H3C S3100-52P Ethernet Switch Operation Manual-Release 1500(V1.02)

HomeSupportResource CenterSwitchesH3C S3100 Switch SeriesH3C S3100 Switch SeriesTechnical DocumentsConfigure & DeployConfiguration GuidesH3C S3100-52P Ethernet Switch Operation Manual-Release 1500(V1.02)
24-SNMP and RMON Operation
Title Size Download
24-SNMP and RMON Operation 162.24 KB

Chapter 1  SNMP Configuration

1.1  SNMP Overview

By far, the simple network management protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice. It is used for ensuring the transmission of the management information between any two network nodes. In this way, network administrators can easily retrieve and modify the information about any node on the network. In the meantime, they can locate faults promptly and implement the fault diagnosis, capacity planning and report generating.

As SNMP adopts the polling mechanism and only provides basic function set, it is suitable for small-sized networks with fast-speed and low-cost. SNMP is based on user datagram protocol (UDP) and is thus widely supported by many products.

1.1.1  SNMP Operation Mechanism

SNMP is implemented by two components, namely, network management station (NMS) and agent.

An NMS can be a workstation running client program. At present, the commonly used network management platforms include QuidView, Sun NetManager, IBM NetView, and so on.

Agent is server-side software running on network devices.

An NMS can send GetRequest, GetNextRequest and SetRequest messages to the agents. Upon receiving the requests from the NMS, an agent performs Read or Write operation according to the message types, generate the corresponding Response packets and return them to the NMS.

When a network device operates improperly or changes to other state, the agent on it can also send trap messages on its own initiative to the NMS to report the events.

1.1.2  SNMP Versions

Currently, SNMP agent on a network device supports SNMPv3, and is compatible with SNMPv1 and SNMPv2C.

SNMPv3 adopts user name and password authentication.

SNMPv1 and SNMPv2C adopt community name authentication. The SNMP packets containing invalid community names are discarded. SNMP community name is used to define the relationship between SNMP NMS and SNMP agent. Community name functions as password. It can limit accesses made by SNMP NMS to SNMP agent. You can perform the following community name-related configuration.

l           Specifying MIB view that a community can access.

l           Set the permission for a community to access an MIB object to be read-only or read-write. Communities with read-only permissions can only query device information, while those with read-write permission can configure devices as well.

l           Set the basic ACL specified by the community name.

1.1.3  Supported MIBs

An SNMP packet carries management variables with it. Management variable is used to describe the management objects of a device. To uniquely identify the management objects of the device, SNMP adopts a hierarchical naming scheme to organize the managed objects. It is like a tree, with each tree node representing a managed object, as shown in Figure 1-1. Each node in this tree can be uniquely identified by a path starting from the root.

Figure 1-1 Architecture of the MIB tree

The management information base (MIB) describes the hierarchical architecture of the tree and it is the set defined by the standard variables of the monitored network devices. In the above figure, the managed object B can be uniquely identified by a string of numbers {1.2.1.1}. The number string is the object identifier of the managed object.

The common MIBs supported by the system are listed in Table 1-1.

Table 1-1 Common MIBs

MIB attribute

MIB content

Related RFC

Public MIB

 MIB II based on TCP/IP network device

RFC1213

BRIDGE MIB

RFC1493

RFC2675

RIP MIB

RFC1724

RMON MIB

RFC2819

Ethernet MIB

RFC2665

OSPF MIB

RFC1253

IF MIB

RFC1573

Private MIB

DHCP MIB

QACL MIB

ADBM MIB

RSTP MIB

VLAN MIB

Device management

Interface management

 

1.2  Configuring Basic SNMP Functions

SNMPv3 configuration is quite different from that of SNMPv1 and SNMPv2C. Therefore, the configuration of basic SNMP functions is described by SNMP versions, as listed in Table 1-2 and Table 1-3.

Table 1-2 Configure basic SNMP functions (SNMPv1 and SNMPv2C)

Operation

Command

Description

Enter system view

system-view

Enable SNMP agent

snmp-agent

Optional

By default, SNMP agent is disabled.

You can enable SNMP agent by executing this command or any of the commands used to configure SNMP agent.

Set system information

snmp-agent sys-info { contact sys-contact | location sys-location | version { { v1 | v2c | v3 }* | all } }

Required

By default, the contact information for system maintenance is " Hangzhou H3C Technologies. Co.,Ltd.", the system location is "Hangzhou China", and the SNMP version is SNMPv3.

Set a community name and access permission

Direct configuration

Set a community name

snmp-agent community { read | write } community-name [ acl acl-number | mib-view view-name ]*

Required

l      You can set an SNMPv1/SNMPv2C community name through direct configuration.

l      Indirect configuration is compatible with SNMPv3. The added user is equal to the community name for SNMPv1 and SNMPv2C.

l      You can choose either of them as needed.

Indirect configuration

Set an SNMP group

snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]

Add a user to an SNMP group

snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]

Set the maximum SNMP packet size for SNMP agent

snmp-agent packet max-size byte-count

Optional

By default, the maximum SNMP packet size is 1,500 bytes.

Set the device engine ID

snmp-agent local-engineid engineid

Optional

By default, the device engine ID is formed by appending device information to the enterprise number.

Create/Update the view information

snmp-agent mib-view { included | excluded } view-name oid-tree

Optional

By default, the view name is “ViewDefault” and OID is 1.

 

Table 1-3 Configure basic SNMP functions (SNMP V3)

Operation

Command

Description

Enter system view

system-view

Enable SNMP agent

snmp-agent

Required

By default, SNMP Agent is disabled.

You can enable SNMP agent by executing this command or any of the commands used to configure SNMP agent.

Set system information

snmp-agent sys-info { contact sys-contact | location sys-location | version { { v1 | v2c | v3 }* | all } }

Optional

By default, the contact information for system maintenance is " Hangzhou H3C Technologies. Co.,Ltd.", the system location is "Hangzhou China", and the SNMP version is SNMPv3.

Set an SNMP group

snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]

Required

Add a user to an SNMP group

snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } auth-password [ privacy-mode des56 priv-password ] ] [ acl acl-number ]

Required

Set the maximum SNMP packet size for SNMP agent

snmp-agent packet max-size byte-count

Optional

By default, the maximum SNMP packet size is 1,500 bytes.

Set the device engine ID

snmp-agent local-engineid engineid

Optional

By default, the device engine ID is formed by appending device information to the enterprise number.

Create or update the view information

snmp-agent mib-view { included | excluded } view-name oid-tree

Optional

By default, the view name is “ViewDefault” and OID is 1.

 

&  Note:

An S3100-52P Ethernet switch acts as the following to prevent attacks through unused sockets.

l      Opening UDP port 161 (which is used by SNMP agents) and UDP port 1024 (which is used by SNMP-trap clients) only when SNMP is enabled.

l      Closing UDP port 161 and UDP port 1024 when SNMP is disabled.

This function is achieved in the following way.

l      Executing the snmp-agent command or any of the commands used to configure SNMP agent causes the SNMP agent being enabled and UDP port 161 and UDP port 1024 being opened.

l      Executing the undo snmp-agent command causes UDP port 161 and UDP port 1024 being closed as well.

 

1.3  Configuring Trap

Trap messages refer to those sent by managed devices to the NMS without request. They are used to report some urgent and important events (for example, the rebooting of managed devices).

1.3.1  Configuration Prerequisites

Basic SNMP configuration is performed.

1.3.2  Configuration Tasks

Table 1-4 Configure Trap

Operation

Command

Description

Enter system view

system-view

Enable the device to send Trap packets

snmp-agent trap enable [ configuration | flash | ospf [ process-id ] [ ospf-trap-list ] | standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system | vrrp [ authfailure | newmaster ] ]

Optional

By default, a port is enabled to send all types of Traps.

Enable the port to send Trap packets

Enter port view or interface view

interface interface-type interface-number

Enable the port or interface to send Trap packets

enable snmp trap updown

Quit to system view

quit

Set the destination for Trap packets

snmp-agent target-host trap address udp-domain { ip-address } [ udp-port port-number ] params securityname security-string [ v1 | v2c | v3 {authentication | privacy } ]

Required

Set the source address for Trap packets

snmp-agent trap source interface-type interface-number

Optional

Set the size of the queue used to hold the Traps to be sent to the destination host

snmp-agent trap queue-size size

Optional

The default is 100.

Set the aging time for Trap packets

snmp-agent trap life seconds

Optional

The default Trap packet aging time is 120 seconds.

 

1.4  Enabling Logging for Network Management

Table 1-5 Enable logging for network management

Operation

Command

Description

Enter system view

system-view

Enable logging for network management

snmp-agent log { set-operation | get-operation | all }

Optional;

By default, SNMP logging is disabled.

 

&  Note:

In the environment of a single device, use the display logbuffer command to view the log of the get and set operations requested by the NMS.

 

1.5  Displaying SNMP

After the above configuration, you can execute the display command in any view to view the running status of SNMP, and to verify the configuration.

Table 1-6 Display SNMP

Operation

Command

Description

Display the SNMP information about the current device

display snmp-agent sys-info [ contact | location | version ]*

These commands can be executed in any view.

Display SNMP packet statistics

display snmp-agent statistics

Display the engine ID of the current device

display snmp-agent { local-engineid | remote-engineid }

Display group information about the device

display snmp-agent group [ group-name ]

Display SNMP user information

display snmp-agent usm-user [ engineid engineid | username user-name | group group-name ]

Display Trap list information

display snmp-agent trap-list

Display the currently configured community name

display snmp-agent community [ read | write ]

Display the currently configured MIB view

display snmp-agent mib-view [ exclude | include | viewname view-name ]

 

1.6  SNMP Configuration Example

1.6.1  SNMP Configuration Example

I. Network requirements

l           An NMS and Switch A are connected through the Ethernet. The IP address of the NMS is 10.10.10.1 and that of the VLAN interface on Switch A is 10.10.10.2.

l           Perform the following configuration on Switch A: setting the community name and access permission, administrator ID, contact and switch location, and enabling the switch to sent trap packets.

II. Network diagram

Figure 1-2 Network diagram for SNMP configuration

III. Network procedure

# Set the community name, group name and user.

<H3C> system-view

[H3C] snmp-agent

[H3C] snmp-agent sys-info version all

[H3C] snmp-agent community write public

[H3C] snmp-agent mib-view include internet 1.3.6.1

[H3C] snmp-agent group v3 managev3group write-view internet

[H3C] snmp-agent usm-user v3 managev3user managev3group

# Set the VLAN-interface 2 as the interface used by NMS. Add port Ethernet1/0/2, which is to be used for network management, to VLAN 2. Set the IP address of VLAN-interface 2 as 10.10.10.2.

[H3C] vlan 2

[H3C-vlan2] port Ethernet 1/0/2

[H3C-vlan2] quit

[H3C] interface Vlan-interface 2

[H3C-Vlan-interface2] ip address 10.10.10.2 255.255.255.0

[H3C-Vlan-interface2] quit

# Enable the SNMP agent to send Trap packets to the NMS whose IP address is 10.10.10.1. The SNMP community name to be used is “public”.

[H3C] snmp-agent trap enable standard authentication

[H3C] snmp-agent trap enable standard coldstart

[H3C] snmp-agent trap enable standard linkup

[H3C] snmp-agent trap enable standard linkdown

[H3C] snmp-agent target-host trap address udp-domain 10.10.10.1 udp-port 5000 params securityname public

IV. Configuring the NMS

The S3100-52P Ethernet switch support H3C’s QuidView NMS. SNMPv3 adopts user name and password authentication. When you use H3C’s QuidView NMS, you need to set user names and choose the security level in [Quidview Authentication Parameter]. For each security level, you need to set authorization mode, authorization password, encryption mode, encryption password, and so on. In addition, you need to set timeout time and maximum retry times.

You can query and configure an Ethernet switch through the NMS. For more information, refer to the corresponding manuals of H3C’s NMS products.

 

&  Note:

Authentication-related configuration on an NMS must be consistent with that of the devices for the NMS to manage the devices successfully.

 


Chapter 2  RMON Configuration

2.1  Introduction to RMON

Remote monitoring (RMON) is a kind of management information base (MIB) defined by Internet Engineering Task Force (IETF). It is the most important enhancement made to MIB II standards. RMON is mainly used to monitor the data traffic across a network segment or even the entire network, and is currently a commonly used network management standard.

An RMON system comprises of two parts: the network management station (NMS) and the agents running on network devices. RMON agents operate on network monitors or network probes to collect and keep track of the statistics of the traffic across the network segments to which their ports connect, such as the total number of the packets on a network segment in a specific period of time and the total number of packets successfully sent to a specific host.

RMON is fully based on simple network management protocol (SNMP) architecture. As it is compatible with the current SNMP implementations, you can implement RMON without modifying the existing SNMP implementation. RMON enables SNMP to monitor remote network devices more effectively and actively, thus providing a satisfactory means of monitoring remote subnets. With RMON implemented, the communication traffic between NMS and agents can reduced, thus facilitating the management of large-scale internetworks.

2.1.1  Working Mechanism of RMON

RMON allows multiple monitors. It can collect data in the following two ways:

l           Using the dedicated RMON probes. When an RMON system operates in this way, the NMS directly obtains management information from the RMON probes and controls the network resources. In this case, all information in the RMON MIB can be obtained.

l           Embedding RMON agents into network devices (such as routers, switches and hubs) directly to make the latter capable of RMON probe functions. When an RMON system operates in this way, the NMS collects network management information by exchanging information with the SNMP agents using the basic SNMP commands. However, this way depends on device resources heavily and an NMS operating in this way can only obtain the information about these four groups (instead of all the information in the RMON MIB): alarm group, event group, history group, and statistics group.

An S3100-52P Ethernet switch implements RMON in the second way. With an RMON agent embedded in, an S3100-52P Ethernet switch can serve as a network device with the RMON probe function. Through the RMON-capable SNMP agents running on the Ethernet switch, an NMS can obtain the information about the total traffic, error statistics and performance statistics of the network segments to which the ports of the managed network devices are connected. Thus, the NMS can further manage the networks.

2.1.2  Commonly Used RMON Groups

I. Event group

Event group is used to define the indexes of events and the processing methods of the events. The events defined in an event group are mainly used by entries in the alarm group and extended alarm group to trigger alarms.

You can specify a network device to act in one of the following ways in response to an event:

l           Logging the event

l           Sending trap messages to the NMS

l           Logging the event and sending trap messages to the NMS

l           No processing

II. Alarm group

RMON alarm management enables monitoring on specific alarm variables (such as the statistics of a port). When the value of a monitored variable exceeds the threshold, an alarm event is generated, which triggers the network device to act in the preset way. Events are defined in event groups.

With an alarm entry defined in an alarm group, a network device performs the following operations accordingly:

l           Sampling the defined alarm variables periodically

l           Comparing the samples with the threshold and triggering the corresponding events if the former exceed the latter

III. Extended alarm group

With extended alarm entry, you can perform operations on the samples of alarm variables and then compare the operation results with the thresholds, thus implement more flexible alarm functions.

With an extended alarm entry defined in an extended alarm group, the network devices perform the following operations accordingly:

l           Sampling the alarm variables referenced in the defined extended alarm expressions periodically

l           Performing operations on the samples according to the defined expressions

l           Comparing the operation results with the thresholds and triggering corresponding events if the operation result exceeds the thresholds.

IV. History group

After a history group is configured, the Ethernet switch collects network statistics information periodically and stores the statistics information temporarily for later use. A history group can provide the history data of the statistics on network segment traffic, error packets, broadcast packets, and bandwidth utilization.

With the history data management function, you can configure network devices to collect history data, sample and store data of a specific port periodically.

V. Statistics group

Statistics group contains the statistics of each monitored port on a network device. An entry in a statistics group is an accumulated value counting from the time when the statistics group is created.

The statistics include the number of the following items: collisions, packets with cyclic redundancy check (CRC) errors, undersize (or oversize) packets, broadcast packets, multicast packets, and received bytes and packets.

With the RMON statistics management function, you can monitor the use of a port and make statistics on the errors occurred when the ports are being used.

2.2  RMON Configuration

2.2.1  Prerequisites

Before performing RMON configuration, make sure the SNMP agents are correctly configured. For the information about SNMP agent configuration, refer to section 1.2  Configuring Basic SNMP Functions”.

2.2.2  Configuring RMON

Table 2-1 Configure RMON

Operation

Command

Description

Enter system view

system-view

Add an event entry

rmon event event-entry [ description string ] { log | trap trap-community | log-trap log-trapcommunity | none } [ owner text ]

Optional

Add an alarm entry

rmon alarm entry-number alarm-variable sampling-time { delta | absolute } rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 [ owner text ]

Optional

Before adding an alarm entry, you need to use the rmon event command to define the event to be referenced by the alarm entry.

Add an extended alarm entry

rmon prialarm entry-number prialarm-formula prialarm-des sampling-timer { delta | absolute | changeratio } rising_threshold threshold-value1 event-entry1 falling_threshold threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ]

Optional

Before adding an extended alarm entry, you need to use the rmon event command to define the event to be referenced by the extended alarm entry.

Enter Ethernet port view

interface interface-type interface-number

Add a history entry

rmon history entry-number buckets number interval sampling-interval [ owner text ]

Optional

Add a statistics entry

rmon statistics entry-number [ owner text ]

Optional

 

&  Note:

l      The rmon alarm and rmon prialarm commands take effect on existing nodes only.

l      For each port, only one RMON statistics entry can be created. That is, if an RMON statistics entry is already created for a given port, you will fail to create another statistics entry with a different index for the same port.

 

2.3  Displaying RMON

After the above configuration, you can execute the display command in any view to display the RMON running status, and to verify the configuration.

Table 2-2 Display RMON

Operation

Command

Description

Display RMON statistics

display rmon statistics [ interface-type interface-number | unit unit-number ]

These commands can be executed in any view.

Display RMON history information

display rmon history [ interface-type interface-number | unit unit-number ]

Display RMON alarm information

display rmon alarm [ entry-number ]

Display extended RMON alarm information

display rmon prialarm [ prialarm-entry-number ]

Display RMON events

display rmon event [ event-entry ]

Display RMON event logs

display rmon eventlog [ event-entry ]

 

2.4  RMON Configuration Example

I. Network requirements

l           Ensure that the SNMP agents are correctly configured before performing RMON configuration.

l           The switch to be tested has a configuration terminal connected to its console port and is connected to a remote NMS through Internet. Create an entry in the Ethernet statistics table to generate statistics on the Ethernet port performance for network management.

II. Network diagram

Figure 2-1 Network diagram for RMON configuration

III. Configuration procedures

# Configure RMON.

<H3C> system-view

[H3C] interface Ethernet1/0/1

[H3C-Ethernet1/0/1] rmon statistics 1 owner user1-rmon

# View RMON configuration.

[H3C-Ethernet1/0/1] display rmon statistics Ethernet1/0/1

Statistics entry 1 owned by user1-rmon is VALID.

  Interface : Ethernet1/0/1<ifIndex.4227626>

  etherStatsOctets         : 0         , etherStatsPkts          : 0

  etherStatsBroadcastPkts  : 0         , etherStatsMulticastPkts : 0

  etherStatsUndersizePkts  : 0         , etherStatsOversizePkts  : 0

  etherStatsFragments      : 0         , etherStatsJabbers       : 0

  etherStatsCRCAlignErrors : 0         , etherStatsCollisions    : 0

  etherStatsDropEvents (insufficient resources): 0

  Packets received according to length:

  64     : 0         ,  65-127  : 0         ,  128-255  : 0

  256-511: 0         ,  512-1023: 0         ,  1024-1518: 0