No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00 Operation Guide 07

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Adding Network Devices

Adding Network Devices

The resource is a general term for all managed objects (MOs) of eSight. Before managing a network using eSight, you must add related resources to eSight and establish network connections between eSight and MOs. After that, eSight can communicate with MOs, implementing network management.

SNMP Protocol

This section describes the versions and basic principles of the SNMP protocol.

SNMP Management Model

Figure 12-1 shows an SNMP management model.

Figure 12-1 SNMP management model

An SNMP system consists of four parts: network management system (NMS), agent, MO, and Management Information Base (MIB).

Each managed device contains an agent process, an MIB, and multiple MOs. The NMS interacts with the agent on a managed device. When receiving a command from the NMS, the agent performs the corresponding operation on the MIB in the managed device.

NMS

The NMS is a manager on a network. It monitors and controls network devices using SNMP. The NMS software runs on NMS servers to implement the following functions:

  • Sends requests to agents on managed devices to query or modify parameters.
  • Receives traps from agents on managed devices to learn device status.

Agent

The agent is a process running on a managed device. It maintains data on the managed device, responds to requests from the NMS, and sends management data to the NMS.

  • Upon receiving a request from the NMS, the agent performs the corresponding operation on the MIB and sends the operation result to the NMS.
  • When a fault or an event occurs on the managed device, the agent sends a notification containing the current device status to the NMS.

MIB

The MIB is a database containing the variables that are maintained by the managed device. (The variables can be queried or set by the agent.) The MIB defines the attributes of the managed device, including the name, status, access rights, and data type of managed objects.

The MIB provides the following functions:

  • The agent queries the MIB to obtain the current device status.
  • The agent modifies the MIB to set device status parameters.

MO

An MO is an object to be managed on a network device. A managed device contains multiple MOs, for example, a hardware component (such as an interface board) and a set of parameters configured for the hardware or software (such as a route selection protocol).

SNMP Application Environment

When planning and constructing a new network, you are advised to select the SNMP version based on the application scenario. When expanding or upgrading an existing network, you are advised to select the SNMP version on the device based on the version used on the NMS to ensure communication between the device and NMS.

Table 12-2 Application scenario of each SNMP version

Version

Application Scenario

SNMPv1

Applies to small-sized simple networks where security requirements are not high or the network environment is safe and stable, such as campus networks and small-sized enterprise networks.

SNMPv2c

Applies to medium- to large-sized networks where security requirements are not high or the network environment is safe (such as VPNs), but a large volume of traffic exists and traffic congestion may occur.

SNMPv3 (Recommended)

Applies to networks of various scales, especially those where security requirements are high and only authorized administrators can manage network devices, such as networks where communication data between the NMS and managed devices is transmitted over the public network.

As shown in Figure 12-2, the NMS manages devices through SNMP. The NMS queries and receives alarms from devices to obtain the running status of the devices. With approved rights, the NMS can set device parameters to manage devices.

Figure 12-2 Typical application
SNMP Implementation

Figure 12-3 shows SNMPv1/SNMPv2c implementation.

NOTE:

SNMPv3 implementation is the same as SNMPv1/SNMPv2c implementation, except that SNMPv3 supports identity authentication and encryption.

Figure 12-3 SNMPv1/SNMPv2c implementation

As shown in Table 12-3, SNMPv1/SNMPv2c defines seven types of operations for exchanging information between the NMS and agent.

Table 12-3 SNMPv1/SNMPv2c operations

Operation

Description

Get

Reads one or several parameter values from the agent.

GetNext

Reads the next parameter value by the dictionary order from the agent.

Set

Sets the one or more parameters for the agent.

Response

Returns one or more parameter values. The agent performs this operation to respond to the GetRequest, GetNextRequest, SetRequest, and GetBulkRequest operations. Upon receiving a Get or Set request, the agent performs the query or modification operation using the MIB and then performs the response operation to send information to the NMS.

Trap

The agent proactively sends trap messages to notify the NMS of a fault or event on the managed device.

GetBulk

Queries managed devices in batches.

Inform

Notifies the NMS of an alarm on a managed device. This operation is performed by the managed device. After a managed device sends an Inform packet, the NMS must send an InformResponse packet to the managed device.

NOTE:

SNMPv1 does not support the GetBulk and Inform operations.

Operation Procedure

The resource management function uniformly manages and maintains network devices added to eSight.

Procedure

After completing network planning based on site situation, you can create subnets or groups on eSight to add network devices the subnets or groups through SNMP, facilitating unified device management and maintenance.

Table 12-4 Resource management operations

Step

Operation

Description

1

Plan the networking.

After networking planning is complete, you can quickly add devices based on the plan.

2

Set protocol parameters on the device: SNMP, Telnet, LLDP.

  • SNMP parameters: They are used to add devices to eSight.
  • Telnet parameters: is used for sending configuration information to devices only when eSight and devices have the same Telnet parameter settings.
  • LLDP protocol: After devices are added to eSight, LLDP links are automatically added to eSight if LLDP has been enabled on the devices.

3

Create subnets or groups.

  • Subnet: eSight can monitor devices in different subnets by region in the topology view.
  • Group: After multiple devices are added to the same group, eSight manages devices in this group as one object.
NOTE:

If the batch import mode is used to add devices, you can specify the subnet or group to which each NE belongs in the device list.

4

Add devices to eSight.

When you add devices or after you add devices to eSight through SNMP, you also need to configure Telnet parameters on eSight. The Telnet parameters on eSight must be the same as those on the devices to ensure normal information exchange between them.

5

Check the link status.

Compare links displayed on eSight with links in the actual topology to find redundant or missing links. This operation facilitates subsequent maintenance.

  • If redundant links are found, hide these links manually.
  • If some links are missing, add them manually.

6

Manage and maintain the devices.

After devices are added to eSight, you can log in to them from eSight to manage and maintain the devices.

Configuring the SNMP Protocol on Devices

The SNMP protocol is used to add devices to eSight. SNMP parameters on devices must be the same as those on eSight.

  • The alarm management of eSight does not support SNMPv1. To manage device alarms using eSight, you must use SNMPv2c or SNMPv3.
  • SNMPv1 and SNMPv2c are not secure, and may have security risks. You are advised to use the more secure SNMPv3.

The following uses Huawei S5720-52X-PWR-SI-AC V200R011C10 as an example to describe the configuration. For other device models, see the configuration manual.

NOTE:

The commands may differ depending on the device model. When configuring a command, you are advised to enter a question mark (?). The associated command is displayed automatically. The following is an example.

[Device] snmp-agent usm-user v3 snmpv3user ?
  • SNMPv3
    <Device> system-view
    [Device] snmp-agent sys-info version v3
    [Device] snmp-agent mib-view included  View_ALL iso    //View_ALL indicates the name of the MIB view. To ensure that eSight can properly manage devices (for example, discover device links through the LLDP protocol), the MIB view must contain the iso node.
    [Device] snmp-agent group v3 snmpv3group privacy write-view View_ALL notify-view View_ALL   //snmpv3group indicates the configured user group. Set the name of the write view and notification view to View_ALL. By default, the write view has the read permission and you do not need to set read-view. The notification view is used to restrict the MIB node that sends alarms to eSight.
    [Device] snmp-agent usm-user v3 snmpv3user group snmpv3group   //snmpv3user indicates the configured user name, which is the same as the eSight security name. The security level of a user cannot be lower than that of the user group to which the user belongs. Otherwise, the communication fails. For example, if the security level of user group snmpv3group is set to privacy, the security level of user snmpv3user must be authentication and encryption.
    [Device] snmp-agent usm-user v3 snmpv3user authentication-mode sha   //Set the authentication protocol and password of the user, which are the same as those of eSight.
    [Device] snmp-agent usm-user v3 snmpv3user privacy-mode aes128   //Set the encryption protocol and password of the user, which must be the same as those of eSight.
    [Device] snmp-agent trap enable    
    Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:Y
    [Device] snmp-agent target-host trap address udp-domain 10.10.10.10 source GigabitEthernet 0/0/1 udp-port 162 params securityname snmpv3user v3 privacy private-netmanager ext-vb  //10.10.10.10 is the IP address of the eSight server. (If the southbound and northbound network isolation solution is used, this IP address is the southbound IP address of eSight.) GigabitEthernet 0/0/1 is the port for reporting device traps. 162 is port number of the trap message. (You are advised not to change the port number. To change the port number, seek for technical support.) securityname is the configured user name. private-netmanager specifies Huawei NMS as the destination host for receiving trap messages. This parameter needs to be configured when Huawei NMS is used. Alarms sent to the NMS can carry more information, including the alarm type, alarm sending sequence, and alarm sending time. ext-vb specifies the alarm sent to the destination host to carry extended binding variables. If alarm nodes defined by the public MIB are extended for Huawei data communication devices, the ext-vb parameter can specify whether the alarm sent to the NMS carries the extended binding variables. If the Huawei NMS tool is used, it is recommended that the ext-vb parameter be used so that the alarm can carry more information. If a third-party NMS tool is used, it is recommended that ext-vb not be used to ensure that the third-party NMS tool can normally receive alarms sent by Huawei data communication devices.
    [Device] snmp-agent packet max-size 12000   //Set the maximum size of an SNMP packet that can be received and sent by the device to 12000 bytes. By default, the maximum size of an SNMP packet is 12000 bytes. Since this parameter may be modified, you need to reset this parameter.
    [Device] snmp-agent local-engineid engineid    //(Optional) Set the engine ID of the local SNMP entity. If the local engine ID is changed, existing SNMPv3 users will be deleted. After engineID is modified, you need to click the update or device information synchronization on the eSight page to manually trigger the alarm. Otherwise, the alarm is not reported.
    [Device] quit
    <Device> save
  • SNMPv2c
    <Device> system-view
    [Device] snmp-agent sys-info version v2c
    [Device] snmp-agent mib-view included View_ALL iso   //View_ALL indicates the name of the MIB view. To ensure that eSight can properly manage devices (for example, discover device links through the LLDP protocol), the MIB view must contain the iso node.
    [Device] snmp-agent community read cipher Public_123 mib-view View_ALL   //Public_123 is the specified read community. The value must be the same as Read community on eSight. 
    [Device] snmp-agent community write cipher Private_123 mib-view View_ALL   //Private_123 is the specified write community. The value must be the same as Write community on eSight.
    [Device] snmp-agent trap enable  
    Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:Y
    [Device] snmp-agent target-host trap address udp-domain 10.10.10.10 source GigabitEthernet 0/0/1 udp-port 162 params securityname Public_123 v2c private-netmanager ext-vb  //10.10.10.10 is the IP address of the eSight server. GigabitEthernet 0/0/1 is the port for reporting device traps. 162 is port number of the trap message. (You are advised not to change the port number. To change the port number, seek for technical support.) securityname is the configured read community. private-netmanager specifies Huawei NMS as the destination host for receiving trap messages. This parameter needs to be configured when Huawei NMS is used. Alarms sent to the NMS can carry more information, including the alarm type, alarm sending sequence, and alarm sending time. ext-vb specifies the alarm sent to the destination host to carry extended binding variables. If alarm nodes defined by the public MIB are extended for Huawei data communication devices, the ext-vb parameter can specify whether the alarm sent to the NMS carries the extended binding variables. If the Huawei NMS tool is used, it is recommended that the ext-vb parameter be used so that the alarm can carry more information. If a third-party NMS tool is used, it is recommended that ext-vb not be used to ensure that the third-party NMS tool can normally receive alarms sent by Huawei data communication devices.
    [Device] snmp-agent packet max-size 12000   //Set the maximum size of an SNMP packet that can be received and sent by the device to 12000 bytes. By default, the maximum size of an SNMP packet is 12000 bytes. Since this parameter may be modified, you need to reset this parameter.
    [Device] quit
    <Device> save
  • SNMPv1
    <Device> system-view
    [Device] snmp-agent sys-info version v1
    [Device] snmp-agent mib-view included View_ALL iso   //View_ALL indicates the name of the MIB view. To ensure that eSight can properly manage devices (for example, discover device links through the LLDP protocol), the MIB view must contain the iso node.
    [Device] snmp-agent community read cipher Public_123 mib-view View_ALL   //Public_123 is the specified read community. The value must be the same as Read community on eSight. 
    [Device] snmp-agent community write cipher Private_123 mib-view View_ALL   //Private_123 is the specified write community. The value must be the same as Write community on eSight.
    [Device] snmp-agent trap enable
    Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:Y
    [Device] snmp-agent target-host trap address udp-domain 10.10.10.10 source GigabitEthernet 0/0/1 udp-port 162 params securityname Public_123 v1 private-netmanager ext-vb  //10.10.10.10 is the IP address of the eSight server. GigabitEthernet 0/0/1 is the port for reporting device traps. 162 is port number of the trap message. (You are advised not to change the port number. To change the port number, seek for technical support.) securityname is the configured read community. private-netmanager specifies Huawei NMS as the destination host for receiving trap messages. This parameter needs to be configured when Huawei NMS is used. Alarms sent to the NMS can carry more information, including the alarm type, alarm sending sequence, and alarm sending time. ext-vb specifies the alarm sent to the destination host to carry extended binding variables. If alarm nodes defined by the public MIB are extended for Huawei data communication devices, the ext-vb parameter can specify whether the alarm sent to the NMS carries the extended binding variables. If the Huawei NMS tool is used, it is recommended that the ext-vb parameter be used so that the alarm can carry more information. If a third-party NMS tool is used, it is recommended that ext-vb not be used to ensure that the third-party NMS tool can normally receive alarms sent by Huawei data communication devices.
    [Device] snmp-agent packet max-size 12000   //Set the maximum size of an SNMP packet that can be received and sent by the SNMP Agent to 12000 bytes. By default, the maximum size of an SNMP packet is 12000 bytes. Since this parameter may be modified, you need to reset this parameter.
    [Device] quit
    <Device> save
Setting Telnet Parameters on Devices

Telnet parameters are set on devices to ensure that eSight can deliver configurations to them. Telnet parameters on devices must be the same as those on eSight.

Telnet is not secure, and may have security risks. You are advised to use the more secure SSH.

The STelnet protocol provides the same functions as the SSH protocol. The detailed configurations are not mentioned here.

The following uses Huawei S5720-52X-PWR-SI-AC V200R011C10 as an example to describe the configuration. For other device models, see the configuration manual.

  • sTelnet
    <Device> system-view
    [Device] dsa local-key-pair create   //Set the length of the key pair to 2048.
    [Device] user-interface maximum-vty 15   //Set the maximum number of VTY user interfaces to 15.
    [Device] user-interface vty 0 14
    [Device-ui-vty0-14] authentication-mode aaa
    [Device-ui-vty0-14] protocol inbound ssh
    [Device-ui-vty0-14] quit
    [Device] aaa
    [Device-aaa] local-user sshuser password irreversible-cipher Changeme123   //sshuser indicates the user name and Changeme123 indicates the password. The user name and password are configured when the device interconnection Telenet protocol is configured on eSight. 
    [Device-aaa] local-user sshuser service-type ssh
    [Device-aaa] local-user sshuser privilege level 15   //Set the STelnet permission of the user to the highest level 15. You are advised to set the STelnet permission based on the site requirements.
    [Device-aaa] quit
    [Device] ssh user sshuser authentication-type password
    [Device] stelnet server enable
    [Device] ssh user sshuser service-type stelnet
    [Device] quit
    <Device> save
  • Telnet
    <Device> system-view
    [Device] telnet server enable
    [Device] user-interface maximum-vty 15   //Set the maximum number of VTY user interfaces to 15.
    [Device] user-interface vty 0 14
    [Device-ui-vty0-14] protocol inbound telnet
    [Device-ui-vty0-14] shell
    [Device-ui-vty0-14] authentication-mode aaa
    [Device-ui-vty0-14] quit
    [Device] aaa
    [Device-aaa] local-user sshuser password irreversible-cipher Changeme123   //sshuser indicates the user name and Changeme123 indicates the password. The user name and password are configured when the device interconnection Telenet protocol is configured on eSight. 
    [Device-aaa] local-user sshuser service-type telnet
    [Device-aaa] local-user sshuser privilege level 15   //Set the STelnet permission of the user to the highest level 15. You are advised to set the STelnet permission based on the site requirements.
    [Device-aaa] quit
    [Device] quit
    <Device> save
Configuring the LLDP Protocol on Devices

After the LLDP protocol is configured on devices, LLDP links are automatically added to eSight.

The following uses Huawei S5720-52X-PWR-SI-AC V200R011C10 as an example to describe the configuration. For other device models, see the configuration manual.

<Device> system-view
[Device] lldp enable
[Device] quit
<Device> save
Creating Subnets

Network resources that can be managed on a subnet include subnets, devices, and links. You can create subnets under a subnet. It is recommended that a subnet consist of a maximum of 10 layers and a subnet contain a maximum of 500 NEs to achieve the best performance and experience.

  1. Choose Resource > Common > Add Resource > Add Subnet from the main menu.

  2. Set subnet parameters.
Creating Groups

eSight predefines some device/interface groups. When the predefined groups cannot meet the requirements, you can create new groups. You can set dynamic rules when creating a device or interface group. Devices or interfaces that meet the dynamic rules will be automatically added to the group. You can also manually add devices or interfaces that do not meet the rules to the group. When the device or interface information changes, the group is automatically updated. Devices or interfaces that do not meet the dynamic rules are removed from the group and devices or interfaces that meet the dynamic rules are added to the device group. Devices or interfaces that are manually added to the group can only be removed from the group manually.

  1. Choose Resource > Common > Resources Group > Group Management from the main menu.

  2. Perform related operations based on the site requirements.

    Task

    Operation Entry

    Create a device group.

    Choose Device Group > Custom Group, click in the right, and create a device group.

    Create an interface group.

    Choose Interface Group > User Defined, click in the right, and create an interface group.

Adding Devices to eSight

Three methods are available for adding devices to eSight.

Single addition

One device is added at a time. This mode applies when you want to add one or a few devices to eSight during normal network running.

Automatic discovery

Devices in one or more network segments are added at a time. This mode applies when devices are distributed in one or multiple network segments and devices in the same network segment have the same SNMP parameter settings.

Batch import

Multiple devices with different IP addresses are added at a time through an Excel file. This mode applies in new site deployment scenarios where devices are dispersed in multiple network segments.

NOTE:

If you directly perform other operations after device addition without setting Telnet parameters, some functions will not take effect. To facilitate subsequent operations, set Telnet parameters when adding devices.

  • Single addition
    1. Choose Resource > Common > Add Resource > Add Resource from the main menu.

    2. Set SNMP and Telnet parameters.
      • The alarm management of eSight does not support SNMPv1. To manage device alarms using eSight, you must use SNMPv2c or SNMPv3.
      • SNMPv1 and SNMPv2c are not secure, and may have security risks. You are advised to use the more secure SNMPv3.

  • Automatic discovery
    1. Choose Resource > Common > Add Resource > Automatic Discovery from the main menu.

    2. Select the automatic discovery mode and set related parameters.
      • The alarm management of eSight does not support SNMPv1. To manage device alarms using eSight, you must use SNMPv2c or SNMPv3.
      • SNMPv1 and SNMPv2c are not secure, and may have security risks. You are advised to use the more secure SNMPv3.
      • When setting the SNMP protocol, exercise caution when selecting the automatic matching template. If automatic matching template is selected, all SNMP templates on eSight are used one by one to add devices until a correct SNMP template is matched. If there are too many failures before the matching succeeds, the exception protection mechanism may be triggered for some devices. As a result, the devices are locked. Locked devices cannot be added to eSight during the lock period. The devices can be added to eSight only after they are unlocked.

    3. Set Telnet protocol parameters.
      1. Choose Resource > Network > Equipment > Network Device from the main menu.

      2. Select devices. Choose Set Protocol > Set Telnet Parameters from the navigation tree and set related parameters.

  • Batch import
    1. Choose Resource > Common > Add Resource > Import Resource from the main menu.

    2. Download a template and upload it again after editing.
      • The alarm management of eSight does not support SNMPv1. To manage device alarms using eSight, you must use SNMPv2c or SNMPv3.
      • SNMPv1 and SNMPv2c are not secure, and may have security risks. You are advised to use the more secure SNMPv3.

    3. Set Telnet protocol parameters.
      1. Choose Resource > Network > Equipment > Network Device from the main menu.

      2. Select devices. Choose Set Protocol > Set Telnet Parameters from the navigation tree and set related parameters.

Checking the Link Status

Devices Supporting Different Protocols

Prerequisites

Huawei and non-Huawei devices (excluding Cisco devices) that support LLDP

LLDP has been enabled through operations on eSight or running commands on the devices. LLDP links are automatically added to eSight if LLDP has been enabled on the devices.

NOTE:

Ensure that the Telnet and SNMP parameters are set on both eSight and the devices.

Cisco devices that support CDP

CDP has been enabled on Cisco devices. By default, CDP is enabled on Cisco devices. If CDP is disabled, enable CDP according to the Cisco device manual.

Devices that support neither LLDP nor CDP

Links are discovered based on MAC and ARP forwarding tables.

NOTE:

The MAC and ARP forwarding tables discover links based on MAC addresses. However, some nonexistent links may be discovered due to limitations of algorithms. Link discovery may not reach one hundred percent accuracy.

MAC address-based link discovery has been enabled. To enable MAC address-based link discovery, perform the following operations:

Choose System > System Settings > Southbound Devices from the main menu and choose Network Management Parameter Setting from the navigation tree on the left.

  1. Choose Resource > Network > Equipment > Link Management from the main menu.

  2. Choose Discover Link from the navigation tree, specify devices at two ends of a link, and start link discovery.
    • If some links are not discovered, click Create Link to add missing links.
    • If some links are incorrectly discovered, click Delete to delete them.
Managing and Maintaining Devices
  1. Choose Resource > Network > Equipment > Network Device from the main menu.

  2. Click name of the device to be managed and maintained, view device information and perform operations based on the site requirements.

    Related Operation

    Operation Entry

    View alarm information.

    Choose View > Alarm List from the navigation tree on the left.

    Modify Telnet parameters.

    Choose Protocol Parameters > Telnet Parameters from the navigation tree on the left.

    Modify SNMP parameters.

    Choose Protocol Parameters > SNMP Parameters from the navigation tree on the left.

    Synchronize device data.

    Choose View > Basic Information from the navigation tree on the left and click Synchronization on the right.

Typical Configuration Examples

This section describes typical configuration examples in typical application scenarios, helping users complete various operations based on the actual scenarios.

Example for Configuring Automatic Device Discovery Using SNMPv2c

This example illustrates how to configure SNMPv2c to enable eSight to automatically discover devices on a network. S9700 V200R003C00 is used as an example to describe the configuration on eSight-managed device.

Applicable Products and Versions

eSight V200R005C00 or later versions

NOTE:

For configurations on other devices, see the configuration manuals of the devices.

Networking Requirements

An enterprise administrator wants to use eSight to manage devices of the enterprise.

  • The enterprise replans the network recently, and the number of devices on the entire network increases to about 1000. It is labor-consuming if the administrator logs in to each device to configure and manage the devices. The administrator needs to use a network management system (NMS) to uniformly manage all the devices on the network.
  • Devices on the enterprise network belong to the R&D Dept and finance Dept, and devices in the R&D Dept are divided into two service groups. The R&D Dept has 800 devices and the finance Dept has 200 devices. The administrator wants to manage the devices by group, view the device status in different departments, and batch configure services for devices in the same service group during the maintenance process.
Figure 12-4 Networking of automatic device discovery
Requirement Analysis
  • Enabling automatic device discovery: A large number of security devices and network devices need to be deployed on a network. The automatic device discovery function provided by eSight can reduce the administrator's workload, improve the operation efficiency, and lower misoperations.
  • Selecting the SNMPv2c protocol: A majority of the security devices and network devices use SNMPv2c. SNMPv2c has higher security than SNMPv1, and is simple and easy to configure compared with SNMPv3.
  • Enabling the subnet function in topology monitoring: The subnet function in topology monitoring enables eSight to monitor devices by area according to the subnet on which the devices are located. The administrator can divide the enterprise network into multiple subnets by department to implement differentiated management.
  • Enabling the grouping function: During routine maintenance, the administrator needs to batch configure devices that provide similar services. The grouping function enables eSight to automatically add devices to different groups after grouping rules are set. The administrator can batch perform authentication and alarm filtering operations for devices in the same group.
Data Plan

Item

Data

Description

SNMP parameters

Template name: SNMP_v2c

Version: SNMPv2c

Read community: Public123

Write community: Private123

NE port: 161

Timeout interval(s): 3

Resending times: 3

It is recommended that the read and write community names have high complexity and meet complexity requirements on devices to ensure security. The highest complexity is recommended because there are different complexity requirements for devices. For example, the combination of upper-case letters, lower-case letters, and digits.

IP address

Different network segment IP addresses are allocated based on the service group.

  • R&D Dept A
    • Service group 1: 192.168.11.0-192.168.11.255
    • Service group 2: 192.168.12.0-192.168.12.255
  • R&D Dept B
    • Service group 3: 192.168.31.0-192.168.31.255
    • Service group 4: 192.168.32.0-192.168.32.255
  • Finance Dept: 192.168.51.0-192.168.51.255

IP addresses are allocated based on the service group and department. Devices in a service group can only use IP addresses in a specified network segment, so that subnets can be divided and devices can be grouped based on IP addresses.

Subnet

The network is divided into three subnets and assigned subnet IP address ranges.

  • subnet_rda (R&D Dept A): 192.168.11.0-192.168.12.255
  • subnet_rdb (R&D Dept B): 192.168.31.0-192.168.32.255
  • subnet_finance (Finance Dept): 192.168.51.0-192.168.51.255

One subnet on eSight can contain up to 500 devices. It is recommended that the R&D Dept with 800 devices be divided into two subnets, and the finance Dept into one subnet.

Grouping rule

Five groups are divided based on the service type and department.

  • group_rda1 (R&D Dept A, service group 1): 192.168.11.0-192.168.11.255
  • group_rda2 (R&D Dept A, service group 2): 192.168.12.0-192.168.12.255
  • group_rdb3 (R&D Dept B, service group 1): 192.168.31.0-192.168.31.255
  • group_rdb4 (R&D Dept B, service group 2): 192.168.32.0-192.168.32.255
  • group_finance (Finance Dept): 192.168.51.0-192.168.51.255

The start and end IP addresses are specified in grouping rules. After eSight discovers the devices, they are automatically added to different groups.

Configuration Roadmap
  1. Configure SNMP parameters on the devices.
  2. Create subnets on eSight.
  3. Set grouping rules on eSight.
  4. Create an SNMP template on eSight.
  5. Enable eSight to discover devices using SNMP.
Prerequisites

IP addresses have been configured for devices on the network according to Data Plan, and the devices can successfully communicate with eSight.

NOTE:

This example provides the configurations on Huawei S9700 V200R003C00. For configurations on other devices, see the related product manual.

Procedure
  1. Configure SNMP parameters on the devices.

    <SwitchA> system-view
    [SwitchA] snmp-agent   //Start the SNMP Agent service.
    [SwitchA] snmp-agent sys-info version v2c   //Set the SNMP protocol version to v2c.
    [SwitchA] snmp-agent mib-view included View_ALL iso   //Create the MIB view parameter View_ALL.
    [SwitchA] snmp-agent community read cipher Public123 mib-view View_ALL   //Set the read community name and MIB view permission.
    [SwitchA] snmp-agent community write cipher Private123 mib-view View_ALL   //Set the write community name and MIB view permission.
    [SwitchA] snmp-agent trap source MEth0/0/1   //Configure the interface for adding the device on eSight.
    [SwitchA] snmp-agent trap enable   //Enable the trap upload alarm function.
    [SwitchA] snmp-agent target-host trap address udp-domain 192.168.10.10 params securityname Public123 v2c private-netmanager ext-vb //192.168.10.10 is the IP address of eSight. securityname is the same as the read community. private-netmanager specifies Huawei NMS as the destination host for receiving trap messages. This parameter needs to be configured when Huawei NMS is used. Alarms sent to the NMS can carry more information, including the alarm type, alarm sending sequence, and alarm sending time. ext-vb specifies the alarm sent to the destination host to carry extended binding variables. If alarm nodes defined by the public MIB are extended for Huawei data communication devices, the ext-vb parameter can specify whether the alarm sent to the NMS carries the extended binding variables. If the Huawei NMS tool is used, it is recommended that the ext-vb parameter be used so that the alarm can carry more information. If a third-party NMS tool is used, it is recommended that ext-vb not be used to ensure that the third-party NMS tool can normally receive alarms sent by Huawei data communication devices.

  2. Create subnets.

    1. Choose Resource > Common > Resources Group > Subnet from the main menu.

    2. Click Create.

    3. In the dialog box that is displayed, enter the subnet name and description, and click OK.

      Repeat the steps to create the other two subnets.

  3. Set grouping rules.

    1. Choose Resource > Common > Resources Group > Group Management from the main menu.

    2. In the navigation tree, choose Device Group and click next to User Defined Groups.
    3. In the Information dialog box, set the group name and description.
    4. Expand Add Members by Condition to set grouping rules.
      1. Select satisfy all conditions.
      2. Set the rule to IP Address start with"192.168.11.0".
      3. Click next to the rule. A line is displayed under the rule. Set the other rule to IP Address end with"192.168.11.255".
    5. Click Confirm. The first grouping rule is set. Repeat the steps to set other grouping rules according to Data Plan.

  4. Create an SNMP template on eSight.

    1. Choose Resource > Common > Add Resource > Protocol Template > SNMP Template from the main menu.

    2. Click Create, set parameters in the SNMP template according to Data Plan and click OK.

  5. Use the automatic device discovery function to add devices to eSight.

    1. Choose Resource > Common > Add Resource > Automatic Discovery from the main menu.

    2. Specify start and end IP addresses of network segments and add them to subnets.

      Click Add, specify start and end IP addresses of the network segment and add it to the corresponding subnet.

    3. Select Select template and select the template SNMP_v2c created in the preceding step from the template list.
    4. Select Auto add to NMS and click Start Discovery and click Start Discovery.
    5. After automatic device discovery is complete, check whether all the devices matching parameters in the template are added to eSight. Click Complete.

  6. Adjust the topology layout.

    1. Choose Topology > Topology Management from the main menu.
    2. On the Physical topology page, adjust the device locations.
    3. Click to save the new locations of the devices in the topology.

Verification
  1. Check devices on subnets.
    1. Choose Topology > Topology Management from the main menu.

    2. Double-click the icon of subnet_finance in the topology to display the subnet topology. Check whether all the devices in the finance Dept are added to the subnet. If so, the operations are correct. Perform similar steps to check the other two subnets. If devices are not added to the corresponding subnet, check the IP address segments of the subnets.
  2. Check grouping of devices.
    1. Choose Resource > Common > Resources Group > Group Management from the main menu.

    2. Choose Device Group> User Defined Groups > group_rda1. Check whether all the devices in the service group 1 of R&D Dept A are added to the group. If so, the operations are correct. Perform similar steps to check the other four groups. If devices are not added to the corresponding group, check whether the devices are added to eSight and whether grouping rules are correctly set.
Example for Using SNMPv3 to Import Network Devices in a Batch

This example illustrates how to use SNMPv3 to import various types of network devices to eSight.

Applicable Products and Versions

eSight V200R005C00 or later versions

Networking Requirements

An enterprise has constructed a campus network and wants to use eSight to manage all network devices on the campus network.

The enterprise has the following requirements:

  • The enterprise administrator uses the SNMPv3 protocol with high security to manage network devices.
  • If automatic discovery is used, the enterprise administrator needs to perform discovery tasks multiple times because the device types on the campus network are diversified, and the authorization protocols and passwords are different. As a result, the enterprise administrator wants to use the batch import function to add various network devices to eSight in a batch.
Figure 12-5 Enterprise campus network
Data Plan

Layer 1 Subnet

IP Address

Name

Protocol Type

Protocol Version

Port

Security Name

Authentication Protocol

Authentication Password

Privacy Protocol

Privacy Password

Subnet_A

192.168.3.105

AR1

SNMP

V3

161

SNMPv3user

HMAC_SHA

Changeme_123

AES_128

Changeme@123

Subnet_A

192.168.3.101

S1

SNMP

V3

161

SNMPv3user

HMAC_SHA

Changeme_234

AES_128

Changeme@234

Subnet_A

192.168.3.102

S2

SNMP

V3

161

SNMPv3user

HMAC_SHA

Changeme_235

AES_128

Changeme@235

Subnet_A

192.168.3.103

S3

SNMP

V3

161

SNMPv3user

HMAC_SHA

Changeme_236

AES_128

Changeme@236

Subnet_A

192.168.3.104

S4

SNMP

V3

161

SNMPv3user

HMAC_SHA

Changeme_237

AES_128

Changeme@237

Prerequisites

You have obtained the operation rights for Access Resource and Modify Topology.

Procedure
  1. Set SNMP parameters on the network devices.

    The following uses Huawei AR2200 V200R007C00SPC900 as an example to describe the configuration. For other device models, see the configuration manual. The configuration commands vary depending on the model and version of network devices.

    <AR1> system-view
    [AR1] snmp-agent 
    [AR1] snmp-agent sys-info version v3
    [AR1] snmp-agent mib-view View_ALL include iso   
    //Set View_ALL to specify the MIB view. To ensure that eSight can manage devices normally (for example, finding device links through the LLDP protocol), the MIB view must contain the iso node.
    [AR1] snmp-agent group v3 snmpv3group privacy  write-view View_ALL notify-view View_ALL  
    //snmpv3group is the set user group. The write view name and notification view name are specified as View_ALL. By default, the write view has the read permission. Therefore, you do not need to set the read-view. The notification view is used to limit the MIB node of the device for sending alarms to eSight. 
    [AR1] snmp-agent usm-user v3 snmpv3user group snmpv3group   
    //snmpv3user is the configured user name, which is consistent with the security name of eSight. The security level of a user cannot be lower than the security level of the user group to which the user belongs. Otherwise, the user cannot perform communication normally. For example, if the security level of the user group snmpv3group is privacy, the security level of the user snmpv3user must be authentication and encryption. 
    [AR1] snmp-agent usm-user v3 snmpv3user authentication-mode sha  
    Please configure the
    authentication password (8-255)
    Enter Password:
    Confirm Password:
    //Set the user authentication protocol and password, which are consistent with the authentication protocol and password of eSight. You need to enter the authentication protocol and password twice.
    [AR1] snmp-agent usm-user v3 snmpv3user privacy-mode aes128   
    Please configure the privacy
    password (8-255)
    Enter Password:
    Confirm Password:
    //Set the user encryption protocol and password, which are consistent with the proprietary protocol and password of eSight. You need to enter the authentication protocol and password twice.
    [AR1] snmp-agent target-host trap-paramsname snmpv3user v3 securityname snmpv3user privacy private-netmanager binding-private-value
    //Configure parameters for devices to send trap messages. Both trap-paramsname and securityname are set to snmpv3user. You can modify them based on the site requirements. private-netmanager specifies Huawei NMS as the destination host for receiving trap messages. This parameter needs to be configured when Huawei NMS is used. Alarms sent to the NMS can carry more information, including the alarm type, alarm sending sequence, and alarm sending time. binding-private-value specifies the alarm sent to the destination host to carry extended binding variables. If alarm nodes defined by the public MIB are extended for Huawei data communication devices, the binding-private-value parameter can specify whether the alarm sent to the NMS carries the extended binding variables. If the Huawei NMS tool is used, it is recommended that the binding-private-value parameter be used so that the alarm can carry more information. If a third-party NMS tool is used, it is recommended that binding-private-value not be used to ensure that the third-party NMS tool can normally receive alarms sent by Huawei data communication devices.
    [AR1] snmp-agent target-host trap-hostname eSightServer address 192.168.3.100 trap-paramsname smnpv3user 
    //Set the alarm reporting host. In the information, eSightServer is the name of the eSight server and 192.168.3.100 is the IP address of the eSight server. The eSight server name is used to identify the eSight server and can be customized based on the site requirements. 
    [AR1] snmp-agent trap enable  //Enable the trap alarm function.

  2. Choose Resource > Common > Add Resource > Import Resource from the main menu.

  3. Click next to Download Template to download the Excel file to a local device.
  4. Open the template, fill in device information, and save the template.
  5. On the Import Device page, click next to Upload Resource File and select the saved Excel file.
  6. Click to upload a file.

    Device information and device check results are displayed on the right of the page. If Result is empty, device check succeeds.

  7. Select a device and click Create.

    eSight starts to import the devices.

    • If the device is created successfully, the Result column is The resource is created successfully.
    • If the device cannot be created, the reason for the failure is displayed in the Result column. You can attempt to solve the problem and import devices again based on the failure reason. If the fault persists, contact the technical support personnel.

  8. Import network devices in a batch and adjust their locations in the topology.

    1. Choose Topology > Topology Management from the main menu.
    2. Adjust locations of the network devices in the topology based on the campus networking.
      • Adjust locations of subnets or devices in the physical view: In the physical view, click a subnet or device to be adjusted and drag the subnet or device to the specified location.
      • Perform the following operations to change the subnet to which a device belongs:
    3. Select the device in the topology tree or the physical view.
    4. Click on the toolbar in the topology.
    5. In the topology navigation tree or physical view, select the target subnet. In the physical view, double-click the target subnet to open it, and click . In the topology tree or the physical view, you can find that the device has been moved to the target subnet.

Verification

After devices are successfully added to eSight, you can view network devices that are imported in a batch on the Equipment Resources page and view subnet and location information of the devices on the Topology Management page.

Example for Using eSight to Discover Links Between Devices from Different Vendors

This example illustrates how to use eSight to discover links between devices from different vendors, such as Huawei, Cisco, and H3C, after they are added to eSight.

Prerequisites

Devices from multiple vendors, such as Huawei, Cisco, and H3C, have been added to eSight, and Telnet parameters on eSight are the same as those on the devices.

Applicable Products and Versions

eSight V200R005C00 or later versions

Networking Requirements

Network devices on a company's network are from Huawei, Cisco, and H3C. The company wants to monitor the devices and the status of links among the devices in the topology view.

Figure 12-6 Networking on the user side

Configuration Roadmap
  1. Log in to Cisco devices and enable CDP to discover links between them.
  2. Deliver the LLDP configuration from eSight to Huawei devices to discover links between them.
  3. Manually create links for devices from different vendors.
Procedure
  1. Enable CDP on Cisco devices to discover links between them.

    1. Run the cdp run command to enable CDP globally.
    2. Run the cdp enable command to enable CDP on an interface.

  2. Discover links between Huawei devices on eSight.

    1. Choose Resource > Network > Equipment > Link Management from the main menu.

    2. Click Discover Link.

    3. In the search area in the left pane, select devices in Root, select Deliver commands, and click Discover.

    4. After the link discovery operation is complete, click Delivery result to view the link discovery result.

  3. Create links between devices from two vendors.

    1. Choose Topology > Topology Management from the main menu.

    2. Right-click the blank area in the topology and choose Add > Create Link.
      NOTE:

      You can also Choose Resource > Network > Equipment > Link Management from the main menu and click Creating Link to create the specified link.

    3. Click HUAWEI Device1 and Cisco Device4. The Creating Link page is displayed.
    4. On the Creating Link page, Set Linkname and Category to *** and Layer 2 Link, and set Source Port Name and Destination Port Name to the ports on the two ends of the link.

    5. Click OK. A link is created. Right-click in the blank area in the topology view and choose Refresh. The direct link between the two devices is displayed in the topology view.
    6. Repeat steps 2 to 5 to create the other three links.

Verification

After link discovery operations are complete, the links displayed in the topology view are the same as those on the actual network.

FAQs

This section describes questions frequently asked by users, helping users rectify problems in a timely manner.

Deleting Network Devices

You can delete network devices in either of the following ways:

  • Method 1
    1. Choose Resource > Network > Equipment > Network Device from the main menu.

    2. Delete network devices.
    • Deleting a network device

      Click in the Operation column of device to be deleted and click OK in the dialog box that is displayed to delete the device.

    • Deleting network devices in batches

      Select multiple devices to be deleted and choose More > Delete. In the dialog box that is displayed, click OK to delete the devices in batches.

  • Method 2
    1. Choose Topology > Topology Management from the main menu.

    2. Right-click a device to be deleted and choose Delete from the shortcut menu. In the dialog box that is displayed, click Yes to delete the device.

Exporting the Device List
  1. Choose Resource > Network > Equipment > Network Device from the main menu.

  2. Perform related operations based on the site requirements.
    • Exporting selected devices

      Select devices to be exported and choose More > Export Selected > Export to Excel or More > Export Selected > Export to CSV to export the list of selected devices to a local host.

    • Exporting all devices

      Choose More > Export All > Export to Excel or More > Export All > Export to CSV to export the list of all devices to a local host.

Exporting the Interface List
  1. Choose Resource > Network > Equipment > Network Device from the main menu.

  2. Choose Port from the navigation tree on the left.
  3. Perform related operations based on the site requirements.
    • Exporting selected interfaces

      Select interfaces to be exported and choose Export > Export Select > Export to Excel or Export > Export Select > Export to CSV to export the list of selected interfaces to a local host.

    • Exporting all interfaces

      Choose Export > Export All > Export to Excel or Export > Export All > Export to CSV to export the list of all interfaces to a local host.

Configuring Device Parameters
Configuring the SNMP Protocol on Devices

The SNMP protocol is used to add devices to eSight. SNMP parameters on devices must be the same as those on eSight.

  • The alarm management of eSight does not support the SNMPv1. To manage device alarms using the eSight, use the SNMPv2c or SNMPv3.
  • SNMPv1 and SNMPv2c are not secure, and may have security risks. You are advised to use the more secure SNMPv3.

The following uses Huawei S5720-52X-PWR-SI-AC V200R011C10 as an example to describe the configuration. For other device models, see the configuration manual.

NOTE:

The commands may differ depending on the device model. When configuring a command, you are advised to enter a question mark (?). The associated command is displayed automatically. The following is an example.

[Device] snmp-agent usm-user v3 snmpv3user ?
  • SNMPv3
    <Device> system-view
    [Device] snmp-agent sys-info version v3
    [Device] snmp-agent mib-view included  View_ALL iso    // View_ALL indicates the name of the MIB view. To ensure that eSight can properly manage devices (for example, discover device links through the LLDP protocol), the MIB view must contain the iso node.
    [Device] snmp-agent group v3 snmpv3group privacy write-view View_ALL notify-view View_ALL   //snmpv3group indicates the configured user group. Set the name of the write view and notification view to View_ALL. By default, the write view has the read permission and you do not need to set read-view. The notification view is used to restrict the MIB node that sends alarms to eSight.
    [Device] snmp-agent usm-user v3 snmpv3user group snmpv3group   //snmpv3user indicates the configured user name, which is the same as the eSight security name. The security level of a user cannot be lower than that of the user group to which the user belongs. Otherwise, the communication fails. For example, if the security level of user group snmpv3group is set to privacy, the security level of user snmpv3user must be authentication and encryption.
    [Device] snmp-agent usm-user v3 snmpv3user authentication-mode sha   //Set the authentication protocol and password of the user, which are the same as those of eSight.
    [Device] snmp-agent usm-user v3 snmpv3user privacy-mode aes128   // Set the encryption protocol and password of the user, which must be the same as those of eSight.
    [Device] snmp-agent trap enable
    Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:Y
    [Device] snmp-agent target-host trap address udp-domain 10.10.10.10 source GigabitEthernet 0/0/1 udp-port 162 params securityname snmpv3user v3 privacy   //10.10.10.10 is the IP address of the eSight server. If the southbound and northbound network isolation solution is used, this IP address is the southbound IP address of eSight.) GigabitEthernet 0/0/1 is the configured interface for reporting device trap packets. 162 is the port number of trap packets. You are advised not to change the port number to other values. To change the port number, contact Huawei technical support. Set securityname to the user name.
    [Device] snmp-agent packet max-size 12000   //Set the maximum size of an SNMP packet that can be received and sent by the device to 12000 bytes. By default, the maximum size of an SNMP packet is 12000 bytes. Since this parameter may be modified, you need to reset this parameter.
    [Device] quit
    <Device> save
  • SNMPv2c
    <Device> system-view
    [Device] snmp-agent sys-info version v2c
    [Device] snmp-agent mib-view included View_ALL iso   //View_ALL indicates the name of the MIB view. To ensure that eSight can properly manage devices (for example, discover device links through the LLDP protocol), the MIB view must contain the iso node.
    [Device] snmp-agent community read cipher Public_123 mib-view View_ALL   //Public_123 is the specified read community. The value must be the same as Read community on eSight. 
    [Device] snmp-agent community write cipher Private_123 mib-view View_ALL   //Private_123 is the specified write community. The value must be the same as Write community on eSight.
    [Device] snmp-agent trap enable
    Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:Y
    [Device] snmp-agent target-host trap address udp-domain 10.10.10.10 source GigabitEthernet 0/0/1 udp-port 162 params securityname Public_123 v2c privacy   //10.10.10.10 is the IP address of the eSight server. If the southbound and northbound network isolation solution is used, this IP address is the southbound IP address of eSight.) GigabitEthernet 0/0/1 is the configured interface for reporting device trap packets. 162 is the port number of trap packets. You are advised not to change the port number to other values. To change the port number, contact Huawei technical support. Set securityname to the read community.
    [Device] snmp-agent packet max-size 12000   //Set the maximum size of an SNMP packet that can be received and sent by the device to 12000 bytes. By default, the maximum size of an SNMP packet is 12000 bytes. Since this parameter may be modified, you need to reset this parameter.
    [Device] quit
    <Device> save
  • SNMPv1
    <Device> system-view
    [Device] snmp-agent sys-info version v1
    [Device] snmp-agent mib-view included View_ALL iso   //View_ALL indicates the name of the MIB view. To ensure that eSight can properly manage devices (for example, discover device links through the LLDP protocol), the MIB view must contain the iso node.
    [Device] snmp-agent community read cipher Public_123 mib-view View_ALL   //Public_123 is the specified read community. The value must be the same as Read community on eSight. 
    [Device] snmp-agent community write cipher Private_123 mib-view View_ALL   //Private_123 is the specified write community. The value must be the same as Write community on eSight.
    [Device] snmp-agent trap enable
    Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:Y
    [Device] snmp-agent target-host trap address udp-domain 10.10.10.10 source GigabitEthernet 0/0/1 udp-port 162 params securityname Public_123 v1 privacy   //10.10.10.10 is the IP address of the eSight server. If the southbound and northbound network isolation solution is used, this IP address is the southbound IP address of eSight.) GigabitEthernet 0/0/1 is the configured interface for reporting device trap packets. 162 is the port number of trap packets. You are advised not to change the port number to other values. To change the port number, contact Huawei technical support. Set securityname to the read community.
    [Device] snmp-agent packet max-size 12000   //Set the maximum size of an SNMP packet that can be received and sent by the SNMP Agent to 12000 bytes. By default, the maximum size of an SNMP packet is 12000 bytes. Since this parameter may be modified, you need to reset this parameter.
    [Device] quit
    <Device> save
Configuring Telnet Parameters on Devices

Telnet parameters are configured on devices to ensure that eSight can deliver configurations to them. Telnet parameters on devices must be the same as those on eSight.

Telnet is not secure, and may have security risks. You are advised to use the more secure SSH.

The STelnet protocol provides the same functions as the SSH protocol. The detailed configurations are not mentioned here.

The following uses Huawei S5720-52X-PWR-SI-AC V200R011C10 as an example to describe the configuration. For other device models, see the configuration manual.

  • sTelnet
    <Device> system-view
    [Device] dsa local-key-pair create   //Set the length of the key pair to 2048.
    [Device] user-interface maximum-vty 15   //Set the maximum number of VTY user interfaces to 15.
    [Device] user-interface vty 0 14
    [Device-ui-vty0-14] authentication-mode aaa
    [Device-ui-vty0-14] protocol inbound ssh
    [Device-ui-vty0-14] quit
    [Device] aaa
    [Device-aaa] local-user sshuser password irreversible-cipher Changeme123   //Set the user name to sshuser, which must be the same as User name on eSight. Set the password to Changeme123, which must be the same as Password on eSight.
    [Device-aaa] local-user sshuser service-type ssh
    [Device-aaa] local-user sshuser privilege level 15   //Set the STelnet permission of the user to the highest level 15. You are advised to set the STelnet permission based on actual needs.
    [Device-aaa] quit
    [Device] ssh user sshuser authentication-type password
    [Device] stelnet server enable
    [Device] ssh user sshuser service-type stelnet
    [Device] quit
    <Device> save
  • Telnet
    <Device> system-view
    [Device] telnet server enable
    [Device] user-interface maximum-vty 15   //Set the maximum number of VTY user interfaces to 15.
    [Device] user-interface vty 0 14
    [Device-ui-vty0-14] protocol inbound telnet
    [Device-ui-vty0-14] shell
    [Device-ui-vty0-14] authentication-mode aaa
    [Device-ui-vty0-14] quit
    [Device] aaa
    [Device-aaa] local-user sshuser password irreversible-cipher Changeme123   //Set the user name to sshuser, which must be the same as User name on eSight. Set the password to Changeme123, which must be the same as Password on eSight.
    [Device-aaa] local-user sshuser service-type telnet
    [Device-aaa] local-user sshuser privilege level 15   //Set the STelnet permission of the user to the highest level 15. You are advised to set the STelnet permission based on actual needs.
    [Device-aaa] quit
    [Device] quit
    <Device> save
Configuring the LLDP Protocol on Devices

After the LLDP protocol is configured on devices, LLDP links are automatically added to eSight.

The following uses Huawei S5720-52X-PWR-SI-AC V200R011C10 as an example to describe the configuration. For other device models, see the configuration manual.

<Device> system-view
[Device] lldp enable
[Device] quit
<Device> save
Configuring the NETCONF Protocol on Devices

If the NETCONF protocol is configured on network devices, eSight can manage them with higher security and scalability. NETCONF parameters on devices must be the same as those on eSight.

This section uses Huawei CloudEngine 12800 V200R002C20 as an example to describe basic commands for setting NETCONF parameters on the devices. For commands of other device models, see the configuration manual.

<Device> system-view
[Device] interface GigabitEthernet 1/0/1   //Set GigabitEthernet 0/0/1 as the management interface of the NETCONF agent.
[Device-GigabitEthernet1/0/1] ip address 10.10.10.10 24   //Set the IP address of the management interface of the NETCONF agent to 10.10.10.10.
[Device-GigabitEthernet1/0/1] quit
[Device] ssh user netconfuser   //Set the user name to netconfuser, which must be the same as User name on eSight.
[Device] aaa
[Device-aaa] local-user netconfuser password irreversible-cipher Changeme123   //Set the password to Changeme123, which must be the same as New password on eSight.
[Device-aaa] local-user netconfuser service-type ssh
[Device-aaa] local-user netconfuser level 15   //Set the NETCONF permission of the user to the highest level 15. You are advised to set the NETCONF permission based on the site requirements.
[Device-aaa] quit
[Device] ssh server cipher 3des_cbc aes128_cbc aes128_ctr aes256_cbc aes256_ctr arcfour128 arcfour256 blowfish_cbc des_cbc   //Set the encryption algorithm list on the SSH server.
[Device] ssh user netconfuser authentication-type password
[Device] ssh user netconfuser service-type snetconf
[Device] snetconf server enable
[Device] commit
Configuring NetStream Parameters on Devices

NetStream parameters are configured on devices to enable them to output traffic statistics to the NTC.

This section uses S9700 NetStream V5 as an example to describe basic commands for setting NetStream parameters on the S9700. For commands of other device models, see the configuration manual.

<Device> system-view
<Device> ip netstream export source 10.137.59.152   //Configure the source address for exporting NetStream packets. The IP address must already exist on the device and the device must use this IP address when it connects to eSight.
<Device> ip netstream export host 10.137.58.83 9995   //Configure the destination address and port for exporting the packets. Set ip-address to the IP address of the NTC. (If eSight is deployed in southbound and northbound isolation scenario, set this parameter to the southbound IP address of eSight.) Set port-number to the port number of the NTC. (The default port number is 9995 or 9996.)
<Device> ip netstream timeout active 60   //Configure the active flow aging time.
<Device> interface gigabitethernet  1/0/1
<Device-GigabitEthernet1/0/1> ip netstream inbound   //Configure the sampling direction. You are advised to enable NetStream in inbound direction of uplink and downlink interfaces or in both directions of the uplink or downlink interface.
<Device-GigabitEthernet1/0/1> ip netstream outbound
<Device-GigabitEthernet1/0/1> ip netstream sampler fix-packets 1200 inbound   //Configure the sampling mode to regular packet sampling. The default value is 1000 on S switches.
<Device-GigabitEthernet1/0/1> ip netstream sampler fix-packets 1200 outbound
<Device-GigabitEthernet1/0/1> quit
<Device> quit
<Device> save
Can Devices Be Added on eSight Through the SNMP v2c When Only the Write Community Name Rather Than the Read Community Name Is Configured
Question

Can devices be added on eSight through the SNMP v2c when only the write community name rather than the read community name is configured?

Answer

NO. Devices cannot be added. See scenario 3.

Read and write community names have the following application scenarios.

  • Read community name: This parameter is used when users expect that low-level network administrators have the read-only permission in a specified view.
  • Write community name: This parameter is used when users expect that high-level network administrators have the read and write permissions in a specified view.

    Scenario

    Whether Read Community Name Configured

    Whether Write Community Name Configured

    Can Be Added to eSight

    Condition for Devices Added to eSight

    Scenario 1

    When you add a device, the read and write community names must be consistent with these on the device.

    Scenario 2

    ×

    When you add a device, the read community name must be consistent with that on the device.

    NOTE:

    If only the read community name is configured, users can only check the device information but cannot modify the device configuration or deliver a task for the device.

    Scenario 3

    ×

    ×

    When you add a device, the read and write community names must be consistent with the write community name on the device.

Links That Exist Before Device Upgrade Are Not Displayed After the Upgrade. How Can I Solve the Problem
Answer

You are advised to delete the device on which this exception occurs from eSight and then add it to eSight again. Check whether links are normally displayed.

How Do I Solve the Problem That eSight Cannot Discover Links Between Two Devices Connected Through a Transmission Device
Answer

If a transmission device is deployed between two devices, the links between the two devices are not direct links. eSight does not support automatic discovery of these links. You can create such links manually.

Why Is the Serial Number Displayed for Only Some Devices on the Network Device List Page
Question

Why is the serial number displayed for only some devices on the network device list page?

Answer

The serial number displayed on the network device list page is the device-level serial number. Currently, serial numbers of only some devices can be obtained. When synchronizing devices, eSight automatically obtains the device serial numbers from the devices. The obtaining method is as follows:

  • Huawei devices: Log in to the device through Telnet or sTelnet (SSH) and run the display esn command to obtain the device serial number.
  • H3C devices: Log in to the device through Telnet or sTelnet (SSH) and run the display device manuinfo chassis-only command to obtain the device serial number.
  • Cisco devices: Read the MIB node 1.3.6.1.4.1.9.9.23.1.3.4.0 to obtain the device serial number.
NOTE:

The following conditions must be met for eSight to obtain the device-level serial number:

  1. The device supports the preceding commands or methods for obtaining the device serial number. For details, see the device document.
  2. Device protocol parameters are correctly set on eSight.
Configuring eSight to Connect to Network Devices Using Local Telnet in SSH Mode
Prerequisites
  • The client can only run the Windows operating system.
  • The SSH server configuration has been completed on the device.
  • The client and device have reachable routes to each other.
Context

Telnet parameters are configured on devices to ensure that eSight can deliver configurations to them. Telnet parameters on devices must be the same as those on eSight. Telnet is not secure; therefore, the more secure SSH protocol is recommended. In this section, the third-party software PuTTY is used as sample software for login to the SSH server.

Procedure
  1. Enable local Telnet in SSH mode on the eSight server.

    1. Log in to the eSight server.
    2. Open the webtelnet.cfg file in {eSight installation directory}\AppBase\etc\neadapter\webtelnet\ and set the telnetMode field. Here the telnetMode field is set to localssh.

      # webtelnet charset:UTF-8,GBK charSet = UTF-8

      #telnet Mode:web|local|localssh|all,default web telnetMode = localssh

      Value

      Description

      web

      Only web telnet is supported.

      local

      Only local telnet is supported.

      localssh

      Only local SSH is supported.

      all

      The preceding modes are all supported.

  2. Configure the client PC.

    1. Create a folder named SSH in disk C of the client PC.
    2. Download putty.exe to C:\SSH on the PC. putty.exe is third-party software, and you can download it at its official website https://www.chiark.greenend.org.uk/~sgtatham/putty/.
    3. Click the file names and download SSH.zip, decompress the SSH.zip package, and then copy the obtained files SSH.VBS and SSH.REG to C:\SSH on the PC.
      NOTE:

      If you have downloaded PuTTY.exe, SSH.VBS, and SSH.REG to another target folder but not the default one C:\SSH, modify the contents in the SSH.VBS and SSH.REG files according to the actual storage path.

      1. Open the SSH.VBS file, modify the storage path of putty.exe, save the modification, and close the file.

      2. Open the SSH.REG file, modify the storage path of SSH.VBS, save the modification, and close the file. Note that two backslashes (\\) in the red box indicate escape characters.

    4. Double-click SSH.REG to add the file information to the registry.

Follow-up Procedure
  1. Log in to eSight in the PC's browser.
  2. Switch to the NE Manager from the network device list.
    1. Choose Resource > Network > Equipment > Network Device from the main menu.

    2. Choose Network Device from the navigation tree on the left.
    3. Click the device name.
  3. Click Telnet in the upper of the page. eSight invokes the PuTTY software.
  4. Log in to a managed device through PuTTY.
Which SNMP Version Is Used When eSight Collects Device Interface Traffic
Question

Which SNMP version is used when eSight collects device interface traffic?

Answer

When eSight collects device interface traffic, it uses the SNMP version specified for adding the device to it.

eSight cannot collect interface traffic from a device that is added to it using SNMPv1. To collect interface traffic from the device, modify SNMP parameters on the device and eSight to add the device using SNMPv2c or a later version, and then collect interface traffic again.

Exercise caution when using SNMPv2c because it may bring information security risks. You are advised to use SNMPv3.

Can eSight Correctly Parse Device Alarms Only After the trap source Command Is Configured on Devices
Question

Can eSight correctly parse device alarms only after the trap source command is configured on devices?

Answer

Yes. Run the snmp-agent trap source interface-type interface-number command to specify the source interface (device management interface) for sending Trap packets. Ensure that the IP address of the device management interface must be consistent with the IP address added to the NMS.

How Does eSight Ensure that Data in the eSight Database Is the Same as the Device Resources Data, and What Protocol Is Used for Device Resources Synchronization, SNMP or Telnet
Question

How does eSight ensure that data in the eSight database is the same as the device resources data? Is SNMP or Telnet used for device resources synchronization?

Answer

eSight ensures data consistency through manual synchronization. eSight processes the alarms to ensure that data is synchronized. eSight uses Telnet to synchronize IPSec and SNMP to synchronize all the other device resources.

Can the eSight Manage Devices on the Public Network
Question

Can the eSight manage devices on the public network?

Answer

The eSight can manage devices on the public network since there are reachable routes between the eSight and the devices. After devices are automatically added to the eSight through the automatic discovery function or manually added to the eSight, the eSight can manage the devices. If refined management is required, you need to configure SNMP and Telnet parameters.

Device Addition or NE Data Synchronization Through SNMP Fails. How Can I Solve the Problem
Answer

Ensure that the network connection is normal and SNMP parameters are correctly configured. Set Timeout interval of the SNMP protocol to a larger value, and then check whether the problem is solved.

How Does eSight Calculate a Device's Response Time
Answer

eSight pings a device at an interval of 30s and records the ping duration of latest four ping operations. During performance data collection, eSight returns the average duration of latest four ping operations, which is the device's response time.

How Can I Configure eSight to Enable It to Access a Specified MIB on a Device
Answer

On eSight, you cannot specify the MIBs to be accessed, but you can specify the accessible MIB views on a device to perform the MIB access control.

Run the snmp-agent mib-view MIB view name include name of the MIB node to be accessed command.

To use eSight functions, eSight needs to access to different MIB nodes on the device. If eSight can only access to a specified MIB node, some eSight functions may become unavailable. Therefore, exercise caution when performing this operation.

How Do I Solve the Problem that eSight Cannot Discover Links Between Two Connected Interfaces with 31-Bit IP Address Masks
Answer

The IP addresses of the two interfaces are both invalid. One IP address is a network segment address, and the other one is a broadcast address. eSight cannot discover links in this scenario. It is recommended that you reconfigure the IP addresses and masks for the interfaces.

What Do I Do If Garbled Characters Are Displayed on the Web Page When I Log In to eSight Using Telnet
Answer

The default encoding mode for the web page is UTF-8 when a user logs in to eSight using Telnet. If Chinese needs to be supported, change the encoding mode to GBK.

Perform the following operations to change the encoding mode:

  1. Log in to the eSight server as the ossuser user.
  2. Modify the webtelnet.cfg configuration file.

    Access the eSight installation directory\etc\neadapter\webtelnet directory and set charSet to GBK in the webtelnet.cfg file.

Can I Set the Polling Interval on eSight to a Shorter Value
Answer

By default, the polling interval is 30 seconds. If a large number of devices are deployed on the network, the polling interval may be greater than 30 seconds. Therefore, it is not recommended that you set the polling interval to a shorter value.

Troubleshooting

This section describes common faults frequently encountered by users, helping users rectify faults in a timely manner.

eSight Fails to Discover Links

eSight supports link discovery through Link Layer Discovery Protocol (LLDP) or Cisco Discovery Protocol (CDP). You can select a link discovery mode based on the device vendor or device type. Automatic link discovery can be used if there is a direct LLDP link between two devices and LLDP data exists in devices' MIB tables.

Common Causes
  • Two devices are not directly connected.
  • The MIB view is not specified on the devices, or the MIB view does not contain the complete ISO node.
  • The SNMP configuration on eSight is incorrect.
  • The devices do not support LLDP or CDP.
  • LLDP or CDP is disabled on the devices.
  • The MIB tables on devices at two ends of the link do not contain LLDP data, or the data in the MIB tables is different.
Procedure
  1. Check whether two devices are directly connected.

    If another device such as a transmission device exists between them, eSight does not support automatic link discovery. You need to create the link manually.

    1. Choose Resource > Network > Equipment > Link Management from the main menu.
    2. Click on the toolbar to create a link manually.

  2. Check whether the SNMP configuration on the devices is correct.

    1. Choose Resource > Network > Equipment > Network Device from the main menu.
    2. Find the devices in the network device list, and log in to them using Telnet.
    3. Run the display current-configuration | include snmp command to check the device configuration.
    Table 12-5 Checking the SNMP configuration on devices

    Protocol

    Check Result

    Solution

    SNMP V2c

    The configured read and write communities do not contain the mib-view parameter, or the specified MIB view does not contain the complete ISO node.

    1. Enter system-view in the Telnet window to enter the device's system view.
    2. Run the following commands:

      snmp-agent mib-view include View_ALL iso

      snmp-agent community write {SNMP write community} mib-view View_ALL

      snmp-agent community read {SNMP read community} mib-view View_ALL

    SNMP V3

    The configured user group does not contain the mib-view parameter, or the specified MIB view does not contain the complete ISO node.

    1. Enter system-view in the Telnet window to enter the device's system view.
    2. Run the following commands:

      snmp-agent mib-view include View_ALL iso

      snmp-agent group v3 {SNMPV3 user group} privacy read-view View_ALL write-view View_ALL notify-view View_ALL

  3. Check whether the SNMP configuration on eSight is correct.

    1. Choose Resource > Network > Equipment > Network Device from the main menu.
    2. Find the devices in the network device list, and click the device name to access the NE Manager.
    3. In the navigation tree on the left, choose Protocol Parameters > SNMP Parameters.
    4. Check that the SNMP write community is set and the SNMP parameter test succeeds, and click Apply.

  4. Check whether the devices support LLDP or CDP.

    Check whether the devices support LLDP or CDP. If the devices do not support LLDP or CDP, manually add the link between them to eSight.

    1. Choose Resource > Network > Equipment > Link Management from the main menu.
    2. Click on the toolbar to create a link manually.

  5. Check whether LLDP or CDP is enabled.

    Log in to the devices using Telnet to check whether LLDP or CDP is enabled. If not, enable LLDP or CDP.

    Table 12-6 Checking whether LLDP or CDP is enabled

    Protocol

    Check Whether LLDP or CDP Is Enabled

    Enable LLDP/CDP

    LLDP

    In the system-view view, run the display current-configuration | include lldp command.

    lldp enable

    CDP

    In the configure terminal view, run the show running-config | include cdp command.

    cdp run

  6. Check whether the MIB tables contain LLDP data.

    1. Choose Resource > Network > Configuration > MIB Management from the main menu.
    2. Click on the toolbar to select devices whose MIB table is to be queried.
    3. Find the corresponding MIB node, click the node, and click TableView on the toolbar to view LLDP data in the table. Check whether the LLDP data in the MIB tables of devices at two ends of the link is the same.

      Query the MIB nodes at two ends of the link. The names are lldpRemEntry (OID: 1.0.8802.1.1.2.1.4.1.1) and lldpLocPortEntry (OID: 1.0.8802.1.1.2.1.3.7.1).

    4. If the MIB tables on devices at two ends of the link do not contain LLDP data, or the data in the MIB tables is different, contact the device manager to check the LLDP data.

  7. If the fault persists, contact technical support personnel.
Device Addition Failure

The reasons causing device addition failures vary depending on scenarios. This section describes the reasons of device addition failures and troubleshooting methods based on error codes for device addition failures.

Common Causes

Error Code

Common Causes

Network is busy, the device is overloaded, or SNMP parameters are incorrect.

  • The network between the device and eSight is disconnected.
  • The SNMP parameters configured during device addition to eSight are inconsistent with those of the device.
  • The SNMP configuration on the device is incorrect.
  • The password for the SNMP read-write community name of the device does not meet complexity requirement.
  • The device adds the IP address of eSight server to its blacklist (USG firewall).
  • Third-party equipment's sysObjectID does not exist.
  • The device is working abnormally.

The device already exists.

The device to be added has a different IP address and the same MAC address with the device that already exists on eSight.

Database operation fails.

The database is abnormal.

Procedure
  • Network is busy, the device is overloaded, or SNMP parameters are incorrect.
    • Check the current network configuration.
      1. Check whether the device and eSight can ping each other. If the link between eSight and the device is reachable uni-directionally, configure the corresponding route.
      2. Check whether a firewall/NAT device exists between the device and eSight. If a firewall exists, disable the firewall. If a NAT device exists, ensure that NAT configuration is consistent with that planned in the communication matrix.
    • Check whether the SNMP parameters filled during device addition are inconsistent with those of the device.

      Read-write community name is encrypted both on the device and eSight. If you are uncertain of the SNMP parameters configured on the device, reconfigure the SNMP parameters on the device and then add the device again.

    • Check whether the SNMP configuration on the device is correct.
      1. Telnet to the device failing to be added.
      2. Run the display current-configuration | include snmp command to check the SNMP configuration of the device.

        Protocol

        Check Result

        Solution

        SNMP V2c

        The configured read-write community name does not carry the mib-view parameter or the mib-view parameter does not include the whole ISO node.

        1. Run the system-view command in the Telnet window and enter the system view.
        2. Run the following command:

          snmp-agent mib-view include View_ALL iso

          snmp-agent community write {SNMP write community name} mib-view View_ALL

          snmp-agent community write {SNMP read community name} mib-view View_ALL

        SNMP V3

        The configured user group does not carry the mib-view parameter or the mib-view parameter does not include the whole ISO node.

        1. Run the system-view command in the Telnet window and enter the system view.
        2. Run the following command:

          snmp-agent mib-view include View_ALL iso

          snmp-agent group v3 {SNMPv3 user group} privacy read-view View_ALL write-view View_ALL notify-view View_ALL

          snmp-agent usm-user v3 {user name} {SNMPv3 user group}

          snmp-agent usm-user v3 {user name} authentication-mode md5 {authentication password}

          snmp-agent usm-user v3 {user name} privacy-mode aes128 {encryption password}

    • Check whether the password for the SNMP read-write community name of the device meets complexity requirement.
      NOTE:

      If no, the following possible causes may exist: SNMP parameters may be configured when the community name password complexity check function is disabled and the configured community name is simple (for example, public or private). The check function is enabled after SNMP parameters have been configured.

      This operation is only applicable to devices supporting complexity check function. For those that do not support complexity check function, ignore this step.

      1. Telnet to the device failing to be added.
      2. Take S9700s as an example. Run the display current-configuration | include snmp command to check whether snmp-agent community-check displays disable. If it displays disable, run the undo snmp-agent community complexity-check disable command to enable community password complexity check function. If it does not display disable, go to the next step.
      3. Reconfigure the SNMP parameters to meet the complexity requirement.
      4. Add the device again.
    • Check whether the device adds the IP address of the eSight server to the blacklist (USG firewall).
      1. Telnet to the device failing to be added and enter the system view.
      2. Run the display firewall blacklist item command to check whether the IP address of eSight server is in the blacklist of the device. If so, run the undo firewall blacklist item all command to empty the device blacklist.
    • Check whether the third-party equipment's sysObjectID exists.
      NOTE:

      sysObjectID is the unique identifier of the device during device addition process. The missing of sysObjectID MIB object may cause device addition failures.

      1. Choose Resource > Network > Configuration > MIB Management from the main menu.
      2. Connect to device failing to be added through the MIB management tool.
      3. In the filtering box of MIB navigation tree, enter 1.3.6.1.2.1.1.2 and check whether any data exists on sysObjectID object. If there is no data, the failure is caused by faulty device. Contact the supplier to locate the fault.
    • Check whether the device is abnormal.
      NOTE:

      If so, you can check logs and error message on eSight or check logs on the device to determine whether the device is abnormal.

      1. Telnet to the device failing to be added and enter the system view.
      2. Run the display logbuffer command to check log information.
      3. If the logbuffer is abnormal, for example, the following error message is displayed,
        Jan  2 2008 00:45:39-05:13 R6_U26_S2700 %%01SNMP/4/DECODE_ERR(l)[11]:Failed to login through SNMP, because of the decoded PDU error. (Ip=192.168.32.166, Times=1)

        the failure is caused by faulty device. Contact the supplier to locate the fault.

  • The device already exists.

    Check whether the to-be-added device and added device have different IP addresses but the same MAC address.

    1. Choose Resource > Network > Configuration > MIB Management from the main menu.
    2. Check whether the conflicting devices have the same MAC address.

      Connect to the device through the MIB management tool. In the filtering box of the MIB navigation tree, enter 1.3.6.1.2.1.17.1.1, click the found object, click Walk on the toolbar, and check the MAC addresses.

    3. If the MAC addresses of the two devices are the same, check whether the two devices are the same physical device (the IP addresses used for adding the two devices are different). If yes, delete the added device and add the current device. If no, the hardware of the device is faulty. In this case, contact the device vendor to locate the fault.
  • Database operation fails.

    Check whether the database is abnormal (MySQL).

    1. Open the file stored in eSight directory eSight/MySQL/data/eSight.err. Check the database log information to determine whether the database is abnormal.
    2. If an error message, such as the following message, occurs, some of the database files are corrupted. Go to the next step, recover the corrupted files, and start eSight.
      [ERROR] D:\eSight\MySQL\bin\mysqld.exe: Table '.\mysql\proc' is marked as crashed and should be repaired
    3. Stop eSight.
    4. Stop the MySQL service and back up the files stored in MySQL directory on eSight server. (D:\eSight\MySQL)
      1. Log in to the eSight server as an Administrator.
      2. Choose Start> Run and enter cmd. The CMD window is displayed.
      3. Run the following commands to stop the MySQL service.

        > cd /d D:\eSight\MySQL\bin

        > uninstmysqlsvc.bat

      4. Back up the files stored in MySQL directory. (D:\eSight\MySQL)
    5. Run the following commands in the CMD window, start the MySQL service, and recover the corrupted database files.

      > instmysqlsvc.bat

      > cd /d D:\eSight\MySQL\bin

      > myisamchk -c -r ../data/mysql/proc.MYI

    6. Start eSight.
  • If the fault persists after the preceding operations, contact Huawei engineers.
Device Synchronization Failure

This section describes the reasons causing device synchronization failures and troubleshooting methods.

Common Causes
  • The network between the device and eSight is disconnected.
  • The SNMP configuration on the device is incorrect.
  • The setting of SNMP timeout interval is incorrect.
Procedure
  • Check the current network configuration.

    Check whether the device and eSight can ping each other. If the link between eSight and the device is reachable uni-directionally, configure the corresponding route.

  • Check whether the SNMP configuration on the device is correct.
    1. Telnet to the device failing to be synchronized.
    2. Run the display current-configuration | include snmp command to check the device configuration.
      Table 12-7 Checking the device's SNMP configuration

      Protocol

      Check Result

      Solution

      SNMP V2c

      The configured read-write community name does not carry the mib-view parameter or the mib-view parameter does not include the whole iso object.

      1. Run the system-view command in the Telnet window and enter the system view.
      2. Run the following command.

        snmp-agent mib-view include View_ALL iso

        snmp-agent community write {SNMP write community name} mib-view View_ALL

        snmp-agent community write {SNMP read community name} mib-view View_ALL

      SNMP V3

      The configured user group does not carry the mib-view parameter or the mib-view parameter does not include the whole iso node.

      1. Run the system-view command in the Telnet window and enter the system view.
      2. Run the following command.

        snmp-agent mib-view include View_ALL iso

        snmp-agent group v3 {SNMPv3 user group} privacy read-view View_ALL write-view View_ALL notify-view View_ALL

  • Check the SNMP timeout interval setting.

    Access the NE Explorer, choose Protocol Parameters > SNMP Parameters in the navigation tree, and check the timeout interval. If the interval is too short, set it to a larger value, for example, 60s.

  • If the fault persists after the preceding operations, contact Huawei engineers.
NEs Fail to Be Added to eSight
Symptom

eSight starts abnormally and some modules cannot work properly. NEs fail to be added to eSight and a message is displayed indicating that the device type is invalid or the access type is not configured.

Possible Causes

The eSight server uses an operating system rather than Windows Server 2012 R2, and the NE access module fails to be loaded.

Procedure

Re-install eSight on a server running the Windows Server 2012 R2 operating system.

Synchronization of the Device's Management Interface Fails
Symptom

When eSight synchronizes data from an S2700-9TP-EI V100R006C03, the management interface fails to be synchronized. However, eSight can successfully synchronize management interfaces from other S2700-9TP-EI switches running the same version.

Possible Causes

The possible causes are as follows:

  • The SNMP configurations on the switch are incorrect.
  • eSight cannot normally collect the switch's interface information using SNMP packets due to packet loss on the network.
  • The switch does not correctly respond to the SNMP request packets from eSight.
Procedure
  1. Check the SNMP configurations on the switch.

    Run the display current-configuration | include snmp command on the switch to check the SNMP configurations. The command output shows that the SNMP configurations are correct and the SNMP trap function is enabled.

  2. Ping the switch from eSight. Ping packets are not lost, but ICMP packets have jitters and are unstable.

    As the switch sends ICMP packets to the CPU for processing, it is suspected that the CPU is highly occupied and not sufficient for processing protocol packets.

  3. Check the CPU usage of the switch. The CPU usage is higher than 50%, and the cpu-defend information shows that some SNMP packets are lost during the NE data synchronization.

    The switch does not correctly respond to the SNMP request packets from eSight because the number of SNMP packets sent to the CPU has reached the upper limit.

  4. Change the number of SNMP request packets sent by eSight each time. By default, eSight sends 10 SNMP request packets to the switch each time. Change the number to 1 or a larger value to ensure normal data reading.

    Modify the file in eSight installation directory\AppBase\etc\snmp\snmp.xml.

    After the modification:

    <!-- comment this config item to use get-next --> 
    <!-- rule: [5, 10, 100] --> 
    <param name="get-bulk">1</param>

  5. Synchronize data from the switch again. The management interface can be successfully synchronized to eSight.
Suggestion and Summary

If the monitored device traffic becomes abnormal or device data synchronization fails when eSightt is used to manage devices, troubleshoot the problem according to the following procedure:

  • Check whether the SNMP configurations on the switch are correct.
  • Check whether the network between eSight and the device is stable.
  • Check whether the CPU usage of the device is over high when the Huawei S-series switch sends SNMP packets to the CPU.
  • Check the cpu-defend information to determine whether the device can normally process protocol packets.

If the CPU usage is over high or the number of SNMP packets sent to the CPU has reached the upper limit, change the number of SNMP request packets sent by eSight each time to reduce the rate at which the device processes SNMP packets.

How Do I Do When the Page Cannot Be Displayed While Connecting to Devices in Telnet Mode in Resource Manager
Symptom

Log in to eSight using a browser and Choose Resource > Network > Equipment > Network Device from the main menu. After the user clicks a device name, the Basic Information page is displayed. The user then clicks TelnetClient in the Telnet menu. A message is displayed indicating that the TelnetClient page cannot be displayed. Or when the user connects to more than one devices, new window overwrite the latest telnet window.

Possible Causes

The Telnet function depends on the Telnet client of Windows. The possible causes are as follows:

  • The Telnet client is not installed.
  • The Telnet registry information is incorrect.
  • In Windows Vista, Windows 2008, and Windows 7 operating systems, the Telnet client is disabled by default.
NOTE:

The Telnet protocol is insecure. SSH is recommended because it is secure.

Procedure
  1. Install the Telnet client, and ensure that the %windir%\System32\telnet.exe file exists.

    NOTE:
    • In the file name, %windir% indicates the installation path of Windows, for example, C:\Windows.
    • By default, Windows Vista, Windows 2008, and Windows 7 have built-in Telnet clients.

  2. Enable the Telnet client in the Windows operating system.

    • For the Windows 2008 operating system
      1. Choose Start > Administrative > Server Manager. The Server Manager page is displayed.
      2. In the navigation tree of the Server Manager page, click Features.
      3. In the right area of the Server Manager page, click Add Features.
      4. Select Telnet Client from the feature list and click Next.
      5. Click Install.
      6. After the installation is complete, click Close.
    • For the Windows Vista or Windows 7 operating system
      1. Choose Start > Control Panel. The Control Panel page is displayed.
      2. Select Programs.
      3. In the Programs and Features area, click Turn Windows features on or off.
      4. Select Telnet Client.
      5. Click OK.

  3. Modify the browser parameters to enable the browser to support Telnet clients.

    • For the Windows operating system
      • For Windows 32-bit edition:

        Download and run the registry file to import the file contents to the local registry.

      • For Windows 64-bit edition:
        1. Download and run the registry file to import the file contents to the local registry.
        2. Copy the %windir%\System32\telnet.exe file to the %windir%\SysWOW64\ directory.
        3. Check whether the telnet.exe.mui file exists in the %windir%\System32\%locale%\ directory. If yes, copy it to the %windir%\SysWOW64\%locale%\ directory.
          NOTE:

          In the directory, %locale% indicates the language of the operating system, for example, zh-cn for simplified Chinese and en-US for English.

        4. Restart the IE browser.
    • For the Linux operating system

      For the Firefox browser:

      1. Enter about:config in the address bar.
      2. Add Preferences to network.protocol-handler.app.telnet.
      3. Enter a string of characters indicating the location where the script is executed, for example, /conf/application/scripts/opm_moz_Telnet.sh.
      4. Add the following content to the script: opm_moz_Telnet.sh #!/bin/bash address=`echo $1 | cut -d : -f 2` konsole -e telnet ${address}.

  4. Modify the default Telnet client in the operating system (for Windows only).

    The default Telnet client in the operating system is the built-in Telnet.exe of Windows. You can configure the registry information to invoke another Telnet tool.

    1. Open Registry Editor and access HKEY_CLASSES_ROOT\telnet\shell\open\command.
    2. Double-click Default in the right pane and set the default value to the detailed path of a third-party Telnet tool.

      For example, the default value is "%windir%\System32\rundll32.exe" %windir%\System32\url.dll",TelnetProtocolHandler %l, while path of the third-party Telnet tool is C:\Program Files\SecureCRT\SecureCRT.exe. Change the default value into "C:\Program Files\SecureCRT\SecureCRT.exe" /T %l.

    3. Save the modification and exit Registry Editor.
      NOTE:

      If SecureCRT is used as the default Telnet client, perform the following operations to run multiple instances in multi-label task mode.

      1. Set SecureCRT as the default Telnet client in the operating system.
      2. Open the configuration file Global.ini in the Config folder in the SecureCRT installation path to change the default value of the Single Instance field from 00000000 to 00000001. Save the modification and restart the SecureCRT client.
      3. Re-invoke TelnetClient on eSight.

Suggestion and Summary
  • Perform all the preceding configurations in the operating system of eSight client.
  • If you use the local Telnet client to connect to a device, ensure that the current eSight client and the device are connectable and accessible.
How Do I Locate the Fault When Failing to Add NEs
Symptom

I cannot add NEs to the NMS.

Possible Causes
  • The NMS and NEs are disconnected.
  • The firewall between eSight and NEs is incorrectly configured.
  • The SNMP parameters for NEs are set incorrectly.
Procedure
  1. Check the connection between the NMS server and NEs. The following takes Huawei AC6605 as an example.

    NOTE:

    If the server has multiple network interface cards (NICs), enter the eSight service IP address to log in.

    1. Run the ping command on an NE to check whether the connection between the NE and eSight is normal.

    2. Run the ping command on the eSight server to check whether the connection between eSight and the NE is normal.

      If the communication is normal, continue to verify the configuration of the SNMP parameters for the AC6605. If the connection is abnormal, check whether the configuration of the firewall/NAT between eSight and NEs are normal and whether the UDP port 161 (for devices to receive SNMP requests) is enabled.

  2. Verify the configuration of the firewall between eSight and NEs.

    Check whether the ports, access control policies, and packet filtering are configured correctly on the firewall. Ensure that eSight can communicate with NEs. For details, see the product documentation of each firewall.

  3. Verify the configuration of the SNMP parameters for NEs. Take example of Huawei AC6605. Log in to the device, run the following command, and ensure that the parameters configured on the device are consistent with the parameters specified when the device is added to eSight:

    • SNMP v1/v2c
       
      system-view 
      snmp-agent sys-info version v2c 
      snmp-agent community write Private@123 
      snmp-agent community read Public@123     

      Check the configuration information.

       
      display snmp-agent community 
      Community name:%$%$o<0)+Puf0Bl,fq);94]Nv`WN%$%$ 
      Group name:%$%$o<0)+Puf0Bl,fq);94]Nv`WN%$%$     
      NOTE:

      Here, Public@123 is the read community of the device and Private@123 is the write community name of the device. When adding the device to eSight, ensure that the two parameters on the device and eSight are consistent.

    • SNMP v3
       
      system-view 
      snmp-agent sys-info version v3 
      snmp-agent group v3 snmpv3usergroup privacy read-view public 
      snmp-agent usm-user v3 snmpv3user snmpv3usergroup authentication-mode sha Hello@123 privacy-mode des56 Hello@123     

      Check user information.

       
      display snmp-agent usm-user 
      User name: snmpv3user 
      Engine ID: 800007DB0300259E0370C3 active     
      NOTE:
      • snmpv3user: indicates a user name in the snmpv3usergroup group, corresponding to the security name on eSight. When adding the device to eSight, ensure that the parameter on the device and eSight is consistent.
      • authentication-mode: indicates the authentication protocol, corresponding to the authentication protocol on eSight. If this parameter is configured on the device, ensure that the parameter on the device and eSight is consistent when adding the device to eSight.
      • privacy-mode: indicates the security level, corresponding to the proprietary protocol on eSight. If this parameter is configured on the device, ensure that the parameter on the device and eSight is consistent when adding the device to eSight.
      NOTE:
      • If the ACL is configured, ensure that the NMS server IP address is contained in the ACL. The command for checking the ACL is as follows:

        display acl all

      • Network devices must have different engine IDs (local-engineid).

eSight Discovers a Link Between Two Devices Not Directly Connected
Symptom

An S2700 switch is connected to an S7706 switch through a USG firewall. LLDP is enabled and SNMP parameters are correctly configured on the three devices. eSight discovers a direct link between the S2700 and S7706 in the network topology.

Possible Causes

This problem may occur if configurations on the intermediate device between two indirectly connected devices are incorrect.

Run the display lldp neighbor brief command on the S2700. The command output shows that the S7706 is the neighbor of the S2700. The USG firewall transparently transmits LLDP link discover packets from the S2700. As a result, eSight discovers a direct link between the S2700 and S7706.

Procedure
  1. This is a known issue on the USG firewall running the software version V300R001C00SPC800. To solve this problem, upgrade the USG software version to V300R001C00SPC900.
Suggestion and Summary

When eSight discovers a direct link between two indirectly connected devices, check the configurations on the intermediate device.

Users Fail to Add the USG6650 Using SNMP
Symptom

Users fail to add the USG6650 running the software version V100R001C00SPC200 to eSight. However, eSight can successfully ping the management address of the USG6650 and the SNMP parameters are correctly configured.

Possible Causes

The SNMP management configuration is not configured on the USG6650's management interface.

Procedure
  1. Enter the USG6650's management interface view and configure the service-manage snmp permit command on the management interface to enable SNMP on the interface.
Suggestion and Summary

When adding USG6600 series firewalls to eSight, check whether eSightcan successfully ping the firewalls, whether interzone policies are correctly configured, and whether the service-manage snmp permit command is configured on the firewall's management interface.

Failures in Adding NEs on eSight Due to Many Network Adapters
Keywords

many network adapters, failures in adding devices

Abstract

Devices fail to be added to eSight due to many network adapters.

Problem Description

1. The eSight version is V300R003C00SPC100. Device S5700 fails to be added.

2. S5700 SNMP configurations:

snmp-agent  
snmp-agent local-engineid 800007DB0310478031BBD0  
snmp-agent mib-view included view_all iso 
snmp-agent community read cipher %$%$Ap)rC]a;m!UFGNE"bF{8<dv%kHdDVGNn|=0929MV^EbLdv(<H+Y<Wr'9R.`#V#!*jv:Xv1<d%$%$ mib-view view_all  
snmp-agent community write cipher %$%$2=So;xRkHXYmh`5mGvW5*3U0h<;p#Oz+JTJ|Mh%nJ,jQ3U3*MGW4Zf$PtH9N2y#bc_OIU<*3%$%$ mib-view View_ALL  
snmp-agent sys-info version all 
Handling Process
  1. Check whether the settings of the SNMP parameters of the device are consistent with the SNMP parameters configured on the NMS.
  2. Check the network connectivity.

    The IP address of the S5700 is 192.168.108.201. The IP address of the server is 192.168.101.190.

    The device can ping the NMS.

     [S5700] ping 192.168.101.190  
      PING 192.168.101.190: 56  data bytes, press CTRL_C to break  
        Reply from 192.168.101.190: bytes=56 Sequence=1 ttl=127 time=4 ms  
        Reply from 192.168.101.190: bytes=56 Sequence=2 ttl=127 time=2 ms  
        Reply from 192.168.101.190: bytes=56 Sequence=3 ttl=127 time=3 ms  
        Reply from 192.168.101.190: bytes=56 Sequence=4 ttl=127 time=3 ms  
        Reply from 192.168.101.190: bytes=56 Sequence=5 ttl=127 time=2 ms  
     
      --- 192.168.101.190 ping statistics ---  
        5 packet(s) transmitted  
        5 packet(s) received  
        0.00% packet loss  
        round-trip min/avg/max = 2/2/4 ms

    The NMS can ping the device.

    C:\Users\Administrator>ping 192.168.108.201  
     
    Pinging 192.168.108.201: There are 32 bytes of data.
    Reply from 192.168.108.98: The target host cannot be accessed.
    Reply from 192.168.108.201: Byte =32 Time <1ms T
    Reply from 192.168.108.201: Byte =32 Time <1ms T
    Reply from 192.168.108.201: Byte =32 Time <1ms T
     
    Ping statistics of 192.168.108.201:
    Data packet: Sent = 4, Received = 4, Lost = 0 (0% lost)
    Estimated time of the round trip (in milliseconds):
    Minimum = 0ms, maximum = 0ms, average = 0ms

    Note that the IP address for logging in to eSight is 192.168.56.1.

  3. The device cannot ping the IP address.
     [S5700]ping 192.168.56.1  
      PING 192.168.56.1: 56  data bytes, press CTRL_C to break  
        Request time out  
        Request time out  
        Request time out  
        Request time out  
        Request time out  
     
      --- 192.168.56.1 ping statistics ---  
        5 packet(s) transmitted  
        0 packet(s) received  
        100.00% packet loss
  4. The IP address is used because the ENSP software is installed on the server. As a result, the ENSP network adapter is virtual and cannot be used eternally. The network adapter is selected during eSight software installation. The IP address change tool is used to change the eSight IP address. However, the IP address of the virtual network adapter does not change. Therefore, the IP address cannot be changed on the console. You need to reinstall the eSight software and select the network adapter that can be used for external network connection during installation. After the installation, the device can be added successfully and the fault will be rectified.
Root Cause

During eSight installation, a network adapter that cannot be used for external network connection is selected. As a result, the eSight cannot communicate with the device. Reinstall the network adapter and select the correct network adapter.

Suggestion and Summary

Select a correct network adapter when installing eSight on the eSight server that has multiple network adapters. Otherwise, eSight may fail to connect to the device and the device cannot be added.

Devices Fail to Be Added to eSight V200R005C00 Through SNMPv3
Keyword

eSight, device addition failure, SNMPv3

Abstract

After the local-engineid parameter in the snmp-agent local-engineid command is modified, a conflict occurs, and devices cannot be added to eSight.

Problem Description

Devices fail to be added to eSight V200R005C00 through SNMPv3.

Procedure
  1. Check whether the device and eSight can successfully ping each other.

  2. Check whether the SNMPv3 parameters are correctly configured on the device and eSight.

  3. Check the SNMP connectivity between the device and eSight in the MIB tree on eSight.

  4. Collect data packets from the eSight server.

    Analyze the collected data packets. The result shows that the value of engineid is MISSING, indicating that eSight fails to obtain the correct engine ID.

  5. It is suspected that the snmp-agent local-engineid command is incorrectly configured. Run the undo snmp-agent local-engineid command to restore the default engine ID of the local SNMP entity and re-configure SNMP parameters. After that, the device can be added to eSight.
Root Cause

The snmp-agent local-engineid command configures an engine ID for a local SNMP entity, which uniquely identifies an SNMP entity.

As the unique identifier of the SNMP module, an SNMP engine ID identifies an SNMP entity in a management domain. SNMP engine ID is an important part of an SNMP entity and provides functions such as SNMP message scheduling, message processing, security verification, and access control.

When SNMPv3 is used, the SNMP agent needs to define a unique engine ID to respond to SNMPv3 requests.

If the default local engine ID of a device is modified, it may conflict with the local engine ID of another device on the local network. In this case, eSight receives information about two devices with the same local engine ID; therefore, eSight cannot respond to SNMPv3 requests. The local-engineid field in the data packet sent by eSight to the device is displayed as MISSING, causing a device addition failure on eSight.

Solution
  • Run the undo snmp-agent local-engineid command on the device to restore the default engine ID of the local SNMP entity and re-configure SNMP parameters.
  • If you want to set a local engine ID by yourself, comply with the following principles:

    The first four bytes in hexadecimal notation are the enterprise's private engine ID allocated by Internet Assigned Numbers Authority (IANA). The engine ID of Huawei devices is 2011 in decimal notation. The first binary digit has a fixed value 1. Therefore, the engine ID in hexadecimal format is 800007DB.

    The device information is configured manually. You are advised to use the IP address or MAC address of the device as device information to uniquely identify the device.

Suggestion

Do not modify specific default parameters of devices unless necessary.

What Do I Do When an Invalid Session Is Displayed After I Click Complete During Automatic NE Discovery
Symptom

What do I do when an invalid session is displayed after I click Complete during automatic NE discovery?

Possible Causes

This problem is caused by the Compatibility View of Internet Explorer 8. To solve this problem, disable the Compatibility View by performing the following operations. Internet Explorer 9 or a later version is recommended.

Procedure
  • Method 1:
    1. Open Internet Explorer 8.
    2. Choose Tools > Developer Tools. The Developer Tools page is displayed.
      NOTE:

      If the menu bar is unavailable, press Alt to display it.

    3. On the Developer Tools page that is displayed, set Browser Mode to Internet Explorer 8 and Document Mode to Internet Explorer 8 Standards.

    4. Close the Developer Tools page and log in to eSight again.
  • Method 2:
    1. Open Internet Explorer 8.
    2. Choose Tools > Compatibility View Settings from the menu bar.
      NOTE:

      If the menu bar is unavailable, press Alt to display it.

    3. In the Compatibility View Settings dialog box, deselect Display intranet sites in Compatibility view, and Display all websites in Compatibility View.

    4. Click Close.
    5. Choose Tools > Internet Options from the menu bar.
    6. In the Advanced tab, clear Automatically recover from page layout errors with Compatibility View.

    7. Click OK and log in to eSight again.
Related Information

In most cases, incomplete page display and invalid sessions in Internet Explorer 8 are caused by Compatibility View settings.

You are recommended to disable Compatibility View for Internet Explorer 8.

Translation
Download
Updated: 2019-06-30

Document ID: EDOC1100044378

Views: 59891

Downloads: 274

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next