Table 3-1 provides the data plan for configuring the outband NMS.
Table 3-1 Data plan for configuring the outband NMS
Item Data
Maintenance network port (ETH) of the MA5600T
IP address: 10.10.20.1/24
NMS (Primary) IP address: 10.10.21.1/24
(Secondary) IP address: 10.10.21.2/24
SNMP version V1
Router port connecting to the MA5600T IP address: 10.10.20.254/24
Configuration Flowchart
Figure 3-2 shows the flowchart for configuring the outband NMS.
Figure 3-2 Flowchart for configuring the outband NMS
Start
Set the IP address of the maintenance network port
Add a route for the outband NMS
Set the SNMP parameters
Enable trap sending
Set the IP address of the target host for traps
Set the source address for traps sending
Save the data
End
NOTE
l This topic describes how to configure only the MA5600T. To set up the network connection, you also need to configure the router.
l If the Telnet environment is set up according to "1.4 Configuring the Terminal Through the Outband Management Channel ", skip steps 1 and 2.
Procedure
Step 1 Set the IP address of the maintenance network port.
huawei(config)#interface meth 0
huawei(config-if-meth0)#ip address 10.10.20.1 255.255.255.0
Step 2 Add a route for the outband NMS.
huawei(config-if-meth0)#quit
huawei(config)#ip route-static 10.10.21.0 24 10.10.20.254
Step 3 Set the SNMP parameters:
l Create the community name
huawei(config)#snmp-agent community read public huawei(config)#snmp-agent community write private l Set the administrator ID and contact
huawei(config)#snmp-agent sys-info contact HW-075528780808 l Set the system location
huawei(config)#snmp-agent sys-info location Shenzhen_China l Set the SNMP version
NOTE
The setting of the MA5600T should match with the settings in the N2000.
huawei(config)#snmp-agent sys-info version v1
Step 4 Enable trap sending.
huawei(config)#snmp-agent trap enable standard
Step 5 Set the IP address of the target host for traps.
huawei(config)#snmp-agent target-host trap address 10.10.21.1 securityname private huawei(config)#snmp-agent target-host trap address 10.10.21.2 securityname private
Step 6 Set the IP address of the maintenance network port as the source address for traps sending.
huawei(config)#snmp-agent trap source meth 0
Step 7 Save the data.
huawei(config)#save
----End
Result
After the configuration, you can manage the MA5600T through the N2000.
3.4 Configuration Example of an Inband NMS
This topic describes how to connect the MA5600T to the N2000 through the GE port. You can then maintain and manage the MA5600T through an inband management channel. In the inband NMS mode, the NMS interactive information is transmitted through the service channel of the device. For the flexible networking of the inband NMS mode, no additional device is required.
Thus, it saves cost, however, it is not easy to maintain.
Networking
Figure 3-3 shows an example network for configuring the inband NMS.
The NMS maintains and manages the MA5600T through the upstream port in the inband NMS mode. The primary NMS and the secondary NMS exist in the network. Add a static route to the NMS on the MA5600T, and configure the parameters related to SSMPV3.
Figure 3-3 Example network for configuring the inband NMS
MA5600T SCU
ETH
CON GE 0/19/0
PC
ESC
Router
Data Plan
Table 3-2 provides the data plan for configuring the inband NMS.
Table 3-2 Data plan for configuring the inband NMS
Item Data
Inband NMS port of the MA5600T IP address: 10.10.20.1/24
NMS IP address of the primary NMS:
10.10.21.1/24
IP address of the secondary NMS:
10.10.21.2/24
Router port connecting to the MA5600T IP address: 10.10.20.254/24
SNMP Agent Version: V3
User name: user1 Group name: group1 View name: hardy
Configuration Flowchart
Figure 3-4 shows the flowchart for configuring the inband NMS.
Figure 3-4 Flowchart for configuring the inband NMS
Start
Set the IP address of the inband NMS port
Add a route for the inband NMS
Set the SNMP parameters
Enable traps sending
Set the IP address of the target host for traps
Set the source address for traps sending
Save the data
End
NOTE
l This topic describes how to configure only the MA5600T. To set up the network connection, you also need to configure the router.
l If the Telnet environment is set up according to "1.4 Configuring the Terminal Through the Outband Management Channel ", skip steps 1 and 2.
Procedure
Step 1 Set the IP address of the inband NMS port.
l Create an NMS VLAN
huawei(config)#vlan 1000 standard l Add the upstream port to the VLAN
huawei(config)#port vlan 1000 0/9 0 l Enter the VLAN interface mode
huawei(config)#interface vlanif 1000 l Set the IP address of the VLAN interface
huawei(config-if-vlanif1000)#ip address 10.10.20.2 255.255.255.0
Step 2 Add a route for the inband NMS.
huawei(config)#ip route-static 10.10.21.0 24 10.10.20.254
Step 3 Set the SNMP parameters.
l Set the SNMP version
NOTE
The setting of the MA5600T should match with the settings. Assume that the N2000 adopts SNMP V3.
huawei(config)#snmp-agent sys-info version v3 l Set the SNMP user
huawei(config)#snmp-agent usm-user v3 user1 group1 authentication-mode md5 authkey privacy-mode des56 prikey
l Set the SNMP group
huawei(config)#snmp-agent group v3 group1 privacy read-view hardy write-view hardy
Step 4 Enable the traps sending.
huawei(config)#snmp-agent trap enable standard
Step 5 Set the IP address of the target host for traps.
huawei(config)#snmp-agent target-host trap address 10.10.21.1 securityname private huawei(config)#snmp-agent target-host trap address 10.10.21.2 securityname private
Step 6 Set the IP address of the VLAN interface as the source address for traps sending.
huawei(config)#snmp-agent trap source vlanif 1000
Step 7 Save the data.
huawei(config)#save
----End
Result
After the configuration, you can manage the MA5600T successfully through the N2000.
3.5 SNMP Agent Configuration
This topic describes how to configure an SNMP agent when you need to maintain the MA5600T through the manager.
3.5.1 Setting the SNMP Version
This topic describes how to set the version of the SNMP running in the system.
3.5.2 Adding a Community Name and Setting Its Read/Write Authorities
This topic describes how to add a community name and set its read/write authorities.
3.5.3 Enabling the Trap Sending
This topic describes how to enable the MA5600T to send traps to the N2000.
3.5.4 Setting the IP address of a Destination Host for Receiving Traps
This topic describes how to set the IP address of a destination host for receiving traps.
3.5.5 Setting the Source Interface for Sending Traps
This topic describes how to set the source interface for sending traps.
3.5.6 Setting the System Contact Information
This topic describes how to set the system contact information.
3.5.7 Setting the System Location Information
This topic describes how to set the system location information.
3.5.8 Configuring an SNMP V3 User
This topic describes how to add or modify an SNMP V3 user.
3.5.9 Configuring an SNMP V3 Group
This topic describes how to configure an SNMP V3 group. After a group is configured, you can control the access authorities of all the users in that group.
3.5.10 Configuring an SNMP MIB View
This topic describes how to configure an SNMP MIB view.
3.5.11 Configuring the Local SNMP Engine ID
This topic describes how to configure an engine ID that uniquely identifies an SNMP entity.
3.5.12 Enabling the Timely Handshake Function between the MA5600T and the N2000 This topic describes how to enable the timely handshake function between the MA5600T and the N2000.
3.5.13 Setting the Handshake Interval
This topic describes how to set the handshake interval.
3.5.1 Setting the SNMP Version
This topic describes how to set the version of the SNMP running in the system.
Procedure
Step 1 Run the snmp-agent sys-info version command to set the SNMP version.
Step 2 Run the display snmp-agent sys-info version command to query the version of the SNMP configured in the system.
----End
Example
To set the SNMP version as V1 and V2C, do as follows:
huawei(config)#snmp-agent sys-info version v1 v2c huawei(config)#display snmp-agent sys-info version { <cr>|contact<K>|location<K> }:
Command:
display snmp-agent sys-info version SNMP version running in the system:
SNMPv1 SNMPv2c
Related Operation
Table 3-3 lists the related operation for setting the SNMP version.
Table 3-3 Related operation for setting the SNMP version
To… Run the Command…
Delete the set SNMP version information undo snmp-agent sys-info version
3.5.2 Adding a Community Name and Setting Its Read/Write Authorities
This topic describes how to add a community name and set its read/write authorities.
Background Information
l The default read-only community name in the Huawei iManager N2000 BMS is public, and the read-write community name in the N2000 is private.
l The MA5600T supports up to 10 community names.
l The read and write community names set in the MA5600T should match with the read and write community names set in the manager.
Procedure
Step 1 Run the snmp-agent community command to add a community name and set its read/write authorities.
Step 2 Run the display snmp-agent community command to query a community name.
----End
Example
To add a read-only community named public, do as follows:
huawei(config)#snmp-agent community read public huawei(config)#display snmp-agent community read Community name: public
Storage type: nonVolatile View name: ViewDefault Total number is 1
Related Operation
Table 3-4 lists the related operation for adding a community and setting its read/write authorities.
Table 3-4 Related operation for adding a community and setting its read/write authorities
To… Run the Command…
Delete a community name undo snmp-agent community
3.5.3 Enabling the Trap Sending
This topic describes how to enable the MA5600T to send traps to the N2000.
Background Information
By default, the MA5600T is disabled in sending traps to the N2000.
Procedure
Step 1 Run the snmp-agent trap enable standard command to enable the traps sending.
Step 2 Run the display snmp-agent trap enable command to check whether traps sending is enabled.
----End
Example
To enable the MA5600T to send traps to the N2000, do as follows:
huawei(config)#snmp-agent trap enable standard huawei(config)#display snmp-agent trap enable Trap is enabled
Related Operation
Table 3-5 lists the related operation for enabling the traps sending.
Table 3-5 Related operation for enabling the traps sending
To… Run the Command…
Disable the traps sending undo snmp-agent trap enable standard
3.5.4 Setting the IP address of a Destination Host for Receiving Traps
This topic describes how to set the IP address of a destination host for receiving traps.
Background Information
The N2000 can receive traps only when the IP address of a destination host for receiving traps is set correctly. The system supports up to 20 destination hosts.
Procedure
Step 1 Run the snmp-agent target-host trap command to set the IP address of a destination host for receiving traps.
Step 2 Run the display snmp-agent target-host command to query the destination host for receiving traps.
----End
Example
To set the IP address of the destination host for receiving traps as 10.71.53.108, and to run the community name "private", do as follows:
huawei(config)#snmp-agent target-host trap address 10.71.53.108 securityname private v3
huawei(config)#display snmp-agent target-host Traphost list:
Traphost address: 10.71.53.108 Traphost portnumber: 162 Traphost securityname: private Traphost trapversion: v3 Total number is 1
Related Operation
Table 3-6 lists the related operation for setting the IP address of a destination host for receiving traps.
Table 3-6 Related operation for setting the IP address of a destination host for receiving traps
To… Run the Command…
Delete the IP address of the destination host for receiving traps
undo snmp-agent target-host
3.5.5 Setting the Source Interface for Sending Traps
This topic describes how to set the source interface for sending traps.
Prerequisite
The L3 interface that functions as the source interface must exist.
Background Information
The IP address of the interface for sending traps is the source IP address of the traps.
Procedure
Step 1 Run the snmp-agent trap source command to set the source interface for sending traps.
Step 2 Run the display snmp-agent trap-source command to query the source interface for sending traps.
----End
Example
To set the source interface for sending traps as the L3 interface of VLAN 1000, do as follows:
huawei(config)#snmp-agent trap source vlanif 1000 huawei(config)#display snmp-agent trap-source Trap source interface name: vlanif1000
Related Operation
Table 3-7 lists the related operation for setting the source interface for sending traps.
Table 3-7 Related operation for setting the source interface for sending traps
To… Run the Command…
Delete the source interface for sending traps
undo snmp-agent trap source
3.5.6 Setting the System Contact Information
This topic describes how to set the system contact information.
Background Information
By default, the system contact information is "R&D Shenzhen, Huawei Technologies Co., Ltd.".
Procedure
Step 1 Run the snmp-agent sys-info contact command to set the system contact information.
Step 2 Run the display snmp-agent sys-info contact command to query the system contact information.
----End
Example
To set the system contact information as HW-075528780808, do as follows:
huawei(config)#snmp-agent sys-info contact HW-075528780808 huawei(config)#display snmp-agent sys-info contact
{ <cr>|location<K>|version<K> }:
Command:
display snmp-agent sys-info contact The contact person for this managed node:
HW-075528780808
Related Operation
Table 3-8 lists the related operation for setting the system contact information.
Table 3-8 Related operation for setting the system contact information
To… Run the Command…
Restore the default system contact information
undo snmp-agent sys-info contact
3.5.7 Setting the System Location Information
This topic describes how to set the system location information.
Background Information
By default, the system location information is "Shenzhen_China".
Procedure
Step 1 Run the snmp-agent sys-info location command to set the system location information.
Step 2 Run the display snmp-agent sys-info location command to display the system location information.
----End
Example
To set the system location information as Shanghai China, do as follows:
huawei(config)#snmp-agent sys-info location Shanghai_China huawei(config)#display snmp-agent sys-info location
{ <cr>|contact<K>|version<K> }:
Command:
display snmp-agent sys-info location The physical location of this node:
Shanghai_China
Related Operation
Table 3-9 lists the related operation for setting the system location information.
Table 3-9 Related operation for setting the system location information
To… Run the Command…
Restore the default system location information
undo snmp-agent sys-info location
3.5.8 Configuring an SNMP V3 User
This topic describes how to add or modify an SNMP V3 user.
Background Information
l The MA5600T supports up to 20 SNMP V3 users.
l If the user name that is entered is an existing one, the system updates the configuration of the user.
l If you do not enter the user authentication and the encryption modes, the user can access the equipment without an authentication or encryption.
Procedure
Step 1 Run the snmp-agent usm-user command to configure an SNMP V3 user.
Step 2 Run the display snmp-agent usm-user command to query the SNMP V3 user.
----End
Example
To add an SNMP V3 user named user, belonging to a group named group, with the authentication mode as md5, the authentication password as 1, the encryption mode as des56, and the encryption password as 2, do as follows:
huawei(config)#snmp-agent usm-user v3 user group authentication-mode md5 1 privacy-mode des56 2
huawei(config)#display snmp-agent usm-user user
User name: user Engine ID: 800007DB0300E0FC995050 Group name: group Authentication mode: md5, Privacy mode: des56 Storage type: nonVolatile User status: active
Related Operation
Table 3-10 lists the related operation for configuring an SNMP V3 user.
Table 3-10 Related operation for configuring an SNMP V3 user
To… Run the Command…
Delete an SNMP V3 user undo snmp-agent usm-user v3
3.5.9 Configuring an SNMP V3 Group
This topic describes how to configure an SNMP V3 group. After a group is configured, you can control the access authorities of all the users in that group.
Background Information
l The MA5600T supports up to 20 SNMP V3 groups.
l By default, the system has a read view named viewDefault with the range of internet sub-tree; the write view and the notify view are blank.
l If the group name that is entered is an existing name, the system updates the configuration of the group.
l A specified view can be a non-existing view. In this case, the users in the group fail to access.
l A user can access views in the following three modes:
– With authentication and encryption
– With authentication but no encryption
– With no authentication or encryption
l If the access mode level is lower than the security level of the configured group, the user fails to access. If the corresponding groups have multiple security levels, the user can select the group with the highest security level, and then access the view corresponding to that group.
Procedure
Step 1 Run the snmp-agent group v3 command to configure an SNMP V3 group.
Step 2 Run the display snmp-agent group command to query the SNMP V3 group.
----End
Example
To configure a group named group, with authentication but no encryption, with the read view of internet, and with blank write and notify views, do as follows:
huawei(config)#snmp-agent group v3 group authentication read-view internet huawei(config)#display snmp-agent group group
Group name: group
Security model: v3 AuthnoPriv Readview: internet
Writeview: <no specified>
Notifyview: <no specified>
Storage type: nonvolatile
Related Operation
Table 3-11 lists the related operation for configuring an SNMP V3 group.
Table 3-11 Related operation for configuring an SNMP V3 group
To… Run the Command…
Delete an SNMP V3 group undo snmp-agent group v3
3.5.10 Configuring an SNMP MIB View
This topic describes how to configure an SNMP MIB view.
Background Information
l The number of sub-trees of all the views cannot exceed 20.
l By default, the system has a read view named ViewDefault, with the range of internet sub-tree view.
l The view named ViewDefault cannot be deleted or updated.
NOTE
For SNMP V3, the access control is a type of control over the user access to the management information. The MIB view-based access control is realized by associating users with MIB views. An MIB view defines the management information both included in the view and excluded from the view.
Procedure
Step 1 Run the snmp-agent mib-view command to configure an SNMP MIB view.
Step 2 Run the display snmp-agent mib-view command to query the SNMP MIB view.
----End
Example
To configure a view named view1, including ip sub-tree, do as follows:
huawei(config)#snmp-agent mib-view view1 include ip huawei(config)#display snmp-agent mib-view view1 View name: view1
MIB subtree: ip Subtree mask:
Storage type: nonVolatile View type: include
View status: active
Related Operation
Table 3-12 lists the related operation for configuring an SNMP MIB view.
Table 3-12 Related operation for configuring an SNMP MIB view
To… Run the Command…
Delete an SNMP MIB view undo snmp-agent mib-view
3.5.11 Configuring the Local SNMP Engine ID
This topic describes how to configure an engine ID that uniquely identifies an SNMP entity.
Background Information
With no ID is configured manually, the MA5600T automatically initializes one ID at startup.
Procedure
Step 1 Run the snmp-agent local-engineid command to configure the local SNMP engine ID.
Step 2 Run the display snmp-agent local-engineid command to query the local SNMP engine ID.
Step 2 Run the display snmp-agent local-engineid command to query the local SNMP engine ID.