No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Operation Guide 09

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Troubleshooting

Troubleshooting

eSight Fails to Back Up Configuration Files

eSight fails to automatically back up configuration files or the manual backup fails. This topic describes how to fast troubleshoot the failure.

Common Causes

  • The SNMP or Telnet configurations are incorrect.
  • The route between eSight and the device is unreachable or there are network errors.
  • The FTP server on eSight is abnormal.
  • The FTP channel between eSight and the device is abnormal.
  • Configurations on the device are incorrect when SFTP is used for backup.
  • The startup configuration file is not on the device.
  • The network is busy or the number of concurrent backup tasks is too large.
  • Time on the eSight server is changed but eSight is not restarted.
  • The source IP address of SFTP is not configured on devices connected to eSight on the local area network (LAN) of the headquarters through IPsec VPN.

Context

NOTE:

HuaweiDevice and WS6603 are not included in Huawei devices described in the topic.

Procedure

  1. Check the SNMP and Telnet configurations on eSight and the device.

    • SNMP configurations on eSight and the device are incorrect.

      For Huawei devices, check whether SNMP configurations on eSight and the device are the same. Pay attention to the read/write permissions and MIB view to ensure that the SNMP connectivity test in the NE Manager succeeds.

    • Telnet configurations on eSight and the device are incorrect.

      For non-Huawei devices and HuaweiDevice and WS6603 devices, check whether the Telnet configuration on eSight is consistent with that on the device side. Ensure that the Telnet connectivity test is successful in the NE Explorer.

      In privilege mode, Telnet parameters configured on eSight and privilege mode parameters configured on the device are the same.

  2. Check whether the route between eSight and the device is unreachable or there are network errors.

    • Check whether the VPN tunnel between eSight and the device is correctly configured.
      • For Huawei devices, set the VPN instance between the device and eSight to management VPN. Try to back up again.

        Command:

        set net-manager vpn-instance name (VPN instance between eSight and a device)

      • If the device is not provided by Huawei, check the eSight specification list of the corresponding version to check whether the configuration file of the device can be backed up.
    • Check whether the route between eSight and the device is correctly configured.

      Check whether eSight and the device can ping each other. Unidirectional communication causes backup failure.

      • The route from eSight to the device is reachable but from the device to eSight is unreachable.

        The failure is caused by the route from the device to eSight. Errors may occur in the firewall or VPN. Contact network administrators or customers to adjust the network.

      • The route from the device to eSight is reachable but from eSight to the device is unreachable.

        The device is displayed as offline or SNMP unreachable on eSight. Contact network administrators or customers to adjust the network.

    • Check whether NAT mapping is configured between eSight and the device.

      In NAT mapping mode, eSight does not support backup of configuration files.

  3. Check whether the FTP server is normal on eSight.

    • In the Windows scenario:
      1. Log in to the eSight server as the Administrator user.
      2. Check whether the value of enable corresponding to the SFTP protocol in the D:\eSight\AppBase\sysagent\etc\sysconf\svcbase\med_node_1_svc.xml file is true.
        NOTE:

        In the file name, D:\eSight must be changed to the actual installation directory.

        <config name="sftp">  
        <param name="enable">true</param> 
        </config>
        • If the parameter value is true, the SFTP server is normal.
        • If the parameter value is false, configure the SFTP server status by referring to Configuring the eSight File Transfer Protocol in the Maintenance Guide.
    • In the Linux scenario:
      1. Log in to the eSight server as the root user.
      2. Check whether the value of enable corresponding to the SFTP protocol in the /opt/eSight/AppBase/sysagent/etc/sysconf/svcbase/med_node_1_svc.xml file is true.
        NOTE:

        In the file name, /opt/eSight must be changed to the actual installation directory.

        <config name="sftp">  
        <param name="enable">true</param> 
        </config>
        • If the parameter value is true, the SFTP server is normal.
        • If the parameter value is false, configure the SFTP server status by referring to Configuring the eSight File Transfer Protocol in the Maintenance Guide.

  4. Check whether the FTP tunnel between eSight and the device is normal.

    • SFTP Connectivity Test

      Log in to the device and run the sftp IP address of the eSight server to access the eSight SFTP server. If <sftp-client> is displayed, the login succeeds.

      If the user name and password is incorrect, enter the correct user name and password. The default user name is admin and the password is Changeme123.

      Follow instructions in "Changing the FTP/FTPS/SFTP User Password" in the Maintenance Guide to change the password.

    • FTP Connectivity Test

      Log in to the device and run the ftp IP address of the eSight server to access the eSight FTP server. If you can log in to the server successfully, the eSight FTP server is working properly.

      If the user name and password is incorrect, enter the correct user name and password. The default user name is admin and the password is Changeme123.

      Follow instructions in "Changing the FTP/FTPS/SFTP User Password" in the Maintenance Guide to change the password.

  5. Check the configuration for backup failure using SFTP.

    1. See the eSight function list to check whether eSight supports backup using SFTP.
    2. Check whether client authentication is enabled on the device.

      If not, access the system view and run the ssh client first-time enable command to enable the client.

    3. Check whether the number of SSH connections on a device exceeds the upper limit (20).

      If SSH is enabled on the device but the number of connections reaches the maximum, SFTP backup fails.

      Run the display ssh server-info command to check the number of SSH connections. If the number exceeds the upper limit, delete an SSH client not used currently. In the commands, xxx.xxx.xxx.xxx indicates the IP address of the SSH client to be deleted.

      Run the undo ssh client xxx.xxx.xxx.xxx assign rsa-key command to delete the assign rsa-key information saved on the device.

      Run the undo rsa peer-public-key xxx.xxx.xxx.xxx command to delete the peer-public-key information saved on the device.

  6. Check whether the startup configuration file exists.

    Log in to the device by Telnet and run the display startup command in the user view.

    Check whether Startup saved-configuration file: in the command output contains the corresponding file name. The backup startup configuration file refers to this file.

    If the value does not exist, the value is null. The suggestions are as follows:

    1. Ensure that the file name exists in Next startup saved-configuration file:.
    2. If not, there are two processing methods:
      • Run the save command in the user view and run the startup saved-configuration name of the configuration file command to specify the next startup configuration file.
      • Restart the device. The file name exists in Startup saved-configuration file:. Try to back up the configuration file gain.

  7. Check whether the network is busy or the number of concurrent backup tasks is too large.

    When the network is busy, backup for a large number of devices may fail. Do not select a large number of devices for backup when the network is busy.

    Backup tasks or manual batch backup tasks are processed in the background. If waiting for backup times out, try again later.

    If automatic backup is configured on a device, eSight is triggered to automatically back up the configuration file of the device. The automatic save interval on the device is greater than 10 min.

  8. Check whether an automatic backup task is not executed or not executed on time.

    The possible cause is that time on eSight is changed but eSight does not restart. Restart eSight and back up the device's configuration file.

  9. Check whether the source IP address of SFTP is configured on devices connected to eSight on the LAN of the headquarters through IPsec VPN.

    Run the display sftp-client command to check whether the source IP address of SFTP is configured. If no, run the following command to configure the source IP address of SFTP:

    <Huawei> system-view 
    [Huawei] sftp client-source -a 10.10.10.10    // 10.10.10.10 is the IP address of the eSight server.

  10. If the problem persists, contact Huawei technical support personnel.

Summary

Periodically check whether the log source is online and ensure network connectivity between eSight and log source (can be pinged with each other).

For Huawei devices, check whether SNMP configurations on eSight and the device are the same. Pay attention to the read/write permissions and MIB view to ensure that the SNMP connectivity test in the NE Manager succeeds.

For non-Huawei devices and HuaweiDevice and WS6603 devices, check whether the Telnet configuration on eSight is consistent with that on the device side. Ensure that the Telnet connectivity test is successful in the NE Explorer. In privilege mode, Telnet parameters configured on eSight and privilege mode parameters configured on the device are the same.

How Do I Do If Configuration Files of Third-Party Devices Fail to Be Backed Up After V300R005 or an Earlier Version Is Upgraded to a Later Version

Symptom

After eSight is upgraded from V300R005 to V300R008, configuration files of third-party devices such as H3C devices fail to be backed up. However, the configuration files can be backed up properly before the upgrade.

Possible Causes

The configuration files of third-party devices are backed up using Telnet commands. Files are uploaded in FTP mode in the configuration file backup commands preconfigured on eSight.

In eSight V300R005 and earlier versions, the FTP service is enabled by default. In versions later than V300R005, the SFTP service is enabled by default. Therefore, when eSight V300R005 or an earlier version is upgraded to a version later than V300R005, the FTP service is disabled. As a result, the configuration files fail to be backed up.

Procedure

  • Windows:
    1. Log in to the eSight server as the Administrator user.
    2. Open the eSight installation directory/AppBase/sysagent/etc/sysconf/svcbase/med_node_1_svc.xml file.
    3. Change the value of enable to true for the FTP protocol.
      NOTE:

      The FTP protocol has security risks. Therefore, it is recommended that the file service be disabled after use.

      <!-- ftp server configuration -->  
      <config name="ftp">  
      <!-- Is not activated, defualt false -->  
      <param name="enable">true</param>  
      <!-- Listening port -->  
      <param name="listenerPort">21</param>  
      <param name="passivePorts">32150-32159</param>  
      </config>     
    4. Save the changes and restart eSight.
  • Linux:
    1. Log in to the eSight server as the root user.
      NOTE:

      You need to remotely log in to the server as the ossuser user and switch to the root user if the Linux operating system is hardened.

    2. Open the eSight installation directory/AppBase/sysagent/etc/sysconf/svcbase/med_node_1_svc.xml file.

      # cd eSight installation directory/AppBase/sysagent/etc/sysconf/svcbase

      # vi med_node_1_svc.xml

    3. Change the value of enable to true for the FTP protocol.
      NOTE:

      The FTP protocol has security risks. Therefore, it is recommended that the file service be disabled after use.

      <!-- ftp server configuration -->  
      <config name="ftp">  
      <!-- Is not activated, defualt false -->  
      <param name="enable">true</param>  
      <!-- Listening port -->  
      <param name="listenerPort">31921</param>  
      <param name="passivePorts">32150-32159</param>  
      </config> 
    4. Save the changes and restart eSight.

eSight Fails to Back Up Configuration Files of Cisco Devices

Symptom

eSight can successfully back up configuration files of Huawei devices. However, an error occurs when eSight backs up configuration files of Cisco devices.

Possible Causes

  • The privilege password in Telnet parameters on Sight differs from that configured on the devices during configuration file backup of Cisco devices.
  • Check whether file prompt quiet or file prompt noisy is configured for Cisco devices. If yes, the system does not prompt you to set the transfer configuration path during the execution of the configuration file obtaining command.

Procedure

  • The privilege password in Telnet parameters on eSight differs from that configured on the devices.
    1. Choose Resource > Network > Equipment > Network Device from the main menu.
    2. Click a device and choose Protocol Parameters > Telnet Parameters from the navigation tree on the left.
    3. Set the parameters and click Test.
      NOTE:

      After you select Privilege model, set Privilege Password. The Privilege Password must be the same as that configured on the device.

  • The file prompt quiet or file prompt noisy command has been configured on the device.

    According to the Cisco configuration command manual, file prompt is used to modify the confirmation of different file operations, and only the prompt for confirming the operation is affected. Select the modification mode as required. The options are as follows:

    • Cancel the configuration.
      Cisco_2900_240#configure terminal                                               
      Enter configuration commands, one per line.  End with CNTL/Z.                   
      Cisco_2900_240(config)#no file prompt 
    • Change the configuration to prompt that the operation is risky.
      Cisco_2900_240#configure terminal                                               
      Enter configuration commands, one per line.  End with CNTL/Z.                   
      Cisco_2900_240(config)#file prompt  alert

Suggestion and Summary

For user-defined devices and Huawei devices whose device type is HuaweiDevice or WS6603, ensure that the Telnet parameters on eSight are the same as those on the devices.

Failure to Restore Configuration Files on Cisco Devices Using eSight

Symptom

On the Linux server, eSight can back up the configuration file of the Cisco device. However, a restoration failure message may be displayed when the backup configuration file is used to restore the configuration file on the device.

Possible Causes

If some device configurations cannot be restored during running configuration restoration, the Telnet command output on the Cisco device contains both command execution success information and partial configuration restoration failure information after the configuration restoration command is executed. As a result, eSight considers that configuration restoration fails.

Procedure

  1. Back up configuration files on the device where configuration restoration fails again on eSight, and check whether the latest running configurations are restored.
  2. If the fault persists, contact Huawei engineers.
Translation
Download
Updated: 2019-09-12

Document ID: EDOC1100044378

Views: 80939

Downloads: 400

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next