l Authentication and encryption: privacy is configured in the command. This mode is
applicable to insecure networks managed by many administrators who may frequently
perform operations on the same device. In this mode, only the authenticated administrators
can access the managed device, and transmitted data is encrypted to guard against
interception and data leaking.
Step 5 Run:
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha }
password [ privacy-mode des56 password ] ]
A user is added to the SNMPv3 user group.
After a user is added to the user group, the NM station that uses the name of the user can access
the objects in the Viewdefault view (1.3.6.1).
If authentication and encryption have been enabled for the user group, the following
authentication and encryption modes can be configured for the data transmitted on the network.
l Authentication mode
– Message Digest 5 (MD5): generates a 128-bit message digest for an input message of any
length.
– Secure Hash Algorithm (SHA-1): generates a 160-bit message digest for an input message
of less than 2
64
bits.
MD5 is faster than SHA-1, but is considered less secure.
l Encryption mode
DES uses a 56-bit key to encrypt a 64-bit plain text block.
Step 6 Choose one of the following commands as needed to configure the destination IP address for
the alarms and error codes sent from the device.
l To configure a destination IPv4 address for the alarms and error codes sent from the device,
run:
snmp-agent target-host trap address udp-domain ip-address [ udp-port port-
number ] [ public-net | vpn-instance vpn-instance-name ] params securityname
security-string [ v3 [ authentication | privacy ] ] [ private-netmanager | ext-
vb ]
*
The descriptions of the command parameters are as follows:
l The default destination UDP port number is 162. In some special cases (for example, port
mirroring is configured to prevent a well-known port from being attacked), the parameter
udp-port can be used to specify a non-well-known UDP port number. This ensures normal
communication between the NM station and managed device.
l If the alarms sent from the managed device to the NM station need to be transmitted over a
public network, the parameter public-net needs to be configured. If the alarms sent from the
managed device to the NM station need to be transmitted over a private network, the
parameter vpn-instance vpn-instance-name needs to be used to specify a VPN that will take
over the sending task.
l The parameter securityname identifies the alarm sender, which will help you learn the alarm
source.
l If the NM station and managed device are both Huawei products, the parameter private-
netmanager can be configured to add more information to alarms, such as the alarm type,
alarm sequence number, and alarm sending time. The information will help you locate and
rectify faults more quickly.
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management 1 SNMP Configuration
Issue 01 (2011-10-26) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
28
To Next Page
Loading...
Need help?
General
