No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, LLDP, NQA, Service Diagnosis, Mirroring, Packet Capture, sFlow, and NETCONF.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Device to Communicate with an NMS Using SNMPv3 (USM User)

Example for Configuring a Device to Communicate with an NMS Using SNMPv3 (USM User)

Networking Requirements

In the network shown in Figure 1-14, NMS1 and NMS2 monitor devices on the network. The network is large and has high security, and devices are configured to use SNMPv3 to communicate with NMSs and configured with authentication and encryption. A switch is added on the network for expansion and monitored by the NMSs.

Users want to monitor the switch using current network resources and quickly locate and troubleshoot faults on the switch. The NMS needs to manage objects excluding the IS-IS object on the switch.

Figure 1-14 Networking diagram for configuring a device to communicate with an NMS by using SNMPv3 (USM User)

Configuration Roadmap

SNMPv3 can still be used after a device is added on the user network. To reduce the load of the NMS, configure NMS2 to monitor the switch and NMS1 not to monitor the switch.

The configuration roadmap is as follows:

  1. Configure the access right to enable NMS2 to manage MIB objects except IS-IS objects on the switch. Configure a user and user group so that NMS2 can connect to the device through the user group and user.

  2. Configure the trap host for the switch to deliver traps generated on the switch to NMS2. Only modules that are enabled by default can deliver traps, which helps locate traps and prevent unwanted traps.

  3. Configure the NMS2.

Procedure

  1. Configure an IP address for an interface of the switch.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch
    [*HUAWEI] commit
    [~Switch] vlan batch 100
    [*Switch] interface vlanif 100
    [*Switch-Vlanif100] ip address 10.1.2.1 24
    [*Switch-Vlanif100] quit
    [*Switch] interface 10ge 1/0/1
    [*Switch-10GE1/0/1] port link-type trunk
    [*Switch-10GE1/0/1] port trunk allow-pass vlan 100
    [*Switch-10GE1/0/1] quit
    [*Switch] commit

  2. Configure routing function to ensure a reachable route between the switch and NMS2.

    [~Switch] ospf
    [*Switch-ospf-1] area 0
    [*Switch-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
    [*Switch-ospf-1-area-0.0.0.0] quit
    [*Switch-ospf-1] quit
    [*Switch] commit

  3. Configure the access rights.

    # Configure an ACL to allow NMS2 to manage and disable NMS1 from managing the switch.

    [~Switch] acl 2001
    [*Switch-acl4-basic-2001] rule 5 permit source 10.1.1.2 0.0.0.0
    [*Switch-acl4-basic-2001] quit

    # Configure the MIB view to allow NMS2 to manage objects except IS-IS objects on the switch.

    [*Switch] snmp-agent mib-view excluded allextisis 1.3.6.1.3.37

  4. Configure the user group and user.

    # Configure the user group and user and set the authentication and encryption method.

    [*Switch] snmp-agent group v3 admin privacy write-view allextisis acl 2001
    [*Switch] snmp-agent usm-user v3 nms2-admin group admin
    [*Switch] snmp-agent usm-user v3 nms2-admin authentication-mode sha
    Please configure the authentication password (8-255)
    Enter Password:               //Enter the authentication password. It is Authe@1234 in this example.
    Confirm Password:             //Confirm the password. It is Authe@1234 in this example.
    
    [*Switch] snmp-agent usm-user v3 nms2-admin privacy-mode aes128
    Please configure the privacy password (8-255)
    Enter Password:              //Enter the encryption password. It is Priva@1234 in this example.
    Confirm Password:            //Confirm the password. It is Priva@1234 in this example.
    

  5. Configure the trap function.

    [*Switch] snmp-agent target-host host-name NMS2 trap address udp-domain 10.1.1.2 params securityname nms2-admin v3 privacy
    [*Switch] commit
    [~Switch] quit

  6. Configure the NMS.

    In this example, NMS2 is eSight V300R005C00.

    1. Choose Resource > Add Resource > Add Resource in the toolbar and click Network Device.
    2. Choose SNMP > Edit SNMP parameters. Set the SNMP version to v3, security name to nms2-admin, authentication protocol to HMAC_SHA, authentication password to Authe@1234, proprietary protocol to AES_128, encryption password to Priva@1234, and port number to 161.

      NOTE:

      The security name, authentication and encryption parameters, and port number on the network management side must be the same as the user name, authentication and encryption parameters, and port number on the device side, and the SNMP version on the network management side must be enabled on the device; otherwise, the NMS cannot connect to the device.

    3. Click OK.
    Figure 1-15 Configuring SNMP on eSight

  7. Verify the configuration.

    After the configurations are complete, the switch sets up a connection with NMS2. You can manage the switch through NMS2 and NMS2 can receive the traps from the switch.

    Check the following configurations.

    # Check the user group information.

    <Switch> display snmp-agent group admin
       Group name: admin
           Security model: USM AuthPriv
           Readview: ViewDefault
           Writeview: allextisis
           Notifyview: <no specified>
           Storage-type: nonVolatile
           Acl: 2001

    # Check the user information.

    <Switch> display snmp-agent usm-user
       User name: nms2-admin
           Engine ID: 800007DB0300259E0370C3 active
           Authentication Protocol: sha
           Privacy Protocol: aes128
           Group name: admin
           State: Active

    # Check the target host.

    <Switch> display snmp-agent target-host
    Target host NO. 1
    ---------------------------------------------------------------------------
      Host name                        : NMS2
      IP address                       : 10.1.1.2
      Source interface                 : -
      VPN instance                     : -
      Security name                    : nms2-admin
      Port                             : 162
      Type                             : trap
      Version                          : v3
      Level                            : Privacy
      NMS type                         : NMS
      With ext vb                      : No
      Notification filter profile name : -
      Heart beat required              : No
    ---------------------------------------------------------------------------

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 100
#
acl number 2001
 rule 5 permit source 10.1.1.2 0
#
interface Vlanif100
 ip address 10.1.2.1 255.255.255.0
#
interface 10GE1/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
ospf 1
 area 0.0.0.0
  network 10.1.2.0 0.0.0.255
#
snmp-agent
snmp-agent local-engineid 800007DB03360102101100
#
snmp-agent sys-info version v3
snmp-agent group v3 admin privacy write-view allextisis acl 2001
snmp-agent target-host host-name NMS2 trap address udp-domain 10.1.1.2 params securityname nms2-admin v3 privacy
#
snmp-agent mib-view excluded allextisis isisMIB
snmp-agent usm-user v3 nms2-admin
snmp-agent usm-user v3 nms2-admin group admin
snmp-agent usm-user v3 nms2-admin authentication-mode sha cipher %^%#>rWG1!T'uGx-eiWUd2o$|YX@W/Pnj9(di:TNF84B%^%#
snmp-agent usm-user v3 nms2-admin privacy-mode aes128 cipher %^%#2Qkp*gA$D~TXG^J$1/PG0[=57kq~JPj>hS,znsC*%^%#
#
return
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100075344

Views: 23449

Downloads: 23

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next