Configuration procedure
Configuring SNMPv3 in RBAC mode
Configure the agent:
# Assign IP address 1.1.1.1/24 to the agent and make sure the agent and the NMS can reach each other. (Details not shown.)
# Create user role test, and assign test read-only access to the objects under the snmpMIB node (OID: 1.3.6.1.6.3.1), including the linkUp and linkDown objects.
<Agent> system-view [Agent] role name test [Agent-role-test] rule 1 permit read oid 1.3.6.1.6.3.1
# Assign user role test read-only access to the system node (OID: 1.3.6.1.2.1.1) and read-write access to the interfaces node (OID: 1.3.6.1.2.1.2).
[Agent-role-test] rule 2 permit read oid 1.3.6.1.2.1.1 [Agent-role-test] rule 3 permit read write oid 1.3.6.1.2.1.2 [Agent-role-test] quit
# Create SNMPv3 user RBACtest. Assign user role test to RBACtest. Set the authentication algorithm to sha, authentication key to 123456TESTauth&!, encryption algorithm to aes128, and privacy key to 123456TESTencr&!.
[Agent] snmp-agent usm-user v3 RBACtest user-role test simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!
# Configure contact and physical location information for the agent.
[Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306 [Agent] snmp-agent sys-info location telephone-closet,3rd-floor
# Enable notifications on the agent. Specify the NMS at 1.1.1.2 as the notification destination, and RBACtest as the username.
[Agent] snmp-agent trap enable [Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname RBACtest v3 privacy
Configure the NMS:
Specify SNMPv3.
Create SNMPv3 user RBACtest.
Enable both authentication and privacy functions.
Use SHA-1 for authentication and AES for encryption.
Set the authentication key to 123456TESTauth&! and the privacy key to 123456TESTencr&!.
Set the timeout timer and maximum number of retries.
For information about configuring the NMS, see the NMS manual.
NOTE:
The SNMP settings on the agent and the NMS must match.
Configuring SNMPv3 in VACM mode
Configure the agent:
# Assign IP address 1.1.1.1/24 to the agent, and make sure the agent and the NMS can reach each other. (Details not shown.)
# Create SNMPv3 group managev3group and assign managev3group read-only access to the objects under the snmpMIB node (OID: 1.3.6.1.6.3.1) in the test view, including the linkUp and linkDown objects.
<Agent> system-view [Agent] undo snmp-agent mib-view ViewDefault [Agent] snmp-agent mib-view included test snmpMIB [Agent] snmp-agent group v3 managev3group privacy read-view test
# Assign SNMPv3 group managev3group read-write access to the objects under the system node (OID: 1.3.6.1.2.1.1) and interfaces node (OID: 1.3.6.1.2.1.2) in the test view.
[Agent] snmp-agent mib-view included test 1.3.6.1.2.1.1 [Agent] snmp-agent mib-view included test 1.3.6.1.2.1.2 [Agent] snmp-agent group v3 managev3group privacy read-view test write-view test
# Add user VACMtest to SNMPv3 group managev3group, and set the authentication algorithm to sha, authentication key to 123456TESTauth&!, encryption algorithm to aes128, and privacy key to 123456TESTencr&!.
[Agent] snmp-agent usm-user v3 VACMtest managev3group simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!
# Configure contact and physical location information for the agent.
[Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306 [Agent] snmp-agent sys-info location telephone-closet,3rd-floor
# Enable notifications on the agent. Specify the NMS at 1.1.1.2 as the trap destination, and VACMtest as the username.
[Agent] snmp-agent trap enable [Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params VACMtest v3 privacy
Configure the SNMP NMS:
Specify SNMPv3.
Create SNMPv3 user VACMtest.
Enable both authentication and privacy functions.
Use SHA-1 for authentication and AES for encryption.
Set the authentication key to 123456TESTauth&! and the privacy key to 123456TESTencr&!.
Set the timeout timer and maximum number of retries.
For information about configuring the NMS, see the NMS manual.
NOTE:
The SNMP settings on the agent and the NMS must match.