No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Operation Guide 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Operation Procedure

Operation Procedure

The resource management function uniformly manages and maintains network devices added to eSight.

Procedure

After completing network planning based on the site requirements, you can create subnets or groups on eSight and add network devices to the subnets or groups through SNMP, facilitating unified device management and maintenance.

Table 12-4 Resource management operations

No.

Operation

Description

1

Plan the network.

After network planning is complete, you can quickly add devices based on the plan.

2

Set protocol parameters on the device: SNMP, Telnet, and LLDP.

  • SNMP parameters: The parameters are used to add devices to eSight.
  • Telnet parameters: The parameters are used for eSight to send configurations to devices. Telnet parmaters on eSight must be consistent with those on the device.
  • LLDP protocol: After devices are added to eSight, LLDP links are automatically added to eSight if LLDP has been enabled on the devices.

3

Create subnets or groups.

  • Subnet: eSight can monitor devices in different subnets by region in the topology view.
  • Group: After multiple devices are added to the same group, eSight manages devices in this group as one object.
NOTE:

If the batch import mode is used to add devices, you can configure the device list to specify the subnet or group to which each device belongs.

4

Add devices to eSight.

When you add devices or after you add devices to eSight through SNMP, you also need to set Telnet parameters on eSight. To ensure normal information exchange between the eSight and devices, the Telnet parameters on the eSight must be the same as those on the devices.

5

Check the link status.

Compare links displayed on eSight with links in the actual topology to find redundant or missing links. This operation facilitates subsequent maintenance.

  • If redundant links are found, hide these links manually.
  • If some links are missing, add them manually.

6

Manage and maintain the devices.

After devices are added to eSight, you can log in to them from eSight for management and maintenance.

Configuring the SNMP Protocol on Devices

The SNMP protocol is used to add devices to eSight. SNMP parameters on devices must be the same as those on eSight.

  • The alarm management of eSight does not support the SNMPv1 protocol. To manage device alarms using eSight, you must use the SNMPv2c or SNMPv3 protocol.
  • SNMPv1 and SNMPv2c are insecure, and may have security risks. You are advised to use SNMPv3, which is more secure.

The following uses Huawei S5720-52X-PWR-SI-AC V200R011C10 as an example to describe the configuration. For other device models, see the device configuration manual.

NOTE:

The commands may differ depending on the device model. When entering a command, you are advised to enter a question mark (?) to associate related commands. The following is an example:

[Device] snmp-agent usm-user v3 snmpv3user ?
  • SNMPv3
    <Device> system-view
    [Device] snmp-agent sys-info version v3
    [Device] snmp-agent mib-view included  View_ALL iso   
    //View_ALL is the configured MIB view name. To ensure that eSight can manage devices normally (for example, finding device links through the LLDP protocol), the MIB view must contain the iso node.
    [Device] snmp-agent group v3 snmpv3group privacy write-view View_ALL notify-view View_ALL   
    //snmpv3group is the set user group. The write view name and notification view name is specified as View_ALL. By default, the write view has the read permission. Therefore, you do not need to set the read-view. The notification view is used to limit the MIB node of the device for sending alarms to eSight. 
    [Device] snmp-agent usm-user v3 snmpv3user group snmpv3group   
    //snmpv3user is the configured user name, which is consistent with the security name of eSight. The security level of a user cannot be lower than the security level of the user group to which the user belongs. Otherwise, the user cannot perform communication normally. For example, if the security level of the user group snmpv3group is privacy, the security level of the user snmpv3user must be authentication and encryption. 
    [Device] snmp-agent usm-user v3 snmpv3user authentication-mode sha  
    //Set the user authentication protocol and password, which are consistent with the authentication protocol and password of eSight. You need to enter the authentication protocol and password twice.
    [Device] snmp-agent usm-user v3 snmpv3user privacy-mode aes128   
    //Set the user encryption protocol and password, which are consistent with the proprietary protocol and password of eSight. You need to enter the authentication protocol and password twice.
    [Device] snmp-agent trap enable 
    //Enable SNMP trap and notification for all switches and enter Y when the system displays a message asking you whether to continue.
    [Device] snmp-agent target-host trap address udp-domain 10.10.10.10 source GigabitEthernet 0/0/1 udp-port 162 params securityname snmpv3user v3 privacy private-netmanager ext-vb
    //10.10.10.10 is the IP address of the eSight server. (If the southbound and northbound network isolation solution is used, this IP address is the southbound IP address of eSight.) GigabitEthernet 0/0/1 is the port for reporting device traps. 162 is port number of the trap message. (You are advised not to change the port number. To change the port number, seek for technical support.) securityname is the configured user name. private-netmanager specifies Huawei NMS as the destination host for receiving trap messages. This parameter needs to be configured when Huawei NMS is used. Alarms sent to the NMS can carry more information, including the alarm type, alarm sending sequence, and alarm sending time. ext-vb specifies the alarm sent to the destination host to carry extended binding variables. If alarm nodes defined by the public MIB are extended for Huawei data communication devices, the ext-vb parameter can specify whether the alarm sent to the NMS carries the extended binding variables. If the Huawei NMS tool is used, it is recommended that the ext-vb parameter be used so that the alarm can carry more information. If a third-party NMS tool is used, it is recommended that ext-vb not be used to ensure that the third-party NMS tool can normally receive alarms sent by Huawei data communication devices.
    [Device] snmp-agent packet max-size 12000   
    //Set the maximum size of the SNMP packet that the device can receive and send to 12000 bytes. By default, the maximum size of an SNMP packet is 12000 bytes. In case of the maximum size is modified, you are advised to reset the maximum size. 
    [Device] snmp-agent local-engineid engineid    
    //(Optional) Set the engine ID of the local SNMP entity. If the local engine ID is changed, existing SNMPv3 users will be deleted. After engineID is modified, you need to click update or device information synchronization on the eSight page to manually trigger the alarm. Otherwise, the alarm is not reported.
    [Device] quit
    <Device> save
  • SNMPv2c
    <Device> system-view
    [Device] snmp-agent sys-info version v2c
    [Device] snmp-agent mib-view included View_ALL iso   
    //View_ALL is the configured MIB view name. To ensure that eSight can manage devices normally (for example, finding device links through the LLDP protocol), the MIB view must contain the iso node.
    [Device] snmp-agent community read cipher Public_123 mib-view View_ALL   
    //Public_123 is the configured read community, which must be consistent with the read community of eSight.
    [Device] snmp-agent community write cipher Private_123 mib-view View_ALL   
    //Private_123 is the configured write community, which must be consistent with the write community of eSight.
    [Device] snmp-agent trap enable
    [Device] snmp-agent target-host trap address udp-domain 10.10.10.10 source GigabitEthernet 0/0/1 udp-port 162 params securityname Public_123 v2c private-netmanager ext-vb  
    //10.10.10.10 is the IP address of the eSight server. GigabitEthernet 0/0/1 is the port for reporting device traps. 162 is port number of the trap message. (You are advised not to change the port number. To change the port number, seek for technical support.) securityname is the configured read community. private-netmanager specifies Huawei NMS as the destination host for receiving trap messages. This parameter needs to be configured when Huawei NMS is used. Alarms sent to the NMS can carry more information, including the alarm type, alarm sending sequence, and alarm sending time. ext-vb specifies the alarm sent to the destination host to carry extended binding variables. If alarm nodes defined by the public MIB are extended for Huawei data communication devices, the ext-vb parameter can specify whether the alarm sent to the NMS carries the extended binding variables. If the Huawei NMS tool is used, it is recommended that the ext-vb parameter be used so that the alarm can carry more information. If a third-party NMS tool is used, it is recommended that ext-vb not be used to ensure that the third-party NMS tool can normally receive alarms sent by Huawei data communication devices.
    [Device] snmp-agent packet max-size 12000   
    //Set the maximum size of the SNMP packet that the device can receive and send to 12000 bytes. By default, the maximum size of an SNMP packet is 12000 bytes. In case of the maximum size is modified, you are advised to reset the maximum size. 
    [Device] quit
    <Device> save
  • SNMPv1
    <Device> system-view
    [Device] snmp-agent sys-info version v1
    [Device] snmp-agent mib-view included View_ALL iso   
    //View_ALL is the configured MIB view name. To ensure that eSight can manage devices normally (for example, finding device links through the LLDP protocol), the MIB view must contain the iso node.
    [Device] snmp-agent community read cipher Public_123 mib-view View_ALL   
    //Public_123 is the configured read community, which must be consistent with the read community of eSight.
    [Device] snmp-agent community write cipher Private_123 mib-view View_ALL   
    //Private_123 is the configured write community, which must be consistent with the write community of eSight.
    [Device] snmp-agent trap enable
    [Device] snmp-agent target-host trap address udp-domain 10.10.10.10 source GigabitEthernet 0/0/1 udp-port 162 params securityname Public_123 v1 rivate-netmanager ext-vb 
    //10.10.10.10 is the IP address of the eSight server. GigabitEthernet 0/0/1 is the port for reporting device traps. 162 is port number of the trap message. (You are advised not to change the port number. To change the port number, seek for technical support.) securityname is the configured read community. private-netmanager specifies Huawei NMS as the destination host for receiving trap messages. This parameter needs to be configured when Huawei NMS is used. Alarms sent to the NMS can carry more information, including the alarm type, alarm sending sequence, and alarm sending time. ext-vb specifies the alarm sent to the destination host to carry extended binding variables. If alarm nodes defined by the public MIB are extended for Huawei data communication devices, the ext-vb parameter can specify whether the alarm sent to the NMS carries the extended binding variables. If the Huawei NMS tool is used, it is recommended that the ext-vb parameter be used so that the alarm can carry more information. If a third-party NMS tool is used, it is recommended that ext-vb not be used to ensure that the third-party NMS tool can normally receive alarms sent by Huawei data communication devices.
    [Device] snmp-agent packet max-size 12000   //Set the maximum size of an SNMP packet that can be received and sent by the SNMP Agent to 12000 bytes. By default, the maximum size of an SNMP packet is 12000 bytes. Since this parameter may be modified, you need to reset this parameter.
    [Device] quit
    <Device> save

Setting Telnet Parameters on Devices

Telnet parameters are set on devices to ensure that eSight can deliver configurations to them. Telnet parameters on devices must be the same as those on eSight.

Telnet is insecure, and may have security risks. You are advised to use the more secure SSH protocol.

The STelnet protocol provides the same functions as the SSH protocol. The detailed configurations are not described here.

The following uses Huawei S5720-52X-PWR-SI-AC V200R011C10 as an example to describe the configuration. For other device models, see the device configuration manual.

  • sTelnet
    <Device> system-view
    [Device] dsa local-key-pair create   
    //Set the key pair length to 2048.
    [Device] user-interface maximum-vty 15  
    //Set the maximum number of VTY user interfaces to 15.
    [Device] user-interface vty 0 14
    [Device-ui-vty0-14] authentication-mode aaa
    [Device-ui-vty0-14] protocol inbound ssh
    [Device-ui-vty0-14] quit
    [Device] aaa
    [Device-aaa] local-user sshuser password irreversible-cipher Changeme123   
    //sshuser indicates the user name and Changeme123 indicates the password. The user name and password are configured when the device interconnection Telnet protocol is configured on eSight. 
    [Device-aaa] local-user sshuser service-type ssh
    [Device-aaa] local-user sshuser privilege level 15   
    //Assign the highest permission (level-15 permission) to the user. You are advised to assign the permission level based on the site requirements. 
    [Device-aaa] quit
    [Device] ssh user sshuser authentication-type password
    [Device] stelnet server enable
    [Device] ssh user sshuser service-type stelnet
    [Device] quit
    <Device> save
  • Telnet
    <Device> system-view
    [Device] telnet server enable
    [Device] user-interface maximum-vty 15   
    //Set the maximum number of VTY user interfaces to 15.
    [Device] user-interface vty 0 14
    [Device-ui-vty0-14] protocol inbound telnet
    [Device-ui-vty0-14] shell
    [Device-ui-vty0-14] authentication-mode aaa
    [Device-ui-vty0-14] quit
    [Device] aaa
    [Device-aaa] local-user sshuser password irreversible-cipher Changeme123   
    //sshuser indicates the user name and Changeme123 indicates the password. The user name and password are configured when the device interconnection Telnet protocol is configured on eSight. 
    [Device-aaa] local-user sshuser service-type telnet
    [Device-aaa] local-user sshuser privilege level 15   //Set the STelnet permission of the user to the highest level 15. You are advised to set the STelnet permission based on the site requirements.
    [Device-aaa] quit
    [Device] quit
    <Device> save

Configuring the LLDP Protocol on Devices

After the LLDP protocol is configured on devices, LLDP links are automatically added to eSight.

The following uses Huawei S5720-52X-PWR-SI-AC V200R011C10 as an example to describe the configuration. For other device models, see the configuration manual.

<Device> system-view
[Device] lldp enable
[Device] quit
<Device> save

Creating Subnets

Network resources that can be managed on a subnet include subnets, devices, and links. You can create subnets under a subnet. It is recommended that a subnet consist of a maximum of 10 layers and a subnet contain a maximum of 500 NEs to achieve the best performance and experience.

  1. Choose Resource > Common > Add Resource > Add Subnet from the main menu.

  2. Set subnet parameters.

Creating Groups

eSight predefines some device/interface groups. When the predefined groups cannot meet user requirements, you can create new groups. You can set dynamic rules when creating a device or interface group. Devices or interfaces that meet the dynamic rules will be automatically added to the group. You can also manually add devices or interfaces that do not meet the rules to the group. When the device or interface information changes, the group is automatically updated. Devices or interfaces that do not meet the dynamic rules are removed from the group and devices or interfaces that meet the dynamic rules are added to the device group. Devices or interfaces that are manually added to the group can only be removed from the group manually.

  1. Choose Resource > Common > Resources Group > Group Management from the main menu.

  2. Perform related operations based on the site requirements.

    Task

    Operation Entry

    Create a device group.

    Choose Device Group > Custom Group, click on the right, and create a device group.

    Create an interface group.

    Choose Interface Group > User Defined, click on the right, and create an interface group.

Adding Devices to eSight

Three methods are available for adding devices to eSight.

Single addition

One device is added at a time. This mode applies when you want to add one or a few devices to eSight during normal network running.

Automatic discovery

Devices in one or more network segments are added at a time. This mode applies when devices are distributed in one or more network segments and devices in the same network segment have the same SNMP parameters.

Batch import

Multiple devices with different IP addresses are added at a time through an Excel file. This mode applies in new site deployment scenarios where devices are dispersed in multiple network segments.

NOTE:

If you directly perform other operations after device addition without setting Telnet parameters, some functions will not take effect. To facilitate subsequent operations, set Telnet parameters when adding devices.

  • Single addition
    1. Choose Resource > Common > Add Resource > Add Resource from the main menu.

    2. Set SNMP and Telnet parameters.
      • The alarm management of eSight does not support the SNMPv1 protocol. To manage device alarms using eSight, you must use the SNMPv2c or SNMPv3 protocol.
      • SNMPv1 and SNMPv2c are insecure, and may have security risks. You are advised to use the more secure SNMPv3 protocol.

  • Automatic discovery
    1. Choose Resource > Common > Add Resource > Automatic Discovery from the main menu.

    2. Set the automatic discovery mode and set related parameters.
      • The alarm management of eSight does not support the SNMPv1 protocol. To manage device alarms using eSight, you must use the SNMPv2c or SNMPv3 protocol.
      • SNMPv1 and SNMPv2c are insecure, and may have security risks. You are advised to use the more secure SNMPv3 protocol.

    3. Set Telnet protocol parameters.
      1. Choose Resource > Network > Equipment > Network Device from the main menu.

      2. Select devices. Choose Set Protocol > Set Telnet Parameters from the navigation tree, and set related parameters.

  • Batch import
    1. Choose Resource > Common > Add Resource > Import Resource from the main menu.

    2. Download a template, edit the template, and upload the edited template.
      • The alarm management of eSight does not support the SNMPv1 protocol. To manage device alarms using eSight, you must use the SNMPv2c or SNMPv3 protocol.
      • SNMPv1 and SNMPv2c are insecure, and may have security risks. You are advised to use the more secure SNMPv3 protocol.

    3. Set Telnet protocol parameters.
      1. Choose Resource > Network > Equipment > Network Device from the main menu.

      2. Select devices. Choose Set Protocol > Set Telnet Parameters from the navigation tree, and set related parameters.

Checking the Link Status

Devices Supporting Different Protocols

Prerequisites

Huawei and non-Huawei devices (excluding Cisco devices) that support LLDP

LLDP has been enabled through operations on eSight or running commands on the devices. LLDP links are automatically added to eSight if LLDP has been enabled on the devices.

NOTE:

Ensure that the Telnet and SNMP parameters are set on both eSight and the devices.

Cisco devices that support CDP

CDP has been enabled on Cisco devices. By default, CDP is enabled on Cisco devices. If CDP is disabled, enable CDP according to the Cisco device manual.

Devices that support neither LLDP nor CDP

Links are discovered based on MAC and ARP forwarding tables.

NOTE:

The MAC and ARP forwarding tables discover links based on MAC addresses. However, some non-existent links may be discovered due to limitations of algorithms. Link discovery may not reach one hundred percent accuracy.

MAC address-based link discovery has been enabled. To enable MAC address-based link discovery, perform the following operations:

Choose System > System Settings > Southbound Devices from the main menu and choose Network Management Parameter Setting from the navigation tree on the left.

  1. Choose Resource > Network > Equipment > Link Management from the main menu.

  2. Choose Discover Link from the navigation tree, specify devices at two ends of a link, and start link discovery.
    • If some links are not discovered, click Create Link to add missing links.
    • If some links are incorrectly discovered, click Delete to delete them.

Managing and Maintaining Devices

  1. Choose Resource > Network > Equipment > Network Device from the main menu.

  2. Click name of the device to be managed and maintained, view device information, and perform operations as required.

    Related Operations

    Operation Entry

    View alarm information.

    In the navigation tree on the left, choose View > Alarm List.

    Modify Telnet parameters.

    In the navigation tree on the left, choose Protocol Parameters > Telnet Parameters.

    Modify SNMP parameters.

    In the navigation tree on the left, choose Protocol Parameters > SNMP Parameters.

    Synchronize device data.

    In the navigation tree on the left, choose View > Basic Information and click Synchronization on the right.

Translation
Download
Updated: 2019-09-07

Document ID: EDOC1100011877

Views: 314801

Downloads: 637

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next