История страницы

1

Enable SNMP server.

esr(config)# snmp-server

2

Specify community for the access via SNMPv2c.

esr(config)# snmp-server community <COMMUNITY> [ <TYPE> ]
[ { <IP-ADDR> | <IPV6-ADDR> } ]
[ client-list <OBJ-GROUP-NETWORK-NAME> ]
[ <VERSION> ] [ view <VIEW-NAME> ] [ vrf <VRF> ]

<COMMUNITY> – community for the access via SNMP;

<TYPE> – access level:

• ro – read-only access;
• rw – read and write access.

<IP-ADDR> – IP address of the client provided with the access, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];

<IPV6-ADDR> – client IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF];

<OBJ-GROUP-NETWORK-NAME> – profile name of IP addresses, from which snmp requests are processing, set by the string of up to 31 characters;

<VERSION> – the snmp version supported by this community takes the values v1 or v2c;

<VIEW-NAME> – SNMP view profile name, set by the string of up to 31 characters;

<VRF> – VRF instance name, set by the string of up to 31 characters, for which access will be granted.

3

Set the value of SNMP variable that contains contact information.

esr(config)# snmp-server contact <CONTACT>

<CONTACT> – contact information, sets by string with 255 characters length.

4

Set the DSCP code value for the use in IP headers of SNMP server egress packets (optional).

esr(config)# snmp-server dscp <DSCP>

<DSCP> – DSCP code value, takes values in the range of [0..63].

Default value: 63.

5

Enable router reboot by using snmp messages (optional).

esr(config)# snmp-server system-shutdown

6

Create SNMPv3 user.

esr(config)# snmp-server user <NAME>

<NAME> – user name, set by the string of up to 31 characters.

7

Set the value of SNMP value that contains the information on the device location.

esr(config)# snmp-server location <LOCATION>

<LOCATION> – information about equipment location, set by the string up to 255 characters.

8

Specify user access level via SNMPv3.

esr(config-snmp-user)# access <TYPE>

<TYPE> – access level:

• ro – read-only access;
• rw – read and write access.

9

Specify user security mode via SNMPv3.

esr(config-snmp-user)# authentication access <TYPE>

<TYPE> – security mode:

• auth – used only for authentication;
• priv – both authentication and data encryption are used.

10

Specify SNMPv3 queries authentication algorithm.

esr(config-snmp-user)# authentication algorithm <ALGORITHM>

<ALGORITHM> – encryption algorithm:

• md5 – password is hashed by md5 algorithm;
• sha1 – password is encrypted by sha1 algorithm.

11

Set the password for SNMPv3 queries authentication.

esr(config-snmp-user)# authentication key ascii-text
{ <CLEAR-TEXT> | encrypted <ENCRYPTED-TEXT> }

<CLEAR-TEXT> – password, set by the string of 8 to 16 characters;

• encrypted – when specifying a command, an encrypted password is set:

<ENCRYPTED-TEXT> – encrypted password of 8 to 16 bytes (from 16 to 32 characters) in hexadecimal format (0xYYYY ...) or (YYYY ...).

12

Enable filtration and set the profile of IP addresses from which SNMPv3 packets with the given SNMPv3 user name can be received.

esr(config-snmp-user)# client-list <NAME>

<NAME> – name of the previously conscious object-group, specified in a string of up to 31 characters.

14

Enable filtration and set IPv4/IPv6 address which is provided with the access to the router as the given SNMPv3 user.

esr(config-snmp-user)# ip address <ADDR>

<ADDR> – IP address of the client provided with the access, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].

esr(config-snmp-user)# ipv6 address <ADDR>

<IPV6-ADDR> – client IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].

15

Enable SNMPv3 user.

esr(config-snmp-user)# enable

Default value: process is disabled.

16

Specify the transmitted data encryption algorithm.

esr(config-snmp-user)# privacy algorithm <ALGORITHM>

<ALGORITHM> – encryption algorithm:

• aes128 – use AES-128 encryption algorithm;
• des – use DES encryption algorithm.

17

Set password for the transmitted data encryption.

esr(config-snmp-user)# privacy key ascii-text
{ <CLEAR-TEXT> | encrypted <ENCRYPTED-TEXT> }

<CLEAR-TEXT> – password, set by the string of 8 to 16 characters;

<ENCRYPTED-TEXT> – encrypted password of 8 to 16 bytes (from 16 to 32 characters) in hexadecimal format (0xYYYY ...) or (YYYY ...).

18

Set the snmp view profile permitting or denying the access to one or another OID for user.

esr(config-snmp-user)# view <VIEW-NAME>

<VIEW-NAME> – name of SNMP view profile, on which based access to OID, set by the string up to 31 characters.

19

Enable SNMP notifications transmission to the specified IP address and switch to SNMP notifications configuration mode.

esr(config)# snmp-server host
{ <IP-ADDR> | <IPV6-ADDR> } [vrf <VRF>]

<IP-ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].

<IPV6-ADDR> – IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF];

<VRF> – VRF instance name, set by the string of up to 31 characters, which contains SNMP notification collector.

20

Define the port of SNMP notifications collector on the remote server (optional).

esr(config-snmp-host)# port <PORT>

<PORT> – UDP port number in the range of [1..65535].

Default value: 162.

21

Allow different types of SNMP notifications to be sent.

esr(config)# snmp-server enable traps <TYPE>

<TYPE> – type of filtered messages. May take the following values:

config, entry, entry-sensor, environment, envmon, files-operations, flash, flash-operations, interfaces, links, ports, screens, snmp, syslog.

Additional parameters depend on the filter type. See ESR-Series CLI command reference guide. 

22

Create the snmp view profile permitting or denying the access to one or another OID for community (SNMPv2) and user (SNMPv3).

esr(config)# snmp-server enable traps <TYPE>

<VIEW-NAME> – SNMP view profile name, set by the string of up to 31 characters.

1

Switch to the agent/proxy configuration context.

esr(config)# zabbix-agent

esr(config)# zabbix-proxy

2

Specify the host name (optional).

For active mode, the name must match the host name on the Zabbix server.

esr(config-zabbix)# hostname  <WORD>

esr(config-zabbix-proxy)# hostname <WORD>

<WORD> – host name, set by the string of up to 255 characters.

3

Specify the address of the Zabbix server.

esr(config-zabbix)# server <ADDR>

esr(config-zabbix-proxy)# server <ADDR>

<ADDR> – server IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].

4

Specify the server address for active checks (when using active mode).

esr(config-zabbix)# active-server <ADDR> <PORT>

esr(config-zabbix-proxy)# active-server <ADDR> <PORT>

<ADDR> – server IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].

<PORT> – server port, set in the range of [1..65535].

Default value: 10051.

5

Specify the port that will be listened by the agent/proxy (optional).

esr(config-zabbix)# port <PORT>

esr(config-zabbix-proxy)# port <PORT>

<PORT> – port that will be listened by zabbix agent/proxy, may take values in the range of [1..65535].

Default value: 10050.

6

Allow remote commands execution by Zabbix agent/proxy (when using active mode).

esr(config-zabbix)# remote-commands

esr(config-zabbix-proxy)# remote-commands

7

Specify the address from which the server will interact (optional).

esr(config-zabbix)# source-address <ADDR>

esr(config-zabbix-proxy)# source-address <ADDR>

<ADDR> – server IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
Default value: nearest routing address.

8

Specify the processing time for remote commands (optional).

esr(config-zabbix)# timeout <TIME>

esr(config-zabbix-proxy)# timeout <TIME>

<TIME> – timeout, takes value in seconds [1..30].

Default value: 3. It is recommended to set the maximum value since some commands may take longer than the default.

If the command is not completed within the specified time, processing of the command will be terminated.

9

Enable agent/proxy functionality.

esr(config-zabbix)# enable

esr(config-zabbix-proxy)# enable

10

Allow access to the router (to the self zone) on TCP ports 10050, 10051 from the appropriate firewall security zone. See Firewall configuration section.

<PROCESS-NAME> – see 'CLI command reference guide'.

If allowing criteria are specified (match process-name), only messages of the specified processes are logged.

If prohibiting criteria are specified (match not process-name), messages of all not prohibited processes are logged.

By default, logging of messages from all processes is allowed.

3

Set the severity for messages that will be sent to the SNMP server.

esr(config)# syslog snmp <SEVERITY>

<SEVERITY> – message importance level, takes the following values (in order of decreasing importance):

• emerg – critical error has occurred in the system, the system is not operational;
• alert – alarms, immediate intervention by staff;
• crit – critical system status, event reporting;
• error – error messages;
• warning – warnings, non-emergency messages;
• notice – messages about important system events;
• info – system information messages;
• debug – debugging messages provide the user with information to correctly configure the system;
• none – disables the output of syslog messages to the console.

<NAME> – name of the file to which messages of a given level will be recorded, specified by string up to 31 characters.

Set the severity for messages that will be saved to the local syslog file (optional).

Set maximum size of the log file (optional).

esr(config)# syslog file-size <SIZE>

<SIZE> – file size, takes value of [10..10000000] KB.

Set maximum number of files saved during rotation (optional).

esr(config)# syslog max-files <NUM>

<NUM> – maximal number of files, takes values of [1 .. 1000].

Enable sending of syslog messages to a remote syslog server (when it is necessary to send messages to a remote syslog server).

esr(config)#syslog host <HOSTNAME> <ADDR><TRANSPORT>

<HOSTNAME> – syslog server name, set by the string of up to 31 characters. Used only to identify the server during configuration. The value 'all' is used in the no syslog host command to delete all syslog servers;

<ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];

<TRANSPORT> – data transfer protocol, optional parameter, takes values:

• TCP – data transmission is carried out by TCP;
• UDP – data transmission is carried out by UDP.

<ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];

<IPV6-ADDR> – IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].

<ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];

<IPV6-ADDR> – IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF];

Default value: Ipv4/IPv6 interface address from which packets will be sent to the remote syslog server.

<VRF> – VRF instance name, set by the string of up to 31 characters, for which access will be granted.

Default value: none (global routing table).

Enable display of debugging messages during device boot (optional).

esr(config)#syslog reload debugging

Enable message enumeration (optional).

esr(config)#syslog sequence-numbers

Enable message date accuracy up to milliseconds (optional).

esr(config)#syslog timestamp msec

Enable logging of failed authentications (optional).

esr(config)#logging login on-failure

Enable logging of changes to the audit system settings (optional).

esr(config)#logging syslog configuration

Enable logging of changes to the user settings (optional).

esr(config)#logging userinfo