-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
1/282
Huawei AR1200-S Series Enterprise Routers
V200R002C00
Configuration Guide - Network
Management
Issue 02
Date 2012-03-30
HUAWEI TECHNOLOGIES CO., LTD.
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
2/282
Copyright Huawei Technologies Co., Ltd. 2012. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: [email protected]
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
i
http://www.huawei.com/ -
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
3/282
About This Document
Intended Audience
This document provides the basic concepts, configuration procedures, and configuration
examples in different application scenarios of the network management feature supported by
the AR1200-S.
This document describes how to configure the network management feature.
This document is intended for:
l Data configuration engineers
l Commissioning engineers
l Network monitoring engineers
l System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
DANGER
Indicates a hazard with a high level of risk, which if not
avoided, will result in death or serious injury.
WARNINGIndicates a hazard with a medium or low level of risk, whichif not avoided, could result in minor or moderate injury.
CAUTION
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.
TIP Indicates a tip that may help you solve a problem or save
time.
NOTE Provides additional information to emphasize or supplement
important points of the main text.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management About This Document
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
ii
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
4/282
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention Description
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italics.
[ ] Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... } Optional items are grouped in braces and separated by
vertical bars. One item is selected.
[ x | y | ... ] Optional items are grouped in brackets and separated by
vertical bars. One item is selected or no item is selected.
{ x | y | ... }* Optional items are grouped in braces and separated by
vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]* Optional items are grouped in brackets and separated by
vertical bars. Several items or no item can be selected.
& The parameter before the & sign can be repeated 1 to n times.
# A line starting with the # sign is comments.
Interface Numbering Conventions
Interface numbers used in this manual are examples. In device configuration, use the existing
interface numbers on devices.
Change History
Updates between document versions are cumulative. Therefore, the latest document versioncontains all updates made to previous versions.
Changes in Issue 02 (2012-03-30)
Based on issue 01 (2011-12-30), the document is updated as follows:
The following information is modified:
l 1.1.1 SNMP Overview
Changes in Issue 01 (2011-12-30)
Initial commercial release.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management About This Document
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
iii
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
5/282
Contents
About This Document.....................................................................................................................ii
1 SNMP Configuration....................................................................................................................1
1.1 Introduction to SNMP........................................................................................................................................2
1.1.1 SNMP Overview........................................................................................................................................21.1.2 SNMP Features Supported by the AR1200-S...........................................................................................4
1.2 Configuring aDevice to Communicate with an NM Station by Running SNMPv1..........................................7
1.2.1 Establishing the Configuration Task.........................................................................................................7
1.2.2 Configuring Basic SNMPv1 Functions.....................................................................................................8
1.2.3 (Optional) Controlling the NM Station's Access to the Device...............................................................10
1.2.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................11
1.2.5 (Optional) Configuring the Trap Function..............................................................................................11
1.2.6 Checking the Configuration.....................................................................................................................12
1.3 Configuring aDevice to Communicate with an NM Station by Running SNMPv2c......................................14
1.3.1 Establishing the Configuration Task.......................................................................................................14
1.3.2 Configuring Basic SNMPv2c Functions.................................................................................................15
1.3.3 (Optional) Controlling the NM Station's Access to the Device...............................................................17
1.3.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................18
1.3.5 (Optional) Configuring the Trap Function..............................................................................................19
1.3.6 Checking the Configuration.....................................................................................................................20
1.4 Configuring aDevice to Communicate with an NM Station by Running SNMPv3........................................22
1.4.1 Establishing the Configuration Task.......................................................................................................22
1.4.2 Configuring Basic SNMPv3 Functions...................................................................................................23
1.4.3 (Optional) Controlling the NM Station's Access to the Device...............................................................25
1.4.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................27
1.4.5 (Optional) Configuring the Trap Function..............................................................................................28
1.4.6 Checking the Configuration.....................................................................................................................28
1.5 SNMP Configuration Examples.......................................................................................................................30
1.5.1 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv1..............30
1.5.2 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv2c............34
1.5.3 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv3..............37
2 RMON Configuration.................................................................................................................42
2.1 Overview of RMON ........................................................................................................................................43
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
iv
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
6/282
2.1.1 Introduction to RMON............................................................................................................................43
2.1.2 RMON Suported by the AR1200-S.........................................................................................................43
2.2 Configuring RMON..........................................................................................................................................45
2.2.1 Establishing the Configuration Task.......................................................................................................45
2.2.2 Enabling the RMON Statistics Function on the Interface.......................................................................46
2.2.3 Configuring the ethernetStatsTable.........................................................................................................47
2.2.4 Configuring the HistoryControlTable.....................................................................................................47
2.2.5 Configuring the EventTable....................................................................................................................48
2.2.6 Configuring the AlarmTable...................................................................................................................49
2.2.7 Configuring the PrialarmTable................................................................................................................49
2.2.8 Checking the Configuration.....................................................................................................................50
2.3 RMON Configuration Examples......................................................................................................................52
2.3.1 Example for Configuring RMON............................................................................................................52
3 LLDP Configuration...................................................................................................................56
3.1 Introduction to LLDP.......................................................................................................................................57
3.2 LLDP FeatureSupported by the AR1200-S.....................................................................................................60
3.3 Configuring LLDP............................................................................................................................................63
3.3.1 Establishing the Configuration Task.......................................................................................................63
3.3.2 Enabling Global LLDP............................................................................................................................64
3.3.3 (Optional) Disabling LLDP on an Interface............................................................................................64
3.3.4 (Optional) Configuring an LLDP Management Address........................................................................65
3.3.5 (Optional) Configuring the TLV in the LLDPDU...................................................................................66
3.3.6 (Optional) Configuring LLDP Timers.....................................................................................................673.3.7 (Optional) Enabling the LLDP Trap Function........................................................................................70
3.3.8 Checking the Configuration.....................................................................................................................71
3.4 Maintaining LLDP............................................................................................................................................74
3.4.1 ClearingLLDP Statistics.........................................................................................................................74
3.4.2 Monitoring LLDP Status.........................................................................................................................74
3.5 ConfigurationExamples...................................................................................................................................74
3.5.1 Examplefor Configuring LLDP on the Device That Has a Single Neighbor.........................................75
3.5.2 Example for Configuring LLDP on the Device That Has Multiple Neighbors.......................................80
3.5.3 Example for Configuring LLDP on the Network Where Link Aggregation Is Configured....................86
4 CWMP Configuration.................................................................................................................94
4.1 CWMP Overview.............................................................................................................................................95
4.2 CWMP Features Supported by the AR1200-S.................................................................................................95
4.3 Configuring CWMP.........................................................................................................................................97
4.3.1 Establishing the Configuration Task.......................................................................................................97
4.3.2 Enabling the CWMP Function................................................................................................................98
4.3.3 Configuring CWMP Auto-Connection....................................................................................................98
4.3.4 Setting CWMP Connection Parameters................................................................................................101
4.3.5 Configuring CWMP SSL.......................................................................................................................102
4.3.6 Checking the Configuration...................................................................................................................103
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
v
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
7/282
4.4 Configuration Examples.................................................................................................................................104
4.4.1 Example for Configuring CWMP..........................................................................................................104
5 NTP Configuration....................................................................................................................107
5.1 Overview of NTP............................................................................................................................................1085.1.1 Introduction to NTP...............................................................................................................................108
5.1.2 NTP Supported by the AR1200-S.........................................................................................................110
5.2 Configuring Basic NTP Functions.................................................................................................................111
5.2.1 Establishing the Configuration Task................................................................................ .....................111
5.2.2 Configuring the NTP Primary Clock.....................................................................................................112
5.2.3 Configuring the Unicast Client/Server Mode........................................................................................113
5.2.4 Configuring the Peer Mode...................................................................................................................114
5.2.5 Configuring the Broadcast Mode..........................................................................................................115
5.2.6 Configuring the Multicast Mode...........................................................................................................116
5.2.7 Disabling the Interface from Receiving NTP Packets...........................................................................117
5.2.8 Checking the Configuration...................................................................................................................118
5.3 Configuring NTP Security Mechanisms.........................................................................................................119
5.3.1 Establishing the Configuration Task................................................................................ .....................119
5.3.2 Setting NTP Access Authorities............................................................................................................120
5.3.3 Enabling NTP Authentication...............................................................................................................121
5.3.4 Configuring NTP Authentication in Unicast Client/Server Mode........................................................122
5.3.5 Configuring NTP Authentication in Peer Mode....................................................................................122
5.3.6 Configuring NTP Authentication in Broadcast Mode...........................................................................123
5.3.7 Configuring NTP Authentication in Multicast Mode............................................................................1235.3.8 Checking the Configuration...................................................................................................................124
5.4 NTP Configuration Examples........................................................................................................................125
5.4.1 Examplefor Configuring NTP Authentication in Unicast Server and Client Mode.............................125
5.4.2 Examplefor Configuring NTP Peer Mode............................................................................................129
5.4.3 Examplefor Configuring NTP Authentication in Broadcast Mode......................................................131
5.4.4 Examplefor Configuring Multicast Mode............................................................................................134
6 NQA Configuration..................................................................................................................137
6.1 Overview ofNQA............................................................................................................. .............................139
6.1.1 Introduction to NQA..............................................................................................................................1396.1.2 Comparisons Between NQA and Ping..................................................................................................139
6.1.3 NQA Server and NQA Clients..............................................................................................................140
6.1.4 NQA Supported by the AR1200-S........................................................................................................141
6.2 Configuring the ICMP Test............................................................................................................................142
6.2.1 Establishing the Configuration Task.....................................................................................................142
6.2.2 Configuring ICMP Test Parameters......................................................................................................142
6.2.3 Checking the Configuration...................................................................................................................144
6.3 Configuring the DHCP Test...........................................................................................................................145
6.3.1 Establishing the Configuration Task................................................................................ .....................145
6.3.2 Configuring DHCP Test Parameters.....................................................................................................146
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
vi
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
8/282
6.3.3 Checking the Configuration...................................................................................................................147
6.4 Configuring the FTP Download Test.............................................................................................................148
6.4.1 Establishing the Configuration Task.....................................................................................................148
6.4.2 Configuring the FTP Download Test Parameters..................................................................................149
6.4.3 Checking the Configuration...................................................................................................................150
6.5 Configuring the FTP Upload Test..................................................................................................................151
6.5.1 Establishing the Configuration Task................................................................ .....................................151
6.5.2 Configuring the FTP Upload Test Parameters......................................................................................152
6.5.3 Checking the Configuration...................................................................................................................154
6.6 Configuring the HTTP Test............................................................................................................................154
6.6.1 Establishing the Configuration Task.....................................................................................................155
6.6.2 Configuring HTTP Test Parameters......................................................................................................155
6.6.3 Checking the Configuration...................................................................................................................157
6.7 Configuring the DNS Test..............................................................................................................................158
6.7.1 Establishing the Configuration Task.....................................................................................................158
6.7.2 Configuring the DNS Test Parameters..................................................................................................158
6.7.3 Checking the Configuration...................................................................................................................159
6.8 Configuring the Traceroute Test.....................................................................................................................160
6.8.1 Establishing the Configuration Task.....................................................................................................160
6.8.2 Configuring Parameters for a Traceroute Test......................................................................................161
6.8.3 Checking the Configuration...................................................................................................................162
6.9 Configuring the SNMP Query Test................................................................................................................163
6.9.1 Establishing the Configuration Task.....................................................................................................1636.9.2 Configuring the SNMP Query Test Parameters....................................................................................163
6.9.3 Checking the Configuration...................................................................................................................165
6.10 Configuring the TCP Test.............................................................................................................................166
6.10.1 Establishing the Configuration Task...................................................................................................166
6.10.2 Configuring the TCP Server................................................................................................................166
6.10.3 Configuring the TCP Client.................................................................................................................167
6.10.4 Checking the Configuration.................................................................................................................168
6.11 Configuring the UDP Test............................................................................................................................169
6.11.1 Establishing the Configuration Task...................................................................................................169
6.11.2 Configuring the UDP Server...............................................................................................................170
6.11.3 Configuring the UDP Client................................................................................................................170
6.11.4 Checking the Configuration.................................................................................................................171
6.12 Configuring the Jitter Test............................................................................................................................172
6.12.1 Establishing the Configuration Task...................................................................................................172
6.12.2 Configuring the Jitter Server...............................................................................................................173
6.12.3 Configuring the Jitter Client................................................................................................................174
6.12.4 Checking the Configuration.................................................................................................................175
6.13 Configuring Universal NQA Test Parameters..............................................................................................176
6.13.1 Establishing the Configuration Task...................................................................................................177
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
vii
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
9/282
6.13.2 Configuring Universal Parameters for the NQA Test Instance...........................................................177
6.13.3 Checking the Configuration.................................................................................................................181
6.14 Configuring Round-Trip Delay Thresholds.................................................................................................182
6.14.1 Establishing the Configuration Task...................................................................................................182
6.14.2 Configuring Round-Trip Delay Thresholds........................................................................................183
6.14.3 Checking the Configuration.................................................................................................................183
6.15 Configuring Uni-directional Transmission Delay Thresholds.....................................................................184
6.15.1 Establishing the Configuration Task...................................................................................................184
6.15.2 Configuring Uni-directional Transmission Delay Thresholds............................................................185
6.15.3 Checking the Configuration.................................................................................................................186
6.16 Configuring the Trap Function.....................................................................................................................186
6.16.1 Establishing the Configuration Task...................................................................................................186
6.16.2 Sending Trap Messages When Test Failed..........................................................................................188
6.16.3 Sending Trap Messages When Probes Failed......................................................................................1886.16.4 Sending Trap Messages When Probes Are Complete Successfully....................................................189
6.16.5 Sending Trap Messages When the Transmission Delay Exceeds Thresholds....................................190
6.16.6 Checking the Configuration.................................................................................................................191
6.17 Configuring Test Results to Be Sent to the FTP Server...............................................................................191
6.17.1 Establishing the Configuration Task...................................................................................................192
6.17.2 Configuring Parameters for Connecting the FTP Server.....................................................................192
6.17.3 Enabling the Function of Saving NQA Test Results Through FTP.................................. ..................193
6.17.4 (Optional) Configuring the Number of Test Results Saved Through FTP..........................................193
6.17.5 (Optional) Configuring the Duration of Saving Test Results Through FTP.......................................194
6.17.6 (Optional) Enabling Alarms to Be Sent to the NM Station After the FTP Transmission Succeeds
........................................................................................................................................................................194
6.17.7 Starting the Test Instance....................................................................................................................195
6.17.8 Checking the Configuration.................................................................................................................196
6.18 Configuring a Threshold for the NQA Alarm..............................................................................................196
6.18.1 Establishing the Configuration Task...................................................................................................196
6.18.2 Configuring the Event Corresponding to the Alarm Threshold..........................................................197
6.18.3 Configuring the Alarm Threshold.......................................................................................................198
6.18.4 Starting the Test Instance....................................................................................................................198
6.18.5 Checking the Configuration.................................................................................................................1996.19 MaintainingNQA.........................................................................................................................................200
6.19.1 Restarting NQA Test Instances...........................................................................................................200
6.19.2 Clearing NQA Statistics......................................................................................................................201
6.20 NQA Configuration Examples.....................................................................................................................201
6.20.1 Example for Configuring the ICMP Test............................................................................................201
6.20.2 Example for Configuring the DHCP Test...........................................................................................203
6.20.3 Example for Configuring the FTP Download Test.............................................................................204
6.20.4 Example for Configuring the FTP Upload Test..................................................................................206
6.20.5 Example for Configuring the HTTP Test............................................................................................209
6.20.6 Example for Configuring the DNS Test..............................................................................................210
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
viii
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
10/282
6.20.7 Example for Configuring the Traceroute Test.....................................................................................212
6.20.8 Example for Configuring the SNMP Query Test................................................................................214
6.20.9 Example for Configuring the TCP Test...............................................................................................216
6.20.10 Example for Configuring the UDP Test............................................................................................218
6.20.11 Example for Configuring the Jitter Test............................................................................................220
6.20.12 Example for Configuring NQA to Check VoIP Service Jitter................................................. .........222
6.20.13 Example for Sending Trap Message When Transmission Delay Exceeds Thresholds.....................225
6.20.14 Example for Configuring Test Results to Be Sent to the FTP Server...............................................228
6.20.15 Example for Configuring a Threshold for the NQA Alarm..............................................................231
7 NetStream Configuration.........................................................................................................234
7.1 Overview ofNetStream..................................................................................................................................235
7.2 NetStream Supported by the AR1200-S.........................................................................................................236
7.3 Collecting theStatistics of IPv4 Unicast Original Traffic..............................................................................237
7.3.1 Establishing the Configuration Task.....................................................................................................237
7.3.2 Configuring the Version of Exported Packets.......................................................................................238
7.3.3 Setting the Destination Address of the Statistics...................................................................................238
7.3.4 (Optional) Aging the TCP Traffic According to Its FIN or RST Flag..................................................239
7.3.5 (Optional) Configuring the Inactive Aging Time .................................................................................239
7.3.6 (Optional) Configuring the Active Aging Time....................................................................................239
7.3.7 Enabling NetStream on an Interface......................................................................................................240
7.3.8 Checking the Configuration...................................................................................................................240
7.4 Collecting theStatistics of IPv4 Multicast Original Traffic...........................................................................241
7.4.1 Establishing the Configuration Task.....................................................................................................242
7.4.2 Configuring the Format of the Output Statistics...................................................................................242
7.4.3 Outputting the Statistics.........................................................................................................................243
7.4.4 (Optional) Configuring the Inactive Aging Time .................................................................................243
7.4.5 (Optional) Configuring the Active Aging Time....................................................................................244
7.4.6 Enabling NetStream for Multicast Traffic on an Interface....................................................................244
7.4.7 Checking the Configuration...................................................................................................................244
7.5 Configuring the Aggregation Statistics About IPv4 Traffic...........................................................................245
7.5.1 Establishing the Configuration Task.....................................................................................................246
7.5.2 Configuring the Aggregation Function..................................................................................................2467.5.3 Configuring the Version of Exported Packets.......................................................................................247
7.5.4 Configuring the Export of Statistics......................................................................................................247
7.5.5 (Optional) Configuring the Inactive Aging Time .................................................................................248
7.5.6 (Optional) Configuring the Active Aging Time ...................................................................................248
7.5.7 Enabling NetStream on an Interface......................................................................................................249
7.5.8 Checking the Configuration...................................................................................................................249
7.6 Configuring the Flexible NetStream Feature..................................................................................................250
7.6.1 Establishing the Configuration Task.....................................................................................................250
7.6.2 Creatinga Record and Entering the Record View.................................................................................251
7.6.3 Configuring the Version of Exported Packets.......................................................................................251
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
ix
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
11/282
7.6.4 Setting the Destination Address of the Statistics...................................................................................252
7.6.5 (Optional) Configuring the Inactive Aging Time .................................................................................252
7.6.6 (Optional) Configuring the Active Aging Time....................................................................................253
7.6.7 Enabling Flexible NetStream on Interfaces...........................................................................................253
7.6.8 Checking the Configuration...................................................................................................................254
7.7 Collecting the Statistics of RPF Traffic..........................................................................................................255
7.7.1 Establishing the Configuration Task.....................................................................................................255
7.7.2 Configuring the Format of the Output Statistics...................................................................................256
7.7.3 Outputting the Statistics.........................................................................................................................256
7.7.4 (Optional) Configuring the Inactive Aging Time .................................................................................256
7.7.5 (Optional) Configuring the Active Aging Time....................................................................................257
7.7.6 Enabling the Traffic Statistics Function of RPF....................................................................................257
7.7.7 Checking the Configuration...................................................................................................................258
7.8 Maintaining NetStream...................................................................................................................................259
7.8.1 Resetting the Statistics Collected Through NetStream..........................................................................259
7.9 Example for Configuring NetStream..............................................................................................................259
7.9.1 Example for Collecting the Statistics of IPv4 Unicast Traffic..............................................................259
7.9.2 Example for Configuring NetStream of IPv4 Aggregation Traffic.......................................................261
7.9.3 Example for Configuring Flexible NetStream Traffic Statistics...........................................................264
8 Ping and Tracert.........................................................................................................................268
8.1 Ping and Tracert Overview.............................................................................................................................269
8.1.1 Introduction to Ping and Tracert............................................................................................................269
8.2 Configuring Ping and Tracert.........................................................................................................................269
8.2.1 Establishing the Configuration Task.....................................................................................................269
8.2.2 Applying Ping to Test the Network Connection...................................................................................270
8.2.3 Applying Tracert to Locate Faults in the Network................................................................................271
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
x
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
12/282
1SNMP ConfigurationAbout This Chapter
The Simple Network Management Protocol (SNMP) is a standard network management protocol
widely used on TCP/IP networks. It uses a central computer (a network management station)
that runs network management software to manage network elements. There are three SNMP
versions, SNMPv1, SNMPv2c, and SNMPv3. You can configure one or more versions, if
needed.
1.1 Introduction to SNMP
SNMP provides a set of standard protocols for the communication between the network
management station (NM station) and devices, allowing the NM station to normally managedevices and receive alarms reported by the devices.
1.2 Configuring a Device to Communicate with an NM Station by Running SNMPv1
After SNMPv1 is configured, a managed device and an NM station can run SNMPv1 to
communicatewith each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
1.3 Configuring a Device to Communicate with an NM Station by Running SNMPv2c
After SNMPv2c is configured, a managed device and an NM station can run SNMPv2c to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
1.4 Configuring a Device to Communicate with an NM Station by Running SNMPv3
After SNMPv3 is configured, a managed device and an NM station can run SNMPv3 to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
1.5 SNMP Configuration Examples
This section provides several configuration examples of SNMP. The configuration roadmap in
the examples will help you understand the configuration procedures. Each configuration
example provides information about the networking requirements, configuration notes, and
configuration roadmap.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
1
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
13/282
1.1 Introduction to SNMP
SNMP provides a set of standard protocols for the communication between the network
management station (NM station) and devices, allowing the NM station to normally manage
devices and receive alarms reported by the devices.
1.1.1 SNMP Overview
Get and Set operations can be performed on a managed device that runs the SNMP agent to
manage device objects by NM stations These objects are uniquely identified in the Management
Information Base (MIB).
As network services develop, more devices are deployed on existing networks. The devices are
not close to the central equipment room where a network administrator works. When faults occur
on the remote devices, the network administrator cannot detect, locate or rectify faults
immediately because the devices do not report the faults. This affects maintenance efficiency
and greatly increases maintenance workload.
To solve this problem, equipment vendors have provided network management functions in
some products. These functions allow the NM station to query the status of remote devices, and
devices can send alarms to the NM station in the case of particular events.
SNMP operates at the application layer of the IP suite and defines how to transmit management
information between the NM station and devices. SNMP defines several device management
operations that the NM station can perform and allows devices to send alarms to notify the NM
station of device faults.
An SNMP-managed network consists of three components: NM station, agent, and manageddevice. The NM station uses the MIB to identify and manage device objects. The operations
used for device management include GetRequest, GetNextRequest, GetResponse, GetBulk,
SetRequest, and notification from the agent to the NM station. The following sections give details
on the components, MIB, and operations.
SNMP Components
SNMP device management uses the following three components:
l NM station: sends various query packets to query managed devices and receives alarms
from these devices.
l Agent: is a network-management process on a managed device. An agent has the followingfunctions:
Receives and parses query packets sent from the NM station.
Reads or writes management variables based on the query type, and generates and sends
response packets to the NM station.
Sends an alarm to the NM station when triggering conditions defined on each protocol
module corresponding to the alarm are met. For example, the system view is displayed
or closed, or the device is restarted.
l Managed device: is managed by an NM station and generates and reports alarms to the NM
station.
Figure 1-1shows the relationship between the NM station and agent.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
2
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
14/282
Figure 1-1SNMP structure
UDP Port161
Request
Response
NM Station Agent
NM Station Agent
UDP Port162
Trap
MIB
SNMP uses a hierarchicalnaming convention to identify managed objects and to distinguish
between managed objects. This hierarchical structure is similar to a tree with the nodes
representing managed objects, Figure 1-2shows a managed object that can be identified by the
path from the root to the node representing it.
Figure 1-2Structure of a MIB tree
A
2
6
1
5
21
1
2
1
B
As shown in Figure 1-2, object B is uniquely identified by a string of numbers, {1.2.1.1}. Such
a number string is called an Object Identifier (OID). A MIB tree is used to describe the hierarchy
of data in a MIB that collects the definitions of variables on the managed devices.
A user can use a standard MIB or define a MIB based on certain standards. Using a standard
MIB can reduce the costs on proxy deployment and therefore reduce the costs on the entire
network management system.
SNMP Operations
SNMP uses Get and Set operations to replace a complex command set. The operations described
in Figure 1-3can implement all functions.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
3
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
15/282
Figure 1-3Schematic diagram of SNMP operations
UDP Port161
NM Station Agent
UDP Port162
get-request
get-response
get-next-requestget-response
set-request
get-response
trap
Table 1-1gives details on the SNMP operations.
Table 1-1SNMP operations
Operation Function
GetRequest Retrieves the value of a variable. The NM station sends the
request to a managed device to obtain the value of an object
on the device.
GetNextRequest Retrieves the value of the next variable. The NM station
sends the request to a managed device to obtain the status
of the next object on the device.
GetResponse Responds to GetRequest, GetNextRequest, andSetRequest operations. It is sent from the managed device
to the NM station.
GetBulk Request from the NMS-to-agent, equaling continuous
GetNextRequest operations.
SetRequest Sets the value of a variable. The NM station sends the
request to a managed device to adjust the status of an object
on the device.
Trap Reports an event to the NM station.
NOTE
SNMP is used for NM station's monitoring and management of network devices. It cannot be used to
monitor and manage the operation of the entire network. To monitor and manage the operation of an entire
network, for example, to learn network performance or collect network statistics, see the Configuration
Guide - Network Managementfor details about the configurations of NetStream, and fault and performance
management.
1.1.2 SNMP Features Supported by the AR1200-S
This section compares SNMP versions in terms of their support for features and usage scenarios.Use it as a reference when you select the SNMP version during network deployment.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
4
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
16/282
The AR1200-S supports SNMPv1, SNMPv2c, and SNMPv3. Table 1-2lists the features
supported by SNMP, and Table 1-3shows the support of different SNMP versions for the
features. Table 1-4describes the usage scenarios of SNMP versions, which will help you choose
a proper version for the communication between an NM station and managed devices based on
the network operation conditions.
NOTE
When multiple NM stations using different SNMP versions manage the same device in a network,
SNMPv1, SNMPv2c, and SNMPv3 can all be configured on the device for its communication with all the
NM stations.
Table 1-2Description of features supported by SNMP
Feature Description
Access control Restricts a user's device administration rights.
It gives specific users the rights to managespecified objects on devices and therefore
provides fine management.
Authentication and encryption Authenticates and encrypts the packets
transmitted between the NM station and
managed devices. This prevents data packets
from being intercepted or modified,
improving data sending security.
Error code Identifies particular faults. An administrator
uses error codes to quickly locate and rectify
faults. The more error codes received, the
more they help an administrator in devicemanagement.
Trap Sent from managed devices to the NM
station. These traps allow an administrator to
discover device faults immediately.
After sending traps, the managed devices do
not require the acknowledgement from the
NM station.
GetBulk Allows an administrator to perform GetNext
operation in batches. In a large-scale network,
GetBulk reduces the administrator'sworkload and improves management
efficiency.
Table 1-3Different SNMP versions' support for the features
Feature SNMPv1 SNMPv2c SNMPv3
Access control Community-name-
based access control
supported
Community-name-
based access control
supported
User or user-group-
based access control
supported
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
5
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
17/282
Feature SNMPv1 SNMPv2c SNMPv3
Authentication and
encryption
Not supported Not supported Supported, and the
supported
authentication and
encryption modes are
as follows:
Authentication
mode:
l MD5
l SHA
Encryption mode:
DES56
Error code 6 error codes
supported
16 error codes
supported
16 error codes
supported
Trap Supported Supported Supported
GetBulk Not supported Supported Supported
Table 1-4Usage scenarios of different SNMP versions
Version Usage Scenario
SNMPv1 Applies to small-scale networks whose
networking is simple and securityrequirements are low or whose security and
stability are good, such as campus networks
and small enterprise networks.
SNMPv2c Applies to medium and large-scale networks
whose security requirements are not strict or
whose security is good (for example, VPNs)
but whose services are so busy that traffic
congestion may occur.
SNMPv3 This version is applicable to networks of
various scales, especially the networks that
have strict requirements on security and can
be managed only by authorized
administrators, such as the scenario where
data between the NM station and managed
devices needs to be transmitted over a public
network.
If you plan to build a new network, choose an SNMP version based on your usage scenario. If
you plan to expand or upgrade an existing network, choose an SNMP version to match the SNMP
version running on the NM station to ensure the normal communication between manageddevices and the NM station.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
6
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
18/282
1.2 Configuring a Device to Communicate with an NMStation by Running SNMPv1
After SNMPv1 is configured, a managed device and an NM station can run SNMPv1 to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
The NM station manages a device in the following manners:
l Sends requests to the managed device to perform the GetRequest, GetNextRequest,
GetResponse, GetBulk, or SetRequest operation, obtaining data and setting values.
l Receives alarms from the managed device and locates and rectify device faults based on
the alarm information.
In the following configuration, after basic SNMP functions are configured, the NM station can
manage the device in these manners. For details on how to configure finer management such as
accurate access control or alarm module specification, see the following configuration
procedures.
1.2.1 Establishing the Configuration Task
Before configuring a device to communicate with an NM station by running SNMPv1,
familiarize yourself with the applicable environment, complete the pre-configuration tasks, and
obtain the data required for the configuration. This will help you complete the configuration task
quickly and accurately.
Applicable Environment
SNMP needs to be deployed in a network to allow the NM station to manage network devices.
If the network has a few devices and its security is good, such as a campus network or a small
enterprise network, SNMPv1 can be deployed to ensure the normal communication between the
NM station and managed devices.
Pre-configuration Tasks
Before configuring a device to communicate with an NM station by running SNMPv1, complete
the following task:
l Configuring a routing protocol to ensure that the router and NM station are routable
Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv1, you need
the following data.
No. Data
1 SNMP version, SNMP community name, destination address of alarm messages, and
administrator's contact information and location
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
7
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
19/282
No. Data
2 (Optional) ACL number, IP address of the NM station, and MIB object
3 (Optional) Name of the alarm-sending module, source address of trap messages,
queue length for trap messages, and lifetime of trap messages
1.2.2 Configuring Basic SNMPv1 Functions
After basic SNMP functions are configured, an NM station can perform basic operations such
as Get and Set operations on a managed device, and the managed device can send alarms to the
NM station.
ContextSteps 3, 4, 5, 6are mandatory for the configuration of basic SNMP functions. After the
configurations are complete, basic SNMP communication can be conducted between the NM
station and managed device.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 (Optional) Run:
snmp-agent
The SNMP agent function is enabled.
By default, the SNMP agent function is disabled. Running any command with the parameter
snmp-agentcan enable the SNMP agent function, so this step is optional.
Step 3 Run:
snmp-agent sys-infoversionv1
The SNMP version is set.
By default, SNMPv1, SNMPv2c, and SNMPv3 are enabled.
Step 4 Run:
snmp-agent community{ read|write} community-name
The community name is set.
l readmust be configured in the command if the NM station administrator requires the read
permission in a specified view in some cases. For example, a low-level administrator must
read certain data.
l writemust be configured in the command if the NM station administrator requires the read
and write permissions in a specified view in some cases. For example, a high-leveladministrator must read and write certain data.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
8
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
20/282
After the community name is set, if no MIB view is configured, the NM station that uses the
community name has rights to access objects in the Viewdefault view.
Step 5 Run:
snmp-agent target-host trap-paramsnameparamsnamev1securitynamesecurityname[
binding-private-value] [private-netmanager]
The parameters of the trap messages sent from device are configured.
Step 6 Run:
snmp-agent target-host trap-hostnamehostnameaddressipv4-addr[ udp-portudp-
portid] [public-net| vpn-instancevpn-instance-name] trap-paramsnameparamsname
The destination address for the alarms and error codes sent from the device is configured.
The descriptions of the command parameters are as follows:
l The default destination UDP port number is 162. In some special cases (for example, port
mirroring is configured to prevent a well-known port from being attacked), the parameterudp-portcan be used to specify an unknown UDP port number. This ensures normal
communication between the NM station and managed device.
l If the alarms sent from the managed device to the NM station must be transmitted over a
public network, the parameter public-netmust be configured. If the alarms sent from the
managed device to the NM station must be transmitted over a private network, the parameter
vpn-instancevpn-instance-namemust be used to specify a VPN that takes over the sending
task.
Step 7 (Optional) Run:
snmp-agent sys-info{ contactcontact| locationlocation}
The equipment administrator's contact information or location is configured.
This step is required when the NM station administrator must know equipment administrators'
contact information and locations when the NM station manages many devices. This allows the
NM station administrator to contact the equipment administrators quickly for fault location and
rectification.
To configure both the equipment administrator's contact information and location, you must run
the command twice to configure them separately.
----End
Follow-up Procedure
If finer device management is required, follow directions below to configure a managed device:
l To allow a specified NM station that uses the community name to manage specified objects
on the device, follow the procedure described in Controlling the NM Station's Access to
the Device.
l To allow a specified module on the managed device to report alarms to the NM station,
follow the procedure described in Configuring the Trap Function.
l If the NM station and managed device are both Huawei products, follow the procedure
described in Enabling the SNMP Extended Error Code Functionto allow the device to
send more types of error codes. This allows more specific error identification and facilitatesyour fault location and rectification.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
9
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
21/282
1.2.3 (Optional) Controlling the NM Station's Access to the Device
This section describes how to specify an NM station and manageable MIB objects for SNMP-
based communication between the NM station and managed device to improve communication
security.
Context
If a device is managed by multiple NM stations that use the same community name, note the
following points:
l If all the NM stations that use the community name need to have rights to access the objects
in the Viewdefault view (1.3.6.1), skip the following steps.
l If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), skip Step5.
l If all the NM stations need to manage specified objects on the device, skip Step2, Step3,
and Step4.
l If some of the NM stations that use the community name need to manage specified objects
on the device, perform all the following steps.
Procedure
Step 1 Run:system-view
The system view is displayed.
Step 2 Run:
aclacl-number
A basic ACL is created to filter the NM station users that can manage the device.
Step 3 Run:rule[ rule-id] { deny|permit} source{ source-ip-addresssource-wildcard|
any}
A rule is added to the ACL.
Step 4 Run:quit
Return to the system view.
Step 5 Run:snmp-agent mib-viewview-name{ include| exclude} subtree-name[maskmask]
A MIB view is created, and manageable MIB objects are specified.
By default, an NM station has rights to access the objects in the Viewdefault view (1.3.6.1).
l If a few MIB objects on a device or some objects in the current MIB view do not or no longer
need to be managed by the NM station, excludeneeds to be specified in the related command
to exclude these MIB objects.
l If a few MIB objects on the device or some objects in the current MIB view need to be
managed by the NM station, includeneeds to be specified in the related command to includethese MIB objects.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
10
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
22/282
Step 6 Run:snmp-agent community{ read|write} community-name[mib-viewview-name| aclacl-
number]*
The NM station's access rights are specified.
l readneeds to be configured in the command if the NM station administrator needs the read
permission in the specified view in some cases. For example, a low-level administrator needs
to read certain data. writeneeds to be configured in the command if the NM station
administrator needs the read and write permissions in the specified view in some cases. For
example, a high-level administrator needs to read and write certain data.
l If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), mib-viewview-namedoes not need to be
configured in the command.
l If all the NM stations that use the community name need to manage specified objects on the
device, aclacl-numberdoes not need to be configured in the command.
l
If some of the NM stations that use the community name need to manage specified objectson the device, both mib-viewand aclneed to be configured in the command.
----End
Follow-up Procedure
After the access rights are configured, especially after the IP address of the NM station is
specified, if the IP address changes (for example, the NM station changes its location, or IP
addresses are reallocated due to network adjustment), you need to change the IP address of the
NM station in the ACL. Otherwise, the NM station cannot access the device.
1.2.4 (Optional) Enabling the SNMP Extended Error Code FunctionThis section describes how to enable the extended SNMP error code function when both the NM
station and managed device are Huawei products. After this function is enabled, more types of
error codes are provided to help you locate and rectify faults more quickly and accurately.
Procedure
Step 1 Run:system-view
The system view is displayed.
Step 2 Run:snmp-agent extend error-code enable
The SNMP extended error code function is enabled.
By default, SNMP standard error codes are used. After the extended error code function is
enabled, extended error codes can be sent to the NM station.
----End
1.2.5 (Optional) Configuring the Trap Function
This section describes how to specify the alarms to be sent to the NM station, which will help
you to locate important problems. After relevant parameters are set, the security of alarm sendingcan be improved.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
11
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
23/282
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:snmp-agent trap enable
Alarm sending is enabled.
Step 3 Run:
snmp-agent trap sourceinterface-typeinterface-number
The source interface for trap messages is specified.
After the source interface is specified, its IP address becomes the source IP address of trap
messages. Configuring the IP address of the local loopback interface as the source interface isrecommended, which can ensure device security.
The source interface specified on the router for trap messages must be consistent with that
specified on the NM station; otherwise, the NM station will not accept the trap messages sent
from the router.
Step 4 Run:
snmp-agent trap queue-sizesize
The length of the queue storing trap messages to be sent to the destination host is set.
The queue length depends on the number of generated trap messages. If the router frequently
generates trap messages, a longer queue length can be set to prevent trap messages from beinglost.
Step 5 Run:snmp-agent trap lifeseconds
The lifetime of every trap message is set.
The lifetime of every trap message depends on the number of generated trap messages. If the
router frequently generates trap messages, a longer lifetime can be set for every trap message to
prevent trap messages from being lost.
----End
1.2.6 Checking the Configuration
After SNMPv1 functions are configured, you can view the SNMPv1 configurations.
Prerequisites
The configurations of basic SNMPv1 functions are complete.
Procedure
l
Run the display snmp-agent community{ read| write} command to check theconfigured community name.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
12
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
24/282
l Run the display snmp-agent sys-infoversioncommand to check the enabled SNMP
version.
l Run the display aclacl-numbercommand to check the rules in the specified ACL.
l Run the display snmp-agent mib-viewcommand to check the MIB view.
l Run the display snmp-agent sys-infocontactcommand to check the equipment
administrator's contact information.
l Run the display snmp-agent sys-infolocationcommand to check the location of the
device.
l Run the display current-configuration| includetrapcommand to check trap
configurations.
l Run the display snmp-agent extend error-code statuscommand to check whether the
SNMP extended error code feature is enabled.
----End
Example
When the configuration is complete, run the display snmp-agent community readcommand.
You can view the configured community name. display snmp-agent community read Community name:
huawei
Storage type: nonVolatileView name: ViewDefault
Acl: 2001
Total number is 1
Run the display snmp-agent sys-info versioncommand. You can view the SNMP version
running on the agent. display snmp-agent sys-info version
SNMP version running in the system: SNMPv1
Run the display aclacl-numbercommand. You can view the rules in the specified ACL. displayacl2000Basic ACL 2000, 1 rule
Acl's step is 5
rule 5 permit source 1.1.1.1 0
Run the display snmp-agent mib-viewcommand. You can view the MIB view. display snmp-agent mib-view View name:ViewDefault
MIB Subtree:internet
Subtree mask: Storage type: nonVolatile
View Type:included
View status:active
View name:ViewDefault MIB Subtree:snmpUsmMIB
Subtree mask:
Storage type: nonVolatile View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpVacmMIB Subtree mask:
Storage type: nonVolatile
View Type:excluded
View status:active View name:ViewDefault
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
13
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
25/282
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
26/282
Applicable Environment
SNMP needs to be deployed in a network to allow the NM station to manage network devices.
If your network is a large scale with many devices and its security requirements are not strict or
its security is good (for example, a VPN network) but services on the network are so busy thattraffic congestion may occur, SNMPv2c can be deployed to ensure communication between the
NM station and managed devices.
Pre-configuration Tasks
Before configuring a device to communicate with an NM station by running SNMPv2c, complete
the following task:
l Configuring a routing protocol to ensure that the router and NM station are routable
Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv2c, you
need the following data.
No. Data
1 SNMP version, SNMP community name, address of the alarm destination host, and
administrator's contact information and location
2 (Optional) ACL number, IP address of the NM station, MIB object
3 (Optional) Name of the alarm-sending module, source address of trap messages,
queue length for trap messages, and lifetime of trap messages
1.3.2 Configuring Basic SNMPv2c Functions
After basic SNMP functions are configured, an NM station can perform basic operations such
as Get and Set operations on a managed device, and the managed device can send alarms to the
NM station.
Context
Steps 3, 4, 5, 6, and 7are mandatory for the configuration of basic SNMP functions. After the
configurations, basic SNMP communication can be conducted between the NM station and
managed device.
Procedure
Step 1 Run:system-view
The system view is displayed.
Step 2 (Optional) Run:snmp-agent
The SNMP agent function is enabled.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
15
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
27/282
By default, the SNMP agent function is disabled. Running any command with the parameter
snmp-agentcan enable the SNMP agent function, so this step is optional.
Step 3 Run:snmp-agent sys-infoversionv2c
The SNMP version is set.
By default, SNMPv1, SNMPv2c, and SNMPv3 is enabled.
Step 4 Run:snmp-agent community{ read|write} community-name
The community name is set.
l readmust be configured in the command if the NM station administrator requires the read
permission in a specified view in some cases. For example, a low-level administrator must
read certain data.
l writemust be configured in the command if the NM station administrator requires the read
and write permissions in a specified view in some cases. For example, a high-level
administrator must read and write certain data.
After the community name is set, if no MIB view is configured, the NM station that uses the
community name has rights to access objects in the Viewdefault view.
Step 5 Run:snmp-agent target-host trap-paramsnameparamsnamev2csecuritynamesecurityname[binding-private-value] [private-netmanager]
The parameters of the trap messages sent from device are configured.
Step 6 Run:snmp-agent target-host trap-hostnamehostnameaddressipv4-addr[ udp-portudp-
portid] [public-net| vpn-instancevpn-instance-name] trap-paramsnameparamsname
The destination address for the alarms and error codes sent from the device is configured.
The descriptions of the command parameters are as follows:
l The default destination UDP port number is 162. In some special cases (for example, port
mirroring is configured to prevent a well-known port from being attacked), the parameter
udp-portcan be used to specify a non-well-known UDP port number. This ensures normal
communication between the NM station and managed device.
l If the alarms sent from the managed device to the NM station need to be transmitted over a
public network, the parameter public-netneeds to be configured. If the alarms sent from themanaged device to the NM station need to be transmitted over a private network, the
parameter vpn-instancevpn-instance-nameneeds to be used to specify a VPN that will take
over the sending task.
Step 7 (Optional) Run:snmp-agent sys-info{ contactcontact| locationlocation}
The equipment administrator's contact information or location is configured.
This step is required when the NM station administrator must know equipment administrators'
contact information and locations when the NM station manages many devices. This allows the
NM station administrator to contact the equipment administrators quickly for fault location andrectification.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
16
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
28/282
To configure both the equipment administrator's contact information and location, you must run
the command twice to configure them separately.
----End
Follow-up Procedure
If finer device management is required, follow directions below to configure the managed
device:
l To allow a specified NM station that uses the community name to manage specified objects
of the device, follow the procedure described in Controlling the NM Station's Access to
the Device.
l To allow a specified module on the managed device to report alarms to the NM station,
follow the procedure described in Configuring the Trap Function.
l If the NM station and managed device are both Huawei products, follow the procedure
described in Enabling the SNMP Extended Error Code Functionto allow the device to
send more types of error codes. This allows more specific error identification and facilitates
your fault location and rectification.
1.3.3 (Optional) Controlling the NM Station's Access to the Device
This section describes how to specify an NM station and manageable MIB objects for SNMP-
based communication between the NM station and managed device to improve communication
security.
Context
If a device is managed by multiple NM stations that use the same community name, note the
following points:
l If all the NM stations that use the community name need to have rights to access the objects
in the Viewdefault view (1.3.6.1), skip the following steps.
l If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), skip Step5.
l If all the NM stations need to manage specified objects on the device, skip Step2, Step3,
and Step4.
l If some of the NM stations that use the community name need to manage specified objects
on the device, perform all the following steps.
Procedure
Step 1 Run:system-view
The system view is displayed.
Step 2 Run:aclacl-number
A basic ACL is created to filter the NM station users that can manage the device.
Step 3 Run:
rule[ rule-id] { deny|permit} source{ source-ip-addresssource-wildcard|any}
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Network Management 1 SNMP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
17
-
8/10/2019 Configuration Guide - Network Management(V200R002C00_02)
29/282
A rule is added to the ACL.
Step 4 Run:
quit
Return to the system view.
Step 5 Run:
snmp-agent mib-viewview-name{ include| exclude} subtree-name[maskmask]
A MIB view is created, and manageable MIB objects are specified.
By default, an NM station has rights to access the objects in the Viewdefault view (1.3.6.1).
l If a few MIB objects on a device or some objects in the current MIB view do not or no longer
need to be managed by the NM station, excludeneeds to be specified in the related command
to exclude these MIB objects.
l If a few MIB objects on the device or some objects in the current MIB view need to be
managed by the NM station, includeneeds to be specified in the related command to include
these MIB objects.
Step 6 Run:
snmp-agent community{ read|write} community-name[mib-viewview-name| aclacl-
number]*
The NM station's access rights are specified.
l readneeds to be configured in the command if the NM station ad