Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-Device | 1.29 MB |
Contents
Device basic information configuration
Configuring idle timeout period
Displaying the electronic label
Generating the diagnostic information file
Displaying the current system time
Configuring system time manually
System time configuration example
Setting buffer capacity and refresh interval
Initializing the configuration
Setting operation parameters for a port
Viewing port operation parameters
Viewing an operation parameter of all ports
Viewing all operation parameters of a port
Port management configuration example
Introduction to port mirroring
Terminologies of port mirroring
Port mirroring classification and implementation
Configuring local port mirroring
Recommended configuration procedure
Configuring ports for a mirroring group
Local port mirroring configuration example
Switching to the management level
Monitoring port traffic statistics
Setting the traffic statistics generating interval
Viewing port traffic statistics
Setting the traffic statistics generating interval
Configuring a statistics entry
Displaying RMON statistics information
Displaying RMON history sampling information
Configuring energy saving on a port
Configuring SNMP trap function
Displaying SNMP packet statistics
SNMPv1/v2c configuration example
Displaying interface statistics
Configuring a management IP address
Overview
The device basic information feature provides the following functions:
· Set the system name of the device. The configured system name is displayed on the top of the navigation bar.
· Set the idle timeout period for logged-in users. When a logged-in user is idle for that period, the system logs the user out of the system for security purpose.
Configuring system name
1. Select Device > Basic from the navigation tree.
The page for configuring system name configuration appears.
Figure 1 Configure system name
2. Enter the system name.
Configuring idle timeout period
1. Select Device > Basic from the navigation tree.
2. Click the Web Idle Timeout tab.
The page for configuring idle timeout period appears.
Figure 2 Configure idle timeout period
3. Enter the idle timeout period for logged-in users.
4. Click Apply.
Rebooting the device
|
|
CAUTION: · Before rebooting the device, save the configuration; otherwise, all unsaved configuration will be lost after device reboot. · When the device reboots, you need to re-log in to the device. |
1. Select Device > Device Maintenance from the navigation tree
2. Click the Reboot tab.
The device reboot configuration page appears.
3. Clear the box before “Check whether the current configuration is saved in the next startup configuration file” or keep it selected.
4. Click Reboot.
A confirmation dialog box appears.
5. Click OK.
¡ If you select the box before “Check whether the current configuration is saved in the next startup configuration file”, the system checks the configuration before rebooting the device. If the check succeeds, the system reboots the device; if the check fails, the system displays a dialog box to inform you that the current configuration and the saved configuration are inconsistent, and does not reboot the device. In this case, you must save the current configuration manually before you can reboot the device.
¡ If you do not select the box, the system reboots the device directly.
Displaying the electronic label
Electronic label allows you to view information about the device electronic label, which is also known as the permanent configuration data or archive information. The information is written into the storage medium of a device or a card during the debugging and testing processes, and includes card name, product bar code, MAC address, debugging and testing date(s), manufacture name, and so on.
To view the electronic label:
1. Select Device > Device Maintenance from the navigation tree
2. Click the Electronic Label tab.
The electronic label page appears.
Generating the diagnostic information file
Each functional module has its own running information, and generally, you view the output information for each module one by one. To receive as much information as possible in one operation during daily maintenance or when system failure occurs, the diagnostic information module allows you to save the running statistics of multiple functional modules to a file named default.diag, and then you can locate problems faster by checking this file.
To generating the diagnostic information file:
1. Select Device > Device Maintenance from the navigation tree.
2. Click the Diagnostic Information tab.
The diagnostic information tab page appears.
Figure 5 Diagnostic information
3. Click Create Diagnostic Information File.
The system begins to generate a diagnostic information file, and after the file is generated, the page in Figure 6 appears.
Figure 6 The diagnostic information file is created
4. Click Click to Download.
The File Download dialog box appears. You can select to open this file or save this file to the local host.
|
|
NOTE: · The generation of the diagnostic file will take a period of time. During this process, do not perform any operation on the Web page. · After the diagnostic file is generated successfully, you can view this file by selecting Device > File Management, or downloading this file to the local host. For more information, see the chapter “File management.” |
System time overview
The system time module allows you to display and set the device system time on the Web interface. The device supports setting system time through manual configuration and automatic synchronization of NTP server time.
An administrator can by no means keep time synchronized among all the devices within a network by changing the system clock on each device, because this is a huge amount of workload and cannot guarantee the clock precision.
Defined in RFC 1305, the Network Time Protocol (NTP) synchronizes timekeeping among distributed time servers and clients. NTP allows quick clock synchronization within the entire network and ensures a high clock precision so that the devices can provide diverse applications based on the consistent time.
Displaying the current system time
1. Select Device > System Time from the navigation tree.
The system time configuration page appears.
Figure 7 System time configuration page
2. View the current system time.
Configuring system time manually
1. Select Device > System Time from the navigation tree.
The page in Figure 7 appears.
2. Click the System Time Configuration text to open a calendar, as shown Figure 8.
Figure 8 Calendar page
3. Modify the system time in the Time field, or select the date and time in the calendar.
You can perform the following operations on the calendar page:
a. Click Today. The date setting in the calendar is synchronized to the current local date configuration, and the time setting does not change.
b. Or select the year, month, date, and time, and then click OK.
4. Click Apply.
Configuring network time
1. Select Device > System Time from the navigation tree
2. Select the Net Time tab.
The network time configuration page appears.
Figure 9 Network time configuration page
3. Configure the system time parameters as described in Table 1.
4. Click Apply.
|
Item |
Description |
|
|
Clock status |
This field displays the synchronization status of the system clock. |
|
|
Source Interface |
Set the source interface for an NTP message. If you do not want the IP address of a certain interface on the local device to become the destination address of response messages, you can specify the source interface for NTP messages, so that the source IP address in the NTP messages is the primary IP address of this interface. If the specified source interface is down, the source IP address is the primary IP address of the egress interface. |
|
|
Key 1 |
Set NTP authentication key. The NTP authentication feature should be enabled for a system running NTP in a network where there is a high security demand. This feature enhances the network security by means of client-server key authentication, which prohibits a client from synchronizing with a device that has failed authentication. You can set two authentication keys, each of which is composed of a key ID and key string. · ID is the ID of a key. · Key string is a character string for MD5 authentication key. |
|
|
Key 2 |
||
|
External Reference Source |
NTP Server 1/Reference Key ID |
Specify the IP address of an NTP server, and configure the authentication key ID used for the association with the NTP server. Only if the key provided by the server is the same with the specified key will the device synchronize its time to the NTP server. You can configure two NTP servers. The clients will choose the optimal reference source.
The IP address of an NTP server is a unicast address, and cannot be a broadcast or a multicast address, or the IP address of the local clock source. |
|
NTP Server 2/Reference Key ID |
||
|
TimeZone |
Set the time zone for the system. |
|
System time configuration example
Network requirements
· As shown in Figure 10, the local clock of Device A is set as the reference clock.
· Switch B works in the client mode, and uses Device A as the NTP server.
· Configure NTP authentication on Device A and Switch B.
Configuring Device A
Configure the local clock as the reference clock, with the stratum of 2. Enable NTP authentication, set the key ID to 24, and specify the created authentication key aNiceKey is a trusted key. (Details not shown)
Configuring Switch B
To configure Device A as the NTP server of Switch B:
1. Select Device > System Time from the navigation tree.
2. Click the Net Time tab.
The page for configuring network time appears.
Figure 11 Configure Device A as the NTP server of Switch B
3. Enter 24 in the ID field, type aNiceKey in the Key String field for key 1.
4. Enter 1.0.1.11 in the NTP Server 1 field and enter 24 in the Reference Key ID field.
5. Click Apply.
Verifying the configuration
After the above configuration, you can see that the current system time on Device A is the same as that on Switch B.
Configuration guidelines
When you configure system time, follow these guidelines:
· A device can act as a server to synchronize the clock of other devices only after its clock has been synchronized. If the clock of a server has a stratum level higher than or equal to that of a client’s clock, the client will not synchronize its clock to the server’s.
· The synchronization process takes a period of time. Therefore, the clock status may be unsynchronized after your configuration. In this case, you can refresh the page to view the clock status and system time later on.
Overview
System logs contain a large amount of network and device information, including running status and configuration changes. System logs are an important way for administrators to know network and device status. With system log information, administrators can take corresponding actions against network problems and security problems.
System logs can be stored in the log buffer, or sent to the loghost.
Displaying syslog
The web interface provides abundant search and sorting functions. You can view syslogs through the web interface conveniently.
To display syslog:
1. Select Device > Syslog from the navigation tree.
The syslog display page appears.
2. View system logs.
Table 2 Field description
|
Field |
Description |
|
Time/Date |
Displays the time/date when system logs are generated. |
|
Source |
Displays the module that generates system logs. |
|
Level |
Displays the severity level of system logs. For the detailed description of the severity levels, see Table 3. |
|
Digest |
Displays the brief description of system logs |
|
Description |
Displays the contents of system logs. |
Table 3 System logs severity level
|
Severity level |
Description |
Value |
|
Emergency |
The system is unavailable. |
0 |
|
Alert |
Information that demands prompt reaction |
1 |
|
Critical |
Critical information |
2 |
|
Error |
Error information |
3 |
|
Warning |
Warnings |
4 |
|
Notification |
Normal information that needs to be noticed |
5 |
|
Informational |
Informational information to be recorded |
6 |
|
Debugging |
Information generated during debugging |
7 |
|
Note: A smaller value represents a higher severity level. |
||
Setting the log host
You can set the loghost on the web interface to enable the system to output syslogs to the log host. You can specify at most four different log hosts.
To set the log host:
1. Select Device > Syslog from the navigation tree.
2. Click the Loghost tab.
The loghost configuration page appears.
3. Set the log host as described in Table 4.
4. Click Apply.
|
Item |
Description |
|
IPv4/IPv6 |
Set the IPv4 or IPv6 address of the loghost and select the VPN instance name of the VPN to which the flow logging server belongs. (You can specify a VPN instance name only when you provide an IPv4 address.) You can specify up to four loghosts. |
|
Loghost IP |
Setting buffer capacity and refresh interval
1. Select Device > Syslog from the navigation tree.
2. Click the Log Setup tab.
The syslog configuration page appears.
Figure 14 Syslog configuration page
3. Configure buffer capacity and refresh interval as described in Table 5.
4. Click Apply.
|
Item |
Description |
|
Buffer Capacity |
Set the number of logs that can be stored in the log buffer of the web interface. |
|
Refresh Interval |
Set the refresh period on the log information displayed on the Web interface. You can select manual refresh or automatic refresh: · Manual: You need to click Refresh to refresh the web interface when displaying log information. · Automatic: You can select to refresh the web interface every 1 minute, 5 minutes, or 10 minutes. |
Backing up the configuration
Configuration backup provides the following functions:
· Open and view the configuration file (.cfg file or .xml file) for the next startup.
· Back up the configuration file (.cfg file or .xml file) for the next startup to the host of the current user.
To back up the configuration:
1. Select Device > Configuration from the navigation tree.
The backup configuration page appears.
Figure 15 Backup configuration page
2. Click the upper Backup button.
A file download dialog box appears. You can select to view the .cfg file or to save the file locally.
3. Click the lower Backup button.
A file download dialog box appears. You can select to view the .xml file or to save the file locally.
Restoring the configuration
Configuration restore provides the following functions:
· Upload the .cfg file on the host of the current user to the device for the next startup.
· Upload the .xml file on the host of the current user to the device for the next startup, and delete the previous .xml configuration file that was used for the next startup.
To restore the configuration:
1. Select Device > Configuration from the navigation tree.
2. Click the Restore tab.
The configuration restore page appears.
Figure 16 Configuration restore page
3. Click the upper Browse button.
A file upload dialog box appears. You can select the .cfg file to be uploaded.
4. Click the lower Browse button.
A file upload dialog box appears. You can select the .xml file to be uploaded.
5. Click Apply.
Saving the configuration
|
|
CAUTION: · The system does not support the operation of saving configuration of two or more consecutive users. If such a case occurs, the system prompts the latter users to try later. · Saving the configuration takes a period of time. |
The save configuration module provides the function to save the current configuration to the configuration file (.cfg file or .xml file) to be used at the next startup. You can save the configuration in one of the following ways:
Fast
Click the Save button at the upper right of the auxiliary area, and you can save the configuration to the configuration file.
Figure 17 Save configuration confirmation
Common
1. Select Device > Configuration from the navigation tree.
2. Click the Save tab.
The page in Figure 17 appears.
3. Click Save Current Settings.
Initializing the configuration
This operation will restore the system to factory defaults, delete the current configuration file, and reboot the device.
To initialize the configuration
1. Select Device > Configuration from the navigation tree.
2. Click the Initialize tab.
The initialize confirmation page appears.
Figure 18 Initialize confirmation dialog box
3. Click Restore Factory-D to restore the system to factory defaults.
File management overview
The device saves useful files (such as host software, configuration file) into the storage device, and the system provides the file management function for the users to manage those files conveniently and effectively.
Displaying file list
1. Select Device > File Management from the navigation tree.
The file management page appears.
2. Select a disk from the Please select disk list on the top of the page.
3. View the used space, free space and capacity of the disk at the right of the list.
4. View all files saved in this disk (in the format of path + filename), file sizes, and the boot file types (Main or Backup is displayed if the file is an application file, that is, with the extension of .bin or .app).
Downloading a file
1. Select Device > File Management from the navigation tree.
The page in Figure 19 appears.
2. Select a file from the list.
You can select one file at a time.
3. Click Download File.
The File Download dialog box appears.
4. Open the file or to save the file to a specified path.
Uploading a file
|
|
NOTE: Uploading a file takes some time. You are recommended not to perform any operation on the web interface during the upgrading procedure. |
1. Select Device > File Management from the navigation tree.
2. The page in Figure 19 appears.
3. Select the disk to save the file in the Upload File box.
4. Click Browse to set the patch and name of the file.
5. Click Apply.
Removing a file
1. Select Device > File Management from the navigation tree.
2. The page in Figure 19 appears.
3. Remove one or multiple files from the file list.
4. Click Remove File.
|
|
NOTE: You can also remove a file by clicking the |
Port management configuration
Overview
You can use the port management feature to set and view the operation parameters of a Layer 2 Ethernet port or an aggregate interface.
· For a Layer 2 Ethernet port, these operation parameters include port state, speed, duplex mode, link type, PVID, MDI mode, flow control settings, power save mode, MAC learning limit, and storm suppression ratios.
· For an aggregate interface, these operation parameters include port state and MAC learning limit.
Setting operation parameters for a port
1. Select Device > Port Management from the navigation tree.
2. Click the Setup tab.
The Setup tab page appears.
3. Configure port operation parameters as described in Table 6.
4. Click Apply.
Table 6 Port configuration items
|
Item |
Description |
|
Port State |
Enable or disable the port. Sometimes, after you modify the operation parameters of a port, you need to disable and then enable the port to have the modifications take effect. |
|
Speed |
Set the transmission rate of the port. Available options include: · 10: 10 Mbps · 100: 100 Mbps · 1000: 1000 Mbps · Auto: auto-negotiation · Auto 10: auto-negotiated to 10 Mbps · Auto 100: auto-negotiated to 100 Mbps · Auto 1000: auto-negotiated to 1000 Mbps · Auto 10 100: auto-negotiated to 10 or 100 Mbps · Auto 10 1000: auto-negotiated to 10 or 1000 Mbps · Auto 100 1000: auto-negotiated to 100 or 1000 Mbps · Auto 10 100 1000: auto-negotiated to 10, 100, or 1000 Mbps |
|
Duplex |
Set the duplex mode of the port. · Auto: auto-negotiation · Full: full duplex · Half: half duplex |
|
Link Type |
Set the link type of the current port, which can be access, hybrid, or trunk. For more information, see the chapter “VLAN configuration.”
To change the link type of a port from trunk to hybrid or vice versa, you must first set its link type to access. |
|
PVID |
Set the default VLAN ID of the interface. For more information about setting the PVID, see the chapter “VLAN configuration.”
To make sure a link properly transmits packets, the trunk or hybrid ports at the two ends of the link must have the same PVID. |
|
MDI |
Set the Medium Dependent Interface (MDI) mode of the port. Two types of Ethernet cables can be used to connect Ethernet devices: crossover cable and straight-through cable. To accommodate these two types of cables, an Ethernet port can operate in one of the following three MDI modes: across, normal, and auto. An Ethernet port is composed of eight pins. By default, each pin has its particular role. For example, pin 1 and pin 2 are used for transmitting signals; pin 3 and pin 6 are used for receiving signals. You can change the pin roles by setting the MDI mode. · For an Ethernet port in across mode, pin 1 and pin 2 are used for transmitting signals; pin 3 and pin 6 are used for receiving signals. The pin roles are not changed. · For an Ethernet port in auto mode, the pin roles are decided through auto negotiation. · For an Ethernet port in normal mode, the pin roles are changed. Pin 1 and pin 2 are used for receiving signals; pin 3 and pin 6 are used for transmitting signals. To enable normal communication, you must connect the local transmit pins to the remote receive pins. Therefore, you should configure the MDI mode depending on the cable types. · Normally, the auto mode is recommended. The other two modes are used only when the device cannot determine the cable type. · When straight-through cables are used, the local MDI mode must be different from the remote MDI mode. · When crossover cables are used, the local MDI mode must be the same as the remote MDI mode, or the MDI mode of at least one end must be set to auto. |
|
Flow Control |
Enable or disable flow control on the port. With flow control enabled at both sides, when traffic congestion occurs on the ingress port, the ingress port will send a Pause frame notifying the egress port to temporarily suspend the sending of packets. The egress port is expected to stop sending any new packet when it receives the Pause frame. In this way, flow control helps to avoid dropping of packets.
Flow control works only after it is enabled on both the ingress and egress ports. |
|
Power Save |
Enable or disable auto power down on the port. With auto power down enabled, when an Ethernet port does not receive any packet for a certain period of time, it automatically enters the power save mode and resumes its normal state upon the arrival of a packet. |
|
Max MAC Count |
Set the MAC learning limit on the port. Available options include: · User Defined: Select this option to set the limit manually. · No Limited: Select this option to set no limit. |
|
Broadcast Suppression |
Set broadcast suppression on the port. You can suppress broadcast traffic by percentage or by PPS as follows: · ratio: Sets the maximum percentage of broadcast traffic to the total bandwidth of an Ethernet port. When this option is selected, you need to input a percentage in the box below. · pps: Sets the maximum number of broadcast packets that can be forwarded on an Ethernet port per second. When this option is selected, you need to input a number in the box below. · kbps: Sets the maximum number of kilobits of broadcast traffic that can be forwarded on an Ethernet port per second. When this option is selected, you need to input a number in the box below.
Do not configure this item if the storm constrain function for broadcast traffic is enabled on the port. Otherwise, the suppression result will be unpredictable. To set storm constrain for broadcast traffic on a port, select Device > Storm Constrain. |
|
Multicast Suppression |
Set multicast suppression on the port. You can suppress multicast traffic by percentage or by PPS as follows: · ratio: Sets the maximum percentage of multicast traffic to the total bandwidth of an Ethernet port. When this option is selected, you need to input a percentage in the box below. · pps: Sets the maximum number of multicast packets that can be forwarded on an Ethernet port per second. When this option is selected, you need to input a number in the box below. · kbps: Sets the maximum number of kilobits of multicast traffic that can be forwarded on an Ethernet port per second. When this option is selected, you need to input a number in the box below.
Do not configure this item if the storm constrain function for multicast traffic is enabled on the port. Otherwise, the suppression result will be unpredictable. To set storm constrain for multicast traffic on a port, select Device > Storm Constrain. |
|
Unicast Suppression |
Set unicast suppression on the port. You can suppress unicast traffic by percentage or by PPS as follows: · ratio: Sets the maximum percentage of unicast traffic to the total bandwidth of an Ethernet port. When this option is selected, you need to input a percentage in the box below. · pps: Sets the maximum number of unicast packets that can be forwarded on an Ethernet port per second. When this option is selected, you need to input a number in the box below. · kbps: Sets the maximum number of kilobits of unicast traffic that can be forwarded on an Ethernet port per second. When this option is selected, you need to input a number in the box below.
· Support for this configuration item and the suppression options varies with device models. · Do not configure this item if the storm constrain function for unicast traffic is enabled on the port. Otherwise, the suppression result will be unpredictable. To set storm constrain for unicast traffic on a port, select Device > Storm Constrain. |
|
Selected Ports |
Interface or interfaces that you have selected from the chassis front panel and the aggregate interface list below, for which you have set operation parameters
You can set only the state and MAC learning limit for an aggregate interface. |
Viewing port operation parameters
Viewing an operation parameter of all ports
1. Select Device > Port Management from the navigation tree.
The Summary tab appears.
2. Select the parameter you want to view by clicking the radio button before it.
The lower part of the page displays the setting of this parameter for all the ports.
Viewing all operation parameters of a port
1. Select Device > Port Management from the navigation tree.
2. Click the Details tab.
3. Click the port whose operation parameters you want to view in the chassis front panel.
The lower part of the page displays all operation parameters of the selected port. Values inside the square brackets are the actual values of the selected port.
Port management configuration example
Network requirements
As shown in Figure 23:
· Server A, Server B, and Server C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 or the switch respectively. The rates of the network adapters of these servers are all 1000 Mbps.
· The switch connects to the external network through GigabitEthernet 1/0/4 whose rate is 1000 Mbps.
· To avoid congestion at the egress port, GigabitEthernet 1/0/4, configure the auto-negotiation rate range on GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 as 100 Mbps.
Figure 23 Network diagram for port rate configuration
Configuration procedure
1. Set the rate of GigabitEthernet 1/0/4 to 1000 Mbps.
a. Select Device > Port Management from the navigation tree.
b. Click the Setup tab.
The page in Figure 24 appears.
c. Select 1000 in the Speed list and select GE1/0/4 on the chassis front panel.
d. Click Apply.
Figure 24 Configure the rate of GigabitEthernet 1/0/4
2. Batch configure the auto-negotiation rate range on GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 as 100 Mbps.
a. Select Auto 100 in the Speed list.
The page in Figure 25 appears.
b. Select GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 on the chassis front panel.
c. Click Apply.
Figure 25 Batch configure port rate
3. Display the rate settings of ports.
a. Click the Summary tab.
b. Select the Speed option.
The lower part of the page displays the rate information of all ports.
Figure 26 Display the rate settings of ports
Port mirroring configuration
Introduction to port mirroring
Port mirroring refers to the process of copying the packets passing through a port to the monitor port connecting to a monitoring device for packet analysis.
Terminologies of port mirroring
Mirroring source
The mirroring source can be one or more monitored ports, called source ports, and the device where the ports resides is called a “source device”. Packets (called “mirrored packets”) passing through them are copied to a port connecting to a monitoring device for packet analysis.
Mirroring destination
The mirroring destination is the destination port (also known as the monitor port) of mirrored packets and connects to the data monitoring device. The device where the monitor port resides is called the “destination device”. The monitor port forwards mirrored packets to its connecting monitoring device.
|
|
NOTE: A monitor port may receive multiple duplicates of a packet in some cases because it can monitor multiple mirroring sources. For example, assume that Port 1 is monitoring bidirectional traffic on Port 2 and Port 3 on the same device. If a packet travels from Port 2 to Port 3, two duplicates of the packet will be received on Port 1. |
Mirroring direction
The mirroring direction indicates that the inbound, outbound, or bidirectional traffic can be copied on a mirroring source.
· Inbound: Copies packets received on a mirroring source.
· Outbound: Copies packets sent out a mirroring source.
· Bidirectional: Copies packets both received and sent on a mirroring source.
Port mirroring classification and implementation
According to the locations of the mirroring source and the mirroring destination, port mirroring falls into local port mirroring and remote port mirroring.
|
|
NOTE: The switching engine on a WX3000E wireless switch only supports local port mirroring. |
In local port mirroring, the mirroring source and the mirroring destination are on the same device. A mirroring group that contains the mirroring source and the mirroring destination on the device is called a “local mirroring group.”
Figure 27 Local port mirroring implementation
Configuring local port mirroring
Recommended configuration procedure
|
Task |
Remarks |
|
1. Create a local mirroring group |
Required. For more information, see “Creating a mirroring group.” You must select the mirroring group type local from the Type list. |
|
2. Configure the mirroring ports |
Required. For more information, see “Configuring ports for a mirroring group.” During configuration, you need to select the port type Mirror Port. You can configure multiple mirroring ports for a mirroring group. |
|
3. Configure the monitor port |
Required. For more information, see “Configuring ports for a mirroring group.” During configuration, you need to select the port type Monitor Port. You can configure one only monitor port for a mirroring group. |
Creating a mirroring group
1. Select Device > Port Mirroring from the navigation tree.
2. Click Create to enter the page for creating a mirroring group, as shown in Figure 28.
Figure 28 Create a mirroring group
3. Create the mirroring group, as described in Table 7.
4. Click Apply.
|
Item |
Description |
|
Mirroring Group ID |
ID of the mirroring group to be created The range of the mirroring group ID varies with devices. |
|
Type |
Specify the type of the mirroring group to be created: · Local: Creates a local mirroring group. · Remote Source: Creates a remote source mirroring group. · Remote Destination: Creates a remote destination mirroring group. Support for mirroring group types depends on your device model. |
Configuring ports for a mirroring group
1. Select Device > Port Mirroring from the navigation tree.
2. Click Modify Port to enter the page for configuring ports for a mirroring group, as shown in Figure 29.
3. Configure ports for a mirroring group, as described in Table 7.
4. Click Apply.
The configuration progress dialog box appears.
5. After the success notification appears, click Close.
|
Item |
Description |
|
|
Mirroring Group ID |
ID of the mirroring group to be configured The available groups were created previously. · Select a Local mirroring group ID to configure ports for the local mirroring group. · Select a Remote Source mirroring group ID to configure ports for a remote source mirroring group. · Select a Remote Destination mirroring group ID to configure ports for a remote destination mirroring group. |
|
|
Port Type |
Set the type of the port to be configured |
Configure ports for a local mirroring group: · Monitor Port: Configures the monitor ports for the local mirroring group. · Mirror Port: Configures mirroring ports for the local mirroring group. |
|
Configure a remote source mirroring group in approach I: · Mirror Port: Configures mirroring ports for the remote source mirroring group. |
||
|
Configure a remote source mirroring group in approach II: · Mirror Port: Configures mirroring ports for the remote source mirroring group. · Reflector Port: Configures the reflector port for the remote source mirroring group. |
||
|
Configure a remote source mirroring group in approach III: · Mirror Port: Configures mirroring ports for the remote source mirroring group. · Egress Port: Configures the egress port for the remote source mirroring group. |
||
|
Configure a remote destination mirroring group · Monitor Port: Configures the monitor port for the remote destination mirroring group. |
||
|
Stream Orientation |
Set the direction of the traffic monitored by the monitor port of the mirroring group This configuration item is available when Mirror Port is selected is the Port Type list. · both: Mirrors both received and sent packets on mirroring ports. · inbound: Mirrors only packets received by mirroring port. · outbound: Mirrors only packets sent by mirroring ports. |
|
|
Select port(s) |
Click the ports to be configured on the chassis front panel. If aggregate interfaces are configured on the device, the page displays a list of aggregate interfaces below the chassis front panel. You can select aggregate interfaces from this list and configure them as mirroring ports of a port mirroring group. |
|
Local port mirroring configuration example
Network requirements
As shown in Figure 30, the customer network is as described below:
· Department 1 accesses Switch C through GigabitEthernet 1/0/1.
· Department 2 accesses Switch C through GigabitEthernet 1/0/2.
· Server is connected to GigabitEthernet 1/0/3 of Switch C.
Configure port mirroring to monitor the bidirectional traffic of Department 1 and Department 2 on the server.
To satisfy the above requirement through local port mirroring, perform the following configuration on Switch C:
· Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as mirroring ports.
· Configure GigabitEthernet 1/0/3 as the monitor port.
Configuring local port mirroring
1. Create a local mirroring group:
a. Select Device > Port Mirroring from the navigation tree.
b. Click Create to enter the page for creating mirroring groups, as shown in Figure 31.
c. Enter 1 for the mirroring group ID.
d. Select Local from the Type list.
e. Click Apply.
Figure 31 Create a local mirroring group
2. Configure the mirroring ports:
a. Click Modify Port to enter the page for configuring ports for the mirroring group, as shown in Figure 32.
b. Select 1 – Local from the Mirroring Group ID list.
c. Select Mirror Port from the Port Type list.
d. Select both from the Stream Orientation list.
e. Select GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 on the chassis front panel.
f. Click Apply.
A configuration progress dialog box appears.
g. After the success notification appears, click Close.
Figure 32 Configure the mirroring ports
3. Configure the monitor port:
a. Click Modify Port to enter the page for configuring ports for the mirroring group, as shown in Figure 33.
b. Select 1 – Local from the Mirroring Group ID list.
c. Select Monitor Port from the Port Type list.
d. Select GigabitEthernet 1/0/3 on the chassis front panel.
e. Click Apply.
A configuration progress dialog box appears.
f. After the success notification appears, click Close.
Figure 33 Configure the monitor port
Configuration guidelines
When you configure local port mirroring, follow these guidelines:
· Depending on the device model, you can configure Layer 2 Ethernet ports as mirroring ports and monitor ports.
· Do not enable STP, MSTP, or RSTP on the monitor port.
· You can configure multiple mirroring ports but only one monitor port for a local mirroring group.
· A port can be assigned to only one mirroring group.
Overview
In the user management part, you can:
· Set the username and password, access level, and service type for a local user.
· Set the super password for switching the current Web user level to the management level.
· Switch the current Web user access level to the management level.
Creating a user
1. Select Device > Users from the navigation tree.
2. Click the Create tab.
The page for creating local users appears.
3. Click Apply.
|
Item |
Description |
|
Username |
Set the username for a user. |
|
Access Level |
Set the access level for a user. Users of different levels can perform different operations. Web user levels, from low to high, are visitor, monitor, configure, and management. · Visitor: Users of visitor level can use the network diagnostic tool ping and trace route. They can neither access the device data nor configure the device. · Monitor: Users of this level can only access the device data but cannot configure the device. · Configure: Users of this level can access data on the device and configure the device, but they cannot upgrade the host software, add/delete/modify users, or back up/restore the application file. · Management: Users of this level can perform any operations on the device. |
|
Password |
Set the password for a user. |
|
Confirm Password |
Input the same password again. Otherwise, the system prompts that the two passwords input are not consistent when you apply the configuration. |
|
Service Type |
Set the service type, including FTP and Telnet services. You must select either of them.
To log in through the web interface, you need to select telnet as the service type. |
Setting the super password
In this part, users of the management level can specify the password for a lower-level user to switch from the current access level to the management level. If no such a password is configured, the switchover will fail.
1. Select Device > Users from the navigation tree.
2. Click the Super Password tab.
The super password configuration page appears.
Figure 35 Super password
3. Set the super password as described in Table 10.
4. Click Apply.
|
Item |
Description |
|
Create/Remove |
Set the operation type: · Create: Configure or modify the super password. · Remove: Remove the current super password. |
|
Password |
Set the password for a user to switch to the management level. |
|
Confirm Password |
Input the same password again. Otherwise, the system prompts that the two passwords input are not consistent when you apply the configuration. |
|
Password Display Mode |
Set the password display mode. · Simple: The password will be saved in the configuration file in plain text. · Cipher: The password will be saved in the configuration file in cipher text. The plaintext password is not safe, and you are recommended to use the ciphertext password. |
Switching to the management level
This function enables a user to switch to the management level. A user must provide the correct password to switch to the management level.
The access level switchover of a user is valid for the current login only. The access level configured for the user is not changed. When the user re-logs in to the Web interface, the access level of the user is still the original level.
To switch to the management level:
1. Select Device > Users from the navigation tree.
2. Click the Switch To Management tab.
The page for switching the user access level appears.
Figure 36 Switch to the management level.
3. Enter the super password.
4. Click Login.
Overview
You can check whether an Ethernet port works normally by performing the Ethernet port loopback test, during which the port cannot forward data packets normally.
Ethernet port loopback test can be an internal loopback test or an external loopback test.
· In an internal loopback test, self loop is established in the switching chip to check whether there is a chip failure related to the functions of the port.
· In an external loopback test, a loopback plug is used on the port. Packets forwarded by the port will be received by itself through the loopback plug. The external loopback test can be used to check whether there is a hardware failure on the port.
Loopback test operation
1. Select Device > Loopback from the navigation tree to enter the loopback test configuration page, as shown in Figure 37.
Figure 37 Loopback test configuration page
2. Select a testing type.
3. Select an Ethernet interface on the chassis front panel.
4. Click Test.
After the test is complete, view the test result in the Result area.
Figure 38 Loopback test result
Configuration guidelines
Note the following when performing a loopback test:
· You can perform an internal loopback test but not an external loopback test on a port that is physically down, while you can perform neither test on a port that is manually shut down.
· The system does not allow Rate, Duplex, Cable Type and Port Status configuration on a port under a loopback test.
· An Ethernet port works in full duplex mode when the loopback test is performed, and restores its original duplex mode after the loopback test.
Overview
|
|
NOTE: · The optical interface of a Combo port does not support this feature. · A link in the up state goes down and then up automatically if you perform this operation on one of the Ethernet interfaces forming the link. |
You can use the Virtual Cable Test (VCT) function to check the status of the cable connected to an Ethernet port on the device. The result is returned in less than 5 seconds. The test covers whether short circuit or open circuit occurs on the cable and the length of the faulty cable.
Testing cable status
1. Select Device > VCT from the navigation tree to enter the page for testing cable status.
2. Select the port you want to test in the chassis front panel.
3. Click Test.
The test result is returned in less than 5 seconds.
View the test result in the Result area, as shown in Figure 39.
Figure 39 Test the status of the cable connected to an Ethernet port
|
|
NOTE: The status of a cable can be normal, abnormal, abnormal (open), abnormal (short), or failure. · When a cable is normal, the cable length displayed is the total length of the cable. · When a cable is not normal, the cable length displayed is the length of the cable between the current port and the location where fault occurs. · The error of the length detected is within 5 meters. |
Flow interval configuration
Overview
With the flow interval module, you can view the number of packets and bytes sent/received by a port over the specified interval.
Monitoring port traffic statistics
Setting the traffic statistics generating interval
1. Select Device > Flow interval from the navigation tree.
2. Click the Interval Configuration tab to enter the page shown in Figure 40.
Figure 40 The page for setting the traffic statistics generating interval
3. Set the interval for generating traffic statistics.
4. Click Apply.
|
Item |
Remarks |
|
Interval for generating traffic statistics |
Set the interval for generating port traffic statistics. |
|
Select ports |
Select ports from the chassis front panel to apply the interval to them. |
Viewing port traffic statistics
1. Select Device > Flow interval from the navigation tree.
By default, the Port Traffic Statistics tab is displayed, as shown in Figure 41.
2. On the tab, view the number of packets and bytes sent/received by each port over the last interval.
Figure 41 Port traffic statistics
Storm constrain configuration
Overview
The storm constrain function limits traffic of a port within a predefined upper threshold to suppress packet storms in an Ethernet. With this function enabled on a port, the system detects the amount of broadcast traffic, multicast traffic, and unicast traffic reaching the port periodically. When a type of traffic exceeds the threshold for it, the function, as configured, blocks or shuts down the port, and optionally, sends trap messages and logs.
|
|
CAUTION: Alternatively, you can configure the storm suppression function to control a specific type of traffic. As the storm suppression function and the storm constrain function are mutually exclusive, do not enable them at the same time on an Ethernet port. For example, with broadcast storm suppression enabled on a port, do not enable storm constrain for broadcast traffic on the port. The storm suppression function is configured in Device > Port Management. For more information, see the chapter “Port management configuration.” |
· Block: Blocks the port. The port is blocked and stops forwarding the traffic of this type until the type of traffic drops down below the lower threshold. Note that a port blocked by the storm constrain function can still forward other types of traffic and collect statistics for the blocked traffic.
· Shutdown: Shuts down the port. The port is shut down and stops forwarding all types of traffic. To bring up the port, select Device > Port Management to configure the port, or cancel the storm constrain setting on the port.
Configuring storm constrain
Setting the traffic statistics generating interval
|
|
NOTE: · The traffic statistics generating interval set here is the interval used by the storm constrain function for measuring traffic against the traffic thresholds. It is different from the interval set in the flow interval module, which is used for measuring the average traffic sending and receiving rates over a specific interval. · For network stability sake, set the traffic statistics generating interval for the storm constrain function to the default or a greater value. |
1. Select Device > Storm Constrain from the navigation tree to enter the page shown in Figure 42.
2. In the Interval for generating traffic statistics field, enter the traffic statistics generating interval for storm constrain.
3. Click Apply.
Figure 42 The Storm Constrain tab
Configuring storm constrain
1. Select Device > Storm Constrain from the navigation tree to enter the page shown in Figure 42.
In the Port Storm Constrain area, the configured port storm constrain settings are displayed.
2. Click Add to enter the page for adding port storm constrain configuration, as shown in Figure 43.
Figure 43 Add storm constrain settings for ports
3. Configure the storm constrain function.
4. Click Apply.
|
Item |
Remarks |
|
Control Mode |
Specify the action to be performed when a type of traffic exceeds the upper threshold. Available options include: · None: Performs no action. · Block: Blocks the traffic of this type on a port when the type of traffic exceeds the upper threshold. · Shutdown: Shuts down the port when a type of traffic exceeds the traffic threshold. The port stops forwarding traffic as a result.
The storm constrain function, after being enabled, requires a full traffic statistics generating interval (in seconds) to collect traffic data, and analyzes the data in the next interval. It is normal that a period longer than one traffic statistics generating interval is waited for a control action to happen if you enable the function when the packet storm is present. Nevertheless, the action will be taken within two intervals. |
|
Broadcast Threshold |
Set the broadcast, multicast, and unicast thresholds. · None: Performs no storm constrain for the selected port or ports. · pps: Specifies the storm constrain upper threshold and lower threshold in packets per second (pps). · ratio: Specifies the storm constrain upper threshold and lower threshold in percentage of received packets to the transmission capability of each selected port. · kbps: Specifies the storm constrain upper threshold and lower threshold in kilobits per second (kbps).
· On a port, you can set the thresholds for broadcast, multicast, and unicast traffic at the same time. To set storm constrain on a port successfully, you must specify the thresholds for at least a type of traffic. · When the pps option is selected, the upper threshold and lower threshold ranges depend on the interface type, as shown in the pps range description on the page. |
|
Multicast Threshold |
|
|
Unicast Threshold |
|
|
Trap |
Select or clear the option to enable or disable the system to send trap messages both when an upper threshold is crossed and when the lower threshold is crossed after that. |
|
Log |
Select or clear the option to enable or disable the system to output logs both when an upper threshold is crossed and when the lower threshold is crossed after that. |
|
Select ports |
Select ports from the chassis front panel to apply the storm constrain settings to them. |
RMON
RMON overview
Remote Monitoring (RMON) is used to realize the monitoring and management from the management devices to the managed devices on the network by implementing such functions as statistics and alarm. The statistics function enables a managed device to periodically or continuously track various traffic information on the network segments connecting to its ports, such as total number of received packets or total number of oversize packets received. The alarm function enables a managed device to monitor the value of a specified MIB variable, log the event and send a trap to the management device when the value reaches the threshold, such as the port rate reaches a certain value or the potion of broadcast packets received in the total packets reaches a certain value.
Both the RMON protocol and the Simple Network Management Protocol (SNMP) are used for remote network management:
· RMON is implemented on the basis of the SNMP, which is thus enhanced. RMON sends traps to the management device to notify the abnormality of the alarm variables by using the SNMP trap packet sending mechanism. Although trap is also defined in SNMP, it is usually used to notify the management device whether some functions on managed devices operate normally and the change of physical status of interfaces. Traps in RMON and those in SNMP have different monitored targets, triggering conditions, and report contents.
· RMON provides an efficient means of monitoring subnets and allows SNMP to monitor remote network devices in a more proactive and effective way. The RMON protocol defines that when an alarm threshold is reached on a managed device, the managed device sends a trap to the management device automatically, so the management device has no need to get the values of MIB variables for multiple times and compare them, and thus greatly reducing the communication traffic between the management device and the managed device. In this way, you can manage a large scale of network easily and effectively.
|
|
NOTE: For more information about RMON, see H3C WX3000E Series Wireless Switches Switching Engine Configuration Guide. Figure 66 |
Configuring RMON
Configuring the RMON statistics function
RMON statistics function can be implemented by either the statistics group or the history group, but the objects of the statistics are different. You can choose to configure a statistics group or a history group accordingly.
· A statistics object of the statistics group is a variable defined in the Ethernet statistics table, and the recorded content is a cumulative sum of the variable from the time the statistics entry is created to the current time. Perform the tasks in Table 13 to configure RMON Ethernet statistics function.
· A statistics object of the history group is the variable defined in the history record table, and the recorded content is a cumulative sum of the variable in each period. Perform the tasks in Table 14 to configure RMON history statistics function.
Table 13 RMON statistics group configuration task list
|
Task |
Remarks |
|
Required You can create up to 100 statistics entries in a statistics table. After a statistics entry is created on an interface, the system collects statistics on various traffic information on the interface. It provides statistics about network collisions, CRC alignment errors, undersize/oversize packets, broadcasts, multicasts, bytes received, packets received, and so on. The statistics are cleared after the device reboots.
Only one statistics entry can be created on one interface. |
Table 14 RMON history group configuration task list
|
Task |
Remarks |
|
Required You can create up to 100 history entries in a history table. After an entry is created, the system periodically samples the number of packets received/sent on the current interface, and saves the statistics as an instance under the leaf node of the etherHistoryEntry table.
When you create an entry, if the value of the specified sampling interval is identical to that of the existing history entry, the system considers their configurations are the same and the creation fails. |
Configuring the RMON alarm function
· If you need to configure that the managed device sends a trap to the NMS when it triggers an alarm event, you should configure the SNMP agent as described in SNMP Configuration before configuring the RMON alarm function.
· As the alarm variables that can be configured through Web network management are MIB variables that defined in the history group or the statistics group, you must make sure that the RMON Ethernet statistics function or the RMON history statistics function is configured on the monitored Ethernet interface.
Perform the tasks in Table 15 to configure RMON alarm function.
Table 15 RMON alarm configuration task list
|
Task |
Remarks |
|
Optional You can create up to 60 event entries for an event table. An event entry defines event indexes and the actions the system will take, including log the event, send a trap to the NMS, take no action, and log the event and send a trap to the NMS.
An entry cannot be created if the values of the specified alarm variable, sampling interval, sampling type, rising threshold and falling threshold are identical to those of an existing entry in the system. |
|
|
Required You can create up to 60 alarm entries for an alarm table. With an alarm entry created, the specified alarm event will be triggered when an abnormity occurs, and the alarm event defines how to deal with the abnormity.
An entry cannot be created if the values of the specified event description, owners, and actions are identical to those of an existing entry in the system. |
Displaying RMON running status
After you configure the RMON statistics function or the alarm function, you can view RMON running status and verify the configuration by performing tasks in Table 16.
Table 16 Display RMON running status
|
Task |
Remarks |
|
View the interface statistics during the period from the time the statistics entry is created to the time the page is displayed. The statistics are cleared after the device reboots. |
|
|
After you have created a history control entry on an interface, the system calculates the information of the interface periodically and saves the information to the etherHistoryEntry table. You can perform this task to view the entries in this table. And the number of history sampling records that can be displayed and the history sampling interval are specified when you configure the history group. |
|
|
If you have configured the system to log an event after the event is triggered when you configure the event group, the event is recorded into the RMON log. You can perform this task to display the details of the log table |
Configuring a statistics entry
1. Select Device > RMON from the navigation tree.
The Statistics tab page appears.
Figure 44 Statistics entry
2. Click Add.
The page for adding a statistics entry appears.
Figure 45 Add a statistics entry
3. Configure information about the statistics entry as described in Table 17.
4. Click Apply.
Table 17 Statistics entry configuration items
|
Item |
Description |
|
Interface Name |
Select the name of the interface on which the statistics entry is created. Only one statistics entry can be created on one interface. |
|
Owner |
Set the owner of the statistics entry. |
Configuring a history entry
1. Select Device > RMON from the navigation tree.
2. Click the History tab.
The History tab page appears.
Figure 46 History entry
3. Click Add.
The page for adding a history entry appears.
Figure 47 Add a history entry
4. Configure the information about the history entry as described in Table 18.
5. Click Apply.
|
Item |
Description |
|
Interface Name |
Select the name of the interface on which the history entry is created. |
|
Buckets Granted |
Set the capacity of the history record list corresponding to this history entry, namely, the maximum number of records that can be saved in the history record list. If the current number of the entries in the table has reached the maximum number, the system will delete the earliest entry to save the latest one. The statistics include total number of received packets on the current interface, total number of broadcast packets, total number of multicast packets in a sampling period, and so on. |
|
Interval |
Set the sampling period. |
|
Owner |
Set the owner of the entry. |
Configuring an event entry
1. Select Device > RMON from the navigation tree.
2. Click the Event tab.
The Event tab page appears.
3. Click Add.
The page for adding an event entry appears.
Figure 49 Add an event entry
4. Configure the information about the event entry as described in Table 19.
5. Click Apply.
|
Item |
Description |
|
Description |
Set the description for the event. |
|
Owner |
Set the owner of the entry. |
|
Event Type |
Set the actions that the system will take when the event is triggered: · Log: The system will log the event · Trap: The system will send a trap in the community name of null. If both Log and Trap are selected, the system will log the event and send a trap; If none of them is selected, the system will take no action |
Configuring an alarm entry
1. Select Device > RMON from the navigation tree.
2. Click the Alarm tab.
The Alarm tab page appears.
Figure 50 Alarm entry
3. Click Add.
The page for adding an alarm entry appears.
Figure 51 Add an alarm entry
4. Configure the information about the alarm entry as described in Table 20.
|
Item |
Description |
|
|
Alarm variable |
Static Item |
Set the traffic statistics that will be collected and monitored, see Table 21 for details. |
|
Interface Name |
Set the name of the interface whose traffic statistics will be collected and monitored. |
|
|
Sample Item |
Interval |
Set the sampling interval. |
|
Sample Type |
Set the sampling type, including: · Absolute: Absolute sampling, namely, to obtain the value of the variable when the sampling time is reached. · Delta: Delta sampling, namely, to obtain the variation value of the variable during the sampling interval when the sampling time is reached. |
|
|
Owner |
Set the owner of the alarm entry. |
|
|
Alarm |
Create Default Event |
Select whether to create a default event. The description of the default event is default event, the action is log-and-trap, and the owner is default owner. If there is no event, you can select to create the default event. And when the value of the alarm variable is higher than the alarm rising threshold or lower than the alarm falling threshold, the system will adopt the default action, that is, log-and-trap. |
|
Rising Threshold |
Set the alarm rising threshold. |
|
|
Rising Event |
Set the action that the system will take when the value of the alarm variable is higher than the alarm rising threshold. If the Create Default Event box is selected, this option is not configurable. |
|
|
Falling Threshold |
Set the alarm falling threshold. |
|
|
Falling Event |
Set the action that the system will take when the value of the alarm variable is lower than the alarm falling threshold. If the Create Default Event box is selected, this option is not configurable. |
|
Displaying RMON statistics information
1. Select Device > RMON from the navigation tree.
The Statistics tab page appears.
2. Click the 
icon of a statistics entry.
The page displays RMON statistics information.
Figure 52 RMON statistics information
3. View the RMON statistics.
Table 21 Field description
|
Field |
Description |
|
Number of Received Bytes |
Total number of octets received by the interface, corresponding to the MIB node etherStatsOctets. |
|
Number of Received Packets |
Total number of packets received by the interface, corresponding to the MIB node etherStatsPkts. |
|
Number of Received Broadcasting Packets |
Total number of broadcast packets received by the interface, corresponding to the MIB node etherStatsBroadcastPkts. |
|
Number of Received Multicast Packets |
Total number of multicast packets received by the interface, corresponding to the MIB node etherStatsMulticastPkts. |
|
Number of Received Packets With CRC Check Failed |
Total number of packets with CRC errors received on the interface, corresponding to the MIB node etherStatsCRCAlignErrors. |
|
Number of Received Packets Smaller Than 64 Bytes |
Total number of undersize packets (shorter than 64 octets) received by the interface, corresponding to the MIB node etherStatsUndersizePkts. |
|
Number of Received Packets Larger Than 1518 Bytes |
Total number of oversize packets (longer than 1518 octets) received by the interface, corresponding to the MIB node etherStatsOversizePkts. |
|
Number of Received Packets Smaller Than 64 Bytes And FCS Check Failed |
Total number of undersize packets (shorter than 64 octets) with CRC errors received by the interface, corresponding to the MIB node etherStatsFragments. |
|
Number of Received Packets Larger Than 1518 Bytes And FCS Check Failed |
Number of oversize packets (longer than 1518 octets) with CRC errors received by the interface, corresponding to the MIB node etherStatsJabbers. |
|
Number of Network Conflicts |
Total number of collisions received on the interface, corresponding to the MIB node etherStatsCollisions. |
|
Number of Packet Discarding Events |
Total number of drop events received on the interface, corresponding to the MIB node etherStatsDropEvents. |
|
Number of Received 64 Bytes Packets |
Total number of received packets with 64 octets on the interface, corresponding to the MIB node etherStatsPkts64Octets. |
|
Number of Received 65 to 127 Bytes Packets |
Total number of received packets with 65 to 127 octets on the interface, corresponding to the MIB node etherStatsPkts65to127Octets. |
|
Number of Received 128 to 255 Bytes Packets |
Total number of received packets with 128 to 255 octets on the interface, corresponding to the MIB node etherStatsPkts128to255Octets. |
|
Number of Received 256 to 511 Bytes Packets |
Total number of received packets with 256 to 511 octets on the interface, corresponding to the MIB node etherStatsPkts256to511Octets. |
|
Number of Received 512 to 1023 Bytes Packets |
Total number of received packets with 512 to 1023 octets on the interface, corresponding to the MIB node etherStatsPkts512to1023Octets. |
|
Number of Received 1024 to 1518 Bytes Packets |
Total number of received packets with 1024 to 1518 octets on the interface, corresponding to the MIB node etherStatsPkts1024to1518Octets. |
Displaying RMON history sampling information
1. Select Device > RMON from the navigation tree.
2. Click the History tab.
The page for displaying RMON history sampling information appears.
3. Click the icon of a history entry
The page displays all history sampling information on the current interface.
Figure 53 RMON history sampling information
Table 22 Field description
|
Field |
Description |
|
NO |
Number of the entry in the system buffer Statistics are numbered chronologically when they are saved to the system buffer. |
|
Time |
Time at which the information is saved |
|
DropEvents |
Dropped packets during the sampling period, corresponding to the MIB node etherHistoryDropEvents. |
|
Octets |
Number of octets received during the sampling period, corresponding to the MIB node etherHistoryOctets. |
|
Pkts |
Number of packets received during the sampling period, corresponding to the MIB node etherHistoryPkts. |
|
BroadcastPkts |
Number of broadcasts received during the sampling period, corresponding to the MIB node etherHistoryBroadcastPkts. |
|
MulticastPkts |
Number of multicasts received during the sampling period, corresponding to the MIB node etherHistoryMulticastPkts. |
|
CRCAlignErrors |
Number of packets received with CRC alignment errors during the sampling period, corresponding to the MIB node etherHistoryCRCAlignErrors. |
|
UndersizePkts |
Number of undersize packets received during the sampling period, corresponding to the MIB node etherHistoryUndersizePkts. |
|
OversizePkts |
Number of oversize packets received during the sampling period, corresponding to the MIB node etherHistoryOversizePkts. |
|
Fragments |
Number of fragments received during the sampling period, corresponding to the MIB node etherHistoryFragments. |
|
Jabbers |
Number of jabbers received during the sampling period (Support for the field depends on the device model.), corresponding to the MIB node etherHistoryJabbers. |
|
Collisions |
Number of collision packets received during the sampling period, corresponding to the MIB node etherHistoryCollisions. |
|
Utilization |
Bandwidth utilization during the sampling period, corresponding to the MIB node etherHistoryUtilization. |
Displaying RMON event logs
1. Select Device > RMON from the navigation tree.
2. Click the Log tab.
The Log tab page appears and displays log information for all event entries.
RMON configuration example
Network requirements
As shown in Figure 55, Agent is connected to a remote NMS across the Internet. Create an entry in the RMON Ethernet statistics table to gather statistics on GigabitEthernet 1/0/1, and perform corresponding configurations so that the system will log the event when the number of bytes received on the interface exceed the specified threshold.
Figure 55 Network diagram for RMON
Configuration procedure
1. Configure RMON to gather statistics for interface GigabitEthernet 1/0/1.
a. Select Device > RMON from the navigation tree.
The Statistics tab page appears.
b. Click Add.
The page in Figure 56 appears.
c. Select GigabitEthernet1/0/1 from the Interface Name list and enter user1-rmon in the Owner field.
d. Click Apply.
Figure 56 Add a statistics entry
2. Display RMON statistics for interface GigabitEthernet 1/0/1.
a. Click the icon corresponding to GigabitEthernet 1/0/1.
b. View the information displayed in Figure 57.
Figure 57 Display RMON statistics
3. Create an event to start logging after the event is triggered.
a. Click the Event tab.
b. Click Add.
The page for configuring an event group appears.
Figure 58 Configure an event group
c. Enter 1-rmon in the Owner Box, and select the box before Log.
d. Click Apply.
The page displays the event entry, and you can see that the entry index of the new event is 1, as shown in Figure 59.
Figure 59 Display the index of a event entry
4. Configure an alarm group to sample received bytes on GigabitEthernet 1/0/1. When the received bytes exceed the rising or falling threshold, logging is enabled.
a. Click the Alarm tab.
b. Click Add.
The page in Figure 60 appears.
Figure 60 Configure an alarm group
c. Select Number of Received Bytes from the Static Item list, select GigabitEthernet1/0/1 from the Interface Name list, enter 10 in the Interval field, select Delta from the Simple Type list, enter 1-rmon in the Owner field, enter 1000 in the Rising Threshold field, select 1 from the Rising Event list, enter 100 in the Falling Threshold field, and select 1 from the Falling Event list.
d. Click Apply.
Energy saving configuration
Energy saving overview
Energy saving allows you to configure a port to work at the lowest transmission speed, disable PoE, or go down during a specified time range on certain days of a week. The port resumes working normally when the effective time period ends.
Configuring energy saving on a port
1. From the navigation tree, select Device > Energy Saving to enter the energy saving configuration page.
2. Click a port.
Figure 61 Energy saving configuration page
3. Configure an energy saving policy for the port as described in Table 23.
4. Click Apply.
|
Item |
Description |
|
Time Range |
Set the time period when the port is in energy saving state.
· Up to five energy saving policies with different time ranges can be configured on a port. · Specify the start time and end time in units of 5 minutes, such as 08:05 to 10:15. Otherwise, the start time will be postponed and the end time will be brought forward so that they meet the requirements. For example, if you set the time range to 08:08 to 10:12, however, the effective time range is actually 08:10 to 10:10. |
|
Sun through Sat |
|
|
PoE Disabled |
Disable PoE on the port. |
|
Lowest Speed |
Set the port to transmit data at the lowest speed.
If you configure the lowest speed limit on a port that does not support 10 Mbps, the configuration cannot take effect. |
|
Shutdown |
Shut down the port.
An energy saving policy can have all the three energy saving schemes configured, of which the shutdown scheme takes the highest priority. |
SNMP
SNMP overview
Simple Network Management Protocol (SNMP) offers the communication rules between a management device and the managed devices on the network; it defines a series of messages, methods and syntaxes to implement the access and management from the management device to the managed devices. SNMP shields the physical differences between various devices and realizes automatic management of products from different manufacturers.
An SNMP enabled network comprises the Network Management Station (NMS) and agents.
The NMS manages agents by exchanging management information through SNMP. The NMS and managed agents must use the same SNMP version.
Currently, SNMP agents support SNMPv1, SNMPv2c, and SNMPv3.
· SNMPv1 uses community name for authentication. Community name defines the relationship between an SNMP NMS and an SNMP agent. SNMP packets with community names that do not pass the authentication on the device are simply discarded. A community name plays a similar role as a key word and can be used to control access from NMS to the agent.
· SNMPv2c uses community name for authentication. Compatible with SNMPv1, it extends the functions of SNMPv1. SNMPv2c provides more operation modes such as GetBulk and InformRequest; it supports more data types such as Counter64; and it provides various error codes, thus being able to distinguish errors in more detail.
· SNMPv3 offers an authentication that is implemented with a User-Based Security Model (USM). You can set the authentication and privacy functions. The former is used to authenticate the validity of the sending end of the authentication packets, preventing access of illegal users; the latter is used to encrypt packets between the NMS and agents, preventing the packets from being intercepted. USM ensures a more secure communication between SNMP NMS and SNMP agent by authentication with privacy.
|
|
NOTE: For more information about SNMP, see H3C WX3000E Series Wireless Switches Switching Engine Configuration Guide. |
SNMP configuration
Configuration task list
As configurations for SNMPv3 differ substantially from those for SNMPv1 and SNMPv2c, their configuration tasks are introduced separately as follows.
Configuring SNMPv1 or SNMPv2c
Table 24 SNMPv1 or SNMPv2c configuration task list
|
Task |
Remarks |
|
Required The SNMP agent function is disabled by default.
If SNMP is disabled, all SNMP-related configurations will be removed. |
|
|
Optional After creating SNMP views, you can specify an SNMP view for an SNMP community to limit the MIB objects that can be accessed by the SNMP community. |
|
|
Required |
|
|
Optional Allows you to configure that the agent can send SNMP traps to the NMS, and configure information about the target host of the SNMP traps. By default, an agent is allowed to send SNMP traps to the NMS. |
Configuring SNMPv3
Table 25 SNMPv3 configuration task list
|
Task |
Remarks |
|
Required The SNMP agent function is disabled by default.
If SNMP is disabled, all SNMP-related configurations will be removed. |
|
|
Optional After creating SNMP views, you can specify an SNMP view for an SNMP group to limit the MIB objects that can be accessed by the SNMP group. |
|
|
Required After creating an SNMP group, you can add SNMP users to the group when creating the users. Therefore, you can realize centralized management of users in the group through the management of the group. |
|
|
Required Before creating an SNMP user, you need to create the SNMP group to which the user belongs. |
|
|
Optional Allows you to configure that the agent can send SNMP traps to the NMS, and configure information about the target host of the SNMP traps By default, an agent is allowed to send SNMP traps to the NMS. |
Enabling SNMP agent
1. Select Device > SNMP from the navigation tree.
The SNMP configuration page appears.
2. Configure SNMP settings on the upper part of the page as described inTable 26.
3. Click Apply.
|
Item |
Description |
|
SNMP |
Specify to enable or disable SNMP. |
|
Local Engine ID |
Configure the local engine ID. The validity of a user after it is created depends on the engine ID of the SNMP agent. If the engine ID when the user is created is not identical to the current engine ID, the user is invalid. |
|
Maximum Packet Size |
Configure the maximum size of an SNMP packet that the agent can receive/send. |
|
Contact |
Set a character string to describe the contact information for system maintenance. If the device is faulty, the maintainer can contact the manufacture factory according to the contact information of the device. |
|
Location |
Set a character string to describe the physical location of the device. |
|
SNMP Version |
Set the SNMP version run by the system |
Configuring an SNMP view
Creating an SNMP view
1. Select Device > SNMP from the navigation tree.
2. Click the View tab.
The View tab page appears.
Figure 63 View page
3. Click Add.
The Add View window appears.
Figure 64 Create an SNMP view (1)
4. Enter the view name.
5. Click Apply.
The page in Figure 65 appears.
Figure 65 Create an SNMP view (2)
6. Configure the parameters as described in Table 27.
7. Click Add.
8. Repeat steps 6 and 7 to add more rules for the SNMP view.
9. Click Apply.
To cancel the view, click Cancel.
|
Item |
Description |
|
View Name |
Set the SNMP view name. |
|
Rule |
Select to exclude or include the objects in the view range determined by the MIB subtree OID and subtree mask. |
|
MIB Subtree OID |
Set the MIB subtree OID (such as 1.4.5.3.1) or name (such as system). MIB subtree OID identifies the position of a node in the MIB tree, and it can uniquely identify a MIB subtree. |
|
Subtree Mask |
Set the subtree mask. If no subtree mask is specified, the default subtree mask (all Fs) will be used for mask-OID matching. |
Adding rules to an SNMP view
1. Select Device > SNMP from the navigation tree.
2. Click the View tab.
The page in Figure 63appears.
3. Click the 
icon of the target view.
The Add rule for the view ViewDefault window appears.
Figure 66 Add rules to an SNMP view
4. Configure the parameters as described in Table 27.
5. Click Apply.
|
|
NOTE: You can also click the |
Configuring an SNMP community
1. Select Device > SNMP from the navigation tree.
2. Click the Community tab.
The Community tab page appears.
Figure 67 Configure an SNMP community
3. Click Add.
The Add SNMP Community page appears.
Figure 68 Create an SNMP Community
4. Configure SNMP community settings as described in Table 28.
5. Click Apply.
|
Item |
Description |
|
Community Name |
Set the SNMP community name. |
|
Access Right |
Configure SNMP NMS access right · Read only: The NMS can perform read-only operations to the MIB objects when it uses this community name to access the agent, · Read and write: The NMS can perform both read and write operations to the MIB objects when it uses this community name to access the agent. |
|
View |
Specify the view associated with the community to limit the MIB objects that can be accessed by the NMS. |
|
ACL |
Associate the community with a basic ACL to allow or prohibit the access to the agent from the NMS with the specified source IP address. |
Configuring an SNMP group
1. Select Device > SNMP from the navigation tree.
2. Click the Group tab.
The Group tab page appears.
3. Click Add.
The Add SNMP Group page appears.
Figure 70 Create an SNMP group
4. Configure SNMP group settings as described in Table 29.
5. Click Apply.
|
Item |
Description |
|
Group Name |
Set the SNMP group name. |
|
Security Level |
Select the security level for the SNMP group. The available security levels are: · NoAuth/NoPriv: No authentication no privacy. · Auth/NoPriv: Authentication without privacy. · Auth/Priv: Authentication and privacy.
For an existing SNMP group, its security level cannot be modified. |
|
Read View |
Select the read view of the SNMP group. |
|
Write View |
Select the write view of the SNMP group. If no write view is configured, the NMS cannot perform the write operations to all MIB objects on the device. |
|
Notify View |
Select the notify view of the SNMP group, that is, the view that can send trap messages. If no notify view is configured, the agent does not send traps to the NMS. |
|
ACL |
Associate a basic ACL with the group to restrict the source IP address of SNMP packets, that is, you can configure to allow or prohibit SNMP packets with a specific source IP address, so as to restrict the intercommunication between the NMS and the agent. |
Configuring an SNMP user
1. Select Device > SNMP from the navigation tree.
2. Click the User tab.
The User tab page appears.
3. Click Add.
The Add SNMP User page appears.
4. Configure SNMP user settings as described in Table 30.
5. Click Apply.
|
Item |
Description |
|
User Name |
Set the SNMP user name. |
|
Security Level |
Select the security level for the SNMP group. The available security levels are: · NoAuth/NoPriv: No authentication no privacy. · Auth/NoPriv: Authentication without privacy. · Auth/Priv: Authentication and privacy. |
|
Group Name |
Select an SNMP group to which the user belongs. · When the security level is NoAuth/NoPriv, you can select an SNMP group with no authentication no privacy. · When the security level is Auth/NoPriv, you can select an SNMP group with no authentication no privacy or authentication without privacy. · When the security level is Auth/Priv, you can select an SNMP group of any security level. |
|
Authentication Mode |
Select an authentication mode (including MD5 and SHA) when the security level is Auth/NoPriv or Auth/Priv. |
|
Authentication Password |
Set the authentication password when the security level is Auth/NoPriv or Auth/Priv. The confirm authentication password must be the same with the authentication password. |
|
Confirm Authentication Password |
|
|
Privacy Mode |
Select a privacy mode (including DES56, AES128, and 3DES) when the security level is Auth/Priv. |
|
Privacy Password |
Set the privacy password when the security level is Auth/Priv. The confirm privacy password must be the same with the privacy password. |
|
Confirm Privacy Password |
|
|
ACL |
Associate a basic ACL with the user to restrict the source IP address of SNMP packets, that is, you can configure to allow or prohibit SNMP packets with a specific source IP address, so as to allow or prohibit the specified NMS to access the agent by using this user name. |
Configuring SNMP trap function
1. Select Device > SNMP from the navigation tree.
2. Click the Trap tab.
The trap configuration page appears.
3. Select the box of Enable SNMP Trap.
4. Click Apply.
5. Click Add.
The page for adding a target host of SNMP traps appears.
Figure 74 Add a target host of SNMP traps
6. Configure the settings for the target host as described in Table 31.
7. Click Apply.
|
Item |
Description |
|
Destination IP Address |
Set the destination IP address. Select the IP address type: IPv4 or IPv6, and then type the corresponding IP address in the field according to the IP address type. |
|
Security Name |
Set the security name, which can be an SNMPv1 community name, an SNMPv2c community name, or an SNMPv3 user name. |
|
UDP Port |
Set UDP port number.
The default port number is 162, which is the SNMP-specified port used for receiving traps on the NMS. Generally (such as using iMC or MIB Browser as the NMS), you can use the default port number. To change this parameter to another value, you need to make sure that the configuration is the same with that on the NMS. |
|
Security Model |
Select the security model, that is, the SNMP version. Ensure that the SNMP version is the same with that on the NMS; otherwise, the NMS cannot receive any trap. |
|
Security Level |
Set the authentication and privacy mode for SNMP traps when the security model is selected as v3. The available security levels are: no authentication no privacy, authentication but no privacy, and authentication and privacy. When the security model is selected as v1 or v2c, the security level is no authentication no privacy, and cannot be modified. |
Displaying SNMP packet statistics
1. Select Device > SNMP from the navigation tree.
The page for displaying SNMP packet statistics appears.
Figure 75 SNMP packet statistics
SNMPv1/v2c configuration example
Network requirements
The NMS connects to the agent, a switch, through an Ethernet. The IP address of the NMS is 1.1.1.2/24. The IP address of the VLAN interface on the switch is 1.1.1.1/24. Configure SNMP to achieve the following purposes.
· The NMS monitors the agent by using SNMPv1 or SNMPv2c.
· The agent reports errors or faults to the NMS.
Figure 76 Network diagram
Configuring the agent
1. Enable SNMP agent.
a. Select Device > SNMP from the navigation tree.
The Setup page appears.
Figure 77 Enable SNMP
b. Select the Enable option.
c. Select the v1 or v2c box.
d. Click Apply.
2. Configure an SNMP read-only community public.
a. Click the Community tab.
b. Click Add.
c. Enter the public name public and select Read only from the Access Right list.
d. Click Apply.
Figure 78 Configure read-only community
3. Configure an SNMP read and write community private.
a. Click Add on the Community tab page.
b. Enter the community name private and select Read and write from the Access Right list.
c. Click Apply.
Figure 79 Configure read and write community
4. Enable the agent to send SNMP traps.
a. Click the Trap tab.
b. Select the box of Enable SNMP Trap.
c. Click Apply.
Figure 80 Enable SNMP traps
5. Add target hosts of SNMP traps.
a. Click Add on the Trap tab page.
The page in Figure 81 appears.
b. Select the destination IP address type as IPv4/Domain, enter the destination address 1.1.1.2, enter the security name public, and select v1 from the Security Model list.
c. Click Apply.
Figure 81 Add target hosts of SNMP traps
Configuring the NMS
|
|
CAUTION: The configuration on the NMS must be consistent with that on the agent. Otherwise, you cannot perform corresponding operations. |
Configure the SNMP version for the NMS as v1 or v2c, create a read-only community and name it public, and create a read and write community and name it private. For how to configure the NMS, see the manual for the NMS.
Verifying the configuration
· After the above configuration, an SNMP connection is established between the NMS and the agent. The NMS can get and configure the values of some parameters on the agent through MIB nodes.
· If an idle interface on the agent is shut down or brought up, the NMS receives a trap information sent by the agent.
SNMPv3 configuration example
Network requirements
The NMS (1.1.1.2/24) uses SNMPv3 to monitor and manage the interface status of the agent (.1.1.1/24), and the agent automatically sends traps to report events to the NMS.
The NMS and the agent perform authentication when they set up an SNMP session. The authentication algorithm is MD5 and the authentication key is authkey. The NMS and the agent also encrypt the SNMP packets between them by using the DES algorithm and the privacy key prikey.
Configuring the agent
1. Enable SNMP agent.
a. Select Device > SNMP from the navigation tree.
The Setup page appears.
b. Select the Enable option.
c. Select the v3 box.
d. Click Apply.
2. Configure an SNMP view.
a. Click the View tab.
b. Click Add.
The page for creating an SNMP view appears.
Figure 84 Create an SNMP view (1)
c. Enter view1 in the field.
d. Click Apply.
The SNMP rule configuration page appears.
Figure 85 Create an SNMP view (2)
e. Select the Included radio box, enter the MIB subtree OID interfaces, and click Add.
f. Click Apply.
A configuration progress dialog box appears.
Figure 86 Configuration progress dialog box
g. Click Close after the configuration process is complete.
3. Configure an SNMP group.
a. Click the Group tab.
b. Click Add.
The page for creating an SNMP group appears.
Figure 87 Create an SNMP group
c. Enter group1 in the field of Group Name, select view1 from the Read View box, and select view1 from the Write View box.
d. Click Apply.
4. Configure an SNMP user
a. Click the User tab.
b. Click Add.
The page in Figure 88 appears.
c. Enter user1 in the field of User Name, select Auth/Priv from the Security Level list, select group1 from the Group Name list, select MD5 from the Authentication Mode list, enter authkey in the Authentication Password and Confirm Authentication Password fields, select DES56 from the Privacy Mode list, enter prikey in the Privacy Password and Confirm Privacy Password fields.
d. Click Apply.
5. Enable the agent to send SNMP traps.
a. Click the Trap tab
The page in Figure 89 appears.
b. Select the Enable SNMP Trap box.
c. Click Apply.
Figure 89 Enable the agent to send SNMP traps
6. Add target hosts of SNMP traps.
a. Click Add on the Trap tab page.
The page in Figure 90 appears.
b. Select the destination IP address type as IPv4/Domain, enter the destination address 1.1.1.2, enter the user name user1, and select v3 from the Security Model list.
c. Click Apply
Figure 90 Add target hosts of SNMP traps
Configuring NMS
|
|
CAUTION: The configuration on NMS must be consistent with that on the agent. Otherwise, you cannot perform corresponding operations. |
· Specify the SNMP version for the NMS as v3.
· Create an SNMP user user1.
· Enable both authentication and privacy functions
· Use MD5 for authentication and DES56 for encryption.
· Set the authentication key to authkey and the privacy key to prikey.
For information about configuring the NMS, see the manual for the NMS.
Verifying the configuration
· After the above configuration, the NMS can establish an SNMP connection with the agent and query and reconfigure values of objects in the agent MIB.
· If an idle interface on the agent is shut down or brought up, the NMS will receive a trap information sent by the agent.
Overview
The interface statistics module displays statistics information about the packets received and sent through interfaces.
Displaying interface statistics
Select Device > Interface Statistics from the navigation tree to enter the interface statistics display page, as shown in Figure 91.
Figure 91 Interface statistics display page
Table 32 Details about the interface statistics
|
Field |
Description |
|
InOctets |
Total octets of all packets received on the interface. |
|
InUcastPkts |
Number of received unicast packets. |
|
InNUcastPkts |
Number of received non-unicast packets. |
|
InDiscards |
Number of valid packets discarded in the inbound direction. |
|
InErrors |
Number of received invalid packets. |
|
InUnknownProtos |
Number of received unknown protocol packets. |
|
OutOctets |
Total octets of all packets sent through the interface. |
|
OutUcastPkts |
Number of unicast packets sent through the interface. |
|
OutNUcastPkts |
Number of non-unicast packets sent through the interface. |
|
OutDiscards |
Number of valid packets discarded in the outbound direction. |
|
OutErrors |
Number of invalid packets sent through the interface. |
Overview
In OAA, an Open Application Platform (OAP) module and network device are integrated to work as one device. From the perspective of an SNMP UDP domain-based NMS, however, the device and the OAP module are separate SNMP agents. They have different software systems and manage their own MIB objects. To access an SNMP agent, the NMS must obtain the IP address of the management interface on the agent. By default, the OAP module does not have an IP address, so you need to specify an IP address for the OAP module in the Web interface.
Configuring a management IP address
1. Select Device > OAP Management from the navigation tree.
The OAP Management configuration page appears.
2. Enter an IP address in the Management IP address field.
3. Click Apply.
Figure 92 OAP Management configuration page
