No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Network Management and Monitoring

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the Device to Communicate with the NM Station Using SNMPv3

Example for Configuring the Device to Communicate with the NM Station Using SNMPv3

Networking Requirements

As shown in Figure 1-11, NMS1 and NMS2 manage devices on the existing network. Since the network is large and has low security, devices are configured to communicate with the NM station using SNMPv3. Authentication and encryption functions are configured to enhance network security. A router is added to the network for capacity expansion and monitored by the NMSs.

Users want to monitor the router using current network resources. To allow the NMS administrator quickly contact a device administrator to locate and troubleshoot faults on the device, contact information about the device administrator is required to be configured on the device. Based on users' service requirements, the NMS is restricted to manage only DNS nodes on the router.

Figure 1-11  Networking diagram for configuring the device to communicate with the NM station using SNMPv3

Configuration Roadmap

Since the network has a small scale and high security but has a high service traffic volume, SNMPv3 can be enabled on the new device. To reduce the workload of the NM station, NMS2 is used to manage the router. NMS1 does not manage the router.

The configuration roadmap is as follows:

  1. Configure SNMPv3 on the router.

  2. Configure user access rights to enable NMS2 to manage DNS nodes on the router.

  3. Configure the trap function on the router to send alarms generated on the router to NMS2. Only modules that are enabled by default can send alarms, which helps locate alarms and prevent unwanted alarms.

  4. Check contact information about the router administrator to quickly troubleshoot faults when the router fails.

  5. Configure the NM station (only NMS2).

Procedure

  1. Configure the IP address and route on the router and ensure the route between the device and the NMS is reachable.

    <Huawei> system-view
    [Huawei] sysname Router
    [Router] interface gigabitethernet 1/0/0
    [Router-GigabitEthernet1/0/0] ip address 10.1.2.1 24
    [Router-GigabitEthernet1/0/0] quit
    [Router] ospf
    [Router-ospf-1] area 0
    [Router-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
    [Router-ospf-1-area-0.0.0.0] quit
    [Router-ospf-1] quit
    

  2. Enable the SNMP agent.

    [Router] snmp-agent
    

  3. Configure SNMPv3 on the Router.

    [Router] snmp-agent sys-info version v3
    

  4. Configure access rights of the NM station.

    # Configure ACLs, enable NMS2 to manage the Router, and disable NMS1 from managing the Router.

    [Router] acl 2001
    [Router-acl-basic-2001] rule 5 permit source 10.1.1.2 0.0.0.0
    [Router-acl-basic-2001] rule 6 deny source 10.1.1.1 0.0.0.0
    [Router-acl-basic-2001] quit

    # Configure a MIB view.

    [Router] snmp-agent mib-view dnsmib include 1.3.6.1.4.1.2011.5.25.194

    # Configure the source interface from which traps are sent.

    [Router] snmp-agent trap source gigabitethernet 1/0/0

    # Configure users and user groups and authenticate and encrypt data.

    [Router] snmp-agent usm-user v3 testuser group testgroup
    [Router] snmp-agent usm-user v3 testuser authentication-mode sha
    Please configure the authentication password (<8-64>)
    Enter Password:
    Confirm password:
    [Router] snmp-agent usm-user v3 testuser privacy-mode aes128 
    Please configure the privacy password (<8-64>)
    Enter Password:
    Confirm password:
    [Router] snmp-agent group v3 testgroup privacy write-view dnsmib notify-view dnsmib acl 2001

  5. Configure the trap function.

    [Router] snmp-agent target-host trap-paramsname trapnms2 v3 securityname testuser privacy
    [Router] snmp-agent target-host trap-hostname nms2 address 10.1.1.2 trap-paramsname trapnms2
    [Router] snmp-agent trap queue-size 200
    [Router] snmp-agent trap life 60
    [Router] snmp-agent trap enable

  6. Check contact information about the device administrator.

    [Router] snmp-agent sys-info contact call Operator at 010-12345678

  7. Configure the NM station (NMS2).

    Set users and user groups on the NMS that uses SNMPv3. For configurations of the NMS, refer to related configuration guides.

    NOTE:

    Authentication parameter configuration of the NMS must be the same as that of the device. If the authentication parameter configuration of the NMS is different from that of the device, the NMS cannot manage the device.

  8. Verify the configuration.

    After the configuration is complete, run the following commands to verify that the configurations have taken effect.

    # View user information.

    <Router> display snmp-agent group testgroup  
       Group name: testgroup
       Security model: v3 AuthPriv
       Readview: ViewDefault
       Writeview: dnsmib
       Notifyview: dnsmib
       Storage type: nonVolatile
       Acl: 2001                  

    # View user information.

    <Router> display snmp-agent usm-user
       User name: testuser
       Engine ID: 800007DB03548998F3A458
       Group name: testgroup
       Authentication mode: md5, Privacy mode: aes128
       Storage type: nonVolatile
       User status: active
    
       Total number is 1       

    # Check the ACLs.

    <Router> display acl 2001
    Basic ACL 2001, 2 rules
    ACL's step is 5
     rule 5 permit source 10.1.1.2 0 (1 matches)
     rule 6 deny source 10.1.1.1 0 

    # Display the MIB view.

    <Router> display snmp-agent mib-view dnsmib
       View name: dnsmib
       MIB subtree: hwDnsMIB
       Subtree mask:
       Storage type: nonVolatile
       View type: included
       View status: active

    # Check the target host for alarms.

    <Router> display snmp-agent target-host
       Traphost list:
       Target host name: nms2
       Traphost address: 10.1.1.2
       Traphost portnumber: 162
       Target host parameter: trapnms2
    
       Total number is 1
    
       Parameter list trap target host:
       Parameter name of the target host: trapnms2
       Message mode of the target host: SNMPV3
       Trap version of the target host: v3
       Security name of the target host: %@%@_=XqAFC_94uCS,3'<gYC*ZU6%@%@
       Security level of the target host: privacy
    
       Total number is 1                     

    # Check contact information about the device administrator.

    <Router> display snmp-agent sys-info contact
       The contact person for this managed node:
               call Operator at 010-12345678  

Configuration Files

Configuration file of the Router

#
 sysname Router
#
acl number 2001
 rule 5 permit source 10.1.1.2 0
 rule 6 deny source 10.1.1.1 0
#
interface GigabitEthernet1/0/0
 ip address 10.1.2.1 255.255.255.0
#
ospf 1
 area 0.0.0.0
  network 10.1.2.0 0.0.0.255
#
 snmp-agent local-engineid 800007DB03548998F3A458
 snmp-agent sys-info contact call Operator at 010-12345678
 snmp-agent sys-info version v3
 snmp-agent group v3 testgroup privacy write-view dnsmib notify-view dnsmib acl 2001
 snmp-agent target-host trap-hostname nms2 address 10.1.1.2 udp-port 162 trap-paramsname trapnms2
 snmp-agent target-host trap-paramsname trapnms2 v3  securityname %@%@_=XqAFC_94uCS,3'<gYC*ZU6%@%@ privacy
 snmp-agent mib-view dnsmib include hwDnsMIB
 snmp-agent trap source gigabitethernet 1/0/0
 snmp-agent usm-user v3 testuser
 snmp-agent usm-user v3 testuser group testgroup
 snmp-agent usm-user v3 testuser authentication-mode sha %@%@J>K4RVS=3Px}z#*+8Qd*"9#Z%@%@
 snmp-agent usm-user v3 testuser privacy-mode aes128 %@%@6LH%$%$6LH;^TF:RCg_|2'%yau%@%@
 snmp-agent trap enable
 snmp-agent trap queue-size 200
 snmp-agent trap life 60
 snmp-agent
#
return
Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100069336

Views: 30181

Downloads: 177

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next