No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Typical Configuration Examples

This document provides examples for configuring features in typical usage scenarios.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Device to Communicate with the NMS Using SNMPv1

Example for Configuring a Device to Communicate with the NMS Using SNMPv1

SNMP Overview

The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used on TCP/IP networks. SNMP manages network elements by using a central computer (a network management station) running network management software.

SNMP has the following advantages:

  • Automatic configuration management:

    A network administrator can use SNMP to quickly query information, modify data, locate faults, and so forth on any SNMP agent. SNMP greatly improves work efficiency of network administrators.

  • Multi-vendor management:

    SNMP shields the physical differences between devices of different vendors. SNMP provides only a basic function set, so the managed tasks are separated from the managed physical features and lower-layer interoperation technologies. Therefore, SNMP can uniformly manage devices of multiple vendors simultaneously.

SNMP is available in three versions. SNMPv1 is the initial version of SNMP. It provides authentication based on community names. SNMPv1 has low security, and can return only a few error codes. SNMPv2c issued by IETF is the second release of SNMP. SNMPv2c has enhancements to standard error codes, data types (Counter 64 and Counter 32), and operations including GetBulk and Inform. SNMPv2c does not improve the security, so IETF issued SNMPv3 that provides User-based Security Model (USM)-based authentication and encryption and View-based Access Control Model (VACM)-based access control.

SNMPv1 is applicable to small networks with simple networking and low security requirements or small networks with good security and stability, such as campus networks and small enterprise networks.

Configuration Notes

This configuration example applies to all switches running all versions.

In this example, eSight running V300R007C00 is used as the NMS.

Networking Requirements

As shown in Figure 17-1, the NMS server manages all devices on the network. The network is small and not likely to be attacked, so SNMPv1 is configured on switches to communicate with the NMS server. A new switch is added to the network. The network administrator wants to use the existing network resources to manage the new switch and quickly locate and rectify network faults.

Figure 17-1  Configuring a device to communicate with the NMS using SNMPv1

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure SNMPv1 on the switch so that the NMS running SNMPv1 can manage the switch.

  2. Configure access control so that only the NMS with the specified IP address can perform read/write operations on the specified MIB objects of the switch.

  3. Configure a community name based on which the switch permits access of the NMS.

  4. Configure a trap host and enable the switch to automatically send traps to the NMS.

  5. Add the switch to the NMS. The community name configured on the switch must be the same as that used by the NMS; otherwise, the NMS cannot manage the switch.

Procedure

  1. Configure SNMPv1 on the switch so that the NMS running SNMPv1 can manage the switch.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch
    [Switch] snmp-agent sys-info version v1   //By default, SNMPv3 is supported.

  2. Configure access control so that only the NMS with the specified IP address can perform read/write operations on the specified MIB objects of the switch.

    # Configure an ACL to permit only the NMS 10.1.1.1 to access the switch.

    [Switch] acl 2001
    [Switch-acl-basic-2001] rule permit source 10.1.1.1 0
    [Switch-acl-basic-2001] rule deny
    [Switch-acl-basic-2001] quit

    # Configure the MIB view to specify the MIB objects that can be accessed by the NMS.

    [Switch] snmp-agent mib-view included isoview01 system   //Configure the MIB view isoview01 to access the system subtree.
    [Switch] snmp-agent mib-view included isoview02 interfaces   //Configure the MIB view isoview02 to access the interfaces subtree.

  3. Configure a community name based on which the switch permits access of the NMS, apply the ACL to make the access control function take effect.

    [Switch] snmp-agent community read adminnms01 mib-view isoview01 acl 2001   //Grant adminnms01 the read-only permission on the system subtree.
    [Switch] snmp-agent community write adminnms02 mib-view isoview02 acl 2001   //Grant adminnms02 the read-write permission on the interface subtree.

  4. Configure a trap host and enable the switch to automatically send traps to the NMS.

    [Switch] snmp-agent trap enable
    Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:y   //Enable all trap functions on the switch. By default, only some trap functions are enabled. You can run the display snmp-agent trap all command to check trap status.
    [Switch] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname adminnms01 v1

  5. Add the switch to the NMS.

    # Log in to eSight and choose Resource > Add Resource > Add Resource. Set SNMP parameters based on Table 17-1 and click OK. A switch is added to and can be managed by eSight. The switch will proactively send trap messages to eSight.

    Table 17-1  SNMP parameters
    Parameter Setting
    Select discovery protocol SNMP
    IP address 10.1.1.2
    SNMP Edit SNMP parameters
    Version V1
    Read community adminnms01
    Write community adminnms02
    Port 161
    NOTE:

    The parameter settings on the NMS and switch must be the same; otherwise, the switch cannot be added to the NMS.

    If authentication is required for remote logins to the switch, Telnet parameters need to be set so that the NMS can manage the switch. In this example, administrators can remotely log in to the switch using Telnet, password authentication is used, and the password is huawei2012.

Configuration Files

Configuration file of the switch

#
sysname Switch
#
acl number 2001
 rule 5 permit source 10.1.1.1 0
 rule 10 deny
#
snmp-agent
snmp-agent local-engineid 800007DB03360102101100
snmp-agent community read cipher %^%#Pqp'RXi))/y\KgEtwP9A3x2z5_FgxG1v'D/8>=G,D9<yMC^RAM_YB:F0BZlF="bHXg%lH*L"Jq'lea`S%^%# mib-view isoview acl 2001
snmp-agent community write cipher %^%#.T|&Whvyf$<Gd"I,wXi5SP_6~Nakk6<<+3H:N-h@aJ6d,l0md%HCeAY8~>X=>xV\JKNAL=124r839v<*%^%# mib-view isoview acl 2001
snmp-agent sys-info version v1 v3
snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname cipher %^%#uq/!YZfvW4*vf[~C|.:Cl}UqS(vXd#wwqR~5M(rU%%^%#
snmp-agent mib-view included isoview01 system
snmp-agent mib-view included isoview02 interfaces
snmp-agent trap enable
#
return
Download
Updated: 2019-04-20

Document ID: EDOC1000069520

Views: 689212

Downloads: 30108

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next