SNMP Polling and Traps Configuration on Huawei Router

Pre-config: (assuming Loopback0 is your source interface to send those SNMP traffic)

interface LoopBack0
    description _ Loopback for Huawei Router
ip address 192.168.10.100 255.255.255.255

1. Configure SNMP (version can be set to all to support v1,v2c and v3)

2. Configure SNMP engine ID and community string (with ACL)

snmp-agent
snmp-agent local-engineid 800007DB0000ABC11D2D56
snmp-agent community read cipher %^%#*JAZgT9C0XPI~”fyw36753Mkn&ZZ]3Nh+u(n%|X%^# acl 1234acl number 1234
 description SNMP Server
  rule 10 permit source 192.168.20.199 0
  rule 20 deny

Note: SNMP EngineID is use to uniquely identify an SNMP entity. If you want to setup manually, preferably to follow the standard conventions (Huawei engine ID + (IP or Mac Addrss of the router). FYI, Huawei device engine ID is 800007DB based on IANA private engine ID’s first 4 bytes in hexadecimal format.

Sample Output: (SNMP community configured as clear text will be translated to encrypted characters)
snmp-agent trap enable
snmp-agent trap type base-trap
snmp-agent trap source LoopBack0
snmp-agent target-host trap address udp-domain 192.168.20.200 params securityname cipher %^%#Kh’jV+)9@d(FNTu2cK9*2<#Y%:ABh1Q^%# v2c

username : FNT
group: FNT_GROUP
Auth type: SHA256
Auth Pass: ABcD123456
Priv : AES256
Priv Pass: FNT@fr33netw0rk

snmp-agent
snmp-agent sys-info version v3
snmp-agent group v3 <groupname> privacy read-view <string> write-view <string> notify-view <string>
snmp-agent usm-user v3 <username>
snmp-agent usm-user v3 <username> group <group>
snmp-agent usm-user v3 <username> authentication-mode md5/sha/sha2-224/sha2-256/sha2-384/sha2-512
snmp-agent usm-user v3 <username> privacy-mode 3des168/aes128/aes192/aes256/des56

If you try to use old authentication type:
snmp-agent usm-user v3 FNT authentication-mode sha
Please configure the authentication password (8-255)
Enter Password: <type here ABcD123456>
Confirm Password: <type here ABcD123456>
Warning: The algorithm SHA1 is insecure. Using SHA2-256 or higher algorithm is recommended.

Sample Output:
snmp-agent 
snmp-agent sys-info version v3
snmp-agent group v3 FNT_GROUP privacy read-view FNTview write-view FNTview notify-view FNTview
snmp-agent usm-user v3 FNT
snmp-agent usm-user v3 FNT group FNT_GROUP
snmp-agent usm-user v3 FNT authentication-mode sha2-256 cipher %^%#:#Id6B%PMFW|~m`OoPNgR(p$Hb1$9d=PuQke87h7^%#
snmp-agent usm-user v3 FNT privacy-mode aes256 cipher %^%#H*E’QC$HTvB2*”tK*lHVQlP=}rHpDZn7}XApKf2%^%#
snmp-agent usm-user v3 FNT acl 1234

Sample Output:

/usr/bin/snmpwalk -M /usr/local/snmp/mibs -v3 -u FNT -l authPriv -a SHA-256 -A ****** -x AES256 -X ****** 192.168.10.100:161 sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.1 (NE40E V800R021C10SPC600)
Copyright (C) 2012-2022 Huawei Technologies Co., Ltd.
HUAWEI NE40E

e.g. simulate using port down

<HUAWEI>sys
Enter system view, return user view with return command.

[~HUAWEI]diagnose
Warning: Enter diagnose view, return user view with Ctrl+Z.
Info: The diagnose view is used to debug system hardware and software. Misuse of certain commands in this view may affect system performance. Therefore, use these commands with the guidance of Huawei engineers.

To generate alarm:

[~HUAWEI]simulate alarm-name hwPortDown alarm-state start

To clear alarm:
[~HUAWEI]simulate alarm-name hwPortDown alarm-state end

Here’s the SNMPv2c and SNMPv3 configuration

Cisco –> SNMPv2c and SNMPv3 Polling and Traps Configuration in Cisco (IOS-XR)

Juniper –> SNMPv2c and SNMPv3 Polling and Traps Configuration in Juniper