No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Operation Guide 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Troubleshooting

Troubleshooting

This section describes common faults frequently encountered by users, helping users rectify faults in a timely manner.

eSight Fails to Back Up Configuration Files

eSight fails to automatically back up configuration files or the manual backup fails. This section describes how to fast troubleshoot the failure.

Common Causes

  • The SNMP or Telnet parameters are incorrect.
  • The route between eSight and the device is unreachable or there are network errors.
  • The FTP server on eSight is abnormal.
  • The FTP channel between eSight and the device is abnormal.
  • Configurations on the device are incorrect when SFTP is used for backup.
  • The startup configuration file does not exist on the device.
  • The network is busy or a large number of concurrent backup tasks exist.
  • Time on the eSight server is changed but eSight is not restarted.
  • The source IP address of SFTP is not configured on devices connected to eSight on the intranet of the headquarters through IPsec VPN.

Context

NOTE:

HuaweiDevice and WS6603 are not included in Huawei devices described in this section.

Procedure

  1. Check the SNMP and Telnet parameter settings on eSight and the device.

    • SNMP configurations on eSight and the device are incorrect.

      For Huawei devices, check whether SNMP parameter settings on eSight are the same as those on devices. Pay attention to the read/write permissions and MIB view to ensure that the SNMP connectivity test is successful in the NE Explorer.

    • Telnet configurations on eSight and the device are incorrect.

      For non-Huawei devices and HuaweiDevice and WS6603 devices, check whether Telnet configurations on eSight are the same as those on devices. Ensure that the Telnet connectivity test is successful in the NE Explorer.

      In privilege mode, Telnet parameters set on eSight and privilege mode parameters set on the device are the same.

  2. Check whether routes between eSight and devices are reachable or there are network errors.

    • Check whether the VPN tunnel between eSight and the device is correctly configured.
      • For Huawei devices, set the VPN instance between the devices and eSight to management VPN and try to back up again.

        The corresponding command is as follows:

        set net-manager vpn-instance name(VPN instance between eSight and the device)

      • If the device is not provided by Huawei, check the eSight specification list of the corresponding version to check whether the configuration file of the device can be backed up.
    • Check whether the route between eSight and the device is correctly configured.

      Check whether eSight and the device can ping each other. Unidirectional communication causes backup failure.

      • The route from eSight to the device is reachable. However, the route from the device to eSight is unreachable.

        The failure is caused by the route from the device to eSight. Errors may occur in the firewall or VPN. Contact network administrators or customers to adjust the network.

      • The route from the device to eSight is reachable but from eSight to the device is unreachable.

        The device is displayed as offline or SNMP unreachable on eSight. Contact network administrators or customers to adjust the network.

    • Check whether NAT mapping is configured between eSight and the device.

      In NAT mapping mode, eSight does not support backup of configuration files.

  3. Check whether the FTP server is normal on eSight.

    • In the Windows scenario:
      1. Log in to the eSight server as the Administrator user.
      2. Check whether the value of enable corresponding to the SFTP protocol in the D:\eSight\AppBase\sysagent\etc\sysconf\svcbase\med_node_1_svc.xml file is true.
        NOTE:

        In the file name, D:\eSight must be changed to the actual installation directory.

        <config name="sftp">
        <param name="enable">true</param> 
        </config>
        • If the parameter value is true, the SFTP server is normal.
        • If the parameter value is false, follow instructions in the Configuring the System Files Service section in the Maintenance guide to configure the SFTP server.
    • In the Linux scenario:
      1. Log in to the eSight server as the root user.
      2. Check whether the value of enable corresponding to the SFTP protocol in the /opt/eSight/AppBase/sysagent/etc/sysconf/svcbase/med_node_1_svc.xml file is true.
        NOTE:

        In the file name, /opt/eSight must be changed to the actual installation directory.

        <config name="sftp">  
        <param name="enable">true</param> 
        </config>
        • If the parameter value is true, the SFTP server is normal.
        • If the parameter value is false, follow instructions in the Configuring the System Files Service section in the Maintenance guide to configure the SFTP server.

  4. Check whether the FTP tunnel between eSight and the device is normal.

    • SFTP connectivity test

      Log in to the device and run the sftp eSight server IP address command to log in to the SFTP server on eSight. If <sftp-client> is displayed, the login succeeds.

      If the user name and password are incorrect, enter the correct user name and password. The default user name and password of the eSight SFTP server are admin and Changeme123, respectively.

      To change the password, follow instructions in "Changing the FTP/FTPS/SFTP User Password" in the Maintenance Guide.

    • FTP connectivity test

      Log in to the device and run the ftp eSight server IP address command to log in to the FTP server on eSight. If you can log in to the server successfully, the eSight FTP server is working properly.

      If the user name and password are incorrect, enter the correct user name and password. The default user name and password are admin and Changeme123, respectively.

      To change the password, follow instructions in "Changing the FTP/SFTP/FTPS User Password" in the Maintenance Guide.

  5. Check the configuration for backup failure using SFTP.

    1. View the eSight function list to check whether eSight supports backup using SFTP.
    2. Check whether client authentication is enabled on the device.

      If not, access the system view and run the ssh client first-time enable command to enable the client.

    3. Check whether the number of SSH connections on a device exceeds the upper limit (20).

      If SSH is enabled on the device but the number of connections reaches the maximum, SFTP backup fails.

      Run the display ssh server-info command to check the number of SSH connections. If the number exceeds the upper limit, delete an SSH client not used currently. In the commands, xxx.xxx.xxx.xxx indicates the IP address of the SSH client to be deleted.

      1. Run the undo ssh client xxx.xxx.xxx.xxx assign rsa-key command to delete the assign rsa-key information stored on the device.
      2. Run the undo rsa peer-public-key xxx.xxx.xxx.xxx command to delete the peer-public-key information saved on the device.

  6. Check whether the startup configuration file exists.

    Log in to the device using Telnet and run the display startup command in the user view.

    Check whether the file name exists in the Startup saved-configuration file: command output.

    If the value does not exist, the value is null. The suggestions are as follows:

    1. Ensure that the file name exists in Next startup saved-configuration file:.
    2. If not, there are two processing methods:
    • Run the save command in the user view and run the startup saved-configuration Name of the configuration file command to specify the next startup configuration file.
    • Restart the device. The file name exists in Startup saved-configuration file:. Try to back up the configuration file again.

  7. Check whether the network is busy or a large number of concurrent backup tasks exist.

    When the network is busy, backup for a large number of devices may fail. Do not select a large number of devices for backup when the network is busy.

    Backup tasks or manual batch backup tasks are processed in the background. If waiting for backup times out, try again later.

    If automatic configuration saving is configured on a device, eSight is triggered to automatically back up the configuration file of the device. It is recommended that the automatic save interval on the device be greater than 10 minutes.

  8. Check whether an automatic backup task is executed on time.

    The possible cause is that time on eSight is changed but eSight does not restart. Restart eSight and back up the configuration file of the device.

  9. Check whether the source IP address of SFTP is configured on devices connected to eSight on the intranet of the headquarters through IPsec VPN.

    Run the display sftp-client command to check whether the source IP address of SFTP is configured. If not, run the following command to configure the source IP address of SFTP:

    <Huawei> system-view 
    [Huawei] sftp client-source -a 10.10.10.10    // 10.10.10.10 is the IP address of the eSight server.

  10. If the fault persists, contact Huawei technical support.

Summary

Periodically check whether the device is online and ensure that the network between eSight and the device is normal. (eSight and the device can be pinged with each other.)

For Huawei devices, check whether SNMP parameter settings on eSight are the same as those on devices. Pay attention to the read/write permissions and MIB view to ensure that the SNMP connectivity test is successful in the NE Explorer.

For non-Huawei devices and HuaweiDevice and WS6603 devices, check whether Telnet configurations on eSight are the same as those on devices. Ensure that the Telnet connectivity test is successful in the NE Explorer. In privilege mode, Telnet parameters set on eSight and privilege mode parameters set on the device are the same.

After V300R005 or an Earlier Version Is Upgraded to a Later Version, Configuration Files of Third-Party Devices Fail to Be Backed Up

Symptom

After eSight is upgraded from V300R005 to V300R008, configuration files of third-party devices such as H3C devices fail to be backed up. However, the configuration files can be backed up properly before the upgrade.

Possible Causes

The configuration files of third-party devices are backed up using Telnet commands. Files are uploaded in FTP mode in the configuration file backup commands preconfigured on eSight.

In eSight V300R005 and earlier versions, the FTP service is enabled by default. In versions later than V300R005, the SFTP service is enabled by default. Therefore, when eSight V300R005 or an earlier version is upgraded to a version later than V300R005, the FTP service is disabled. As a result, the configuration files fail to be backed up.

Procedure

  • Windows:
    1. Log in to the eSight server as the Administrator user.
    2. Open the eSight installation directory/AppBase/sysagent/etc/sysconf/svcbase/med_node_1_svc.xml file.
    3. Change the value of the enable parameter of the FTP protocol to true.
      NOTE:

      The FTP protocol has security risks. Therefore, it is recommended that the file service be disabled after use.

      <!-- ftp server configuration -->  
      <config name="ftp">  
      <!-- Is not activated, defualt false -->  
      <param name="enable">true</param>  
      <!-- Listening port -->  
      <param name="listenerPort">21</param>  
      <param name="passivePorts">32150-32159</param>  
      </config>     
    4. Save the modifications and restart eSight.
  • Linux:
    1. Log in to the eSight server as the root user.
      NOTE:

      You need to remotely log in to the server as the ossuser user and switch to the root user if the SUSE Linux is hardened.

    2. Open the eSight installation directory/AppBase/sysagent/etc/sysconf/svcbase/med_node_1_svc.xml file.

      # cd eSight installation directory/AppBase/sysagent/etc/sysconf/svcbase

      # vi med_node_1_svc.xml

    3. Change the value of the enable parameter of the FTP protocol to true.

      NOTE:

      The FTP protocol has security risks. Therefore, it is recommended that the file service be disabled after use.

      <!-- ftp server configuration -->  
      <config name="ftp">  
      <!-- Is not activated, defualt false -->  
      <param name="enable">true</param>  
      <!-- Listening port -->  
      <param name="listenerPort">31921</param>  
      <param name="passivePorts">32150-32159</param>  
      </config> 
    4. Save the modifications and restart eSight.
Translation
Download
Updated: 2019-09-07

Document ID: EDOC1100011877

Views: 310473

Downloads: 633

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next