Managing Trap Notification

Prerequisites

You have logged in to the CLI of the storage system.

You have enabled SNMPv1&SNMPv2c.

Context

If you use SNMPv1 or SNMPv2c, you must configure community strings. A third-party network management tool uses community strings to interwork with the SNMP service of the storage system.

On a storage system, the default SNMP read-only community string is storage_public and the default read-write community string is storage_private.

Procedure

1. Log in to DeviceManager.
2. Choose Settings > SNMP Management > SNMP Protocol.
3. Click Modify on the right of Community. 5.3.4.1-Managing SNMP Community Strings describes the related parameters.
   Table 5-15 Community parameters

   Parameter	Description
   Read Community	Read community, which is used to read device information. A read community must meet the security policy. For details, see Managing the SNMP Security Policy.
   Confirm Read Community	Set it to the same value as Read Community.
   Write Community	Read-write community, which is used to read device information or configure a device. A read-write community must meet the security policy. For details, see Managing the SNMP Security Policy.
   Confirm Write Community	Set it to the same value as Write Community.
   NOTE: To ensure compatibility, the system supports SNMPv1 and SNMPv2c. However, to ensure data security, it is strongly recommended that you use SNMPv3.

4. Click Save.
5. Use a third-party network management tool to check whether the newly configured community can be properly connected.

Procedure

1. Log in to DeviceManager.
2. Choose Settings > SNMP Management > SNMP Protocol.
3. Manage USM users. Table 5-16 details the operations.
   Figure 5-22 USM user management
   
   Table 5-16 Relevant operations

   Operation	Procedure
   Adding a USM user	Click Add. The Add USM User dialog box is displayed. Set USM parameters. For related parameters, see Table 5-17. Click OK. The USM user list displays the newly added USM user.
   Modifying a USM user	Select the USM user that you want to modify and click Modify. The Modify USM User dialog box is displayed. Modify USM parameters. Table 5-17 describes the related parameters. Click OK. The USM user list displays the modified USM user.
   Removing a USM user	Select the USM user that you want to remove and click Delete.

   Table 5-17 USM user parameters

   Parameter	Description
   Username	Name of a USM user. [Value range] Username is a 4- to 32-character string, can contain only letters, digits, underscores (_), and hyphens (-), and must start with a letter. [Example] usm001
   User Permission	User level of a USM user. [Value range] Read and write Read-only
   User Authentication	Whether to enable user authentication.
   Authentication Algorithm	Authentication protocols of a USM user, including MD5 and SHA. NOTE: SHA is more secure than MD5. For security purposes, you are advised to select SHA for authentication.
   Authentication Password	Authentication password of a USM user. [Default Rules] The password must meet the following complexity requirements: Contains 6 to 32 characters. Must contain special characters. Special characters include !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and spaces. Must contain two types of the following characters: uppercase letters, lowercase letters, and digits. Cannot be the same as the username or the username written backwards. NOTE: You can modify the default rule. For details, see Managing the SNMP Security Policy. [Example] usmuser@123
   Confirm Authentication Password	Confirming authentication password of a USM user. [Example] usmuser@123
   Data Encryption	Whether to enable data encryption.
   Encryption Algorithm	Encryption protocols of a USM user, including 3DES, DES, and AES. NOTE: Security performance order of three encryption protocols is as follows: AES > 3DES > DES. For security purposes, you are advised to select AES.
   Data Encryption Password	Password used by a USM user to encrypt data. [Default Rules] The password must meet the following complexity requirements: Contains 6 to 32 characters. Must contain special characters. Special characters include !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and spaces. Must contain two types of the following characters: uppercase letters, lowercase letters, and digits. Cannot be the same as the username or the username written backwards. NOTE: You can modify the default rule. For details, see Managing the SNMP Security Policy. [Example] dataencrypt@123
   Confirm Data Encryption Password	Confirm the data encryption password used by a USM user.

4. Click OK.
5. Click Save.

Procedure

1. Log in to DeviceManager.
2. Choose Settings > SNMP Management > SNMP Security Policy.
   Managing SNMP Community Strings describes the related parameters.

   Table 5-18 SNMP security policy parameters

   Parameter	Description
   Min. Password Length	Minimum length of the community and USM user password. [Value range] Its value is an integer ranging from 4 to 32.
   Max. Password Length	Maximum length of the community and USM user password. [Value range] Its value is an integer ranging from 4 to 32.
   Password Complexity	Complexity of the community and USM user password. [Value range] Contains special characters and at least two types of the following characters: uppercase letters, lowercase letters, and digits. Special characters include !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and spaces. Contains special characters, uppercase letters, lowercase letters, and digits. Special characters include !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and spaces. Contains at least one type of the following characters: special characters, uppercase letters, lowercase letters, and digits. Special characters include !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and spaces.
   Allow the authentication password and data encryption password to be the same	If this parameter is selected, the authentication password and data encryption password of the USM user can be the same.
   Allow the USM user name and password to be the same	If this parameter is selected, the password of the USM user can be the same as the USM user name and the reverse order of the USM user name.
   Set different read and write community strings	If this parameter is selected, the read community and read-write community cannot be the same.
   Statistic Collection Interval of Authentication Failures (s)	Interval for collecting statistics about the number of consecutive authentication failures. [Value range] Its value is an integer ranging from 1 to 600, in units of seconds.
   Allowed Consecutive Authentication Failures	Allowed number of consecutive authentication failures. [Value range] Its value is an integer ranging from 3 to 100.
   IP Address Lockout Time (s)	Length of time for locking the network management software's IP address. [Value range] Its value is an integer ranging from 10 to 3600, in units of seconds.

3. Click Save.

Prerequisites

• The SNMP service has been enabled on the storage system. If the service has not been enabled, run the change snmp status command in the developer view to enable it. For details about how to use the command, see the Advanced O&M Command Reference.
• The server has enabled the SNMP service.
• The USM user has been created.
• For sending alarms to the trap server, a storage system only sends the alarms and events generated after the trap server is configured and does not send alarms and events generated before the configuration.
• Before configuring a domain name for the server, ensure that the DNS server can communicate normally with the storage array or third-party server.
• If the server address is not on the management network segment, configure routes to interconnect the storage devices with the servers linked to the server addresses.

Before changing server addresses, ensure that no alarm message or event is being reported to network management systems or storage devices linked to those addresses. Alarm messages being reported at the time of the change will be lost.

Context

• Trap is a Simple Network Management Protocol (SNMP) message type used to indicate the occurrence of an event. These types of messages are sent to a recipient using User Datagram Protocol (UDP) and are not reliable. Specify trap service addresses if SNMP is used to report alarms and events.
• DeviceManager provides the trap function to send the alarms and events of managed storage devices to another network management system or to a device at a specific server address. If alarms and events are reported in SNMP mode, you must configure Trap server addresses.

To enable the trap function, install the MIB interface software on application servers. To download the software, click this (https://support.huawei.com/enterprise/en/doc/EDOC1100124476), and see OceanStor Dorado 6.0.0 MIB Interface Notes to download software.

• To report alarms and events to other network management systems or storage devices, add or change the existing server addresses to the server addresses of those systems or devices.

Procedure

1. Log in to DeviceManager.
2. Choose Settings > Alarm Settings > Alarm Notification.
3. Manage trap server addresses. Table 5-19 details the operations.
   Figure 5-23 Trap server address management area
   
   Table 5-19 Relevant operations

   Operation	Procedure
   Adding a server IP address	Click Add. The Add Trap Server dialog box is displayed. Set the parameters for creating trap server addresses. Table 5-20 lists related parameters. Click OK. The server list displays the newly added server IP address.
   Modifying a server IP address	In the trap server address list, select the trap server address that you want to change and click Modify. The Modify Trap Server dialog box is displayed. Change the trap server addresses. Table 5-20 lists related parameters. Click OK. The server list displays the modified server IP address.
   Removing a server IP address	In the list, select a server address that you want to remove and click Remove.

   Table 5-20 Server address parameters

   Parameter	Description
   Server IP Address	The address of a network management system or storage device for receiving alarms and events. [Value range] An IPv4 address has the following requirements: The 32-bit address is evenly divided into four fields. Each 8-bit field is expressed in dotted-decimal. Each field of the IP address cannot be blank and must be an integer. The value of the first field ranges from 1 to 223 (excluding 127). The values of other fields range from 0 to 255. The IP address cannot be a special address such as the broadcast address. An IPv6 address has the following requirements: The 128-bit address is evenly divided into eight fields. Each 16-bit field is expressed in hexadecimal and separated with colons. In each 16-bit field, zeros before integers can be removed. However, at least one digit must be reserved in each field. If the IP address contains a long string of zeros, you can represent the neighboring zeros with double colons (::) in the colon-separated hexadecimal field. Each IP address contains only one double-colon (::). The double-colons (::) can also be used to represent neighboring zeros of the IP address. The IP address cannot be a special address such as network address, loop address, or multicast address. [Example] 192.168.100.11 fc00::1234
   Port	Port for receiving alarm messages on the network management system or storage device. [Value range] 1 to 65535 [Example] 2234
   Version	SNMP version of a network management system or storage device. The possible value can be SNMPv1, SNMPv2c, or SNMPv3. NOTE: To ensure the data security, you are advised to use SNMPv3. [Example] SNMPv3
   USM User	The user that reports alarms and events from SNMP. [Example] usm001
   Type	Type of an alarm and event sent by a storage device to the trap server. Parsed: alarms and events that have been resolved. Original: alarms and events that have not been resolved. Parsed time string: parsed alarms and events whose IDs correspond to the same OID. The data type of event fields generated by alarms or events is OCTET STRING. Original time string: original alarms and events that have not been parsed. The data type of alarm or event occurring time (character string) and clearing time (character string) is OCTET STRING. All: all alarms including the Parsed and Original alarms and events. [Example] Parsed

4. Click OK.
5. Click Save.

Follow-up Procedure

A storage device can send multiple types of alarms and events to the trap server and each alarm has its own push format. For details, click this (https://support.huawei.com/enterprise/en/doc/EDOC1100124476), and see OceanStor Dorado 6.0.0 MIB Interface Notes of the corresponding product model.