No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Operation Guide 09

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Do If the Connection Test Fails During CC Subnet Creation

How Do I Do If the Connection Test Fails During CC Subnet Creation

Problem

After subnet parameters are set during CC subnet creation, the connection test fails. How do I do?

Solution

The connection fails because eSight cannot communicate with the UOA using SNMP. Perform the following operations:

  1. Run the ping command to check the connectivity between eSight and the UOA, ensuring that eSight can communicate with the UOA.
  2. Check the status of the UOA, ensuring that the UOA is started.

    1. Log in to the UOA server as the UOA user.
    2. Run the p command.
      • If the following information is displayed, the UOA is started.

      • If the following information is displayed, the UOA is not started. Run the startuoa command to start the UOA.

  3. Check whether connection parameters are correctly set on the UOA server.

    1. Run the cfgf command as the UOA user to go to the configuration directory of the UOA user.
    2. Check the uoa_common.ini file.
      • The value of BindOMCLocalIP is the IP address of the page for adding CC subnets on eSight.
      • The value of OMCSnmpListenPort is the port number of the page for adding CC subnets on eSight.

    3. Check the uoa_snmpagent.ini file.
      • The value of SecurityUser is the security name of the page for adding CC subnets on eSight.
      • The value of ContextName is the context name of the page for adding CC subnets on eSight.
      • The value of AuthEncrypt is the authentication protocol of the page for adding CC subnets on eSight. The value 1 indicates no authentication protocol is used. The value 2 indicates that the authentication protocol is HMAC-MD5. The value 3 indicates that the authentication protocol is HMAC-SHA.
        NOTE:

        The authentication protocols HMAC_SHA and HMAC_MD5 are not secure. It is recommended that you use AES_128 as the privacy protocol to enhance security.

      • The value of AuthPassword is the ciphertext of the authentication key of the page for adding CC subnets on eSight.
        NOTE:

        To obtain the ciphertext:

        1. Run the toolf command as the UOA user to go to the encryption tool directory.
        2. Run the uoa_encrypt_tool -e Key command and press Enter.

          In the command, Key indicates the plaintext password of the key to be encrypted. Change it based on the site requirements. The command output is the ciphertext of the key.

      • The value of PrivacyEncrypt is the proprietary protocol of the page for adding CC subnets on eSight. The value 1 indicates that no proprietary protocol is used. The value 2 indicates that the proprietary protocol is CBC_DES. The value 19 indicates that the proprietary protocol is AES_128. The value 20 indicates that the proprietary protocol is AES_192. The value 21 indicates that the proprietary protocol is AES_256. Do not set this parameter to 20 or 21.
        NOTE:

        CBC_DES has potential security risks. You are advised to use AES_128.

      • The value of PrivPassword is the ciphertext of the private key of the page for adding CC subnets on eSight.

        NOTE:

        Do not set the context engine of the page for adding CC subnets on eSight, and use the default timeout interval. The connection test fails if the timeout interval is too short.

  4. If any UOA configuration is modified, restart the UOA server for the modification to take effect. Otherwise, skip this step.

    • Command for stopping the UOA service: stopuoa
    • Command for starting the UOA service: startuoa

  5. Test the connection again without using the authentication key and private key to exclude the scenario where the fault is caused by incorrect key.

    1. On the UOA server, change the values of AuthEncrypt and PrivacyEncrypt to 1 in the uoa_snmpagent.ini file and restart the UOA service.
    2. On the page for creating CC subnets on eSight, set the authentication protocol and proprietary protocol to None and test the connection again.

      If the connection test is successful, the authentication key and private key are incorrect. Change the UOA password based on step 3.3.

      NOTE:

      After troubleshooting, change the encryption mode to a secure one to avoid security risks.

Translation
Download
Updated: 2019-09-12

Document ID: EDOC1100044378

Views: 84780

Downloads: 407

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next