Configuration Guide Configuring SNMP
By default, SNMP is not allowed to actively send a trap message to the NMS, the function of sending a Link Trap message on
an interface is enabled, the function of sending a system reboot trap message is disabled, and a trap message does not carry
any private field.
By default, the IP address of the interface where SNMP packets are sent is used as the source address.
By default, the length of a trap message queue is 10 and the interval for sending a trap message is 30s.
The snmp-server enable traps command is used to enable or disable the agent to actively send a trap message to the
NMS.
The snmp trap link-status command is used to enable or disable the function of sending a Link Trap message on an
interface.
The snmp-server trap-source command is used to specify the source address for sending messages or to restore the
default value.
The snmp-server queue-length command is used to set the length of a trap message queue or to restore the default value.
The snmp-server trap-timeout command is used to set the interval for sending a trap message or to restore the default
value.
The snmp-server trap-format private command is used to set or disable the function of carrying private fields in a trap
message when the message is sent.
The snmp-server system-shutdown command is used to enable or disable the function of sending a system reboot trap
message.
 Setting the SNMP Attack Protection and Detection Function
By default, the SNMP attack protection and detection function is disabled.
The snmp-server authentication attempt times exceed { lock | lock-time minutes | unlock } command is used to set and
enable the attack protection and detection function.
5.3.2 SNMPv1 and SNMPv2C
SNMPv1 and SNMPv2C adopt the community-based security architecture. The administrator who can perform operations on
the MIB of the agent is limited by defining the host address and authentication name (community string).
Working Principle
SNMPv1 and SNMPv2 determine whether the administrator has the right to use MIB objects by using the authentication
name. The authentication name of the NMS must be the same as an authentication name defined in devices.
SNMPv2C adds the Get-bulk operation mechanism and can return more detailed error message types to the management
workstation. The Get-bulk operation is performed to obtain all information from a table or obtain lots of data at a time, so as to
reduce the number of request responses. The enhanced error handling capabilities of SNMPv2C include extension of error
codes to differentiate error types. In SNMPv1, however, only one error code is provided for errors. Now, errors can be
differentiated based on error codes. Because management workstations supporting SNMPv1 and SNMPv2C may exist on
To Next Page
Loading...
Need help?
General
