
This function is only supported by S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-
H, S6735-S, S6730-H, S6730S-H, S6730-S, and S6730S-S.
Procedure
● Run the reset snmp-agent statistics mib [ address ipv4-address | ipv6 ipv6-
address | vpn-instance vpn-instance-name address ipv4-address ] command
in the user view to clear operation statistics.
----End
1.11.3 Checking Statistics About Operations Performed by the
NMS
Context
This function is only supported by S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-
H, S6735-S, S6730-H, S6730S-H, S6730-S, and S6730S-S.
Procedure
● Run the display snmp-agent statistics mib [ [ vpn-instance vpn-instance-
name ] { address ipv4-address | ipv6 ipv6-address } ] command in any view
to check operation statistics.
To disable this function for some reasons, for example, high CPU usage
caused by collecting statistics about the NMS accessing MIB objects, run the
snmp-agent statistics mib disable command.
----End
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 56
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
1.12 Configuration Examples for SNMP
1.12.1 Example for Configuring a Switch to Communicate with
an NMS Through SNMPv1 (IPv4)
Networking Requirements
In the network shown in Figure 1-10, NMS1 and NMS2 manage devices on the
network. Because the network is small and secure, devices on the network use
SNMPv1 to communicate with the NMSs.
A new Switch is deployed on the network and needs to be managed by NMS2.
Users want to manage the Switch using existing network resources and hope that
faults on the Switch can be quickly identified and rectified. To meet service
requirements, NMS2 must manage all MIB objects on the Switch except RMON
objects.
Figure 1-10 The Switch communicates with NMS through SNMPv1
Configuration Roadmap
Because the network is small and secure, the new Switch can use SNMPv1 to
communicate with NMS2. To reduce loads on the NMSs, configure NMS2 to
manage the Switch and NMS1 not to manage the Switch.
The configuration roadmap is as follows:
1. Configure the SNMP version on the Switch to SNMPv1.
2. Configure the access right to enable NMS2 to manage all MIB objects on the
Switch except RMON objects.
3. Configure the trap host for the Switch to deliver traps generated on the
Switch to NMS2. To help quickly identify faults according to trap messages
and reduce useless traps, configure the Switch to send only the traps of the
modules enabled by default.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 57
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
4. Configure NMS2.
Procedure
Step 1 Configure an IP address for an interface of the Switch to provide a reachable route
between the NMS and the Switch.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 100
[Switch-vlan100] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface vlanif 100
[Switch-Vlanif100] ip address 10.1.2.1 24
[Switch-Vlanif100] quit
Step 2 Configure the interface that can receive and respond to NMS request packets on
the Switch.
[Switch] snmp-agent protocol source-interface vlanif 100
Step 3 Set the SNMP version on the Switch to SNMPv1.
[Switch] snmp-agent sys-info version v1
Step 4 Configure the access rights.
# Configure an ACL that allows NMS2 to manage the Switch and prevents NMS1
from managing the Switch.
[Switch] acl 2001
[Switch-acl-basic-2001] rule 5 permit source 10.1.1.2 0.0.0.0
[Switch-acl-basic-2001] rule 6 deny source 10.1.1.1 0.0.0.0
[Switch-acl-basic-2001] quit
# Configure the MIB view to allow NMS2 to manage all MIB objects on the Switch
except RMON objects.
[Switch] snmp-agent mib-view excluded allextrmon 1.3.6.1.2.1.16
[Switch] snmp-agent mib-view included allextrmon iso
# Configure a community name and reference the ACL and MIB view for the
community.
[Switch] snmp-agent community write adminnms2 mib-view allextrmon acl 2001
Step 5 Configure the trap host.
[Switch] snmp-agent target-host trap address udp-domain 10.1.1.2 params securityname adminnms2
Step 6 Configure NMS2.
cONFIGURE......If only the write community name is configured on the device, the
read and write community names on the NMS must be the same as the write
community name configured on the device.
NOTE
The authentication parameter configuration on the NMS must be the same as that on the
Switch. Otherwise, the NMS cannot manage the Switch.
Step 7 Verify the configuration.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 58
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
After completing the configuration, run the following commands to verify that the
configurations have taken effect.
# View the SNMP version.
[Switch] display snmp-agent sys-info version
SNMP version running in the system:
Polling: SNMPv1:enable, SNMPv2c:disable,
SNMPv3:disable
Trap : SNMPv1:enable, SNMPv2c:disable,
SNMPv3:disable
# View the configuration of the target host used to receive traps.
[Switch] display snmp-agent target-host
Target-host NO. 1
-----------------------------------------------------------
IP-address : 10.1.1.2
Domain :-
Source interface : -
VPN instance : -
Security name : %^%#uq/!YZfvW4*vf[~C|.:Cl}UqS(vXd#wwqR~5M(rU%%^%#
Port : 162
Type : trap
Version : v1
Level : No authentication and privacy
NMS type : NMS
With ext-vb : No
-----------------------------------------------------------
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 100
#
acl number 2001
rule 5 permit source 10.1.1.2 0
rule 6 deny source 10.1.1.1 0
#
interface Vlanif100
ip address 10.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
snmp-agent
snmp-agent local-engineid 800007DB03360102101100
snmp-agent community write cipher %^%#.T|&Whvyf$<Gd"I,wXi5SP_6~Nakk6<<+3H:N-h@aJ6d,l0md
%HCeAY8~>X=>xV\JKNAL=124r839v<*%^%# mib-view allextrmon acl 2001
snmp-agent sys-info version v1 v3
snmp-agent target-host trap address udp-domain 10.1.1.2 params securityname cipher %^%#uq/!
YZfvW4*vf[~C|.:Cl}UqS(vXd#wwqR~5M(rU%%^%#
snmp-agent mib-view excluded allextrmon rmon
snmp-agent mib-view included allextrmon iso
snmp-agent protocol source-interface Vlanif100
#
return
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 59
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
1.12.2 Example for Configuring a Switch to Communicate with
an NMS Through SNMPv2c (IPv4)
Networking Requirements
In the network shown in Figure 1-11, NMS1 and NMS2 manage devices on the
network. The network is large and secure but the service traffic volume on the
network is high. Therefore, devices on the network use SNMPv2c to communicate
with the NMSs. A new switch is deployed on the network and needs to be
managed by NMS2.
Users want to manage the switch using existing network resources and hope that
faults on the switch can be quickly identified and rectified. To meet service
requirements, NMS2 must manage all MIB objects on the switch except RMON
objects.
Figure 1-11 The switch communicates with NMS through SNMPv2c
Configuration Roadmap
Because the network is large and secure but the service traffic volume on the
network is high, the new switch uses SNMPv2c. To reduce loads on the NMSs,
configure NMS2 to manage the switch and NMS1 not to manage the switch.
The configuration roadmap is as follows:
1. Configure the SNMP version on the switch to SNMPv2c.
2. Configure the access right to enable NMS2 to manage all MIB objects on the
switch except RMON objects.
3. Configure the inform host for the switch to deliver traps generated on the
switch to NMS2. To help quickly identify faults according to trap messages
and reduce useless traps, configure the switch to send only the traps of the
modules enabled by default.
4. Configure NMS2.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 60
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Procedure
Step 1 Configure an IP address for an interface of the switch to provide a reachable route
between the NMS and the Switch.
# Configure an IP address for an interface of the switch according to Figure 1-11.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 100
[Switch-vlan100] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface vlanif 100
[Switch-Vlanif100] ip address 10.1.2.1 24
[Switch-Vlanif100] quit
Step 2 Configure the interface that can receive and respond to NMS request packets on
the Switch.
[Switch] snmp-agent protocol source-interface vlanif 100
Step 3 Set the SNMP version on the switch to SNMPv2c.
[Switch] snmp-agent sys-info version v2c
Step 4 Configure the access rights.
# Configure an ACL that allows NMS2 to manage the switch and prevents NMS1
from managing the switch.
[Switch] acl 2001
[Switch-acl-basic-2001] rule 5 permit source 10.1.1.2 0.0.0.0
[Switch-acl-basic-2001] rule 6 deny source 10.1.1.1 0.0.0.0
[Switch-acl-basic-2001] quit
# Configure the MIB view to allow NMS2 to manage all MIB objects on the switch
except RMON objects.
[Switch] snmp-agent mib-view excluded allextrmon 1.3.6.1.2.1.16
[Switch] snmp-agent mib-view included allextrmon iso
# Configure a community name and reference the ACL and MIB view for the
community.
[Switch] snmp-agent community write adminnms2 mib-view allextrmon acl 2001
Step 5 Configure the inform host.
[Switch] snmp-agent target-host inform address udp-domain 10.1.1.2 params securityname
adminnms2 v2c
[Switch] snmp-agent inform timeout 5 resend-times 6 pending 7
Step 6 Configure NMS2.
You must set a read-write community name for an NMS running SNMPv2c. For
details about the NMS configuration, see the manual of the NMS.
NOTE
The authentication parameter configuration on the NMS must be the same as that on the
switch. Otherwise, the NMS cannot manage the switch. If only the write community name
is configured on the device, the read and write community names on the NMS must be the
same as the write community name configured on the device.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 61
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Step 7 Verify the configuration.
After completing the configuration, run the following commands to verify that the
configurations have taken effect.
# View the SNMP version.
[Switch] display snmp-agent sys-info version
SNMP version running in the system:
Polling: SNMPv1:disable, SNMPv2c:enable,
SNMPv3:disable
Trap : SNMPv1:disable, SNMPv2c:enable,
SNMPv3:disable
# View the configuration of the target host used to receive traps.
[Switch] display snmp-agent target-host
Target-host NO. 1
-----------------------------------------------------------
IP-address : 10.1.1.2
Domain :-
Source interface : -
VPN instance : -
Security name : %^%#uq/!YZfvW4*vf[~C|.:Cl}UqS(vXd#wwqR~5M(rU%%^%#
Port : 162
Type : inform
Version : v2c
Level : No authentication and privacy
NMS type : NMS
With ext-vb : No
-----------------------------------------------------------
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 100
#
acl number 2001
rule 5 permit source 10.1.1.2 0
rule 6 deny source 10.1.1.1 0
#
interface Vlanif100
ip address 10.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
snmp-agent
snmp-agent local-engineid 800007DB03360102101100
snmp-agent community write cipher %^%#.T|&Whvyf$<Gd"I,wXi5SP_6~Nakk6<<+3H:N-h@aJ6d,l0md
%HCeAY8~>X=>xV\JKNAL=124r839v<*%^%# mib-view allextrmon acl 2001
snmp-agent sys-info version v2c v3
snmp-agent target-host inform address udp-domain 10.1.1.2 params securityname cipher %^%#uq/!
YZfvW4*vf[~C|.:Cl}UqS(vXd#wwqR~5M(rU%%^%# v2c
snmp-agent mib-view excluded allextrmon rmon
snmp-agent mib-view included allextrmon iso
snmp-agent inform timeout 5
snmp-agent inform resend-times 6
snmp-agent inform pending 7
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 62
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
snmp-agent protocol source-interface Vlanif100
#
return
1.12.3 Example for Configuring a Switch to Communicate with
an NMS Through SNMPv3 (IPv4)
Networking Requirements
In the network shown in Figure 1-12, NMS1 and NMS2 manage devices on the
network. The network is large and insecure. Therefore, devices on the network use
SNMPv3 to communicate with the NMSs, and authentication and encryption are
configured to enhance security. A new switch is deployed on the network and
needs to be managed by NMS2.
Users want to manage the switch using existing network resources and hope that
faults on the switch can be quickly identified and rectified.
Figure 1-12 The switch communicates with NMS through SNMPv3
Configuration Roadmap
Because the network is large and insecure, the new switch still uses SNMPv3. To
reduce loads on the NMSs, configure NMS2 to manage the switch and NMS1 not
to manage the switch.
The configuration roadmap is as follows:
1. Configure the SNMP version on the switch to SNMPv3.
2. Configure the access right to enable NMS2 to manage ISO objects on the
switch.
3. Configure the trap host for the switch to deliver traps generated on the switch
to NMS2. To help quickly identify faults according to trap messages and
reduce useless traps, configure the switch to send only the traps of the
modules enabled by default.
4. Configure administrator contact information on the switch so that users can
contact the administrator quickly when a fault occurs on the switch.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 63
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
5. Configure NMS2.
Procedure
Step 1 Configure an IP address for an interface of the switch to provide a reachable route
between the NMS and the Switch.
# Configure an IP address for an interface of the switch according to Figure 1-12.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 100
[Switch-vlan100] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface vlanif 100
[Switch-Vlanif100] ip address 10.1.2.1 24
[Switch-Vlanif100] quit
Step 2 Configure the interface that can receive and respond to NMS request packets on
the Switch.
[Switch] snmp-agent protocol source-interface vlanif 100
Step 3 Set the SNMP version on the switch to SNMPv3.
[Switch] snmp-agent sys-info version v3
Step 4 Configure the access rights.
# Configure an ACL that allows NMS2 to manage the switch and prevents NMS1
from managing the switch.
[Switch] acl 2001
[Switch-acl-basic-2001] rule 5 permit source 10.1.1.2 0.0.0.0
[Switch-acl-basic-2001] rule 6 deny source 10.1.1.1 0.0.0.0
[Switch-acl-basic-2001] quit
# Configure the MIB view.
[Switch] snmp-agent mib-view included isoview iso
# Configure the user group.
[Switch] snmp-agent group v3 admin privacy read-view isoview write-view isoview notify-view
isoview acl 2001
# Configure the user.
[Switch] snmp-agent usm-user v3 nms2-admin group admin
# Configure user packets authentication and set the authentication password to
Authe@1234.
[Switch] snmp-agent usm-user v3 nms2-admin authentication-mode sha2-256
Please configure the authentication password (8-64)
Enter Password: //Enter the authentication password. It is Authe@1234 in this
example.
Confirm Password: //Confirm the password. It is Authe@1234 in this example.
# Configure user packets encryption and set the encryption password to
Priva@1234.
[Switch] snmp-agent usm-user v3 nms2-admin privacy-mode aes128
Please configure the privacy password (8-64)
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 64
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Enter Password: //Enter the encryption password. It is Priva@1234 in this
example.
Confirm Password: //Confirm the password. It is Priva@1234 in this example.
Step 5 Configure the trap host.
[Switch] snmp-agent target-host trap address udp-domain 10.1.1.2 params securityname nms2-admin
v3 privacy
Step 6 Configure the administrator contact information.
[Switch] snmp-agent sys-info contact call Operator at 010-12345678
Step 7 Configure NMS2.
On an NMS running SNMPv3, you must set a user name and select a security
level. Then set the authentication mode, authentication password, encryption
mode, and encryption password according to the security level you select. For
details about the NMS configuration, see the manual of the NMS.
NOTE
The authentication parameter configuration on the NMS must be the same as that on the
switch. Otherwise, the NMS cannot manage the switch.
Step 8 Verify the configuration.
After completing the configuration, run the following commands to verify that the
configurations have taken effect.
# View the SNMP version.
[Switch] display snmp-agent sys-info version
SNMP version running in the system:
Polling: SNMPv1:disable, SNMPv2c:disable,
SNMPv3:enable
Trap : SNMPv1:disable, SNMPv2c:disable,
SNMPv3:enable
# View user group information.
[Switch] display snmp-agent group admin
Group name: admin
Security model: v3 AuthPriv
Readview: ViewDefault
Writeview: isoview
Notifyview :<no specified>
Storage-type: nonVolatile
Acl:2001
# View the MIB view.
[Switch] display snmp-agent mib-view viewname isoview
View name:isoview
MIB Subtree:iso
Subtree mask:FC(Hex)
Storage-type: nonVolatile
View Type:included
View status:active
# View the configuration of the target host used to receive traps.
[Switch] display snmp-agent target-host
Target-host NO. 1
-----------------------------------------------------------
IP-address : 10.1.1.2
Domain :-
Source interface : -
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 65
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
VPN instance : -
Security name : nms2-admin
Port : 162
Type : trap
Version : v3
Level : Privacy
NMS type : NMS
With ext-vb : No
-----------------------------------------------------------
# View the administrator contact information.
[Switch] display snmp-agent sys-info contact
The contact person for this managed node:
call Operator at 010-12345678
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 100
#
acl number 2001
rule 5 permit source 10.1.1.2 0
rule 6 deny source 10.1.1.1 0
#
interface Vlanif100
ip address 10.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
snmp-agent
snmp-agent local-engineid 800007DB0300259E0370C3
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v3
snmp-agent group v3 admin privacy read-view isoview write-view isoview notify-view isoview acl 2001
snmp-agent target-host trap address udp-domain 10.1.1.2 params securityname nms2-admin v3 privacy
snmp-agent mib-view included isoview iso
snmp-agent usm-user v3 nms2-admin
snmp-agent usm-user v3 nms2-admin group admin
snmp-agent usm-user v3 nms2-admin authentication-mode sha2-256 cipher %^%#odaJ7R)/O7k
$pwQx0qfD0\`u*'GI1(|;ZQXHtzrN%^%#
snmp-agent usm-user v3 nms2-admin privacy-mode aes128 cipher %^%#f*K3/|
E6d"SJes9)5naXPIqCTpR"}BUC=yW;!(f9%^%#
snmp-agent protocol source-interface Vlanif100
#
return
1.12.4 Example for Configuring the Bulk Statistics Collection
Function (IPv4)
Networking Requirements
In the network shown in Figure 1-13, the switch is managed by an NMS. The
switch uses SNMPv3 to communicate with the NMS, and data exchanged with the
NMS is authenticated and encrypted to enhance security. The NMS sends SNMP
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 66
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
request messages one by one in polling mode to obtain information from the
switch, and the switch sends response messages one by one. As a result, a large
number of messages are exchanged between the NMS and switch. These
messages consume high bandwidth and many system resources on the switch.
Users want network devices to periodically send data of specified statistics objects
to the NMS, using FTP as the primary transfer mode and TFTP as the secondary
transfer mode.
Figure 1-13 Bulk statistics collection
Configuration Roadmap
To meet the preceding requirements, configure basic bulk statistics collection
functions to enable the switch to periodically collect data of specified statistics
objects, add collected data to a bulk file, and upload the file to the NMS through
FTP or TFTP. Then configure upload attributes of the bulk file, including the
upload interval, upload holding time, and maximum number of retransmissions.
The configuration roadmap is as follows:
1. Enable bulk statistics collection on the switch.
2. Create a bulk file and set attributes for it, including the statistics collection
interval, upload interval, upload holding time, and primary upload URL.
3. Configure statistics objects for the bulk file.
4. Enable the bulk file.
Procedure
Step 1 Enable bulk statistics collection on the switch.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] bulk-stat enable
Step 2 Create a bulk file and set attributes for it, including the statistics collection
interval, upload interval, upload holding time, and primary upload URL. In the FTP
mode, the FTP user name, password, and IP address of the FTP server need to be
configured.
# Create a bulk file named file1, and set the statistics collection interval, upload
interval, and upload holding time to 10 minutes. Set FTP as the primary transfer
mode and TFTP as the secondary transfer mode and specify the upload URL.
[Switch] bulk-file file1
[Switch-bulk-file-file1] transfer interval 10
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 67
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
[Switch-bulk-file-file1] collect interval 10
[Switch-bulk-file-file1] transfer remain-time 10
[Switch-bulk-file-file1] transfer primary protocol ftp username user password pwd host 10.1.1.1
[Switch-bulk-file-file1] transfer secondary protocol tftp host 10.1.1.1 path folder/bulkstat2
Step 3 Configure statistics objects for the bulk file.
# Create a statistics object of the single type.
[Switch-bulk-file-file1] object 1.3.6.1.2.1.2.1.0 class single
# Create a statistics object of the column type.
[Switch-bulk-file-file1] object 1.3.6.1.2.1.2.2.1.4 class column
Step 4 Enable the bulk file.
[Switch-bulk-file-file1] collect enable
[Switch-bulk-file-file1] quit
Step 5 Verify the configuration.
NOTE
Before verifying the configuration, ensure that the FTP and TFTP services have been enabled on
the server.
After the configuration is complete, run the display bulk-stat command to view
information about the bulk statistics collection module. Run the display bulk-stat
file-name command to view detailed information about the bulk file.
# View detailed information about the bulk file file1.
[Switch] display bulk-stat file1
bulk file file1:
----------------------------------
storage: ephemeral
format: bulkASCII
collect interval: 10 min
transfer interval: 10 min
primary transfer URL: ftp://[email protected]
secondary transfer URL: tftp://10.1.1.1/folder/bulkstat2
transfer retry times: 5
file remain time: 10 min
status: ready
last transfer success time: NULL
last transfer fail time: NULL
total object number: 2
----------------------------------
index: 1
class: single
OID: 1.3.6.1.2.1.2.1.0
start index: NULL
instance number: NULL
----------------------------------
index: 2
class: column
OID: 1.3.6.1.2.1.2.2.1.4
start index: 0
instance number: 0
----------------------------------
The generated statistics files are displayed in the specified path on the server. In
this example, a statistics file is generated every 10 minutes.
----End
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 68
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Configuration Files
Switch configuration file
#
sysname Switch
#
bulk-stat enable
#
bulk-file file1
collect interval 10
transfer interval 10
transfer remain-time 10
transfer primary protocol ftp username user password %^%#'Yi'VM345=n5\LQ1G%
\IQ'O6GM"WU:YI#uVCL[$D%^%# host 10.1.1.1
transfer secondary protocol tftp host 10.1.1.1 path folder/bulkstat2
collect enable
object 1.3.6.1.2.1.2.1.0 class single
object 1.3.6.1.2.1.2.2.1.4 class column
#
return
1.12.5 Example for Configuring a Switch to Communicate with
an NMS Through SNMPv1 (IPv6)
Networking Requirements
On the campus network shown in Figure 1-14, an NMS is used to monitor the
Switch. As the network is small and secure, it is planned that the Switch uses
SNMPv1 to communicate with the NMS through an IPv6 address, and the NMS
can manage objects except RMON objects on the Switch.
Figure 1-14 Networking diagram for configuring the Switch to communicate with
an NMS through SNMPv1
Configuration Roadmap
The configuration roadmap is as follows:
1. Set the SNMP version to SNMPv1 on the Switch.
2. Configure access rights to enable the NMS to manage objects except RMON
objects on the Switch.
3. Configure the NMS as the target host for receiving the traps generated by the
Switch. To quickly identify faults based on traps and reduce unwanted traps,
allow the Switch to send only the traps of the modules that are enabled by
default.
4. Configure the NMS.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 69
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Procedure
Step 1 Configure an IP address for an interface on the Switch.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] ipv6
[Switch] vlan 100
[Switch-vlan100] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface vlanif 100
[Switch-Vlanif100] ipv6 enable
[Switch-Vlanif100] ipv6 address 2001::1/64
[Switch-Vlanif100] quit
Step 2 Configure an interface on the Switch for receiving and responding to the request
messages sent by the NMS.
[Switch] snmp-agent protocol source-interface vlanif 100
Step 3 Set the SNMP version to SNMPv1 on the Switch.
[Switch] snmp-agent sys-info version v1
Step 4 Configure access rights.
# Configure an ACL to allow the NMS to manage the Switch.
[Switch] acl ipv6 number 2001
[Switch-acl6-basic-2001] rule 5 permit source 2001::/64
[Switch-acl6-basic-2001] quit
# Configure a MIB view to allow the NMS to manage objects except RMON
objects on the Switch.
[Switch] snmp-agent mib-view excluded allextrmon 1.3.6.1.2.1.16
[Switch] snmp-agent mib-view included allextrmon iso
# Configure a community name, and reference the configured ACL and MIB view.
[Switch] snmp-agent community write adminnms2 mib-view allextrmon acl 2001
Step 5 Configure the target host for receiving traps
[Switch] snmp-agent target-host trap address udp-domain 2001::2 params securityname adminnms2
Step 6 Configure the NMS.
Configure a read-write community name for the NMS to communicate with the
Switch. If only a write community name is configured on the Switch, set the read-
write community name on the NMS to be the same as this write community
name.
NOTE
The authentication parameter settings on the NMS must be the same as those on the
Switch. Otherwise, the NMS cannot manage the Switch.
Step 7 Verify the configuration.
After the configuration is complete, check whether the configuration takes effect.
# Check the SNMP version.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 70
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
[Switch] display snmp-agent sys-info version
SNMP version running in the system:
Polling: SNMPv1:enable, SNMPv2c:disable,
SNMPv3:disable
Trap : SNMPv1:enable, SNMPv2c:disable,
SNMPv3:disable
# Check information about the target host that receives traps.
[Switch] display snmp-agent target-host
Target-host NO. 1
-----------------------------------------------------------
IP-address : 2001::2
Domain :-
Source interface : -
VPN instance : -
Security name : %^%#uq/!YZfvW4*vf[~C|.:Cl}UqS(vXd#wwqR~5M(rU%%^%#
Port : 162
Type : trap
Version : v1
Level : No authentication and privacy
NMS type : NMS
With ext-vb : No
-----------------------------------------------------------
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
ipv6
#
vlan batch 100
#
acl ipv6 number 2001
rule 5 permit source 2001::/64
#
interface Vlanif100
ipv6 enable
ipv6 address 2001::1/64
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
snmp-agent
snmp-agent local-engineid 800007DB03360102101100
snmp-agent community write cipher %^%#.T|&Whvyf$<Gd"I,wXi5SP_6~Nakk6<<+3H:N-h@aJ6d,l0md
%HCeAY8~>X=>xV\JKNAL=124r839v<*%^%# mib-view allextrmon acl 2001
snmp-agent sys-info version v1 v3
snmp-agent target-host trap address udp-domain 2001::2 params securityname cipher %^%#uq/!
YZfvW4*vf[~C|.:Cl}UqS(vXd#wwqR~5M(rU%%^%#
snmp-agent mib-view excluded allextrmon rmon
snmp-agent mib-view included allextrmon iso
snmp-agent protocol source-interface Vlanif100
#
return
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 71
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
1.12.6 Example for Configuring a Switch to Communicate with
an NMS Through SNMPv2c (IPv6)
Networking Requirements
On the campus network shown in Figure 1-15, an NMS is used to monitor the
Switch. The network is large and secure, and has a large volume of service traffic.
It is planned that the Switch uses SNMPv2c to communicate with the NMS
through an IPv6 address, and the NMS can manage objects except RMON objects
on the Switch.
Figure 1-15 Networking diagram for configuring the Switch to communicate with
an NMS through SNMPv2c
Configuration Roadmap
The configuration roadmap is as follows:
1. Set the SNMP version to SNMPv2c on the Switch.
2. Configure access rights to enable the NMS to manage objects except RMON
objects on the Switch.
3. Configure the NMS as the target host for receiving the Inform messages
generated by the Switch. To quickly identify faults based on traps and reduce
unwanted traps, allow the Switch to send only the traps of the modules that
are enabled by default.
4. Configure the NMS.
Procedure
Step 1 Configure an IP address for an interface on the Switch.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] ipv6
[Switch] vlan 100
[Switch-vlan100] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 100
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 72
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface vlanif 100
[Switch-Vlanif100] ipv6 enable
[Switch-Vlanif100] ipv6 address 2001::1/64
[Switch-Vlanif100] quit
Step 2 Configure the interface that can receive and respond to NMS request packets on
the Switch.
[Switch] snmp-agent protocol source-interface vlanif 100
Step 3 Set the SNMP version to SNMPv2c on the Switch.
[Switch] snmp-agent sys-info version v2c
Step 4 Configure access rights.
# Configure an ACL to allow the NMS to manage the Switch.
[Switch] acl ipv6 number 2001
[Switch-acl6-basic-2001] rule 5 permit source 2001::/64
[Switch-acl6-basic-2001] quit
# Configure a MIB view to allow the NMS to manage objects except RMON
objects on the Switch.
[Switch] snmp-agent mib-view excluded allextrmon 1.3.6.1.2.1.16
[Switch] snmp-agent mib-view included allextrmon iso
# Configure a community name, and reference the configured ACL and MIB view.
[Switch] snmp-agent community write adminnms2 mib-view allextrmon acl 2001
Step 5 Configure the target host for receiving Inform messages.
[Switch] snmp-agent target-host inform address udp-domain 2001::2 params securityname
adminnms2 v2c
[Switch] snmp-agent inform timeout 5 resend-times 6 pending 7
Step 6 Configure the NMS.
You need to set a read-write community name on the NMS running SNMPv2c. For
details about how to configure the NMS, see the corresponding NMS
configuration guide.
NOTE
The authentication parameter settings on the NMS must be the same as those on the
Switch. Otherwise, the NMS cannot manage the Switch. If only a write community name is
configured on the Switch, set the read-write community name on the NMS to be the same
as this write community name.
Step 7 Verify the configuration.
After the configuration is complete, check whether the configuration takes effect.
# Check the SNMP version.
[Switch] display snmp-agent sys-info version
SNMP version running in the system:
Polling: SNMPv1:disable, SNMPv2c:enable,
SNMPv3:disable
Trap : SNMPv1:disable, SNMPv2c:enable,
SNMPv3:disable
# Check information about the target host that receives Inform messages.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 73
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
[Switch] display snmp-agent target-host
Target-host NO. 1
-----------------------------------------------------------
IP-address : 2001::2
Domain :-
Source interface : -
VPN instance : -
Security name : %^%#uq/!YZfvW4*vf[~C|.:Cl}UqS(vXd#wwqR~5M(rU%%^%#
Port : 162
Type : inform
Version : v2c
Level : No authentication and privacy
NMS type : NMS
With ext-vb : No
-----------------------------------------------------------
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
ipv6
#
vlan batch 100
#
acl ipv6 number 2001
rule 5 permit source 2001::/64
#
interface Vlanif100
ipv6 enable
ipv6 address 2001::1/64
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
snmp-agent
snmp-agent local-engineid 800007DB03360102101100
snmp-agent community write cipher %^%#.T|&Whvyf$<Gd"I,wXi5SP_6~Nakk6<<+3H:N-h@aJ6d,l0md
%HCeAY8~>X=>xV\JKNAL=124r839v<*%^%# mib-view allextrmon acl 2001
snmp-agent sys-info version v2c v3
snmp-agent target-host inform address udp-domain 2001::2 params securityname cipher %^%#uq/!
YZfvW4*vf[~C|.:Cl}UqS(vXd#wwqR~5M(rU%%^%# v2c
snmp-agent mib-view excluded allextrmon rmon
snmp-agent mib-view included allextrmon iso
snmp-agent inform timeout 5
snmp-agent inform resend-times 6
snmp-agent inform pending 7
snmp-agent protocol source-interface Vlanif100
#
return
1.12.7 Example for Configuring a Switch to Communicate with
an NMS Through SNMPv3 (IPv6)
Networking Requirements
On the campus network shown in Figure 1-16, an NMS is used to monitor the
Switch. The network is large and has low security. Therefore, it is planned that the
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 74
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Switch uses SNMPv3 to communicate with the NMS through an IPv6 address, and
authentication and encryption are enabled to enhance security.
Figure 1-16 Networking diagram for configuring the Switch to communicate with
an NMS through SNMPv3
Configuration Roadmap
The configuration roadmap is as follows:
1. Set the SNMP version to SNMPv3 on the Switch.
2. Configure access rights to enable the NMS to manage ISO objects.
3. Configure the NMS as the target host for receiving the traps generated by the
Switch. To quickly identify faults based on traps and reduce unwanted traps,
allow the Switch to send only the traps of the modules that are enabled by
default.
4. Configure device administrator contact information of the Switch, so that
users can contact the device administrator quickly if the Switch fails.
5. Configure the NMS.
Procedure
Step 1 Configure an IP address for an interface on the Switch.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] ipv6
[Switch] vlan 100
[Switch-vlan100] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface vlanif 100
[Switch-Vlanif100] ipv6 enable
[Switch-Vlanif100] ipv6 address 2001::1/64
[Switch-Vlanif100] quit
Step 2 Configure the interface that can receive and respond to NMS request packets on
the Switch.
[Switch] snmp-agent protocol source-interface vlanif 100
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 75
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Step 3 Set the SNMP version to SNMPv3 on the Switch.
[Switch] snmp-agent sys-info version v3
Step 4 Configure access rights.
# Configure an ACL to allow the NMS to manage the Switch.
[Switch] acl ipv6 number 2001
[Switch-acl6-basic-2001] rule 5 permit source 2001::/64
[Switch-acl6-basic-2001] quit
# Configure a MIB view.
[Switch] snmp-agent mib-view included isoview iso
# Configure a user group.
[Switch] snmp-agent group v3 admin privacy read-view isoview write-view isoview notify-view
isoview acl 2001
# Configure a user.
[Switch] snmp-agent usm-user v3 nms2-admin group admin
# Configure authentication for user packets, with the authentication password set
to Authe@1234.
[Switch] snmp-agent usm-user v3 nms2-admin authentication-mode sha2-256
Please configure the authentication password (8-64)
Enter Password: //Enter an authentication password, which is Authe@1234 in this example.
Confirm Password: //Reenter the password.
# Configure encryption for user packets, with the encryption password set to
Priva@1234.
[Switch] snmp-agent usm-user v3 nms2-admin privacy-mode aes128
Please configure the privacy password (8-64)
Enter Password: //Enter the encryption password, which is Priva@1234 in this example.
Confirm Password: //Reenter the encryption password.
Step 5 Configure the target host for receiving traps.
[Switch] snmp-agent target-host trap address udp-domain 2001::2 params securityname nms2-admin
v3 privacy
Step 6 Configure contact information of the device administrator.
[Switch] snmp-agent sys-info contact call Operator at 010-12345678
Step 7 Configure the NMS.
Configure a user name and select a security level on the NMS running SNMPv3.
Then, set the authentication mode, authentication password, encryption mode,
and encryption password based on the security level you select. For details about
how to configure the NMS, see the corresponding NMS configuration guide.
NOTE
The authentication parameter settings on the NMS must be the same as those on the
Switch. Otherwise, the NMS cannot manage the Switch.
Step 8 Verify the configuration.
After the configuration is complete, check whether the configuration takes effect.
# Check the SNMP version.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 76
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
[Switch] display snmp-agent sys-info version
SNMP version running in the system:
Polling: SNMPv1:disable, SNMPv2c:disable,
SNMPv3:enable
Trap : SNMPv1:disable, SNMPv2c:disable,
SNMPv3:enable
# Check the user group information.
[Switch] display snmp-agent group admin
Group name: admin
Security model: v3 AuthPriv
Readview: ViewDefault
Writeview: isoview
Notifyview :<no specified>
Storage-type: nonVolatile
Acl:2001
# Check the MIB view.
[Switch] display snmp-agent mib-view viewname isoview
View name:isoview
MIB Subtree:iso
Subtree mask:FC(Hex)
Storage-type: nonVolatile
View Type:included
View status:active
# Check information about the target host that receives traps.
[Switch] display snmp-agent target-host
Target-host NO. 1
-----------------------------------------------------------
IP-address : 2001::2
Domain :-
Source interface : -
VPN instance : -
Security name : nms2-admin
Port : 162
Type : trap
Version : v3
Level : Privacy
NMS type : NMS
With ext-vb : No
-----------------------------------------------------------
# Check contact information of the device administrator.
[Switch] display snmp-agent sys-info contact
The contact person for this managed node:
call Operator at 010-12345678
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
ipv6
#
vlan batch 100
#
acl ipv6 number 2001
rule 5 permit source 2001::/64
#
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 77
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
interface Vlanif100
ipv6 enable
ipv6 address 2001::1/64
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
snmp-agent
snmp-agent local-engineid 800007DB0300259E0370C3
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v3
snmp-agent group v3 admin privacy read-view isoview write-view isoview notify-view isoview acl 2001
snmp-agent target-host trap address udp-domain 2001::2 params securityname nms2-admin v3 privacy
snmp-agent mib-view included isoview iso
snmp-agent usm-user v3 nms2-admin
snmp-agent usm-user v3 nms2-admin group admin
snmp-agent usm-user v3 nms2-admin authentication-mode sha2-256 cipher %^%#odaJ7R)/O7k
$pwQx0qfD0\`u*'GI1(|;ZQXHtzrN%^%#
snmp-agent usm-user v3 nms2-admin privacy-mode aes128 cipher %^%#f*K3/|
E6d"SJes9)5naXPIqCTpR"}BUC=yW;!(f9%^%#
snmp-agent protocol source-interface Vlanif100
#
return
1.12.8 Example for Configuring the Bulk Statistics Collection
Function (IPv6)
Networking Requirements
On the campus network shown in Figure 1-17, an NMS is used to monitor the
Switch. The Switch use SNMPv3 to communicate with the NMS through an IPv6
address, and authentication and encryption are configured to enhance security.
The NMS sends SNMP request messages one by one in polling mode to obtain
information from the Switch, and the Switch sends response messages one by one.
As a result, a large number of messages are exchanged between the NMS and
Switch. These messages consume high bandwidth and many system resources on
the Switch.
The customer wants network devices to periodically send data of specified
statistics objects to the NMS, using FTP as the primary transfer mode and TFTP as
the secondary transfer mode.
Figure 1-17 Networking diagram for configuring bulk statistics collection
Configuration Roadmap
To meet the preceding requirements, configure the bulk statistics collection
function to enable the Switch to periodically collect data of specified statistics
objects, generate bulk files, and upload the files to the NMS through FTP or TFTP.
Attributes of bulk files need to be configured, such as the upload interval, upload
holding time, and maximum number of retransmissions.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 78
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
The configuration roadmap is as follows:
1. Enable bulk statistics collection on the Switch.
2. Create a bulk file and set attributes for the bulk file, including the statistics
collection interval, upload interval, upload holding time, and primary transfer
mode.
3. Configure statistics collection objects for the bulk file.
4. Enable the bulk file.
Procedure
Step 1 Enable bulk statistics collection on the Switch.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] bulk-stat enable
Step 2 Create a bulk file and set attributes for the bulk file, such as the statistics
collection interval, upload interval, and upload holding time.
# Configure the bulk file file1, and set the statistics collection interval, upload
interval, and upload holding time each to 10 minutes. Configure FTP as the
primary transfer mode and TFTP as the secondary transfer mode. For FTP, you
need to set the FTP user name, password, and FTP server IP address.
[Switch] bulk-file file1
[Switch-bulk-file-file1] transfer interval 10
[Switch-bulk-file-file1] collect interval 10
[Switch-bulk-file-file1] transfer remain-time 10
[Switch-bulk-file-file1] transfer primary protocol ftp username user password pwd host 2001::2
[Switch-bulk-file-file1] transfer secondary protocol tftp host 2001::2 path folder/bulkstat2
Step 3 Configure statistics collection objects for the bulk file.
# Configure a statistics collection object of the single type.
[Switch-bulk-file-file1] object 1.3.6.1.2.1.2.1.0 class single
# Configure a statistics collection object of the column type.
[Switch-bulk-file-file1] object 1.3.6.1.2.1.2.2.1.4 class column
Step 4 Enable the bulk file.
[Switch-bulk-file-file1] collect enable
[Switch-bulk-file-file1] quit
Step 5 Verify the configuration.
NOTE
Before verifying the configuration, ensure that the FTP and TFTP services have been enabled on
the server.
After the configuration is complete, you can run the display bulk-stat command
on the Switch to check the configuration of the bulk statistics collection function,
and run the display bulk-stat file-name command to check details about the
specified bulk file.
# Check details about the bulk file file1.
[Switch] display bulk-stat file1
bulk file file1:
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 79
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
----------------------------------
storage: ephemeral
format: bulkASCII
collect interval: 10 min
transfer interval: 10 min
primary transfer URL: ftp://user@2001::2
secondary transfer URL: tftp://2001::2/folder/bulkstat2
transfer retry times: 5
file remain time: 10 min
status: ready
last transfer success time: NULL
last transfer fail time: NULL
total object number: 2
----------------------------------
index: 1
class: single
OID: 1.3.6.1.2.1.2.1.0
start index: NULL
instance number: NULL
----------------------------------
index: 2
class: column
OID: 1.3.6.1.2.1.2.2.1.4
start index: 0
instance number: 0
----------------------------------
You can view the generated bulk files in the specified path on the server. In this
example, a bulk file is generated every 10 minutes.
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
bulk-stat enable
#
bulk-file file1
collect interval 10
transfer interval 10
transfer remain-time 10
transfer primary protocol ftp username user password %^%#'Yi'VM345=n5\LQ1G%
\IQ'O6GM"WU:YI#uVCL[$D%^%# host 2001::2
transfer secondary protocol tftp host 2001::2 path folder/bulkstat2
collect enable
object 1.3.6.1.2.1.2.1.0 class single
object 1.3.6.1.2.1.2.2.1.4 class column
#
return
1.13 Troubleshooting SNMP
1.13.1 The SNMP Host Cannot Connect to the NMS
Fault Description
An SNMP device cannot connect to the NMS.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 80
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Procedure
Run the display logbuffer command in any view to check whether the log
indicating SNMP user login failures is recorded on the device.
Table 1-5 Logs and suggestions
Log Description Suggestion
Failed to login The SNMP Run the display snmp-agent sys-info
through SNMP. versions on the version command in any view to
(Ip=10.1.1.1, device and NMS check the SNMP version on the device.
Times=2, are inconsistent. If the NMS and device use different
Reason=the SNMP versions, run the snmp-agent
version was sys-info version command in the
incorrect, VPN= ) system view to set the SNMP version
on the device to be the same as that
on the NMS.
Failed to login The size of an By default, the device can receive and
through SNMP. SNMP packet send SNMP packets no larger than
(Ip=10.1.1.1, sent by the NMS 12000 bytes. If the NMS sends
Times=2, exceeds the oversized SNMP packets, the device
Reason=the packet threshold set on cannot connect to the NMS. You can
was too large, the device. run the snmp-agent packet max-size
VPN= ) command in the system view to
increase the size of SNMP packets that
can be sent and received by the device
according to the size of SNMP packets
sent by the NMS.
Failed to login The rate of Lower the frequency at which the NMS
through SNMP. SNMP request sends SNMP request packets.
(Ip=10.1.1.1, packets sent by
Times=2, the NMS exceeds
Reason=the the processing
messages was capability of the
failed to be added device.
to the message
list, VPN= )
Failed to login The community Run the display snmp-agent
through SNMP. names on the community command in any view to
(Ip=10.1.1.1, NMS and device check the community name on the
Times=2, are different. device. If the community name used
Reason=the by the NMS is different from that
community was configured on the device, run the
incorrect, VPN= ) snmp-agent community { read |
write } community-name command in
the system view to modify the read/
write community name on the device.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 81
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Log Description Suggestion
Failed to login Decoding error. ● Run the display snmp-agent usm-
through SNMP. The possible user command in any view to check
(Ip=10.1.1.1, causes are: the SNMPv3 user information on
Times=2, ● The SNMPv3 the device. Check whether the user
Reason=decoded user names name on the NMS is the same as
PDU error, VPN= ) configured on the SNMPv3 user name configured
the device and on the device. If not, change the
NMS are user names to be the same. If the
different. user names are the same, run the
display current-configuration |
● The SNMP include snmp command in any
engine IDs view to check whether a user group
configured on is specified for the SNMPv3 user. If
the device and not, run the snmp-agent usm-user
NMS are v3 user-name group group-name
different. command in the system view to
● The specify a user group for the
authentication SNMPv3 user.
or encryption NOTE
password of The user group attributes are as follows
the SNMPv3 (listed from most to least secure): Level
user on the 1: privacy (authentication and
NMS is encryption), Level 2: authentication
(only authentication), and Level 3: none
incorrect. (no authentication and no encryption).
The user security level cannot be lower
than the user group level; otherwise,
the SNMP device cannot connect to the
NMS.
● Run the display current-
configuration | include snmp
command in any view to check the
SNMP engine ID on the device.
Check whether the SNMP engine
IDs configured on the NMS and
device are the same. If not, run the
snmp-agent local-engineid
engineid command in the system
view to modify the SNMP engine ID
on the device. Alternatively, you can
modify the SNMP engine ID on the
NMS. Ensure that the NMS and
device have the same SNMP engine
IDs configured.
NOTE
If you modify the SNMP engine ID on
the device, the SNMPv3 user matching
the original engine ID is deleted.
Therefore, you need to reconfigure the
SNMPv3 user.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 82
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Log Description Suggestion
● Configure the correct
authentication or encryption
password of the SNMPv3 user. If
you forget the authentication or
encryption password of the
SNMPv3 user, run the snmp-agent
usm-user v3 user-name
authentication-mode { md5 | sha |
sha2-256 } [ cipher password ]
command in the system view to
configure the authentication
password for the SNMPv3 user. Run
the snmp-agent usm-user v3 user-
name privacy-mode { des56 |
aes128 | aes192 | aes256 | 3des }
[ cipher password ] command in
the system view to configure the
encryption password for the
SNMPv3 user.
Failed to login The IP address Run the display acl { acl-number |
through SNMP. used by the NMS name acl-name | all } command in
(Ip=10.1.1.1, to send SNMP any view to check ACL configuration. If
Times=2, request packets the IP address is denied by an ACL, run
Reason=the ACL is denied by an the rule [ rule-id ] permit source
filter function, ACL. { source-ip-address source-wildcard |
VPN= ) any } command in the basic ACL view
to allow this IP address to access the
device.
Failed to login The Change the ContextName on the NMS
through SNMP. ContextName on to a space or a hyphen.
(Ip=10.1.1.1, the NMS is
Times=2, incorrect.
Reason=the
contextname was
incorrect, VPN= )
1.13.2 NMS Failed to Receive Traps
Fault Description
On a device running SNMPv3 to communicate with the NMS, when you run the
display trapbuffer command, you can see there are trap records in the trap buffer
of the information center; however, the NMS cannot receive the traps from the
device.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 83
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Fault Analysis
The device runs SNMPv3 to communicate with the NMS, but the trap message
version is not specified on the trap destination. By default, the device sends traps
in SNMPv1 version. Because the SNMP version set on the device is different from
the SNMP version of trap messages sent by the device, the SNMP module on the
device does not send trap messages. Despite not being sent, the generated trap
messages are still stored in the trap buffer of the information center.
Procedure
Step 1 Check the SNMP version running on the device.
Run the display snmp-agent sys-info command to view the SNMP information,
including system maintenance information, physical locations of devices, and
SNMP version.
Step 2 Check the version of trap messages to be sent.
Run the display snmp-agent target-host command to view target host
information, such as target host IP address, VPN instance name, trap sending
mode, secure character for sending traps, protocol version, and security level.
----End
1.14 FAQ About SNMP
1.14.1 How Can I Download a MIB File?
The following provides an example of downloading a MIB file of the S5700
running V200R010C00.
1. Log in to the http://support.huawei.com/enterprise.
2. Choose Software Download > Switch > Campus Switch > S5700.
3. Select the software version V200R010C00SPC600.
4. Click Download on the right of the MIB file MIB-V200R010C00SPC600.zip.
Figure 1-18 Download page
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 84
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
1.14.2 Why Does a Device Fail to Report Interface Up/Down
Traps to the NMS and How Can I Disable the Up/Down Traps
of a Specified Interface?
By default, the interface status trap function is globally disabled. Therefore, when
an interface changes status, no trap is generated. Run the snmp-agent trap
enable feature-name ifnet trap-name { linkdown | linkup } command to enable
the interface status trap function globally. When interface status frequently
changes, a large number of traps are sent to the NMS, increasing the load on the
NMS. In this situation, you can disable the interface status trap function. The
procedure is as follows:
1. Run the interface interface-type interface-number command to enter the
interface view.
2. Run the undo enable snmp trap updown command to disable the interface
status trap function.
The following example shows how to disable the device from sending traps to the
NMS when any interface changes its status to Up.
<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable feature-name ifnet trap-name linkup
The following example shows how to disable the device from sending traps to the
NMS when GE0/0/1 changes its status.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo enable snmp trap updown
1.14.3 Why the LLDP Neighbor Information Cannot Be
Obtained Through SNMP or the Operations Performed on
LLDP MIB Objects Do Not Take Effect?
Possible Description Solution
Cause
The LLDP If the LLDP function is Run the lldp enable command in the
function is disabled on the switch, the system view to enable LLDP globally.
disabled switch cannot obtain the By default, LLDP is enabled globally
on the LLDP neighbor and on the interface.
switch. information, and the NMS
fails to operate LLDP MIB
objects. As a result, the
LLDP neighbor
information cannot be
obtained through SNMP.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 85
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Possible Description Solution
Cause
The LLDP- The root directory of the 1. Run the snmp-agent mib-view
MIB LLDP-MIB is included iso-view iso command to
objects iso(1).std(0).iso8802(8802 create the MIB view iso-view that
are not in ).ieee802dot1(1).ieee802d can access all MIB objects.
the ot1mibs(1).lldpMIB(2). 2. Run the snmp-agent community
default The default MIB view that { read | write } community-name
MIB view. can be operated by the mib-view iso-view command to
NMS is 1.3.6.1, and all grant the access permission on the
LLDP-MIB objects are not MIB view iso-view to the NMS.
in the default MIB view, so
the operations performed 3. Run the snmp-agent sys-info
on LLDP-MIB objects do version all command to configure
not take effect. all SNMP versions on the switch.
1.14.4 How Do I Mask SNMP Traps?
How Do I Mask a Trap or a Type of Traps on a Switch?
NOTE
You can use commands to enable a switch to generate traps. If a trap is disabled, the switch
does not generate the trap or send the trap to the NMS.
By default, some trap modules are enabled, while some are disabled. You can run
the display snmp-agent trap all command to check the status of all trap
modules. An example is as follows:
<HUAWEI> display snmp-agent trap all
------------------------------------------------------------------------------
Feature name: INFO
Trap number : 2
------------------------------------------------------------------------------
Trap name Default switch status Current switch status
hwICLogFileAging on on
hwICLogBufferLose on on
------------------------------------------------------------------------------
---- More ----
Item Description
Feature name Name of a feature that generates traps.
Trap number Number of traps generated by the feature.
Trap name Name of a trap.
Default switch status Default status of the trap:
● on: The switch sends the trap to the NMS.
● off: The switch does not send the trap to the NMS.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 86
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
Item Description
Current switch status Current status of the trap:
● on: The switch sends the trap to the NMS.
● off: The switch does not send the trap to the NMS.
The status of a trap can be configured using the
snmp-agent trap enable feature-name command.
To disable a trap or the trap function of a module, perform the following
operations:
1. Search for a trap based on certain keywords in the Alarm Handling of S series
switches. For example, if you want to mask traps related to optical modules,
you can find the following traps in the Alarm Handling:
ENTITYTRAP_1.3.6.1.4.1.2011.5.25.219.2.4.5 hwOpticalInvalid 136xxx
These traps include the following keywords:
– ENTITYTRAP: indicates the name of a feature that generates traps.
– hwOpticalInvalid: indicates the trap name.
2. Run the snmp-agent trap enable or snmp-agent trap enable feature-name
feature-name trap-name trap-name command to enable or disable the trap
function.
Parameter Description
feature-name Specifies the name of a feature that
generates traps.
trap-name Specifies the name of a trap.
The following command is an example for masking traps related to optical
modules:
undo snmp-agent trap enable feature-name ENTITYTRAP trap-name hwOpticalInvalid
How Do I Send Specific Traps to a Specified Host?
NOTE
In this scenario, the switch can still generate traps locally. In addition, the switch filters
traps and sends only traps meeting specific rules to the NMS.
On the live network, customers sometimes need to send specific traps to specified
hosts. For example, a customer deploys a dedicated NMS to monitor the link
status (Up or Down) of network devices and does not want to receive other traps.
To meet this requirement, you can run the snmp-agent notify-filter-profile
command on the switch to configure a trap filter profile. This type of requirements
generally involves two scenarios:
● Scenario 1: Only some traps need to be reported.
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 87
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
● Scenario 2: Except some traps, other traps need to be reported.
Configuration example for scenario 1: The customer wants to report link Up
and Down traps to the NMS that uses IP address 10.8.8.8 and does not want
to report other traps to the NMS.
1. Locate the two traps in the MIB reference in the product documentation, as
described in the following tables.
OID Objec Bound Description Impleme
t Variable nted
Nam Specificat
e ions
1.3.6.1.6. linkU ● ifIndex A linkUp trap indicates that This
3.1.1.5.4 p ● ifAdminS the SNMP entity, acting as object is
tatus an agent, has detected that implemen
one of the communication ted as
● ifOperSt links in the ifOperStatus defined in
atus object has changed from the
● ifDesc Down to another state (not correspon
notPresent). The new state is ding MIB
indicated by the value of file.
ifOperStatus.
OID Objec Bound Description Impleme
t Variable nted
Name Specifica
tions
1.3.6.1. linkDo ● ifIndex A linkDown trap indicates This
6.3.1.1. wn ● ifAdminSt that the SNMP entity, acting object is
5.3 atus as an agent, has detected impleme
that one of the nted as
● ifOperStat communication links in the defined
us ifOperStatus object has in the
● ifDesc changed to Down from correspon
another state (not ding MIB
notPresent). The original file.
state is indicated by the
value of ifOperStatus.
2. Run the snmp-agent notify-filter-profile command to configure a trap filter
profile that includes linkUp and linkDown trap objects. The following example
assumes that the name of the trap filter profile is profile_a.
snmp-agent notify-filter-profile included profile_a linkUp
snmp-agent notify-filter-profile included profile_a linkDown
3. When you use included to filter a specific trap, the trap object and all bound
variables of the trap must be included. Otherwise, trap filtering fails.
Therefore, you need to include all the bound variables of the linkUp and
linkDown traps. The detailed configuration is as follows:
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 88
S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - Network Management and
Monitoring 1 SNMP Configuration
snmp-agent notify-filter-profile included profile_a ifIndex
snmp-agent notify-filter-profile included profile_a ifDesc
snmp-agent notify-filter-profile included profile_a ifAdminStatus
snmp-agent notify-filter-profile included profile_a ifOperStatus
4. Trap packets of SNMPv2c and SNMPv3 also contain the sysUpTime and
snmpTrapOID objects. Therefore, you need to add the two objects to the trap
filter profile. The detailed configuration is as follows:
snmp-agent notify-filter-profile included profile_a sysUpTime
snmp-agent notify-filter-profile included profile_a snmpTrapOID
5. Configure the IP address of the trap host and bind the trap filter profile.
snmp-agent target-host trap address udp-domain 10.8.8.8 params securityname cipher @%@%m
%eiQi2Kz+-/Z:!gz24-a4IY@%@% v2c notify-filter-profile profile_a
Configuration example for scenario 2: The customer wants to report traps
except linkUp and linkDown to the NMS.
In this scenario, pay attention to the following points:
● When using exclude to filter out a type of traps, you need to configure the
trap filter profile to include the iso object. Otherwise, all traps cannot be
reported.
● When exclude is used to filter out a specified trap, only the OID of the trap or
the OID of a single bound variable for the trap needs to be configured.
The detailed configuration is as follows:
1. Run the snmp-agent notify-filter-profile command to configure a trap filter
profile to exclude the linkUp and linkDown trap objects and include all the
other objects. The following example assumes that the name of the trap filter
profile is profile_a.
snmp-agent notify-filter-profile exclude profile_a linkUp
snmp-agent notify-filter-profile exclude profile_a linkDown
snmp-agent notify-filter-profile include profile_a iso
2. Configure the IP address of the trap host and bind the trap filter profile.
snmp-agent target-host trap address udp-domain 8.8.8.8 params securityname cipher @%@%m
%eiQi2Kz+-/Z:!gz24-a4IY@%@% v2c notify-filter-profile profile_a
1.14.5 How Do I Configure SNMP When Connecting a Switch
to a Third-Party NMS?
When you connect a switch to a third-party NMS, such as Zabbix, through
SNMPv2c, you can configure the switch by referring to 1.12.2 Example for
Configuring a Switch to Communicate with an NMS Through SNMPv2c (IPv4).
If SNMPv3 is used for communication between the switch and NMS, configure the
switch by referring to 1.12.3 Example for Configuring a Switch to Communicate
with an NMS Through SNMPv3 (IPv4).
Issue 01 (2024-09-30) Copyright © Huawei Technologies Co., Ltd. 89
You might also like
- Huawei WA8021V5 - Device Installation Guide - v2No ratings yetHuawei WA8021V5 - Device Installation Guide - v28 pages
- OLS500S-B2016 Solar Powered Low Intensity Obstruction Light - Datasheet - v202008v2No ratings yetOLS500S-B2016 Solar Powered Low Intensity Obstruction Light - Datasheet - v202008v22 pages
- 800-16419V5-A - MAXPRO - NVR - 4.5 - Installation and Configuration GuideNo ratings yet800-16419V5-A - MAXPRO - NVR - 4.5 - Installation and Configuration Guide334 pages
- Monitoring: Simple Network Management Protocol)No ratings yetMonitoring: Simple Network Management Protocol)29 pages
- Rosemount-2130-Manual - Vibration Level SwitchNo ratings yetRosemount-2130-Manual - Vibration Level Switch74 pages
- HC110110031 Simple Network Management ProtocolNo ratings yetHC110110031 Simple Network Management Protocol14 pages
- An Introduction To SNMP & Versions of SNMP100% (1)An Introduction To SNMP & Versions of SNMP54 pages
- XLT Oven & AVI Hood Installation & Operation Manual: CautionNo ratings yetXLT Oven & AVI Hood Installation & Operation Manual: Caution106 pages
- AN870 - SNMP V2c Agent For Microchip TCPIP StackNo ratings yetAN870 - SNMP V2c Agent For Microchip TCPIP Stack40 pages
- 800-16422V5-J - MAXPRO - NVR - 5.6 - Operator's - GuideNo ratings yet800-16422V5-J - MAXPRO - NVR - 5.6 - Operator's - Guide202 pages
- Paul Bedell - Gigabit Ethernet For Metro Area Networks (2002) PDFNo ratings yetPaul Bedell - Gigabit Ethernet For Metro Area Networks (2002) PDF298 pages
- Manual de Reparación de Refrigeradores PDFNo ratings yetManual de Reparación de Refrigeradores PDF19 pages
- D-CI-DS-23 Dell Technologies Exam Practice QuestionsNo ratings yetD-CI-DS-23 Dell Technologies Exam Practice Questions14 pages
- Cwopa CommonwealthTelephoneDirectory2011No ratings yetCwopa CommonwealthTelephoneDirectory2011237 pages
- Familiarization With The Various Computer Systems' Components and PeripheralsNo ratings yetFamiliarization With The Various Computer Systems' Components and Peripherals78 pages
- Comandos Utilitarios de Macos: Comando Lo Que Hace Comando Lo Que HaceNo ratings yetComandos Utilitarios de Macos: Comando Lo Que Hace Comando Lo Que Hace14 pages
- Sprezarka Embraco Aspera NJ9238GK Karta-Produktu PDFNo ratings yetSprezarka Embraco Aspera NJ9238GK Karta-Produktu PDF3 pages
- MIRA - Gamma Dose Rate Monitoring SystemNo ratings yetMIRA - Gamma Dose Rate Monitoring System3 pages
- Microsoft Actualtests AZ-104 v2021-04-05No ratings yetMicrosoft Actualtests AZ-104 v2021-04-0528 pages
- Cisco Industrial Ethernet Switches Ordering GuideNo ratings yetCisco Industrial Ethernet Switches Ordering Guide17 pages
- G41M04 Schematic Foxconn Precision Co. Inc.: Fab.1.1 Data: 2009/6/18 Page IndexNo ratings yetG41M04 Schematic Foxconn Precision Co. Inc.: Fab.1.1 Data: 2009/6/18 Page Index36 pages
- Experiment No. 4: 1.aim: Simulate Wifi Network ModeNo ratings yetExperiment No. 4: 1.aim: Simulate Wifi Network Mode8 pages
- Dual-Band Access Point: Insteon Wireless Phase Coupler Owner's Manual (#2443)No ratings yetDual-Band Access Point: Insteon Wireless Phase Coupler Owner's Manual (#2443)8 pages
- Simple Network Management Protocol: BackgroundNo ratings yetSimple Network Management Protocol: Background8 pages
- (IAC) Ils X Rwy 17R: Alt, Elev, HGT: FT Dist: NM BRG: Mag VA/CHG: 06'WNo ratings yet(IAC) Ils X Rwy 17R: Alt, Elev, HGT: FT Dist: NM BRG: Mag VA/CHG: 06'W1 page
- Current Bill Charges: Ashok Verma P.O. Box 470 Doha QatarNo ratings yetCurrent Bill Charges: Ashok Verma P.O. Box 470 Doha Qatar4 pages
- CellMax Spec - CMA - BDHH - 6521 - E0-6 - A1No ratings yetCellMax Spec - CMA - BDHH - 6521 - E0-6 - A11 page
- SNMP in Practice: Definitive Reference for Developers and EngineersFrom EverandSNMP in Practice: Definitive Reference for Developers and EngineersNo ratings yet
