Prerequisites

• The active server has been disconnected from the standby server. For details, see section Disconnecting the Active and Standby Servers.
• The eth4 and eth5 have been correctly connected to the network.
• All IP phones (if IP phones are used) are deployed in the same network segment. Otherwise, certain functions of IP phones will be abnormal.
• If a remote terminal is used for the installation, the remote terminal must provide a GUI, and the SUSE Linux operating system must be configured to support remote GUI login. For details, see section How to Use the VNC to Remotely Log In to SUSE Linux.

Context

• After multi-subnet management is enabled, eSight device management protocols, entrance to the eSight client, and entrance to the maintenance tool are exposed to all subnets, resulting in security risks.

  Once being enabled, this function cannot be disabled. Therefore, before enabling this function, assess network security risks and ensure that network security reaches the required level.

• The multi-subnet management function conflicts with the southbound and northbound service isolation function. Therefore, only one function can be enabled. If the southbound and northbound service isolation function is enabled, the multi-subnet management function cannot be enabled.
• The AR audio management function do not support multi-subnet management. If you need to use the management capability of these components, do not configure multi-subnet management.

Procedure

1. Log in to the eSight server as the root user.
2. Freeze the resource group AppService.

   # hagrp -freeze AppService -sys Name of the host

3. Set eth4 and eth5 to bond2 to manage the second subnet as the ossuser user.

   # su - ossuser

   > cd /opt/eSight/mttools/ha

   > ./buildbond2.sh

   Please input eth4's IP address:     

   Enter the eth4 IP address and press Enter.

   Please input Length of IP address mask:     

   Enter the subnet mask length (1-32) and press Enter.

   When Build successfully is displayed, the configuration is successful.

   The command execution process will restart the network service. In the remote login scenario, reconnect the network.

4. Unfreeze the resource group AppService as the root user.

   > su - root

   # hagrp -unfreeze AppService -sys Name of the host

5. Run the following command to start the multi-subnet management tool as the ossuser user:

   # su - ossuser

   > cd /opt/eSight/mttools/tools

   > ./multi-subnetwork.sh

   If the tool window is not displayed in the Linux operating system, you can rectify the fault according to section How to Use the VNC to Remotely Log In to SUSE Linux.

6. Select the required function and click Modify.
   • eSight login via multiple subnets: enables access to eSight from management clients in multiple subnets.
   • Manage all subnet devices: enables eSight to manage devices in all subnets.
   • Multi-Subnet Access Maintenance Tool: enables access to the maintenance tool client from management clients in multiple subnets.

7. Optional: Change the port mapping if IADs are managed by eSight.

   Log in to the server as the root user and run the following commands:

   floatip=`hares -display FloatIP -attribute Address | grep FloatIP | awk '{print $4}'`
   localip=`ifconfig bond0 | grep "inet addr" | awk -F":" '{print $2}' | awk '{print $1}'`
   iptables -t nat -A PREROUTING -d ${floatip} -p udp -m udp --dport 10162 -j DNAT --to-destination ${localip}:10162
   iptables -t nat -A POSTROUTING -s ${localip} -p udp -m udp --sport 10162 -j SNAT --to-source ${floatip}:10162
   echo "iptables -t nat -A PREROUTING -d ${floatip} -p udp -m udp --dport 10162 -j DNAT --to-destination ${localip}:10162" >> /etc/init.d/boot.local echo "iptables -t nat -A POSTROUTING -s ${localip} -p udp -m udp --sport 10162 -j SNAT --to-source ${floatip}:10162" >> /etc/init.d/boot.local

8. Repeat 1 to 7 to install the other server.
9. Connect the active and standby servers. For details, see section Connecting the Active and Standby Servers.