H3C S9500 Series Operating instructions

Type
Operating instructions

H3C S9500 Series, a powerful routing switch, offers a comprehensive suite of features for your networking needs. With its advanced capabilities, the H3C S9500 Series excels in providing high-performance routing, flexible service provisioning, robust security, and comprehensive management. It's ideal for building scalable and reliable networks for data centers, enterprise campuses, and service provider infrastructures.

H3C S9500 Series, a powerful routing switch, offers a comprehensive suite of features for your networking needs. With its advanced capabilities, the H3C S9500 Series excels in providing high-performance routing, flexible service provisioning, robust security, and comprehensive management. It's ideal for building scalable and reliable networks for data centers, enterprise campuses, and service provider infrastructures.

Operation Manual – SNMP
H3C S9500 Series Routing Switches Table of Contents
i
Table of Contents
Chapter 1 SNMP Configuration....................................................................................................1-1
1.1 SNMP Overview.................................................................................................................1-1
1.1.1 Introduction to SNMP..............................................................................................1-1
1.1.2 SNMP Versions and Supported MIB.......................................................................1-1
1.2 Configuring SNMP.............................................................................................................1-3
1.2.1 Setting Community Names .....................................................................................1-3
1.2.2 Setting the System Information...............................................................................1-4
1.2.3 Enabling SNMP Agent to Send Traps.....................................................................1-4
1.2.4 Setting the Destination Address of Trap.................................................................1-5
1.2.5 Setting Lifetime of Trap Message ...........................................................................1-6
1.2.6 Setting the Engine ID of a Local Device .................................................................1-6
1.2.7 Setting an SNMP Group..........................................................................................1-6
1.2.8 Setting the Source Address of Trap........................................................................1-7
1.2.9 Adding a User to an SNMP Group..........................................................................1-7
1.2.10 Creating/Updating View Information .....................................................................1-7
1.2.11 Setting the Size of the SNMP Packet Sent/Received by an Agent.......................1-8
1.2.12 Disabling SNMP Agent..........................................................................................1-8
1.2.13 Extending the Standard linkUp/linkDown Traps....................................................1-8
1.3 Displaying and Debugging SNMP .....................................................................................1-9
1.4 SNMP Configuration Examples.......................................................................................1-10
1.4.1 Common SNMP Configuration Example...............................................................1-10
1.4.2 Configuration Example for Private Network Support ............................................1-11
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-1
Chapter 1 SNMP Configuration
When configuring SNMP, go to these sections for information you are interested in:
z SNMP Overview
z Configuring SNMP
z Displaying and Debugging SNMP
z SNMP Configuration Examples
1.1 SNMP Overview
1.1.1 Introduction to SNMP
By far, Simple Network Management Protocol (SNMP) has gained the most extensive
application in the computer networks. SNMP has been put into use and widely
accepted as an industry standard in practice. It is used for ensuring the transmission of
the management information between any two nodes. In this way, network
administrators can easily search and modify the information on any node on the
network. In the meantime, they can locate faults promptly and implement the fault
diagnosis, capacity planning and report generating. SNMP adopts the polling
mechanism and provides the most basic function set. It is most applicable to the
small-sized, fast-speed and low-cost environment. It only requires the unverified
transport layer protocol UDP; and is thus widely supported by many other products.
In terms of structure, SNMP can be divided into two parts, namely, Network
Management Station and Agent. Network Management Station is the workstation for
running the client program. At present, the commonly used NM platforms include Sun
NetManager and IBM NetView. Agent is the server software operated on network
devices. Network Management Station can send GetRequest, GetNextRequest and
SetRequest messages to the Agent. Upon receiving the requests from the Network
Management Station, Agent will perform Read or Write operation according to the
message types, generate and return the Response message to Network Management
Station. On the other hand, Agent will send Trap message on its own initiative to the
Network Management Station to report the events whenever the device encounters any
abnormalities such as restart.
1.1.2 SNMP Versions and Supported MIB
To uniquely identify the management variables of a device in SNMP messages, SNMP
adopts the hierarchical naming scheme to identify the managed objects. It is like a tree.
A tree node represents a managed object, as shown in the figure below. Thus the object
can be identified with the unique path starting from the root.
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-2
A
2
6
1
5
2
1
1
2
1
B
Figure 1-1 Architecture of the MIB tree
The MIB (Management Information Base) is used to describe the hierarchical
architecture of the tree and it is the set defined by the standard variables of the
monitored network device. In the above figure, the managed object B can be uniquely
specified by a string of numbers {1.2.1.1}. The number string is the Object Identifier of
the managed object.
The current SNMP Agent of switch supports SNMP V1, V2C and V3. The MIBs
supported are listed in the following table.
Table 1-1 MIBs supported by the switch
MIB attribute MIB content References
MIB II based on TCP/IP network device RFC1213
RFC1493
BRIDGE MIB
RFC2675
RIP MIB RFC1724
RMON MIB RFC2819
Ethernet MIB RFC2665
OSPF MIB RFC1253
Public MIB
IF MIB RFC1573
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-3
MIB attribute MIB content References
DHCP MIB
QACL MIB
ADBM MIB
RSTP MIB
VLAN MIB
Device management
Private MIB
Interface management
1.2 Configuring SNMP
The following sections describe the SNMP configuration tasks.
z Setting Community Names
z Setting the System Information
z Enabling SNMP Agent to Send Trap
z Setting the Destination Address of Trap
z Setting Lifetime of Trap Message
z Setting the Engine ID of a Local Device
z Setting an SNMP Group
z Setting the Source Address of Trap
z Adding a User to an SNMP Group
z Creating/Updating View Information
z Setting the Size of the SNMP Packet Sent/Received by an Agent
z Disabling SNMP Agent
z Extending the Standard linkUp/linkDown Traps
1.2.1 Setting Community Names
z SNMP V1 and SNMPV2C adopt the community name authentication scheme.
SNMP Community is named with a character string, which is called community
name. SNMP community name defines the relationship between SNMP manager
and SNMP agent. The community name functions like a password, that is, it
controls the access of the SNMP manager to the SNMP agent. You can choose to
specify one or more community name-related features: Define MIB views of all the
accessible MIB subsets.
z Define the read-only or read-write access mode of the community name to the MIB.
The community with read-only authority can only query the device information,
whereas the community with read-write authority can also configure the device.
Perform the following configuration in system view:
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-4
To do… Use the command…
Set the community name and the access
authority
snmp-agent community { read | write }
community-name
[ [ mib-view-view-name ] [ acl acl-list ] ]
Remove the community name and the
access authority
undo snmp-agent community
community-name
1.2.2 Setting the System Information
System information includes the ID and the contact method of the administrator, the
location of the switch and the version of the SNMP.
The ID and the contact method of the administrator is a character string describing the
contact information used for the system maintenance. Through this information, the
device maintenance staffs can obtain the manufacturer information of the device so as
to contact the manufacturer in case the device is in trouble. You can use the following
command to set the contact information.
The location information of the switch is a management variable of the system group in
MIB, which represents the location of the managed device.
Perform the following configuration in system view:
To do… Use the command…
Set the system information
snmp-agent sys-info { contact sysContact |
location sysLocation | version { { v1 | v2c |
v3 }* | all } }
Restore the default information
undo snmp-agent sys-info { { contact |
location }* | version { { v1 | v2c | v3 }* | all } }
By default, the contact information for system maintenance is "Hangzhou H3C
Technologies Co., Ltd.", the physical location information is " Hangzhou, China", and
the version is SNMPv1, SNMPv2c, and SNMPv3.
1.2.3 Enabling SNMP Agent to Send Traps
The managed device transmits traps without request to the Network Management
Station to report some critical and urgent events (such as restart).
You can use the following commands to enable or disable the managed device to send
trap messages.
Perform the following configuration in corresponding views.
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-5
To do… Use the command…
Enable the sending of trap (system view)
snmp-agent trap enable [ bgp
[ backwardtransition | established ]* |
configuration | flash | ospf
[ process-id ] [ ospf-trap-list ] |
protect-switch | pw | ldp | lsp |
mpls-oam | standard [ authentication |
coldstart | linkdown | linkup |
warmstart ]* | system | vrrp
[ authfailure | newmaster ] ]
Disable the sending of trap (system
view)
undo snmp-agent trap enable [ bgp
[ backwardtransition | established ]* |
configuration | flash | ospf
[ process-id ] [ ospf-trap-list ] |
protect-switch | pw | ldp | lsp |
mpls-oam | standard [ authentication |
coldstart | linkdown | linkup |
warmstart ]* | system | vrrp
[ authfailure | newmaster ] ]
Enable the switch ports to send SNMP
trap messages (Ethernet port view or
VLAN interface view)
enable snmp trap updown
Disable the switch port to send SNMP
trap messages (Ethernet port view or
VLAN interface view)
undo enable snmp trap updown
By default, the current port or VLAN interface sends trap messages.
1.2.4 Setting the Destination Address of Trap
You can use the following commands to set or delete the destination address of the
trap.
Perform the following configuration in system view.
To do… Use the command…
Set the destination address of trap
snmp-agent target-host trap address
udp-domain host-addr [ udp-port
udp-port-number ] params
securityname securityname [ v1 | v2c |
v3 [ authentication | privacy ] ]
Delete the destination address of trap
undo snmp-agent target-host
host-addr securityname securityname
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-6
1.2.5 Setting Lifetime of Trap Message
You can use the following command to set lifetime of Trap message. Trap message that
exists longer than the set lifetime will be dropped.
Perform the following configuration in system view.
To do… Use the command…
Set lifetime of Trap message snmp-agent trap life seconds
Restore lifetime of Trap message undo snmp-agent trap life
By default, the lifetime of Trap message is 120 seconds.
1.2.6 Setting the Engine ID of a Local Device
You can use the following commands to set the engine ID of a local device.
Perform the following configuration in system view.
To do… Use the command…
Set the engine ID of the device
snmp-agent local-engineid engineid
Restore the default engine ID of the
device.
undo snmp-agent local-engineid
The engine ID of the device can be IP address, MAC address or self-defined text. It
defaults to the enterprise number + the device information.
1.2.7 Setting an SNMP Group
You can use the following commands to set or delete an SNMP group.
Perform the following configuration in system view.
To do… Use the command…
Set an SNMP group
snmp-agent group { v1 | v2c } group-name
[ read-view read-view ] [ write-view write-view ]
[ notify-view notify-view ] [ acl acl-list ]
snmp-agent group v3 group-name [ authentication
| privacy ] [ read-view read-view ] [ write-view
write-view ] [notify-view notify-view ] [ acl acl-list ]
Delete an SNMP group
undo snmp-agent group { v1 | v2c } group-name
undo snmp-agent group v3 group-name
[ authentication | privacy ]
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-7
1.2.8 Setting the Source Address of Trap
You can use the following commands to set or remove the source address of the trap.
Perform the following configuration in system view.
To do… Use the command…
Set the Source Address of Trap
snmp-agent trap source interface-type
interface-number
Remove the source address of trap undo snmp-agent trap source
1.2.9 Adding a User to an SNMP Group
You can use the following commands to add or delete a user to/from an SNMP group.
Perform the following configuration in system view.
To do… Use the command…
Add a user to an SNMP
group
snmp-agent usm-user { v1 | v2c } username
groupname [ acl acl-list ]
snmp-agent usm-user v3 username groupname
[ authentication-mode { md5 | sha } authpassstring
[ privacy-mode { des56 privpassstring } ] ] [ acl acl-list ]
Delete a user from an
SNMP group
undo snmp-agent usm-user { v1 | v2c } username
groupname
undo snmp-agent usm-user v3 username groupname
{ local | engineid engine-id }
You must first configure the SNMP engine ID before configuring the remote user for an
agent, because the engine ID is required during the authentication. If you forget to
configure the engine ID before adding a user, the operation of adding this user will fail.
For SNMPv1 and v2c, this operation is adding a new community name, while for
SNMPv3, this operation is adding a user for an SNMP group.
1.2.10 Creating/Updating View Information
You can specify the view to control the access to the MIB by SNMP manager. You can
use either the predefined views or the self-defined views. You can use the following
commands to create, update the information of views or delete a view.
Perform the following configuration in system view.
To do… Use the command…
Create/Update view information
snmp-agent mib-view { included |
excluded } view-name oid-tree
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-8
To do… Use the command…
Delete a view
undo snmp-agent mib-view
view-name
1.2.11 Setting the Size of the SNMP Packet Sent/Received by an Agent
You can use the following commands to set the size of SNMP packet sent/received by
an agent.
Perform the following configuration in system view.
To do… Use the command…
Set the size of the SNMP packet
sent/received by an agent
snmp-agent packet max-size
byte-count
Restore the default size of the SNMP
packet sent/received by an agent
undo snmp-agent packet max-size
The agent can receive/send the SNMP packets of the sizes ranging from 484 to 17940,
measured in bytes. By default, the size of an SNMP packet is 2000 bytes.
1.2.12 Disabling SNMP Agent
To disable SNMP Agent, perform the following configuration in system view.
To do… Use the command…
Disable SNMP agent undo snmp-agent
If users disable SNMP Agent, it will be enabled whatever snmp-agent command is
configured thereafter.
1.2.13 Extending the Standard linkUp/linkDown Traps
Follow these steps to extend the stand linkup/down traps:
To do… Use the command… Remarks
Extend the standard
linkUp/linkDown traps
snmp-agent trap ifmib
link extended
Available in system view
Disable the extension of
the standard
linkUp/linkDown traps
undo snmp-agent trap
ifmib link extended
Available in system view
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-9
After this command is configured, an extended linkUp/linkDown trap is the standard
linkUp/linkDown trap defined in RFC appended with the interface description and
interface type information.
Caution:
Not all NMSs can process the extended trap messages correctly. By default, the device
sends traps whose format is consistent with that defined in the standard IF-MIB. This
command is available only when the NMS used supports the extended trap.
1.3 Displaying and Debugging SNMP
To do… Use the command… Remarks
Display the statistics
information about SNMP
packets
display snmp-agent
statistics
Available in any view
Display the engine ID of
the active device
display snmp-agent
local-engineid
Available in any view
Display the group name,
the security mode, the
states for all types of
views, and the storage
mode of each group of the
switch.
display snmp-agent
group [ group-name ]
Available in any view
Display SNMP user
information in the group
user table
display snmp-agent
usm-user [ engineid
engineid | group
groupname | username
username ]*
Available in any view
Display the current
community name
display snmp-agent
community [ read |
write ]
Available in any view
Display the current MIB
view
display snmp-agent
mib-view [ exclude |
include | { viewname
mib-view } ]
Available in any view
Display the contact
character strings, location
character strings, and the
SNMP version of the
system
display snmp-agent
sys-info [ contact |
location | version ]*
Available in any view
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-10
1.4 SNMP Configuration Examples
1.4.1 Common SNMP Configuration Example
I. Network requirements
Network Management Station and the switch are connected through the Ethernet. The
IP address of Network Management Station is 129.102.149.23 and that of the VLAN
interface on the switch is 129.102.0.1. Perform the following configurations on the
switch: setting the community name and access authority, administrator ID, contact and
switch location, and enabling the switch to send trap packets.
II. Network diagram
Figure 1-2 Network diagram for SNMP configuration
III. Configuration procedure
# Enter the system view.
<H3C> system-view
# Set the community name, group and user.
[H3C] snmp-agent sys-info version all
[H3C] snmp-agent community read public
[H3C] snmp-agent mib include internet 1.3.6.1
[H3C] snmp-agent group v3 managev3group write internet
[H3C] snmp-agent usm v3 managev3user managev3group
# Set VLAN-interface 2 as the interface for network management. Add port
GigabitEthernet 2/1/3 to VLAN 2. This port will be used for network management. Set
the IP address of VLAN-interface 2 as 129.102.0.1.
[H3C] vlan 2
[H3C-vlan2] port gigabitethernet 2/1/3
[H3C-vlan2] interface vlan 2
[H3C-Vlan-interface2] ip address 129.102.0.1 255.255.0.0
# Enable SNMP agent to send the trap to network management station whose IP
address is 129.102.149.23. The SNMP community is public.
[H3C] snmp-agent trap enable standard authentication
[H3C] snmp-agent trap enable standard coldstart
[H3C] snmp-agent trap enable standard linkup
[H3C] snmp-agent trap enable standard linkdown
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-11
[H3C] snmp-agent target-host trap address udp-domain 129.102.149.23 udp-port
5000 params securityname public
# Configure network management system
The PC on which the network management resides requires for login configuration. As
for Mib-Browser, the login configuration is as follows: SNMPv1/v2c logs in using the
default community name public, and the SNMPv3 logs in using managev3user.
The switch supports iManager Quidview NMS. Users can query and configure the
switch through the network management system. For details, see the manuals for the
network management products.
1.4.2 Configuration Example for Private Network Support
I. Network requirements
z As shown in Figure 1-3, the VLAN to which PC belongs is in a private network. You
manage the switches S9500A and S9500B using the network management
software Quidview on PC;
z S9500A acts as a host. On S9500A, configure a static route to PC in the public
network, and configure the static routes to the loopback interface and other
devices to be managed in the private network;
z On S9500B, configure the routes to PC and the loopback interface on S9500A
through a routing protocol or configure the static routes to them;
z It is required to implement: PC can manage S9500A and S9500B through SNMP
in the private network.
II. Network diagram
Figure 1-3 Network diagram for SNMP private network support
III. Configuration procedure
1) Configure S9500A
# Configure the loopback interface and a VLAN interface.
<S9500A> system-view
[S9500A] interface loopback 0
[S9500A-LoopBack0] ip address 1.1.1.1 32
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-12
[S9500A-LoopBack0] quit
[S9500A] vlan 10
[S9500A-vlan10] port Ethernet 3/1/2
[S9500A-vlan10] interface vlan-interface 10
[S9500A-Vlan-interface10] ip address 10.0.0.1 24
[S9500A-Vlan-interface10] quit
# Create a VPN instance, create a VLAN and bind it with the private network.
[S9500A] ip vpn-instance vpna
[S9500A-vpn-vpna] route-distinguisher 100:1
[S9500A-vpn-vpna] vpn-target 100:1 both
[S9500A-vpn-vpna] quit
[S9500A] vlan 172
[S9500A-vlan172] port Ethernet 3/1/1
[S9500A-vlan172] interface vlan-interface 172
[S9500A-Vlan-interface172] ip binding vpn-instance vpna
[S9500A-Vlan-interface172] ip address 172.16.0.1 24
[S9500A-Vlan-interface172] quit
# Configure static routes.
[S9500A] ip route-static 172.16.0.2 255.255.255.255 vpn-instance vpna
172.16.0.2 preference 1
[S9500A] ip route-static vpn-instance vpna 1.1.1.1 255.255.255.255 10.0.0.2
public preference 1
[S9500A] ip route-static vpn-instance vpna 2.2.2.2 255.255.255.255 10.0.0.2
public preference 1
# Configure SNMP, and set the trap source address.
[S9500A] snmp-agent
[S9500A] snmp-agent local-engineid 800007DB000FE21E44486877
[S9500A] snmp-agent community write private
[S9500A] snmp-agent community read public
[S9500A] snmp-agent sys-info version all
[S9500A] snmp-agent target-host trap address udp-domain 172.16.0.2 params
securityname public
[S9500A] snmp-agent trap enable ldp
[S9500A] snmp-agent trap enable configuration
[S9500A] snmp-agent trap enable system
[S9500A] snmp-agent trap enable standard
[S9500A] snmp-agent trap enable lsp
[S9500A] snmp-agent trap enable vrrp
[S9500A] snmp-agent trap enable ospf
[S9500A] snmp-agent trap enable bgp
[S9500A] snmp-agent trap enable flash
Operation Manual – SNMP
H3C S9500 Series Routing Switches Chapter 1 SNMP Configuration
1-13
[S9500A] snmp-agent trap source LoopBack0
2) Configure S9500B
# Configure the loopback interface and a VLAN interface.
<S9500B> system-view
[S9500B] interface loopback 0
[S9500B-LoopBack0] ip address 2.2.2.2 32
[S9500B-LoopBack0] quit
[S9500B] vlan 10
[S9500B-vlan10] port Ethernet 2/1/1
[S9500B-vlan10] interface vlan-interface 10
[S9500B-Vlan-interface10] ip address 10.0.0.2 24
[S9500B-Vlan-interface10] quit
# Configure the static routes to S9500A and PC.
[S9500B] ip route-static 172.16.0.2 255.255.255.255 10.0.0.1 preference 1
[S9500B] ip route-static 1.1.1.1 255.255.255.255 10.0.0.1 preference 1
# Configure SNMP, and set the trap source address.
[S9500B] snmp-agent
[S9500B] snmp-agent local-engineid 800007DB000FE21E44486877
[S9500B] snmp-agent community write private
[S9500B] snmp-agent community read public
[S9500B] snmp-agent sys-info version all
[S9500B] snmp-agent target-host trap address udp-domain 172.16.0.2 params
securityname public
[S9500B] snmp-agent trap enable ldp
[S9500B] snmp-agent trap enable configuration
[S9500B] snmp-agent trap enable system
[S9500B] snmp-agent trap enable standard
[S9500B] snmp-agent trap enable lsp
[S9500B] snmp-agent trap enable vrrp
[S9500B] snmp-agent trap enable ospf
[S9500B] snmp-agent trap enable bgp
[S9500B] snmp-agent trap enable flash
[S9500B] snmp-agent trap source LoopBack0
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14

H3C S9500 Series Operating instructions

Type
Operating instructions

H3C S9500 Series, a powerful routing switch, offers a comprehensive suite of features for your networking needs. With its advanced capabilities, the H3C S9500 Series excels in providing high-performance routing, flexible service provisioning, robust security, and comprehensive management. It's ideal for building scalable and reliable networks for data centers, enterprise campuses, and service provider infrastructures.

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI