Typical SNMP Configuration
Example for Configuring a Device to Communicate with the NMS Using SNMPv1
SNMP Overview
The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used on TCP/IP networks. SNMP manages network elements by using a central computer (a network management station) running network management software.
SNMP has the following advantages:
- Automatic configuration management:
A network administrator can use SNMP to quickly query information, modify data, locate faults, and so forth on any SNMP agent. SNMP greatly improves work efficiency of network administrators.
- Multi-vendor management:
SNMP shields the physical differences between devices of different vendors. SNMP provides only a basic function set, so the managed tasks are separated from the managed physical features and lower-layer interoperation technologies. Therefore, SNMP can uniformly manage devices of multiple vendors simultaneously.
SNMP is available in three versions. SNMPv1 is the initial version of SNMP. It provides authentication based on community names. SNMPv1 has low security, and can return only a few error codes. SNMPv2c issued by IETF is the second release of SNMP. SNMPv2c has enhancements to standard error codes, data types (Counter 64 and Counter 32), and operations including GetBulk and Inform. SNMPv2c does not improve the security, so IETF issued SNMPv3 that provides encryption and authentication based on the user-based security model (USM) and access control based on the view-based access control model (VACM).
SNMPv1 is applicable to small networks with simple networking and low security requirements or small networks with good security and stability, such as campus networks and small enterprise networks.
Configuration Notes
This configuration example applies to all switches running all versions.
In this example, eSight running V300R007C00 is used as the NMS.
Networking Requirements
As shown in Figure 3-268, the NMS server manages all devices on the network. The network is small and not likely to be attacked, so SNMPv1 is configured on switches to communicate with the NMS server. A new switch is added to the network. The network administrator wants to use the existing network resources to manage the new switch and quickly locate and rectify network faults.
Configuration Roadmap
The configuration roadmap is as follows:
Configure SNMPv1 on the switch so that the NMS running SNMPv1 can manage the switch.
Configure access control so that only the NMS with the specified IP address can perform read/write operations on the specified MIB objects of the switch.
Configure a community name based on which the switch permits access of the NMS.
Configure a trap host and enable the switch to automatically send traps to the NMS.
Add the switch to the NMS. The community name configured on the switch must be the same as that used by the NMS; otherwise, the NMS cannot manage the switch.
Procedure
- Configure SNMPv1 on the switch so that the NMS running SNMPv1 can manage the switch.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] snmp-agent sys-info version v1 //By default, SNMPv3 is supported.
- Configure the interface on the switch to receive and respond to NMS request packets. This step must be performed in V200R020 and later versions. Otherwise, the switch cannot connect to the NMS.
[Switch] snmp-agent protocol source-interface vlanif 10 - Configure access control so that only the NMS with the specified IP address can perform read/write operations on the specified MIB objects of the switch.
# Configure an ACL to permit only the NMS 10.1.1.1 to access the switch.
[Switch] acl 2001 [Switch-acl-basic-2001] rule permit source 10.1.1.1 0 [Switch-acl-basic-2001] rule deny [Switch-acl-basic-2001] quit
# Configure the MIB view to specify the MIB objects that can be accessed by the NMS.
[Switch] snmp-agent mib-view included isoview01 system //Configure the MIB view isoview01 to access the system subtree. [Switch] snmp-agent mib-view included isoview02 interfaces //Configure the MIB view isoview02 to access the interfaces subtree.
- Configure a community name based on which the switch permits access of the NMS, apply the ACL to make the access control function take effect.
[Switch] snmp-agent community read adminnms01 mib-view isoview01 acl 2001 //Grant adminnms01 the read-only permission on the system subtree. [Switch] snmp-agent community write adminnms02 mib-view isoview02 acl 2001 //Grant adminnms02 the read-write permission on the interface subtree.
- Configure a trap host and enable the switch to automatically send traps to the NMS.
[Switch] snmp-agent trap enable Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:y //Enable all trap functions on the switch. By default, only some trap functions are enabled. You can run the display snmp-agent trap all command to check trap status. [Switch] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname adminnms01 v1 - Add the switch to the NMS.
# Log in to eSight and choose . Set SNMP parameters based on Table 3-158 and click OK. A switch is added to and can be managed by eSight. The switch will proactively send trap messages to eSight.
Table 3-158 SNMP parametersParameter
Setting
Select discovery protocol
SNMP
IP address
10.1.1.2
SNMP
Edit SNMP parameters
Version
V1
Read community
adminnms01
Write community
adminnms02
Port
161
The parameter settings on the NMS and switch must be the same; otherwise, the switch cannot be added to the NMS.
If authentication is required for remote logins to the switch, Telnet parameters need to be set so that the NMS can manage the switch. In this example, administrators can remotely log in to the switch using Telnet, password authentication is used, and the password is YsHsjx_202206.
Configuration Files
Configuration file of the switch
# sysname Switch # acl number 2001 rule 5 permit source 10.1.1.1 0 rule 10 deny # snmp-agent snmp-agent local-engineid 800007DB03360102101100 snmp-agent community read cipher %^%#Pqp'RXi))/y\KgEtwP9A3x2z5_FgxG1v'D/8>=G,D9<yMC^RAM_YB:F0BZlF="bHXg%lH*L"Jq'lea`S%^%# mib-view isoview01 acl 2001 snmp-agent community write cipher %^%#.T|&Whvyf$<Gd"I,wXi5SP_6~Nakk6<<+3H:N-h@aJ6d,l0md%HCeAY8~>X=>xV\JKNAL=124r839v<*%^%# mib-view isoview02 acl 2001 snmp-agent sys-info version v1 v3 snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname cipher %^%#uq/!YZfvW4*vf[~C|.:Cl}UqS(vXd#wwqR~5M(rU%%^%# snmp-agent mib-view included isoview01 system snmp-agent mib-view included isoview02 interfaces snmp-agent trap enable snmp-agent protocol source-interface Vlanif100 # return
Example for Configuring a Device to Communicate with the NMS Using SNMPv2c
SNMP Overview
The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used on TCP/IP networks. SNMP manages network elements by using a central computer (a network management station) running network management software.
SNMP has the following advantages:
- Automatic configuration management:
A network administrator can use SNMP to quickly query information, modify data, locate faults, and so forth on any SNMP agent. SNMP greatly improves work efficiency of network administrators.
- Multi-vendor management:
SNMP shields the physical differences between devices of different vendors. SNMP provides only a basic function set, so the managed tasks are separated from the managed physical features and lower-layer interoperation technologies. Therefore, SNMP can uniformly manage devices of multiple vendors simultaneously.
SNMP is available in three versions. SNMPv1 is the initial version of SNMP. It provides authentication based on community names. SNMPv1 has low security, and can return only a few error codes. SNMPv2c issued by IETF is the second release of SNMP. SNMPv2c has enhancements to standard error codes, data types (Counter 64 and Counter 32), and operations including GetBulk and Inform. SNMPv2c does not improve the security, so IETF issued SNMPv3 that provides encryption and authentication based on the user-based security model (USM) and access control based on the view-based access control model (VACM).
SNMPv2c is applicable to medium and large networks with low security requirements or with good security (for example, VPNs) but on which services are so busy that traffic congestion may occur.
Configuration Notes
This configuration example applies to all switches running all versions.
In this example, eSight running V300R007C00 is used as the NMS.
Networking Requirements
As shown in Figure 3-269, the NMS server manages all devices on the network. The network is large and secure but the service traffic volume on the network is high. Therefore, devices on the network use SNMPv2c to communicate with the NMS server. For capacity expansion, a new switch is added to the network. The network administrator wants to use the existing network resources to manage the new switch and quickly locate and rectify network faults.
Configuration Roadmap
The configuration roadmap is as follows:
Configure SNMPv2c on the switch so that the NMS running SNMPv2c can manage the switch.
Configure access control so that only the NMS with the specified IP address can perform read/write operations on the specified MIB objects of the switch.
Configure a community name based on which the switch permits access of the NMS.
Configure a trap host and enable the switch to automatically send traps to the NMS.
Add the switch to the NMS. The community name configured on the switch must be the same as that used by the NMS; otherwise, the NMS cannot manage the switch.
Procedure
- Configure SNMPv2c on the switch so that the NMS running SNMPv2c can manage the switch.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] snmp-agent sys-info version v2c //By default, SNMPv3 is supported.
- Configure the interface on the switch to receive and respond to NMS request packets. This step must be performed in V200R020 and later versions. Otherwise, the switch cannot connect to the NMS.
[Switch] snmp-agent protocol source-interface vlanif 10 - Configure access control so that only the NMS with the specified IP address can perform read/write operations on the specified MIB objects of the switch.
# Configure an ACL to permit only the NMS 10.1.1.1 to access the switch.
[Switch] acl 2001 [Switch-acl-basic-2001] rule permit source 10.1.1.1 0 [Switch-acl-basic-2001] rule deny [Switch-acl-basic-2001] quit
# Configure the MIB view to specify the MIB objects that can be accessed by the NMS.
[Switch] snmp-agent mib-view included isoview01 system //Configure the MIB view isoview01 to access the system subtree. [Switch] snmp-agent mib-view included isoview02 interfaces //Configure the MIB view isoview02 to access the interfaces subtree.
- Configure a community name based on which the switch permits access of the NMS, apply the ACL to make the access control function take effect.
[Switch] snmp-agent community read adminnms01 mib-view isoview01 acl 2001 //Grant adminnms01 the read-only permission on the system subtree. [Switch] snmp-agent community write adminnms02 mib-view isoview02 acl 2001 //Grant adminnms02 the read-write permission on the interface subtree.
- Configure a trap host and enable the switch to automatically send traps to the NMS.
[Switch] snmp-agent trap enable Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:y //Enable all trap functions on the switch. By default, only some trap functions are enabled. You can run the display snmp-agent trap all command to check trap status. [Switch] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname adminnms01 v2c //Configure a trap host. By default, traps are sent by UDP port 162.
- Add the switch to the NMS.
# Log in to eSight and choose . Set SNMP parameters based on Table 3-159 and click OK. A switch is added to and can be managed by eSight. The switch will proactively send trap messages to eSight.
Table 3-159 SNMP parametersParameter
Setting
Select discovery protocol
SNMP
IP address
10.1.1.2
SNMP
Edit SNMP parameters
Version
V2c
Read community
adminnms01
Write community
adminnms02
Port
161
The parameter settings on the NMS and switch must be the same; otherwise, the switch cannot be added to the NMS.
If authentication is required for remote logins to the switch, Telnet parameters need to be set so that the NMS can manage the switch. In this example, administrators can remotely log in to the switch using Telnet, password authentication is used, and the password is YsHsjx_202206.
Configuration Files
Configuration file of the switch
# sysname Switch # acl number 2001 rule 5 permit source 10.1.1.1 0 rule 10 deny # snmp-agent snmp-agent local-engineid 800007DB03360102101100 snmp-agent community read cipher %^%#Pqp'RXi))/y\KgEtwP9A3x2z5_FgxG1v'D/8>=G,D9<yMC^RAM_YB:F0BZlF="bHXg%lH*L"Jq'lea`S%^%# mib-view isoview01 acl 2001 snmp-agent community write cipher %^%#.T|&Whvyf$<Gd"I,wXi5SP_6~Nakk6<<+3H:N-h@aJ6d,l0md%HCeAY8~>X=>xV\JKNAL=124r839v<*%^%# mib-view isoview02 acl 2001 snmp-agent sys-info version v2c v3 snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname cipher %^%#uq/!YZfvW4*vf[~C|.:Cl}UqS(vXd#wwqR~5M(rU%%^%# v2c snmp-agent mib-view included isoview01 system snmp-agent mib-view included isoview02 interfaces snmp-agent trap enable snmp-agent protocol source-interface Vlanif10 # return
Example for Configuring a Device to Communicate with the NMS Using SNMPv3
SNMP Overview
The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used on TCP/IP networks. SNMP manages network elements by using a central computer (a network management station) running network management software.
SNMP has the following advantages:
- Automatic configuration management:
A network administrator can use SNMP to quickly query information, modify data, locate faults, and so forth on any SNMP agent. SNMP greatly improves work efficiency of network administrators.
- Multi-vendor management:
SNMP shields the physical differences between devices of different vendors. SNMP provides only a basic function set, so the managed tasks are separated from the managed physical features and lower-layer interoperation technologies. Therefore, SNMP can uniformly manage devices of multiple vendors simultaneously.
SNMP is available in three versions. SNMPv1 is the initial version of SNMP. It provides authentication based on community names. SNMPv1 has low security, and can return only a few error codes. SNMPv2c issued by IETF is the second release of SNMP. SNMPv2c has enhancements to standard error codes, data types (Counter 64 and Counter 32), and operations including GetBulk and Inform. SNMPv2c does not improve the security, so IETF issued SNMPv3 that provides encryption and authentication based on the user-based security model (USM) and access control based on the view-based access control model (VACM).
SNMPv3 is applicable to networks of various scales, especially networks that have strict security requirements and can be managed only by authorized network administrators. For example, SNMPv3 can be used if data between the NMS and managed device needs to be transmitted over a public network.
Configuration Notes
This configuration example applies to all switches running all versions.
In this example, eSight running V300R007C00 is used as the NMS.
Networking Requirements
As shown in Figure 3-270, the NMS server manages all devices on the network. The network is large and is prone to attack. Therefore, devices on the network use SNMPv3 to communicate with the NMS server. A new switch is added to the network. The network administrator wants to use the existing network resources to manage the new switch and quickly locate and rectify network faults.
Configuration Roadmap
The configuration roadmap is as follows:
Configure SNMPv3 on the switch so that the NMS running SNMPv3 can manage the switch.
Configure access control so that only the NMS with the specified IP address can perform read/write operations on the specified MIB objects of the switch.
Configure a user group and user based on which the switch permits access of the NMS.
Configure a trap host and enable the switch to automatically send traps to the NMS.
Add the switch to the NMS. The user group and user configured on the switch must be the same as those used by the NMS; otherwise, the NMS cannot manage the switch.
Procedure
- Configure SNMPv3 on the switch so that the NMS running SNMPv3 can manage the switch.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] snmp-agent sys-info version v3 //By default, SNMPv3 is supported. If SNMPv3 is not disabled, skip this command.
- Configure the interface on the switch to receive and respond to NMS request packets. This step must be performed in V200R020 and later versions. Otherwise, the switch cannot connect to the NMS.
[Switch] snmp-agent protocol source-interface vlanif 10 - Configure access control so that only the NMS with the specified IP address can perform read/write operations on the specified MIB objects of the switch.
# Configure an ACL to permit only the NMS 10.1.1.1 to access the switch.
[Switch] acl 2001 [Switch-acl-basic-2001] rule permit source 10.1.1.1 0 [Switch-acl-basic-2001] rule deny [Switch-acl-basic-2001] quit
# Configure the MIB view to specify the MIB objects that can be accessed by the NMS.
[Switch] snmp-agent mib-view included isoview iso //Configure the MIB view isoview to access the iso subtree. - Configure a user group and user based on which the switch permits access of the NMS.
# Configure the user group group001, set the security level to privacy, and configure access control to restrict the access of NMS to the switch.
[Switch] snmp-agent group v3 group001 privacy read-view isoview write-view isoview notify-view isoview acl 2001# Configure an SNMPv3 user named user001 and add the user to group001.
[Switch] snmp-agent usm-user v3 user001 group group001# Set the user authentication algorithm to sha (indicating HMAC-SHA-96), authentication password to Authe@1234.
[Switch] snmp-agent usm-user v3 user001 authentication-mode sha Please configure the authentication password (8-64) Enter Password: //Enter the authentication password. Confirm Password: //Confirm the password.
In versions earlier than V200R003C00, the user name is configured using snmp-agent usm-user v3 user001 group001 authentication-mode sha Authe@1234 privacy-mode des56 Priva@1234.
In V200R019C00, the system software does not support the sha parameter. To use the sha parameter, you need to install the V200R019SPH007 patch or the SHA1 plug-in. For higher security purposes, you are advised to specify the sha2-256 parameter, which indicates the more secure HMAC-SHA2-256-192 algorithm.
You can search for Plug-in Usage Guide at the Huawei technical support website (Enterprise Network or Carrier), and choose the desired plug-in usage guide based on the switch model and software version. If you do not have permission to access the website, contact technical support personnel.
# Set the user encryption algorithm to aes256 (indicating AES-256), and encryption password to Priva@1234.
[Switch] snmp-agent usm-user v3 user001 privacy-mode aes128 Please configure the privacy password (8-64) Enter Password: //Enter the encryption password. Confirm Password: //Confirm the password.
- Configure a trap host and enable the switch to automatically send traps to the NMS.
[Switch] snmp-agent trap enable Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:y //Enable all trap functions on the switch. By default, only some trap functions are enabled. You can run the display snmp-agent trap all command to check trap status. [Switch] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname user001 v3 privacy //Configure a trap host. By default, traps are sent by UDP port 162. The security name must be the same as the user name; otherwise, the NMS cannot manage the device.
- Add the switch to the NMS.
# Log in to eSight and choose . Set SNMP parameters based on Table 3-160 and click OK. A switch is added to and can be managed by eSight. The switch will proactively send trap messages to eSight.
Table 3-160 SNMP parametersParameter
Setting
Select discovery protocol
SNMP
IP address
10.1.1.2
SNMP
Edit SNMP parameters
Version
V3
Security name
user001
Port
161
Authentication protocol
HMAC_SHA
Authentication password
Authe@1234
Privacy protocol
AES_128
Encryption password
Priva@1234
The parameter settings on the NMS and switch must be the same; otherwise, the switch cannot be added to the NMS.
If authentication is required for remote logins to the switch, Telnet parameters need to be set so that the NMS can manage the switch. In this example, administrators can remotely log in to the switch using Telnet, password authentication is used, and the password is YsHsjx_202206.
Configuration Files
Configuration file of the switch
# sysname Switch # acl number 2001 rule 5 permit source 10.1.1.1 0 rule 10 deny # snmp-agent snmp-agent local-engineid 800007DB03360102101100 snmp-agent sys-info version v3 snmp-agent group v3 group001 privacy read-view isoview write-view isoview notify-view isoview acl 2001 snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname user001 v3 privacy snmp-agent mib-view included isoview iso snmp-agent usm-user v3 user001 snmp-agent usm-user v3 user001 group group001 snmp-agent usm-user v3 user001 authentication-mode sha cipher %^%#*2C%=4LZn1L>ni9xaybHdbXFW&[c_Wv0m!0MpTj!%^%# snmp-agent usm-user v3 user001 privacy-mode aes128 cipher %^%#i\Fv-cC(u)+x26S2'rEX<.;V+e~nP)*.J$Ulr($/%^%# snmp-agent trap enable snmp-agent protocol source-interface Vlanif10 # return
Example for Configuring eSight and Switches to Communicate Through SNMPv2c
Introduction to eSight
eSight is a new-generation comprehensive operation, maintenance, and management solution developed by Huawei for network infrastructure management, unified communications, telepresence conferencing, video surveillance, and data center in enterprises. eSight supports unified monitoring and configuration management over devices of various types and from various vendors, monitors and analyzes network and service quality, manages enterprise resources, services, and users in a unified manner, and analyzes association between them. In addition, eSight offers a flexible and open platform that enables enterprises to customize software and build an intelligent management system tailored to their own needs. This example describes how a network administrator uses the Simple Network Management Protocol Version 2c (SNMPv2c) to automatically discover network devices on eSight.
Configuration Notes
This example uses eSight V200R005C00 and switch V200R003C00. The configurations may vary with software versions. For details, see the product manual of the corresponding version.
Networking Requirements
An enterprise administrator wants to use eSight to manage devices of the enterprise.
- The enterprise replans the network recently, and the number of devices on the entire network increases to about 1000. It is labor-consuming if the administrator logs in to each device to configure and manage the devices. The administrator needs to use a network management system (NMS) to uniformly manage all the devices on the network.
- Devices on the enterprise network belong to the R&D Dept and finance Dept, and devices in the R&D Dept are divided into two service groups. The R&D Dept has 800 devices and the finance Dept has 200 devices. The administrator wants to manage the devices by group, view the device status in different departments, and batch configure services for devices in the same service group during the maintenance process.
Requirement Analysis
- Enabling automatic device discovery: A large number of security devices and network devices need to be deployed on a network. The automatic device discovery function provided by eSight can reduce the administrator's workload, improve the operation efficiency, and lower misoperations.
- Selecting the SNMPv2c protocol: A majority of the security devices and network devices use SNMPv2c. SNMPv2c has higher security than SNMPv1, and is simple and easy to configure compared with SNMPv3.
- Enabling the subnet function in topology monitoring: The subnet function in topology monitoring enables eSight to monitor devices by area according to the subnet on which the devices are located. The administrator can divide the enterprise network into multiple subnets by department to implement differentiated management.
- Enabling the grouping function: During routine maintenance, the administrator needs to batch configure devices that provide similar services. The grouping function enables eSight to automatically add devices to different groups after grouping rules are set. The administrator can batch perform authentication and alarm filtering operations for devices in the same group.
Data Plan
Item |
Value |
Description |
|---|---|---|
SNMP parameters |
Template name: SNMP_v2c SNMP version: v2c Read community: Public123 Write community: Private123 NE port: 161 Timeout interval(s): 3 Resending times: 3 |
It is recommended that the read and write community names have high complexity and meet complexity requirements on devices to ensure security. The highest complexity is recommended because there are different complexity requirements for devices. For example, the combination of upper-case letters, lower-case letters, and digits. |
IP address |
Different network segment IP addresses are allocated based on the service group. R&D Dept A:
R&D Dept B:
Finance Dept: 192.168.51.0-192.168.51.255 |
IP addresses are allocated based on the service group and department. Devices in a service group can only use IP addresses in a specified network segment, so that subnets can be divided and devices can be grouped based on IP addresses. |
Subnet |
The network is divided into three subnets and assigned subnet IP address ranges.
|
One subnet on eSight can contain up to 500 devices. It is recommended that the R&D Dept with 800 devices be divided into two subnets, and the finance Dept into one subnet. |
Grouping rule |
Five groups are divided based on the service type and department.
|
The start and end IP addresses are specified in grouping rules. After eSight discovers the devices, they are automatically added to different groups. |
Configuration Roadmap
- Configure SNMP parameters on the devices.
- Create subnets on eSight.
- Set grouping rules on eSight.
- Create an SNMP template on eSight.
- Enable eSight to discover devices using SNMP.
Prerequisites
IP addresses have been configured for devices on the network according to Data Plan, and the devices can successfully communicate with eSight.
Procedure
- Configure SNMP parameters on the devices.
<SwitchA> system-view [SwitchA] snmp-agent //Start the SNMP agent service. [SwitchA] snmp-agent sys-info version v2c //Set the SNMP version to v2c. [SwitchA] snmp-agent mib-view included View_ALL iso //Create a MIB view View_ALL. [SwitchA] snmp-agent community read cipher Public123 mib-view View_ALL //Configure a read community name and set the rights of the MIB view. [SwitchA] snmp-agent community write cipher Private123 mib-view View_ALL //Configure a write community name and set the rights of the MIB view. [SwitchA] snmp-agent trap source MEth0/0/1 //Specify the source interface for sending traps. Here, a management interface is specified as the source interface. [SwitchA] snmp-agent trap enable //Enable the trap function to report alarms. Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:y [SwitchA] snmp-agent target-host trap address udp-domain 192.168.10.10 params securityname Public123 v2c //Set the eSight IP address to 192.168.10.10, securityname to Public123, and version to v2c. [SwitchA] snmp-agent protocol source-interface MEth0/0/1 //This step must be performed in V200R020 and later versions. Otherwise, the switch cannot connect to the NMS.
- Create subnets.
- Choose Resource > Resource Management > Equipment Resources from the main menu.
- On the Subnet page, click
.
- In the dialog box that is displayed, enter the subnet name and description, and click OK.
Repeat the steps to create the other two subnets.
- Choose Resource > Resource Management > Equipment Resources from the main menu.
- Set grouping rules.
- Choose Resource > Resource Management > Group Management from the main menu.
- In the navigation tree, choose Device Group and click
next to User Defined Groups.
- Click
under Dynamic Rules to set grouping rules.
- Set the rule name to rule_01.
- Select satisfy all conditions.
- Set the dynamic rule to IP address startwith 192.168.11.0.
- Click
next to the dynamic rule. A line is displayed under the dynamic rule. Set the other dynamic rule to IP address endwith 192.168.11.255.
- Choose Resource > Resource Management > Group Management from the main menu.
- Create an SNMP template on eSight.
- Choose Resource > Resource Management > Protocol Template from the main menu.
- In the navigation tree, choose SNMP Template and click
.
- Set parameters in the SNMP template according to Data Plan and click OK.
- Choose Resource > Resource Management > Protocol Template from the main menu.
- Use the automatic device discovery function to add devices to eSight.
- Choose Resource > Add Device > Automatic from the main menu.
- Specify start and end IP addresses of network segments and add them to subnets.
Click Add Another Network Segment, specify start and end IP addresses of the network segment and add it to the corresponding subnet.
- Choose Resource > Add Device > Automatic from the main menu.
- Adjust the topology layout.
- Choose Monitor > Topology > Topology Management from the main menu.
- On the Physical topology page, adjust the device locations.
- Click
to save the new locations of the devices in the topology.
.
next to 
under 
to save the new locations of the devices in the topology.Verification
- Check devices on subnets.
Choose Monitor > Topology > Topology Management from the main menu.
Double-click the icon of subnet_finance in the topology to display the subnet topology. Check whether all the devices in the finance Dept are added to the subnet. If so, the operations are correct. Perform similar steps to check the other two subnets. If devices are not added to the corresponding subnet, check the IP address segments of the subnets.
- Check grouping of devices.
Choose Resource > Resource Management > Group Management from the main menu.
- Choose . Check whether all the devices in the service group 1 of R&D Dept A are added to the group. If so, the operations are correct. Perform similar steps to check the other four groups. If devices are not added to the corresponding group, check whether the devices are added to eSight and whether grouping rules are correctly set.
Configuration Files
# sysname SwitchA # snmp-agent snmp-agent local-engineid 800007DB03845B12365950 snmp-agent community read cipher %^%#^<EfW&psB6Sq.z=!kAd0yrsa+T(Z\7_,LZUV*~Q2o>S:$Ct;'PVHc#KVls(D|F6=F=|N!V7z2t0T%qT!%^%# mib-view View_ALL snmp-agent community write cipher %^%#FMFL9TM5nPTV&1-+s@lH&|HE.hk5Q-isz@#$_fsTMFx!$/LXJT}p$RW"#"jFEM5ODoOYm<(eT4Y$X1>R%^%# mib-view View_ALL snmp-agent sys-info version v2c v3 snmp-agent target-host trap address udp-domain 192.168.10.10 params securityname cipher %^%#N'IcKJw$k>4C65.vzU%W=unvQwizfXBLv^QXV~Q4%^%# v2c snmp-agent mib-view included View_ALL iso snmp-agent trap source MEth0/0/1 snmp-agent trap enable snmp-agent protocol source-interface MEth0/0/1 # return