By far, the simple network management
protocol (SNMP) has gained the most extensive application in the computer
networks. SNMP has been put into use and widely accepted as an industry
standard in practice. It is used for ensuring the transmission of the
management information between any two nodes. In this way, network
administrators can easily search and modify the information on any node on the
network. In the meantime, they can locate faults promptly and implement the
fault diagnosis, capacity planning and report generating.
SNMP adopts the polling mechanism and provides
the most basic function set. It is most applicable to the small-sized,
fast-speed and low-cost environment. It only requires the connectionless
transport layer protocol UDP; and is thus widely supported by many products.
SNMP can be divided into two parts, namely,
Network Management Station and Agent:
Network management station (NMS) is the
workstation for running the client program. At present, the commonly used NM
platforms include QuidView, Sun NetManager and IBM NetView.
Agent is the server software operated on
network devices.
The NMS can send GetRequest, GetNextRequest
and SetRequest messages to the Agent. Upon receiving the requests from the NMS,
Agent will perform Read or Write operation according to the message types,
generate and return the Response message to the NMS.
Agent will send Trap message on its own
initiative to the NMS to report the events whenever the device status changes
or the device encounters any abnormalities such as restarting the device.
Currently SNMP Agent of the device supports
SNMP V3, and is compatible with SNMP V1 and SNMP V2C.
SNMP V3 adopts user name and password
authentication.
SNMP V1 and SNMP V2C adopt community name
authentication. The SNMP packets failing to pass community name authentication
are discarded. The community name is used to define the relation between SNMP
NMS and SNMP Agent. The community name can limit access to SNMP Agent from SNMP
NMS, functioning as a password. You can define the following features related
to the community name.
l
Define MIB view that a community can access.
l
Set read-only or read-write right to access MIB
objects for the community. The read-only community can only query device
information, while the read-write community can configure the device.
l
Set the basic ACL specified by the community
name.
The management variable in the SNMP packet
is used to describe management objects of a device. To uniquely identify the
management objects of the device in SNMP messages, SNMP adopts the hierarchical
naming scheme to identify the managed objects. It is like a tree, and each tree
node represents a managed object, as shown in Figure
1-1. Thus the object can be identified with the unique path starting from
the root.
Figure 1-1 Architecture of
the MIB tree
The management information base (MIB) is
used to describe the hierarchical architecture of the tree and it is the set defined
by the standard variables of the monitored network device. In the above figure,
the managed object B can be uniquely specified by a string of numbers
{1.2.1.1}. The number string is the Object Identifier of the managed object.
The common MIBs supported by the system are
listed in Table 1-1.
Table 1-1 Common MIBs
|
MIB attribute
|
MIB content
|
References
|
|
Public MIB
|
MIB II
based on TCP/IP network device
|
RFC1213
|
|
BRIDGE MIB
|
RFC1493
|
|
RFC2675
|
|
RIP MIB
|
RFC1724
|
|
RMON MIB
|
RFC2819
|
|
Ethernet
MIB
|
RFC2665
|
|
OSPF MIB
|
RFC1253
|
|
IF MIB
|
RFC1573
|
|
Private
MIB
|
DHCP MIB
DHCP MIB
QACL MIB
ADBM MIB
IGMP
Snooping MIB
RSTP MIB
VLAN MIB
Device management
Interface
management
|
—
|
|
QACL MIB
|
—
|
|
ADBM MIB
|
—
|
|
RSTP MIB
|
—
|
|
VLAN MIB
|
—
|
|
Device
management
|
—
|
|
Interface
management
|
—
|
The configuration of SNMP V3 configuration
is different from that of SNMP V1 and SNMP V2C, therefore SNMP basic function
configurations for different versions are introduced respectively. For specific
configurations, refer to Table 1-2 and Table 1-3.
Table 1-2 Configure SNMP basic functions
for SNMP V1 and SNMP V2C
|
Operation
|
Command
|
Description
|
|
Enter
system view
|
system-view
|
—
|
|
Enable SNMP Agent
|
snmp-agent
|
Optional
By default, SNMP Agent is disabled
To enable SNMP Agent, you can execute
this command or those commands used to configure SNMP Agent features
|
|
Set system information
|
snmp-agent sys-info { contact sys-contact | location sys-location
| version { { v1 | v2c | v3 }* | all } }
|
Required
By default, the contact information for
system maintenance is "Hangzhou H3C Technology. Co.,Ltd.",
the system location is "Hangzhou China", and the SNMP version is
SNMP V3
|
|
Set a community name and access authority
|
Direct configuration
|
Set a community name
|
snmp-agent community { read | write } community-name [ acl
acl-number | mib-view view-name ]*
|
Required
l
Direct configuration for SNMP V1 and SNMP V2C
is based on community name
l
Indirect configuration. The added user is
equal to the community name for SNMPV1 and SNMPV2C
l
You can choose either of them as needed
|
|
Indirect configuration
|
Set an SNMP group
|
snmp-agent group { v1 | v2c } group-name [ read-view read-view
] [ write-view write-view ] [ notify-view notify-view
] [ acl acl-number ]
|
|
Add a new user for an SNMP group
|
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl
acl-number ]
|
|
Set the maximum size of SNMP packets that
the Agent can send/receive
|
snmp-agent packet max-size byte-count
|
Optional
By default, it is 2,000 bytes.
|
|
Set the device engine ID
|
snmp-agent local-engineid engineid
|
Optional
By default, the device engine ID is
"Enterprise Number + device information".
|
|
Create or update the view information
|
snmp-agent mib-view { included | excluded } view-name
oid-tree
|
Optional
By default, the view name is ViewDefault
and OID is 1.
|
Table 1-3 Configure SNMP basic functions
(SNMP V3)
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable SNMP Agent
|
snmp-agent
|
Required
By default, SNMP Agent is disabled
You can enable SNMP agent by executing
this command or any configuration command of snmp-agent
|
|
Set system information
|
snmp-agent sys-info { contact sys-contact | location sys-location
| version { { v1 | v2c | v3 }* | all }
}
|
Optional
By default, the contact information for
system maintenance is "Hangzhou H3C Technology. Co.,Ltd.",
the system location is "Hangzhou China", and the SNMP version is
SNMP V3.
|
|
Set an SNMP group
|
snmp-agent group v3 group-name [ authentication |
privacy ] [ read-view read-view ] [ write-view write-view
] [ notify-view notify-view ] [ acl acl-number ]
|
Required
|
|
Add a new user for an SNMP group
|
snmp-agent usm-user v3 user-name group-name [ authentication-mode
{ md5 | sha } auth-password [ privacy-mode des56
priv-password ] ] [ acl acl-number ]
|
Required
|
|
Set the size of SNMP packet that the
Agent can send/receive
|
snmp-agent packet max-size byte-count
|
Optional
By default, it is 2,000 bytes.
|
|
Set the device engine ID
|
snmp-agent local-engineid engineid
|
Optional
By default, the device engine ID is
"Enterprise Number + device information".
|
|
Create or update the view information
|
snmp-agent mib-view { included | excluded } view-name
oid-tree
|
Optional
By default, the view name is ViewDefault
and OID is 1.
|
Trap is the information that the managed
device initiatively sends to the NMS without request. Trap is used to report
some urgent and important events (e.g., the managed device is rebooted).
Complete SNMP basic configuration.
Table 1-4 Configure
Trap
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable the device to
send Trap packets
|
snmp-agent
trap enable [ bgp [ backwardtransition | established ]* | configuration
| flash | ospf [ process-id ] [ ospf-trap-list ]
| standard [ authentication | coldstart | linkdown |
linkup | warmstart ]* | system | vrrp [ authfailure
| newmaster ] ]
|
Optional
By default, the port or the interface is
enabled to send Trap packets.
|
|
Enable the port to send Trap packets
|
Enter port view or interface view
|
interface interface-type interface-number
|
|
Enable the port or interface to send Trap
packets
|
enable snmp trap updown
|
|
Quit to system view
|
quit
|
|
Set Trap target host address
|
snmp-agent target-host trap address udp-domain { ip-address }
[ udp-port port-number ] params securityname security-string
[ v1 | v2c | v3 {authentication | privacy
} ]
|
Required
|
|
Set the source address to send Trap
packets
|
snmp-agent trap source interface-type interface-number
|
Optional
|
|
Set the information queue length of Trap
packet sent to destination host
|
snmp-agent trap queue-size size
|
Optional
The default value is 100.
|
|
Set aging time for Trap packets
|
snmp-agent trap life seconds
|
Optional
The default aging time for Trap packets
is 120 seconds.
|
1.4 Displaying SNMP
After the above configuration is completed,
execute the display command in any view to view the running status of
SNMP, and to verify the configuration.
Table 1-5 Display
SNMP
|
Operation
|
Command
|
Description
|
|
Display system information of the current
SNMP device
|
display snmp-agent sys-info [ contact | location | version ]*
|
The display command can be
executed in any view
|
|
Display SNMP packet statistics
information
|
display snmp-agent statistics
|
|
Display the engine ID of the current
device
|
display snmp-agent { local-engineid | remote-engineid }
|
|
Display group information about the
device
|
display snmp-agent group [ group-name ]
|
|
Display SNMP user information
|
display snmp-agent usm-user [ engineid engineid | username user-name
| group group-name ]
|
|
Display the currently configured
community name
|
display snmp-agent community [ read | write ]
|
|
Display the currently configured MIB view
|
display snmp-agent mib-view [ exclude | include | viewname view-name
]
|
I. Network requirements
l
An NMS and Switch A are connected through the
Ethernet. The IP address of the NMS is 10.10.10.1 and that of the VLAN
interface on Switch A is 10.10.10.2.
l
Perform the following configuration on Switch A:
setting the community name and access authority, administrator ID, contact and
switch location, and enabling the switch to sent trap packet.
II. Network diagram
Figure 1-2 Network diagram for SNMP
III. Network procedure
# Set the community name, group name and
user.
<H3C> system-view
[H3C] snmp-agent
[H3C] snmp-agent sys-info version all
[H3C] snmp-agent community write
public
[H3C] snmp-agent mib-view include
internet 1.3.6.1
[H3C] snmp-agent group v3
managev3group write-view internet
[H3C] snmp-agent usm-user v3
managev3user managev3group
# Set the VLAN interface 2 as the interface
used by NMS. Add port Ethernet1/0/2 to VLAN 2. This port will be used for
network management. Set the IP address of VLAN interface 2 as 10.10.10.2.
[H3C] vlan 2
[H3C-vlan2] port Ethernet 1/0/2
[H3C-vlan2] quit
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] ip address
10.10.10.2 255.255.255.0
[H3C-Vlan-interface2] quit
# Enable the SNMP agent to send Trap
packets to the NMS whose IP address is 10.10.10.1. The SNMP community is
public.
[H3C] snmp-agent trap enable standard
authentication
[H3C] snmp-agent trap enable standard
coldstart
[H3C] snmp-agent trap enable standard
linkup
[H3C] snmp-agent trap enable standard
linkdown
[H3C] snmp-agent target-host trap
address udp-domain 10.10.10.1 udp-port 5000 params securityname public
IV. Configuring NMS
The S7500 series switch supports
H3C’s QuidView NMS. SNMP V3 adopts user name and password
authentication. In [Quidview Authentication Parameter], you need to set a user
name, choose security level, and set authorization mode, authorization
password, encryption mode, and encryption password respectively according to
different security levels. In addition, you must set timeout time and retry
times.
You can query and configure the Ethernet
switch through the NMS. For more information, refer to the manuals of
H3C’s NMS products.
NMS configuration
must be consistent with device configuration; otherwise, the NMS cannot manage
the device.
Remote monitoring (RMON) is a kind of management
information base (MIB) defined by Internet Engineering Task Force (IETF) and is
a most important enhancement made to MIB II standards. RMON is mainly used to
monitor the data traffic across a network segment or even the entire network,
and is currently a commonly used network management standard.
An RMON system comprises of two parts: the
network management station (NMS) and the agents running on each network device.
RMON agents operate on network monitors or network probes to collect and keep
track of the statistics of the traffic across the network segments to which
their ports connect such as the total number of the packets on a network
segment in a specific period of time and the total number of packets that are
sent to a specific host successfully.
RMON is fully based on simple network
management protocol (SNMP) architecture. It is compatible with the current
SNMP, so that you can implement RMON without modifying SNMP. RMON enables SNMP
to monitor remote network devices more effectively and actively, thus providing
a satisfactory means of monitoring the operation of the subnet. With RMON, the
communication traffic between NMS and agents is reduced, thus facilitating the
management of large-scale internetworks.
RMON allows multiple monitors. It collects
data in one of the following two ways:
l
Using the dedicated RMON probe. When an ROM
system operates in this way, the NMS directly obtains management information
from the RMON probes and controls the network resources. In this case, all
information in the RMON MIB can be obtained.
l
Embedding RMON agents into network devices (such
as routers, switches and hubs) directly to make the latter capable of RMON
probe functions. When an RMON system operates in this way, the NMS collects
network management information by exchanging information with the SNMP agents
using the basic SNMP commands. However, this way depends on device resources
heavily and an NMS operating in this way can only obtain four groups of
information (instead of all the information in the RMON MIB). The four groups
are alarm group, event group, history group and statistics group.
An S7500 series switch implements RMON in
the second way. With the embedded RMON agent, the S7500 series switch can serve
as a network device with the RMON probe function. Through the RMON-capable SNMP
agents running on the Ethernet switch, an NMS can obtain the information about
the total traffic, error statistics and performance statistics of the network
segments to which the ports of the managed network devices are connected. Thus,
the NMS can further manage the networks.
I. Event group
The event group is used to define the
indexes of events and the processing methods of the events. The events defined
in an event group are mainly used in alarm group and extended alarm group to
trigger alarms.
You can specify a network device to act in
one of the following ways in response to an event:
l
Logging the event
l
Sending trap messages to the NMS
l
Logging the event and sending trap messages to
the NMS
l
No processing
II. Alarm group
RMON alarm management enables monitors on
specific alarm variables (such as the statistics of a port). When the value of
a monitored variable exceeds the threshold, an alarm event is generated, which
triggers the network device to act in the set way. Events are defined in event
groups.
With an alarm entry defined in an alarm
group, a network device performs the following operations accordingly:
l
Sampling the defined alarm variables
(alarm-variable) once in each specified period (sampling-time)
l
Comparing the sampled value with the set
threshold and triggering the corresponding events if the sampled value exceeds
the threshold
III. Extended alarm group
With extended alarm entry, you can perform
operations on the samples of an alarm variable and then compare the operation
result with the set threshold, thus implement more flexible alarm functions.
With an extended alarm entry defined in an
extended alarm group, the network devices perform the following operations
accordingly:
l
Sampling the alarm variables referenced in the
defined extended alarm expressions once in each specified period
l
Performing operations on sampled values
according to the defined operation formulas
l
Comparing the operation result with the set
threshold and triggering corresponding events if the operation result exceeds
the threshold.
IV. History group
After a history group is configured, the
Ethernet switch collects network statistics information periodically and stores
the statistics information temporarily for later retrieval. A history group can
provide the history data of the statistics on network segment traffic, error
packets, broadcast packets, and bandwidth utilization.
With the history data management function,
you can configure network devices, such as collecting history data, collecting
the data of a specific port periodically and saving them.
V. Statistics group
Statistics group contains the statistics of
each monitored port on a network device. An entry in a statistics group is an
accumulated value counting from the time when the statistics group is created.
The statistics include the number of the
following items: collisions, packets with cyclic redundancy check (CRC) errors,
undersize (or oversize) packets, broadcast packets, multicast packets, and
received bytes and packets.
With the RMON statistics management
function, you can monitor the usage of a port and make statistics on the errors
occurred when the ports are being used.
Before performing RMON configuration, make
sure the SNMP agents are correctly configured. For the information about SNMP
agent configuration, refer to the “Configuring Basic SNMP
Functions” part in SNMP Configuration Operation Manual.
Table 2-1 Configure
RMON
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Add an event entry
|
rmon event event-entry [ description string
] { log | trap trap-community | log-trap
log-trapcommunity | none } [ owner text
]
|
Optional
|
|
Add an alarm entry
|
rmon alarm
entry-number alarm-variable sampling-time { delta
| absolute } rising threshold threshold-value1
event-entry1 falling threshold threshold-value2
event-entry2 [ owner text ]
|
Optional
Before adding an alarm entry, you need to
use the rmon event command to define the event referenced by the alarm
entry.
|
|
Add an extended alarm entry
|
rmon prialarm entry-number prialarm-formula prialarm-des sampling-timer { delta | absolute | changeratio } rising_threshold
threshold-value1 event-entry1 falling_threshold
threshold-value2 event-entry2 entrytype { forever | cycle
cycle-period } [ owner text ]
|
Optional
Before adding an extended alarm entry,
you need to use the rmon event command to define the event referenced
by the extended alarm entry.
|
|
Enter Ethernet port view
|
interface interface-type interface-number
|
—
|
|
Add a history entry
|
rmon history entry-number buckets number interval
sampling-interval [ owner text ]
|
Optional
|
|
Add a statistics entry
|
rmon statistics entry-number [ owner text ]
|
Optional
|
l
The rmon alarm and rmon prialarm
commands take effect on existing nodes only.
l
For each port, only one RMON statistics entry
can be created. That is, if an RMON statistics entry is already created for a
given port, creation of another entry with a different index for the same port
will not succeed.
After the above configuration, you can
execute the display command in any view to display the RMON running
status, and verify the effect of the configuration.
Table 2-2 Display RMON
|
Operation
|
Command
|
Description
|
|
Display RMON statistics
|
display rmon statistics [ interface-type interface-number ]
|
The display command can be
executed in any view
|
|
Display RMON history information
|
display rmon history [ interface-type interface-number ]
|
|
Display RMON alarm information
|
display rmon alarm [ entry-number ]
|
|
Display extended RMON alarm information
|
display rmon prialarm [ prialarm-entry-number ]
|
|
Display RMON events
|
display rmon event [ event-entry ]
|
|
Display RMON event logs
|
display rmon eventlog [ event-entry ]
|
I. Network requirements
l
Ensure that the SNMP agents are correctly
configured before performing RMON configuration.
l
The switch to be tested has a configuration
terminal connected to its console port and is connected to a remote NMS through
Internet. Create an entry in the Ethernet statistics table to make statistics
on the Ethernet port performance for network management.
II. Network diagram
Figure 2-1 Network diagram for RMON configuration
III. Configuration procedures
# Configure RMON.
<H3C> system-view
[H3C] interface Ethernet1/0/1
[H3C-Ethernet1/0/1] rmon statistics 1
owner user1-rmon
# View RMON configuration.
[H3C-Ethernet1/0/1] display rmon
statistics Ethernet1/0/1
Statistics entry 1 owned by
user1-rmon is VALID.
Interface :
Ethernet1/0/1<ifIndex.4227626>
etherStatsOctets :
0 , etherStatsPkts : 0
etherStatsBroadcastPkts :
0 , etherStatsMulticastPkts : 0
etherStatsUndersizePkts :
0 , etherStatsOversizePkts : 0
etherStatsFragments :
0 , etherStatsJabbers : 0
etherStatsCRCAlignErrors :
0 , etherStatsCollisions : 0
etherStatsDropEvents (insufficient
resources): 0
Packets received according to
length (etherStatsPktsXXXtoYYYOctets):
64 : 0 , 65-127 :
0 , 128-255 : 0
256-511: 0 , 512-1023:
0 , 1024-max: 0
