Configuring Basic SNMPv2c Functions

Procedure

1. Access the system view.

   system-view

2. Enable the information center.

   info-center enable

   By default, the information center is enabled.

3. Optional: Enable the SNMP agent function.

   snmp-agent

   By default, the SNMP agent function is disabled. Running any command with the parameter snmp-agent can enable the SNMP agent function, so this step is optional.

4. Optional: Set the port number monitored by the SNMP agent.

   snmp-agent udp-port port-num

   By default, port 161 is monitored by the SNMP agent.

   The snmp-agent udp-port command can be used to change the number of the port monitored by the SNMP agent, to improve the security of the device.

5. Set the SNMP version.

   snmp-agent sys-info version v2c

   By default, SNMPv3 is enabled.

   After SNMPv2c is enabled on the managed device, the device supports both SNMPv2c and SNMPv3. This means that the device can be monitored and managed by NMSs running SNMPv2c and SNMPv3.

6. Set the community name.

   snmp-agent community { read | write } [ cipher ] community-name [ acl acl-number | mib-view view-name | alias alias-name ] *

   The community name will be saved in encrypted format in the configuration file. The community alias will be saved in simple text format in the configuration file.

   By default, the complexity check is enabled for a community name. If a community name fails the complexity check, the community name cannot be configured. To disable the complexity check for a community name, run the snmp-agent community complexity-check disable command.

   

   The requirements for community name complexity are as follows:

   • The default minimum length of a community name is eight characters. The set password min-length command determines the minimum length of a community name.

   • A community name includes at least two kinds of characters, which can be uppercase letters, lowercase letters, digits, and special characters except question marks (?) and space.

   After the community name is set, if no MIB view is configured, the NMS that uses the community name has permission to access objects in the ViewDefault view.

7. Choose one of the following commands as needed to configure the destination IP address for the alarms and error codes sent from the device.
   • If the network is an IPv4 network, configure the device to send either traps or informs to the NMS.

     

     The differences between traps and informs are as follows:

     • The traps sent by the managed device do not need to be acknowledged by the NMS.

     • The informs sent by the managed device need to be acknowledged by the NMS. If no acknowledgement message from the NMS is received within a specified time period, the managed device will resend the inform until the number of retransmissions reaches the maximum.

       When the managed device sends an inform, it records the inform in the log. If the NMS and link between the NMS and managed device recovers from a fault, the NMS can still learn the inform sent during the fault occurrence and rectification.

     In this regard, informs are more reliable than traps, but the device may need to buffer a lot of informs because of the inform retransmission mechanism and this may consume many memory resources.

     If the network is stable, using traps is recommended. If the network is unstable and the device's memory capacity is sufficient, using informs is recommended.

     Informs and traps must have different destination IP addresses. If a same destination IP address is configured for both of them, the later configuration overrides the previous configuration.

     • To configure a destination IPv4 address for the traps and error codes sent from the device, run:

       snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | [ public-net | vpn-instance vpn-instance-name ] ] * params securityname [ cipher ] security-string [ v2c | notify-filter-profile profile-name | private-netmanager | ext-vb ] *

       

       In this case, the v2c parameter needs to be set so that traps can be properly sent. If you do not set this parameter, SNMPv1 will be used by default, and traps cannot be sent.

     • To configure a destination IPv4 address for the informs and error codes sent from the device, run:

       snmp-agent target-host inform address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | [ public-net | vpn-instance vpn-instance-name ] ] * params securityname { security-string | cipher security-string } v2c [ notify-filter-profile profile-name | ext-vb ] *

   • To configure a destination IPv6 address for the alarms and error codes sent from the device, run:

     snmp-agent target-host trap ipv6 address udp-domain ipv6-address [ udp-port port-number ] params securityname [ cipher ] security-string [ v2c | notify-filter-profile profile-name | private-netmanager | ext-vb ] *

   The descriptions of the command parameters are as follows:

   • The default destination User Datagram Protocol (UDP) port number is 162. In some special cases, the parameter udp-port can be used to specify a non-well-known UDP port number. This ensures normal communication between the NMS and managed device.

   • If the alarms sent from the managed device to the NMS need to be transmitted over a public network, the parameter public-net needs to be configured. If the alarms sent from the managed device to the NMS need to be transmitted over a private network, the parameter vpn-instance vpn-instance-name needs to be used to specify a VPN that will take over the sending task.

   • The parameter securityname identifies the alarm sender, which will help you learn the alarm source.

   • If the NMS and managed device are both Huawei products, the parameter private-netmanager can be configured to add more information to alarms, such as the alarm type, alarm sequence number, and alarm sending time. The information will help you locate and rectify faults more quickly.

   

   An IPv6 network supports only traps, not informs.

8. Optional: Set the equipment administrator's contact information or location.

   snmp-agent sys-info { contact contact | location location }

   This step is required when the NMS administrator must know equipment administrators' contact information and locations when the NMS manages many devices. This allows the NMS administrator to contact the equipment administrators quickly for fault location and rectification.

   To configure both the equipment administrator's contact information and location, you must run the command twice to configure them separately.

9. Optional: Set the maximum size of an SNMP packet that the device can receive or send.

   snmp-agent packet max-size byte-count

   By default, the maximum size of an SNMP packet that the device can receive or send is 12000 bytes.

   After the maximum size is set, the device will discard any SNMP packet that is larger than the set size. The allowable maximum size of an SNMP packet for a device depends on the size of a packet that the NMS can process; otherwise, the NMS cannot process the SNMP packets sent from the device.

10. Optional: Set the source interface that receives and responds to NMS requests.

    snmp-agent protocol source-interface interface-type interface-number

    Currently, the source interface can be set only to a loopback interface.

11. Optional: Disable the SNMP IPv4 or IPv6 listening port.

    snmp-agent protocol server [ ipv4 | ipv6 ] disable

    By default, the SNMP IPv4 or IPv6 listening port is disabled.

    If ipv4 or ipv6 is not selected, both SNMP IPv4 and IPv6 listening ports are disabled.

    After you disable the SNMP IPv4 or IPv6 listening port using the snmp-agent protocol server disable command, SNMP no longer processes SNMP packets. Exercise caution when you disable the SNMP IPv4 or IPv6 listening port.