beautypg.com

Snmpv3 configuration example, Network requirements, Configuration procedure – H3C Technologies H3C MSR 5600 User Manual

Page 131

background image

118

SNMPv3 configuration example

Network requirements

As shown in

Figure 44

, the NMS (1.1.1.2/24) uses SNMPv3 to monitor and manage the interface status

of the agent (1.1.1.1/24). The agent automatically sends notifications to report events to the NMS. The

default UDP port 162 is used for SNMP notifications.
The NMS and the agent perform authentication when they set up an SNMP session. The authentication
algorithm is SHA-1 and the authentication key is 123456TESTauth&!. The NMS and the agent also

encrypt the SNMP packets between them by using the AES algorithm and the privacy key

123456TESTencr&!.

Figure 44 Network diagram

Configuration procedure

1.

Configure the agent:
# Configure the IP address of the agent, and make sure the agent and the NMS can reach each
other. (Details not shown.)
# Assign the NMS (SNMPv3 group managev3group) read and write access to the objects under
the snmp node (OID 1.3.6.1.2.1.11), and deny its access to any other MIB object.

system-view

[Agent] undo snmp-agent mib-view ViewDefault

[Agent] snmp-agent mib-view included test snmp

[Agent] snmp-agent group v3 managev3group privacy read-view test write-view test

# Add the user managev3user to the SNMPv3 group managev3group, and set the authentication
algorithm to sha, authentication key to 123456TESTauth&!, encryption algorithm to aes128, and

privacy key to 123456TESTencr&!.

[Agent] snmp-agent usm-user v3 managev3user managev3group simple authentication-mode

sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!

# Configure contact and physical location information for the agent.

[Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306

[Agent] snmp-agent sys-info location telephone-closet,3rd-floor

# Enable notifications, specify the NMS at 1.1.1.2 as a trap destination, and set the username to
managev3user for the traps.

[Agent] snmp-agent trap enable

[Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname

managev3user v3 privacy

2.

Configure the SNMP NMS:

{

Specify SNMPv3.

{

Create the SNMPv3 user managev3user.

{

Enable both authentication and privacy functions.

{

Use SHA-1 for authentication and AES for encryption.

This manual is related to the following products: