Snmpv3 configuration example, Network requirements, Configuration procedure – H3C Technologies H3C MSR 5600 User Manual
Page 131
118
SNMPv3 configuration example
Network requirements
As shown in
, the NMS (1.1.1.2/24) uses SNMPv3 to monitor and manage the interface status
of the agent (1.1.1.1/24). The agent automatically sends notifications to report events to the NMS. The
default UDP port 162 is used for SNMP notifications.
The NMS and the agent perform authentication when they set up an SNMP session. The authentication
algorithm is SHA-1 and the authentication key is 123456TESTauth&!. The NMS and the agent also
encrypt the SNMP packets between them by using the AES algorithm and the privacy key
123456TESTencr&!.
Figure 44 Network diagram
Configuration procedure
1.
Configure the agent:
# Configure the IP address of the agent, and make sure the agent and the NMS can reach each
other. (Details not shown.)
# Assign the NMS (SNMPv3 group managev3group) read and write access to the objects under
the snmp node (OID 1.3.6.1.2.1.11), and deny its access to any other MIB object.
[Agent] undo snmp-agent mib-view ViewDefault
[Agent] snmp-agent mib-view included test snmp
[Agent] snmp-agent group v3 managev3group privacy read-view test write-view test
# Add the user managev3user to the SNMPv3 group managev3group, and set the authentication
algorithm to sha, authentication key to 123456TESTauth&!, encryption algorithm to aes128, and
privacy key to 123456TESTencr&!.
[Agent] snmp-agent usm-user v3 managev3user managev3group simple authentication-mode
sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!
# Configure contact and physical location information for the agent.
[Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306
[Agent] snmp-agent sys-info location telephone-closet,3rd-floor
# Enable notifications, specify the NMS at 1.1.1.2 as a trap destination, and set the username to
managev3user for the traps.
[Agent] snmp-agent trap enable
[Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname
managev3user v3 privacy
2.
Configure the SNMP NMS:
{
Specify SNMPv3.
{
Create the SNMPv3 user managev3user.
{
Enable both authentication and privacy functions.
{
Use SHA-1 for authentication and AES for encryption.