No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, NETCONF, OpenFlow, LLDP, NQA, Mirroring, Packet Capture, Packet Trace, Path and Connectivity Detection Configuration, NetStream, sFlow, and iPCA.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Device to Communicate with an NMS Using SNMPv3 (AAA Local User)

Example for Configuring a Device to Communicate with an NMS Using SNMPv3 (AAA Local User)

Networking Requirements

In the network shown in Figure 1-16, the NMS monitors the devices on the network. An AAA user has been configured on the device. The administrator wants to manage the device by using the same user name, so SNMPv3 can be configured to use the AAA user for authentication.

Figure 1-16 Configuring the device to Communicate with an NMS Using SNMPv3 (AAA local user)

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an IP address for switch A so that switch A can have a reachable route to the NMS.

  2. Configure an AAA local user and a user group, set the service type of AAA local user to SNMP, and configure task authorization for the user group.

  3. Configure the AAA local user as an SNMPv3 user, and configure authentication and encryption to improve data transmission security between switch A and NMS.

  4. Configure the NMS to allow the device to connect to the NMS.

Procedure

  1. Configure the IP address for switch A.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchA
    [*HUAWEI] commit
    [~SwitchA] vlan batch 100
    [*SwitchA] interface 10ge 1/0/1
    [*SwitchA-10GE1/0/1] port link-type trunk
    [*SwitchA-10GE1/0/1] port trunk pvid vlan 100
    [*SwitchA-10GE1/0/1] port trunk allow-pass vlan 100
    [*SwitchA-10GE1/0/1] quit
    [*SwitchA] interface vlanif 100
    [*SwitchA-Vlanif100] ip address 10.1.1.2 24
    [*SwitchA-Vlanif100] quit
    [*SwitchA] commit

  2. Configure the AAA local user and user group.

    # Configure the AAA local user and set the service type to SNMP.

    [~SwitchA] aaa
    [~SwitchA-aaa] local-user usersnmp password irreversible-cipher SetUesrPasswd@123
    [*SwitchA-aaa] local-user usersnmp service-type snmp
    [*SwitchA-aaa] local-user usersnmp level 3

    # Configure an AAA user group and task authorization, and add the user to the user group.

    [*SwitchA-aaa] task-group tasksnmp
    [*SwitchA-aaa-task-group-tasksnmp] task snmp read write
    [*SwitchA-aaa-task-group-tasksnmp] quit
    [*SwitchA-aaa] user-group groupsnmp
    [*SwitchA-aaa-user-group-groupsnmp] task-group tasksnmp
    [*SwitchA-aaa-user-group-groupsnmp] quit
    [*SwitchA-aaa] local-user usersnmp user-group groupsnmp
    [*SwitchA-aaa] quit

  3. Apply the AAA user to SNMPv3. The authentication and encryption passwords are entered in an interaction manner.

    [*SwitchA] snmp-agent local-user v3 usersnmp authentication-mode sha privacy-mode aes128
    Please configure the authentication password (8-255)
    Enter Password:               //Enter the authentication password. It is Authe@1234 in this example.
    Confirm Password:             //Confirm the password. It is Authe@1234 in this example.
    Please configure the privacy password (8-255)
    Enter Password:              //Enter the encryption password. It is Priva@1234 in this example.
    Confirm Password:            //Confirm the password. It is Priva@1234 in this example.
    
    [*SwitchA] commit
    [~SwitchA] quit

  4. Configure the NMS.

    In this example, NMS2 is eSight V300R005C00.

    1. Choose Resource > Add Resource > Add Resource in the toolbar and click Network Device.
    2. Choose SNMP > Edit SNMP parameters. Set the SNMP version to v3, security name to usersnmp, authentication protocol to HMAC_SHA, authentication password to Authe@1234, proprietary protocol to AES_128, encryption password to Priva@1234, and port number to 161.

      NOTE:

      The security name, authentication and encryption parameters, and port number on the network management side must be the same as the user name, authentication and encryption parameters, and port number on the device side, and the SNMP version on the network management side must be enabled on the device; otherwise, the NMS cannot connect to the device.

    3. Click OK.
    Figure 1-17 Configuring SNMP on eSight

  5. Verify the configuration.

    Switch A and NMS can communicate with each other, and the NMS can manage switch A.

    # Run the following command on the device to check SNMPv3 local user information.

    <SwitchA> display snmp-agent local-user
       User name: usersnmp
           Engine ID: 800007DB03360102101100
           Authentication Protocol: sha
           Privacy Protocol: aes128
           State: Active   

Configuration Files

Switch A configuration file

#
sysname SwitchA
#
vlan batch 100
#
aaa 
 local-user usersnmp password irreversible-cipher $1c$jq@D({%F%%$2_o]0cDbL0JfH-77MkA'g<A$.fCo::;5(,*&~}p($
 local-user usersnmp service-type snmp
 local-user usersnmp user-group groupsnmp
 # 
 task-group tasksnmp
  task interface-mgr read write execute
  task config read write execute
  task snmp read write
  task vlan read write execute
  task shell read write execute
  task cli read execute
 #   
 user-group groupsnmp    
  task-group tasksnmp  
#
 interface Vlanif100
 ip address 10.1.1.2 255.255.255.0
#
interface 10GE1/0/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100
#
snmp-agent
snmp-agent local-engineid 800007DB03360102101100
#
snmp-agent sys-info version v3  
# 
snmp-agent local-user v3 usersnmp authentication-mode sha cipher %^%#>rWG1!T'uGx-eiWUd2o$|YX@W/Pnj9(di:TNF84B%^%# privacy-mode aes128 cipher %^%#2Qkp*gA$D~TXG^J$1/PG0[=57kq~JPj>hS,znsC*%^%#
# 
return
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100075365

Views: 36368

Downloads: 123

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next