Shulou(Shulou.com)05/31 Report--

This article mainly analyzes how to analyze the relevant knowledge points of H3C iMC combined with SNMPv3 protocol to manage the equipment of different manufacturers, the content is detailed and easy to understand, the operation details are reasonable, and has a certain reference value. If you are interested, you might as well follow the editor to take a look, and follow the editor to learn more about "how to parse H3C iMC combined with SNMPv3 protocol to manage equipment from different vendors".

Network management software is welcomed by more and more customers, IT manufacturers also actively launch their own network management software, as for the use of the effect and experience, everyone's own experience, mixed in the IT circle, you all know. Combined with the personal recent implementation project, deploy the iMC operation and maintenance management platform developed by H3C (it is said to be called "Xinhua III"), which involves the equipment of different manufacturers.

Most network management software manages network devices through the SNMP protocol, so the question is, what is SNMP?

Brief introduction of SNMP Protocol

SNMP (Simple Network Management Protocol, simple Network Management Protocol) is a standard network management protocol in the Internet, which is widely used to realize the access and management of management devices to managed devices.

The SNMP network environment includes two elements, NMS and Agent:

NMS (Network Management Station, Network Management system) is the manager of SNMP network, which can provide friendly man-machine interface and facilitate network administrators to complete the network management work.

Agent is the managed in the SNMP network environment, which is responsible for receiving and processing request messages from NMS. In some emergency situations, such as a change in the status of the interface, Agent will actively send an alarm message to NMS.

Working mechanism of SNMP protocol

NMS manages the device through MIB (Management Information Base, Management Information Base) when managing the device. MIB defines the hierarchical relationship between nodes and a series of attributes of objects, such as object names, access permissions, data types, and so on. Each Agent has its own MIB. All managed devices have their own MIB files, and the MIB of the device can be generated by compiling these MIB files on NMS. NMS reads / writes MIB nodes according to access rights, thus realizing the management of Agent.

SNMP provides the following basic operations to implement the interaction between NMS and Agent:

GET action: NMS uses this operation to query the values of one or more nodes in Agent MIB.

SET action: NMS uses this action to set the value of one or more nodes in the Agent MIB.

Trap operation: Agent uses this operation to send alarm information to NMS.

SNMP protocol version

Currently, Agent supports SNMPv1, SNMPv2c and SNMPv3 versions:

SNMPv1 adopts group name (Community Name) authentication mechanism. The group name is similar to a password and is used to restrict NMS's access to Agent. If the NMS accesses the managed device with a different community name than the community name set on the managed device, the SNMP connection cannot be established, resulting in access failure.

SNMPv2c also uses the group name authentication mechanism. SNMPv2c extends the capabilities of SNMPv1: more operation types are provided; more data types are supported; and richer error codes are provided to distinguish errors in more detail.

SNMPv3 adopts USM (User-Based Security Model, user-based security model) authentication mechanism. The network administrator can set up authentication and encryption functions. Authentication is used to verify the legitimacy of the message sender to avoid access by illegal users; encryption is to encrypt the transmission messages between NMS and Agent to avoid eavesdropping. Authentication and encryption functions can provide higher security for the communication between NMS and Agent.

The main difference between the three versions is that V1 and V2C version only need to configure read and write community words to achieve device management, and V3 version needs to configure relevant user, authentication, encryption and other factors, combined with H3C iMC and different manufacturers to give different configuration cases.

H3C device SNMPv3 configuration

# configure the IP address of Agent and ensure that the route between Agent and NMS (H3C iMC) is reachable.

System-view

[Agent] snmp-agent group v3 h4c * / v3 refers to the SNMP version, and h4c is the name of the community and can be changed

# set the user name used by Agent to h4c, authentication algorithm to MD5, authentication password to h4c, encryption algorithm to DES56, and encryption password to h4c

[Agent] snmp-agent usm-user v3 h4ch4cauthentication-modemd5 h4c privacy-mode des56 h4c

# set the contact of the device

[Agent] snmp-agent sys-info contact h4c

[Agent] snmp-agent sys-infoversion v3

# set to allow Trap messages to be sent to NMS with a user name of h4c.

[Agent] snmp-agent trap enable

[Agent] snmp-agent target-host trap addressudp-domain 1.1.1.2params securitynameh4cv3privacy * / address is iMC server address

Huawei configuration and H3C device configuration are basically the same, more or less the same.

Cisco device configuration

Switch (config) # snmp-servercommunity RO/RW

Switch (config) # snmp-serveruser v3 authen md5 priva des56

Switch (config) # snmp-servergroup v3authen/priva

Switch (config) # snmp-serverhost x.x.x.xtraps version 3 priva

Switch (config) # snmp-serverenable traps

For the configuration of ZTE, Lenovo, Maipu and other devices, please see Cisco. It is recommended to select des56 encryption algorithm for priva when configuring, because Cisco layer 2 switch does not support AES128 encryption algorithm.

H3C iMC platform configuration

It is recommended to configure the SNMPv3 template in the iMC platform. Later, you only need to set the parameters in the SNMPv3 configuration file to match the template on the network device:

Configure related parameters

Fill in the template name, parameter type "SNMPv3 Priv-DesAuth-Md5", user name "h4c", authentication password and encryption password "h4c", click OK.

When adding a device, enter the device management address and select the SNMP template to add the device.

After the addition, you can view and manage the device information.

This article mainly analyzes how to analyze the relevant knowledge points of H3C iMC combined with SNMPv3 protocol to manage the equipment of different manufacturers, the content is detailed and easy to understand, the operation details are reasonable, and has a certain reference value. If you are interested, you might as well follow the editor to take a look, and follow the editor to learn more about "how to parse H3C iMC combined with SNMPv3 protocol to manage equipment from different vendors".

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.