In this guide, we will enable the essential SNMP settings for HP Comware, below are the commands.
!# Enable SNMP Agent
snmp-agent
!# Configure SNMP information for the device
snmp-agent sys-info location <device_location>
snmp-agent sys-info contact <device_administrator_contact_information>
!# Enable SNMP version 3
snmp-agent sys-info version v3
In summary for SNMP version 3, there are 3 security levels namely:
- noAuthNoPriv - SNMP messages don't require authentication and are not encrypted
- AuthNoPriv - SNMP messages are authenticated with username/password but are not encrypted
- AuthPriv - SNMP messages are authenticated with username/password and encrypted.
We will configure all 3 security levels on the HP Comware network device with IP address 192.168.200.11 and use the snmpwalk tool to test the SNMPv3 configuration.
A. SNMPv3 with level noAuthnoPriv
Configure HP Comware network device with SNMP group V3noAuthnoPriv and username snmp1user
snmp-agent group v3 V3noAuthnoPriv
snmp-agent usm-user v3 snmp1user V3noAuthnoPriv
Verify configuration with these display commands
#display snmp-agent group
Group name: V3noAuthnoPriv
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview: <no specified>
Storage-type: nonVolatile
#display snmp-agent usm-user
User name: snmp1user
Group name: V3noAuthnoPriv
Engine ID: 8000000B0320FDF1EB0ED9
Storage-type: nonVolatile
UserStatus: active
Test the configuration using the snmpwalk tool
# snmpwalk -v 3 -u snmp1user -l noAuthnoPriv 192.168.200.11 system
SNMPv2-MIB::sysDescr.0 = STRING: HP A5120-24G SI Switch Software Version 5.20, Release 1513P86
Copyright(c) 2010-2014 Hewlett-Packard Development Company, L.P.
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.25506.11.1.12
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (750552944) 86 days, 20:52:09.44
SNMPv2-MIB::sysContact.0 = STRING: ([email protected] / 04xxxxxxx)
SNMPv2-MIB::sysName.0 = STRING: HP-TEST-SWITCH-5120
SNMPv2-MIB::sysLocation.0 = STRING: HP-TEST-SWITCH-5120
SNMPv2-MIB::sysServices.0 = INTEGER: 78
B. SNMPv3 with level AuthnoPriv
Configure HP Comware network device with SNMP group V3AuthnoPriv and username snmp1user and authentication passwd snmpauthpass using hash mode MD5 (or SHA)
snmp-agent group v3 V3authNoPriv authentication
snmp-agent usm-user v3 snmp2user V3authNoPriv authentication-mode md5 snmpauthpass
Verify configuration with these display commands
#display snmp-agent group
Group name: V3authNoPriv
Security model: v3 AuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview: <no specified>
Storage-type: nonVolatile
#display snmp-agent usm-user
User name: snmp2user
Group name: V3authNoPriv
Engine ID: 8000000B0320FDF1EB0ED9
Storage-type: nonVolatile
UserStatus: active
Test the configuration using the snmpwalk tool
SNMPv2-MIB::sysDescr.0 = STRING: HP A5120-24G SI Switch Software Version 5.20, Release 1513P86
Copyright(c) 2010-2014 Hewlett-Packard Development Company, L.P.
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.25506.11.1.12
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (750600261) 86 days, 21:00:02.61
SNMPv2-MIB::sysContact.0 = STRING: ([email protected] / 04xxxxxxx)
SNMPv2-MIB::sysName.0 = STRING: HP-TEST-SWITCH-5120
SNMPv2-MIB::sysLocation.0 = STRING: HP-TEST-SWITCH-5120
SNMPv2-MIB::sysServices.0 = INTEGER: 78 # snmpwalk -v 3 -u snmp2user -l authNoPriv -a MD5 -A snmpauthpass 192.168.200.11 system
We will continue in Part2 for the SNMP configuration for the 3rd security levels, security ACLs and debugging.