SNMPv3 configuration example

Network requirements

As shown in Figure 28, the NMS (1.1.1.2/24) uses SNMPv3 to monitor and manage the interface status of the agent (1.1.1.1/24), and the agent automatically sends traps to report events to the NMS.

The NMS and the agent perform authentication when they set up an SNMP session. The authentication algorithm is SHA-1 and the authentication key is 123456TESTauth&!. The NMS and the agent also encrypt the SNMP packets between them by using the AES algorithm and the privacy key 123456TESTencr&!.

Configuration procedure

Configure the agent:

# Configure the IP address of the agent and make sure the agent and the NMS can reach each other. (Details not shown.)

# Assign the NMS read and write access to the objects under the ifTable node (OID 1.3.6.1.2.1.2.2), and deny its access to any other MIB object.

<Agent> system-view
[Agent] undo snmp-agent mib-view ViewDefault
[Agent] snmp-agent mib-view included test ifTable
[Agent] snmp-agent group v3 managev3group read-view test write-view test

# Set the username to managev3user, authentication algorithm to sha, authentication key to 123456TESTauth&!, encryption algorithm to aes128, and privacy key to 123456TESTencr&!.

[Agent] snmp-agent usm-user v3 managev3user managev3group simple authentication-mode sha 123456TESTauth&! 
privacy-mode aes128 123456TESTencr&!

# Configure contact person and physical location information for the agent.

[Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306
[Agent] snmp-agent sys-info location telephone-closet,3rd-floor

# Enable traps, specify the NMS at 1.1.1.2 as a trap destination, and set the username to managev3user for the traps.

[Agent] snmp-agent trap enable
[Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname managev3user v3 privacy

Configure the SNMP NMS:

  1. Specify SNMPv3.
  2. Create the SNMPv3 user managev3user.
  3. Enable both authentication and privacy functions.
  4. Use SHA-1 for authentication and AES for encryption.
  5. Set the authentication key to 123456TESTauth&! and the privacy key to 123456TESTencr&!.
  6. Set the timeout time and maximum number of retries.

For information about configuring the NMS, see the NMS manual.

NOTE: The SNMP settings on the agent and the NMS must match.

Verify the configuration:

# Try to get the count of sent traps from the agent. The get attempt succeeds.

Send request to 1.1.1.1/161 ...
Protocol version: SNMPv3
Operation: Get
Request binding: 
1: 1.3.6.1.2.1.11.29.0
Response binding:
1: Oid=snmpOutTraps.0 Syntax=CNTR32 Value=18
Get finished

# Try to get the device name from the agent. The get attempt fails because the NMS has no access right to the node.

Send request to 1.1.1.1/161 ...
Protocol version: SNMPv3
Operation: Get
Request binding: 
1: 1.3.6.1.2.1.1.5.0
Response binding:
1: Oid=sysName.0 Syntax=noSuchObject Value=NULL
Get finished

# Execute the shutdown or undo shutdown command on an idle interface on the agent. You can see the interface state change traps on the NMS:

1.1.1.1/3374 V3 Trap = linkdown
SNMP Version = V3
Community = managev3user
Command = Trap
1.1.1.1/3374 V3 Trap = linkup
SNMP Version = V3
Community = managev3user
Command = Trap

Example cod: HPE 5510 Switch

SNMP Client (Zabbix): 172.16.48.26

SNMP Server (Switch): 172.16.4.1

Switch Configuration:

snmp-agent
snmp-agent local-engineid 800063A280DC680CF0E3C400000001
snmp-agent community read Companyread
snmp-agent community write Companywrite
snmp-agent sys-info contact Eng. Jhon Smith
snmp-agent sys-info location US
snmp-agent sys-info version all
snmp-agent group v3 Company3group read-view privacy write-view internet
snmp-agent target-host trap address udp-domain 172.16.48.26 params securityname  Company3user v3 privacy
snmp-agent mib-view included internet internet
snmp-agent usm-user v3 Company3user Company3group simple authentication-mode sha passwordclient1
privacy-mode aes128 passwordclient2
snmp-agent trap enable arp
snmp-agent trap enable radius
snmp-agent trap enable stp
snmp-agent trap enable syslog

Zabbix Configuration host:

Reboot Zabbix server:

Operatinal Host: