**SNMPv3 configuration example**

**Network requirements**

As shown in Figure 28, the NMS (**1.1.1.2/24**) uses **SNMPv3** to monitor and manage the interface status of the agent (**1.1.1.1/24**), and the agent automatically sends traps to report events to the **NMS**.

The NMS and the agent perform authentication when they set up an SNMP session. The authentication algorithm is **SHA-1** and the authentication key is **123456TESTauth&!**. The NMS and the agent also encrypt the SNMP packets between them by using the **AES** algorithm and the privacy key **123456TESTencr&!**.

{{ :hpe:switch:image28.png?200 |}}

__**Configuration procedure**__

**Configure the agent:**

//# Configure the IP address of the agent and make sure the agent and the NMS can reach each other. (Details not shown.)//

//# Assign the NMS read and write access to the objects under the ifTable node (OID 1.3.6.1.2.1.2.2), and deny its access to any other MIB object.//

  <Agent> system-view
  [Agent] undo snmp-agent mib-view ViewDefault
  [Agent] snmp-agent mib-view included test ifTable
  [Agent] snmp-agent group v3 managev3group read-view test write-view test


//# Set the username to **managev3user**, authentication algorithm to sha, authentication key to **123456TESTauth&!**, 
  encryption algorithm to **aes128**, and privacy key to **123456TESTencr&!**.//

  [Agent] snmp-agent usm-user v3 managev3user managev3group simple authentication-mode sha 123456TESTauth&! 
  privacy-mode aes128 123456TESTencr&!

//# Configure contact person and physical location information for the agent.//

  [Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306
  [Agent] snmp-agent sys-info location telephone-closet,3rd-floor

//# Enable traps, specify the NMS at **1.1.1.2** as a trap destination, and set the username to managev3user for the traps.//

  [Agent] snmp-agent trap enable
  [Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname managev3user v3 privacy
  
**//Configure the SNMP NMS://**

  - Specify SNMPv3.
  - Create the SNMPv3 user managev3user.
  - Enable both authentication and privacy functions.
  - Use SHA-1 for authentication and AES for encryption.
  - Set the authentication key to 123456TESTauth&! and the privacy key to 123456TESTencr&!.
  - Set the timeout time and maximum number of retries.

For information about configuring the NMS, see the NMS manual.

**NOTE: The SNMP settings on the agent and the NMS must match**.

//**Verify the configuration:**//

//# Try to get the count of sent traps from the agent. The get attempt succeeds.//

  Send request to 1.1.1.1/161 ...
  Protocol version: SNMPv3
  Operation: Get
  Request binding: 
  1: 1.3.6.1.2.1.11.29.0
  Response binding:
  1: Oid=snmpOutTraps.0 Syntax=CNTR32 Value=18
  Get finished
  
//# Try to get the device name from the agent. The get attempt fails because the NMS has no access right to the node.//

  Send request to 1.1.1.1/161 ...
  Protocol version: SNMPv3
  Operation: Get
  Request binding: 
  1: 1.3.6.1.2.1.1.5.0
  Response binding:
  1: Oid=sysName.0 Syntax=noSuchObject Value=NULL
  Get finished
  
//# Execute the shutdown or undo shutdown command on an idle interface on the agent. You can see the interface state change traps on the NMS://

  1.1.1.1/3374 V3 Trap = linkdown
  SNMP Version = V3
  Community = managev3user
  Command = Trap
  1.1.1.1/3374 V3 Trap = linkup
  SNMP Version = V3
  Community = managev3user
  Command = Trap
  

----
**Example cod:  HPE 5510 Switch**

**SNMP Client (Zabbix): 172.16.48.26**

**SNMP Server (Switch): 172.16.4.1**

**Switch Configuration:** 

  snmp-agent
  snmp-agent local-engineid 800063A280DC680CF0E3C400000001
  snmp-agent community read Companyread
  snmp-agent community write Companywrite
  snmp-agent sys-info contact Eng. Jhon Smith
  snmp-agent sys-info location US
  snmp-agent sys-info version all
  snmp-agent group v3 Company3group read-view privacy write-view internet
  snmp-agent target-host trap address udp-domain 172.16.48.26 params securityname  Company3user v3 privacy
  snmp-agent mib-view included internet internet
  snmp-agent usm-user v3 Company3user Company3group simple authentication-mode sha passwordclient1
  privacy-mode aes128 passwordclient2

  snmp-agent trap enable arp
  snmp-agent trap enable radius
  snmp-agent trap enable stp
  snmp-agent trap enable syslog

**Zabbix Configuration host:**

{{ :hpe:switch:snmpv3_1.jpg?800 |}}

{{ :hpe:switch:snmpv3_2.jpg?800 |}}

**__Reboot Zabbix server:__**

{{ :hpe:switch:snmpv3_3.jpg?800 |}}

**Operatinal Host:**

{{ :hpe:switch:snmpv3_4.jpg?800 |}}

{{ :hpe:switch:snmpv3_5.jpg?800 |}}

{{ :hpe:switch:snmpv3_6.jpg?800 |}}


----