No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Examples

Configuration Examples

This section provides several configuration examples of the information center, covering networking requirements, configuration notes, and configuration roadmap.

Example for Outputting Logs to the Log File

Networking Requirements

As shown in Figure 3-7, Switch ModuleA connects to the FTP server through the network. There is a reachable route between Switch ModuleA and the FTP server. The network administrator wants to use the FTP server to view logs generated by Switch ModuleA and learn operations on Switch ModuleA.

NOTE:
FTP cannot secure secure file transfer. SFTP is recommended on networks that require high security.
Figure 3-7 Networking diagram for outputting logs to the log file

Configuration Roadmap

The configuration roadmap is as follows:

  1. Enable the information center.

  2. Configure a channel and a rule for outputting logs to a log file so that logs are saved in the log file.

  3. Configure Switch ModuleA to transfer the log file to the FTP server so that the network administrator can use the FTP server to view logs generated by Switch ModuleA.

Procedure

  1. Enable the information center.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch ModuleA
    [*HUAWEI] commit
    [~Switch ModuleA] info-center enable
    [*Switch ModuleA] commit
    

  2. Configure a channel and a rule for outputting logs to a log file.

    # Configure a channel for outputting logs to a log file.

    [~Switch ModuleA] info-center logfile channel channel6
    [*Switch ModuleA] commit
    
    NOTE:

    By default, channel 9 is used to send logs to a log file. If the default setting is used, skip this step.

    # Configure a rule for outputting logs to a log file.

    [~Switch ModuleA] info-center source default channel channel6 log level warning
    [*Switch ModuleA] commit
    

  3. Configure Switch ModuleA to transfer the log file to the FTP server.

    # Log in to the FTP server with user name user1 and password pwd123.

    <Switch ModuleA> ftp 10.1.1.1
    Trying 10.1.1.1 ...    
    Press CTRL + K to abort 
    Connected to 10.1.1.1.   
    220 VRPV8 FTP service ready.
    User(10.1.1.1:(none)):user1 
    331 Password required for user1.   
    Enter password:                
    230 User logged in.      
    

    # Configure Switch ModuleA to transfer the log file to the FTP server.

    [ftp] put flash:/logfile/log.log
    200 Port command okay.
    150 Opening ASCII mode data connection for /log.log.
    226 Transfer complete.
    \     100% [***********]
    FTP: 7521956 byte(s) send in 3.1784917300 second(s) 2311.409Kbyte(s)/sec.
    [ftp] quit

  4. Verify the configuration.

    # View information recorded by the channel.

    <Switch ModuleA> display info-center
    Information Center:enabled
    Log host:
    Console:
            channel number : 0, channel name : console
    Monitor:
            channel number : 1, channel name : monitor
    SNMP Agent:
            channel number : 5, channel name : snmpagent
    Log buffer:
            enabled,max buffer size 10240, current buffer size 512,
    current messages 18, channel number : 4, channel name : logbuffer
    dropped messages 0, overwritten messages 0
    Trap buffer:
            enabled,max buffer size 1024, current buffer size 256,
    current messages 36, channel number:3, channel name:trapbuffer
    dropped messages 0, overwritten messages 0
    Logfile:
            channel number : 6, channel name : channel6, language : English
    Information timestamp setting:
            log - date, trap - date, debug - date millisecond
    

    # View the received log file on the FTP server. The configuration details are not mentioned here.

Configuration Files
  • Configuration file of Switch ModuleA

    #
    sysname Switch ModuleA
    #
    info-center source default channel 6 log level warning
    info-center logfile channel 6
    #
    return

Example for Outputting Logs to a Log Host

Networking Requirements

As shown in Figure 3-8, Switch ModuleA connects to four log hosts. The network administrator wants logs of different types and severities to be sent to different log hosts, so that information generated by different modules on Switch ModuleA can be monitored in real time. Reliability of the logs must also be ensured.

Figure 3-8 Networking diagram for outputting logs to a log host

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an SSL client policy to verify the identity of the log host and ensure secure transmission of logs.

    Assume that the log host has obtained a certificate from the CA. The trusted-CA files are 1_cacert_pem_rsa.pem and 1_rootcert_pem_rsa.pem, which have be uploaded to a subdirectory of security on Switch ModuleA.

  2. Enable the information center.

  3. Configure Switch ModuleA to send logs of notification generated by the ARP module to Server1, and specify Server3 as the backup of Server1. Configure Switch ModuleA to send logs of warning generated by the AAA module to Server2, and specify Server4 as the backup of Server2.

  4. Configure the log host on the server so that the network administrator can receive logs generated by Switch ModuleA on the log host.

Procedure

  1. Configure an SSL client policy.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch ModuleA
    [*HUAWEI] commit
    [~Switch ModuleA] ssl policy syslog_client
    [*Switch ModuleA-ssl-policy-syslog_client] trusted-ca load pem-ca 1_cacert_pem_rsa.pem
    [*Switch ModuleA-ssl-policy-syslog_client] trusted-ca load pem-ca 1_rootcert_pem_rsa.pem
    [*Switch ModuleA-ssl-policy-syslog_client] commit
    [~Switch ModuleA-ssl-policy-syslog_client] quit
    
    After the configuration is complete, run the display ssl policy command on Switch ModuleA to view detailed information about the trusted-CA files that have been loaded.
    [~Switch ModuleA] display ssl policy
    
           SSL Policy Name: syslog_client 
         Policy Applicants: 
             Key-pair Type:
     Certificate File Type:
          Certificate Type:
      Certificate Filename:
         Key-file Filename:
                  CRL File:
           Trusted-CA File:
         Trusted-CA File 1: Format = PEM, Filename = 1_cacert_pem_rsa.pem
         Trusted-CA File 2: Format = PEM, Filename = 1_rootcert_pem_rsa.pem

  2. Enable the information center.

    [~Switch ModuleA] info-center enable
    [*Switch ModuleA] commit
    

  3. Configure a channel and a rule for outputting logs to a log host.

    # Name a channel.

    [~Switch ModuleA] info-center channel 6 name loghost1
    [*Switch ModuleA] info-center channel 7 name loghost2
    [*Switch ModuleA] commit
    

    # Configure a channel for outputting logs to a log host.

    [~Switch ModuleA] info-center loghost 10.1.1.1 channel loghost1 transport tcp ssl-policy syslog_client
    [*Switch ModuleA] info-center loghost 10.1.1.2 channel loghost1 transport tcp ssl-policy syslog_client
    [*Switch ModuleA] info-center loghost 10.2.1.1 channel loghost2 transport tcp ssl-policy syslog_client
    [*Switch ModuleA] info-center loghost 10.2.1.2 channel loghost2 transport tcp ssl-policy syslog_client
    [*Switch ModuleA] commit
    

    # Configure a rule for outputting logs to a log host.

    [~Switch ModuleA] info-center source arp channel loghost1 log level notification
    [*Switch ModuleA] info-center source aaa channel loghost2 log level warning
    [*Switch ModuleA] commit
    

  4. Specify the source interface for sending logs.

    # Specify the source interface for sending logs.

    [~Switch ModuleA] info-center loghost source vlanif 100
    [*Switch ModuleA] commit
    

  5. Configure the log host on the server.

    The device can generate many logs, which may exceed the limited storage space of the device. To address this problem, configure a log host to store all the logs.

    The log host can run the Unix or Linux operating system or run third-party log software. For details about the configuration procedure, see the relevant documentation.

  6. Verify the configuration.

    # View the configured lost host.

    [~Switch ModuleA] display info-center
    Information Center:enabled
    Log host: 
            10.1.1.1, channel number 6, channel name loghost1,
    language English , host facility local7, transport tcp ssl-policy syslog_client
            10.1.1.2, channel number 6, channel name loghost1, 
    language English , host facility local7, transport tcp ssl-policy syslog_client
            10.2.1.1, channel number 7, channel name loghost2,
    language English , host facility local7, transport tcp ssl-policy syslog_client
            10.2.1.2, channel number 7, channel name loghost2, 
    language English , host facility local7, transport tcp ssl-policy syslog_client
    Console: 
            channel number : 0, channel name : console 
    Monitor: 
            channel number : 1, channel name : monitor  
    SNMP Agent:  
            channel number : 5, channel name : snmpagent 
    Log buffer:  
            enabled,max buffer size 10240, current buffer size 512,
    current messages 316, channel number : 4, channel name : logbuffer 
    dropped messages 0, overwritten messages 0
    Trap buffer: 
            enabled,max buffer size 1024, current buffer size 256,
    current messages 256, channel number:3, channel name:trapbuffer
    dropped messages 0, overwritten messages 53
    logfile: 
            channel number : 9, channel name : channel9, language : English
    Information timestamp setting:
            log - date, trap - date, debug - date millisecond
    

Configuration Files
  • Configuration file of Switch ModuleA
    #
    sysname Switch ModuleA
    #
    ssl policy syslog_client
     trusted-ca load pem-ca 1_cacert_pem_rsa.pem
     trusted-ca load pem-ca 1_rootcert_pem_rsa.pem
    #
    info-center channel 6 name loghost1
    info-center channel 7 name loghost2
    info-center source arp channel 6 log level notification
    info-center source aaa channel 7 log level warning
    info-center loghost source Vlanif100
    info-center loghost 10.1.1.1 channel 6 transport tcp ssl-policy syslog_client
    info-center loghost 10.1.1.2 channel 6 transport tcp ssl-policy syslog_client
    info-center loghost 10.2.1.1 channel 7 transport tcp ssl-policy syslog_client
    info-center loghost 10.2.1.2 channel 7 transport tcp ssl-policy syslog_client
    #
    return

Example for Outputting Traps to the SNMP Agent

Networking Requirements

As shown in Figure 3-9, Switch ModuleA connects to the NMS station. There is a reachable route between Switch ModuleA and the NMS station. The network administrator wants to view traps generated by Switch ModuleA on the NMS station to monitor device running and locate faults.

Figure 3-9 Networking diagram for outputting traps to the SNMP agent

Configuration Roadmap

The configuration roadmap is as follows:

  1. Enable the information center.

  2. Configure a channel and a rule for outputting traps to the SNMP agent so that the SNMP agent can receive traps generated by Switch ModuleA.

  3. Configure Switch ModuleA to output traps to the NMS station so that the NMS station can receive traps generated by Switch ModuleA.

Procedure

  1. Enable the information center.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch ModuleA
    [*HUAWEI] commit
    [~Switch ModuleA] info-center enable
    [*Switch ModuleA] commit
    

  2. Configure a channel and a rule for outputting traps to the SNMP agent.

    # Configure a channel for outputting traps to the SNMP agent.

    [~Switch ModuleA] info-center snmp channel channel7
    [*Switch ModuleA] commit
    

    # Configure a rule for outputting traps to the SNMP agent.

    [~Switch ModuleA] info-center source default channel channel7 trap level warning state on 
    [*Switch ModuleA] commit
    
    NOTE:

    By default, the device uses the SNMP agent to output traps of all modules.

  3. Configure the SNMP agent to output traps to the NMS station.

    # Enable the SNMP agent and set the SNMP version to SNMPv2c.

    [~Switch ModuleA] snmp-agent sys-info version v2c
    [*Switch ModuleA] commit
    

    # Configure the trap function.

    [~Switch ModuleA] snmp-agent trap enable
    [*Switch ModuleA] snmp-agent community write adminnms123
    [*Switch ModuleA] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public
    [*Switch ModuleA] commit
    [*Switch ModuleA] quit

  4. Verify the configuration.

    # View the output configuration of the information center.

    <Switch ModuleA> display info-center
    Information Center:enabled
    Log host:
    Console:
            channel number : 0, channel name : console
    Monitor:
            channel number : 1, channel name : monitor
    SNMP Agent:
            channel number : 7, channel name : channel7
    Log buffer:
            enabled,max buffer size 10240, current buffer size 512,
    current messages 26, channel number : 4, channel name : logbuffer
    dropped messages 0, overwritten messages 0
    Trap buffer:
            enabled,max buffer size 1024, current buffer size 256,
    current messages 22, channel number:3, channel name:trapbuffer
    dropped messages 0, overwritten messages 0
    logfile:
            channel number : 9, channel name : channel9, language : English
    Information timestamp setting:
            log - date, trap - date, debug - date millisecond
    
    

    # View the channel used by the SNMP agent to output traps.

    <Switch ModuleA> display info-center channel 7
    channel number:7, channel name:channel7                                                                                             
    ModuID   Name          Enable LogLevel      Enable TrapLevel     Enable DebugLevel                                                  
    ffffffff default       Y      debugging     Y      warning       N      debugging 

    # View traps output to the NMS station by the SNMP agent.

    <Switch ModuleA> display snmp-agent target-host
    Target-host NO. 1                                                               
    ---------------------------------------------------------------------------     
      Host-name                        : -                                          
      IP-address                       : 10.1.1.1                                   
      Source interface                 : -                                          
      VPN instance                     : -                                          
      Security name                    : %$%$>Oh`"sfiHSgR>SLWkM`3%tkb%$%$           
      Port                             : 162                                        
      Type                             : trap                                       
      Version                          : v1                                         
      Level                            : No authentication and privacy              
      NMS type                         : NMS                                        
      With ext-vb                      : No                                         
      Notification filter profile name : -                                          
    --------------------------------------------------------------------------- 
    

Configuration Files
  • Configuration file of Switch ModuleA
    #
    sysname Switch ModuleA
    #
    snmp-agent
    snmp-agent local-engineid 800007DB030A0B0C000003
    snmp-agent community write cipher %@%@0L%%$pI<#6z,oF3zc&U0,ULCJWa^>)*=-)r[4#-p^+25h[RMjYqfYysx,A5sw$F_SuNXk_VS%@%@
    #
    snmp-agent sys-info version v2c
    snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname cipher %$%$>Oh`"sfiHSgR>SLWkM`3%tkb%$%$
    #
    snmp-agent trap enable
    #
    info-center source default channel 7 trap level warning
    info-center snmp channel 7
    #
    return
    

Example for Outputting Debugging Messages to the Console

Networking Requirements

As shown in Figure 3-10, the PC connects to Switch ModuleA through a console interface. It is required that debugging messages of the ARP module be displayed on the PC.

Figure 3-10 Networking diagram for outputting debugging messages to the console

Configuration Roadmap

The configuration roadmap is as follows:

  1. Enable the information center.

  2. Configure a channel and a rule for outputting debugging messages to the console so that the console can receive debugging messages generated by Switch ModuleA.

  3. Enable terminal display so that users can use the terminal to view debugging messages generated by Switch ModuleA.

Procedure

  1. Enable the information center.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch ModuleA
    [*HUAWEI] commit
    [~Switch ModuleA] info-center enable
    [*Switch ModuleA] commit
    

  2. Configure a channel and a rule for outputting debugging messages to the console.

    # Configure a channel for outputting debugging messages to the console.

    [~Switch ModuleA] info-center console channel console
    [*Switch ModuleA] commit
    

    # Configure a rule for outputting debugging messages to the console.

    [~Switch ModuleA] info-center source arp channel console debug level debugging state on
    [*Switch ModuleA] commit
    [~Switch ModuleA] quit
    

  3. Enable terminal display.

    <Switch ModuleA> terminal monitor
    Info: Current terminal monitor is on.
    <Switch ModuleA> terminal debugging
    Info: Current terminal debugging is on.

  4. Debug the ARP module.

    <Switch ModuleA> debugging arp packet

  5. Verify the configuration.

    # View the channel used by the Console to output debugging messages.

    <Switch ModuleA> display info-center channel 0
    channel number:0, channel name:console
    ModuID   Name          Enable LogLevel      Enable TrapLevel     Enable DebugLevel
    ffffffff default       Y      warning       Y      debugging     Y      debugging
    00000859 ARP           Y      warning       Y      debugging     Y      debugging
    

Configuration Files
  • Configuration file of Switch ModuleA
    #
    sysname Switch ModuleA
    #
    info-center source arp channel 0
    #
    return
    
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 58481

Downloads: 3621

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next