No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Local HA System Software Installation Guide (SUSE Linux + Oracle + Veritas) 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Multi-subnet Management

(Optional) Configuring Multi-subnet Management

By default, eSight can manage devices in one subnet and allows users to access eSight or the maintenance tool from the clients in one subnet. To manage devices in multiple subnets or access eSight from management clients in multiple subnets, enable multi-subnet management.

Prerequisites

  • The active server has been disconnected from the standby server. For details, see section Disconnecting the Active and Standby Servers.
  • The eth4 and eth5 have been correctly connected to the network.
  • All IP phones (if IP phones are used) are deployed in the same network segment. Otherwise, certain functions of IP phones will be abnormal.
  • If a remote terminal is used for the installation, the remote terminal must provide a GUI, and the SUSE Linux operating system must be configured to support remote GUI login. For details, see section How to Use the VNC to Remotely Log In to SUSE Linux.

Context

  • After multi-subnet management is enabled, eSight device management protocols, entrance to the eSight client, and entrance to the maintenance tool are exposed to all subnets, resulting in security risks.

    Once being enabled, this function cannot be disabled. Therefore, before enabling this function, assess network security risks and ensure that network security reaches the required level.

  • The multi-subnet management function conflicts with the southbound and northbound service isolation function. Therefore, only one function can be enabled. If the southbound and northbound service isolation function is enabled, the multi-subnet management function cannot be enabled.
  • The AR audio management function do not support multi-subnet management. If you need to use the management capability of these components, do not configure multi-subnet management.

Procedure

  1. Log in to the eSight server as the root user.
  2. Freeze the resource group AppService.

    # hagrp -freeze AppService -sys Name of the host

  3. Set eth4 and eth5 to bond2 to manage the second subnet as the ossuser user.

    # su - ossuser

    > cd /opt/eSight/mttools/ha

    > ./buildbond2.sh

    Please input eth4's IP address:     

    Enter the eth4 IP address and press Enter.

    Please input Length of IP address mask:     

    Enter the subnet mask length (1-32) and press Enter.

    When Build successfully is displayed, the configuration is successful.

    The command execution process will restart the network service. In the remote login scenario, reconnect the network.

  4. Unfreeze the resource group AppService as the root user.

    > su - root

    # hagrp -unfreeze AppService -sys Name of the host

  5. Run the following command to start the multi-subnet management tool as the ossuser user:

    # su - ossuser

    > cd /opt/eSight/mttools/tools

    > ./multi-subnetwork.sh

    If the tool window is not displayed in the Linux operating system, you can rectify the fault according to section How to Use the VNC to Remotely Log In to SUSE Linux.

  6. Select the required function and click Modify.

    • eSight login via multiple subnets: enables access to eSight from management clients in multiple subnets.
    • Manage all subnet devices: enables eSight to manage devices in all subnets.
    • Multi-Subnet Access Maintenance Tool: enables access to the maintenance tool client from management clients in multiple subnets.

  7. Optional: Change the port mapping if IADs are managed by eSight.

    Log in to the server as the root user and run the following commands:

    floatip=`hares -display FloatIP -attribute Address | grep FloatIP | awk '{print $4}'`
    localip=`ifconfig bond0 | grep "inet addr" | awk -F":" '{print $2}' | awk '{print $1}'`
    iptables -t nat -A PREROUTING -d ${floatip} -p udp -m udp --dport 10162 -j DNAT --to-destination ${localip}:10162
    iptables -t nat -A POSTROUTING -s ${localip} -p udp -m udp --sport 10162 -j SNAT --to-source ${floatip}:10162
    echo "iptables -t nat -A PREROUTING -d ${floatip} -p udp -m udp --dport 10162 -j DNAT --to-destination ${localip}:10162" >> /etc/init.d/boot.local echo "iptables -t nat -A POSTROUTING -s ${localip} -p udp -m udp --sport 10162 -j SNAT --to-source ${floatip}:10162" >> /etc/init.d/boot.local

  8. Repeat 1 to 7 to install the other server.
  9. Connect the active and standby servers. For details, see section Connecting the Active and Standby Servers.
Translation
Download
Updated: 2019-10-30

Document ID: EDOC1100044372

Views: 33227

Downloads: 26

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next