No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, NETCONF, OpenFlow, LLDP, NQA, Mirroring, Packet Capture, Packet Trace, Path and Connectivity Detection Configuration, NetStream, sFlow, and iPCA.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Restricting Management Rights of the NMS

(Optional) Restricting Management Rights of the NMS

Context

When multiple NMSs manage the same device using the same community name, perform this configuration according to the scenario.

Scenario

Steps

The NMS accesses the ViewDefault view of the managed device. The ViewDefault view is the 1.3.6.1 view.

All NMSs access the ViewDefault view of the managed device.

No action required

1, 2, 5 (NMS filtering based on SNMP agent)
1, 4, 5 (NMS filtering based on community name)
1, 2, 4, 5 (NMS filtering based on SNMP agent and community name)

The NMS accesses the specified object on the managed device.

All NMSs access the specified object on the managed device: 1, 3, 5
1, 2, 3, 5 (NMS filtering based on SNMP agent)
1, 3, 4, 5 (NMS filtering based on community name)
1, 2, 3, 4, 5 (NMS filtering based on SNMP agent and community name)
The following describes how an ACL is used to control the access rights of NMSs:
  • When the ACL rule is permit, the NMS with the source IP address specified in this rule can access the local device.

  • When the ACL rule is deny, the NMS with the source IP address specified in this rule cannot access the local device.

  • If a packet does not match any ACL rule, the NMS that sends the packet cannot access the local device.

  • When no ACL rule is configured, all NMSs can access the local device.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure NMS filtering based on SNMP agent.
    1. Configure the basic ACL.

      Before configuring the access control rights, you must create a basic ACL. For instructions on how to create an ACL, see "ACL Configuration" in the CloudEngine 8800, 7800, 6800, and 5800 Series Switches Configuration Guide-Security.

    2. Run the snmp-agent acl { acl-number | acl-name } command to configure an ACL for SNMP.

      By default, access control is unavailable for SNMP.

  3. Run snmp-agent mib-view { excluded | included } view-name oid-tree

    A MIB view is created, and manageable MIB objects are specified.

    By default, an NMS has right to access the objects in the ViewDefault view.

    The excluded and included parameters are applicable to the following scenarios:

    • excluded: If a few MIB objects on the device or some objects in the current MIB view do not or no longer need to be managed by the NMS, specify excluded in the command to exclude these MIB objects.

    • included: If a few MIB objects on the device or some objects in the current MIB view need to be managed by the NMS, specify included in the command to include these MIB objects.

    You can run this command multiple times. If it is run multiple times and the values of view-name and oid-tree are the same each time, the new configuration overwrites the original configuration. In contrast, if the values of view-name and oid-tree are different, the new and original configurations both take effect.

    If both the included and excluded parameters are configured for MIB objects that have an inclusion relationship, whether the lowest MIB object is included or excluded depends on the parameter configured for it. For example, the snmpV2, snmpModules, and snmpUsmMIB objects have a top-down inclusion relationship in the MIB tree. If the excluded parameter is configured for snmpUsmMIB objects and included is configured for snmpV2, snmpUsmMIB objects will still be excluded.

  4. Configure NMS filtering based on community name.
    1. (Optional) Configure the basic ACL.

      Before configuring the access control rights, you must create a basic ACL. For instructions on how to create an ACL, see "ACL Configuration" in the CloudEngine 8800, 7800, 6800, and 5800 Series Switches Configuration Guide-Security.

    2. Run the snmp-agent community { read | write } { community-name | cipher community-name } [ mib-view view-name | acl { acl-number | acl-name } ] * command to specify the NMS's access right.

      By default, the created community name allows the NMS to access the ViewDefault view.

      NOTE:

      If both community name and ACL are configured, the device checks the community name and then the ACL before allowing the NMS to access it.

  5. Run commit

    The configuration is committed.

Follow-up Procedure

After the access right is configured, especially after the IP address of the NMS is specified, if the IP address changes (for example, the NMS changes its location, or IP addresses are reallocated due to network adjustment), you need to change the IP address of the NMS in the ACL. Otherwise, the NMS cannot access the device.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100075365

Views: 35214

Downloads: 123

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next