Login
- Table of Contents
-
- 13-Network Management and Monitoring Configuration Guides
- 00-Preface
- 01-System maintenance and debugging configuration
- 02-NQA configuration
- 03-iNQA configuration
- 04-NTP configuration
- 05-PTP configuration
- 06-Network synchronization configuration
- 07-SNMP configuration
- 08-RMON configuration
- 09-NETCONF configuration
- 10-EAA configuration
- 11-Process monitoring and maintenance configuration
- 12-Sampler configuration
- 13-Mirroring configuration
- 14-NetStream configuration
- 15-IPv6 NetStream configuration
- 16-sFlow configuration
- 17-Information center configuration
- 18-GOLD configuration
- 19-Packet capture configuration
- 20-VCF fabric configuration
- 21-CWMP configuration
- 22-SmartMC configuration
- 23-SQA configuration
- 24-eMDI configuration
- 25-Performance management configuration
- 26-Ansible configuration
- 27-Event MIB configuration
- 28-EPS agent configuration
- 29-Cloud connection configuration
- 30-EPA configuration
- 31-Packet trace configuration
- 32-KPI data collection configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 30-EPA configuration | 166.31 KB |
Restrictions and guidelines: EPA configuration
Display and maintenance commands for EPA
EPA static endpoint identification configuration example
Configuring EPA
About EPA
Endpoint Analysis (EPA) allows you to monitor associations and disassociations of endpoints (for example, cameras and IP phones) connecting to an H3C device.
Application scenarios
Non-SmartMC networking
As shown in Figure 1, the device configured with EPA monitors associations and disassociations of endpoints connecting to it. The collected association and disassociation information will be reported to the MPU for processing. (In standalone mode.)
As shown in Figure 1, the device configured with EPA monitors associations and disassociations of endpoints connecting to it. The collected association and disassociation information will be reported to the global active MPU for processing. (In IRF mode.)
Figure 1 Non-SmartMC networking
SmartMC networking
In a SmartMC network as shown in Figure 2, EPA settings are configured only on the commander. The members report association and disassociation information about their associated endpoints to the commander. The commander records such information about all associated endpoints in the network, and deploys EPA settings to the members.
You can view EPA information in the entire network on the commander.
Working mechanism
EPA monitors endpoint associations and disassociations by monitoring the generation and aging of MAC address entries learned by devices. A device configured with EPA can monitor only endpoints in the same subnet as the endpoint access port on the device.
For more information about MAC address entries, see Layer 2—LAN Switching Configuration Guide.
Collecting endpoint association information
If a device configured with EPA learns a new MAC address entry, it compares the MAC address and VLAN ID with the configured EPA monitor rules.
· If a match is found, the device determines that a monitored endpoint came online.
¡ In a non-SmartMC network, the device records the endpoint association event locally.
¡ In a SmartMC network, if the device is the commander, it records the endpoint association event locally. If the device is a member, it reports the event to the commander.
· If no match is found, the device determines that the endpoint is not a monitored endpoint and does not record the endpoint association event.
Collecting endpoint disassociation information
When the MAC address entry of an endpoint ages out, the device determines that the endpoint went offline.
· In a non-SmartMC network, the device records the endpoint disassociation event locally for 7 days.
· In a SmartMC network, the commander records the endpoint disassociation event for 7 days.
Synchronizing information in a SmartMC network
In a SmartMC network, endpoint monitor rules are configured on the commander and deployed to all members by the commander. The rules take effect on both the commander and members. If a member detects an association or disassociation event of a monitored endpoint, it reports the event to the commander for statistics collection and analysis.
You can view endpoint associations and disassociations that occurred in the entire network from the commander. For more information about SmartMC, see "Configuring SmartMC."
Restrictions and guidelines: EPA configuration
Do not use the mac-address dynamic command to configure dynamic MAC address entries for monitored endpoints. If you do so, the system might fail to identify endpoint association events.
When you configure endpoint monitor rules, follow these restrictions and guidelines:
· To configure multiple rules to monitor an endpoint in different VLANs, make sure the specified VLAN ranges in these rules do not overlap with each other.
· As a best practice to ensure the optimal EPA performance, specify the VLANs in which an endpoint will be monitored.
· You can configure a maximum of 1024 monitor rules. As a best practice to ensure the optimal EPA performance, do not configure over 512 monitor rules.
· You can specify a rule ID when creating a monitor rule. If you do not specify the ID, the system assigns the smallest available ID to the rule.
· You cannot execute the epa monitor-rule command multiple times to edit an existing rule. To edit an existing rule, use the undo epa monitor-rule command to delete the rule and then create the rule again.
When you configure EPA in a SmartMC network, follow these restrictions and guidelines:
· Make sure all devices in the network support EPA.
· You can configure endpoint monitor rules only on the commander.
· Configure the same aging time for MAC address entries on all devices in the SmartMC network. Otherwise, endpoint association and disassociation analysis on the commander might be inaccurate. For more information about MAC address entries, see Layer 2—LAN Switching Configuration Guide.
· To view endpoint association and disassociation events in a SmartMC network, execute the display epa monitor-information command on the commander instead of a member. If you execute the command on a member, the command displays only association events of endpoints connecting to the member.
· In a SmartMC cascading environment, if a device is not a SmartMC TC device, EAP considers that the device is a black hole device. EAP does not support displaying the TC devices attached to such a device.
Configuring EPA
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create an endpoint monitor rule. |
epa monitor-rule [ monitor-rule-id ] mac mac-address [ mask mac-mask ] [ vlan vlan-id ] |
By default, no endpoint monitor rules exist. |
Disabling EPA logging
About this task
By default, the EPA module logs endpoint associations and disassociations. If a monitored endpoint comes online or goes offline frequently, the device will generate a large number of log entries. In this case, to avoid affecting device performance, disable EPA logging as a best practice.
Procedure
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Disable EPA logging. |
epa online-offline-log disable |
By default, EPA logging is enabled. |
Display and maintenance commands for EPA
Execute display commands in any view.
|
Task |
Command |
|
Display endpoint association and disassociation information detected by EPA. |
display epa monitor-information [ online | offline ] [ device device-id | mac mac-address [ vlan vlan-id ] ] [ verbose ] |
EPA static endpoint identification configuration example
Network configuration
As shown in Figure 3, the SmartMC network is established manually. Configure the devices in SmartMC network so EPA can identify camera 1 and camera 2 when they access the SmartMC network and when they log out.
Configuring the TM
1. Configure SmartMC:
# Configure VLAN-interface 1.
[TM] interface vlan-interface 1
[TM-Vlan-interface1] ip address 192.168.2.2 24
[TM-Vlan-interface1] quit
# Enable HTTP and HTTPS.
[TM] ip http enable
[TM] ip https enable
# Enable the Telnet service.
[TM] telnet server enable
# Enable NETCONF over SOAP over HTTP.
[TM] netconf soap http enable
# Enable LLDP globally.
[TM] lldp global enable
# Create a user. Set the username to admin and password to hello12345, add the telnet, http, and https service types, and authorize the user to use the network-admin user role.
[TM] local-user admin
[TM-luser-manage-admin] password simple hello12345
[TM-luser-manage-admin] service-type telnet http https
[TM-luser-manage-admin] authorization-attribute user-role network-admin
[TM-luser-manage-admin] quit
# Set scheme authentication for VTY user lines 0 to 63.
[TM] line vty 0 63
[TM-line-vty0-63] authentication-mode scheme
[TM-line-vty0-63] quit
# Enable SmartMC, set the device role to commander, and set the username to admin and the password (plaintext) to hello12345.
[TM] smartmc tm username admin password simple hello12345 enable
2. Configure static endpoint identification rules on the commander.
[TM] epa monitor-rule mac 1-1-1
[TM] epa monitor-rule mac 2-2-2
Configuring TC 1
1. Configure SmartMC:
# Configure VLAN-interface 1.
<TC1> system-view
[TC1] interface vlan-interface 1
[TC1-Vlan-interface1] ip address 192.168.2.1 24
[TC1-Vlan-interface1] quit
# Enable HTTP and HTTPS.
[TC1] ip http enable
[TC1] ip https enable
# Enable the Telnet service.
[TC1] telnet server enable
# Enable NETCONF over SOAP over HTTP.
[TC1] netconf soap http enable
# Enable LLDP globally.
[TC1] lldp global enable
# Create a user named admin.
[TC1] local-user admin
# Lower password complexity requirements. For more information about these commands, see password control commands in Security Command Reference.
[TC1-luser-manage-admin] password-control length 4
[TC1-luser-manage-admin] password-control composition type-number 1 type-length 1
[TC1-luser-manage-admin] undo password-control complexity user-name check
# Set the username and password to admin, add the telnet, http, and https service types, and authorize the user to use the network-admin user role.
[TC1-luser-manage-admin] password simple admin
[TC1-luser-manage-admin] service-type telnet http https
[TC1-luser-manage-admin] authorization-attribute user-role network-admin
[TC1-luser-manage-admin] quit
# Set scheme authentication for VTY user lines 0 to 63.
[TC1] line vty 0 63
[TC1-line-vty0-63] authentication-mode scheme
[TC1-line-vty0-63] quit
# Enable SmartMC and set the device role to member.
[TC1] smartmc tc enable
Configuring TC 3
# Configure TC 3 in the same way TC 1 is configured. (Details not shown.)
Verifying the configuration
# On TC 1, display the online and offline information of endpoints.
[TC1] display epa monitor-information verbose
Auto identification : Disabled
Local device type : SmartMC TC
Local device ID : 3acc-58e2-0100
Total endpoints identified by EPA: 1
Access device ID: 3acc-58e2-0100
MAC address : 0001-0001-0001 VLAN : 1
IP address : -
Interface : GigabitEthernet1/0/1 Status: Online
Category : Camera Vendor: -
OS : -
# On the TM, display the online and offline information of endpoints.
[TM] display epa monitor-information verbose
Auto identification : Disabled
Local device type : SmartMC TM
Local device ID : 90bc-1b85-0300
Total endpoints identified by EPA: 2
Access device ID: 3acc-58e2-0100
MAC address : 0001-0001-0001 VLAN : 1
IP address : 192.168.2.11
Interface : GigabitEthernet1/0/1 Status: Online
Category : Camera Vendor: -
OS : -
Access device ID: 3acc-58e2-0300
MAC address : 0002-0002-0002 VLAN : 1
IP address : 192.168.2.12
Interface : GigabitEthernet1/0/1 Status: Online
Category : Camera Vendor: -
OS : -
