Step

Command

Remarks

4.Configure the SNMP access right.

(Approach 1) Specify the SNMP NMS access right directly by configuring an SNMP community:

snmp-agent community { read write } community-name[ mib-view view-name] [ acl acl-number acl ipv6 ipv6-acl-number] *

(Approach 2) Configure an SNMP group and add a user to the SNMP group:

a.snmp-agent group { v1 v2c } group-name[ read-view read-view] [ write-view write-view] [ notify-view notify-view] [ acl acl-number acl ipv6 ipv6-acl-number] *

b.snmp-agent usm-user { v1 v2c } user-namegroup-name[ acl acl-number acl ipv6 ipv6-acl-number] *

Use either approach.

The username in approach 2 is equivalent to the community name used in approach 1, and must be the same as the community name configured on the NMS.

NOTE:

Support for the acl ipv6 ipv6-acl-numberoption depends on the device model. For more information, see Getting Started Command Reference.

SNMP login example

Network requirements

Configure the firewall and network management station so you can remotely manage the firewall through SNMPv3.

Figure 54 Network diagram

Configuration procedure

1.Configure the firewall:

#Assign an IP address to the firewall. Make sure the firewall and the NMS can reach each other. (Details not shown.)

#Enter system view.

<Sysname> system-view

# Enable the SNMP agent.

[Sysname] snmp-agent

# Configure an SNMP group.

[Sysname] snmp-agent group v3 managev3group

# Add a user to the SNMP group.

[Sysname] snmp-agent usm-user v3 managev3user managev3group

66