Home > other >  Snmp v3 trap configuration guide
Snmp v3 trap configuration guide

Time:11-22

Snmp v3 trap configuration guide
1, equipment configuration on the SNMP v3
Unlike SNMPv1/v2c USES groups of authentication mechanism, SNMPv3 adopts the unsharp mask (User - -based Security Model, Based on the User's Security Model) authentication mechanism, use groups to manage users, NMS using SNMPv3 username access equipment, whether you need the authentication and encryption, determined by the configuration of group, create a User, can be configured for different users of different algorithms and authentication password, encryption password.
1. Enter the system view
The system - the view
2. Start the SNMP Agent service
SNMP agent -
3. The configuration of equipment support SNMPv3 version
SNMP agent sys - info version v3
4. Create a MIB view (containing subtree iso)
SNMP agent - mib - view include iso iso
Note: the first "iso" for the new MIB view name, the second is "iso" view accessible subtree name
5. Create SNMPv3 group (there are three kinds of safe mode, select one of the configured)
(1) create certification not encrypted snmpv3 group, the group called "lxhgroup", reading and writing MIB view called "iso"
SNMP agent - group v3 lxhgroup read - view iso write - view iso
(2) create certification is not encrypted snmpv3 group, the group called "lxhgroup", reading and writing MIB view called "iso"
SNMP agent - group v3 lxhgroup authentication read - view iso write - view iso
(3) create authentication encryption snmpv3 group, group called "lxhgroup", reading and writing MIB view called "iso"
SNMP agent - group v3 lxhgroup privacy read - view iso write - view iso
6. Create SNMPv3 user (below, there are three ways to choose according to note one way, with 6 SNMPv3 group security pattern matching)
(1) create authentication encryption snmpv3 user, the user named "LXH
"SNMP agent unsharp mask - user v3 LXH lxhgroup
(2) create certification is not encrypted snmpv3 user, user called LXH, authentication mode selection "md5" or "sha", authentication password for "lxh123
"SNMP agent unsharp mask - user v3 LXH lxhgroup simple authentication - mode md5 | sha lxh123
(3) create authentication encryption snmpv3 user, user called LXH, authentication mode selection "md5" or "sha", authentication password for "lxh123", encryption algorithm to choose "either aes128" or "des56", encrypted password for "lxh123
"SNMP agent unsharp mask - user v3 LXH lxhgroup simple authentication - mode md5 | sha lxh123 privacy - mode either aes128 | des56 lxh123
Note: 1, if the group with no authentication encryption security model, has joined the group of users can choose the above any kind of way to create the SNMPv3 users; If the group adopt the certification is not encrypted mode, the user can choose authentication way of encryption or authentication encryption based SNMPv3 users; If the group USES the authentication encryption mode, the join of the user also must use authentication encryption mode,

2, configure SNMP alarm
SNMP alarm information including the Trap and Inform two kinds, important event happened to Inform NMS equipment, for example, the user login/logout, interface state to the up/down, Inform is different from the Trap: Agent NMS to send it a message, Inform NMS sends response message, and the Trap is not required,
1, configure the Trap information parameter
1. Enter the system view
The system - the view
2. Make to send the Trap message
SNMP agent - trap enable
3. The configuration of the Trap message sending parameters (there are three kinds of safe mode, select one of the configured)
(1) the configuration LXH users without authentication encryption manner to the network side: 172.22.3.121 sends the Trap message
SNMP agent - target - host trap address udp - domain 172.22.3.121 params securityname LXH v3
(2) configuration LXH user authentication is not encrypted manner to the network side: 172.22.3.121 sends the Trap message
SNMP agent - target - host trap address udp - domain 172.22.3.121 params securityname LXH v3 authentication
(3) the configuration LXH user authentication encryption way to network management side: 172.22.3.121 sends the Trap message
SNMP agent - target - host trap address udp - domain 172.22.3.121 params securityname LXH v3 privacy
Note: 1172.22) 3.121 here for NMS (network management the server side) the IP address, "LXH for snmpv3
"Account,
2, the Trap message and SNMPv3 group and the safety of the user mode correspondence please see the appendix table below send
"Send the Trap message, SNMPv3 group, the user and the Trap message pattern matching in the following table "
2, Inform information parameter
Inform a message with the Trap message configuration difference is that Inform need to configure the remote SNMP entity engine ID and distal entities associated with the user's security model, namely the following (2) and (3), whereas the Trap does not need to configure the two commands,
1. Enter the system view
The system - the view
2. Configure the remote SNMP entity engine ID
SNMP agent - remote 172.22.3.121 engineid a2800123456789abcdef0123 800063
Note: 172.22.3.121 here for NMS (network management the server side) the IP address, 800063 a2800123456789abcdef0123 for remote SNMP entity engine ID, no matter what device, the distal engineID is fixed
3. Open send Inform packet to the destination host function (safe mode has the following three, can choose any one of them)
(1) with no authentication encryption mode send Inform packet to the destination host
SNMP agent unsharp mask - user v3 LXH lxhgroup remote 172.22.3.121
(2) to authentication encryption mode not send Inform packet to the destination host
SNMP agent unsharp mask - user v3 LXH lxhgroup remote 172.22.3.121 simple authentication - mode md5 | sha lxh123
(3) authentication encryption mode send Inform packet to the destination host
SNMP agent unsharp mask - user v3 LXH lxhgroup remote 172.22.3.121 simple authentication - mode md5 | sha lxh123 privacy - mode either aes128 | des56 lxh123
4. Configuration Inform message sending parameters (there are three kinds of safe mode, select one of the configured)
(1) the configuration LXH users with no authentication encryption methods to iMC: 172.22.3.121 sends the Trap message
SNMP agent - target - host inform address udp - domain 172.22.3.121 params securityname LXH v3
(2) configuration LXH user authentication is not encrypted manner to iMC: 172.22.3.121 sends the Trap message
SNMP agent - target - host inform address udp - domain 172.22.3.121 params securityname LXH v3 authentication
(3) the configuration LXH user authentication encryption manner to iMC: 172.22.3.121 sends the Trap message
SNMP agent - target - host inform address udp - domain 172.22.3.121 params securityname LXH v3 privacy
Note: 1172.22) 3.121 here for NMS the server (iMC) IP address, "LXH" for the configuration of the snmpv3 username,
2, Inform and SNMPv3 message group and the safety of the user mode correspondence please see the appendix table below "send Inform message, SNMPv3 group, user and Inform message pattern matching in the following table"
3, the network side configuration SNMPv3 parameter
According to the configuration of local SNMP users on the device parameters, in the network management security side the equipment selection of the same model, the same parameter configuration, the configuration of the network side must be consistent with device side, otherwise unable to operate,

















4, attached: SNMPv3 group, the user, the Trap message and Inform the message safe mode corresponding table
1, send the Trap message, SNMPv3 group, users and the Trap message pattern matching in the following table:
SNMPv3 group mode SNMPv3 user mode the Trap message



No certification not encrypted authentication not encrypted authentication encryption

Certification not encrypted authentication encryption
Certification is not encrypted


authentication encryption authentication not encryptedCertification is not encrypted
Authentication encryption

Certification not encrypted authentication encryption authentication encryption
Authentication encryption authentication is not encrypted
Authentication encryption
Authentication encryption authentication encryption authentication encryption





2, send Inform message, SNMPv3 group, users and Inform message pattern matching in the following table:
SNMPv3 group
Model SNMPv3 user
Pattern to the destination host send
Inform message mode Inform message
Mode



Do not authentication encryption authentication not encrypted authentication not encrypted authentication encryption

Certification is not encrypted
Certification not encrypted authentication encryption
Certification is not encrypted

Authentication encryption

authentication encryption authentication not encryptedCertification is not encrypted
Authentication encryption

Authentication is not encrypted authentication not encrypted authentication encryption authentication encryption
No encryption authentication encryption authentication encryption authentication
Authentication encryption
Authentication encryption authentication encryption authentication encryption authentication encryption

Conclusion matching rules, the following rules:
(1) considered separately SNMPv3 group and the safety of the user mode, it should be the safety of the user mode should be more complicated than the group of the safe mode (because SNMP parameters are based on the validated security model based on group), for example is when the group using "certification is not encrypted, user model, at least, is" certification, "as for" no encryption ", have two choices: "authentication encryption" and "certification is not encrypted
"nullnullnullnullnull
  • Related