iMaster NCE-Campus V300R023C00 Monitoring and O&M
iMaster NCE-Campus V300R023C00
Monitoring and O&M
Page 0 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Foreword
• With the emergence of cloud computing, the "on-demand" cloud service mode is
gaining popularity, and the traditional network management mode is undergoing a
dramatic transformation. Cloud-based network management is shaping a trend, and
cloud management networks provide a new mode for enterprise network
construction and O&M.
• This document describes the monitoring and O&M functions provided by iMaster
NCE-Campus in the Huawei CloudCampus Solution.
Page 1 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Objectives
• Upon completion of this course, you will be able to:
▫ Understand system O&M functions provided by iMaster NCE-Campus
▫ Understand service O&M functions provided by iMaster NCE-Campus
▫ Understand the preventive maintenance inspection (PMI) function provided by iMaster
NCE-Campus
Page 2 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. System O&M
2. Service O&M
3. PMI for Cloud Managed Devices
Page 3 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Cluster Monitoring on the Management PlaneR22C10
iMaster NCE-Campus provides an independent management plane and service plane. Different IP addresses
and port numbers are used to log in to the planes. This allows users to focus on different task scenarios and
implement efficient system management and network O&M. For details, see the following slides.
The management plane centrally manages iMaster NCE-Campus software resources, applications, and
databases to implement functions such as installation and deployment, system monitoring, system
maintenance (user and password management, data backup and restoration, certificate and key
management, etc.), and system troubleshooting (system health check, DR, etc.).
The service plane provides service commissioning and provisioning capabilities based on different user roles.
The system administrator role is used by system maintenance personnel to manage MSP tenants, monitor
the system status, and set system parameters. The MSP administrator role is used by agent maintenance
personnel to manage common tenants, perform preventive maintenance inspection (PMI), and configure
MSPs. The tenant administrator role is mainly used by common users to configure services and monitor the
device status.
Page 4 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
System Monitoring R22C10
The system monitoring function on the management plane displays monitoring information by product,
node, service, relational database, and Redis database. You can configure the alarm thresholds for CPU
usage, memory usage, and disk usage of nodes.
Note: You can click the statistics (on node, service, or databases) on the right to quickly go to the monitoring details page.
Page 5 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
System Monitoring - Node
The management plane monitors and displays the CPU usage, memory usage, disk
partitions, and details about resources used by processes on each node.
Page 6 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
System Monitoring - Relational Database
The management plane monitors and displays the running status of each relational
database instance.
Page 7 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
System Monitoring - Redis Database
The management plane monitors and displays the running status of each Redis
database instance.
Page 8 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Unified Monitoring - Overview
The management plane can monitor the network status of network interface cards
(NICs), historical performance indicators of nodes, key middleware indicators, database
indicators, and service key performance indicators (KPIs). It provides enhanced system
monitoring capabilities compared with the original CloudSOP management plane.
Page 9 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Unified Monitoring - Node
The management plane monitors the real-time and historical status of the CPU usage,
memory usage, packet loss rate, network delay, and process of each iMaster NCE-
Campus node to detect and rectify faults in a timely manner, ensuring efficient
running of iMaster NCE-Campus.
Page 10 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Unified Monitoring - Service
The management plane can monitor resources such as the CPU, memory, threads, and
file handles of iMaster NCE-Campus services. Administrators can check the resource
usage of a node based on a service or check the resource usage of a service based on
a node to detect and resolve exceptions in a timely manner, ensuring normal service
running.
Page 11 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Unified Monitoring - Key Middleware
iMaster NCE-Campus uses a large amount of open-source middleware, such as
GaussDB 100 and ETCD. However, the status and indicators of the middleware are not
visualized. The management plane can display the real-time and historical status of
key middleware indicators and the real-time status of all middleware indicators,
improving maintenance efficiency.
Page 12 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
O&M Management - Data Collection
The management plane provides default and custom collection templates for O&M
personnel to collect logs and database tables as required for fault diagnosis.
Page 13 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Long-Term Monitoring and Routine Check of
the Network Rate
• The rate of access to public cloud services in each region can be monitored.
• Network monitoring is available at www.17ce.com.
1. Information statistics
2. Map display
3. Regional statistics analysis
Page 14 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
One-Time Network Rate Check
• You can manually perform a ping test to test the network rate.
• Check results are displayed in a chart.
Page 15 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
iMaster NCE-Campus Capacity Expansion
Currently, iMaster NCE-Campus supports capacity expansion from six distributed
nodes to nine distributed nodes and cold migration from a single node to the
minimum cluster.
Capacity expansion or cold migration in other scenarios are not supported.
Page 16 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Node Replacement
l You can replace faulty nodes in an iMaster NCE-Campus cluster.
l Procedure:
Step 1: Back up data, including the product data, product applications, operating system (OS), and
management plane.
Step 2: Deploy a new node and prepare the node for service restoration.
Step 3: Restore files on the new node.
Step 4: Restore mutual trust relationships between nodes.
Step 5: Restore the management plane.
Step 6: Restore the product data, product applications, and databases.
Step 7: Start services on the new node.
Page 17 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. System O&M
2. Service O&M
3. PMI for Cloud Managed Devices
Page 18 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Alarm Management Overview
• System administrators can check the running status of iMaster NCE-Campus based on alarms. By doing
so, they can determine whether the system encounters an exception.
• Tenant administrators can check the running status of managed devices based on alarms. By doing so,
they can determine which devices are faulty and handle the faults in a timely manner.
Page 19 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Current Alarms (1/3) R22C10
• The system administrator or a tenant administrator can view all alarms generated by the controller or
devices on the Current Alarms page, including the detailed location information and generation time.
• On the Current Alarms page, you can sort, export, clear, acknowledge, and unacknowledge alarms.
Operation description
ü Combined Sorting: Sorts alarms based on multiple alarm fields. A maximum of four alarm fields can be set.
ü Clear: If a fault is rectified but the alarm is not automatically cleared, click Clear to manually clear the alarm. After the alarm is
cleared, its status is changed to cleared.
ü Acknowledge: Acknowledges alarms that are to be handled or have been handled. After an alarm is acknowledged, the alarm status
changes from unacknowledged to acknowledged.
ü Unacknowledge: If engineer B wants to handle an alarm acknowledged by engineer A, engineer A can unacknowledge the alarm.
When the alarm is unacknowledged, the alarm status changes from acknowledged to unacknowledged.
Page 20 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Current Alarms (2/3) R22C10
• Administrators or tenants can filter alarms by alarm severity, alarm status, first occurrence time, and
last occurrence time.
• The alarm list supports sorting based on multiple conditions. In addition, you can set alarm fields to be
displayed in table columns.
Page 21 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Current Alarms (3/3) R22C10
Click the icon in the red circle to view the details, remarks, and latest handling records of an alarm.
Note: Correlative alarms are not supported in the current version.
Page 22 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Historical Alarms
All historical alarms of iMaster NCE-Campus and devices are displayed on the Monitoring > Alarm > Historical
Alarms page. After an active alarm is acknowledged or automatically cleared, it will be moved from the current
alarm list to the historical alarm list, and its clearance time will be recorded. In addition, administrators can
filter alarms by alarm severity, occurrence time, name, and location information.
Page 23 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Alarm Masking R22C10
• All masked alarms are displayed on the Masked Alarms page. After a type of alarms is masked,
alarms of this type are not displayed on the Current Alarms page. In addition, you can filter alarms
based on various conditions.
• You can manually unmask this alarm type in the Operation column.
Page 24 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Alarm Notifications via Email
• Administrators can configure alarm
notifications via email on the Monitoring >
Alarm > Alarm Notification page.
• To send emails to specific users to notify
them of alarms, administrators need to
configure the email sending interval, email
recipients, and email content.
Administrators can also specify the alarm
severity, alarm type, and alarm source for
which email notifications will be sent.
Page 25 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Alarm Notification - Email/SMS/Webhook R22C10
• On the Alarm Notification page, you can set email notification, SMS notification, and webhook notification.
• When an alarm is generated, the controller can send an email, SMS message, or webhook to recipients. You
need to configure the period (real-time sending is also supported) for sending emails, SMS messages, or
webhooks, recipients, and content template. You can also specify the alarms to be sent by alarm severity, alarm,
or alarm source.
Page 26 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Alarm Settings R22C10
On the Alarm Settings page, you can configure personalized settings for alarms, including the color,
sound, font color, and highlight. You can also customize different rules, such as the masking rule,
intermittent/toggling rule, correlation rule, automatic acknowledgment rule, redefinition rule, aggregation
rule, alarm/event name group, and alarm synchronization. For details, click .
Page 27 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Alarm Settings (Details About Alarm Rule R22C10
Configurations)
Configuring Alarm
Rule Details Application Scenario
or Event Rules
You can configure an alarm masking rule to mask alarms or events that you are not concerned
Configuring masking You can configure a masking rule to mask alarms or events that you are not concerned about. New alarms or
about. New alarms or events meeting the masking rules will not be displayed on the Current
rules events meeting the masking rules will not be displayed on the Current Alarms and Event pages.
Alarms and Event pages.
You can redefine severities and types of alarms and events. For example, if an alarm or event is
Configuring severity and After severity and type redefinition rules are configured, the adjusted severities or types will be displayed for new
considered important, it can be set as a high-level alarm or event so that O&M personnel will
type redefinition rules alarms or events reported later.
give priority to it.
Configuring name After name redefinition rules are configured, the adjusted names will be displayed for new alarms or events If some alarm or event names are technical and difficult to understand, you can redefine alarm
redefinition rules reported later. or event names as required by configuring name redefinition rules.
If a system or an NE is being commissioned, being verified, or disconnected from and then reconnected to the
After a device is disconnected from iMaster NCE-Campus, alarms on the device cannot be
current system, alarm data of the interconnected system or NE may be inconsistent with that of the current system.
Synchronizing alarms reported. After the device is reconnected to iMaster NCE-Campus, you need to manually
In this case, you need to perform alarm synchronization to ensure that the alarm data of the interconnected system
synchronize alarms to iMaster NCE-Campus for monitoring.
or NE is consistent with that of the current system.
A correlation rule determines the root alarms and correlative alarms. When monitoring or
Configuring correlation A correlation rule determines the root alarms and correlative alarms. When monitoring or viewing alarms, O&M
viewing alarms, O&M personnel can set a correlation rule to filter out correlative alarms and
rules. personnel can set a correlation rule to filter out correlative alarms and focus only on root alarms.
focus only on root alarms.
After the rules are set, when the number of alarms or events with the same alarm or event ID reported by the same If the same alarm or event is reported repeatedly, you can configure aggregation rules to
NE in a specified period meets the trigger condition, aggregation starts and a new aggregated alarm is generated. aggregate the repeated alarms or events reported in a specified period to the same alarm or
Configuring aggregation
All alarms that meet the condition are marked as the original alarms. When the number of alarms with the same event. This reduces the impact of a large number of repeated alarms or events on O&M. When
rules
alarm or event ID reported by the same NE meets the termination condition, the aggregation stops. You can view monitoring or viewing alarms, you can select Aggregated alarms to filter out original alarms
only aggregated alarms to improve alarm monitoring and handling efficiency. that have been aggregated and focus only on the alarms you need to handle.
After intermittent/toggling alarm handling rules are configured, intermittent or toggling alarms can be discarded or
displayed on the Masked Alarms page to improve alarm monitoring and handling efficiency. Intermittent alarm:
When the interval between alarm generation and alarm clearance is less than a specific period, the alarm is
Configuring considered as an intermittent alarm. The period is called intermittent period. If the alarm persists within the After an intermittent or toggling rule is configured, intermittent or toggling alarms can be
intermittent/toggling intermittent period, it is reported to current alarms. Therefore, the alarm reporting is delayed. Toggling alarm: When discarded or displayed on the Masked Alarms page to reduce interference caused by repetitive
rules the number of times that an alarm (with the same alarm ID) is reported by the same alarm source in a specified alarms.
period reaches the trigger condition, the toggling handling is started. You can set the action to generate a toggling
alarm or avalanche alarm, or redefine the original alarm severity. When the number of times that the alarm is
reported in the specified period reaches the termination condition, the toggling handling is terminated.
When the number of current alarms reaches the threshold, the system moves some current
Configuring auto The controller automatically acknowledges cleared alarms based on specified rules and moves these alarms to the alarms to the historical alarm list. To prevent the important alarms from being processed, you
acknowledgment rules historical alarm list. Alarms cleared before immediate acknowledgement is enabled are not affected. can configure auto acknowledge rules so that the system automatically acknowledges the
current alarms in the cleared status based on these rules and converts them to historical alarms.
Setting alarm/event You can add multiple alarm or event names to a name group to perform operations on them at
You can add multiple alarm or event names to a name group to perform operations on them at a time.
name groups a time.
The controller provides multiple display modes or sound prompt rules for alarms and events.
Configuring personalized After the settings, new colors for alarm or event severities take effect immediately on the controller. The settings
You can modify the rules of display mode and sound prompt as required to obtain the latest
monitoring take effect only for the current login user.
alarm or event information in different ways.
Page 28 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Email Server Configuration
System and MSP administrators can configure an email server on the System > System Management
> Third-Party Service page to send alarm notifications via email. Tenants use the email server
configured by their respective MSPs.
Page 29 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Alarm Dump
• Administrators can configure alarm dump on the Alarm > Alarm >
Alarm Dump page. When the alarm storage duration or number of
historical alarms in the database exceeds the threshold, the alarms
in the database will be written to the configured SFTP server.
▫ iMaster NCE-Campus performs dump detection every four hours.
▫ Alarm dump is triggered when the alarm storage duration
exceeds the configured time.
▫ When a remote SFTP server is configured, every 5 MB (upper
limit) data is packaged, compressed, and then uploaded to the
remote SFTP server.
▫ The condition for terminating alarm dump is that all alarms
have expired.
▫ Only historical alarms and events rather than current alarms are
dumped.
Page 30 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Tenant Alarm Management by MSPs
• After logging in to the controller, an MSP administrator can choose Tenant Management >
Tenant Alarm Statistics page to view the number of alarms under all managed tenants and
click a number to view alarm details.
Page 31 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Introduction to Performance Management R22C10
• In CloudCampus scenarios, APs, ARs, WACs, switches, and firewalls at each site report
performance data to DataCollector of iMaster NCE-Campus through HTTP/2.
• The reported data is parsed by DataCollector and written into the HBase database of the
controller.
• Aggregation computing is performed using the Spark computing framework of the controller,
and the computing result is written into the HBase database.
• Tenant administrators can view the performance data trend and top N statistics by site and
view the performance data trend and monitoring metrics by device.
Page 32 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Monitoring Indicators R23C00
Category AP AR Firewall Switch WAC
Application monitoring √ √ × × ×
Basic performance monitoring √ √ √ √ √
Terminal monitoring √ √ √ √ ×
Device log monitoring √ √ × √ ×
WAN monitoring × √ × × ×
Terminal location monitoring √ × × × ×
WIDS monitoring √ × × × ×
Mesh monitoring √ × × × ×
√: can be monitored
×: cannot be monitored
Page 33 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New in R23C00
Digital Map: One-Map Network Visibility (1/2)
The network digital map offers high visibility into the relationships between networks, applications, and
users/terminals on the entire network.
Tenant resource statistics • Site location: A GIS map displays sites based on
longitudes and latitudes. The tips of a site display the
number of devices, applications, and users at the site.
• Site interconnection: In IPsec VPN interconnection
scenarios, interconnection information between sites
can be displayed on a GIS map.
• Resource statistics: Displays statistics about sites,
devices, applications, users, and terminals.
1. Site statistics: The digital map displays a site list,
where users can check the total number of sites
and manage them.
2. Device statistics: The digital map displays a
device list, where users can check the total
number of devices and manage them.
3. Application statistics: The digital map displays an
application list, where users can check the total
number of applications.
4. User statistics: The digital map displays a user
list, where users can check the total number of
users and view user details.
5. Terminal statistics: The digital map displays a
terminal list, where users can check the total
number of terminals and view terminal details.
Page 34 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New in R23C00
Digital Map: One-Map Network Visibility (2/2)
• Topology capability:
1. Supports automatic topology layout by
device role.
2. Expands and collapses lower-layer devices
based on the network layers of devices.
3. Displays terminals on access devices.
4. Displays the WAN network where egress
devices reside in a topology.
5. Divides zones for intra-site devices.
• Statistics collection capability:
1. Collects statistics about the number of
devices, users, and terminals at a site.
2. Displays site details, including device type
statistics, device status statistics, device
alarm statistics, and terminal type statistics.
• Function integration:
1. Quick access to the site configuration page
2. Quick access to the site monitoring page
3. Access to common O&M tools, such as ping
and trace
Page 35 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New in R23C00
Digital Map: Visualized Application Experience
The network digital map offers insights into the application experience and provides a unified entry for experience-centric O&M of
key applications.
Key application assurance: The network Application experience display: The network digital map proactively identifies application experience problems, instead of
digital map supports the delivery of reactive response. It displays service flow details of a single application and highlights faulty links in the full-flow path topology.
Monitoring through the conference map: The network digital map displays the network topology of a specified conference
assurance policies for key services.
and provides conference quality monitoring and O&M capabilities based on the topology, assisting administrators to monitor
Page 36 Copyright © 2023 Huawei Technologies Co.,the Ltd.conference All rights quality reserved. in real time throughout the conference.
New in R23C00
Digital Map: Visualized User Experience
The network digital map offers insights into user experience. It provides precise full-lifecycle profiles based on users' Wi-Fi network
access and Internet access experience, and analyzes and locates problems. This enables O&M personnel to easily handle faults reported
by users and proactively ensures user network experience.
User experience display: The network digital map displays user tracks in the floor topology and
VIP user assurance: Users and guests can be set as VIP
performs modeling based on multi-dimensional parameters such as the user access delay, bandwidth,
users to ensure their preferential wireless access and
and packet loss rate. As such, it can accurately detect actual user experience, display single-user network
reserve air interface bandwidth for them.
quality (evaluated through user network indicators), and analyze user network experience faults.
Page 37 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Dashboard
On the Monitoring > Health > Overview page, tenant administrators can check the status, terminal packet loss rate, and application
quality distribution of all sites, and view site locations on the map. They can also view the online Wi-Fi user trend, device status, worst 5
applications with the poorest performance, worst 5 links with the poorest performance, abnormal cloud managed devices, and alarms.
Note: Both SNMP managed and cloud managed devices are monitored when iMaster NCE-Campus monitors the site status, terminal
packet loss rate, online Wi-Fi user trend, device status, and alarms.
Page 38 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Site Monitoring
• Tenant administrators can choose the IPsec VPN or EVPN tunnel mode on the
Design > Basic Network Design > Network Settings > Tunnel Mode page.
• If the EVPN tunnel mode is selected, tenant administrators can view the site
health status, device status, alarms, device health information, and device list of a
specified site on the Monitoring > Health > Site page. In addition, they can view
statistics about WAN links and applications on the WAN Link and WAN
Application tab pages, respectively. For details, see the SD-WAN O&M feature
description.
• If the IPsec VPN tunnel mode is selected, tenant administrators can view the site
health status, device status, alarms, device health information, and device list of a
specified site on the Monitoring > Health > Site page.
• Note:
Tenant administrators can select a site on the top of the page to view site 1. Differences between the two tunnel modes:
monitoring information. • Select the IPsec VPN tunnel mode in a LAN-only scenario. In this
mode, SD-WAN indicator monitoring is not supported.
• Select the EVPN tunnel mode in a LAN+WAN scenario. In this
mode, both data monitoring in the LAN-only scenario and SD-
WAN indicator monitoring are supported.
2. The functions of displaying device health, site health, device status,
alarms, and device health trends are supported for devices managed
by NETCONF or SNMP.
Page 39 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Inter-Site Monitoring (1/2)
• Tenant administrators can choose the IPsec VPN or EVPN tunnel mode on the Design > Basic Network Design > Network
Settings > Tunnel Mode page.
• If the EVPN tunnel mode is selected, tenant administrators can view the quality and traffic information about WAN-side inter-
site links on the Monitoring > Health > Inter-Site page. For details, see the SD-WAN O&M feature description.
Page 40 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Inter-Site Monitoring (2/2)
• If the IPsec VPN tunnel mode is selected, tenant administrators can view the IPsec VPN status, packet loss rate, and delay
between sites on the Monitoring > Health > Inter-Site page.
Page 41 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
API Performance Monitoring in R23C00
• Tenant administrators can choose Design > Site Design > Device Management, select a device, and
click an interface in the interface list to view the historical interface performance trend.
Page 42 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Application Monitoring
• Tenant administrators can select the EVPN tunnel mode on the Design > Basic Network Design > Network
Settings > Tunnel Mode page.
• Tenant administrators can view WAN-side application quality statistics on the Monitoring > Health > Application
page. For details, see the SD-WAN O&M feature description.
Page 43 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
WLAN Resource Monitoring
On the Monitoring > Health > WLAN Resources page, tenant administrators can view the AP and SSID information on the entire
network, at a specific site, or in a specific region. They can also view the access user trend, top N APs by the CPU or memory usage,
and top N regions by the number of access users.
Page 44 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Region Monitoring
Tenant administrators can view the imported network planning projects on the Monitoring > Health > Region Monitor page. They
can import a cloud-based WLAN planning project file, import a background image, set the drawing scale, and add APs and adjust
their locations.
Page 45 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Device Performance Data of a Site (1/2)
On the Monitoring > Report > Statistics Analysis page, tenant administrators can view the device performance data trend and
information about top N devices by performance at a specific site based on the device type and time range (such as one day, week, or
month).
Page 46 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Device Performance Data of a Site (2/2)
• Top N terminals by traffic: calculated based on statistics on cloud APs on a per-tenant basis and a per-site basis
• Top N sites by the average number of online users (wireless access): calculated based on statistics on cloud APs and SNMP-managed APs on a per-tenant basis
• Top N sites by traffic: calculated based on statistics on cloud APs, SNMP-managed APs, and other SNMP-managed network devices on a per-tenant basis
• Number of online users (wireless access): calculated based on statistics on cloud APs, SNMP-managed APs, and other SNMP-managed network devices on a per-tenant
basis and a per-site basis
• Network rate and traffic statistics: calculated based on statistics on cloud APs, SNMP-managed APs, and other SNMP-managed network devices on a per-tenant basis
and a per-site basis
• Top N application categories by traffic: calculated based on statistics on cloud APs, firewalls, and ARs on a per-tenant basis and a per-site basis
• Attack detection: calculated based on statistics on cloud APs on a per-tenant basis and a per-site basis
• Top N sites by the number of alarms: calculated based on statistics on cloud managed devices and SNMP-managed devices on a per-tenant basis
• Top N devices by traffic: calculated based on statistics on cloud APs, SNMP-managed APs, and other SNMP-managed network devices on a per-site basis
• Top N SSIDs by traffic: calculated based on statistics on cloud APs and SNMP-managed APs on a per-site basis
• Top N authenticated users by traffic: calculated based on statistics on cloud APs on a per-site basis
• Top N terminal vendors, terminal OSs, and terminal types by traffic: calculated based on statistics on cloud APs and cloud switches on a per-tenant basis and on a per-
site basis
Page 47 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Exporting Monitoring Data to Reports
Tenant administrators can configure a one-time or periodic data export task on the Monitoring > Report > Statistics Analysis > Report
Customization page. By doing so, they can export performance data of devices at a specific site to Excel reports. In the following figure,
the options in the red rectangle are related to WAN services and the option Campus Statistics is related to LAN services.
Page 48 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Terminal Monitoring
Tenant administrators can view terminal statistics on the Monitoring > Health > Terminal page. Terminals connected to both SNMP
managed and cloud managed devices are monitored.
Terminal statistics is updated every 5 minutes. To view real-time terminal statistics, tenant administrators can click Report Terminal
Data. After that, devices immediately report terminal statistics to the controller at an interval of 10 seconds.
Page 49 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Quick Terminal Statistics Collection
• Terminal statistics on the Monitoring > Overview> Terminal page is updated every 5 minutes.
To view real-time terminal statistics, users can click Report Terminal Data. After that, devices
immediately report terminal statistics to the controller at an interval of 10 seconds.
Page 50 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Radio Monitoring
Tenant administrators can view the radio list, radio KPIs, and radio trends on the Monitoring > Health > Device
360 > AP > Radio page. Radio statistics on both SNMP managed and cloud managed devices are monitored.
Page 51 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Customer Flow Statistics
On the Monitoring > Report > Statistics Analysis > Terminal Behavior Analysis page, tenant administrators can view
site-specific customer traffic statistics in the last minute, in the last 5 minutes, yesterday, and on the day before
yesterday, as well as the average statistics in the last 7 days and last month. They can also view daily, weekly, monthly,
and yearly customer flow trends.
Page 52 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Customer Flow Analysis
Tenant administrators can view the numbers and proportion trends of passers-by and guests, guest dwell duration,
and repeat customers by site on the Monitoring > Report > Statistics Analysis > Terminal Behavior Analysis
page.
Page 53 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
WIDS Interference Detection in R22C10
Tenant administrators can choose Monitoring > Monitoring > Device 360 and then choose AP > Security
to query information about risky devices, attacks, related dynamic blacklists, and quiet user authentication
by day, week, month, or user-defined interval. They can also view attack detection information by tenant.
Note: Statistics on the devices managed by NETCONF and SNMP can be collected.
Page 54 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Application Identification
• Traffic statistics can be collected by application category and specific application based on the data
reported by the ARs, switches, and firewalls managed by NETCONF.
• Tenant administrators can view traffic details of top 5 application categories and top 5 applications by
day, week, or month on the Monitoring > Report > Statistics Analysis page.
Page 55 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Roaming Neighbor Monitoring
• Tenant administrators can view information about roaming neighbors of an AP on the AP details page.
• They can determine whether to adjust the location of APs in a mobility group based on whether terminals
can connect to the APs and the signal strength to ensure that terminals can roam seamlessly between the
APs.
Page 56 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Terminal KPI Monitoring
• On the Monitoring > Health > Device Terminal Monitoring page, tenant administrators can view current online users and
historical users using specific terminals and click a terminal MAC address in the user list to view detailed information about a user.
• On the Resource tab page on the AP details page, tenant administrators can view information about users connected to the AP
and click a terminal MAC address to view detailed information about a user.
• Tenant administrators can determine the causes of network quality deterioration in a certain period based on the received signal
strength indicator (RSSI), packet loss rate, delay, and retransmission rate. For example, they can determine whether the network
quality deteriorates due to interference.
Page 57 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Agile Report
Tenant administrators can flexibly customize reports on the Monitoring > Report > Agile Report page.
Page 58 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Periodic Task Management
Tenant administrators can create periodic report tasks on the Monitoring > Report > Periodic Task page and send specific reports in
PDF or Excel to target users via email.
Page 59 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
IP Address Management in R22C10
• Choose Maintenance > IP Address Management from the main menu. The IP address management overview page is displayed,
showing the IP address assignment rate, exception statistics, and top N statistics.
• IP address management provides the following capabilities: IP address group management, IP subnet management, IP address
management, IP address assignment, idle IP address detection, and IP address reclaiming.
Page 60 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Site-Specific Packet Path Tracing
Tenant administrators can configure packet tracing at a specific site on the Maintenance > Diagnosis Tools > Packet Path Tracing
> Packet Path Tracing on Custom Devices page. With this function configured, iMaster NCE-Campus can trace packets based on
the configured packet characteristics to determine the device ports that the specified packets pass through.
Page 61 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Universal Packet Path Tracing
Tenant administrators can configure packet path tracing on a fabric network or at a site on the Maintenance > Diagnosis Tools >
Packet Path Tracing > Universal Packet Path Tracing page. iMaster NCE-Campus can generate topologies to show packet path
tracing results.
Note:
Universal packet path tracing supports two modes:
• Fabric mode: Fabric networking must be used.
• Common mode: Only simple networking is supported, including the
"AP + switch + firewall" networking, "AP + switch/firewall"
networking, and "switch + firewall" networking.
Page 62 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
AP IoT Monitoring in R22C10
• Choose Monitoring > Monitoring > Device 360 and then choose AP > IoT. On the displayed page, view information about IoT cards in
AP serial ports or AP Ethernet ports. You can also click an AP to check detailed information about its serial ports.
• Supported AP models: AP2051DN-E, AP263, AP4050DN-E, AP6750-10T, AP7052DN, AP7060DN, AP7152DN, AirEngine5760-10,
AirEngine5760-22W, AirEngine5760-22WD, AirEngine5760-51, AirEngine5761-11, AirEngine5761-11W, AirEngine5761-11WD,
AirEngine5761-12, AirEngine5761-12W, AirEngine5761-21, AirEngine5761S-11, AirEngine5761S-11W, AirEngine5761S-12, AirEngine5761S-
13, AirEngine5761S-21, AirEngine5762-13W, AirEngine5762-15HW, AirEngine5762-16W, AirEngine5762S-13W, AirEngine6760-51EI,
AirEngine6760-X1, AirEngine6760-X1E, AirEngine6761-21, AirEngine6761-21E, AirEngine6761-21T, AirEngine6761-22T, AirEngine6761S-21,
AirEngine6761S-21T, AirEngine8760-X1-PRO, R250D-E, and R251D-E
Page 63 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New
Wi-Fi CPE Monitoring R22C10 in
Choose Monitoring > Monitoring > Wi-Fi CPE to display Wi-Fi CPE monitoring information about Fit APs,
including the Wi-Fi CPE list and monitoring data.
Page 64 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings - Quality Calculation
Formula
For devices with WAN-side ports in the EVPN scenario, tenant administrators can set the application quality and link quality thresholds
on the Monitoring > Monitoring Settings > Quality Formula Configuration page to configure a quality calculation formula. In this
way, on the Monitoring > Overview and Monitoring > Inter-Site pages, tenant administrators can view AQM and LQM values
calculated based on the delay, packet loss rate, and jitter values according to the quality calculation formula.
Page 65 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings – Data Reporting
• For NETCONF-managed devices, tenant administrators can enable them to report certain indicator information on the
Monitoring Settings > HTTP page.
• For SNMP-managed devices, tenant administrators can enable them to report certain indicator information on the
Monitoring Settings > SNMP page.
• The functions of reporting performance data, reporting terminal monitoring information, and reporting alarm data are
enabled by default.
Page 66 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings - Configuring ARs to Report
Performance Data
• For NETCONF-managed AR devices, the following data reporting functions are added on the Monitor Settings
> HTTP page: Report WAN-side application traffic data, Enhance WAN-side link quality, Report wan
application quality data, Report WAN-side link traffic data, and Report WAN optimization data.
Page 67 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings - Configuring ARs to
Report Performance Data
• Users can configure AR devices to report application statistics, WAN link traffic statistics, and
application quality statistics on the Monitoring Settings > Collection Configuration page. This
configuration is available only in EVPN tunnel mode. If the source IP address feature is installed,
users can also configure statistics collection based on source IP addresses.
Page 68 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Global Collection Configuration
• Users can configure application traffic statistics collection, application quality statistics
collection, and WAN link traffic statistics collection on the Design > Basic Network Design >
Network Settings > WAN Global Configuration > Collection Configuration page. When an
AR site is created, the controller by default delivers the global collection configuration to the AR
devices at the site.
Page 69 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
SAC Configuration
• Users can configure application identification and first-packet identification (FPI) for AR sites on
the Policy > Application Management > SAC Configuration page. Before enabling application
traffic or application quality statistics collection on an AR device, ensure that SAC has been
enabled on the target device.
Page 70 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings - Application
Experience
• Users can configure NETCONF-managed switches to report user-defined application statistics and pre-defined application
statistics on the Monitoring > Monitoring Settings > Application Experience Settings > Application Experience page.
After the controller delivers corresponding configurations to the target switches, the switches report application experience
analysis data to CampusInsight, which then analyzes and displays the statistics.
Page 71 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings - iPCA 2.0
• Users can configure iPCA 2.0 for traffic of specific applications that pass through selected interfaces of
NETCONF-managed switches on the Monitoring > Monitoring Settings > Application Experience Settings >
iPCA 2.0 page. After the controller delivers corresponding configurations to the target switches, the switches
report interface traffic statistics, network states and application traffic statistics to CampusInsight, which then
analyzes and displays the statistics.
Page 72 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring - RR/GW
• MSP administrators can check device health scores, as well as throughput and link
information about RR sites on the Monitoring > RR/GW page.
Page 73 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring - Tenant Traffic Statistics
Collection
• MSP administrators can check traffic statistics of managed tenant sites on the
Monitoring > Tenant Traffic Statistics page.
Page 74 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings - Performance Task
Management
• For SNMP-managed devices, tenant administrators can configure a detailed monitoring policy
on the Monitoring Settings > Performance Task Management page.
• Monitoring policies cannot be configured for NETCONF-managed devices.
Page 75 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Log Dump
• System administrators can configure log dump
conditions and local storage policies to dump excess
logs to a local or remote server.
• Log dump can be configured on the System > Logs >
Logs > Log Overflow Dump page.
• Procedure:
▫ (Optional) Configure the remote SFTP server,
including the IP address, port number, storage path,
username, and password.
▫ Configure log dump conditions, including the dump
threshold and retention period (in days). If either of
the two conditions is met, logs will be dumped to
the remote SFTP server.
▫ Configure a local storage policy, including the local
storage capacity and retention period (in days). The
two parameters specify the maximum number of
dumped files that can be saved locally and the
maximum retention period. If either of the two
conditions is met, dumped files saved locally will be
deleted.
Page 76 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Log Management in R22C10
• You can manage security logs, run logs, operation logs,
device channel logs, terminal authentication logs, and
configure log reporting.
▫ Choose System > System Management > Logs, and query
and export security logs and operation logs.
▫ Choose Admission Management > Admission O&M >
Terminal Authentication Logs, and query and export
terminal authentication logs.
▫ Choose System > System Settings > Third-Party Service >
Syslog Configuration and configure log reporting for third-
party servers, such as configuring syslog servers and reported
log types.
• Procedure:
1. The system administrator enables syslog reporting.
2. Configure address information (IP address/domain name +
interface) for the log collection server.
3. Select the type of logs to be reported.
4. Click OK.
Page 77 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New
Device Channel Logs R22C10 in
Tenant administrators can view logs reported through the device configuration channel, performance
channel, authentication channel, and IP-security group channel.
Page 78 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New
Terminal Authentication Logs R22C10 in
Tenant administrators can obtain terminal login and logout information through the corresponding login
and logout logs, which facilitate terminal management and maintenance.
Page 79 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Device Certificate Management (1/3) in R22C10
• Tenant administrators can remotely manage the certificates for managed APs, ARs, switches, and firewalls to
communicate with the controller.
• Choose Maintenance > Device Maintenance > Device Certificate Management.
Application scenarios:
1. A device certificate needs to be replaced with a new one when it is about to expire.
2. Enterprises having high security requirements need to use their own certificates.
Page 80 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Device Certificate Management (2/3) in R22C10
Certificates can be updated in either direct connection or offline mode.
Updating a device certificate in offline mode: A user manually applies for a certificate from a certificate server, imports
the certificate to the controller, and delivers the certificate to devices.
Updating a device certificate in direct connection mode: After a certificate server is configured, devices automatically
connect to the certificate server and replace their own certificates.
Page 81 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Device Certificate Management (3/3) in R22C10
The controller can deliver the CRL to devices through a CRL delivery task.
Page 82 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Device Certificate Management - LiteCA (1/2) in R22C10
1. The administrator 2. The administrator configures the CA proxy
configures the LiteCA service. service for interconnection with LiteCA.
Remarks:
Device certificate replacement can be performed using LiteCA built in iMaster NCE-Campus. Configure and activate
LiteCA of iMaster NCE-Campus and configure the CA proxy service. Then, configure a device certificate template and a
certificate replacement task based on the proxy service. After the task is activated, replace the certificate of a specified
device based on LiteCA.
Page 83 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Device Certificate Management - LiteCA (2/2) in R22C10
3. The tenant configures an identity certificate template 4. The tenant creates a certificate replacement
for the device and selects the corresponding CA proxy. task for the device.
5. The device certificate
is replaced, and the
replaced certificate is
visible and manageable.
Page 84 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
ESN Verification in R22C10
During device management, the controller provides the ESN
verification function to mitigate certificate leakage risks.
Enabled: ESN verification is enabled. If the ESN is not in the
whitelist, the verification fails and a verification exception
alarm is reported.
Disabled: ESN verification is disabled.
This function is disabled by default.
Page 85 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Introduction to Fault Diagnosis Tools
• iMaster NCE-Campus provides a collection of fault diagnosis tools on its web UI.
Tenant administrators can use these tools to diagnose faults on devices managed by
iMaster NCE-Campus, including APs, ARs, switches, and firewalls. This helps them
quickly locate network faults.
• Currently, tenant administrators can log in to the device CLI remotely, perform
remote control on devices, configure packet header obtaining, collect diagnostic logs
from devices, and use fault location tools to rectify faults.
Page 86 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Remote CLI
• Tenant administrators can perform O&M operations on devices by logging in to the device CLI through
iMaster NCE-Campus.
• Click Command Line in the upper right corner on the device details page to access the device CLI.
Page 87 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Enhanced SSH
To ensure device security, iMaster NCE-Campus supports enhanced SSH, which triggers key updates when
the traffic volume reaches a certain threshold or at a specific interval. This function is disabled by default.
Devices running earlier versions do not support enhanced SSH. If this function is enabled on such devices, they
will be disconnected from iMaster NCE-Campus.
Page 88 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Remote Control (1/2)
Tenant administrators can control indicator blinking on devices and restart devices by clicking Blink and
Reboot Device in the upper right corner on the device details page, respectively.
Page 89 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Remote Control (2/2)
• Tenant administrators can control the LED indicators of APs on the iMaster NCE-Campus GUI.
• The LED indicators of APs can be disabled in a specified time range.
Page 90 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Packet Header Obtaining
Tenant administrators can configure iMaster NCE-Campus to obtain packet headers from specified devices.
Page 91 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Ping in R22C10
Tenant administrators can ping devices on iMaster NCE-Campus.
Page 92 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Trace in R22C10
Tenant administrators can perform trace operations on devices through iMaster NCE-Campus.
Page 93 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Fault Information Collection in R22C10
Tenant administrators can collect fault information about links between sites on iMaster NCE-
Campus. Fault information collection is a WAN-side service. For details, see Site Fault Collection
in the product documentation.
Page 94 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Diagnostic Information Collection in R22C10
Tenant administrators can collect CPU alarm logs, memory alarm logs, and abnormal restart
logs on iMaster NCE-Campus.
Page 95 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Application Quality Monitoring
Tenant administrators can specify source and destination sites, source and destination IP addresses, and desired
applications to monitor application quality on the Maintenance > Diagnosis Tools > Application Quality Monitoring
page.
Note: This feature applies only to WAN-side ARs.
Page 96 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Exporting an Online Terminal Statistics Report
Page 97 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Configuring the Interval for Reporting
Terminal Location Information
The function of reporting terminal location information When this function is enabled, the interval at which
is disabled by default. information is reported can be configured.
Page 98 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Log Data Reporting - DNS Service
Experience Data Reporting
When log data reporting is enabled, tenant administrators can configure the function of reporting DNS
service experience data to the analyzer.
Page 99 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Fault Location Tools in R22C10
Tenant administrators can perform ping, trace, RF ping, virtual cable tests, and neighbor signal
detection, and manage device file systems on iMaster NCE-Campus.
System files of APs, switches, and V600 ARs can be directly downloaded.
Page 100 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Configuration File Management in R22C10
Tenant administrators can perform ping, trace, RF ping, virtual cable tests, and neighbor signal
detection, and manage device file systems on iMaster NCE-Campus.
System files of APs, switches, and V600 ARs can be directly downloaded.
Page 101 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Device Upgrade Management (1/2) in R23C00
• The system, MSP, or tenant administrator can use an upload tool to upload device software packages, patch files,
and feature packages to iMaster NCE-Campus, and then configures an upgrade plan. After that, iMaster NCE-
Campus delivers upgrade commands to involved devices, which then obtain the required upgrade files from the file
server to complete the upgrade.
• Smooth upgrade for switch stacks is supported. Before performing a stack smooth upgrade, ensure that upgrade
areas have been configured on the Monitoring > Device 360 > Stack Upgrade Partition page.
Page 102 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Device Upgrade Management (2/2)
• Administrators can resume or cancel the download of files required by device upgrade.
Page 103 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Device Upgrade Management
HOUP
1
2
3
Device upgrade process
1. The controller obtains the device software package.
• An administrator can obtain the recommended latest stable version of the device from the Huawei Online Upgrade Platform
(HOUP) software library.
• An administrator can also download the required software package from Huawei Support Website and import the package
to the controller.
2. The administrator customizes an upgrade or downgrade policy to manually or automatically upgrade or downgrade the device.
3. When receiving an upgrade task, the device downloads the upgrade package from the specified address and performs an
upgrade.
Page 104 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Signature Database Upgrade
System administrators can configure the upgrade center address on the System > System Management > Third-Party Service > Signature Database
Server page. Then, iMaster NCE-Campus can obtain the latest signature database file from the update center periodically or in real time to upgrade its
signature database. Tenant administrators can configure plans for upgrading signature database on devices at a site on the Maintenance > Device
Maintenance > Signature Database Upgrade page. iMaster NCE-Campus will deliver upgrade commands to target devices which then obtain required
signature database files from the file server to upgrade their signature databases.
Page 105 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New
License Activation R23C00 in
The controller can deliver a license to a device and activate the license. The activated license can also be
deactivated. Choose Maintenance > Device Maintenance > Device License Activation, select a device
whose license has been activated, and click Deactivate.
Remarks:
1. Licenses can be deactivated on both the controller and devices. The license deactivation function
enables users to batch deactivate licenses on the controller GUI.
2. Only ARs running V600R023C00 or later versions support license deactivation.
Page 106 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
SLA Management
Administrators can configure SLA tasks for SNMP-managed devices on iMaster NCE-Campus to implement
quick diagnosis.
Note: The SLA obtains returned values of test cases using the network quality analysis (NQA) protocol of devices and provides four
types of test cases based on specific service and network testing requirements. This can implement high-precision and high-
frequency on-demand tests, helping quickly locate faults. For details, see "Fault Detection and Location" > "SLA Management" in
the product documentation.
Page 107 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification
l On the iMaster NCE-Campus homepage, open the Network Intelligent Verification app.
l Intelligent network verification provides the following capabilities: snapshot management, subnet reachability verification, and
terminal access verification. In addition, verification tasks can be managed on iMaster NCE-Campus.
Page 108 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
V600 Device Management (Configuration Consistencyin R22C10
Verification)
• Configuration consistency verification upon first rollout: When
a device goes online for the first time, the controller delivers
full configurations to the device. Since the device may be
configured through other methods, such as through the local
device CLI, configuration inconsistencies may occur. Therefore,
after the full delivery, the controller automatically performs
consistency verification and synchronizes configurations from
the device if any differences are discovered.
• Configuration consistency check upon non-first rollout:
Different from the check upon first rollout, this check only
compares the flow ID of the controller with that of the device.
If they are different, inconsistency discovery is triggered. If any
inconsistencies are found, manual synchronization or
reconciliation is required to eliminate the inconsistencies.
Otherwise, full configurations cannot be delivered, in order to
prevent service security issues such as configuration
overwriting.
• Manual configuration consistency verification: Immediate
verification can be triggered manually to check full
configurations. In addition, scheduled verification tasks can be
• Click Discover Inconsistencies to check the differences of the configuration created (daily, weekly, or monthly). If any inconsistencies are
between the controller and devices. In addition, configurations can be found, manual synchronization or reconciliation is required to
synchronized and reconciled on a per-device or per-feature basis. eliminate the inconsistencies.
• Navigation path: Maintenance > Configuration
Maintenance > Configuration Consistency
Page 109 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification - Snapshot
Management (1/2)
l iMaster NCE-Campus collects device data on the network in read-only mode, performs data plane
modeling, and generates snapshots.
l Snapshots are the basis of the intelligent network verification feature. The system can verify subnet
reachability and terminal access by leveraging snapshots.
Page 110 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification - Snapshot
Management (2/2)
• The snapshot management module also provides the snapshot comparison function. By comparing two snapshots,
the network administrator can quickly find the differences between devices, configuration files, interface link states,
and IP routing tables at two time points, providing valuable information for quick fault locating.
Page 111 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification - Subnet
Reachability Verification (1/2)
l After a snapshot is created, network administrators can
verify connectivity between every two service subnets on
the entire network in this snapshot.
l The verification results are presented in a matrix,
including reachability and multi-path information. The
matrix explicitly displays subnet reachability.
Page 112 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification - Subnet
Reachability Verification (2/2)
l Network administrators can select two specific service subnets to view the traffic paths between the subnets.
The traffic path information helps quickly locate network reachability faults.
Page 113 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification - Terminal Access
Verification
l Intelligent network verification provides the terminal access verification capability. Network administrators can simulate a
terminal in a snapshot and verifies its access to network resources. With this function, network administrators can check
whether the services accessible to the terminal are as expected.
l Intelligent network verification also provides the verification task management function. A verification task contains the source
and destination information and the expected result. It is equivalent to a network verification case.
Page 114 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification –
Subnet Reachability on Fabrics
l Intelligent network verification is
applicable to the fabric scenario. In this
scenario, reachability between overlay
subnets can be verified and verification
results can be displayed in a matrix.
Page 115 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Advanced Security Feature – Remote Attestation (RA)
Download and import
reference values
Huawei
NCE-Campus Support
(RA server)
1. Send a challenge request
Reference
2. Challenge values
2. Return PCR status values RA
server 3. Verify
RA
client 3. Return Portal
RA measurement logs O&M
client personnel
1. Measure
l Device (YunShan LSWs and ARs):
p Connects to NCE-Campus to report its information and receive configurations.
p Receives RA requests from NCE-Campus and uploads platform configuration register (PCR)
values to NCE-Campus.
l NCE-Campus:
p Manages and configures devices.
p Downloads PCR baseline files consisting of reference values from the Huawei Support website.
p Sends challenge requests to NEs to collect measured information and evaluates the campus
security based on the collected information.
l Huawei Support website:
p Saves RA baselines of devices.
Page 116TheCopyright RA process © 2023 Huawei involves Technologies three Co., steps: Ltd. All measurement, rights reserved. challenge, and verification.
Advanced Security Feature – RA
l NE trustworthiness dashboard
Page 117 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Advanced Security Feature – NE/NMS Security R22C10
Situational Awareness
iMaster NCE-Campus
HiSec situation analysis component Single-domain security management Single-domain security
• NE/NMS intrusion detection
Situation Abnormal event O&M personnel
SOAR Zero trust • NE SOAR
display detection
NE (LSWs and ARs of V600 models):
l Connects to iMaster NCE-Campus and reports NE O&M logs.
iMaster NCE-Campus:
NE log
NMS AAA l Receives O&M logs from NEs and reports the logs to HiSec for exception detection and situation analysis.
module
l Receives O&M logs from the NMS and reports the logs to HiSec for exception detection and situation analysis.
The following NE situational awareness capabilities are supported:
l Rule-based abnormal login behavior detection: brute force cracking detection, login using a blacklisted IP
address, an unauthorized account, or a compromised account, and login through an uncommon path
l AI-based abnormal login behavior detection: login at unusual time, login using an unusual IP address or a
zombie account, abnormal number of login accounts, and abnormal login frequency
NE (LSWs and ARs of V600 models) l Abnormal behavior detection: unauthorized account creation, unauthorized password change, unauthorized
account activation (detected when the product has activation logs), password change violation, unauthorized
HSS
account deletion, unauthorized user permission change, and unauthorized operation attempt (requiring the NE
Intrusion detection to record authentication failure logs)
l Agent-based detection: file permission escalation, key file tampering, Rootkit attack, unauthorized superuser,
and shell file tampering.
The following NMS situational awareness capabilities are supported:
l Rule-based abnormal login behavior detection: brute force cracking detection, login using a blacklisted IP
address, an unauthorized account, or a compromised account, and login through an uncommon path
l Exception handling based on zero-trust evaluation, for example, blacklisting abnormal accounts
iMaster NCE-Campus supports SOAR. Specifically, it uses user-defined playbooks to perform security orchestration
based on the supported NE security threat alarms. The following security threat alarms can be processed using
playbooks:
l Brute force cracking detection, login using a blacklisted IP address, an unauthorized account, or a compromised
account, unauthorized account creation, unauthorized password change, unauthorized account activation
(detected when the product has activation logs), password change violation (skipping historical password
change mechanism), and unauthorized account deletion
Page 118 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Advanced Security Feature – NE Security Configuration
Check
l The controller can verify device security configurations, including insecure protocols, weak algorithms, and security
configuration items, to ensure NE security.
a. Insecure protocol: such as Telnet
b. Weak algorithm: such as the MD5 encryption algorithm
c. Insecure configuration: such as password authentication using SSH on port 22
Page 119 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. System O&M
2. Service O&M
3. PMI for cloud managed devices
Page 120 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Introduction to Device PMI
• iMaster NCE-Campus allows MSP administrators to inspect managed devices such as APs, ARs, switches, and
firewalls and generate PMI reports. This helps large- and medium-sized enterprises check existing network devices
and prevent faults.
• MSP administrators can perform device PMI on a per-tenant basis and obtain PMI reports.
Note: The controller supports built-in PMI scripts for the newly supported device models and versions.
Page 121 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
PMI Report Overview
• The device PMI report is in PDF format. The following figure shows an example.
Page 122 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
PMI Report (1/3)
• The summary chapter describes types of inspected devices, top 20 devices with the most problems, problem severity,
and main problem analysis and description.
• The following figure gives an example of the chart that demonstrates problem severities.
Page 123 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
PMI Report (2/3)
• The device PMI item and result summary chapter gives a PMI summary on a per-site basis, as shown in the
following figure.
Page 124 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
PMI Report (3/3)
• In the detailed device PMI report chapter, detailed PMI results are explained on a per-site basis, as shown in the
following figure.
Page 125 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Quiz
1. Which of the following statements about the system O&M capability are true?
A. A system administrator can check the cluster status.
B. A system administrator can perform a PMI on the system.
C. A system administrator can perform PMI on tenant devices.
2. Which of the following functions are applicable to SNMP-managed devices?
A. Terminal packet loss rate at sites
B. Trend of online Wi-Fi users
C. Device health status
D. Site health
E. WIDS interference detection
F. Diagnosis tools
Page 126 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Summary
• This course describes monitoring and O&M functions provided by iMaster
NCE-Campus.
• Upon completion of this course, you will have a deep understanding of these
monitoring and O&M functions.
Page 127 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
Page 128 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring and O&M
Page 0 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Foreword
• With the emergence of cloud computing, the "on-demand" cloud service mode is
gaining popularity, and the traditional network management mode is undergoing a
dramatic transformation. Cloud-based network management is shaping a trend, and
cloud management networks provide a new mode for enterprise network
construction and O&M.
• This document describes the monitoring and O&M functions provided by iMaster
NCE-Campus in the Huawei CloudCampus Solution.
Page 1 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Objectives
• Upon completion of this course, you will be able to:
▫ Understand system O&M functions provided by iMaster NCE-Campus
▫ Understand service O&M functions provided by iMaster NCE-Campus
▫ Understand the preventive maintenance inspection (PMI) function provided by iMaster
NCE-Campus
Page 2 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. System O&M
2. Service O&M
3. PMI for Cloud Managed Devices
Page 3 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Cluster Monitoring on the Management PlaneR22C10
iMaster NCE-Campus provides an independent management plane and service plane. Different IP addresses
and port numbers are used to log in to the planes. This allows users to focus on different task scenarios and
implement efficient system management and network O&M. For details, see the following slides.
The management plane centrally manages iMaster NCE-Campus software resources, applications, and
databases to implement functions such as installation and deployment, system monitoring, system
maintenance (user and password management, data backup and restoration, certificate and key
management, etc.), and system troubleshooting (system health check, DR, etc.).
The service plane provides service commissioning and provisioning capabilities based on different user roles.
The system administrator role is used by system maintenance personnel to manage MSP tenants, monitor
the system status, and set system parameters. The MSP administrator role is used by agent maintenance
personnel to manage common tenants, perform preventive maintenance inspection (PMI), and configure
MSPs. The tenant administrator role is mainly used by common users to configure services and monitor the
device status.
Page 4 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
System Monitoring R22C10
The system monitoring function on the management plane displays monitoring information by product,
node, service, relational database, and Redis database. You can configure the alarm thresholds for CPU
usage, memory usage, and disk usage of nodes.
Note: You can click the statistics (on node, service, or databases) on the right to quickly go to the monitoring details page.
Page 5 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
System Monitoring - Node
The management plane monitors and displays the CPU usage, memory usage, disk
partitions, and details about resources used by processes on each node.
Page 6 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
System Monitoring - Relational Database
The management plane monitors and displays the running status of each relational
database instance.
Page 7 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
System Monitoring - Redis Database
The management plane monitors and displays the running status of each Redis
database instance.
Page 8 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Unified Monitoring - Overview
The management plane can monitor the network status of network interface cards
(NICs), historical performance indicators of nodes, key middleware indicators, database
indicators, and service key performance indicators (KPIs). It provides enhanced system
monitoring capabilities compared with the original CloudSOP management plane.
Page 9 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Unified Monitoring - Node
The management plane monitors the real-time and historical status of the CPU usage,
memory usage, packet loss rate, network delay, and process of each iMaster NCE-
Campus node to detect and rectify faults in a timely manner, ensuring efficient
running of iMaster NCE-Campus.
Page 10 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Unified Monitoring - Service
The management plane can monitor resources such as the CPU, memory, threads, and
file handles of iMaster NCE-Campus services. Administrators can check the resource
usage of a node based on a service or check the resource usage of a service based on
a node to detect and resolve exceptions in a timely manner, ensuring normal service
running.
Page 11 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Unified Monitoring - Key Middleware
iMaster NCE-Campus uses a large amount of open-source middleware, such as
GaussDB 100 and ETCD. However, the status and indicators of the middleware are not
visualized. The management plane can display the real-time and historical status of
key middleware indicators and the real-time status of all middleware indicators,
improving maintenance efficiency.
Page 12 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
O&M Management - Data Collection
The management plane provides default and custom collection templates for O&M
personnel to collect logs and database tables as required for fault diagnosis.
Page 13 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Long-Term Monitoring and Routine Check of
the Network Rate
• The rate of access to public cloud services in each region can be monitored.
• Network monitoring is available at www.17ce.com.
1. Information statistics
2. Map display
3. Regional statistics analysis
Page 14 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
One-Time Network Rate Check
• You can manually perform a ping test to test the network rate.
• Check results are displayed in a chart.
Page 15 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
iMaster NCE-Campus Capacity Expansion
Currently, iMaster NCE-Campus supports capacity expansion from six distributed
nodes to nine distributed nodes and cold migration from a single node to the
minimum cluster.
Capacity expansion or cold migration in other scenarios are not supported.
Page 16 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Node Replacement
l You can replace faulty nodes in an iMaster NCE-Campus cluster.
l Procedure:
Step 1: Back up data, including the product data, product applications, operating system (OS), and
management plane.
Step 2: Deploy a new node and prepare the node for service restoration.
Step 3: Restore files on the new node.
Step 4: Restore mutual trust relationships between nodes.
Step 5: Restore the management plane.
Step 6: Restore the product data, product applications, and databases.
Step 7: Start services on the new node.
Page 17 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. System O&M
2. Service O&M
3. PMI for Cloud Managed Devices
Page 18 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Alarm Management Overview
• System administrators can check the running status of iMaster NCE-Campus based on alarms. By doing
so, they can determine whether the system encounters an exception.
• Tenant administrators can check the running status of managed devices based on alarms. By doing so,
they can determine which devices are faulty and handle the faults in a timely manner.
Page 19 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Current Alarms (1/3) R22C10
• The system administrator or a tenant administrator can view all alarms generated by the controller or
devices on the Current Alarms page, including the detailed location information and generation time.
• On the Current Alarms page, you can sort, export, clear, acknowledge, and unacknowledge alarms.
Operation description
ü Combined Sorting: Sorts alarms based on multiple alarm fields. A maximum of four alarm fields can be set.
ü Clear: If a fault is rectified but the alarm is not automatically cleared, click Clear to manually clear the alarm. After the alarm is
cleared, its status is changed to cleared.
ü Acknowledge: Acknowledges alarms that are to be handled or have been handled. After an alarm is acknowledged, the alarm status
changes from unacknowledged to acknowledged.
ü Unacknowledge: If engineer B wants to handle an alarm acknowledged by engineer A, engineer A can unacknowledge the alarm.
When the alarm is unacknowledged, the alarm status changes from acknowledged to unacknowledged.
Page 20 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Current Alarms (2/3) R22C10
• Administrators or tenants can filter alarms by alarm severity, alarm status, first occurrence time, and
last occurrence time.
• The alarm list supports sorting based on multiple conditions. In addition, you can set alarm fields to be
displayed in table columns.
Page 21 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Current Alarms (3/3) R22C10
Click the icon in the red circle to view the details, remarks, and latest handling records of an alarm.
Note: Correlative alarms are not supported in the current version.
Page 22 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Historical Alarms
All historical alarms of iMaster NCE-Campus and devices are displayed on the Monitoring > Alarm > Historical
Alarms page. After an active alarm is acknowledged or automatically cleared, it will be moved from the current
alarm list to the historical alarm list, and its clearance time will be recorded. In addition, administrators can
filter alarms by alarm severity, occurrence time, name, and location information.
Page 23 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Alarm Masking R22C10
• All masked alarms are displayed on the Masked Alarms page. After a type of alarms is masked,
alarms of this type are not displayed on the Current Alarms page. In addition, you can filter alarms
based on various conditions.
• You can manually unmask this alarm type in the Operation column.
Page 24 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Alarm Notifications via Email
• Administrators can configure alarm
notifications via email on the Monitoring >
Alarm > Alarm Notification page.
• To send emails to specific users to notify
them of alarms, administrators need to
configure the email sending interval, email
recipients, and email content.
Administrators can also specify the alarm
severity, alarm type, and alarm source for
which email notifications will be sent.
Page 25 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Alarm Notification - Email/SMS/Webhook R22C10
• On the Alarm Notification page, you can set email notification, SMS notification, and webhook notification.
• When an alarm is generated, the controller can send an email, SMS message, or webhook to recipients. You
need to configure the period (real-time sending is also supported) for sending emails, SMS messages, or
webhooks, recipients, and content template. You can also specify the alarms to be sent by alarm severity, alarm,
or alarm source.
Page 26 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Alarm Settings R22C10
On the Alarm Settings page, you can configure personalized settings for alarms, including the color,
sound, font color, and highlight. You can also customize different rules, such as the masking rule,
intermittent/toggling rule, correlation rule, automatic acknowledgment rule, redefinition rule, aggregation
rule, alarm/event name group, and alarm synchronization. For details, click .
Page 27 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Alarm Settings (Details About Alarm Rule R22C10
Configurations)
Configuring Alarm
Rule Details Application Scenario
or Event Rules
You can configure an alarm masking rule to mask alarms or events that you are not concerned
Configuring masking You can configure a masking rule to mask alarms or events that you are not concerned about. New alarms or
about. New alarms or events meeting the masking rules will not be displayed on the Current
rules events meeting the masking rules will not be displayed on the Current Alarms and Event pages.
Alarms and Event pages.
You can redefine severities and types of alarms and events. For example, if an alarm or event is
Configuring severity and After severity and type redefinition rules are configured, the adjusted severities or types will be displayed for new
considered important, it can be set as a high-level alarm or event so that O&M personnel will
type redefinition rules alarms or events reported later.
give priority to it.
Configuring name After name redefinition rules are configured, the adjusted names will be displayed for new alarms or events If some alarm or event names are technical and difficult to understand, you can redefine alarm
redefinition rules reported later. or event names as required by configuring name redefinition rules.
If a system or an NE is being commissioned, being verified, or disconnected from and then reconnected to the
After a device is disconnected from iMaster NCE-Campus, alarms on the device cannot be
current system, alarm data of the interconnected system or NE may be inconsistent with that of the current system.
Synchronizing alarms reported. After the device is reconnected to iMaster NCE-Campus, you need to manually
In this case, you need to perform alarm synchronization to ensure that the alarm data of the interconnected system
synchronize alarms to iMaster NCE-Campus for monitoring.
or NE is consistent with that of the current system.
A correlation rule determines the root alarms and correlative alarms. When monitoring or
Configuring correlation A correlation rule determines the root alarms and correlative alarms. When monitoring or viewing alarms, O&M
viewing alarms, O&M personnel can set a correlation rule to filter out correlative alarms and
rules. personnel can set a correlation rule to filter out correlative alarms and focus only on root alarms.
focus only on root alarms.
After the rules are set, when the number of alarms or events with the same alarm or event ID reported by the same If the same alarm or event is reported repeatedly, you can configure aggregation rules to
NE in a specified period meets the trigger condition, aggregation starts and a new aggregated alarm is generated. aggregate the repeated alarms or events reported in a specified period to the same alarm or
Configuring aggregation
All alarms that meet the condition are marked as the original alarms. When the number of alarms with the same event. This reduces the impact of a large number of repeated alarms or events on O&M. When
rules
alarm or event ID reported by the same NE meets the termination condition, the aggregation stops. You can view monitoring or viewing alarms, you can select Aggregated alarms to filter out original alarms
only aggregated alarms to improve alarm monitoring and handling efficiency. that have been aggregated and focus only on the alarms you need to handle.
After intermittent/toggling alarm handling rules are configured, intermittent or toggling alarms can be discarded or
displayed on the Masked Alarms page to improve alarm monitoring and handling efficiency. Intermittent alarm:
When the interval between alarm generation and alarm clearance is less than a specific period, the alarm is
Configuring considered as an intermittent alarm. The period is called intermittent period. If the alarm persists within the After an intermittent or toggling rule is configured, intermittent or toggling alarms can be
intermittent/toggling intermittent period, it is reported to current alarms. Therefore, the alarm reporting is delayed. Toggling alarm: When discarded or displayed on the Masked Alarms page to reduce interference caused by repetitive
rules the number of times that an alarm (with the same alarm ID) is reported by the same alarm source in a specified alarms.
period reaches the trigger condition, the toggling handling is started. You can set the action to generate a toggling
alarm or avalanche alarm, or redefine the original alarm severity. When the number of times that the alarm is
reported in the specified period reaches the termination condition, the toggling handling is terminated.
When the number of current alarms reaches the threshold, the system moves some current
Configuring auto The controller automatically acknowledges cleared alarms based on specified rules and moves these alarms to the alarms to the historical alarm list. To prevent the important alarms from being processed, you
acknowledgment rules historical alarm list. Alarms cleared before immediate acknowledgement is enabled are not affected. can configure auto acknowledge rules so that the system automatically acknowledges the
current alarms in the cleared status based on these rules and converts them to historical alarms.
Setting alarm/event You can add multiple alarm or event names to a name group to perform operations on them at
You can add multiple alarm or event names to a name group to perform operations on them at a time.
name groups a time.
The controller provides multiple display modes or sound prompt rules for alarms and events.
Configuring personalized After the settings, new colors for alarm or event severities take effect immediately on the controller. The settings
You can modify the rules of display mode and sound prompt as required to obtain the latest
monitoring take effect only for the current login user.
alarm or event information in different ways.
Page 28 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Email Server Configuration
System and MSP administrators can configure an email server on the System > System Management
> Third-Party Service page to send alarm notifications via email. Tenants use the email server
configured by their respective MSPs.
Page 29 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Alarm Dump
• Administrators can configure alarm dump on the Alarm > Alarm >
Alarm Dump page. When the alarm storage duration or number of
historical alarms in the database exceeds the threshold, the alarms
in the database will be written to the configured SFTP server.
▫ iMaster NCE-Campus performs dump detection every four hours.
▫ Alarm dump is triggered when the alarm storage duration
exceeds the configured time.
▫ When a remote SFTP server is configured, every 5 MB (upper
limit) data is packaged, compressed, and then uploaded to the
remote SFTP server.
▫ The condition for terminating alarm dump is that all alarms
have expired.
▫ Only historical alarms and events rather than current alarms are
dumped.
Page 30 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Tenant Alarm Management by MSPs
• After logging in to the controller, an MSP administrator can choose Tenant Management >
Tenant Alarm Statistics page to view the number of alarms under all managed tenants and
click a number to view alarm details.
Page 31 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Introduction to Performance Management R22C10
• In CloudCampus scenarios, APs, ARs, WACs, switches, and firewalls at each site report
performance data to DataCollector of iMaster NCE-Campus through HTTP/2.
• The reported data is parsed by DataCollector and written into the HBase database of the
controller.
• Aggregation computing is performed using the Spark computing framework of the controller,
and the computing result is written into the HBase database.
• Tenant administrators can view the performance data trend and top N statistics by site and
view the performance data trend and monitoring metrics by device.
Page 32 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Monitoring Indicators R23C00
Category AP AR Firewall Switch WAC
Application monitoring √ √ × × ×
Basic performance monitoring √ √ √ √ √
Terminal monitoring √ √ √ √ ×
Device log monitoring √ √ × √ ×
WAN monitoring × √ × × ×
Terminal location monitoring √ × × × ×
WIDS monitoring √ × × × ×
Mesh monitoring √ × × × ×
√: can be monitored
×: cannot be monitored
Page 33 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New in R23C00
Digital Map: One-Map Network Visibility (1/2)
The network digital map offers high visibility into the relationships between networks, applications, and
users/terminals on the entire network.
Tenant resource statistics • Site location: A GIS map displays sites based on
longitudes and latitudes. The tips of a site display the
number of devices, applications, and users at the site.
• Site interconnection: In IPsec VPN interconnection
scenarios, interconnection information between sites
can be displayed on a GIS map.
• Resource statistics: Displays statistics about sites,
devices, applications, users, and terminals.
1. Site statistics: The digital map displays a site list,
where users can check the total number of sites
and manage them.
2. Device statistics: The digital map displays a
device list, where users can check the total
number of devices and manage them.
3. Application statistics: The digital map displays an
application list, where users can check the total
number of applications.
4. User statistics: The digital map displays a user
list, where users can check the total number of
users and view user details.
5. Terminal statistics: The digital map displays a
terminal list, where users can check the total
number of terminals and view terminal details.
Page 34 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New in R23C00
Digital Map: One-Map Network Visibility (2/2)
• Topology capability:
1. Supports automatic topology layout by
device role.
2. Expands and collapses lower-layer devices
based on the network layers of devices.
3. Displays terminals on access devices.
4. Displays the WAN network where egress
devices reside in a topology.
5. Divides zones for intra-site devices.
• Statistics collection capability:
1. Collects statistics about the number of
devices, users, and terminals at a site.
2. Displays site details, including device type
statistics, device status statistics, device
alarm statistics, and terminal type statistics.
• Function integration:
1. Quick access to the site configuration page
2. Quick access to the site monitoring page
3. Access to common O&M tools, such as ping
and trace
Page 35 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New in R23C00
Digital Map: Visualized Application Experience
The network digital map offers insights into the application experience and provides a unified entry for experience-centric O&M of
key applications.
Key application assurance: The network Application experience display: The network digital map proactively identifies application experience problems, instead of
digital map supports the delivery of reactive response. It displays service flow details of a single application and highlights faulty links in the full-flow path topology.
Monitoring through the conference map: The network digital map displays the network topology of a specified conference
assurance policies for key services.
and provides conference quality monitoring and O&M capabilities based on the topology, assisting administrators to monitor
Page 36 Copyright © 2023 Huawei Technologies Co.,the Ltd.conference All rights quality reserved. in real time throughout the conference.
New in R23C00
Digital Map: Visualized User Experience
The network digital map offers insights into user experience. It provides precise full-lifecycle profiles based on users' Wi-Fi network
access and Internet access experience, and analyzes and locates problems. This enables O&M personnel to easily handle faults reported
by users and proactively ensures user network experience.
User experience display: The network digital map displays user tracks in the floor topology and
VIP user assurance: Users and guests can be set as VIP
performs modeling based on multi-dimensional parameters such as the user access delay, bandwidth,
users to ensure their preferential wireless access and
and packet loss rate. As such, it can accurately detect actual user experience, display single-user network
reserve air interface bandwidth for them.
quality (evaluated through user network indicators), and analyze user network experience faults.
Page 37 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Dashboard
On the Monitoring > Health > Overview page, tenant administrators can check the status, terminal packet loss rate, and application
quality distribution of all sites, and view site locations on the map. They can also view the online Wi-Fi user trend, device status, worst 5
applications with the poorest performance, worst 5 links with the poorest performance, abnormal cloud managed devices, and alarms.
Note: Both SNMP managed and cloud managed devices are monitored when iMaster NCE-Campus monitors the site status, terminal
packet loss rate, online Wi-Fi user trend, device status, and alarms.
Page 38 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Site Monitoring
• Tenant administrators can choose the IPsec VPN or EVPN tunnel mode on the
Design > Basic Network Design > Network Settings > Tunnel Mode page.
• If the EVPN tunnel mode is selected, tenant administrators can view the site
health status, device status, alarms, device health information, and device list of a
specified site on the Monitoring > Health > Site page. In addition, they can view
statistics about WAN links and applications on the WAN Link and WAN
Application tab pages, respectively. For details, see the SD-WAN O&M feature
description.
• If the IPsec VPN tunnel mode is selected, tenant administrators can view the site
health status, device status, alarms, device health information, and device list of a
specified site on the Monitoring > Health > Site page.
• Note:
Tenant administrators can select a site on the top of the page to view site 1. Differences between the two tunnel modes:
monitoring information. • Select the IPsec VPN tunnel mode in a LAN-only scenario. In this
mode, SD-WAN indicator monitoring is not supported.
• Select the EVPN tunnel mode in a LAN+WAN scenario. In this
mode, both data monitoring in the LAN-only scenario and SD-
WAN indicator monitoring are supported.
2. The functions of displaying device health, site health, device status,
alarms, and device health trends are supported for devices managed
by NETCONF or SNMP.
Page 39 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Inter-Site Monitoring (1/2)
• Tenant administrators can choose the IPsec VPN or EVPN tunnel mode on the Design > Basic Network Design > Network
Settings > Tunnel Mode page.
• If the EVPN tunnel mode is selected, tenant administrators can view the quality and traffic information about WAN-side inter-
site links on the Monitoring > Health > Inter-Site page. For details, see the SD-WAN O&M feature description.
Page 40 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Inter-Site Monitoring (2/2)
• If the IPsec VPN tunnel mode is selected, tenant administrators can view the IPsec VPN status, packet loss rate, and delay
between sites on the Monitoring > Health > Inter-Site page.
Page 41 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
API Performance Monitoring in R23C00
• Tenant administrators can choose Design > Site Design > Device Management, select a device, and
click an interface in the interface list to view the historical interface performance trend.
Page 42 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Application Monitoring
• Tenant administrators can select the EVPN tunnel mode on the Design > Basic Network Design > Network
Settings > Tunnel Mode page.
• Tenant administrators can view WAN-side application quality statistics on the Monitoring > Health > Application
page. For details, see the SD-WAN O&M feature description.
Page 43 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
WLAN Resource Monitoring
On the Monitoring > Health > WLAN Resources page, tenant administrators can view the AP and SSID information on the entire
network, at a specific site, or in a specific region. They can also view the access user trend, top N APs by the CPU or memory usage,
and top N regions by the number of access users.
Page 44 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Region Monitoring
Tenant administrators can view the imported network planning projects on the Monitoring > Health > Region Monitor page. They
can import a cloud-based WLAN planning project file, import a background image, set the drawing scale, and add APs and adjust
their locations.
Page 45 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Device Performance Data of a Site (1/2)
On the Monitoring > Report > Statistics Analysis page, tenant administrators can view the device performance data trend and
information about top N devices by performance at a specific site based on the device type and time range (such as one day, week, or
month).
Page 46 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Device Performance Data of a Site (2/2)
• Top N terminals by traffic: calculated based on statistics on cloud APs on a per-tenant basis and a per-site basis
• Top N sites by the average number of online users (wireless access): calculated based on statistics on cloud APs and SNMP-managed APs on a per-tenant basis
• Top N sites by traffic: calculated based on statistics on cloud APs, SNMP-managed APs, and other SNMP-managed network devices on a per-tenant basis
• Number of online users (wireless access): calculated based on statistics on cloud APs, SNMP-managed APs, and other SNMP-managed network devices on a per-tenant
basis and a per-site basis
• Network rate and traffic statistics: calculated based on statistics on cloud APs, SNMP-managed APs, and other SNMP-managed network devices on a per-tenant basis
and a per-site basis
• Top N application categories by traffic: calculated based on statistics on cloud APs, firewalls, and ARs on a per-tenant basis and a per-site basis
• Attack detection: calculated based on statistics on cloud APs on a per-tenant basis and a per-site basis
• Top N sites by the number of alarms: calculated based on statistics on cloud managed devices and SNMP-managed devices on a per-tenant basis
• Top N devices by traffic: calculated based on statistics on cloud APs, SNMP-managed APs, and other SNMP-managed network devices on a per-site basis
• Top N SSIDs by traffic: calculated based on statistics on cloud APs and SNMP-managed APs on a per-site basis
• Top N authenticated users by traffic: calculated based on statistics on cloud APs on a per-site basis
• Top N terminal vendors, terminal OSs, and terminal types by traffic: calculated based on statistics on cloud APs and cloud switches on a per-tenant basis and on a per-
site basis
Page 47 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Exporting Monitoring Data to Reports
Tenant administrators can configure a one-time or periodic data export task on the Monitoring > Report > Statistics Analysis > Report
Customization page. By doing so, they can export performance data of devices at a specific site to Excel reports. In the following figure,
the options in the red rectangle are related to WAN services and the option Campus Statistics is related to LAN services.
Page 48 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Terminal Monitoring
Tenant administrators can view terminal statistics on the Monitoring > Health > Terminal page. Terminals connected to both SNMP
managed and cloud managed devices are monitored.
Terminal statistics is updated every 5 minutes. To view real-time terminal statistics, tenant administrators can click Report Terminal
Data. After that, devices immediately report terminal statistics to the controller at an interval of 10 seconds.
Page 49 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Quick Terminal Statistics Collection
• Terminal statistics on the Monitoring > Overview> Terminal page is updated every 5 minutes.
To view real-time terminal statistics, users can click Report Terminal Data. After that, devices
immediately report terminal statistics to the controller at an interval of 10 seconds.
Page 50 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Radio Monitoring
Tenant administrators can view the radio list, radio KPIs, and radio trends on the Monitoring > Health > Device
360 > AP > Radio page. Radio statistics on both SNMP managed and cloud managed devices are monitored.
Page 51 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Customer Flow Statistics
On the Monitoring > Report > Statistics Analysis > Terminal Behavior Analysis page, tenant administrators can view
site-specific customer traffic statistics in the last minute, in the last 5 minutes, yesterday, and on the day before
yesterday, as well as the average statistics in the last 7 days and last month. They can also view daily, weekly, monthly,
and yearly customer flow trends.
Page 52 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Customer Flow Analysis
Tenant administrators can view the numbers and proportion trends of passers-by and guests, guest dwell duration,
and repeat customers by site on the Monitoring > Report > Statistics Analysis > Terminal Behavior Analysis
page.
Page 53 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
WIDS Interference Detection in R22C10
Tenant administrators can choose Monitoring > Monitoring > Device 360 and then choose AP > Security
to query information about risky devices, attacks, related dynamic blacklists, and quiet user authentication
by day, week, month, or user-defined interval. They can also view attack detection information by tenant.
Note: Statistics on the devices managed by NETCONF and SNMP can be collected.
Page 54 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Application Identification
• Traffic statistics can be collected by application category and specific application based on the data
reported by the ARs, switches, and firewalls managed by NETCONF.
• Tenant administrators can view traffic details of top 5 application categories and top 5 applications by
day, week, or month on the Monitoring > Report > Statistics Analysis page.
Page 55 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Roaming Neighbor Monitoring
• Tenant administrators can view information about roaming neighbors of an AP on the AP details page.
• They can determine whether to adjust the location of APs in a mobility group based on whether terminals
can connect to the APs and the signal strength to ensure that terminals can roam seamlessly between the
APs.
Page 56 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Terminal KPI Monitoring
• On the Monitoring > Health > Device Terminal Monitoring page, tenant administrators can view current online users and
historical users using specific terminals and click a terminal MAC address in the user list to view detailed information about a user.
• On the Resource tab page on the AP details page, tenant administrators can view information about users connected to the AP
and click a terminal MAC address to view detailed information about a user.
• Tenant administrators can determine the causes of network quality deterioration in a certain period based on the received signal
strength indicator (RSSI), packet loss rate, delay, and retransmission rate. For example, they can determine whether the network
quality deteriorates due to interference.
Page 57 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Agile Report
Tenant administrators can flexibly customize reports on the Monitoring > Report > Agile Report page.
Page 58 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Periodic Task Management
Tenant administrators can create periodic report tasks on the Monitoring > Report > Periodic Task page and send specific reports in
PDF or Excel to target users via email.
Page 59 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
IP Address Management in R22C10
• Choose Maintenance > IP Address Management from the main menu. The IP address management overview page is displayed,
showing the IP address assignment rate, exception statistics, and top N statistics.
• IP address management provides the following capabilities: IP address group management, IP subnet management, IP address
management, IP address assignment, idle IP address detection, and IP address reclaiming.
Page 60 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Site-Specific Packet Path Tracing
Tenant administrators can configure packet tracing at a specific site on the Maintenance > Diagnosis Tools > Packet Path Tracing
> Packet Path Tracing on Custom Devices page. With this function configured, iMaster NCE-Campus can trace packets based on
the configured packet characteristics to determine the device ports that the specified packets pass through.
Page 61 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Universal Packet Path Tracing
Tenant administrators can configure packet path tracing on a fabric network or at a site on the Maintenance > Diagnosis Tools >
Packet Path Tracing > Universal Packet Path Tracing page. iMaster NCE-Campus can generate topologies to show packet path
tracing results.
Note:
Universal packet path tracing supports two modes:
• Fabric mode: Fabric networking must be used.
• Common mode: Only simple networking is supported, including the
"AP + switch + firewall" networking, "AP + switch/firewall"
networking, and "switch + firewall" networking.
Page 62 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
AP IoT Monitoring in R22C10
• Choose Monitoring > Monitoring > Device 360 and then choose AP > IoT. On the displayed page, view information about IoT cards in
AP serial ports or AP Ethernet ports. You can also click an AP to check detailed information about its serial ports.
• Supported AP models: AP2051DN-E, AP263, AP4050DN-E, AP6750-10T, AP7052DN, AP7060DN, AP7152DN, AirEngine5760-10,
AirEngine5760-22W, AirEngine5760-22WD, AirEngine5760-51, AirEngine5761-11, AirEngine5761-11W, AirEngine5761-11WD,
AirEngine5761-12, AirEngine5761-12W, AirEngine5761-21, AirEngine5761S-11, AirEngine5761S-11W, AirEngine5761S-12, AirEngine5761S-
13, AirEngine5761S-21, AirEngine5762-13W, AirEngine5762-15HW, AirEngine5762-16W, AirEngine5762S-13W, AirEngine6760-51EI,
AirEngine6760-X1, AirEngine6760-X1E, AirEngine6761-21, AirEngine6761-21E, AirEngine6761-21T, AirEngine6761-22T, AirEngine6761S-21,
AirEngine6761S-21T, AirEngine8760-X1-PRO, R250D-E, and R251D-E
Page 63 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New
Wi-Fi CPE Monitoring R22C10 in
Choose Monitoring > Monitoring > Wi-Fi CPE to display Wi-Fi CPE monitoring information about Fit APs,
including the Wi-Fi CPE list and monitoring data.
Page 64 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings - Quality Calculation
Formula
For devices with WAN-side ports in the EVPN scenario, tenant administrators can set the application quality and link quality thresholds
on the Monitoring > Monitoring Settings > Quality Formula Configuration page to configure a quality calculation formula. In this
way, on the Monitoring > Overview and Monitoring > Inter-Site pages, tenant administrators can view AQM and LQM values
calculated based on the delay, packet loss rate, and jitter values according to the quality calculation formula.
Page 65 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings – Data Reporting
• For NETCONF-managed devices, tenant administrators can enable them to report certain indicator information on the
Monitoring Settings > HTTP page.
• For SNMP-managed devices, tenant administrators can enable them to report certain indicator information on the
Monitoring Settings > SNMP page.
• The functions of reporting performance data, reporting terminal monitoring information, and reporting alarm data are
enabled by default.
Page 66 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings - Configuring ARs to Report
Performance Data
• For NETCONF-managed AR devices, the following data reporting functions are added on the Monitor Settings
> HTTP page: Report WAN-side application traffic data, Enhance WAN-side link quality, Report wan
application quality data, Report WAN-side link traffic data, and Report WAN optimization data.
Page 67 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings - Configuring ARs to
Report Performance Data
• Users can configure AR devices to report application statistics, WAN link traffic statistics, and
application quality statistics on the Monitoring Settings > Collection Configuration page. This
configuration is available only in EVPN tunnel mode. If the source IP address feature is installed,
users can also configure statistics collection based on source IP addresses.
Page 68 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Global Collection Configuration
• Users can configure application traffic statistics collection, application quality statistics
collection, and WAN link traffic statistics collection on the Design > Basic Network Design >
Network Settings > WAN Global Configuration > Collection Configuration page. When an
AR site is created, the controller by default delivers the global collection configuration to the AR
devices at the site.
Page 69 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
SAC Configuration
• Users can configure application identification and first-packet identification (FPI) for AR sites on
the Policy > Application Management > SAC Configuration page. Before enabling application
traffic or application quality statistics collection on an AR device, ensure that SAC has been
enabled on the target device.
Page 70 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings - Application
Experience
• Users can configure NETCONF-managed switches to report user-defined application statistics and pre-defined application
statistics on the Monitoring > Monitoring Settings > Application Experience Settings > Application Experience page.
After the controller delivers corresponding configurations to the target switches, the switches report application experience
analysis data to CampusInsight, which then analyzes and displays the statistics.
Page 71 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings - iPCA 2.0
• Users can configure iPCA 2.0 for traffic of specific applications that pass through selected interfaces of
NETCONF-managed switches on the Monitoring > Monitoring Settings > Application Experience Settings >
iPCA 2.0 page. After the controller delivers corresponding configurations to the target switches, the switches
report interface traffic statistics, network states and application traffic statistics to CampusInsight, which then
analyzes and displays the statistics.
Page 72 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring - RR/GW
• MSP administrators can check device health scores, as well as throughput and link
information about RR sites on the Monitoring > RR/GW page.
Page 73 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring - Tenant Traffic Statistics
Collection
• MSP administrators can check traffic statistics of managed tenant sites on the
Monitoring > Tenant Traffic Statistics page.
Page 74 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Monitoring Settings - Performance Task
Management
• For SNMP-managed devices, tenant administrators can configure a detailed monitoring policy
on the Monitoring Settings > Performance Task Management page.
• Monitoring policies cannot be configured for NETCONF-managed devices.
Page 75 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Log Dump
• System administrators can configure log dump
conditions and local storage policies to dump excess
logs to a local or remote server.
• Log dump can be configured on the System > Logs >
Logs > Log Overflow Dump page.
• Procedure:
▫ (Optional) Configure the remote SFTP server,
including the IP address, port number, storage path,
username, and password.
▫ Configure log dump conditions, including the dump
threshold and retention period (in days). If either of
the two conditions is met, logs will be dumped to
the remote SFTP server.
▫ Configure a local storage policy, including the local
storage capacity and retention period (in days). The
two parameters specify the maximum number of
dumped files that can be saved locally and the
maximum retention period. If either of the two
conditions is met, dumped files saved locally will be
deleted.
Page 76 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Log Management in R22C10
• You can manage security logs, run logs, operation logs,
device channel logs, terminal authentication logs, and
configure log reporting.
▫ Choose System > System Management > Logs, and query
and export security logs and operation logs.
▫ Choose Admission Management > Admission O&M >
Terminal Authentication Logs, and query and export
terminal authentication logs.
▫ Choose System > System Settings > Third-Party Service >
Syslog Configuration and configure log reporting for third-
party servers, such as configuring syslog servers and reported
log types.
• Procedure:
1. The system administrator enables syslog reporting.
2. Configure address information (IP address/domain name +
interface) for the log collection server.
3. Select the type of logs to be reported.
4. Click OK.
Page 77 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New
Device Channel Logs R22C10 in
Tenant administrators can view logs reported through the device configuration channel, performance
channel, authentication channel, and IP-security group channel.
Page 78 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New
Terminal Authentication Logs R22C10 in
Tenant administrators can obtain terminal login and logout information through the corresponding login
and logout logs, which facilitate terminal management and maintenance.
Page 79 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Device Certificate Management (1/3) in R22C10
• Tenant administrators can remotely manage the certificates for managed APs, ARs, switches, and firewalls to
communicate with the controller.
• Choose Maintenance > Device Maintenance > Device Certificate Management.
Application scenarios:
1. A device certificate needs to be replaced with a new one when it is about to expire.
2. Enterprises having high security requirements need to use their own certificates.
Page 80 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Device Certificate Management (2/3) in R22C10
Certificates can be updated in either direct connection or offline mode.
Updating a device certificate in offline mode: A user manually applies for a certificate from a certificate server, imports
the certificate to the controller, and delivers the certificate to devices.
Updating a device certificate in direct connection mode: After a certificate server is configured, devices automatically
connect to the certificate server and replace their own certificates.
Page 81 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Device Certificate Management (3/3) in R22C10
The controller can deliver the CRL to devices through a CRL delivery task.
Page 82 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Device Certificate Management - LiteCA (1/2) in R22C10
1. The administrator 2. The administrator configures the CA proxy
configures the LiteCA service. service for interconnection with LiteCA.
Remarks:
Device certificate replacement can be performed using LiteCA built in iMaster NCE-Campus. Configure and activate
LiteCA of iMaster NCE-Campus and configure the CA proxy service. Then, configure a device certificate template and a
certificate replacement task based on the proxy service. After the task is activated, replace the certificate of a specified
device based on LiteCA.
Page 83 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Device Certificate Management - LiteCA (2/2) in R22C10
3. The tenant configures an identity certificate template 4. The tenant creates a certificate replacement
for the device and selects the corresponding CA proxy. task for the device.
5. The device certificate
is replaced, and the
replaced certificate is
visible and manageable.
Page 84 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
ESN Verification in R22C10
During device management, the controller provides the ESN
verification function to mitigate certificate leakage risks.
Enabled: ESN verification is enabled. If the ESN is not in the
whitelist, the verification fails and a verification exception
alarm is reported.
Disabled: ESN verification is disabled.
This function is disabled by default.
Page 85 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Introduction to Fault Diagnosis Tools
• iMaster NCE-Campus provides a collection of fault diagnosis tools on its web UI.
Tenant administrators can use these tools to diagnose faults on devices managed by
iMaster NCE-Campus, including APs, ARs, switches, and firewalls. This helps them
quickly locate network faults.
• Currently, tenant administrators can log in to the device CLI remotely, perform
remote control on devices, configure packet header obtaining, collect diagnostic logs
from devices, and use fault location tools to rectify faults.
Page 86 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Remote CLI
• Tenant administrators can perform O&M operations on devices by logging in to the device CLI through
iMaster NCE-Campus.
• Click Command Line in the upper right corner on the device details page to access the device CLI.
Page 87 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Enhanced SSH
To ensure device security, iMaster NCE-Campus supports enhanced SSH, which triggers key updates when
the traffic volume reaches a certain threshold or at a specific interval. This function is disabled by default.
Devices running earlier versions do not support enhanced SSH. If this function is enabled on such devices, they
will be disconnected from iMaster NCE-Campus.
Page 88 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Remote Control (1/2)
Tenant administrators can control indicator blinking on devices and restart devices by clicking Blink and
Reboot Device in the upper right corner on the device details page, respectively.
Page 89 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Remote Control (2/2)
• Tenant administrators can control the LED indicators of APs on the iMaster NCE-Campus GUI.
• The LED indicators of APs can be disabled in a specified time range.
Page 90 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Packet Header Obtaining
Tenant administrators can configure iMaster NCE-Campus to obtain packet headers from specified devices.
Page 91 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Ping in R22C10
Tenant administrators can ping devices on iMaster NCE-Campus.
Page 92 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Trace in R22C10
Tenant administrators can perform trace operations on devices through iMaster NCE-Campus.
Page 93 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Fault Information Collection in R22C10
Tenant administrators can collect fault information about links between sites on iMaster NCE-
Campus. Fault information collection is a WAN-side service. For details, see Site Fault Collection
in the product documentation.
Page 94 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Diagnostic Information Collection in R22C10
Tenant administrators can collect CPU alarm logs, memory alarm logs, and abnormal restart
logs on iMaster NCE-Campus.
Page 95 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Application Quality Monitoring
Tenant administrators can specify source and destination sites, source and destination IP addresses, and desired
applications to monitor application quality on the Maintenance > Diagnosis Tools > Application Quality Monitoring
page.
Note: This feature applies only to WAN-side ARs.
Page 96 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Exporting an Online Terminal Statistics Report
Page 97 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Configuring the Interval for Reporting
Terminal Location Information
The function of reporting terminal location information When this function is enabled, the interval at which
is disabled by default. information is reported can be configured.
Page 98 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Log Data Reporting - DNS Service
Experience Data Reporting
When log data reporting is enabled, tenant administrators can configure the function of reporting DNS
service experience data to the analyzer.
Page 99 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Fault Location Tools in R22C10
Tenant administrators can perform ping, trace, RF ping, virtual cable tests, and neighbor signal
detection, and manage device file systems on iMaster NCE-Campus.
System files of APs, switches, and V600 ARs can be directly downloaded.
Page 100 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Configuration File Management in R22C10
Tenant administrators can perform ping, trace, RF ping, virtual cable tests, and neighbor signal
detection, and manage device file systems on iMaster NCE-Campus.
System files of APs, switches, and V600 ARs can be directly downloaded.
Page 101 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
Device Upgrade Management (1/2) in R23C00
• The system, MSP, or tenant administrator can use an upload tool to upload device software packages, patch files,
and feature packages to iMaster NCE-Campus, and then configures an upgrade plan. After that, iMaster NCE-
Campus delivers upgrade commands to involved devices, which then obtain the required upgrade files from the file
server to complete the upgrade.
• Smooth upgrade for switch stacks is supported. Before performing a stack smooth upgrade, ensure that upgrade
areas have been configured on the Monitoring > Device 360 > Stack Upgrade Partition page.
Page 102 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Device Upgrade Management (2/2)
• Administrators can resume or cancel the download of files required by device upgrade.
Page 103 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Device Upgrade Management
HOUP
1
2
3
Device upgrade process
1. The controller obtains the device software package.
• An administrator can obtain the recommended latest stable version of the device from the Huawei Online Upgrade Platform
(HOUP) software library.
• An administrator can also download the required software package from Huawei Support Website and import the package
to the controller.
2. The administrator customizes an upgrade or downgrade policy to manually or automatically upgrade or downgrade the device.
3. When receiving an upgrade task, the device downloads the upgrade package from the specified address and performs an
upgrade.
Page 104 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Signature Database Upgrade
System administrators can configure the upgrade center address on the System > System Management > Third-Party Service > Signature Database
Server page. Then, iMaster NCE-Campus can obtain the latest signature database file from the update center periodically or in real time to upgrade its
signature database. Tenant administrators can configure plans for upgrading signature database on devices at a site on the Maintenance > Device
Maintenance > Signature Database Upgrade page. iMaster NCE-Campus will deliver upgrade commands to target devices which then obtain required
signature database files from the file server to upgrade their signature databases.
Page 105 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
New
License Activation R23C00 in
The controller can deliver a license to a device and activate the license. The activated license can also be
deactivated. Choose Maintenance > Device Maintenance > Device License Activation, select a device
whose license has been activated, and click Deactivate.
Remarks:
1. Licenses can be deactivated on both the controller and devices. The license deactivation function
enables users to batch deactivate licenses on the controller GUI.
2. Only ARs running V600R023C00 or later versions support license deactivation.
Page 106 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
SLA Management
Administrators can configure SLA tasks for SNMP-managed devices on iMaster NCE-Campus to implement
quick diagnosis.
Note: The SLA obtains returned values of test cases using the network quality analysis (NQA) protocol of devices and provides four
types of test cases based on specific service and network testing requirements. This can implement high-precision and high-
frequency on-demand tests, helping quickly locate faults. For details, see "Fault Detection and Location" > "SLA Management" in
the product documentation.
Page 107 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification
l On the iMaster NCE-Campus homepage, open the Network Intelligent Verification app.
l Intelligent network verification provides the following capabilities: snapshot management, subnet reachability verification, and
terminal access verification. In addition, verification tasks can be managed on iMaster NCE-Campus.
Page 108 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified
V600 Device Management (Configuration Consistencyin R22C10
Verification)
• Configuration consistency verification upon first rollout: When
a device goes online for the first time, the controller delivers
full configurations to the device. Since the device may be
configured through other methods, such as through the local
device CLI, configuration inconsistencies may occur. Therefore,
after the full delivery, the controller automatically performs
consistency verification and synchronizes configurations from
the device if any differences are discovered.
• Configuration consistency check upon non-first rollout:
Different from the check upon first rollout, this check only
compares the flow ID of the controller with that of the device.
If they are different, inconsistency discovery is triggered. If any
inconsistencies are found, manual synchronization or
reconciliation is required to eliminate the inconsistencies.
Otherwise, full configurations cannot be delivered, in order to
prevent service security issues such as configuration
overwriting.
• Manual configuration consistency verification: Immediate
verification can be triggered manually to check full
configurations. In addition, scheduled verification tasks can be
• Click Discover Inconsistencies to check the differences of the configuration created (daily, weekly, or monthly). If any inconsistencies are
between the controller and devices. In addition, configurations can be found, manual synchronization or reconciliation is required to
synchronized and reconciled on a per-device or per-feature basis. eliminate the inconsistencies.
• Navigation path: Maintenance > Configuration
Maintenance > Configuration Consistency
Page 109 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification - Snapshot
Management (1/2)
l iMaster NCE-Campus collects device data on the network in read-only mode, performs data plane
modeling, and generates snapshots.
l Snapshots are the basis of the intelligent network verification feature. The system can verify subnet
reachability and terminal access by leveraging snapshots.
Page 110 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification - Snapshot
Management (2/2)
• The snapshot management module also provides the snapshot comparison function. By comparing two snapshots,
the network administrator can quickly find the differences between devices, configuration files, interface link states,
and IP routing tables at two time points, providing valuable information for quick fault locating.
Page 111 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification - Subnet
Reachability Verification (1/2)
l After a snapshot is created, network administrators can
verify connectivity between every two service subnets on
the entire network in this snapshot.
l The verification results are presented in a matrix,
including reachability and multi-path information. The
matrix explicitly displays subnet reachability.
Page 112 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification - Subnet
Reachability Verification (2/2)
l Network administrators can select two specific service subnets to view the traffic paths between the subnets.
The traffic path information helps quickly locate network reachability faults.
Page 113 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification - Terminal Access
Verification
l Intelligent network verification provides the terminal access verification capability. Network administrators can simulate a
terminal in a snapshot and verifies its access to network resources. With this function, network administrators can check
whether the services accessible to the terminal are as expected.
l Intelligent network verification also provides the verification task management function. A verification task contains the source
and destination information and the expected result. It is equivalent to a network verification case.
Page 114 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Intelligent Network Verification –
Subnet Reachability on Fabrics
l Intelligent network verification is
applicable to the fabric scenario. In this
scenario, reachability between overlay
subnets can be verified and verification
results can be displayed in a matrix.
Page 115 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Advanced Security Feature – Remote Attestation (RA)
Download and import
reference values
Huawei
NCE-Campus Support
(RA server)
1. Send a challenge request
Reference
2. Challenge values
2. Return PCR status values RA
server 3. Verify
RA
client 3. Return Portal
RA measurement logs O&M
client personnel
1. Measure
l Device (YunShan LSWs and ARs):
p Connects to NCE-Campus to report its information and receive configurations.
p Receives RA requests from NCE-Campus and uploads platform configuration register (PCR)
values to NCE-Campus.
l NCE-Campus:
p Manages and configures devices.
p Downloads PCR baseline files consisting of reference values from the Huawei Support website.
p Sends challenge requests to NEs to collect measured information and evaluates the campus
security based on the collected information.
l Huawei Support website:
p Saves RA baselines of devices.
Page 116TheCopyright RA process © 2023 Huawei involves Technologies three Co., steps: Ltd. All measurement, rights reserved. challenge, and verification.
Advanced Security Feature – RA
l NE trustworthiness dashboard
Page 117 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Modified in
Advanced Security Feature – NE/NMS Security R22C10
Situational Awareness
iMaster NCE-Campus
HiSec situation analysis component Single-domain security management Single-domain security
• NE/NMS intrusion detection
Situation Abnormal event O&M personnel
SOAR Zero trust • NE SOAR
display detection
NE (LSWs and ARs of V600 models):
l Connects to iMaster NCE-Campus and reports NE O&M logs.
iMaster NCE-Campus:
NE log
NMS AAA l Receives O&M logs from NEs and reports the logs to HiSec for exception detection and situation analysis.
module
l Receives O&M logs from the NMS and reports the logs to HiSec for exception detection and situation analysis.
The following NE situational awareness capabilities are supported:
l Rule-based abnormal login behavior detection: brute force cracking detection, login using a blacklisted IP
address, an unauthorized account, or a compromised account, and login through an uncommon path
l AI-based abnormal login behavior detection: login at unusual time, login using an unusual IP address or a
zombie account, abnormal number of login accounts, and abnormal login frequency
NE (LSWs and ARs of V600 models) l Abnormal behavior detection: unauthorized account creation, unauthorized password change, unauthorized
account activation (detected when the product has activation logs), password change violation, unauthorized
HSS
account deletion, unauthorized user permission change, and unauthorized operation attempt (requiring the NE
Intrusion detection to record authentication failure logs)
l Agent-based detection: file permission escalation, key file tampering, Rootkit attack, unauthorized superuser,
and shell file tampering.
The following NMS situational awareness capabilities are supported:
l Rule-based abnormal login behavior detection: brute force cracking detection, login using a blacklisted IP
address, an unauthorized account, or a compromised account, and login through an uncommon path
l Exception handling based on zero-trust evaluation, for example, blacklisting abnormal accounts
iMaster NCE-Campus supports SOAR. Specifically, it uses user-defined playbooks to perform security orchestration
based on the supported NE security threat alarms. The following security threat alarms can be processed using
playbooks:
l Brute force cracking detection, login using a blacklisted IP address, an unauthorized account, or a compromised
account, unauthorized account creation, unauthorized password change, unauthorized account activation
(detected when the product has activation logs), password change violation (skipping historical password
change mechanism), and unauthorized account deletion
Page 118 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Advanced Security Feature – NE Security Configuration
Check
l The controller can verify device security configurations, including insecure protocols, weak algorithms, and security
configuration items, to ensure NE security.
a. Insecure protocol: such as Telnet
b. Weak algorithm: such as the MD5 encryption algorithm
c. Insecure configuration: such as password authentication using SSH on port 22
Page 119 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. System O&M
2. Service O&M
3. PMI for cloud managed devices
Page 120 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Introduction to Device PMI
• iMaster NCE-Campus allows MSP administrators to inspect managed devices such as APs, ARs, switches, and
firewalls and generate PMI reports. This helps large- and medium-sized enterprises check existing network devices
and prevent faults.
• MSP administrators can perform device PMI on a per-tenant basis and obtain PMI reports.
Note: The controller supports built-in PMI scripts for the newly supported device models and versions.
Page 121 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
PMI Report Overview
• The device PMI report is in PDF format. The following figure shows an example.
Page 122 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
PMI Report (1/3)
• The summary chapter describes types of inspected devices, top 20 devices with the most problems, problem severity,
and main problem analysis and description.
• The following figure gives an example of the chart that demonstrates problem severities.
Page 123 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
PMI Report (2/3)
• The device PMI item and result summary chapter gives a PMI summary on a per-site basis, as shown in the
following figure.
Page 124 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
PMI Report (3/3)
• In the detailed device PMI report chapter, detailed PMI results are explained on a per-site basis, as shown in the
following figure.
Page 125 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Quiz
1. Which of the following statements about the system O&M capability are true?
A. A system administrator can check the cluster status.
B. A system administrator can perform a PMI on the system.
C. A system administrator can perform PMI on tenant devices.
2. Which of the following functions are applicable to SNMP-managed devices?
A. Terminal packet loss rate at sites
B. Trend of online Wi-Fi users
C. Device health status
D. Site health
E. WIDS interference detection
F. Diagnosis tools
Page 126 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Summary
• This course describes monitoring and O&M functions provided by iMaster
NCE-Campus.
• Upon completion of this course, you will have a deep understanding of these
monitoring and O&M functions.
Page 127 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
Page 128 Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
Note: The preview effect may be slightly different from the source document. You can download the document and view it on your PC.