Snmpv3 configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 153

Advertising
background image

142

[SecPath] snmp-agent sys-info location telephone-closet,3rd-floor

# Enable SNMP traps, set the NMS at IP address 1.1.1.2/24 as an SNMP trap destination, and

use public as the community name. (To make sure the NMS can receive traps, specify the same

SNMP version in the snmp-agent target-host command as is configured on the NMS.)

[SecPath] snmp-agent trap enable

[SecPath] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname

public v1

2.

Configure the SNMP NMS:
# Configure the SNMP version for the NMS as v1 or v2c, create a read-only community and name
it public, and create a read and write community and name it private. For information about

configuring the NMS, see the NMS manual.

NOTE:

The configurations on the SecPath and the NMS must match.

3.

Verify the configuration:

{

After the above configuration, an SNMP connection is established between the NMS and the
SecPath. The NMS can get and configure the values of some parameters on the SecPath

through MIB nodes.

{

Execute the shutdown or undo shutdown command to an idle interface on the SecPath, and the
NMS receives the corresponding trap.

SNMPv3 configuration example

Network requirements

As shown in

Figure 64

, the NMS (1.1.1.2/24) uses SNMPv3 to monitor and manage the interface status

of SecPath (1.1.1.1/24), and the SecPath automatically sends traps to report events to the NMS.
The NMS and the SecPath perform authentication when they set up an SNMP session. The authentication

algorithm is MD5 and the authentication key is authkey. The NMS and the SecPath also encrypt the

SNMP packets between them by using the DES algorithm and the privacy key prikey. The inbound port

for traps on the NMS is 5000.

Figure 64 Network diagram

Configuration procedure

1.

Configure the SecPath:
# Configure the IP address of the SecPath as 1.1.1.1/24 and make sure the SecPath and the NMS
can reach each other. (Details not shown.)
# Configure the access right: the user can read and write the objects under the interface node with
the OID of 1.3.6.1.2.1.2, and cannot access other MIB objects. Set the user name to

managev3user, authentication algorithm to MD5, authentication key to authkey, the encryption
algorithm to DES56, and the privacy key to prikey.

<SecPath> system-view

SecPath

1.1.1.1/24

NMS

1.1.1.2/24

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals