Differences

This shows you the differences between two versions of the page.

--- hpe:switch:snmp_v3_hpe_comware_cli [2023/07/29 13:20] – aperez
+++ hpe:switch:snmp_v3_hpe_comware_cli [2023/07/29 14:23] (current) – aperez
@@ Line 5: / Line 5: @@
 As shown in Figure 28, the NMS (**1.1.1.2/24**) uses **SNMPv3** to monitor and manage the interface status of the agent (**1.1.1.1/24**), and the agent automatically sends traps to report events to the **NMS**.
-The NMS and the agent perform authentication when they set up an SNMP session. The authentication algorithm is SHA-1 and the authentication key is **123456TESTauth&!**. The NMS and the agent also encrypt the SNMP packets between them by using the AES algorithm and the privacy key **123456TESTencr&!**.
+The NMS and the agent perform authentication when they set up an SNMP session. The authentication algorithm is **SHA-1** and the authentication key is **123456TESTauth&!**. The NMS and the agent also encrypt the SNMP packets between them by using the **AES** algorithm and the privacy key **123456TESTencr&!**.
+{{ :hpe:switch:image28.png?200 |}}
+__**Configuration procedure**__
+**Configure the agent:**
+//# Configure the IP address of the agent and make sure the agent and the NMS can reach each other. (Details not shown.)//
+//# Assign the NMS read and write access to the objects under the ifTable node (OID 1.3.6.1.2.1.2.2), and deny its access to any other MIB object.//
+  <Agent> system-view
+  [Agent] undo snmp-agent mib-view ViewDefault
+  [Agent] snmp-agent mib-view included test ifTable
+  [Agent] snmp-agent group v3 managev3group read-view test write-view test
+//# Set the username to **managev3user**, authentication algorithm to sha, authentication key to **123456TESTauth&!**,
+  encryption algorithm to **aes128**, and privacy key to **123456TESTencr&!**.//
+  [Agent] snmp-agent usm-user v3 managev3user managev3group simple authentication-mode sha 123456TESTauth&!
+  privacy-mode aes128 123456TESTencr&!
+//# Configure contact person and physical location information for the agent.//
+  [Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306
+  [Agent] snmp-agent sys-info location telephone-closet,3rd-floor
+//# Enable traps, specify the NMS at **1.1.1.2** as a trap destination, and set the username to managev3user for the traps.//
+  [Agent] snmp-agent trap enable
+  [Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname managev3user v3 privacy
+**//Configure the SNMP NMS://**
+  - Specify SNMPv3.
+  - Create the SNMPv3 user managev3user.
+  - Enable both authentication and privacy functions.
+  - Use SHA-1 for authentication and AES for encryption.
+  - Set the authentication key to 123456TESTauth&! and the privacy key to 123456TESTencr&!.
+  - Set the timeout time and maximum number of retries.
+For information about configuring the NMS, see the NMS manual.
+**NOTE: The SNMP settings on the agent and the NMS must match**.
+//**Verify the configuration:**//
+//# Try to get the count of sent traps from the agent. The get attempt succeeds.//
+  Send request to 1.1.1.1/161 ...
+  Protocol version: SNMPv3
+  Operation: Get
+  Request binding:
+: 1.3.6.1.2.1.11.29.0
+  Response binding:
+: Oid=snmpOutTraps.0 Syntax=CNTR32 Value=18
+  Get finished
+//# Try to get the device name from the agent. The get attempt fails because the NMS has no access right to the node.//
+  Send request to 1.1.1.1/161 ...
+  Protocol version: SNMPv3
+  Operation: Get
+  Request binding:
+: 1.3.6.1.2.1.1.5.0
+  Response binding:
+: Oid=sysName.0 Syntax=noSuchObject Value=NULL
+  Get finished
+//# Execute the shutdown or undo shutdown command on an idle interface on the agent. You can see the interface state change traps on the NMS://
+.1.1.1/3374 V3 Trap = linkdown
+  SNMP Version = V3
+  Community = managev3user
+  Command = Trap
+.1.1.1/3374 V3 Trap = linkup
+  SNMP Version = V3
+  Community = managev3user
+  Command = Trap
+----
+**Example cod:  HPE 5510 Switch**
+**SNMP Client (Zabbix): 172.16.48.26**
+**SNMP Server (Switch): 172.16.4.1**
+**Switch Configuration:**
+  snmp-agent
+  snmp-agent local-engineid 800063A280DC680CF0E3C400000001
+  snmp-agent community read Companyread
+  snmp-agent community write Companywrite
+  snmp-agent sys-info contact Eng. Jhon Smith
+  snmp-agent sys-info location US
+  snmp-agent sys-info version all
+  snmp-agent group v3 Company3group read-view privacy write-view internet
+  snmp-agent target-host trap address udp-domain 172.16.48.26 params securityname  Company3user v3 privacy
+  snmp-agent mib-view included internet internet
+  snmp-agent usm-user v3 Company3user Company3group simple authentication-mode sha passwordclient1
+  privacy-mode aes128 passwordclient2
+  snmp-agent trap enable arp
+  snmp-agent trap enable radius
+  snmp-agent trap enable stp
+  snmp-agent trap enable syslog
+**Zabbix Configuration host:**
+{{ :hpe:switch:snmpv3_1.jpg?800 |}}
+{{ :hpe:switch:snmpv3_2.jpg?800 |}}
+**__Reboot Zabbix server:__**
+{{ :hpe:switch:snmpv3_3.jpg?800 |}}
+**Operatinal Host:**
+{{ :hpe:switch:snmpv3_4.jpg?800 |}}
+{{ :hpe:switch:snmpv3_5.jpg?800 |}}
+{{ :hpe:switch:snmpv3_6.jpg?800 |}}
+----
-{{ :hpe:switch:image28.png?300 |}}