No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Installation Guide

OceanStor 5000, 5000F, 6000, and 6000F V5 Series V500R007

This document is applicable to OceanStor 5110 V5, 5110F V5, 5300 V5, 5300F V5, 5500 V5, 5500F V5, 5600 V5, 5600F V5, 5800 V5, 5800F V5, 6800 V5, and 6800F V5 storage systems. It describes hardware installation of those storage systems for helping you easily and quickly finish the installation.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring SNMP

Configuring SNMP

After configuring SNMP, you can query and configure storage system information and receive alarm information about the storage system. There are SNMPv1, SNMPv2c, and SNMPv3 protocols. This section describes how to configure them.

A third-party network management tool must meet the following configuration requirements:

  • If SNMPv1 or SNMPv2c is used, the community strings used by the tool must be the same as those configured on the storage system.
  • If SNMPv3 is used, the SNMPv3 user name, authentication protocol, and encryption protocol used by the tool must be the same as those configured on the storage system.

SNMP Configuration Process

This section describes the SNMP configuration process.

Figure 10-21 shows the SNMP configuration flowchart.

Figure 10-21 SNMP configuration flowchart

Configuring a Port Number for the SNMP Service

This section describes how to configure a port number for the SNMP service. The default port number of the SNMP service is 161. If you use the default port number, skip this section.

Prerequisites

The storage system runs properly.

Procedure
  1. Log in to the CLI of the storage system. For details, see Logging In to the CLI of the Storage System (User Name + Password).
  2. Run the change snmp port port_number=port number command to configure a port number for the SNMP service.

    For example, the following command configures port number 20000 for the SNMP service:

    admin:/>change snmp port port_number=20000 
    WARNING: You are about to change the listening port of the SNMP service. This operation may cause the restart of the SNMP service and use the newly configured listening port. 
    Suggestion: Before you perform this operation, disconnect the network management software and SNMP service. After the configuration is successful, use the new port to connect to SNMP service. 
    Have you read warning message carefully?(y/n)y 
     
    Are you sure you really want to perform the operation?(y/n)y 
    Command executed successfully. 
    admin:/>
    NOTE:

    The default value of port number is 161, and the value ranges from 20000 to 20100.

  3. Run show snmp port to query the port number.

    The command output is as follows:

    admin:/>show snmp port 
     
      SNMP Listening Port : 20000  
    admin:/>

Enabling the SNMP Function (Applicable to SNMPv1 and SNMPv2c)

Before using SNMPv1 or SNMPv2c, enable the SNMP function. If you want to use SNMPv3, skip this section.

Prerequisites

You have logged in to the CLI of the storage system.

Context

There are SNMPv1, SNMPv2c, and SNMPv3 protocols. The storage system supports SNMPv3 by default. SNMPv1 and SNMPv2c are disabled because of their low security.

Procedure
  1. Run change snmp version v1v2c_switch=On to enable SNMPv1 and SNMPv2c.

    The command output is as follows:

    admin:/>change snmp version v1v2c_switch=On 
    CAUTION: You are about to enable SNMPv1 and SNMPv2c. But you are advised to use the secure SNMPv3 protocol only. 
    Do you wish to continue?(y/n)y 
    Command executed successfully. 
    admin:/>     

  2. Run show snmp version to check whether the change takes effect.

    The command output is as follows:

    admin:/>show snmp version 
     
      SNMP V1V2C Switch : On 
    admin:/>     

    If SNMP V1V2C Switch is On in the command output, the storage system supports SNMPv1 and SNMPv2c.

Configuring SNMP Community Strings (Applicable to SNMPv1 and SNMPv2c)

If SNMPv1 or SNMPv2c is used, you must configure SNMP community strings on the storage system for interworking with a third-party network management tool. If you use the default SNMP community strings, skip this section.

Prerequisites

You have logged in to the CLI of the storage system.

Context

If you use SNMPv1 or SNMPv2c, you must configure community strings. A third-party network management tool uses community strings to interwork with the SNMP service of the storage system.

On a storage system, the default SNMP read community string is storage_public and the default write community string is storage_private.

Procedure
  1. Run change snmp community read_community=********* write_community=********* to configure community strings.

    NOTE:

    When you enter a community string, asterisk signs (*) are displayed. Remember or record the community string.

    Parameter

    Description

    Usage Guidelines

    read_community

    Read-only community string that is used for reading device information. To obtain the security policy of the password, run the show snmp safe_strategy command.

    To ensure system security, change the community strings when you log in to the system for the first time.

    • The default read-only community string is "storage_public", read-write community string is "storage_private".
    • The community is subject to the following conditions:
      • The community consists of 4 to 32 characters and is case sensitive. Its length can be changed running the change snmp safe_strategy command.
      • The community must comply the password complexity requirements:
    • When password complex is "Normal", the community must contain special characters and at least two types of the following characters: uppercase letters, lowercase letters, and digits.
    • When password complex is "High", the community must contain special characters, uppercase letters, lowercase letters, and digits.
    • When password complex is "Low", the community must contain any types of the following characters: special characters, uppercase letters, lowercase letters and digits.
      • The read-only community must be different from the read-write community.
    NOTE:
    • To ensure compatibility, the system still supports SNMPv1 and SNMPv2c. To ensure data security, it is strongly recommended to use SNMPv3.
    • You can use the change snmp safe_strategy command to change the policies of community.
    • The special characters including ` ~ ! @ # $ % ^ & * ( ) - _ = + \ | [ { } ] ; : ' " , < . > / ? and space.

    write_community

    Read-write community string that is used for reading or writing device information. To obtain the security policy of the password, run the show snmp safe_strategy command.

  2. Use the third-party network management tool to verify that the community strings can be used to interwork with the storage system.

Adding a USM User (Applicable to SNMPv3)

This operation enables you to add a USM user.

Procedure
  1. Log in to DeviceManager.
  2. Choose Settings > Alarm Settings > USM User Management.
  3. Click Add.

    The Add USM User dialog box is displayed.

  4. Set USM parameters. For related parameters, see Table 10-22.

    Table 10-22 USM User parameters

    Parameter

    Description

    Value

    Username

    Name of a USM user

    [Rules]

    The user name is a 4 to 32 character string, can contain only letters, digits, underscores (_), and hyphens (-), and must start with a letter.

    [Example]

    usm001

    User authentication

    Whether to enable user authentication

    [Default Value]

    Enable

    Authentication Protocol

    Authentication protocols of a USM user including MD5 and SHA

    [Default Value]

    SHA

    Authentication Password

    Authentication password of a USM user

    [Default Rules]

    The password must meet the following complexity requirements:

    • Contains 6 to 32 characters.
    • Must contain special characters. Special characters include !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and spaces.
    • Must contain two uppercase letters, lowercase letters, and digits.
    • Must contain any two types of uppercase letters, lowercase letters, and digits.
    • Cannot be the same as the user name or reversed user name.
    NOTE:

    You can run change snmp safe_strategy on the CLI to change the default rules.

    [Example]

    usmuser@123

    Confirm Authentication Password

    Confirming authentication password of a USM user

    [Example]

    usmuser@123

    Data encryption

    Whether to enable data encryption

    [Default Value]

    Enable

    Encryption Protocol

    Encryption protocols of a USM user including DES, 3DES and AES

    NOTE:

    Security performance order of three encryption protocols is as follows: AES > 3DES > DES. For security purposes, you are advised to select AES.

    [Default Value]

    AES

    Data encryption password

    Password used by a USM user to encrypt data

    [Default Rules]

    The password must meet the following complexity requirements:

    • Contains 6 to 32 characters.
    • Must contain a special character, such as a space or one of the following: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ ` { _ | } ~.
    • Must contain any two types of uppercase letters, lowercase letters, and digits.
    • Cannot be the same as the user name or reversed user name.
    NOTE:

    You can run change snmp safe_strategy on the CLI to change the default rules.

    [Example]

    dataencrypt@123

    Confirm data encryption password

    Confirming that USM users used data encryption password

    [Example]

    dataencrypt@123

    User level

    User level of a USM user, including Read-write and Read-only

    [Default Value]

    Read-write

  5. Click OK.
  6. Click Save.

    The Execution Result dialog box is displayed, indicating that the operation succeeded.

  7. Click Close.

Adding a Trap Server Address

To report alarm and event messages to specific network management systems or storage devices, add server addresses for those systems or devices.

Prerequisites
  • The SNMP service has been enabled on the storage system. If the service has not been enabled, run the change snmp status command in the developer view to enable it. For details about how to use the command, see the OceanStor 5000, 5000F, 6000, and 6000F V5 Series V500R007 Advanced O&M Command Reference.
  • The server has enabled the SNMP service.
  • A USM user has been created. For details about how to create a USM user, see Adding a USM User (Applicable to SNMPv3).
  • A storage system only sends the alarms and events generated after the trap server is configured and does not send alarms or events generated before the configuration.
  • Before configuring a domain name for the server, ensure that the DNS server can communicate normally with the storage array or third-party server.
Context

Trap is a type of Simple Network Management Protocol (SNMP) message that indicates the occurrence of an event. These types of messages are sent using User Datagram Protocol (UDP) and are not reliable.

DeviceManager provides the trap function to send the alarm and event messages of managed storage devices to another network management system or to a device at a specific server address. If alarm and event messages are reported in SNMP mode, you must configure trap server addresses.

NOTE:

To enable the trap function, install the associated software on application servers. For example, you must install MIB interface software on the application servers that run Windows 2003. To download the software, click this (Link), and see MIB_Interface_File_Usage_Guide to download software.

Procedure
  1. Log in to DeviceManager.
  2. Choose Settings > Alarm Settings.
  3. Add trap server addresses.

    1. In the navigation tree, choose Trap Server Address Management.
    2. Click Add.

      The Add Server IP Address dialog box is displayed.

    3. Set parameters for creating trap server addresses. Table 10-23 lists related parameters.
      Table 10-23 Server address parameters

      Parameter

      Description

      Setting

      Server IP Address

      Address of a network management system or storage device for receiving alarm and event messages.

      [Value range]

      • An IPv4 address has the following requirements:
        • The 32-bit address is evenly divided into four fields. Each 8-bit field is expressed in dotted-decimal.
        • Each field of the IP address cannot be blank and must be an integer.
        • The value of the first field ranges from 1 to 223 (excluding 127).
        • The values of other fields range from 0 to 255.
        • The IP address cannot be a special address such as the broadcast address.
      • An IPv6 address has the following requirements:
        • The 128-bit address is evenly divided into eight fields. Each 16-bit field is expressed as four hexadecimal digits. The fields are separated by colons.
        • In each 16-bit field, zeros before integers can be removed. However, at least one digit must be reserved in each field.
        • If the IP address contains a long string of zeros, you can represent the neighboring zeros with double colons (::) in the colon-separated hexadecimal field. Each IP address contains only one double-colon (::). The double-colon (::) can also be used to represent neighboring zeros of the IP address.
        • The IP address cannot be a special address such as a network address, loop address, or multicast address.

      [Example]

      192.168.100.11

      fc00::1234

      Port

      Port for receiving alarm and event messages on the network management system or storage device.

      [Value range]

      1 to 65535

      [Example]

      2234

      Version

      SNMP version of a network management system or storage device. The possible value can be SNMPv1, SNMPv2c, or SNMPv3.

      NOTE:

      To ensure the data security, you are advised to use SNMPv3.

      [Example]

      SNMPv3

      USM User

      The user report alarms and events from SNMP.

      [Example]

      usm001

      Type

      Type of an alarm or event sent by a storage device to the trap server.

      • Parsed: parsed alarms and events whose IDs correspond to the same object identifier (OID).
      • Original: alarms and events that have not been parsed.
      • Parsed alarm oid: parsed alarms and events whose IDs correspond to different OIDs.
      • Parsed time string: parsed alarms and events whose IDs correspond to the same OID. The data type of the event fields generated by alarms and events is OCTET STRING.
      • Original time string: original alarms and events that have not been parsed. The data type of alarm and event occurring time (character string) and clearing time (character string) is OCTET STRING.
      • All: alarms and events including the Parsed, Original, and Parsed alarm oid ones.
      NOTE:
      • Parsed and original are two forms of one alarm or event. An alarm or event in the original form carries only original alarm or event parameters, whereas an alarm or event in the parsed form is readable and processed based on the original form.
      • When the value of Version is SNMPv1, the value of Type cannot be Parsed alarm oid.

      [Example]

      Parsed

    4. Click OK.

  4. Confirm the creation of trap server addresses.

    1. Click Save.

      The Execution Result dialog box is displayed, indicating that the operation succeeded.

    2. Click Close.

Follow-up Procedure

A storage device can send multiple types of alarms to the trap server and each alarm has its own push format. For details, click this (https://support.huawei.com/enterprise/en/bulletins-service/NEWS2000000899/), and see Instructions for the MIB Interfaces of the corresponding product model.

Translation
Download
Updated: 2019-07-11

Document ID: EDOC1000181531

Views: 100643

Downloads: 948

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next