SNMP Polling and Traps Configuration on Huawei Router

Here’s the SNMP configuration examples for Huawei routers.

Taking the following details:

SNMP community: snmpcomm123

Loopback/management IP address: 192.168.10.100
SNMP Polling Server: 192.168.20.199
SNMP Trap Server: 192.168.20.200
Pre-config: (assuming Loopback0 is your source interface to send those SNMP traffic)
interface LoopBack0
    description _ Loopback for Huawei Router
ip address 192.168.10.100 255.255.255.255

SNMPv2c Polling:
1. Configure SNMP (version can be set to all to support v1,v2c and v3)
snmp-agent sys-info version all
2. Configure SNMP engine ID and community string (with ACL)
snmp-agent
snmp-agent local-engineid <Engine ID>
snmp-agent community read cipher {password}  acl <ACL>
Sample Output:
snmp-agent
snmp-agent local-engineid 800007DB0000ABC11D2D56
snmp-agent community read cipher %^%#*JAZgT9C0XPI~”fyw36753Mkn&ZZ]3Nh+u(n%|X%^# acl 1234acl number 1234
 description SNMP Server
  rule 10 permit source 192.168.20.199 0
  rule 20 deny
Note: SNMP EngineID is use to uniquely identify an SNMP entity. If you want to setup manually, preferably to follow the standard conventions (Huawei engine ID + (IP or Mac Addrss of the router). FYI, Huawei device engine ID is 800007DB based on IANA private engine ID’s first 4 bytes in hexadecimal format.
SNMPv2c Traps:
snmp-agent trap enable
snmp-agent trap type base-trap
snmp-agent trap source <source IP/int>
snmp-agent target-host trap address udp-domain <Trap Server IP> params securityname { communityname } <version>
Sample Output: (SNMP community configured as clear text will be translated to encrypted characters)
snmp-agent trap enable
snmp-agent trap type base-trap

snmp-agent trap source LoopBack0
snmp-agent target-host trap address udp-domain 192.168.20.200 params securityname cipher %^%#Kh’jV+)9@d(FNTu2cK9*2<#Y%:ABh1Q^%# v2c
**SNMPv3 Configuration**

username : FNT
group: FNT_GROUP
Auth type: SHA256
Auth Pass: ABcD123456
Priv : AES256
Priv Pass: FNT@fr33netw0rk

snmp-agent
snmp-agent sys-info version v3
snmp-agent group v3 <groupname> privacy read-view <string> write-view <string> notify-view <string>
snmp-agent usm-user v3 <username>

snmp-agent usm-user v3 <username> group <group>
snmp-agent usm-user v3 <username> authentication-mode md5/sha/sha2-224/sha2-256/sha2-384/sha2-512
snmp-agent usm-user v3 <username> privacy-mode 3des168/aes128/aes192/aes256/des56

If you try to use old authentication type:
snmp-agent usm-user v3 FNT authentication-mode sha
Please configure the authentication password (8-255)
Enter Password: <type here ABcD123456>
Confirm Password: <type here ABcD123456>
Warning: The algorithm SHA1 is insecure. Using SHA2-256 or higher algorithm is recommended.

Sample Output:
snmp-agent 
snmp-agent sys-info version v3
snmp-agent group v3 FNT_GROUP privacy read-view FNTview write-view FNTview notify-view FNTview
snmp-agent usm-user v3 FNT
snmp-agent usm-user v3 FNT group FNT_GROUP
snmp-agent usm-user v3 FNT authentication-mode sha2-256 cipher %^%#:#Id6B%PMFW|~m`OoPNgR(p$Hb1$9d=PuQke87h7^%#
snmp-agent usm-user v3 FNT privacy-mode aes256 cipher %^%#H*E’QC$HTvB2*”tK*lHVQlP=}rHpDZn7}XApKf2%^%#
snmp-agent usm-user v3 FNT acl 1234

Verification (from SNMP Polling Server)
/usr/bin/snmpwalk -M /usr/local/snmp/mibs -v3 -u <user> -l authPriv -a SHA-256 -A <password> -x AES256 -X <encryptkeypass> 192.168.10.100:161 sysDescr.0

Sample Output:

/usr/bin/snmpwalk -M /usr/local/snmp/mibs -v3 -u FNT -l authPriv -a SHA-256 -A ****** -x AES256 -X ****** 192.168.10.100:161 sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.1 (NE40E V800R021C10SPC600)
Copyright (C) 2012-2022 Huawei Technologies Co., Ltd.
HUAWEI NE40E
Here’s the SNMPv2c and SNMPv3 configuration

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *