Snmpv3 configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 153
142
[SecPath] snmp-agent sys-info location telephone-closet,3rd-floor
# Enable SNMP traps, set the NMS at IP address 1.1.1.2/24 as an SNMP trap destination, and
use public as the community name. (To make sure the NMS can receive traps, specify the same
SNMP version in the snmp-agent target-host command as is configured on the NMS.)
[SecPath] snmp-agent trap enable
[SecPath] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname
public v1
2.
Configure the SNMP NMS:
# Configure the SNMP version for the NMS as v1 or v2c, create a read-only community and name
it public, and create a read and write community and name it private. For information about
configuring the NMS, see the NMS manual.
NOTE:
The configurations on the SecPath and the NMS must match.
3.
Verify the configuration:
{
After the above configuration, an SNMP connection is established between the NMS and the
SecPath. The NMS can get and configure the values of some parameters on the SecPath
through MIB nodes.
{
Execute the shutdown or undo shutdown command to an idle interface on the SecPath, and the
NMS receives the corresponding trap.
SNMPv3 configuration example
Network requirements
As shown in
, the NMS (1.1.1.2/24) uses SNMPv3 to monitor and manage the interface status
of SecPath (1.1.1.1/24), and the SecPath automatically sends traps to report events to the NMS.
The NMS and the SecPath perform authentication when they set up an SNMP session. The authentication
algorithm is MD5 and the authentication key is authkey. The NMS and the SecPath also encrypt the
SNMP packets between them by using the DES algorithm and the privacy key prikey. The inbound port
for traps on the NMS is 5000.
Figure 64 Network diagram
Configuration procedure
1.
Configure the SecPath:
# Configure the IP address of the SecPath as 1.1.1.1/24 and make sure the SecPath and the NMS
can reach each other. (Details not shown.)
# Configure the access right: the user can read and write the objects under the interface node with
the OID of 1.3.6.1.2.1.2, and cannot access other MIB objects. Set the user name to
managev3user, authentication algorithm to MD5, authentication key to authkey, the encryption
algorithm to DES56, and the privacy key to prikey.
SecPath
1.1.1.1/24
NMS
1.1.1.2/24
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS