configuration guide - network management(v200r002c00_02)

8/10/2019 Configuration Guide - Network Management(V200R002C00_02)

1/282

Huawei AR1200-S Series Enterprise Routers

V200R002C00

Configuration Guide - Network

Management

Issue 02

Date 2012-03-30

HUAWEI TECHNOLOGIES CO., LTD.


2/282

Copyright Huawei Technologies Co., Ltd. 2012. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written

consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the

customer. All or part of the products, services and features described in this document may not be within the

purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees or representations

of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the

preparation of this document to ensure accuracy of the contents, but all statements, information, and

recommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base

Bantian, Longgang

Shenzhen 518129

People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

Issue 02 (2012-03-30) Huawei Proprietary and Confidential

Copyright Huawei Technologies Co., Ltd.

i
http://www.huawei.com/


3/282

About This Document

Intended Audience

This document provides the basic concepts, configuration procedures, and configuration

examples in different application scenarios of the network management feature supported by

the AR1200-S.

This document describes how to configure the network management feature.

This document is intended for:

l Data configuration engineers

l Commissioning engineers

l Network monitoring engineers

l System maintenance engineers

Symbol Conventions

The symbols that may be found in this document are defined as follows.

Symbol Description

DANGER

Indicates a hazard with a high level of risk, which if not

avoided, will result in death or serious injury.

WARNINGIndicates a hazard with a medium or low level of risk, whichif not avoided, could result in minor or moderate injury.

CAUTION

Indicates a potentially hazardous situation, which if not

avoided, could result in equipment damage, data loss,

performance degradation, or unexpected results.

TIP Indicates a tip that may help you solve a problem or save

time.

NOTE Provides additional information to emphasize or supplement

important points of the main text.


Configuration Guide - Network Management About This Document



ii


4/282

Command Conventions

The command conventions that may be found in this document are defined as follows.

Convention Description

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[ ] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Optional items are grouped in braces and separated by

vertical bars. One item is selected.

[ x | y | ... ] Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.

{ x | y | ... }* Optional items are grouped in braces and separated by

vertical bars. A minimum of one item or a maximum of all

items can be selected.

[ x | y | ... ]* Optional items are grouped in brackets and separated by

vertical bars. Several items or no item can be selected.

& The parameter before the & sign can be repeated 1 to n times.

# A line starting with the # sign is comments.

Interface Numbering Conventions

Interface numbers used in this manual are examples. In device configuration, use the existing

interface numbers on devices.

Change History

Updates between document versions are cumulative. Therefore, the latest document versioncontains all updates made to previous versions.

Changes in Issue 02 (2012-03-30)

Based on issue 01 (2011-12-30), the document is updated as follows:

The following information is modified:

l 1.1.1 SNMP Overview

Changes in Issue 01 (2011-12-30)

Initial commercial release.


Configuration Guide - Network Management About This Document



iii


5/282

Contents

About This Document.....................................................................................................................ii

1 SNMP Configuration....................................................................................................................1

1.1 Introduction to SNMP........................................................................................................................................2

1.1.1 SNMP Overview........................................................................................................................................21.1.2 SNMP Features Supported by the AR1200-S...........................................................................................4

1.2 Configuring aDevice to Communicate with an NM Station by Running SNMPv1..........................................7

1.2.1 Establishing the Configuration Task.........................................................................................................7

1.2.2 Configuring Basic SNMPv1 Functions.....................................................................................................8

1.2.3 (Optional) Controlling the NM Station's Access to the Device...............................................................10

1.2.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................11

1.2.5 (Optional) Configuring the Trap Function..............................................................................................11

1.2.6 Checking the Configuration.....................................................................................................................12

1.3 Configuring aDevice to Communicate with an NM Station by Running SNMPv2c......................................14

1.3.1 Establishing the Configuration Task.......................................................................................................14

1.3.2 Configuring Basic SNMPv2c Functions.................................................................................................15





1.4 Configuring aDevice to Communicate with an NM Station by Running SNMPv3........................................22


1.4.2 Configuring Basic SNMPv3 Functions...................................................................................................23





1.5 SNMP Configuration Examples.......................................................................................................................30

1.5.1 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv1..............30

1.5.2 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv2c............34

1.5.3 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv3..............37

2 RMON Configuration.................................................................................................................42

2.1 Overview of RMON ........................................................................................................................................43


Configuration Guide - Network Management Contents



iv


6/282

2.1.1 Introduction to RMON............................................................................................................................43

2.1.2 RMON Suported by the AR1200-S.........................................................................................................43

2.2 Configuring RMON..........................................................................................................................................45


2.2.2 Enabling the RMON Statistics Function on the Interface.......................................................................46

2.2.3 Configuring the ethernetStatsTable.........................................................................................................47

2.2.4 Configuring the HistoryControlTable.....................................................................................................47

2.2.5 Configuring the EventTable....................................................................................................................48

2.2.6 Configuring the AlarmTable...................................................................................................................49

2.2.7 Configuring the PrialarmTable................................................................................................................49


2.3 RMON Configuration Examples......................................................................................................................52

2.3.1 Example for Configuring RMON............................................................................................................52

3 LLDP Configuration...................................................................................................................56

3.1 Introduction to LLDP.......................................................................................................................................57

3.2 LLDP FeatureSupported by the AR1200-S.....................................................................................................60

3.3 Configuring LLDP............................................................................................................................................63


3.3.2 Enabling Global LLDP............................................................................................................................64

3.3.3 (Optional) Disabling LLDP on an Interface............................................................................................64

3.3.4 (Optional) Configuring an LLDP Management Address........................................................................65

3.3.5 (Optional) Configuring the TLV in the LLDPDU...................................................................................66

3.3.6 (Optional) Configuring LLDP Timers.....................................................................................................673.3.7 (Optional) Enabling the LLDP Trap Function........................................................................................70


3.4 Maintaining LLDP............................................................................................................................................74

3.4.1 ClearingLLDP Statistics.........................................................................................................................74

3.4.2 Monitoring LLDP Status.........................................................................................................................74

3.5 ConfigurationExamples...................................................................................................................................74

3.5.1 Examplefor Configuring LLDP on the Device That Has a Single Neighbor.........................................75

3.5.2 Example for Configuring LLDP on the Device That Has Multiple Neighbors.......................................80

3.5.3 Example for Configuring LLDP on the Network Where Link Aggregation Is Configured....................86

4 CWMP Configuration.................................................................................................................94

4.1 CWMP Overview.............................................................................................................................................95

4.2 CWMP Features Supported by the AR1200-S.................................................................................................95

4.3 Configuring CWMP.........................................................................................................................................97


4.3.2 Enabling the CWMP Function................................................................................................................98

4.3.3 Configuring CWMP Auto-Connection....................................................................................................98

4.3.4 Setting CWMP Connection Parameters................................................................................................101

4.3.5 Configuring CWMP SSL.......................................................................................................................102

4.3.6 Checking the Configuration...................................................................................................................103





v


7/282

4.4 Configuration Examples.................................................................................................................................104

4.4.1 Example for Configuring CWMP..........................................................................................................104

5 NTP Configuration....................................................................................................................107

5.1 Overview of NTP............................................................................................................................................1085.1.1 Introduction to NTP...............................................................................................................................108

5.1.2 NTP Supported by the AR1200-S.........................................................................................................110

5.2 Configuring Basic NTP Functions.................................................................................................................111

5.2.1 Establishing the Configuration Task................................................................................ .....................111

5.2.2 Configuring the NTP Primary Clock.....................................................................................................112

5.2.3 Configuring the Unicast Client/Server Mode........................................................................................113

5.2.4 Configuring the Peer Mode...................................................................................................................114

5.2.5 Configuring the Broadcast Mode..........................................................................................................115

5.2.6 Configuring the Multicast Mode...........................................................................................................116

5.2.7 Disabling the Interface from Receiving NTP Packets...........................................................................117


5.3 Configuring NTP Security Mechanisms.........................................................................................................119


5.3.2 Setting NTP Access Authorities............................................................................................................120

5.3.3 Enabling NTP Authentication...............................................................................................................121

5.3.4 Configuring NTP Authentication in Unicast Client/Server Mode........................................................122

5.3.5 Configuring NTP Authentication in Peer Mode....................................................................................122

5.3.6 Configuring NTP Authentication in Broadcast Mode...........................................................................123

5.3.7 Configuring NTP Authentication in Multicast Mode............................................................................1235.3.8 Checking the Configuration...................................................................................................................124

5.4 NTP Configuration Examples........................................................................................................................125

5.4.1 Examplefor Configuring NTP Authentication in Unicast Server and Client Mode.............................125

5.4.2 Examplefor Configuring NTP Peer Mode............................................................................................129

5.4.3 Examplefor Configuring NTP Authentication in Broadcast Mode......................................................131

5.4.4 Examplefor Configuring Multicast Mode............................................................................................134

6 NQA Configuration..................................................................................................................137

6.1 Overview ofNQA............................................................................................................. .............................139

6.1.1 Introduction to NQA..............................................................................................................................1396.1.2 Comparisons Between NQA and Ping..................................................................................................139

6.1.3 NQA Server and NQA Clients..............................................................................................................140

6.1.4 NQA Supported by the AR1200-S........................................................................................................141

6.2 Configuring the ICMP Test............................................................................................................................142

6.2.1 Establishing the Configuration Task.....................................................................................................142

6.2.2 Configuring ICMP Test Parameters......................................................................................................142


6.3 Configuring the DHCP Test...........................................................................................................................145


6.3.2 Configuring DHCP Test Parameters.....................................................................................................146





vi


8/282


6.4 Configuring the FTP Download Test.............................................................................................................148


6.4.2 Configuring the FTP Download Test Parameters..................................................................................149


6.5 Configuring the FTP Upload Test..................................................................................................................151

6.5.1 Establishing the Configuration Task................................................................ .....................................151

6.5.2 Configuring the FTP Upload Test Parameters......................................................................................152


6.6 Configuring the HTTP Test............................................................................................................................154


6.6.2 Configuring HTTP Test Parameters......................................................................................................155


6.7 Configuring the DNS Test..............................................................................................................................158


6.7.2 Configuring the DNS Test Parameters..................................................................................................158


6.8 Configuring the Traceroute Test.....................................................................................................................160


6.8.2 Configuring Parameters for a Traceroute Test......................................................................................161


6.9 Configuring the SNMP Query Test................................................................................................................163

6.9.1 Establishing the Configuration Task.....................................................................................................1636.9.2 Configuring the SNMP Query Test Parameters....................................................................................163


6.10 Configuring the TCP Test.............................................................................................................................166

6.10.1 Establishing the Configuration Task...................................................................................................166

6.10.2 Configuring the TCP Server................................................................................................................166

6.10.3 Configuring the TCP Client.................................................................................................................167

6.10.4 Checking the Configuration.................................................................................................................168

6.11 Configuring the UDP Test............................................................................................................................169


6.11.2 Configuring the UDP Server...............................................................................................................170

6.11.3 Configuring the UDP Client................................................................................................................170


6.12 Configuring the Jitter Test............................................................................................................................172


6.12.2 Configuring the Jitter Server...............................................................................................................173

6.12.3 Configuring the Jitter Client................................................................................................................174


6.13 Configuring Universal NQA Test Parameters..............................................................................................176






vii


9/282

6.13.2 Configuring Universal Parameters for the NQA Test Instance...........................................................177


6.14 Configuring Round-Trip Delay Thresholds.................................................................................................182


6.14.2 Configuring Round-Trip Delay Thresholds........................................................................................183


6.15 Configuring Uni-directional Transmission Delay Thresholds.....................................................................184


6.15.2 Configuring Uni-directional Transmission Delay Thresholds............................................................185


6.16 Configuring the Trap Function.....................................................................................................................186


6.16.2 Sending Trap Messages When Test Failed..........................................................................................188

6.16.3 Sending Trap Messages When Probes Failed......................................................................................1886.16.4 Sending Trap Messages When Probes Are Complete Successfully....................................................189

6.16.5 Sending Trap Messages When the Transmission Delay Exceeds Thresholds....................................190


6.17 Configuring Test Results to Be Sent to the FTP Server...............................................................................191


6.17.2 Configuring Parameters for Connecting the FTP Server.....................................................................192

6.17.3 Enabling the Function of Saving NQA Test Results Through FTP.................................. ..................193

6.17.4 (Optional) Configuring the Number of Test Results Saved Through FTP..........................................193

6.17.5 (Optional) Configuring the Duration of Saving Test Results Through FTP.......................................194

6.17.6 (Optional) Enabling Alarms to Be Sent to the NM Station After the FTP Transmission Succeeds

........................................................................................................................................................................194

6.17.7 Starting the Test Instance....................................................................................................................195


6.18 Configuring a Threshold for the NQA Alarm..............................................................................................196


6.18.2 Configuring the Event Corresponding to the Alarm Threshold..........................................................197

6.18.3 Configuring the Alarm Threshold.......................................................................................................198

6.18.4 Starting the Test Instance....................................................................................................................198

6.18.5 Checking the Configuration.................................................................................................................1996.19 MaintainingNQA.........................................................................................................................................200

6.19.1 Restarting NQA Test Instances...........................................................................................................200

6.19.2 Clearing NQA Statistics......................................................................................................................201

6.20 NQA Configuration Examples.....................................................................................................................201

6.20.1 Example for Configuring the ICMP Test............................................................................................201

6.20.2 Example for Configuring the DHCP Test...........................................................................................203

6.20.3 Example for Configuring the FTP Download Test.............................................................................204

6.20.4 Example for Configuring the FTP Upload Test..................................................................................206

6.20.5 Example for Configuring the HTTP Test............................................................................................209

6.20.6 Example for Configuring the DNS Test..............................................................................................210





viii


10/282

6.20.7 Example for Configuring the Traceroute Test.....................................................................................212

6.20.8 Example for Configuring the SNMP Query Test................................................................................214

6.20.9 Example for Configuring the TCP Test...............................................................................................216

6.20.10 Example for Configuring the UDP Test............................................................................................218

6.20.11 Example for Configuring the Jitter Test............................................................................................220

6.20.12 Example for Configuring NQA to Check VoIP Service Jitter................................................. .........222

6.20.13 Example for Sending Trap Message When Transmission Delay Exceeds Thresholds.....................225

6.20.14 Example for Configuring Test Results to Be Sent to the FTP Server...............................................228

6.20.15 Example for Configuring a Threshold for the NQA Alarm..............................................................231

7 NetStream Configuration.........................................................................................................234

7.1 Overview ofNetStream..................................................................................................................................235

7.2 NetStream Supported by the AR1200-S.........................................................................................................236

7.3 Collecting theStatistics of IPv4 Unicast Original Traffic..............................................................................237


7.3.2 Configuring the Version of Exported Packets.......................................................................................238

7.3.3 Setting the Destination Address of the Statistics...................................................................................238

7.3.4 (Optional) Aging the TCP Traffic According to Its FIN or RST Flag..................................................239

7.3.5 (Optional) Configuring the Inactive Aging Time .................................................................................239

7.3.6 (Optional) Configuring the Active Aging Time....................................................................................239

7.3.7 Enabling NetStream on an Interface......................................................................................................240


7.4 Collecting theStatistics of IPv4 Multicast Original Traffic...........................................................................241


7.4.2 Configuring the Format of the Output Statistics...................................................................................242

7.4.3 Outputting the Statistics.........................................................................................................................243



7.4.6 Enabling NetStream for Multicast Traffic on an Interface....................................................................244


7.5 Configuring the Aggregation Statistics About IPv4 Traffic...........................................................................245


7.5.2 Configuring the Aggregation Function..................................................................................................2467.5.3 Configuring the Version of Exported Packets.......................................................................................247

7.5.4 Configuring the Export of Statistics......................................................................................................247


7.5.6 (Optional) Configuring the Active Aging Time ...................................................................................248

7.5.7 Enabling NetStream on an Interface......................................................................................................249


7.6 Configuring the Flexible NetStream Feature..................................................................................................250


7.6.2 Creatinga Record and Entering the Record View.................................................................................251

7.6.3 Configuring the Version of Exported Packets.......................................................................................251





ix


11/282

7.6.4 Setting the Destination Address of the Statistics...................................................................................252



7.6.7 Enabling Flexible NetStream on Interfaces...........................................................................................253


7.7 Collecting the Statistics of RPF Traffic..........................................................................................................255


7.7.2 Configuring the Format of the Output Statistics...................................................................................256

7.7.3 Outputting the Statistics.........................................................................................................................256



7.7.6 Enabling the Traffic Statistics Function of RPF....................................................................................257


7.8 Maintaining NetStream...................................................................................................................................259

7.8.1 Resetting the Statistics Collected Through NetStream..........................................................................259

7.9 Example for Configuring NetStream..............................................................................................................259

7.9.1 Example for Collecting the Statistics of IPv4 Unicast Traffic..............................................................259

7.9.2 Example for Configuring NetStream of IPv4 Aggregation Traffic.......................................................261

7.9.3 Example for Configuring Flexible NetStream Traffic Statistics...........................................................264

8 Ping and Tracert.........................................................................................................................268

8.1 Ping and Tracert Overview.............................................................................................................................269

8.1.1 Introduction to Ping and Tracert............................................................................................................269

8.2 Configuring Ping and Tracert.........................................................................................................................269


8.2.2 Applying Ping to Test the Network Connection...................................................................................270

8.2.3 Applying Tracert to Locate Faults in the Network................................................................................271





x


12/282

1SNMP ConfigurationAbout This Chapter

The Simple Network Management Protocol (SNMP) is a standard network management protocol

widely used on TCP/IP networks. It uses a central computer (a network management station)

that runs network management software to manage network elements. There are three SNMP

versions, SNMPv1, SNMPv2c, and SNMPv3. You can configure one or more versions, if

needed.

1.1 Introduction to SNMP

SNMP provides a set of standard protocols for the communication between the network

management station (NM station) and devices, allowing the NM station to normally managedevices and receive alarms reported by the devices.

1.2 Configuring a Device to Communicate with an NM Station by Running SNMPv1

After SNMPv1 is configured, a managed device and an NM station can run SNMPv1 to

communicatewith each other. To ensure normal communication, you need to configure both

sides. This section describes only the configurations on a managed device (the agent side). For

details about configurations on an NM station, see the pertaining NM station operation guide.

1.3 Configuring a Device to Communicate with an NM Station by Running SNMPv2c

After SNMPv2c is configured, a managed device and an NM station can run SNMPv2c to

communicate with each other. To ensure normal communication, you need to configure both



1.4 Configuring a Device to Communicate with an NM Station by Running SNMPv3





1.5 SNMP Configuration Examples

This section provides several configuration examples of SNMP. The configuration roadmap in

the examples will help you understand the configuration procedures. Each configuration

example provides information about the networking requirements, configuration notes, and

configuration roadmap.


Configuration Guide - Network Management 1 SNMP Configuration



1


13/282

1.1 Introduction to SNMP

SNMP provides a set of standard protocols for the communication between the network

management station (NM station) and devices, allowing the NM station to normally manage

devices and receive alarms reported by the devices.

1.1.1 SNMP Overview

Get and Set operations can be performed on a managed device that runs the SNMP agent to

manage device objects by NM stations These objects are uniquely identified in the Management

Information Base (MIB).

As network services develop, more devices are deployed on existing networks. The devices are

not close to the central equipment room where a network administrator works. When faults occur

on the remote devices, the network administrator cannot detect, locate or rectify faults

immediately because the devices do not report the faults. This affects maintenance efficiency

and greatly increases maintenance workload.

To solve this problem, equipment vendors have provided network management functions in

some products. These functions allow the NM station to query the status of remote devices, and

devices can send alarms to the NM station in the case of particular events.

SNMP operates at the application layer of the IP suite and defines how to transmit management

information between the NM station and devices. SNMP defines several device management

operations that the NM station can perform and allows devices to send alarms to notify the NM

station of device faults.

An SNMP-managed network consists of three components: NM station, agent, and manageddevice. The NM station uses the MIB to identify and manage device objects. The operations

used for device management include GetRequest, GetNextRequest, GetResponse, GetBulk,

SetRequest, and notification from the agent to the NM station. The following sections give details

on the components, MIB, and operations.

SNMP Components

SNMP device management uses the following three components:

l NM station: sends various query packets to query managed devices and receives alarms

from these devices.

l Agent: is a network-management process on a managed device. An agent has the followingfunctions:

Receives and parses query packets sent from the NM station.

Reads or writes management variables based on the query type, and generates and sends

response packets to the NM station.

Sends an alarm to the NM station when triggering conditions defined on each protocol

module corresponding to the alarm are met. For example, the system view is displayed

or closed, or the device is restarted.

l Managed device: is managed by an NM station and generates and reports alarms to the NM

station.

Figure 1-1shows the relationship between the NM station and agent.





2


14/282

Figure 1-1SNMP structure

UDP Port161

Request

Response

NM Station Agent

NM Station Agent

UDP Port162

Trap

MIB

SNMP uses a hierarchicalnaming convention to identify managed objects and to distinguish

between managed objects. This hierarchical structure is similar to a tree with the nodes

representing managed objects, Figure 1-2shows a managed object that can be identified by the

path from the root to the node representing it.

Figure 1-2Structure of a MIB tree

A

2

6

1

5

21

1

2

1

B

As shown in Figure 1-2, object B is uniquely identified by a string of numbers, {1.2.1.1}. Such

a number string is called an Object Identifier (OID). A MIB tree is used to describe the hierarchy

of data in a MIB that collects the definitions of variables on the managed devices.

A user can use a standard MIB or define a MIB based on certain standards. Using a standard

MIB can reduce the costs on proxy deployment and therefore reduce the costs on the entire

network management system.

SNMP Operations

SNMP uses Get and Set operations to replace a complex command set. The operations described

in Figure 1-3can implement all functions.





3


15/282

Figure 1-3Schematic diagram of SNMP operations

UDP Port161

NM Station Agent

UDP Port162

get-request

get-response

get-next-requestget-response

set-request

get-response

trap

Table 1-1gives details on the SNMP operations.

Table 1-1SNMP operations

Operation Function

GetRequest Retrieves the value of a variable. The NM station sends the

request to a managed device to obtain the value of an object

on the device.

GetNextRequest Retrieves the value of the next variable. The NM station

sends the request to a managed device to obtain the status

of the next object on the device.

GetResponse Responds to GetRequest, GetNextRequest, andSetRequest operations. It is sent from the managed device

to the NM station.

GetBulk Request from the NMS-to-agent, equaling continuous

GetNextRequest operations.

SetRequest Sets the value of a variable. The NM station sends the

request to a managed device to adjust the status of an object

on the device.

Trap Reports an event to the NM station.

NOTE

SNMP is used for NM station's monitoring and management of network devices. It cannot be used to

monitor and manage the operation of the entire network. To monitor and manage the operation of an entire

network, for example, to learn network performance or collect network statistics, see the Configuration

Guide - Network Managementfor details about the configurations of NetStream, and fault and performance

management.

1.1.2 SNMP Features Supported by the AR1200-S

This section compares SNMP versions in terms of their support for features and usage scenarios.Use it as a reference when you select the SNMP version during network deployment.





4


16/282

The AR1200-S supports SNMPv1, SNMPv2c, and SNMPv3. Table 1-2lists the features

supported by SNMP, and Table 1-3shows the support of different SNMP versions for the

features. Table 1-4describes the usage scenarios of SNMP versions, which will help you choose

a proper version for the communication between an NM station and managed devices based on

the network operation conditions.

NOTE

When multiple NM stations using different SNMP versions manage the same device in a network,

SNMPv1, SNMPv2c, and SNMPv3 can all be configured on the device for its communication with all the

NM stations.

Table 1-2Description of features supported by SNMP

Feature Description

Access control Restricts a user's device administration rights.

It gives specific users the rights to managespecified objects on devices and therefore

provides fine management.

Authentication and encryption Authenticates and encrypts the packets

transmitted between the NM station and

managed devices. This prevents data packets

from being intercepted or modified,

improving data sending security.

Error code Identifies particular faults. An administrator

uses error codes to quickly locate and rectify

faults. The more error codes received, the

more they help an administrator in devicemanagement.

Trap Sent from managed devices to the NM

station. These traps allow an administrator to

discover device faults immediately.

After sending traps, the managed devices do

not require the acknowledgement from the

NM station.

GetBulk Allows an administrator to perform GetNext

operation in batches. In a large-scale network,

GetBulk reduces the administrator'sworkload and improves management

efficiency.

Table 1-3Different SNMP versions' support for the features

Feature SNMPv1 SNMPv2c SNMPv3

Access control Community-name-

based access control

supported

Community-name-


supported

User or user-group-


supported





5


17/282

Feature SNMPv1 SNMPv2c SNMPv3

Authentication and

encryption

Not supported Not supported Supported, and the

supported

authentication and

encryption modes are

as follows:

Authentication

mode:

l MD5

l SHA

Encryption mode:

DES56

Error code 6 error codes

supported

16 error codes

supported

16 error codes

supported

Trap Supported Supported Supported

GetBulk Not supported Supported Supported

Table 1-4Usage scenarios of different SNMP versions

Version Usage Scenario

SNMPv1 Applies to small-scale networks whose

networking is simple and securityrequirements are low or whose security and

stability are good, such as campus networks

and small enterprise networks.

SNMPv2c Applies to medium and large-scale networks

whose security requirements are not strict or

whose security is good (for example, VPNs)

but whose services are so busy that traffic

congestion may occur.

SNMPv3 This version is applicable to networks of

various scales, especially the networks that

have strict requirements on security and can

be managed only by authorized

administrators, such as the scenario where

data between the NM station and managed

devices needs to be transmitted over a public

network.

If you plan to build a new network, choose an SNMP version based on your usage scenario. If

you plan to expand or upgrade an existing network, choose an SNMP version to match the SNMP

version running on the NM station to ensure the normal communication between manageddevices and the NM station.





6


18/282

1.2 Configuring a Device to Communicate with an NMStation by Running SNMPv1





The NM station manages a device in the following manners:

l Sends requests to the managed device to perform the GetRequest, GetNextRequest,

GetResponse, GetBulk, or SetRequest operation, obtaining data and setting values.

l Receives alarms from the managed device and locates and rectify device faults based on

the alarm information.

In the following configuration, after basic SNMP functions are configured, the NM station can

manage the device in these manners. For details on how to configure finer management such as

accurate access control or alarm module specification, see the following configuration

procedures.

1.2.1 Establishing the Configuration Task

Before configuring a device to communicate with an NM station by running SNMPv1,

familiarize yourself with the applicable environment, complete the pre-configuration tasks, and

obtain the data required for the configuration. This will help you complete the configuration task

quickly and accurately.

Applicable Environment

SNMP needs to be deployed in a network to allow the NM station to manage network devices.

If the network has a few devices and its security is good, such as a campus network or a small

enterprise network, SNMPv1 can be deployed to ensure the normal communication between the

NM station and managed devices.

Pre-configuration Tasks

Before configuring a device to communicate with an NM station by running SNMPv1, complete

the following task:

l Configuring a routing protocol to ensure that the router and NM station are routable

Data Preparation

Before configuring a device to communicate with an NM station by running SNMPv1, you need

the following data.

No. Data

1 SNMP version, SNMP community name, destination address of alarm messages, and

administrator's contact information and location





7


19/282

No. Data

2 (Optional) ACL number, IP address of the NM station, and MIB object

3 (Optional) Name of the alarm-sending module, source address of trap messages,

queue length for trap messages, and lifetime of trap messages

1.2.2 Configuring Basic SNMPv1 Functions

After basic SNMP functions are configured, an NM station can perform basic operations such

as Get and Set operations on a managed device, and the managed device can send alarms to the

NM station.

ContextSteps 3, 4, 5, 6are mandatory for the configuration of basic SNMP functions. After the

configurations are complete, basic SNMP communication can be conducted between the NM

station and managed device.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 (Optional) Run:

snmp-agent

The SNMP agent function is enabled.

By default, the SNMP agent function is disabled. Running any command with the parameter

snmp-agentcan enable the SNMP agent function, so this step is optional.

Step 3 Run:

snmp-agent sys-infoversionv1

The SNMP version is set.

By default, SNMPv1, SNMPv2c, and SNMPv3 are enabled.

Step 4 Run:

snmp-agent community{ read|write} community-name

The community name is set.

l readmust be configured in the command if the NM station administrator requires the read

permission in a specified view in some cases. For example, a low-level administrator must

read certain data.

l writemust be configured in the command if the NM station administrator requires the read

and write permissions in a specified view in some cases. For example, a high-leveladministrator must read and write certain data.





8


20/282

After the community name is set, if no MIB view is configured, the NM station that uses the

community name has rights to access objects in the Viewdefault view.

Step 5 Run:

snmp-agent target-host trap-paramsnameparamsnamev1securitynamesecurityname[

binding-private-value] [private-netmanager]

The parameters of the trap messages sent from device are configured.

Step 6 Run:

snmp-agent target-host trap-hostnamehostnameaddressipv4-addr[ udp-portudp-

portid] [public-net| vpn-instancevpn-instance-name] trap-paramsnameparamsname

The destination address for the alarms and error codes sent from the device is configured.

The descriptions of the command parameters are as follows:

l The default destination UDP port number is 162. In some special cases (for example, port

mirroring is configured to prevent a well-known port from being attacked), the parameterudp-portcan be used to specify an unknown UDP port number. This ensures normal

communication between the NM station and managed device.

l If the alarms sent from the managed device to the NM station must be transmitted over a

public network, the parameter public-netmust be configured. If the alarms sent from the

managed device to the NM station must be transmitted over a private network, the parameter

vpn-instancevpn-instance-namemust be used to specify a VPN that takes over the sending

task.

Step 7 (Optional) Run:

snmp-agent sys-info{ contactcontact| locationlocation}

The equipment administrator's contact information or location is configured.

This step is required when the NM station administrator must know equipment administrators'

contact information and locations when the NM station manages many devices. This allows the

NM station administrator to contact the equipment administrators quickly for fault location and

rectification.

To configure both the equipment administrator's contact information and location, you must run

the command twice to configure them separately.

----End

Follow-up Procedure

If finer device management is required, follow directions below to configure a managed device:

l To allow a specified NM station that uses the community name to manage specified objects

on the device, follow the procedure described in Controlling the NM Station's Access to

the Device.

l To allow a specified module on the managed device to report alarms to the NM station,

follow the procedure described in Configuring the Trap Function.

l If the NM station and managed device are both Huawei products, follow the procedure

described in Enabling the SNMP Extended Error Code Functionto allow the device to

send more types of error codes. This allows more specific error identification and facilitatesyour fault location and rectification.





9


21/282

1.2.3 (Optional) Controlling the NM Station's Access to the Device

This section describes how to specify an NM station and manageable MIB objects for SNMP-

based communication between the NM station and managed device to improve communication

security.

Context

If a device is managed by multiple NM stations that use the same community name, note the

following points:

l If all the NM stations that use the community name need to have rights to access the objects

in the Viewdefault view (1.3.6.1), skip the following steps.

l If some of the NM stations that use the community name need to have rights to access the

objects in the Viewdefault view (1.3.6.1), skip Step5.

l If all the NM stations need to manage specified objects on the device, skip Step2, Step3,

and Step4.

l If some of the NM stations that use the community name need to manage specified objects

on the device, perform all the following steps.

Procedure

Step 1 Run:system-view


Step 2 Run:

aclacl-number

A basic ACL is created to filter the NM station users that can manage the device.

Step 3 Run:rule[ rule-id] { deny|permit} source{ source-ip-addresssource-wildcard|

any}

A rule is added to the ACL.

Step 4 Run:quit

Return to the system view.

Step 5 Run:snmp-agent mib-viewview-name{ include| exclude} subtree-name[maskmask]

A MIB view is created, and manageable MIB objects are specified.

By default, an NM station has rights to access the objects in the Viewdefault view (1.3.6.1).

l If a few MIB objects on a device or some objects in the current MIB view do not or no longer

need to be managed by the NM station, excludeneeds to be specified in the related command

to exclude these MIB objects.

l If a few MIB objects on the device or some objects in the current MIB view need to be

managed by the NM station, includeneeds to be specified in the related command to includethese MIB objects.





10


22/282

Step 6 Run:snmp-agent community{ read|write} community-name[mib-viewview-name| aclacl-

number]*

The NM station's access rights are specified.

l readneeds to be configured in the command if the NM station administrator needs the read

permission in the specified view in some cases. For example, a low-level administrator needs

to read certain data. writeneeds to be configured in the command if the NM station

administrator needs the read and write permissions in the specified view in some cases. For

example, a high-level administrator needs to read and write certain data.


objects in the Viewdefault view (1.3.6.1), mib-viewview-namedoes not need to be

configured in the command.

l If all the NM stations that use the community name need to manage specified objects on the

device, aclacl-numberdoes not need to be configured in the command.

l

If some of the NM stations that use the community name need to manage specified objectson the device, both mib-viewand aclneed to be configured in the command.

----End

Follow-up Procedure

After the access rights are configured, especially after the IP address of the NM station is

specified, if the IP address changes (for example, the NM station changes its location, or IP

addresses are reallocated due to network adjustment), you need to change the IP address of the

NM station in the ACL. Otherwise, the NM station cannot access the device.

1.2.4 (Optional) Enabling the SNMP Extended Error Code FunctionThis section describes how to enable the extended SNMP error code function when both the NM

station and managed device are Huawei products. After this function is enabled, more types of

error codes are provided to help you locate and rectify faults more quickly and accurately.

Procedure



Step 2 Run:snmp-agent extend error-code enable

The SNMP extended error code function is enabled.

By default, SNMP standard error codes are used. After the extended error code function is

enabled, extended error codes can be sent to the NM station.

----End

1.2.5 (Optional) Configuring the Trap Function

This section describes how to specify the alarms to be sent to the NM station, which will help

you to locate important problems. After relevant parameters are set, the security of alarm sendingcan be improved.





11


23/282

Procedure

Step 1 Run:

system-view


Step 2 Run:snmp-agent trap enable

Alarm sending is enabled.

Step 3 Run:

snmp-agent trap sourceinterface-typeinterface-number

The source interface for trap messages is specified.

After the source interface is specified, its IP address becomes the source IP address of trap

messages. Configuring the IP address of the local loopback interface as the source interface isrecommended, which can ensure device security.

The source interface specified on the router for trap messages must be consistent with that

specified on the NM station; otherwise, the NM station will not accept the trap messages sent

from the router.

Step 4 Run:

snmp-agent trap queue-sizesize

The length of the queue storing trap messages to be sent to the destination host is set.

The queue length depends on the number of generated trap messages. If the router frequently

generates trap messages, a longer queue length can be set to prevent trap messages from beinglost.

Step 5 Run:snmp-agent trap lifeseconds

The lifetime of every trap message is set.

The lifetime of every trap message depends on the number of generated trap messages. If the

router frequently generates trap messages, a longer lifetime can be set for every trap message to

prevent trap messages from being lost.

----End

1.2.6 Checking the Configuration

After SNMPv1 functions are configured, you can view the SNMPv1 configurations.

Prerequisites

The configurations of basic SNMPv1 functions are complete.

Procedure

l

Run the display snmp-agent community{ read| write} command to check theconfigured community name.





12


24/282

l Run the display snmp-agent sys-infoversioncommand to check the enabled SNMP

version.

l Run the display aclacl-numbercommand to check the rules in the specified ACL.

l Run the display snmp-agent mib-viewcommand to check the MIB view.

l Run the display snmp-agent sys-infocontactcommand to check the equipment

administrator's contact information.

l Run the display snmp-agent sys-infolocationcommand to check the location of the

device.

l Run the display current-configuration| includetrapcommand to check trap

configurations.

l Run the display snmp-agent extend error-code statuscommand to check whether the

SNMP extended error code feature is enabled.

----End

Example

When the configuration is complete, run the display snmp-agent community readcommand.

You can view the configured community name. display snmp-agent community read Community name:

huawei

Storage type: nonVolatileView name: ViewDefault

Acl: 2001

Total number is 1

Run the display snmp-agent sys-info versioncommand. You can view the SNMP version

running on the agent. display snmp-agent sys-info version

SNMP version running in the system: SNMPv1

Run the display aclacl-numbercommand. You can view the rules in the specified ACL. displayacl2000Basic ACL 2000, 1 rule

Acl's step is 5

rule 5 permit source 1.1.1.1 0

Run the display snmp-agent mib-viewcommand. You can view the MIB view. display snmp-agent mib-view View name:ViewDefault

MIB Subtree:internet

Subtree mask: Storage type: nonVolatile

View Type:included

View status:active

View name:ViewDefault MIB Subtree:snmpUsmMIB

Subtree mask:

Storage type: nonVolatile View Type:excluded

View status:active

View name:ViewDefault

MIB Subtree:snmpVacmMIB Subtree mask:

Storage type: nonVolatile

View Type:excluded

View status:active View name:ViewDefault





13


25/282


26/282

Applicable Environment

SNMP needs to be deployed in a network to allow the NM station to manage network devices.

If your network is a large scale with many devices and its security requirements are not strict or

its security is good (for example, a VPN network) but services on the network are so busy thattraffic congestion may occur, SNMPv2c can be deployed to ensure communication between the

NM station and managed devices.

Pre-configuration Tasks

Before configuring a device to communicate with an NM station by running SNMPv2c, complete

the following task:

l Configuring a routing protocol to ensure that the router and NM station are routable

Data Preparation

Before configuring a device to communicate with an NM station by running SNMPv2c, you

need the following data.

No. Data

1 SNMP version, SNMP community name, address of the alarm destination host, and

administrator's contact information and location

2 (Optional) ACL number, IP address of the NM station, MIB object

3 (Optional) Name of the alarm-sending module, source address of trap messages,

queue length for trap messages, and lifetime of trap messages

1.3.2 Configuring Basic SNMPv2c Functions

After basic SNMP functions are configured, an NM station can perform basic operations such

as Get and Set operations on a managed device, and the managed device can send alarms to the

NM station.

Context

Steps 3, 4, 5, 6, and 7are mandatory for the configuration of basic SNMP functions. After the

configurations, basic SNMP communication can be conducted between the NM station and

managed device.

Procedure



Step 2 (Optional) Run:snmp-agent

The SNMP agent function is enabled.





15


27/282

By default, the SNMP agent function is disabled. Running any command with the parameter

snmp-agentcan enable the SNMP agent function, so this step is optional.

Step 3 Run:snmp-agent sys-infoversionv2c

The SNMP version is set.

By default, SNMPv1, SNMPv2c, and SNMPv3 is enabled.

Step 4 Run:snmp-agent community{ read|write} community-name

The community name is set.

l readmust be configured in the command if the NM station administrator requires the read

permission in a specified view in some cases. For example, a low-level administrator must

read certain data.

l writemust be configured in the command if the NM station administrator requires the read

and write permissions in a specified view in some cases. For example, a high-level

administrator must read and write certain data.

After the community name is set, if no MIB view is configured, the NM station that uses the

community name has rights to access objects in the Viewdefault view.

Step 5 Run:snmp-agent target-host trap-paramsnameparamsnamev2csecuritynamesecurityname[binding-private-value] [private-netmanager]

The parameters of the trap messages sent from device are configured.

Step 6 Run:snmp-agent target-host trap-hostnamehostnameaddressipv4-addr[ udp-portudp-

portid] [public-net| vpn-instancevpn-instance-name] trap-paramsnameparamsname

The destination address for the alarms and error codes sent from the device is configured.

The descriptions of the command parameters are as follows:

l The default destination UDP port number is 162. In some special cases (for example, port

mirroring is configured to prevent a well-known port from being attacked), the parameter

udp-portcan be used to specify a non-well-known UDP port number. This ensures normal

communication between the NM station and managed device.

l If the alarms sent from the managed device to the NM station need to be transmitted over a

public network, the parameter public-netneeds to be configured. If the alarms sent from themanaged device to the NM station need to be transmitted over a private network, the

parameter vpn-instancevpn-instance-nameneeds to be used to specify a VPN that will take

over the sending task.

Step 7 (Optional) Run:snmp-agent sys-info{ contactcontact| locationlocation}

The equipment administrator's contact information or location is configured.

This step is required when the NM station administrator must know equipment administrators'

contact information and locations when the NM station manages many devices. This allows the

NM station administrator to contact the equipment administrators quickly for fault location andrectification.





16


28/282

To configure both the equipment administrator's contact information and location, you must run

the command twice to configure them separately.

----End

Follow-up Procedure

If finer device management is required, follow directions below to configure the managed

device:

l To allow a specified NM station that uses the community name to manage specified objects

of the device, follow the procedure described in Controlling the NM Station's Access to

the Device.

l To allow a specified module on the managed device to report alarms to the NM station,

follow the procedure described in Configuring the Trap Function.

l If the NM station and managed device are both Huawei products, follow the procedure

described in Enabling the SNMP Extended Error Code Functionto allow the device to

send more types of error codes. This allows more specific error identification and facilitates

your fault location and rectification.

1.3.3 (Optional) Controlling the NM Station's Access to the Device

This section describes how to specify an NM station and manageable MIB objects for SNMP-

based communication between the NM station and managed device to improve communication

security.

Context

If a device is managed by multiple NM stations that use the same community name, note the

following points:

l If all the NM stations that use the community name need to have rights to access the objects

in the Viewdefault view (1.3.6.1), skip the following steps.


objects in the Viewdefault view (1.3.6.1), skip Step5.

l If all the NM stations need to manage specified objects on the device, skip Step2, Step3,

and Step4.

l If some of the NM stations that use the community name need to manage specified objects

on the device, perform all the following steps.

Procedure



Step 2 Run:aclacl-number

A basic ACL is created to filter the NM station users that can manage the device.

Step 3 Run:

rule[ rule-id] { deny|permit} source{ source-ip-addresssource-wildcard|any}





17


29/282

A rule is added to the ACL.

Step 4 Run:

quit

Return to the system view.

Step 5 Run:

snmp-agent mib-viewview-name{ include| exclude} subtree-name[maskmask]

A MIB view is created, and manageable MIB objects are specified.

By default, an NM station has rights to access the objects in the Viewdefault view (1.3.6.1).

l If a few MIB objects on a device or some objects in the current MIB view do not or no longer

need to be managed by the NM station, excludeneeds to be specified in the related command

to exclude these MIB objects.

l If a few MIB objects on the device or some objects in the current MIB view need to be

managed by the NM station, includeneeds to be specified in the related command to include

these MIB objects.

Step 6 Run:

snmp-agent community{ read|write} community-name[mib-viewview-name| aclacl-

number]*

The NM station's access rights are specified.

l readneeds to be configured in the command if the NM station ad

configuration guide - network management(v200r002c00_02)

Documents