< Home

Example for Configuring eSight and Switches to Communicate Through SNMPv2c

Introduction to eSight

eSight is a new-generation comprehensive operation, maintenance, and management solution developed by Huawei for network infrastructure management, unified communications, telepresence conferencing, video surveillance, and data center in enterprises. eSight supports unified monitoring and configuration management over devices of various types and from various vendors, monitors and analyzes network and service quality, manages enterprise resources, services, and users in a unified manner, and analyzes association between them. In addition, eSight offers a flexible and open platform that enables enterprises to customize software and build an intelligent management system tailored to their own needs. This example describes how a network administrator uses the Simple Network Management Protocol Version 2c (SNMPv2c) to automatically discover network devices on eSight.

Configuration Notes

This example uses eSight V200R005C00 and switch V200R003C00. The configurations may vary with software versions. For details, see the product manual of the corresponding version.

Networking Requirements

An enterprise administrator wants to use eSight to manage devices of the enterprise.

  • The enterprise replans the network recently, and the number of devices on the entire network increases to about 1000. It is labor-consuming if the administrator logs in to each device to configure and manage the devices. The administrator needs to use a network management system (NMS) to uniformly manage all the devices on the network.
  • Devices on the enterprise network belong to the R&D Dept and finance Dept, and devices in the R&D Dept are divided into two service groups. The R&D Dept has 800 devices and the finance Dept has 200 devices. The administrator wants to manage the devices by group, view the device status in different departments, and batch configure services for devices in the same service group during the maintenance process.
Figure 1 Networking of automatic device discovery

Requirement Analysis

  • Enabling automatic device discovery: A large number of security devices and network devices need to be deployed on a network. The automatic device discovery function provided by eSight can reduce the administrator's workload, improve the operation efficiency, and lower misoperations.
  • Selecting the SNMPv2c protocol: A majority of the security devices and network devices use SNMPv2c. SNMPv2c has higher security than SNMPv1, and is simple and easy to configure compared with SNMPv3.
  • Enabling the subnet function in topology monitoring: The subnet function in topology monitoring enables eSight to monitor devices by area according to the subnet on which the devices are located. The administrator can divide the enterprise network into multiple subnets by department to implement differentiated management.
  • Enabling the grouping function: During routine maintenance, the administrator needs to batch configure devices that provide similar services. The grouping function enables eSight to automatically add devices to different groups after grouping rules are set. The administrator can batch perform authentication and alarm filtering operations for devices in the same group.

Data Plan

Item

Value

Description

SNMP parameters

Template name: SNMP_v2c

SNMP version: v2c

Read community: Public123

Write community: Private123

NE port: 161

Timeout interval(s): 3

Resending times: 3

It is recommended that the read and write community names have high complexity and meet complexity requirements on devices to ensure security. The highest complexity is recommended because there are different complexity requirements for devices. For example, the combination of upper-case letters, lower-case letters, and digits.

IP address

Different network segment IP addresses are allocated based on the service group.

R&D Dept A:
  • Service group 1: 192.168.11.0-192.168.11.255
  • Service group 2: 192.168.12.0-192.168.12.255
R&D Dept B:
  • Service group 3: 192.168.31.0-192.168.31.255
  • Service group 4: 192.168.32.0-192.168.32.255

Finance Dept: 192.168.51.0-192.168.51.255

IP addresses are allocated based on the service group and department. Devices in a service group can only use IP addresses in a specified network segment, so that subnets can be divided and devices can be grouped based on IP addresses.

Subnet
The network is divided into three subnets and assigned subnet IP address ranges.
  • subnet_rda (R&D Dept A): 192.168.11.0-192.168.12.255
  • subnet_rdb (R&D Dept B): 192.168.31.0-192.168.32.255
  • subnet_finance (Finance Dept): 192.168.51.0-192.168.51.255

One subnet on eSight can contain up to 500 devices. It is recommended that the R&D Dept with 800 devices be divided into two subnets, and the finance Dept into one subnet.

Grouping rule

Five groups are divided based on the service type and department.

  • group_rda1 (R&D Dept A, service group 1): 192.168.11.0-192.168.11.255
  • group_rda2 (R&D Dept A, service group 2): 192.168.12.0-192.168.12.255
  • group_rdb3 (R&D Dept B, service group 1): 192.168.31.0-192.168.31.255
  • group_rdb4 (R&D Dept B, service group 2): 192.168.32.0-192.168.32.255
  • group_finance (Finance Dept): 192.168.51.0-192.168.51.255

The start and end IP addresses are specified in grouping rules. After eSight discovers the devices, they are automatically added to different groups.

Configuration Roadmap

  1. Configure SNMP parameters on the devices.
  2. Create subnets on eSight.
  3. Set grouping rules on eSight.
  4. Create an SNMP template on eSight.
  5. Enable eSight to discover devices using SNMP.

Prerequisites

IP addresses have been configured for devices on the network according to Data Plan, and the devices can successfully communicate with eSight.

Procedure

  1. Configure SNMP parameters on the devices. 

    <SwitchA> system-view
[SwitchA] snmp-agent   //Start the SNMP agent service.
[SwitchA] snmp-agent sys-info version v2c   //Set the SNMP version to v2c.
[SwitchA] snmp-agent mib-view included View_ALL iso   //Create a MIB view View_ALL.
[SwitchA] snmp-agent community read cipher Public123 mib-view View_ALL   //Configure a read community name and set the rights of the MIB view.
[SwitchA] snmp-agent community write cipher Private123 mib-view View_ALL   //Configure a write community name and set the rights of the MIB view.
[SwitchA] snmp-agent trap source MEth0/0/1   //Specify the source interface for sending traps. Here, a management interface is specified as the source interface.
[SwitchA] snmp-agent trap enable   //Enable the trap function to report alarms.
Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:y
[SwitchA] snmp-agent target-host trap address udp-domain 192.168.10.10 params securityname Public123 v2c   //Set the eSight IP address to 192.168.10.10, securityname to Public123, and version to v2c.

  2. Create subnets.
    1. Choose Resource > Resource Management > Equipment Resources from the main menu.

    2. In the navigation tree, choose Logical Resources > Subnet.
    3. On the Subnet page, click .

    4. In the dialog box that is displayed, enter the subnet name and description, and click OK.

      Repeat the steps to create the other two subnets.

  3. Set grouping rules.
    1. Choose Resource > Resource Management > Group Management from the main menu.

    2. In the navigation tree, choose Device Group and click next to User Defined Groups.
    3. In the Basic Information dialog box, set the group name and description.
    4. Click under Dynamic Rules to set grouping rules.

      1. Set the rule name to rule_01.
      2. Select satisfy all conditions.
      3. Set the dynamic rule to IP address startwith 192.168.11.0.
      4. Click next to the dynamic rule. A line is displayed under the dynamic rule. Set the other dynamic rule to IP address endwith 192.168.11.255.

    5. Click Confirm. The first grouping rule is set. Repeat the steps to set other grouping rules according to Data Plan.
  4. Create an SNMP template on eSight.
    1. Choose Resource > Resource Management > Protocol Template from the main menu.

    2. In the navigation tree, choose SNMP Template and click .
    3. Set parameters in the SNMP template according to Data Plan and click OK.

  5. Use the automatic device discovery function to add devices to eSight.
    1. Choose Resource > Add Device > Automatic from the main menu.

    2. Set Select discovery protocol to SNMP and Select discovery mode to Immediate discovery.
    3. Specify start and end IP addresses of network segments and add them to subnets.

      Click Add Another Network Segment, specify start and end IP addresses of the network segment and add it to the corresponding subnet.

    4. Select Select template and select the template SNMP_v2c created in the preceding step from the template list.
    5. Select Auto add to NMS and click Start Discovery.
    6. After automatic device discovery is complete, check whether all the devices matching parameters in the template are added to eSight. Click Complete.
  6. Adjust the topology layout.
    1. Choose Monitor > Topology > Topology Management from the main menu.
    2. On the Physical topology page, adjust the device locations.
    3. Click to save the new locations of the devices in the topology.

Verification

  1. Check devices on subnets.

    1. Choose Monitor > Topology > Topology Management from the main menu.

    2. Double-click the icon of subnet_finance in the topology to display the subnet topology. Check whether all the devices in the finance Dept are added to the subnet. If so, the operations are correct. Perform similar steps to check the other two subnets. If devices are not added to the corresponding subnet, check the IP address segments of the subnets.

  2. Check grouping of devices.

    1. Choose Resource > Resource Management > Group Management from the main menu.

    2. Choose Device Group > User Defined Groups > group_rda1. Check whether all the devices in the service group 1 of R&D Dept A are added to the group. If so, the operations are correct. Perform similar steps to check the other four groups. If devices are not added to the corresponding group, check whether the devices are added to eSight and whether grouping rules are correctly set.

Configuration Files

#
sysname SwitchA
#
snmp-agent
snmp-agent local-engineid 800007DB03845B12365950
snmp-agent community read cipher %^%#^<EfW&psB6Sq.z=!kAd0yrsa+T(Z\7_,LZUV*~Q2o>S:$Ct;'PVHc#KVls(D|F6=F=|N!V7z2t0T%qT!%^%# mib-view View_ALL
snmp-agent community write cipher %^%#FMFL9TM5nPTV&1-+s@lH&|HE.hk5Q-isz@#$_fsTMFx!$/LXJT}p$RW"#"jFEM5ODoOYm<(eT4Y$X1>R%^%# mib-view View_ALL
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 192.168.10.10 params securityname cipher %^%#N'IcKJw$k>4C65.vzU%W=unvQwizfXBLv^QXV~Q4%^%# v2c
snmp-agent mib-view included View_ALL iso
snmp-agent trap source MEth0/0/1
snmp-agent trap enable
#
return
Parent Topic: Typical SNMP Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic