No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Operation Guide 09

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
FAQs

FAQs

This section describes questions frequently asked by users, helping users rectify problems in a timely manner.

Configuring Device Parameters

Configuring the SNMP Protocol on Devices

The SNMP protocol is used to add devices to eSight. SNMP parameters on devices must be the same as those on eSight.

  • The alarm management of eSight does not support the SNMPv1. To manage device alarms using the eSight, use the SNMPv2c or SNMPv3.
  • SNMPv1 and SNMPv2c are not secure, and may have security risks. You are advised to use the more secure SNMPv3.

The following uses Huawei S5720-52X-PWR-SI-AC V200R011C10 as an example to describe the configuration. For other device models, see the configuration manual.

NOTE:

The commands may differ depending on the device model. When configuring a command, you are advised to enter a question mark (?). The associated command is displayed automatically. The following is an example.

[Device] snmp-agent usm-user v3 snmpv3user ?
  • SNMPv3
    <Device> system-view
    [Device] snmp-agent sys-info version v3
    [Device] snmp-agent mib-view included  View_ALL iso    // View_ALL indicates the name of the MIB view. To ensure that eSight can properly manage devices (for example, discover device links through the LLDP protocol), the MIB view must contain the iso node.
    [Device] snmp-agent group v3 snmpv3group privacy write-view View_ALL notify-view View_ALL   //snmpv3group indicates the configured user group. Set the name of the write view and notification view to View_ALL. By default, the write view has the read permission and you do not need to set read-view. The notification view is used to restrict the MIB node that sends alarms to eSight.
    [Device] snmp-agent usm-user v3 snmpv3user group snmpv3group   //snmpv3user indicates the configured user name, which is the same as the eSight security name. The security level of a user cannot be lower than that of the user group to which the user belongs. Otherwise, the communication fails. For example, if the security level of user group snmpv3group is set to privacy, the security level of user snmpv3user must be authentication and encryption.
    [Device] snmp-agent usm-user v3 snmpv3user authentication-mode sha   //Set the authentication protocol and password of the user, which are the same as those of eSight.
    [Device] snmp-agent usm-user v3 snmpv3user privacy-mode aes128   // Set the encryption protocol and password of the user, which must be the same as those of eSight.
    [Device] snmp-agent trap enable
    Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:Y
    [Device] snmp-agent target-host trap address udp-domain 10.10.10.10 source GigabitEthernet 0/0/1 udp-port 162 params securityname snmpv3user v3 privacy   //10.10.10.10 is the IP address of the eSight server. If the southbound and northbound network isolation solution is used, this IP address is the southbound IP address of eSight.) GigabitEthernet 0/0/1 is the configured interface for reporting device trap packets. 162 is the port number of trap packets. You are advised not to change the port number to other values. To change the port number, contact Huawei technical support. Set securityname to the user name.
    [Device] snmp-agent packet max-size 12000   //Set the maximum size of an SNMP packet that can be received and sent by the device to 12000 bytes. By default, the maximum size of an SNMP packet is 12000 bytes. Since this parameter may be modified, you need to reset this parameter.
    [Device] quit
    <Device> save
  • SNMPv2c
    <Device> system-view
    [Device] snmp-agent sys-info version v2c
    [Device] snmp-agent mib-view included View_ALL iso   //View_ALL indicates the name of the MIB view. To ensure that eSight can properly manage devices (for example, discover device links through the LLDP protocol), the MIB view must contain the iso node.
    [Device] snmp-agent community read cipher Public_123 mib-view View_ALL   //Public_123 is the specified read community. The value must be the same as Read community on eSight. 
    [Device] snmp-agent community write cipher Private_123 mib-view View_ALL   //Private_123 is the specified write community. The value must be the same as Write community on eSight.
    [Device] snmp-agent trap enable
    Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:Y
    [Device] snmp-agent target-host trap address udp-domain 10.10.10.10 source GigabitEthernet 0/0/1 udp-port 162 params securityname Public_123 v2c privacy   //10.10.10.10 is the IP address of the eSight server. If the southbound and northbound network isolation solution is used, this IP address is the southbound IP address of eSight.) GigabitEthernet 0/0/1 is the configured interface for reporting device trap packets. 162 is the port number of trap packets. You are advised not to change the port number to other values. To change the port number, contact Huawei technical support. Set securityname to the read community.
    [Device] snmp-agent packet max-size 12000   //Set the maximum size of an SNMP packet that can be received and sent by the device to 12000 bytes. By default, the maximum size of an SNMP packet is 12000 bytes. Since this parameter may be modified, you need to reset this parameter.
    [Device] quit
    <Device> save
  • SNMPv1
    <Device> system-view
    [Device] snmp-agent sys-info version v1
    [Device] snmp-agent mib-view included View_ALL iso   //View_ALL indicates the name of the MIB view. To ensure that eSight can properly manage devices (for example, discover device links through the LLDP protocol), the MIB view must contain the iso node.
    [Device] snmp-agent community read cipher Public_123 mib-view View_ALL   //Public_123 is the specified read community. The value must be the same as Read community on eSight. 
    [Device] snmp-agent community write cipher Private_123 mib-view View_ALL   //Private_123 is the specified write community. The value must be the same as Write community on eSight.
    [Device] snmp-agent trap enable
    Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:Y
    [Device] snmp-agent target-host trap address udp-domain 10.10.10.10 source GigabitEthernet 0/0/1 udp-port 162 params securityname Public_123 v1 privacy   //10.10.10.10 is the IP address of the eSight server. If the southbound and northbound network isolation solution is used, this IP address is the southbound IP address of eSight.) GigabitEthernet 0/0/1 is the configured interface for reporting device trap packets. 162 is the port number of trap packets. You are advised not to change the port number to other values. To change the port number, contact Huawei technical support. Set securityname to the read community.
    [Device] snmp-agent packet max-size 12000   //Set the maximum size of an SNMP packet that can be received and sent by the SNMP Agent to 12000 bytes. By default, the maximum size of an SNMP packet is 12000 bytes. Since this parameter may be modified, you need to reset this parameter.
    [Device] quit
    <Device> save
Configuring Telnet Parameters on Devices

Telnet parameters are configured on devices to ensure that eSight can deliver configurations to them. Telnet parameters on devices must be the same as those on eSight.

Telnet is not secure, and may have security risks. You are advised to use the more secure SSH.

The STelnet protocol provides the same functions as the SSH protocol. The detailed configurations are not mentioned here.

The following uses Huawei S5720-52X-PWR-SI-AC V200R011C10 as an example to describe the configuration. For other device models, see the configuration manual.

  • sTelnet
    <Device> system-view
    [Device] dsa local-key-pair create   //Set the length of the key pair to 2048.
    [Device] user-interface maximum-vty 15   //Set the maximum number of VTY user interfaces to 15.
    [Device] user-interface vty 0 14
    [Device-ui-vty0-14] authentication-mode aaa
    [Device-ui-vty0-14] protocol inbound ssh
    [Device-ui-vty0-14] quit
    [Device] aaa
    [Device-aaa] local-user sshuser password irreversible-cipher Changeme123   //Set the user name to sshuser, which must be the same as User name on eSight. Set the password to Changeme123, which must be the same as Password on eSight.
    [Device-aaa] local-user sshuser service-type ssh
    [Device-aaa] local-user sshuser privilege level 15   //Set the STelnet permission of the user to the highest level 15. You are advised to set the STelnet permission based on actual needs.
    [Device-aaa] quit
    [Device] ssh user sshuser authentication-type password
    [Device] stelnet server enable
    [Device] ssh user sshuser service-type stelnet
    [Device] quit
    <Device> save
  • Telnet
    <Device> system-view
    [Device] telnet server enable
    [Device] user-interface maximum-vty 15   //Set the maximum number of VTY user interfaces to 15.
    [Device] user-interface vty 0 14
    [Device-ui-vty0-14] protocol inbound telnet
    [Device-ui-vty0-14] shell
    [Device-ui-vty0-14] authentication-mode aaa
    [Device-ui-vty0-14] quit
    [Device] aaa
    [Device-aaa] local-user sshuser password irreversible-cipher Changeme123   //Set the user name to sshuser, which must be the same as User name on eSight. Set the password to Changeme123, which must be the same as Password on eSight.
    [Device-aaa] local-user sshuser service-type telnet
    [Device-aaa] local-user sshuser privilege level 15   //Set the STelnet permission of the user to the highest level 15. You are advised to set the STelnet permission based on actual needs.
    [Device-aaa] quit
    [Device] quit
    <Device> save
Configuring the LLDP Protocol on Devices

After the LLDP protocol is configured on devices, LLDP links are automatically added to eSight.

The following uses Huawei S5720-52X-PWR-SI-AC V200R011C10 as an example to describe the configuration. For other device models, see the configuration manual.

<Device> system-view
[Device] lldp enable
[Device] quit
<Device> save
Configuring the NETCONF Protocol on Devices

If the NETCONF protocol is configured on network devices, eSight can manage them with higher security and scalability. NETCONF parameters on devices must be the same as those on eSight.

This section uses Huawei CloudEngine 12800 V200R002C20 as an example to describe basic commands for setting NETCONF parameters on the devices. For commands of other device models, see the configuration manual.

<Device> system-view
[Device] interface GigabitEthernet 1/0/1   //Set GigabitEthernet 0/0/1 as the management interface of the NETCONF agent.
[Device-GigabitEthernet1/0/1] ip address 10.10.10.10 24   //Set the IP address of the management interface of the NETCONF agent to 10.10.10.10.
[Device-GigabitEthernet1/0/1] quit
[Device] ssh user netconfuser   //Set the user name to netconfuser, which must be the same as User name on eSight.
[Device] aaa
[Device-aaa] local-user netconfuser password irreversible-cipher Changeme123   //Set the password to Changeme123, which must be the same as New password on eSight.
[Device-aaa] local-user netconfuser service-type ssh
[Device-aaa] local-user netconfuser level 15   //Set the NETCONF permission of the user to the highest level 15. You are advised to set the NETCONF permission based on the site requirements.
[Device-aaa] quit
[Device] ssh server cipher 3des_cbc aes128_cbc aes128_ctr aes256_cbc aes256_ctr arcfour128 arcfour256 blowfish_cbc des_cbc   //Set the encryption algorithm list on the SSH server.
[Device] ssh user netconfuser authentication-type password
[Device] ssh user netconfuser service-type snetconf
[Device] snetconf server enable
[Device] commit
Configuring NetStream Parameters on Devices

NetStream parameters are configured on devices to enable them to output traffic statistics to the NTC.

This section uses S9700 NetStream V5 as an example to describe basic commands for setting NetStream parameters on the S9700. For commands of other device models, see the configuration manual.

<Device> system-view
<Device> ip netstream export source 10.137.59.152   //Configure the source address for exporting NetStream packets. The IP address must already exist on the device and the device must use this IP address when it connects to eSight.
<Device> ip netstream export host 10.137.58.83 9995   //Configure the destination address and port for exporting the packets. Set ip-address to the IP address of the NTC. (If eSight is deployed in southbound and northbound isolation scenario, set this parameter to the southbound IP address of eSight.) Set port-number to the port number of the NTC. (The default port number is 9995 or 9996.)
<Device> ip netstream timeout active 60   //Configure the active flow aging time.
<Device> interface gigabitethernet  1/0/1
<Device-GigabitEthernet1/0/1> ip netstream inbound   //Configure the sampling direction. You are advised to enable NetStream in inbound direction of uplink and downlink interfaces or in both directions of the uplink or downlink interface.
<Device-GigabitEthernet1/0/1> ip netstream outbound
<Device-GigabitEthernet1/0/1> ip netstream sampler fix-packets 1200 inbound   //Configure the sampling mode to regular packet sampling. The default value is 1000 on S switches.
<Device-GigabitEthernet1/0/1> ip netstream sampler fix-packets 1200 outbound
<Device-GigabitEthernet1/0/1> quit
<Device> quit
<Device> save

How Do I Set SNMP Parameters on a PC

Question

How do I set SNMP parameters on a personal computer (PC)?

Answer
  • On the Windows Server 2008 operating system:
    1. Choose Start > Administrative Tools > Server Manager.
    2. In the Server Manager window, choose Features from the navigation tree.

    3. In the Features window, click Add Features.

      The Add Features Wizard dialog box is displayed.

    4. Select SNMP services, and click Next.

    5. Click Install. The system starts to install the SNMP service.

    6. Click Close.

    7. Choose Start > Administrative Tools > Services.
    8. In the Services window, right-click SNMP Service, and choose Properties from the shortcut menu.

      The SNMP Service Properties dialog box is displayed.

    9. Click the Security tab.

    10. Click Add.

      The SNMP Service Configuration dialog box is displayed.

    11. Set Community rights to READ ONLY and Community Name to public, and click Add.

    12. Click Add.

      The SNMP Service Configuration dialog box is displayed.

    13. Set Community rights to READ WRITE and Community Name to private, and click Add.

    14. Select Accept SNMP packets from any host, and click OK.

  • On the Linux operating system:
    1. Insert the SUSE Linux installation CD-ROM into the CD-ROM drive.
    2. Choose Computer > Install Software. The YaST2 interface is displayed.
    3. Click the Search tab, set the search criteria to SNMP, and click Search.

    4. Select SNMP components that you want to install, and click Accept.
    5. After installing the SNMP components, run the following command to open the SNMP configuration file:
      # vi /etc/snmp/snmpd.conf
    6. Query rocommunity and rwcommunity. The detailed settings are as follows:

      # on setting up groups and limiting MIBS.

      rocommunity public

      rwcommunity private

    7. Enter :wq and press Enter to save and close the SNMP configuration file.
    8. Access the init.d directory, and run the following command to restart the SNMP service:
      # ./snmpd restart

      The following information indicates that SNMP parameters have been set:

      Shutting down snmpd: 
      done 
      Starting snmpd
      NOTE:

      When SNMP parameter configuration is complete, add the server to eSight for management.

Can Devices Be Added on eSight Through the SNMP v2c When Only the Write Community Name Rather Than the Read Community Name Is Configured

Question

Can devices be added on eSight through the SNMP v2c when only the write community name rather than the read community name is configured?

Answer

NO. Devices cannot be added. See scenario 3.

Read and write community names have the following application scenarios.

  • Read community name: This parameter is used when users expect that low-level network administrators have the read-only permission in a specified view.
  • Write community name: This parameter is used when users expect that high-level network administrators have the read and write permissions in a specified view.

    Scenario

    Whether Read Community Name Configured

    Whether Write Community Name Configured

    Can Be Added to eSight

    Condition for Devices Added to eSight

    Scenario 1

    When you add a device, the read and write community names must be consistent with these on the device.

    Scenario 2

    ×

    When you add a device, the read community name must be consistent with that on the device.

    NOTE:

    If only the read community name is configured, users can only check the device information but cannot modify the device configuration or deliver a task for the device.

    Scenario 3

    ×

    ×

    When you add a device, the read and write community names must be consistent with the write community name on the device.

Links That Exist Before Device Upgrade Are Not Displayed After the Upgrade. How Can I Solve the Problem

Answer

You are advised to delete the device on which this exception occurs from eSight and then add it to eSight again. Check whether links are normally displayed.

How Do I Solve the Problem That eSight Cannot Discover Links Between Two Devices Connected Through a Transmission Device

Answer

If a transmission device is deployed between two devices, the links between the two devices are not direct links. eSight does not support automatic discovery of these links. You can create such links manually.

Why Is the Serial Number Displayed for Only Some Devices on the Network Device List Page

Question

Why is the serial number displayed for only some devices on the network device list page?

Answer

The serial number displayed on the network device list page is the device-level serial number. Currently, serial numbers of only some devices can be obtained. When synchronizing devices, eSight automatically obtains the device serial numbers from the devices. The obtaining method is as follows:

  • Huawei devices: Log in to the device through Telnet or sTelnet (SSH) and run the display esn command to obtain the device serial number.
  • H3C devices: Log in to the device through Telnet or sTelnet (SSH) and run the display device manuinfo chassis-only command to obtain the device serial number.
  • Cisco devices: Read the MIB node 1.3.6.1.4.1.9.9.23.1.3.4.0 to obtain the device serial number.
NOTE:

The following conditions must be met for eSight to obtain the device-level serial number:

  1. The device supports the preceding commands or methods for obtaining the device serial number. For details, see the device document.
  2. Device protocol parameters are correctly set on eSight.
Download
Updated: 2019-05-17

Document ID: EDOC1100011877

Views: 284528

Downloads: 544

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next