No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Administrator Guide

OceanStor 2800 V5 V500R007

This document is applicable to OceanStor 2800 V5. Routine maintenance activities are the most common activities for the storage device, including powering on or off the storage device, managing users, modifying basic parameters of the storage device, and managing hardware components. This document is intended for the system administrators who are responsible for carrying out routine maintenance activities, monitoring the storage device, and rectifying common device faults.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Managing Trap Notification

Managing Trap Notification

You can modify the addresses that receive trap alarm notifications based on service requirements. The storage system's alarm information will be sent to the network management systems or other storage systems specified by the trap servers.

Managing SNMP Community Strings

If SNMPv1 or SNMPv2c is used, you must configure SNMP community strings on the storage system for interworking with a third-party network management tool. To ensure SNMPv1 and SNMPv2c protocol security, you are advised to maintain the SNMP community strings regularly.

Prerequisites

You have logged in to the CLI of the storage system.

Context

If you use SNMPv1 or SNMPv2c, you must configure community strings. A third-party network management tool uses community strings to interwork with the SNMP service of the storage system.

On a storage system, the default SNMP read-only community string is storage_public and the default read-write community string is storage_private.

Procedure
  1. Run change snmp community read_community=********* write_community=********* to modify community strings.

    NOTE:

    When you enter a community string, asterisk signs (*) are displayed. Remember or record the community string.

    Parameter

    Description

    Usage Guidelines

    read_community

    Read-only community string that is used for reading device information. To obtain the security policy of the password, run the show snmp safe_strategy command.

    To ensure system security, change the community strings when you log in to the system for the first time.

    • The default read-only community string is storage_public, read-write community string is storage_private.
    • The communities are subject to the following conditions:
      • The community consists of 4 to 32 characters and is case sensitive. Its length can be changed running the change snmp safe_strategy command.
      • The community must comply the password complexity requirements:
    • When password complexity is Normal, the community must contain special characters and at least two types of the following characters: uppercase letters, lowercase letters, and digits.
    • When password complexity is High, the community must contain special characters, uppercase letters, lowercase letters, and digits.
    • When password complexity is Low, the community must contain any types of the following characters: special characters, uppercase letters, lowercase letters and digits.
      • The read-only community must be different from the read-write community.
    NOTE:
    • To ensure compatibility, the system still supports SNMPv1 and SNMPv2c. To ensure data security, it is strongly recommended to use SNMPv3.
    • You can use the change snmp safe_strategy command to change the policies of community.
    • The special characters including ` ~ ! @ # $ % ^ & * ( ) - _ = + \ | [ { } ] ; : ' " , < . > / ? and space.

    write_community

    Read-write community string that is used for reading or writing device information. To obtain the security policy of the password, run the show snmp safe_strategy command.

  2. Use the third-party network management tool to verify that the community strings can be used to interwork with the storage system.

Managing USM Users

If SNMPv3 is used, USM users are used to access upper-level external network management systems (such as the SNMP network management system). To ensure SNMPv3 protocol security, you are advised to maintain the USM user list regularly.

Procedure
  1. Log in to DeviceManager.
  2. Choose Settings > Alarm Settings > USM User Management.
  3. Manage USM users. Table 5-19 details the operations.

    Figure 5-10 USM user management
    Table 5-19 Relevant operations

    Operation

    Procedure

    Adding a USM user

    1. Click Add. The Add USM User dialog box is displayed.
    2. Set USM parameters. For related parameters, see Table 5-20.
    3. Click OK.
    4. The USM user list displays the newly added USM user.

    Modifying a USM user

    1. Select the USM user that you want to modify and click Modify.
    2. The Modify USM User dialog box is displayed.
    3. Modify USM parameters. Table 5-20 describes the related parameters.
    4. Click OK.
    5. The USM user list displays the modified USM user.

    Removing a USM user

    Select the USM user that you want to remove and click Remove.

    Table 5-20 USM user parameters

    Parameter

    Description

    Value

    Username

    Name of a USM user

    [Rules]

    Username is a 4 to 32 character string, can contain only letters, digits, underscores (_), and hyphens (-), and must start with a letter.

    [Example]

    usm001

    User Authentication

    Whether to enable user authentication

    [Default Value]

    Enable

    Authentication Protocol

    Authentication protocols of a USM user including MD5 and SHA

    NOTE:

    SHA is more secure than MD5. For security purposes, you are advised to select SHA for authentication.

    [Default Value]

    SHA

    Authentication Password

    Authentication password of a USM user

    [Default Rules]

    The password must meet the following complexity requirements:

    • Contains 6 to 32 characters.
    • Must contain special characters. Special characters include !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and spaces.
    • Must contain two types of the following characters: uppercase letters, lowercase letters, and digits.
    • Cannot be the same as the username or the username written backwards.
    NOTE:

    You can modify the default rule through CLI command change snmp safe_strategy.

    [Example]

    usmuser@123

    Confirm Authentication Password

    Confirming authentication password of a USM user

    [Example]

    usmuser@123

    Data Encryption

    Whether to enable data encryption

    [Default Value]

    Enable

    Encryption Protocol

    Encryption protocols of a USM user including 3DES, DES, and AES.

    NOTE:

    Security performance order of the three encryption protocols is as follows: AES > 3DES > DES. For security purposes, you are advised to select AES.

    [Default Value]

    AES

    Data Encryption Password

    Password used by a USM user to encrypt data

    [Default Rules]

    The password must meet the following complexity requirements:

    • Contains 6 to 32 characters.
    • Must contain special characters. Special characters include !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and spaces.
    • Must contain two types of the following characters: uppercase letters, lowercase letters, and digits.
    • Cannot be the same as the username or the username written backwards.
    NOTE:

    You can modify the default rule through CLI command change snmp safe_strategy.

    [Example]

    dataencrypt@123

    Confirm Data Encryption Password

    Confirming that USM users used data encryption password

    [Example]

    dataencrypt@123

    User Level

    User level of a USM user, including Read-write and Read-only.

    [Default Value]

    Read-write

  4. Click Save.

    The Execution Result dialog box is displayed.

  5. Click Close.

Managing Trap Server Addresses

To ensure that the storage system's alarm information can be sent to the application servers or maintenance terminals specified by the trap servers in a timely manner, you are advised to maintain the trap server addresses regularly.

Prerequisites
  • The SNMP service has been enabled on the storage system. If the service has not been enabled, run the change snmp status command in the developer view to enable it. For details about how to use the command, see Advanced O&M Command Reference.
  • The server has enabled the SNMP service.
  • The USM user has been created.
  • For sending alarms to the trap server, a storage system only sends the alarms generated after the trap server is configured and does not send alarms generated before the configuration.
  • Before configuring a domain name for the server, ensure that the DNS server can communicate normally with the storage array or third-party server.
  • If the server address is not on the management network segment, configure routes to interconnect the storage devices with the servers linked to the server addresses.

Before changing server addresses, ensure that no alarm message is being reported to network management systems or storage devices linked to those addresses. Alarm messages being reported at the time of the change will be lost.

Context
  • Trap is a Simple Network Management Protocol (SNMP) message type used to indicate the occurrence of an event. These types of messages are sent to a recipient using User Datagram Protocol (UDP) and are not reliable. Specify trap service addresses if SNMP is used to report alarm messages.
  • DeviceManager provides the trap function to send the alarm messages of managed storage devices to another network management system or to a device at a specific server address. If alarm messages are reported in SNMP mode, you must configure Trap server addresses.
    NOTE:

    To enable the trap function, install the MIB interface software on application servers. To download the software, click this (https://support.huawei.com/enterprise/en/bulletins-service/NEWS2000000899/), and see MIB Interface File Usage Guide to download software.

  • To report alarm messages to other network management systems or storage devices, add or change the existing server addresses to the server addresses of those systems or devices.
Procedure
  1. Log in to DeviceManager.
  2. Choose Settings > Alarm Settings > Trap Server Address Management.
  3. Manage trap server addresses. Table 5-21 details the operations.

    Figure 5-11 Trap server address management area

    Table 5-21 Relevant operations

    Operation

    Procedure

    Adding a server IP address

    1. Click Add.
    2. The Add Server Address dialog box is displayed.
    3. Set the parameters for creating trap server addresses. Table 5-22 lists related parameters.
    4. Click OK.
    5. The server list displays the newly added server IP address.

    Modifying a server IP address

    1. In the trap server address list, select the trap server address that you want to change and click Modify.
    2. The Modify Server Address dialog box is displayed.
    3. Change the trap server address. Table 5-22 lists related parameters.
    4. Click OK.
    5. The server list displays the modified server IP address.

    Removing a server IP address

    In the list, select a server address that you want to remove and click Remove.

    Table 5-22 Trap server parameters

    Parameter

    Description

    Example Value

    Server Address

    The address of a network management system or storage device for receiving alarm messages.

    [Value range]

    • An IPv4 address has the following requirements:
      • The 32-bit address is evenly divided into four fields. Each 8-bit field is expressed in dotted-decimal.
      • Each field of the IP address cannot be blank and must be an integer.
      • The value of the first field ranges from 1 to 223 (excluding 127).
      • The values of other fields range from 0 to 255.
      • The IP address cannot be a special address such as the broadcast address.
    • An IPv6 address has the following requirements:
      • The 128-bit address is evenly divided into eight fields. Each 16-bit field is expressed in four hexadecimal numbers and separated with colons.
      • In each 16-bit field, zeros before integers can be removed. However, at least one digit must be reserved in each field.
      • If the IP address contains a long string of zeros, you can represent the neighboring zeros with double colons (::) in the colon-separated hexadecimal field. Each IP address contains only one double-colon (::). The double-colon (::) can also be used to represent neighboring zeros of the IP address.
      • The IP address cannot be a special address such as a network address, loop address, or multicast address.
    • The domain name has the following requirements:
      • A domain name is not case-sensitive and must be an English domain name.
      • An English domain name contains 1 to 255 characters.
      • An English domain name can only contain letters (a to z, A to Z), digits (0 to 9), dots (.), and hyphens (-). It cannot start or end with a hyphen (-).

    [Example]

    192.168.100.11

    fc00::1234

    www.test.com

    Port

    Port for receiving alarm messages on the network management system or storage device.

    [Value range]

    The value ranges from 1 to 65535.

    [Example]

    2234

    Version

    SNMP version of a network management system or storage device. The possible value can be SNMPv1, SNMPv2c, or SNMPv3.

    NOTE:

    To ensure data security, you are advised to use SNMPv3.

    [Example]

    SNMPv3

    USM User

    The user reporting alarms from SNMP.

    [Example]

    usm001

    Type

    Type of an alarm sent by a storage device to the trap server.

    • Parsed: parsed alarms whose alarm IDs correspond to the same object identifier (OID).
    • Original: alarms that have not been parsed.
    • Parsed alarm oid: parsed alarms whose alarm IDs correspond to different OIDs.
    • Parsed time string: parsed alarms whose alarm IDs correspond to the same OID. The data type of the event fields generated by alarms is OCTET STRING.
    • Original time string: original alarms that have not been parsed. The data type of alarm occurring time (character string) and alarm clearing time (character string) is OCTET STRING.
    • All: all alarms including the Parsed, Original, and Parsed alarm oid alarms.
    NOTE:
    • Parsed and Original are two forms of one alarm. An alarm in the Original form carries only original alarm parameters, whereas an alarm in the Parsed form is readable and processed based on the Original form.
    • When the value of Version is SNMPv1, the value of Type cannot be Parsed alarm oid.

    [Example]

    Parsed

  4. Click Save.

    The Execution Result dialog box is displayed.

  5. Click Close.
Follow-up Procedure

A storage device can send multiple types of alarms to the trap server and each alarm has its own push format. For details, click this (https://support.huawei.com/enterprise/en/bulletins-service/NEWS2000000899/), and see Instructions for the MIB Interfaces of the corresponding product model.

Translation
Download
Updated: 2019-07-11

Document ID: EDOC1000181576

Views: 18664

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next