SNMP Polling and Traps Configuration on Huawei Router

Here’s the SNMP configuration examples for Huawei routers.

Taking the following details:

SNMP community: snmpcomm123

Loopback/management IP address: 192.168.10.100
SNMP Polling Server: 192.168.20.199
SNMP Trap Server: 192.168.20.200
Pre-config: (assuming Loopback0 is your source interface to send those SNMP traffic)
interface LoopBack0
    description _ Loopback for Huawei Router
ip address 192.168.10.100 255.255.255.255

SNMPv2c Polling:
1. Configure SNMP (version can be set to all to support v1,v2c and v3)
snmp-agent sys-info version all
2. Configure SNMP engine ID and community string (with ACL)
snmp-agent
snmp-agent local-engineid <Engine ID>
snmp-agent community read cipher {password}  acl <ACL>
Sample Output:
snmp-agent
snmp-agent local-engineid 800007DB0000ABC11D2D56
snmp-agent community read cipher %^%#*JAZgT9C0XPI~”fyw36753Mkn&ZZ]3Nh+u(n%|X%^# acl 1234 

acl number 1234
 description SNMP Server
  rule 10 permit source 192.168.20.199
  rule 20 deny

Note: SNMP EngineID is use to uniquely identify an SNMP entity. If you want to setup manually, preferably to follow the standard conventions (Huawei engine ID + (IP or Mac Addrss of the router). FYI, Huawei device engine ID is 800007DB based on IANA private engine ID’s first 4 bytes in hexadecimal format.
SNMPv2c Traps:
snmp-agent trap enable
snmp-agent trap type base-trap
snmp-agent trap source <source IP/int>
snmp-agent target-host trap address udp-domain <Trap Server IP> params securityname { communityname } <version>
Sample Output: (SNMP community configured as clear text will be translated to encrypted characters)
snmp-agent trap enable
snmp-agent trap type base-trap

snmp-agent trap source LoopBack0
snmp-agent target-host trap address udp-domain 192.168.20.200 params securityname cipher %^%#Kh’jV+)9@d(FNTu2cK9*2<#Y%:ABh1Q^%# v2c
**SNMPv3 Configuration**

username : FNT
group: FNT_GROUP
Auth type: SHA
Auth Pass: ABcD123456
Priv : AES256
Priv Pass: FNT@fr33netw0rk

snmp-agent usm-user v3 <username>
snmp-agent usm-user v3 <username> group <group>
snmp-agent usm-user v3 <username> authentication-mode md5/sha/sha2-224/sha2-256/sha2-384/sha2-512
snmp-agent usm-user v3 <username> privacy-mode 3des168/aes128/aes192/aes256/des56

If you try to use old authentication type:
snmp-agent usm-user v3 FNT authentication-mode sha
Please configure the authentication password (8-255)
Enter Password: <type here ABcD123456>
Confirm Password: <type here ABcD123456>
Warning: The algorithm SHA1 is insecure. Using SHA2-256 or higher algorithm is recommended.

Sample Output:
snmp-agent usm-user v3 FNT
snmp-agent usm-user v3 FNT group FNT_GROUP
snmp-agent usm-user v3 FNT authentication-mode sha cipher %^%#:#Id6B%PMFW|~m`OoPNgR(p$Hb1$9d=PuQke87h7^%#
snmp-agent usm-user v3 FNT privacy-mode aes256 cipher %^%#H*E’QC$HTvB2*”tK*lHVQlP=}rHpDZn7}XApKf2%^%#
snmp-agent usm-user v3 FNT acl 1234

Here’s the SNMPv2c and SNMPv3 configuration

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *