Sie sind auf Seite 1von 282

Huawei AR1200-S Series Enterprise Routers

V200R002C00

Configuration Guide - Network


Management
Issue

02

Date

2012-03-30

HUAWEI TECHNOLOGIES CO., LTD.

Copyright Huawei Technologies Co., Ltd. 2012. All rights reserved.


No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions


and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.


Address:

Huawei Industrial Base


Bantian, Longgang
Shenzhen 518129
People's Republic of China

Website:

http://www.huawei.com

Email:

support@huawei.com

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

About This Document

About This Document


Intended Audience
This document provides the basic concepts, configuration procedures, and configuration
examples in different application scenarios of the network management feature supported by
the AR1200-S.
This document describes how to configure the network management feature.
This document is intended for:
l

Data configuration engineers

Commissioning engineers

Network monitoring engineers

System maintenance engineers

Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol

Description

DANGER

WARNING

CAUTION

Issue 02 (2012-03-30)

Indicates a hazard with a high level of risk, which if not


avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.

TIP

Indicates a tip that may help you solve a problem or save


time.

NOTE

Provides additional information to emphasize or supplement


important points of the main text.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

ii

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

About This Document

Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention

Description

Boldface

The keywords of a command line are in boldface.

Italic

Command arguments are in italics.

[]

Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... }

Optional items are grouped in braces and separated by


vertical bars. One item is selected.

[ x | y | ... ]

Optional items are grouped in brackets and separated by


vertical bars. One item is selected or no item is selected.

{ x | y | ... }*

Optional items are grouped in braces and separated by


vertical bars. A minimum of one item or a maximum of all
items can be selected.

[ x | y | ... ]*

Optional items are grouped in brackets and separated by


vertical bars. Several items or no item can be selected.

&<1-n>

The parameter before the & sign can be repeated 1 to n times.

A line starting with the # sign is comments.

Interface Numbering Conventions


Interface numbers used in this manual are examples. In device configuration, use the existing
interface numbers on devices.

Change History
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.

Changes in Issue 02 (2012-03-30)


Based on issue 01 (2011-12-30), the document is updated as follows:
The following information is modified:
l

1.1.1 SNMP Overview

Changes in Issue 01 (2011-12-30)


Initial commercial release.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

iii

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

Contents

Contents
About This Document.....................................................................................................................ii
1 SNMP Configuration....................................................................................................................1
1.1 Introduction to SNMP........................................................................................................................................2
1.1.1 SNMP Overview........................................................................................................................................2
1.1.2 SNMP Features Supported by the AR1200-S...........................................................................................4
1.2 Configuring a Device to Communicate with an NM Station by Running SNMPv1..........................................7
1.2.1 Establishing the Configuration Task.........................................................................................................7
1.2.2 Configuring Basic SNMPv1 Functions.....................................................................................................8
1.2.3 (Optional) Controlling the NM Station's Access to the Device...............................................................10
1.2.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................11
1.2.5 (Optional) Configuring the Trap Function..............................................................................................11
1.2.6 Checking the Configuration.....................................................................................................................12
1.3 Configuring a Device to Communicate with an NM Station by Running SNMPv2c......................................14
1.3.1 Establishing the Configuration Task.......................................................................................................14
1.3.2 Configuring Basic SNMPv2c Functions.................................................................................................15
1.3.3 (Optional) Controlling the NM Station's Access to the Device...............................................................17
1.3.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................18
1.3.5 (Optional) Configuring the Trap Function..............................................................................................19
1.3.6 Checking the Configuration.....................................................................................................................20
1.4 Configuring a Device to Communicate with an NM Station by Running SNMPv3........................................22
1.4.1 Establishing the Configuration Task.......................................................................................................22
1.4.2 Configuring Basic SNMPv3 Functions...................................................................................................23
1.4.3 (Optional) Controlling the NM Station's Access to the Device...............................................................25
1.4.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................27
1.4.5 (Optional) Configuring the Trap Function..............................................................................................28
1.4.6 Checking the Configuration.....................................................................................................................28
1.5 SNMP Configuration Examples.......................................................................................................................30
1.5.1 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv1..............30
1.5.2 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv2c............34
1.5.3 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv3..............37

2 RMON Configuration.................................................................................................................42
2.1 Overview of RMON ........................................................................................................................................43
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

iv

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

Contents

2.1.1 Introduction to RMON............................................................................................................................43


2.1.2 RMON Suported by the AR1200-S.........................................................................................................43
2.2 Configuring RMON..........................................................................................................................................45
2.2.1 Establishing the Configuration Task.......................................................................................................45
2.2.2 Enabling the RMON Statistics Function on the Interface.......................................................................46
2.2.3 Configuring the ethernetStatsTable.........................................................................................................47
2.2.4 Configuring the HistoryControlTable.....................................................................................................47
2.2.5 Configuring the EventTable....................................................................................................................48
2.2.6 Configuring the AlarmTable...................................................................................................................49
2.2.7 Configuring the PrialarmTable................................................................................................................49
2.2.8 Checking the Configuration.....................................................................................................................50
2.3 RMON Configuration Examples......................................................................................................................52
2.3.1 Example for Configuring RMON............................................................................................................52

3 LLDP Configuration...................................................................................................................56
3.1 Introduction to LLDP.......................................................................................................................................57
3.2 LLDP Feature Supported by the AR1200-S.....................................................................................................60
3.3 Configuring LLDP............................................................................................................................................63
3.3.1 Establishing the Configuration Task.......................................................................................................63
3.3.2 Enabling Global LLDP............................................................................................................................64
3.3.3 (Optional) Disabling LLDP on an Interface............................................................................................64
3.3.4 (Optional) Configuring an LLDP Management Address........................................................................65
3.3.5 (Optional) Configuring the TLV in the LLDPDU...................................................................................66
3.3.6 (Optional) Configuring LLDP Timers.....................................................................................................67
3.3.7 (Optional) Enabling the LLDP Trap Function........................................................................................70
3.3.8 Checking the Configuration.....................................................................................................................71
3.4 Maintaining LLDP............................................................................................................................................74
3.4.1 Clearing LLDP Statistics.........................................................................................................................74
3.4.2 Monitoring LLDP Status.........................................................................................................................74
3.5 Configuration Examples...................................................................................................................................74
3.5.1 Example for Configuring LLDP on the Device That Has a Single Neighbor.........................................75
3.5.2 Example for Configuring LLDP on the Device That Has Multiple Neighbors.......................................80
3.5.3 Example for Configuring LLDP on the Network Where Link Aggregation Is Configured....................86

4 CWMP Configuration.................................................................................................................94
4.1 CWMP Overview.............................................................................................................................................95
4.2 CWMP Features Supported by the AR1200-S.................................................................................................95
4.3 Configuring CWMP.........................................................................................................................................97
4.3.1 Establishing the Configuration Task.......................................................................................................97
4.3.2 Enabling the CWMP Function................................................................................................................98
4.3.3 Configuring CWMP Auto-Connection....................................................................................................98
4.3.4 Setting CWMP Connection Parameters................................................................................................101
4.3.5 Configuring CWMP SSL.......................................................................................................................102
4.3.6 Checking the Configuration...................................................................................................................103
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

Contents

4.4 Configuration Examples.................................................................................................................................104


4.4.1 Example for Configuring CWMP..........................................................................................................104

5 NTP Configuration....................................................................................................................107
5.1 Overview of NTP............................................................................................................................................108
5.1.1 Introduction to NTP...............................................................................................................................108
5.1.2 NTP Supported by the AR1200-S.........................................................................................................110
5.2 Configuring Basic NTP Functions.................................................................................................................111
5.2.1 Establishing the Configuration Task.....................................................................................................111
5.2.2 Configuring the NTP Primary Clock.....................................................................................................112
5.2.3 Configuring the Unicast Client/Server Mode........................................................................................113
5.2.4 Configuring the Peer Mode...................................................................................................................114
5.2.5 Configuring the Broadcast Mode..........................................................................................................115
5.2.6 Configuring the Multicast Mode...........................................................................................................116
5.2.7 Disabling the Interface from Receiving NTP Packets...........................................................................117
5.2.8 Checking the Configuration...................................................................................................................118
5.3 Configuring NTP Security Mechanisms.........................................................................................................119
5.3.1 Establishing the Configuration Task.....................................................................................................119
5.3.2 Setting NTP Access Authorities............................................................................................................120
5.3.3 Enabling NTP Authentication...............................................................................................................121
5.3.4 Configuring NTP Authentication in Unicast Client/Server Mode........................................................122
5.3.5 Configuring NTP Authentication in Peer Mode....................................................................................122
5.3.6 Configuring NTP Authentication in Broadcast Mode...........................................................................123
5.3.7 Configuring NTP Authentication in Multicast Mode............................................................................123
5.3.8 Checking the Configuration...................................................................................................................124
5.4 NTP Configuration Examples........................................................................................................................125
5.4.1 Example for Configuring NTP Authentication in Unicast Server and Client Mode.............................125
5.4.2 Example for Configuring NTP Peer Mode............................................................................................129
5.4.3 Example for Configuring NTP Authentication in Broadcast Mode......................................................131
5.4.4 Example for Configuring Multicast Mode............................................................................................134

6 NQA Configuration..................................................................................................................137
6.1 Overview of NQA..........................................................................................................................................139
6.1.1 Introduction to NQA..............................................................................................................................139
6.1.2 Comparisons Between NQA and Ping..................................................................................................139
6.1.3 NQA Server and NQA Clients..............................................................................................................140
6.1.4 NQA Supported by the AR1200-S........................................................................................................141
6.2 Configuring the ICMP Test............................................................................................................................142
6.2.1 Establishing the Configuration Task.....................................................................................................142
6.2.2 Configuring ICMP Test Parameters......................................................................................................142
6.2.3 Checking the Configuration...................................................................................................................144
6.3 Configuring the DHCP Test...........................................................................................................................145
6.3.1 Establishing the Configuration Task.....................................................................................................145
6.3.2 Configuring DHCP Test Parameters.....................................................................................................146
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

vi

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

Contents

6.3.3 Checking the Configuration...................................................................................................................147


6.4 Configuring the FTP Download Test.............................................................................................................148
6.4.1 Establishing the Configuration Task.....................................................................................................148
6.4.2 Configuring the FTP Download Test Parameters..................................................................................149
6.4.3 Checking the Configuration...................................................................................................................150
6.5 Configuring the FTP Upload Test..................................................................................................................151
6.5.1 Establishing the Configuration Task.....................................................................................................151
6.5.2 Configuring the FTP Upload Test Parameters......................................................................................152
6.5.3 Checking the Configuration...................................................................................................................154
6.6 Configuring the HTTP Test............................................................................................................................154
6.6.1 Establishing the Configuration Task.....................................................................................................155
6.6.2 Configuring HTTP Test Parameters......................................................................................................155
6.6.3 Checking the Configuration...................................................................................................................157
6.7 Configuring the DNS Test..............................................................................................................................158
6.7.1 Establishing the Configuration Task.....................................................................................................158
6.7.2 Configuring the DNS Test Parameters..................................................................................................158
6.7.3 Checking the Configuration...................................................................................................................159
6.8 Configuring the Traceroute Test.....................................................................................................................160
6.8.1 Establishing the Configuration Task.....................................................................................................160
6.8.2 Configuring Parameters for a Traceroute Test......................................................................................161
6.8.3 Checking the Configuration...................................................................................................................162
6.9 Configuring the SNMP Query Test................................................................................................................163
6.9.1 Establishing the Configuration Task.....................................................................................................163
6.9.2 Configuring the SNMP Query Test Parameters....................................................................................163
6.9.3 Checking the Configuration...................................................................................................................165
6.10 Configuring the TCP Test.............................................................................................................................166
6.10.1 Establishing the Configuration Task...................................................................................................166
6.10.2 Configuring the TCP Server................................................................................................................166
6.10.3 Configuring the TCP Client.................................................................................................................167
6.10.4 Checking the Configuration.................................................................................................................168
6.11 Configuring the UDP Test............................................................................................................................169
6.11.1 Establishing the Configuration Task...................................................................................................169
6.11.2 Configuring the UDP Server...............................................................................................................170
6.11.3 Configuring the UDP Client................................................................................................................170
6.11.4 Checking the Configuration.................................................................................................................171
6.12 Configuring the Jitter Test............................................................................................................................172
6.12.1 Establishing the Configuration Task...................................................................................................172
6.12.2 Configuring the Jitter Server...............................................................................................................173
6.12.3 Configuring the Jitter Client................................................................................................................174
6.12.4 Checking the Configuration.................................................................................................................175
6.13 Configuring Universal NQA Test Parameters..............................................................................................176
6.13.1 Establishing the Configuration Task...................................................................................................177
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

vii

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

Contents

6.13.2 Configuring Universal Parameters for the NQA Test Instance...........................................................177


6.13.3 Checking the Configuration.................................................................................................................181
6.14 Configuring Round-Trip Delay Thresholds.................................................................................................182
6.14.1 Establishing the Configuration Task...................................................................................................182
6.14.2 Configuring Round-Trip Delay Thresholds........................................................................................183
6.14.3 Checking the Configuration.................................................................................................................183
6.15 Configuring Uni-directional Transmission Delay Thresholds.....................................................................184
6.15.1 Establishing the Configuration Task...................................................................................................184
6.15.2 Configuring Uni-directional Transmission Delay Thresholds............................................................185
6.15.3 Checking the Configuration.................................................................................................................186
6.16 Configuring the Trap Function.....................................................................................................................186
6.16.1 Establishing the Configuration Task...................................................................................................186
6.16.2 Sending Trap Messages When Test Failed..........................................................................................188
6.16.3 Sending Trap Messages When Probes Failed......................................................................................188
6.16.4 Sending Trap Messages When Probes Are Complete Successfully....................................................189
6.16.5 Sending Trap Messages When the Transmission Delay Exceeds Thresholds....................................190
6.16.6 Checking the Configuration.................................................................................................................191
6.17 Configuring Test Results to Be Sent to the FTP Server...............................................................................191
6.17.1 Establishing the Configuration Task...................................................................................................192
6.17.2 Configuring Parameters for Connecting the FTP Server.....................................................................192
6.17.3 Enabling the Function of Saving NQA Test Results Through FTP....................................................193
6.17.4 (Optional) Configuring the Number of Test Results Saved Through FTP..........................................193
6.17.5 (Optional) Configuring the Duration of Saving Test Results Through FTP.......................................194
6.17.6 (Optional) Enabling Alarms to Be Sent to the NM Station After the FTP Transmission Succeeds
........................................................................................................................................................................194
6.17.7 Starting the Test Instance....................................................................................................................195
6.17.8 Checking the Configuration.................................................................................................................196
6.18 Configuring a Threshold for the NQA Alarm..............................................................................................196
6.18.1 Establishing the Configuration Task...................................................................................................196
6.18.2 Configuring the Event Corresponding to the Alarm Threshold..........................................................197
6.18.3 Configuring the Alarm Threshold.......................................................................................................198
6.18.4 Starting the Test Instance....................................................................................................................198
6.18.5 Checking the Configuration.................................................................................................................199
6.19 Maintaining NQA.........................................................................................................................................200
6.19.1 Restarting NQA Test Instances...........................................................................................................200
6.19.2 Clearing NQA Statistics......................................................................................................................201
6.20 NQA Configuration Examples.....................................................................................................................201
6.20.1 Example for Configuring the ICMP Test............................................................................................201
6.20.2 Example for Configuring the DHCP Test...........................................................................................203
6.20.3 Example for Configuring the FTP Download Test.............................................................................204
6.20.4 Example for Configuring the FTP Upload Test..................................................................................206
6.20.5 Example for Configuring the HTTP Test............................................................................................209
6.20.6 Example for Configuring the DNS Test..............................................................................................210
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

viii

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

Contents

6.20.7 Example for Configuring the Traceroute Test.....................................................................................212


6.20.8 Example for Configuring the SNMP Query Test................................................................................214
6.20.9 Example for Configuring the TCP Test...............................................................................................216
6.20.10 Example for Configuring the UDP Test............................................................................................218
6.20.11 Example for Configuring the Jitter Test............................................................................................220
6.20.12 Example for Configuring NQA to Check VoIP Service Jitter..........................................................222
6.20.13 Example for Sending Trap Message When Transmission Delay Exceeds Thresholds.....................225
6.20.14 Example for Configuring Test Results to Be Sent to the FTP Server...............................................228
6.20.15 Example for Configuring a Threshold for the NQA Alarm..............................................................231

7 NetStream Configuration.........................................................................................................234
7.1 Overview of NetStream..................................................................................................................................235
7.2 NetStream Supported by the AR1200-S.........................................................................................................236
7.3 Collecting the Statistics of IPv4 Unicast Original Traffic..............................................................................237
7.3.1 Establishing the Configuration Task.....................................................................................................237
7.3.2 Configuring the Version of Exported Packets.......................................................................................238
7.3.3 Setting the Destination Address of the Statistics...................................................................................238
7.3.4 (Optional) Aging the TCP Traffic According to Its FIN or RST Flag..................................................239
7.3.5 (Optional) Configuring the Inactive Aging Time .................................................................................239
7.3.6 (Optional) Configuring the Active Aging Time....................................................................................239
7.3.7 Enabling NetStream on an Interface......................................................................................................240
7.3.8 Checking the Configuration...................................................................................................................240
7.4 Collecting the Statistics of IPv4 Multicast Original Traffic...........................................................................241
7.4.1 Establishing the Configuration Task.....................................................................................................242
7.4.2 Configuring the Format of the Output Statistics...................................................................................242
7.4.3 Outputting the Statistics.........................................................................................................................243
7.4.4 (Optional) Configuring the Inactive Aging Time .................................................................................243
7.4.5 (Optional) Configuring the Active Aging Time....................................................................................244
7.4.6 Enabling NetStream for Multicast Traffic on an Interface....................................................................244
7.4.7 Checking the Configuration...................................................................................................................244
7.5 Configuring the Aggregation Statistics About IPv4 Traffic...........................................................................245
7.5.1 Establishing the Configuration Task.....................................................................................................246
7.5.2 Configuring the Aggregation Function..................................................................................................246
7.5.3 Configuring the Version of Exported Packets.......................................................................................247
7.5.4 Configuring the Export of Statistics......................................................................................................247
7.5.5 (Optional) Configuring the Inactive Aging Time .................................................................................248
7.5.6 (Optional) Configuring the Active Aging Time ...................................................................................248
7.5.7 Enabling NetStream on an Interface......................................................................................................249
7.5.8 Checking the Configuration...................................................................................................................249
7.6 Configuring the Flexible NetStream Feature..................................................................................................250
7.6.1 Establishing the Configuration Task.....................................................................................................250
7.6.2 Creating a Record and Entering the Record View.................................................................................251
7.6.3 Configuring the Version of Exported Packets.......................................................................................251
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

ix

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

Contents

7.6.4 Setting the Destination Address of the Statistics...................................................................................252


7.6.5 (Optional) Configuring the Inactive Aging Time .................................................................................252
7.6.6 (Optional) Configuring the Active Aging Time....................................................................................253
7.6.7 Enabling Flexible NetStream on Interfaces...........................................................................................253
7.6.8 Checking the Configuration...................................................................................................................254
7.7 Collecting the Statistics of RPF Traffic..........................................................................................................255
7.7.1 Establishing the Configuration Task.....................................................................................................255
7.7.2 Configuring the Format of the Output Statistics...................................................................................256
7.7.3 Outputting the Statistics.........................................................................................................................256
7.7.4 (Optional) Configuring the Inactive Aging Time .................................................................................256
7.7.5 (Optional) Configuring the Active Aging Time....................................................................................257
7.7.6 Enabling the Traffic Statistics Function of RPF....................................................................................257
7.7.7 Checking the Configuration...................................................................................................................258
7.8 Maintaining NetStream...................................................................................................................................259
7.8.1 Resetting the Statistics Collected Through NetStream..........................................................................259
7.9 Example for Configuring NetStream..............................................................................................................259
7.9.1 Example for Collecting the Statistics of IPv4 Unicast Traffic..............................................................259
7.9.2 Example for Configuring NetStream of IPv4 Aggregation Traffic.......................................................261
7.9.3 Example for Configuring Flexible NetStream Traffic Statistics...........................................................264

8 Ping and Tracert.........................................................................................................................268


8.1 Ping and Tracert Overview.............................................................................................................................269
8.1.1 Introduction to Ping and Tracert............................................................................................................269
8.2 Configuring Ping and Tracert.........................................................................................................................269
8.2.1 Establishing the Configuration Task.....................................................................................................269
8.2.2 Applying Ping to Test the Network Connection...................................................................................270
8.2.3 Applying Tracert to Locate Faults in the Network................................................................................271

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

SNMP Configuration

About This Chapter


The Simple Network Management Protocol (SNMP) is a standard network management protocol
widely used on TCP/IP networks. It uses a central computer (a network management station)
that runs network management software to manage network elements. There are three SNMP
versions, SNMPv1, SNMPv2c, and SNMPv3. You can configure one or more versions, if
needed.
1.1 Introduction to SNMP
SNMP provides a set of standard protocols for the communication between the network
management station (NM station) and devices, allowing the NM station to normally manage
devices and receive alarms reported by the devices.
1.2 Configuring a Device to Communicate with an NM Station by Running SNMPv1
After SNMPv1 is configured, a managed device and an NM station can run SNMPv1 to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
1.3 Configuring a Device to Communicate with an NM Station by Running SNMPv2c
After SNMPv2c is configured, a managed device and an NM station can run SNMPv2c to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
1.4 Configuring a Device to Communicate with an NM Station by Running SNMPv3
After SNMPv3 is configured, a managed device and an NM station can run SNMPv3 to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
1.5 SNMP Configuration Examples
This section provides several configuration examples of SNMP. The configuration roadmap in
the examples will help you understand the configuration procedures. Each configuration
example provides information about the networking requirements, configuration notes, and
configuration roadmap.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

1.1 Introduction to SNMP


SNMP provides a set of standard protocols for the communication between the network
management station (NM station) and devices, allowing the NM station to normally manage
devices and receive alarms reported by the devices.

1.1.1 SNMP Overview


Get and Set operations can be performed on a managed device that runs the SNMP agent to
manage device objects by NM stations These objects are uniquely identified in the Management
Information Base (MIB).
As network services develop, more devices are deployed on existing networks. The devices are
not close to the central equipment room where a network administrator works. When faults occur
on the remote devices, the network administrator cannot detect, locate or rectify faults
immediately because the devices do not report the faults. This affects maintenance efficiency
and greatly increases maintenance workload.
To solve this problem, equipment vendors have provided network management functions in
some products. These functions allow the NM station to query the status of remote devices, and
devices can send alarms to the NM station in the case of particular events.
SNMP operates at the application layer of the IP suite and defines how to transmit management
information between the NM station and devices. SNMP defines several device management
operations that the NM station can perform and allows devices to send alarms to notify the NM
station of device faults.
An SNMP-managed network consists of three components: NM station, agent, and managed
device. The NM station uses the MIB to identify and manage device objects. The operations
used for device management include GetRequest, GetNextRequest, GetResponse, GetBulk,
SetRequest, and notification from the agent to the NM station. The following sections give details
on the components, MIB, and operations.

SNMP Components
SNMP device management uses the following three components:
l

NM station: sends various query packets to query managed devices and receives alarms
from these devices.

Agent: is a network-management process on a managed device. An agent has the following


functions:
Receives and parses query packets sent from the NM station.
Reads or writes management variables based on the query type, and generates and sends
response packets to the NM station.
Sends an alarm to the NM station when triggering conditions defined on each protocol
module corresponding to the alarm are met. For example, the system view is displayed
or closed, or the device is restarted.

Managed device: is managed by an NM station and generates and reports alarms to the NM
station.

Figure 1-1 shows the relationship between the NM station and agent.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Figure 1-1 SNMP structure

UDP Port161
Request
Response

Agent

NM Station
UDP Port162

Trap

NM Station

Agent

MIB
SNMP uses a hierarchical naming convention to identify managed objects and to distinguish
between managed objects. This hierarchical structure is similar to a tree with the nodes
representing managed objects, Figure 1-2 shows a managed object that can be identified by the
path from the root to the node representing it.
Figure 1-2 Structure of a MIB tree

1
2

1
1

1 B
5
A

2
6

As shown in Figure 1-2, object B is uniquely identified by a string of numbers, {1.2.1.1}. Such
a number string is called an Object Identifier (OID). A MIB tree is used to describe the hierarchy
of data in a MIB that collects the definitions of variables on the managed devices.
A user can use a standard MIB or define a MIB based on certain standards. Using a standard
MIB can reduce the costs on proxy deployment and therefore reduce the costs on the entire
network management system.

SNMP Operations
SNMP uses Get and Set operations to replace a complex command set. The operations described
in Figure 1-3 can implement all functions.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Figure 1-3 Schematic diagram of SNMP operations

get-request

NM Station

UDP Port162

get-response
get-next-request
get-response
set-request
get-response
trap

Agent

UDP Port161

Table 1-1 gives details on the SNMP operations.


Table 1-1 SNMP operations
Operation

Function

GetRequest

Retrieves the value of a variable. The NM station sends the


request to a managed device to obtain the value of an object
on the device.

GetNextRequest

Retrieves the value of the next variable. The NM station


sends the request to a managed device to obtain the status
of the next object on the device.

GetResponse

Responds to GetRequest, GetNextRequest, and


SetRequest operations. It is sent from the managed device
to the NM station.

GetBulk

Request from the NMS-to-agent, equaling continuous


GetNextRequest operations.

SetRequest

Sets the value of a variable. The NM station sends the


request to a managed device to adjust the status of an object
on the device.

Trap

Reports an event to the NM station.

NOTE

SNMP is used for NM station's monitoring and management of network devices. It cannot be used to
monitor and manage the operation of the entire network. To monitor and manage the operation of an entire
network, for example, to learn network performance or collect network statistics, see the Configuration
Guide - Network Management for details about the configurations of NetStream, and fault and performance
management.

1.1.2 SNMP Features Supported by the AR1200-S


This section compares SNMP versions in terms of their support for features and usage scenarios.
Use it as a reference when you select the SNMP version during network deployment.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

The AR1200-S supports SNMPv1, SNMPv2c, and SNMPv3. Table 1-2 lists the features
supported by SNMP, and Table 1-3 shows the support of different SNMP versions for the
features. Table 1-4 describes the usage scenarios of SNMP versions, which will help you choose
a proper version for the communication between an NM station and managed devices based on
the network operation conditions.
NOTE

When multiple NM stations using different SNMP versions manage the same device in a network,
SNMPv1, SNMPv2c, and SNMPv3 can all be configured on the device for its communication with all the
NM stations.

Table 1-2 Description of features supported by SNMP


Feature

Description

Access control

Restricts a user's device administration rights.


It gives specific users the rights to manage
specified objects on devices and therefore
provides fine management.

Authentication and encryption

Authenticates and encrypts the packets


transmitted between the NM station and
managed devices. This prevents data packets
from being intercepted or modified,
improving data sending security.

Error code

Identifies particular faults. An administrator


uses error codes to quickly locate and rectify
faults. The more error codes received, the
more they help an administrator in device
management.

Trap

Sent from managed devices to the NM


station. These traps allow an administrator to
discover device faults immediately.
After sending traps, the managed devices do
not require the acknowledgement from the
NM station.
Allows an administrator to perform GetNext
operation in batches. In a large-scale network,
GetBulk reduces the administrator's
workload and improves management
efficiency.

GetBulk

Table 1-3 Different SNMP versions' support for the features

Issue 02 (2012-03-30)

Feature

SNMPv1

SNMPv2c

SNMPv3

Access control

Community-namebased access control


supported

Community-namebased access control


supported

User or user-groupbased access control


supported

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Feature

SNMPv1

SNMPv2c

SNMPv3

Authentication and
encryption

Not supported

Not supported

Supported, and the


supported
authentication and
encryption modes are
as follows:
Authentication
mode:
l MD5
l SHA
Encryption mode:
DES56

Error code

6 error codes
supported

16 error codes
supported

16 error codes
supported

Trap

Supported

Supported

Supported

GetBulk

Not supported

Supported

Supported

Table 1-4 Usage scenarios of different SNMP versions


Version

Usage Scenario

SNMPv1

Applies to small-scale networks whose


networking is simple and security
requirements are low or whose security and
stability are good, such as campus networks
and small enterprise networks.

SNMPv2c

Applies to medium and large-scale networks


whose security requirements are not strict or
whose security is good (for example, VPNs)
but whose services are so busy that traffic
congestion may occur.

SNMPv3

This version is applicable to networks of


various scales, especially the networks that
have strict requirements on security and can
be managed only by authorized
administrators, such as the scenario where
data between the NM station and managed
devices needs to be transmitted over a public
network.

If you plan to build a new network, choose an SNMP version based on your usage scenario. If
you plan to expand or upgrade an existing network, choose an SNMP version to match the SNMP
version running on the NM station to ensure the normal communication between managed
devices and the NM station.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

1.2 Configuring a Device to Communicate with an NM


Station by Running SNMPv1
After SNMPv1 is configured, a managed device and an NM station can run SNMPv1 to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
The NM station manages a device in the following manners:
l

Sends requests to the managed device to perform the GetRequest, GetNextRequest,


GetResponse, GetBulk, or SetRequest operation, obtaining data and setting values.

Receives alarms from the managed device and locates and rectify device faults based on
the alarm information.

In the following configuration, after basic SNMP functions are configured, the NM station can
manage the device in these manners. For details on how to configure finer management such as
accurate access control or alarm module specification, see the following configuration
procedures.

1.2.1 Establishing the Configuration Task


Before configuring a device to communicate with an NM station by running SNMPv1,
familiarize yourself with the applicable environment, complete the pre-configuration tasks, and
obtain the data required for the configuration. This will help you complete the configuration task
quickly and accurately.

Applicable Environment
SNMP needs to be deployed in a network to allow the NM station to manage network devices.
If the network has a few devices and its security is good, such as a campus network or a small
enterprise network, SNMPv1 can be deployed to ensure the normal communication between the
NM station and managed devices.

Pre-configuration Tasks
Before configuring a device to communicate with an NM station by running SNMPv1, complete
the following task:
l

Configuring a routing protocol to ensure that the router and NM station are routable

Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv1, you need
the following data.

Issue 02 (2012-03-30)

No.

Data

SNMP version, SNMP community name, destination address of alarm messages, and
administrator's contact information and location
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

No.

Data

(Optional) ACL number, IP address of the NM station, and MIB object

(Optional) Name of the alarm-sending module, source address of trap messages,


queue length for trap messages, and lifetime of trap messages

1.2.2 Configuring Basic SNMPv1 Functions


After basic SNMP functions are configured, an NM station can perform basic operations such
as Get and Set operations on a managed device, and the managed device can send alarms to the
NM station.

Context
Steps 3, 4, 5 , 6 are mandatory for the configuration of basic SNMP functions. After the
configurations are complete, basic SNMP communication can be conducted between the NM
station and managed device.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 (Optional) Run:
snmp-agent

The SNMP agent function is enabled.


By default, the SNMP agent function is disabled. Running any command with the parameter
snmp-agent can enable the SNMP agent function, so this step is optional.
Step 3 Run:
snmp-agent sys-info version v1

The SNMP version is set.


By default, SNMPv1, SNMPv2c, and SNMPv3 are enabled.
Step 4 Run:
snmp-agent community { read | write } community-name

The community name is set.


l read must be configured in the command if the NM station administrator requires the read
permission in a specified view in some cases. For example, a low-level administrator must
read certain data.
l write must be configured in the command if the NM station administrator requires the read
and write permissions in a specified view in some cases. For example, a high-level
administrator must read and write certain data.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

After the community name is set, if no MIB view is configured, the NM station that uses the
community name has rights to access objects in the Viewdefault view.
Step 5 Run:
snmp-agent target-host trap-paramsname paramsname v1 securityname securityname [
binding-private-value ] [ private-netmanager ]

The parameters of the trap messages sent from device are configured.
Step 6 Run:
snmp-agent target-host trap-hostname hostname address ipv4-addr [ udp-port udpportid ] [ public-net | vpn-instance vpn-instance-name ] trap-paramsname paramsname

The destination address for the alarms and error codes sent from the device is configured.
The descriptions of the command parameters are as follows:
l The default destination UDP port number is 162. In some special cases (for example, port
mirroring is configured to prevent a well-known port from being attacked), the parameter
udp-port can be used to specify an unknown UDP port number. This ensures normal
communication between the NM station and managed device.
l If the alarms sent from the managed device to the NM station must be transmitted over a
public network, the parameter public-net must be configured. If the alarms sent from the
managed device to the NM station must be transmitted over a private network, the parameter
vpn-instance vpn-instance-name must be used to specify a VPN that takes over the sending
task.
Step 7 (Optional) Run:
snmp-agent sys-info { contact contact | location location }

The equipment administrator's contact information or location is configured.


This step is required when the NM station administrator must know equipment administrators'
contact information and locations when the NM station manages many devices. This allows the
NM station administrator to contact the equipment administrators quickly for fault location and
rectification.
To configure both the equipment administrator's contact information and location, you must run
the command twice to configure them separately.
----End

Follow-up Procedure
If finer device management is required, follow directions below to configure a managed device:
l

To allow a specified NM station that uses the community name to manage specified objects
on the device, follow the procedure described in Controlling the NM Station's Access to
the Device.

To allow a specified module on the managed device to report alarms to the NM station,
follow the procedure described in Configuring the Trap Function.

If the NM station and managed device are both Huawei products, follow the procedure
described in Enabling the SNMP Extended Error Code Function to allow the device to
send more types of error codes. This allows more specific error identification and facilitates
your fault location and rectification.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

1.2.3 (Optional) Controlling the NM Station's Access to the Device


This section describes how to specify an NM station and manageable MIB objects for SNMPbased communication between the NM station and managed device to improve communication
security.

Context
If a device is managed by multiple NM stations that use the same community name, note the
following points:
l

If all the NM stations that use the community name need to have rights to access the objects
in the Viewdefault view (1.3.6.1), skip the following steps.

If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), skip Step5.

If all the NM stations need to manage specified objects on the device, skip Step2, Step3,
and Step4.

If some of the NM stations that use the community name need to manage specified objects
on the device, perform all the following steps.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
acl acl-number

A basic ACL is created to filter the NM station users that can manage the device.
Step 3 Run:
rule [ rule-id ] { deny | permit } source { source-ip-address source-wildcard |
any }

A rule is added to the ACL.


Step 4 Run:
quit

Return to the system view.


Step 5 Run:
snmp-agent mib-view view-name { include | exclude } subtree-name [ mask mask ]

A MIB view is created, and manageable MIB objects are specified.


By default, an NM station has rights to access the objects in the Viewdefault view (1.3.6.1).
l If a few MIB objects on a device or some objects in the current MIB view do not or no longer
need to be managed by the NM station, exclude needs to be specified in the related command
to exclude these MIB objects.
l If a few MIB objects on the device or some objects in the current MIB view need to be
managed by the NM station, include needs to be specified in the related command to include
these MIB objects.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

10

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Step 6 Run:
snmp-agent community { read | write } community-name [ mib-view view-name | acl aclnumber ]*

The NM station's access rights are specified.


l read needs to be configured in the command if the NM station administrator needs the read
permission in the specified view in some cases. For example, a low-level administrator needs
to read certain data. write needs to be configured in the command if the NM station
administrator needs the read and write permissions in the specified view in some cases. For
example, a high-level administrator needs to read and write certain data.
l If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), mib-view view-name does not need to be
configured in the command.
l If all the NM stations that use the community name need to manage specified objects on the
device, acl acl-number does not need to be configured in the command.
l If some of the NM stations that use the community name need to manage specified objects
on the device, both mib-view and acl need to be configured in the command.
----End

Follow-up Procedure
After the access rights are configured, especially after the IP address of the NM station is
specified, if the IP address changes (for example, the NM station changes its location, or IP
addresses are reallocated due to network adjustment), you need to change the IP address of the
NM station in the ACL. Otherwise, the NM station cannot access the device.

1.2.4 (Optional) Enabling the SNMP Extended Error Code Function


This section describes how to enable the extended SNMP error code function when both the NM
station and managed device are Huawei products. After this function is enabled, more types of
error codes are provided to help you locate and rectify faults more quickly and accurately.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
snmp-agent extend error-code enable

The SNMP extended error code function is enabled.


By default, SNMP standard error codes are used. After the extended error code function is
enabled, extended error codes can be sent to the NM station.
----End

1.2.5 (Optional) Configuring the Trap Function


This section describes how to specify the alarms to be sent to the NM station, which will help
you to locate important problems. After relevant parameters are set, the security of alarm sending
can be improved.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

11

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
snmp-agent trap enable

Alarm sending is enabled.


Step 3 Run:
snmp-agent trap source interface-type interface-number

The source interface for trap messages is specified.


After the source interface is specified, its IP address becomes the source IP address of trap
messages. Configuring the IP address of the local loopback interface as the source interface is
recommended, which can ensure device security.
The source interface specified on the router for trap messages must be consistent with that
specified on the NM station; otherwise, the NM station will not accept the trap messages sent
from the router.
Step 4 Run:
snmp-agent trap queue-size size

The length of the queue storing trap messages to be sent to the destination host is set.
The queue length depends on the number of generated trap messages. If the router frequently
generates trap messages, a longer queue length can be set to prevent trap messages from being
lost.
Step 5 Run:
snmp-agent trap life seconds

The lifetime of every trap message is set.


The lifetime of every trap message depends on the number of generated trap messages. If the
router frequently generates trap messages, a longer lifetime can be set for every trap message to
prevent trap messages from being lost.
----End

1.2.6 Checking the Configuration


After SNMPv1 functions are configured, you can view the SNMPv1 configurations.

Prerequisites
The configurations of basic SNMPv1 functions are complete.

Procedure
l

Issue 02 (2012-03-30)

Run the display snmp-agent community { read | write } command to check the
configured community name.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

12

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Run the display snmp-agent sys-info version command to check the enabled SNMP
version.

Run the display acl acl-number command to check the rules in the specified ACL.

Run the display snmp-agent mib-view command to check the MIB view.

Run the display snmp-agent sys-info contact command to check the equipment
administrator's contact information.

Run the display snmp-agent sys-info location command to check the location of the
device.

Run the display current-configuration | include trap command to check trap


configurations.

Run the display snmp-agent extend error-code status command to check whether the
SNMP extended error code feature is enabled.

----End

Example
When the configuration is complete, run the display snmp-agent community read command.
You can view the configured community name.
<Huawei> display snmp-agent community read
Community name:
huawei
Storage type: nonVolatile
View name: ViewDefault
Acl: 2001
Total number is 1

Run the display snmp-agent sys-info version command. You can view the SNMP version
running on the agent.
<Huawei> display snmp-agent sys-info version
SNMP version running in the system:
SNMPv1

Run the display acl acl-number command. You can view the rules in the specified ACL.
<Huawei> display acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
rule 5 permit source 1.1.1.1 0

Run the display snmp-agent mib-view command. You can view the MIB view.
<Huawei> display snmp-agent mib-view
View name:ViewDefault
MIB Subtree:internet
Subtree mask:
Storage type: nonVolatile
View Type:included
View status:active
View name:ViewDefault
MIB Subtree:snmpUsmMIB
Subtree mask:
Storage type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpVacmMIB
Subtree mask:
Storage type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

13

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

MIB Subtree:snmpModules.18
Subtree mask:
Storage type: nonVolatile
View Type:excluded
View status:active
Total number is 1

Run the display snmp-agent sys-info contact command. You can view the equipment
administrator's contact information.
<Huawei> display snmp-agent sys-info contact
The contact person for this managed node:
R&D Beijing, Huawei Technologies co.,Ltd.

Run the display snmp-agent sys-info location command. You can view the location of the
device.
<Huawei> display snmp-agent sys-info location
The physical location of this node:
Beijing China

Run the display current-configuration | include trap command. You can view trap
configurations.
<Huawei> display current-configuration | include trap
snmp-agent trap enable

Run the display snmp-agent extend error-code status command. You can view whether the
SNMP extended error code feature is enabled.
<Huawei> display snmp-agent extend error-code status
Extend error-code status:enabled

1.3 Configuring a Device to Communicate with an NM


Station by Running SNMPv2c
After SNMPv2c is configured, a managed device and an NM station can run SNMPv2c to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
The NM station manages a device in the following manners:
l

Sends requests to the managed device to perform the GetRequest, GetNextRequest,


GetResponse, GetBulk, or SetRequest operation, obtaining data and setting values.

Receives alarms from the managed device and locates and rectify device faults based on
the alarm information.

In the following configuration, after basic SNMP functions are configured, the NM station can
manage the device in these manners. For details on how to configure finer management such as
accurate access control or alarm module specification, see the following configuration
procedures.

1.3.1 Establishing the Configuration Task


Before configuring a device to communicate with an NM station by running SNMPv2c,
familiarize yourself with the applicable environment, complete the pre-configuration tasks, and
obtain the data required for the configuration. This will help you complete the configuration task
quickly and accurately.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

14

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Applicable Environment
SNMP needs to be deployed in a network to allow the NM station to manage network devices.
If your network is a large scale with many devices and its security requirements are not strict or
its security is good (for example, a VPN network) but services on the network are so busy that
traffic congestion may occur, SNMPv2c can be deployed to ensure communication between the
NM station and managed devices.

Pre-configuration Tasks
Before configuring a device to communicate with an NM station by running SNMPv2c, complete
the following task:
l

Configuring a routing protocol to ensure that the router and NM station are routable

Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv2c, you
need the following data.
No.

Data

SNMP version, SNMP community name, address of the alarm destination host, and
administrator's contact information and location

(Optional) ACL number, IP address of the NM station, MIB object

(Optional) Name of the alarm-sending module, source address of trap messages,


queue length for trap messages, and lifetime of trap messages

1.3.2 Configuring Basic SNMPv2c Functions


After basic SNMP functions are configured, an NM station can perform basic operations such
as Get and Set operations on a managed device, and the managed device can send alarms to the
NM station.

Context
Steps 3, 4, 5 , 6, and 7are mandatory for the configuration of basic SNMP functions. After the
configurations, basic SNMP communication can be conducted between the NM station and
managed device.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 (Optional) Run:
snmp-agent

The SNMP agent function is enabled.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

15

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

By default, the SNMP agent function is disabled. Running any command with the parameter
snmp-agent can enable the SNMP agent function, so this step is optional.
Step 3 Run:
snmp-agent sys-info version v2c

The SNMP version is set.


By default, SNMPv1, SNMPv2c, and SNMPv3 is enabled.
Step 4 Run:
snmp-agent community { read | write } community-name

The community name is set.


l read must be configured in the command if the NM station administrator requires the read
permission in a specified view in some cases. For example, a low-level administrator must
read certain data.
l write must be configured in the command if the NM station administrator requires the read
and write permissions in a specified view in some cases. For example, a high-level
administrator must read and write certain data.
After the community name is set, if no MIB view is configured, the NM station that uses the
community name has rights to access objects in the Viewdefault view.
Step 5 Run:
snmp-agent target-host trap-paramsname paramsname v2c securityname securityname
[ binding-private-value ] [ private-netmanager ]

The parameters of the trap messages sent from device are configured.
Step 6 Run:
snmp-agent target-host trap-hostname hostname address ipv4-addr [ udp-port udpportid ] [ public-net | vpn-instance vpn-instance-name ] trap-paramsname paramsname

The destination address for the alarms and error codes sent from the device is configured.
The descriptions of the command parameters are as follows:
l The default destination UDP port number is 162. In some special cases (for example, port
mirroring is configured to prevent a well-known port from being attacked), the parameter
udp-port can be used to specify a non-well-known UDP port number. This ensures normal
communication between the NM station and managed device.
l If the alarms sent from the managed device to the NM station need to be transmitted over a
public network, the parameter public-net needs to be configured. If the alarms sent from the
managed device to the NM station need to be transmitted over a private network, the
parameter vpn-instance vpn-instance-name needs to be used to specify a VPN that will take
over the sending task.
Step 7 (Optional) Run:
snmp-agent sys-info { contact contact | location location }

The equipment administrator's contact information or location is configured.


This step is required when the NM station administrator must know equipment administrators'
contact information and locations when the NM station manages many devices. This allows the
NM station administrator to contact the equipment administrators quickly for fault location and
rectification.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

16

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

To configure both the equipment administrator's contact information and location, you must run
the command twice to configure them separately.
----End

Follow-up Procedure
If finer device management is required, follow directions below to configure the managed
device:
l

To allow a specified NM station that uses the community name to manage specified objects
of the device, follow the procedure described in Controlling the NM Station's Access to
the Device.

To allow a specified module on the managed device to report alarms to the NM station,
follow the procedure described in Configuring the Trap Function.

If the NM station and managed device are both Huawei products, follow the procedure
described in Enabling the SNMP Extended Error Code Function to allow the device to
send more types of error codes. This allows more specific error identification and facilitates
your fault location and rectification.

1.3.3 (Optional) Controlling the NM Station's Access to the Device


This section describes how to specify an NM station and manageable MIB objects for SNMPbased communication between the NM station and managed device to improve communication
security.

Context
If a device is managed by multiple NM stations that use the same community name, note the
following points:
l

If all the NM stations that use the community name need to have rights to access the objects
in the Viewdefault view (1.3.6.1), skip the following steps.

If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), skip Step5.

If all the NM stations need to manage specified objects on the device, skip Step2, Step3,
and Step4.

If some of the NM stations that use the community name need to manage specified objects
on the device, perform all the following steps.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
acl acl-number

A basic ACL is created to filter the NM station users that can manage the device.
Step 3 Run:
rule [ rule-id ] { deny | permit } source { source-ip-address source-wildcard |
any }

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

17

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

A rule is added to the ACL.


Step 4 Run:
quit

Return to the system view.


Step 5 Run:
snmp-agent mib-view view-name { include | exclude } subtree-name [ mask mask ]

A MIB view is created, and manageable MIB objects are specified.


By default, an NM station has rights to access the objects in the Viewdefault view (1.3.6.1).
l If a few MIB objects on a device or some objects in the current MIB view do not or no longer
need to be managed by the NM station, exclude needs to be specified in the related command
to exclude these MIB objects.
l If a few MIB objects on the device or some objects in the current MIB view need to be
managed by the NM station, include needs to be specified in the related command to include
these MIB objects.
Step 6 Run:
snmp-agent community { read | write } community-name [ mib-view view-name | acl aclnumber ]*

The NM station's access rights are specified.


l read needs to be configured in the command if the NM station administrator needs the read
permission in the specified view in some cases. For example, a low-level administrator needs
to read certain data. write needs to be configured in the command if the NM station
administrator needs the read and write permissions in the specified view in some cases. For
example, a high-level administrator needs to read and write certain data.
l If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), mib-view view-name does not need to be
configured in the command.
l If all the NM stations that use the community name need to manage specified objects on the
device, acl acl-number does not need to be configured in the command.
l If some of the NM stations that use the community name need to manage specified objects
on the device, both mib-view and acl need to be configured in the command.
----End

Follow-up Procedure
After the access rights are configured, especially after the IP address of the NM station is
specified, if the IP address changes (for example, the NM station changes its location, or IP
addresses are reallocated due to network adjustment), you need to change the IP address of the
NM station in the ACL. Otherwise, the NM station cannot access the device.

1.3.4 (Optional) Enabling the SNMP Extended Error Code Function


This section describes how to enable the extended SNMP error code function when both the NM
station and managed device are Huawei products. After this function is enabled, more types of
error codes are provided to help you locate and rectify faults more quickly and accurately.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

18

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
snmp-agent extend error-code enable

The SNMP extended error code function is enabled.


By default, SNMP standard error codes are used. After the extended error code function is
enabled, extended error codes can be sent to the NM station.
----End

1.3.5 (Optional) Configuring the Trap Function


This section describes how to specify the alarms to be sent to the NM station, which will help
you to locate important problems. After relevant parameters are set, the security of alarm sending
can be improved.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
snmp-agent trap enable

Alarm sending is enabled.


Step 3 Run:
snmp-agent trap source interface-type interface-number

The source interface for trap messages is specified.


After the source interface is specified, its IP address becomes the source IP address of trap
messages. Configuring the IP address of the local loopback interface as the source interface is
recommended, which can ensure device security.
The source interface specified on the router for trap messages must be consistent with that
specified on the NM station; otherwise, the NM station will not accept the trap messages sent
from the router.
Step 4 Run:
snmp-agent trap queue-size size

The length of the queue storing trap messages to be sent to the destination host is set.
The queue length depends on the number of generated trap messages. If the router frequently
generates trap messages, a longer queue length can be set to prevent trap messages from being
lost.
Step 5 Run:
snmp-agent trap life seconds

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

19

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

The lifetime of every trap message is set.


The lifetime of every trap message depends on the number of generated trap messages. If the
router frequently generates trap messages, a longer lifetime can be set for every trap message to
prevent trap messages from being lost.
----End

1.3.6 Checking the Configuration


After SNMPv2c functions are configured, you can view the SNMPv2c configurations.

Prerequisites
The configurations of basic SNMPv2c functions are complete.

Procedure
l

Run the display snmp-agent community { read | write } command to check the
configured community name.

Run the display snmp-agent sys-info version command to check the enabled SNMP
version.

Run the display acl acl-number command to check the rules in the specified ACL.

Run the display snmp-agent mib-view command to check the MIB view.

Run the display snmp-agent sys-info contact command to check the equipment
administrator's contact information.

Run the display snmp-agent sys-info location command to check the location of the
device.

Run the display current-configuration | include trap command to check trap


configurations.

Run the display snmp-agent target-host command to check information about the target
host.

Run the display snmp-agent extend error-code status command to check whether the
SNMP extended error code feature is enabled.

----End

Example
When the configuration is complete, run the display snmp-agent community command. You
can view the configured community name.
<Huawei> display snmp-agent community read
Community name:
huawei
Storage type: nonVolatile
View name: ViewDefault
Acl: 2001
Total number is 1

Run the display snmp-agent sys-info version command. You can view the SNMP version
running on the agent.
<Huawei> display snmp-agent sys-info version
SNMP version running in the system:
SNMPv2c

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

20

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Run the display acl acl-number command. You can view the rules in the specified ACL.
<Huawei> display acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
rule 5 permit source 1.1.1.1 0

Run the display snmp-agent mib-view command. You can view the MIB view.
<Huawei> display snmp-agent mib-view
View name:ViewDefault
MIB Subtree:internet
Subtree mask:
Storage type: nonVolatile
View Type:included
View status:active
View name:ViewDefault
MIB Subtree:snmpUsmMIB
Subtree mask:
Storage type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpVacmMIB
Subtree mask:
Storage type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpModules.18
Subtree mask:
Storage type: nonVolatile
View Type:excluded
View status:active
Total number is 1

Run the display snmp-agent sys-info contact command. You can view the equipment
administrator's contact information.
<Huawei> display snmp-agent sys-info contact
The contact person for this managed node:
R&D Beijing, Huawei Technologies co.,Ltd.

Run the display snmp-agent sys-info location command. You can view the location of the
device.
<Huawei> display snmp-agent sys-info location
The physical location of this node:
Beijing China

Run the display current-configuration | include trap command. You can view trap
configurations.
<Huawei> display current-configuration | include trap
snmp-agent trap enable

Run the display snmp-agent extend error-code status command. You can view whether the
SNMP extended error code feature is enabled.
<Huawei> display snmp-agent extend error-code status
Extend error-code status:enabled

Run the display snmp-agent target-host command. You can view information about the target
host.
<Huawei> display snmp-agent target-host
Traphost list:
Target host name: nsm2
Traphost address: 1.1.1.2
Traphost portnumber: 162
Target host parameter: trapnsm2

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

21

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Total number is 1
Parameter list trap target host:
Parameter name of the target host: trapnsm2
Message mode of the target host: SNMPV2C
Trap version of the target host: v2c
Security name of the target host: 1.1.3.1
Total number is 1

1.4 Configuring a Device to Communicate with an NM


Station by Running SNMPv3
After SNMPv3 is configured, a managed device and an NM station can run SNMPv3 to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
The NM station manages a device in the following manners:
l

Sends requests to the managed device to perform the GetRequest, GetNextRequest,


GetResponse, GetBulk, or SetRequest operation, obtaining data and setting values.

Receives alarms from the managed device and locates and rectify device faults based on
the alarm information.

In the following configuration, after basic SNMP functions are configured, the NM station can
manage the device in these manners. For details on how to configure finer management such as
accurate access control or alarm module specification, see the following configuration
procedures.

1.4.1 Establishing the Configuration Task


Before configuring a device to communicate with an NM station by running SNMPv3,
familiarize yourself with the applicable environment, complete the pre-configuration tasks, and
obtain the data required for the configuration. This will help you complete the configuration task
quickly and accurately.

Applicable Environment
SNMP needs to be deployed in a network to allow the NM station to manage network devices.
Assume your network has a strict requirement on security, only authorized administrators can
manage network devices, and the security and accuracy of transmitted network data need to be
ensured. For example, the data between the NM station and managed devices is transmitted over
a public network. In this case, SNMPv3 can be deployed. The authentication and encryption
functions provided by SNMPv3 ensure the security of data sending and normal communication
between the NM station and managed devices.

Pre-configuration Tasks
Before configuring a device to communicate with an NM station by running SNMPv3, complete
the following task:
l
Issue 02 (2012-03-30)

Configuring a routing protocol to ensure that the router and NM station are routable
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

22

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv3, you need
the following data.
No.

Data

SNMP version, user name and user group name, address of the alarm destination host,
and administrator's contact information and location

(Optional) ACL number, IP address of the NM station, and MIB object

(Optional) Name of the alarm-sending module, source address of trap messages,


queue length for trap messages, and lifetime of trap messages

1.4.2 Configuring Basic SNMPv3 Functions


After basic SNMP functions are configured, an NM station can perform basic operations such
as Get and Set operations on a managed device, and the managed device can send alarms to the
NM station.

Context
Steps 4, 5, and 6 are mandatory for the configuration of basic SNMP functions. After the
configurations, basic SNMP communication can be conducted between the NM station and
managed device.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 (Optional) Run:
snmp-agent

The SNMP agent function is enabled.


By default, the SNMP agent function is disabled. Running any command with the parameter
snmp-agent can enable the SNMP agent function, so this step is optional.
Step 3 (Optional) Run:
snmp-agent sys-info version v3

The SNMP version is set.


By default, SNMPv1, SNMPv2c, and SNMPv3 is enabled.
Step 4 Run:
snmp-agent group v3 group-name { authentication | noauth | privacy }

An SNMPv3 user group is configured.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

23

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

If the network or network devices are in an environment lacking security (for example, the
network is vulnerable to attacks), authentication or privacy can be configured in the command
to enable data authentication or encryption.
The available authentication and encryption modes are as follows:
l Authentication without encryption: Only authentication is configured in the command. This
mode is applicable to secure networks managed by many administrators who may frequently
perform operations on the same device. In this mode, only the authenticated administrators
can access the managed device.
l No authentication and no encryption: noauth is configured in the command. This mode is
applicable to secure networks managed by a specified administrator.
l Authentication and encryption: privacy is configured in the command. This mode is
applicable to insecure networks managed by many administrators who may frequently
perform operations on the same device. In this mode, only the authenticated administrators
can access the managed device, and transmitted data is encrypted to guard against
interception and data leaking.
Step 5 Run:
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha }
authkey [ privacy-mode { aes128 | des56 } prikey | plain-text ] ] [ acl standardacl ]

A user is added to the SNMPv3 user group.


NOTE

When configuring a security level for a user, ensure that the security level for the user is not lower than
the security level of the SNMP group to which the user belongs; otherwise, communication fails. If the
security level configured for the user is no authentication and no encryption, the user has permission to
access objects within MIB-2 and has only read property.

After a user is added to the user group, the NM station that uses the name of the user can access
the objects in the Viewdefault view (1.3.6.1).
If authentication and encryption have been enabled for the user group, the following
authentication and encryption modes can be configured for the data transmitted on the network.
l Authentication mode
Message Digest 5 (MD5): generates a 128-bit message digest for an input message of any
length.
Secure Hash Algorithm (SHA-1): generates a 160-bit message digest for an input message
of less than 264 bits.
MD5 is faster than SHA-1, but is considered less secure.
l Encryption mode
AES uses a 128-bit key to encrypt a 128-bit plain text block.
DES uses a 56-bit key to encrypt a 64-bit plain text block.
Step 6 Run:
snmp-agent target-host trap-paramsname paramsname v3 securityname securityname
{ authentication | noauthnopriv | privacy } [ binding-private-value ] [ privatenetmanager ]

The parameters of the trap messages sent from device are configured.
Step 7 Run:
snmp-agent target-host trap-hostname hostname address ipv4-addr [ udp-port udpportid ] [ public-net | vpn-instance vpn-instance-name ] trap-paramsname paramsname

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

24

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

The destination address for the alarms and error codes sent from the device is configured.
The descriptions of the command parameters are as follows:
l The default destination UDP port number is 162. In some special cases (for example, port
mirroring is configured to prevent a well-known port from being attacked), the parameter
udp-port can be used to specify a non-well-known UDP port number. This ensures normal
communication between the NM station and managed device.
l If the alarms sent from the managed device to the NM station need to be transmitted over a
public network, the parameter public-net needs to be configured. If the alarms sent from the
managed device to the NM station need to be transmitted over a private network, the
parameter vpn-instance vpn-instance-name needs to be used to specify a VPN that will take
over the sending task.
Step 8 (Optional) Run:
snmp-agent sys-info { contact contact | location location }

The equipment administrator's contact information or location is configured.


This step is required when the NM station administrator must know equipment administrators'
contact information and locations when the NM station manages many devices. This allows the
NM station administrator to contact the equipment administrators quickly for fault location and
rectification.
To configure both the equipment administrator's contact information and location, you must run
the command twice to configure them separately.
----End

Follow-up Procedure
If finer device management is required, follow directions below to configure the managed
device:
l

To allow a specified NM station in an SNMPv3 user group to manage specified objects of


the device(such as NM station with the specified IP address), follow the procedure
described in Controlling the NM Station's Access to the Device.

To allow a specified module on the managed device to report alarms to the NM station,
follow the procedure described in Configuring the Trap Function.

If the NM station and managed device are both Huawei products, follow the procedure
described in Enabling the SNMP Extended Error Code Function to allow the device to
send more types of error codes. This allows more specific error identification and facilitates
your fault location and rectification.

1.4.3 (Optional) Controlling the NM Station's Access to the Device


This section describes how to specify an NM station and manageable MIB objects for SNMPv3based communication between the NM station and managed device to improve communication
security.

Context
If a device is managed by multiple NM stations that are in the same SNMPv3 user group, note
the following points:
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

25

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

If all the NM stations need to have rights to access the objects in the Viewdefault view
(1.3.6.1), skip the following steps.

If some of the NM stations need to have rights to access the objects in the Viewdefault view
(1.3.6.1), skip Step5.

If all the NM stations need to manage specified objects on the device, skip Step2, Step3,
and Step4.

If some of the NM stations need to manage specified objects on the device, perform all the
following steps.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
acl acl-number

A basic ACL is created to filter the NM station users that can manage the device.
Step 3 Run:
rule [ rule-id ] { deny | permit } source { source-ip-address source-wildcard |
any }

A rule is added to the ACL.


Step 4 Run:
quit

Return to the system view.


Step 5 Run:
snmp-agent mib-view view-name { include | exclude } subtree-name [ mask mask ]

A MIB view is created, and manageable MIB objects are specified.


By default, an NM station has rights to access the objects in the Viewdefault view (1.3.6.1).
l If a few MIB objects on the device or some objects in the current MIB view do not or no
longer need to be managed by the NM station, exclude needs to be specified in the command
to exclude these MIB objects.
l If a few MIB objects on the device or some objects in the current MIB view need to be
managed by the NM station, include needs to be specified in the command to include these
MIB objects.
Step 6 Run:
snmp-agent group v3 group-name { authentication | noauth | privacy } [ read-view readview | write-view write-view | notify-view notify-view | acl acl-number ]*
The read and write permissions are configured for the user group.
l read-view needs to be configured in the command if the NM station administrator needs the
read permission in the specified view in some cases. For example, a low-level administrator
needs to read certain data. write-view needs to be configured in the command if the NM
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

26

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

station administrator needs the read and write permissions in the specified view in some
cases. For example, a high-level administrator needs to read and write certain data.
l notify-view needs to be configured in the command if you want to filter out irrelevant alarms
and configure the managed device to send only the alarms of specified MIB objects to the
NM station. If the parameter is configured, only the alarms of the MIB objects specified by
notify-view will be sent to the NM station.
l authentication or privacy can be configured in the command to improve security. If
authentication is configured, only authentication is performed. If privacy is configured,
both authentication and encryption are performed. For details, see the authentication and
encryption selection guide.
l If some NM stations that are in the same SNMPv3 user group need to have rights to access
the objects in the Viewdefault view (1.3.6.1), [ read-view read-view | write-view writeview | notify-view notify-view ] does not need to be configured in the command.
l If all the NM stations that are in the same SNMPv3 user group need to manage specified
objects on the device, acl acl-number does not need to be configured in the command.
l If some of the NM stations that are in the same SNMPv3 user group need to manage specified
objects on the device, both the MIB view and ACL need to be configured in the command.
----End

Follow-up Procedure
After the access rights are configured, especially after the IP address of the NM station is
specified, if the IP address changes (for example, the NM station changes its location, or IP
addresses are reallocated due to network adjustment), you need to change the IP address of the
NM station in the ACL. Otherwise, the NM station cannot access the device.

1.4.4 (Optional) Enabling the SNMP Extended Error Code Function


This section describes how to enable the extended SNMP error code function when both the NM
station and managed device are Huawei products. After this function is enabled, more types of
error codes are provided to help you locate and rectify faults more quickly and accurately.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
snmp-agent extend error-code enable

The SNMP extended error code function is enabled.


By default, SNMP standard error codes are used. After the extended error code function is
enabled, extended error codes can be sent to the NM station.
----End

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

27

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

1.4.5 (Optional) Configuring the Trap Function


This section describes how to specify the alarms to be sent to the NM station, which will help
you to locate important problems. After relevant parameters are set, the security of alarm sending
can be improved.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
snmp-agent trap enable

Alarm sending is enabled.


Step 3 Run:
snmp-agent trap source interface-type interface-number

The source interface for trap messages is specified.


After the source interface is specified, its IP address becomes the source IP address of trap
messages. Configuring the IP address of the local loopback interface as the source interface is
recommended, which can ensure device security.
The source interface specified on the router for trap messages must be consistent with that
specified on the NM station; otherwise, the NM station will not accept the trap messages sent
from the router.
Step 4 Run:
snmp-agent trap queue-size size

The length of the queue storing trap messages to be sent to the destination host is set.
The queue length depends on the number of generated trap messages. If the router frequently
generates trap messages, a longer queue length can be set to prevent trap messages from being
lost.
Step 5 Run:
snmp-agent trap life seconds

The lifetime of every trap message is set.


The lifetime of every trap message depends on the number of generated trap messages. If the
router frequently generates trap messages, a longer lifetime can be set for every trap message to
prevent trap messages from being lost.
----End

1.4.6 Checking the Configuration


After SNMPv3 functions are configured, you can view the SNMPv3 configurations.

Prerequisites
The configurations of basic SNMPv3 functions are complete.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

28

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Procedure
l

Run the display snmp-agent usm-user [ user-name ] command to check user information.

Run the display snmp-agent sys-info version command to check the enabled SNMP
version.

Run the display acl acl-number command to check the rules in the specified ACL.

Run the display snmp-agent mib-view command to check the MIB view.

Run the display snmp-agent sys-info contact command to check the equipment
administrator's contact information.

Run the display snmp-agent sys-info location command to check the location of the
device.

Run the display current-configuration | include trap command to check trap


configurations.

Run the display snmp-agent extend error-code status command to check whether the
SNMP extended error code feature is enabled.

----End

Example
Run the display snmp-agent usm-user command. You can view SNMP user information.
<Huawei> display snmp-agent usm-user
User name: testuser
Engine ID: 000007DB7F00000100004C3F
Group name: testgroup
Authentication mode: md5, Privacy mode: des56
Storage type: nonVolatile
User status: active
Total number is 1

Run the display snmp-agent sys-info version command. You can view the SNMP version
running on the agent.
<Huawei> display snmp-agent sys-info version
SNMP version running in the system:
SNMPv3

Run the display acl acl-number command. You can view the rules in the specified ACL.
<Huawei> display acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
rule 5 permit source 1.1.1.1 0

Run the display snmp-agent mib-view command. You can view the MIB view.
<Huawei> display snmp-agent mib-view
View name:ViewDefault
MIB Subtree:internet
Subtree mask:
Storage type: nonVolatile
View Type:included
View status:active
View name:ViewDefault
MIB Subtree:snmpUsmMIB
Subtree mask:
Storage type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpVacmMIB
Subtree mask:
Storage type: nonVolatile

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

29

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpModules.18
Subtree mask:
Storage type: nonVolatile
View Type:excluded
View status:active
Total number is 1

Run the display snmp-agent sys-info contact command. You can view the equipment
administrator's contact information.
<Huawei> display snmp-agent sys-info contact
The contact person for this managed node:
R&D Beijing, Huawei Technologies co.,Ltd.

Run the display snmp-agent sys-info location command. You can view the location of the
device.
<Huawei> display snmp-agent sys-info location
The physical location of this node:
Beijing China

Run the display current-configuration | include trap command. You can view trap
configurations.
<Huawei> display current-configuration | include trap
snmp-agent trap enable

Run the display snmp-agent extend error-code status command. You can view whether the
SNMP extended error code feature is enabled.
<Huawei> display snmp-agent extend error-code status
Extend error-code status:enabled

1.5 SNMP Configuration Examples


This section provides several configuration examples of SNMP. The configuration roadmap in
the examples will help you understand the configuration procedures. Each configuration
example provides information about the networking requirements, configuration notes, and
configuration roadmap.

1.5.1 Example for Configuring a Device to Communicate with an


NM Station by Using SNMPv1
This section provides an example to describe how to configure a device to communicate with
an NM station by using SNMPv1 and how to specify the MIB objects that can be managed by
the NM station.

Networking Requirements
As shown in Figure 1-4, two NM stations (NMS1 and NMS2) and the router are connected
across a public network. According to the network planning, NMS2 can manage DNS MIB
object on the router, and NMS1 does not manage the router.
On the router, only the modules that are enabled by default are allowed to send alarms to NMS2.
This prevents an excess of unwanted alarms from being sent to NMS2. Excessive alarms can
make faults location difficult.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

30

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Equipment administrator's contact information needs to be configured on the router. This allows
the NMS administrator to contact the equipment administrator quickly if a fault occurs.
Figure 1-4 Networking diagram for configuring a device to communicate with an NM station
by using SNMPv1

NMS1
1 .1 .1 .1 /2 4

IP N e tw o rk

G E 1 /0 /0
1 .1 .2 .1 /2 4
R o u te r

NMS2
1 .1 .1 .2 /2 4

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enable the SNMP agent.

2.

Configure the router to run SNMPv1.

3.

Configure an ACL to allow NMS2 to manage DNS MIB object on the router.

4.

Configure the trap function to allow the router to send alarms to NMS2.

5.

Configure the equipment administrator's contact information on the router.

6.

Configure NMS2.

Data Preparation
To complete the configuration, you need the following data:
l

SNMP version

Community name

ACL number

IP address of the NM station

Equipment administrator's contact information

Procedure
Step 1 Configure available routes between the router and the NM stations. Details for the configuration
procedure are not provided here.
Step 2 Enable the SNMP agent.
<Huawei> system-view
[Huawei] snmp-agent

Step 3 Configure the router to run SNMPv1.


[Huawei] snmp-agent sys-info version v1

# Check the configured SNMP version.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

31

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

[Huawei] display snmp-agent sys-info version


SNMP version running in the system:
SNMPv1

Step 4 Configure the NM stations' access rights.


# Configure an ACL to allow NMS2 to manage and disallow NMS1 from managing the
router.
[Huawei] acl 2001
[Huawei-acl-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
[Huawei-acl-basic-2001] rule 6 deny source 1.1.1.1 0.0.0.0
[Huawei-acl-basic-2001] quit

# Configure a MIB view and allow NMS2 to manage DNS MIB object on the router.
[Huawei] snmp-agent mib-view dnsmib include 1.3.6.1.4.1.2011.5.25.194

# Configure a community name to allow NMS2 to manage the objects in the MIB view.
[Huawei] snmp-agent community write adminnms2 mib-view dnsmib acl 2001

Step 5 Configure the trap function.


[Huawei]
[Huawei]
trapnms2
[Huawei]
[Huawei]
[Huawei]

snmp-agent target-host trap-paramsname trapnms2 v1 securityname adminnms2


snmp-agent target-host trap-hostname nms2 address 1.1.1.2 trap-paramsname
snmp-agent trap queue-size 200
snmp-agent trap life 60
snmp-agent trap enable

Step 6 Configure the equipment administrator's contact information.


[Huawei] snmp-agent sys-info contact call Operator at 010-12345678

Step 7 Configure NMS2.


For details on how to configure NMS2, see the relevant NMS configuration guide.
Step 8 Verify the configuration.
After the configurations are complete, run the following commands to verify that the
configurations have taken effect.
# Check information about the SNMP community name.
<Huawei> display snmp-agent community write
Community name:adminnms2
Storage type: nonVolatile
View name: dnsmib
Acl:2001
Total number is 1

# Check the configured ACL.


<Huawei> display acl 2001
Basic ACL 2001, 2 rules
Acl's step is 5
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0

# Check the MIB view.


<Huawei> display snmp-agent mib-view dnsmib
View name:dnsmib
MIB Subtree:hwDnsMib
Subtree mask:
Storage type: nonVolatile

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

32

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

View Type:included
View status:active

# Check the target host.


<Huawei> display snmp-agent target-host
Traphost list:
Target host name: nms2
Traphost address: 1.1.1.2
Traphost portnumber: 162
Target host parameter: trapnms2
Total number is 1
Parameter list trap target host:
Parameter name of the target host: trapnms2
Message mode of the target host: SNMPV1
Trap version of the target host: v1
Security name of the target host: adminnms2
Total number is 1

# When an alarm is generated, run the display trapbuffer command to view the details.
<Huawei> display trapbuffer
Trapping buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , Channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 98
#Oct 11 2010 18:57:59+00:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011
.5.25.191.3.1 configurations have been changed. The current change number is 95,
the change loop count is 0, and the maximum number of records is 4095.

# Check the equipment administrator's contact information.


<Huawei> display snmp-agent sys-info contact
The contact person for this managed node:
call Operator at 010-12345678

----End

Configuration Files
Configuration file of the router
#
acl number 2001
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
#
interface GigabitEthernet1/0/0
ip address 1.1.2.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
#
snmp-agent local-engineid 000007DB7FFFFFFF00001AA7
snmp-agent community write adminnms2 mib-view dnsmib acl 2001
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v1
snmp-agent target-host trap-hostname nms2 address 1.1.1.2 udp-port 162 trapparamsname trapnms2
snmp-agent target-host trap-paramsname trapnms2 v1 securityname adminnms2
snmp-agent mib-view dnsmib include hwDnsMIB

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

33

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

snmp-agent trap enable


snmp-agent trap queue-size 200
snmp-agent trap life 60
snmp-agent
#
return

1.5.2 Example for Configuring a Device to Communicate with an


NM Station by Using SNMPv2c
This section provides an example to describe how to configure a device to communicate with
an NM station by using SNMPv2c and how to specify the MIB objects that can be managed by
the NM station.

Networking Requirements
As shown in Figure 1-5, two NM stations (NMS1 and NMS2) and the router are connected
across a public network. According to the network planning, NMS2 can manage DNS MIB
object on the router, and NMS1 does not manage the router.
On the router, only the modules that are enabled by default are allowed to send alarms to NMS2.
This prevents an excess of unwanted alarms from being sent to NMS2.
Equipment administrator's contact information needs to be configured on the router. This allows
the NMS administrator to contact the equipment administrator quickly if a fault occurs.
Figure 1-5 Networking diagram for configuring a device to communicate with an NM station
by using SNMPv2c

NMS1
1 .1 .1 .1 /2 4

IP N e tw o rk

G E 1 /0 /0
1 .1 .2 .1 /2 4
R o u te r

NMS2
1 .1 .1 .2 /2 4

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enable the SNMP agent.

2.

Configure the router to run SNMPv2c.

3.

Configure an ACL to allow NMS2 to manage DNS MIB object on the router.

4.

Configure the equipment administrator's contact information on the router.

5.

Configure NMS2.

Data Preparation
To complete the configuration, you need the following data:
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

34

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

SNMP version

Community name

ACL number

IP address of the NM station

Equipment administrator's contact information

1 SNMP Configuration

Procedure
Step 1 Configure available routes between the router and the NM stations. Details for the configuration
procedure are not provided here.
Step 2 Enable the SNMP agent.
<Huawei> system-view
[Huawei] snmp-agent

Step 3 Configure the router to run SNMPv2c.


[Huawei] snmp-agent sys-info version v2c

# Check the configured SNMP version.


[Huawei] display snmp-agent sys-info version
SNMP version running in the system:
SNMPv2c

Step 4 Configure the NM stations' access rights.


# Configure an ACL to allow NMS2 to manage and disallow NMS1 from managing the
router.
[Huawei] acl 2001
[Huawei-acl-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
[Huawei-acl-basic-2001] rule 6 deny source 1.1.1.1 0.0.0.0
[Huawei-acl-basic-2001] quit

# Configure a MIB view.


[Huawei] snmp-agent mib-view dnsmib include 1.3.6.1.4.1.2011.5.25.194

# Configure a community name to allow NMS2 to manage the objects in the MIB view.
[Huawei] snmp-agent community write adminnms2 mib-view dnsmib acl 2001

Step 5 Configure the trap function.


[Huawei] snmp-agent
adminnms2
[Huawei] snmp-agent
trapnms2
[Huawei] snmp-agent
[Huawei] snmp-agent
[Huawei] snmp-agent

target-host trap-paramsname trapnms2 v2c securityname


target-host trap-hostname nms2 address 1.1.1.2 trap-paramsname
trap queue-size 200
trap life 60
trap enable

Step 6 Configure the equipment administrator's contact information.


[Huawei] snmp-agent sys-info contact call Operator at 010-12345678

Step 7 Configure NMS2.


For details on how to configure NMS2, see the relevant NMS configuration guide.
Step 8 Verify the configuration.
After the configurations are complete, run the following commands to verify that the
configurations have taken effect.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

35

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

# Check information about the SNMP community name.


<Huawei> display snmp-agent community write
Community name:adminnms2
Storage type: nonVolatile
View name: dnsmib
Acl:2001
Total number is 1

# Check the configured ACL.


<Huawei> display acl 2001
Basic ACL 2001, 2 rules
Acl's step is 5
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0

# Check the MIB view.


<Huawei> display snmp-agent mib-view dnsmib
View name:dnsmib
MIB Subtree:hwDnsMib
Subtree mask:
Storage type: nonVolatile
View Type:included
View status:active

# Check the target host.


<Huawei> display snmp-agent target-host
Traphost list:
Target host name: nms2
Traphost address: 1.1.1.2
Traphost portnumber: 162
Target host parameter: trapnms2
Total number is 1
Parameter list trap target host:
Parameter name of the target host: trapnms2
Message mode of the target host: SNMPV2C
Trap version of the target host: v2c
Security name of the target host:
adminnms2
Total number is 1

# When an alarm is generated, run the display trapbuffer command to view the details.
<Huawei> display trapbuffer
Trapping buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , Channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 98
#Oct 11 2010 18:57:59+00:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011
.5.25.191.3.1 configurations have been changed. The current change number is 95,
the change loop count is 0, and the maximum number of records is 4095.

# Check the equipment administrator's contact information.


<Huawei> display snmp-agent sys-info contact
The contact person for this managed node:
call Operator at 010-12345678

----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

36

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Configuration Files
Configuration file of the router
#
acl number 2001
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
#
interface GigabitEthernet1/0/0
ip address 1.1.2.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
#
snmp-agent local-engineid 000007DB7FFFFFFF00001AA7
snmp-agent community write adminnms2 mib-view dnsmib acl 2001
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v2c
snmp-agent target-host trap-hostname nms2 address 1.1.1.2 udp-port 162 trapparamsname trapnms2
snmp-agent target-host trap-paramsname trapnms2 v2c securityname adminnms2
snmp-agent mib-view dnsmib include hwDnsMib
snmp-agent trap enale
snmp-agent trap queue-size 200
snmp-agent trap life 60
snmp-agent
#
return

1.5.3 Example for Configuring a Device to Communicate with an


NM Station by Using SNMPv3
This section provides an example to describe how to configure a device to communicate with
an NM station by using SNMPv3 and how to specify the MIB objects that can be managed by
the NM station.

Networking Requirements
As shown in Figure 1-6, two NM stations (NMS1 and NMS2) and the router are connected
across a public network. According to the network planning, NMS2 can manage DNS MIB
object on the router, and NMS1 does not manage the router.
On the router, only the modules that are enabled by default are allowed to send alarms to NMS2.
This prevents an excess of unwanted alarms from being sent to NMS2. Excessive alarms can
make faults location difficult.
The data transmitted between NMS2 and the router needs to be encrypted and the NMS
administrator needs to be authenticated because the data has to travel across the public network.
Equipment administrator's contact information needs to be configured on the router. This allows
the NMS administrator to contact the equipment administrator quickly if a fault occurs.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

37

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Figure 1-6 Networking diagram for configuring a device to communicate with an NM station
by using SNMPv3

NMS1
1 .1 .1 .1 /2 4

IP N e tw o rk

G E 1 /0 /0
1 .1 .2 .1 /2 4
R o u te r

NMS2
1 .1 .1 .2 /2 4

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enable the SNMP agent.

2.

Configure the router to run SNMPv3.

3.

Configure an ACL to allow NMS2 to manage DNS MIB object on the router and configure
data encryption.

4.

Configure the trap function to allow the router to send alarms to NMS2.

5.

Configure the equipment administrator's contact information on the router.

6.

Configure NMS2.

Data Preparation
To complete the configuration, you need the following data:
l

SNMP version

User group name

User name and password

Authentication and encryption algorithms

ACL number

IP address of the NM station

Equipment administrator's contact information

Procedure
Step 1 Configure available routes between the router and the NM stations. Details for the configuration
procedure are not provided here.
Step 2 Enable the SNMP agent.
<Huawei> system-view
[Huawei] snmp-agent

Step 3 Configure the router to run SNMPv3.


[Huawei] snmp-agent sys-info version v3

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

38

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

# Check the configured SNMP version.


[Huawei] display snmp-agent sys-info version
SNMP version running in the system:
SNMPv3

Step 4 Configure the NM stations' access rights.


# Configure an ACL to allow NMS2 to manage and disallow NMS1 from managing the
router.
[Huawei] acl 2001
[Huawei-acl-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
[Huawei-acl-basic-2001] rule 6 deny source 1.1.1.1 0.0.0.0
[Huawei-acl-basic-2001] quit

# Configure a MIB view.


[Huawei] snmp-agent mib-view dnsmib include 1.3.6.1.4.1.2011.5.25.194

# Configure an SNMPv3 user group and add a user to the group, and configure authentication
for the NMS administrator and encryption for the data transmitted between the router and NMS2.
[Huawei] snmp-agent usm-user v3 testuser testgroup authentication-mode md5 87654321
privacy-mode des56 87654321
[Huawei] snmp-agent group v3 testgroup privacy write-view dnsmib notify-view dnsmib
acl 2001

Step 5 Configure the trap function.


[Huawei]
privacy
[Huawei]
trapnms2
[Huawei]
[Huawei]
[Huawei]

snmp-agent target-host trap-paramsname trapnms2 v3 securityname testuser


snmp-agent target-host trap-hostname nms2 address 1.1.1.2 trap-paramsname
snmp-agent trap queue-size 200
snmp-agent trap life 60
snmp-agent trap enable

Step 6 Configure the equipment administrator's contact information.


[Huawei] snmp-agent sys-info contact call Operator at 010-12345678

Step 7 Configure the NMS2.


For details on how to configure NMS2, see the relevant NMS configuration guide.
Step 8 Verify the configuration.
After the configurations are complete, run the following commands to verify that the
configurations have taken effect.
# Check information about the user group.
<Huawei> display snmp-agent group testgroup
Group name: testgroup
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: dnsmib
Notifyview: dnsmib
Storage type: nonVolatile
Acl:2001

# Check information about the user.


<Huawei> display snmp-agent usm-user
User name: testuser
Engine ID: 000007DB7F00000100004C3F

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

39

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Group name: testgroup


Authentication mode: md5, Privacy mode: des56
Storage type: nonVolatile
User status: active
Total number is 1

# Check the configured ACL.


<Huawei> display acl 2001
Basic ACL 2001, 2 rules
Acl's step is 5
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0

# Check the MIB view.


<Huawei> display snmp-agent mib-view dnsmib
View name:dnsmib
MIB Subtree:hwDnsMib
Subtree mask:
Storage type: nonVolatile
View Type:included
View status:active

# Check the target host.


<Huawei> display snmp-agent target-host
Traphost list:
Target host name: nms2
Traphost address: 1.1.1.2
Traphost portnumber: 162
Target host parameter: trapnms2
Total number is 1
Parameter list trap target host:
Parameter name of the target host: trapnms2
Message mode of the target host: SNMPV3
Trap version of the target host: v3
Security name of the target host: testuser
Security level of the target host: privacy
Total number is 1

# When an alarm is generated, run the display trapbuffer command to view the details.
<Huawei> display trapbuffer
Trapping buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , Channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 98
#Oct 11 2010 18:57:59+00:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011
.5.25.191.3.1 configurations have been changed. The current change number is 95,
the change loop count is 0, and the maximum number of records is 4095.

# Check the equipment administrator's contact information.


<Huawei> display snmp-agent sys-info contact
The contact person for this managed node:
call Operator at 010-12345678

----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

40

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

1 SNMP Configuration

Configuration Files
Configuration file of the router
#
acl number 2001
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
#
interface GigabitEthernet1/0/0
ip address 1.1.2.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
#
snmp-agent local-engineid 000007DB7FFFFFFF000004A7
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v3
snmp-agent group v3 testgroup privacy write-view dnsmib notify-view dnsmib acl
2001
snmp-agent target-host trap-hostname nms2 address 1.1.1.2 udp-port 162 trapparamsname trapnms2
snmp-agent target-host trap-paramsname trapnms2 v3 securityname testuser privacy
snmp-agent mib-view dnsmib include hwDnsMib
snmp-agent usm-user v3 testuser testgroup authentication-mode md5
B4B3D731A5006953EDFC9BB83F983497 privacy-mode des56
B4B3D731A5006953EDFC9BB83F983497
snmp-agent trap enable
snmp-agent trap queue-size 200
snmp-agent trap life 60
snmp-agent
#
return

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

41

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

2 RMON Configuration

RMON Configuration

About This Chapter


This chapter describes how to monitor the Ethernet interface through Remote Network
Monitoring (RMON).
2.1 Overview of RMON
This section describes RMON.
2.2 Configuring RMON
This section describes how to monitor the network status and traffic through RMON.
2.3 RMON Configuration Examples
This section provides examples for configuring RMON, and illustrates the networking
requirements, configuration roadmap, and configuration notes. You can better understand the
configuration procedures with the help of the configuration flowchart.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

42

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

2 RMON Configuration

2.1 Overview of RMON


This section describes RMON.

2.1.1 Introduction to RMON


This part describes working principles of RMON.

RMON
RMON is implemented based on the Simple Network Management Protocol (SNMP)
architecture, and is compatible with the existing SNMP framework. There are two concepts
involved in RMON, namely, the Network Management Workstation (NM Station) and the agent.
A RMON agent collects statistics of various traffic in a network, including the number of packets
on a network segment within a period and the number of correct packets sent to a host.
Compared with SNMP, RMON monitors remote network devices more efficiently and actively.
It provides an efficient solution to monitor the running of sub-networks, which reduces the
communication traffic between the NM Station and the agent. Large-sized networks can thus be
managed in a simple and effective manner.
RMON allows multiple monitors. It collects data in the following ways:
l

Use a dedicated RMON Probe.


The NM Station obtains management information directly from the RMON Probe and
controls network resources. This ensures that the NM Station can obtain overall information
on the RMON MIB.

Embed a RMON agent into a network device (a router for example) to enable the device
to be of the RMON Probe capability.
The NM Station uses the basic SNMP commands for exchanging data with the RMON
agent and collecting the network management information. This process is restricted by
device resources and hence the NM Station collects only information on four groups (alarm,
event, history, and statistics) and not the complete information on the RMON MIB.

Currently, the AR1200-S implements the monitoring and statistics collection function only on
the Ethernet interfaces of network devices.

2.1.2 RMON Suported by the AR1200-S


This part describes the support for RMON on the AR1200-S.

Features of RMON
The AR1200-S implements RMON by embedding agent modules to network devices to form a
complete system with other modules. The RMON NM Station is completely compatible with
the SNMP NM Station; so, the administrator can handle it properly without additional training.
RMON in the AR1200-S supports four groups, namely, statistics, history, alarm, and event, as
defined in RFC 2819, and a Performance-MIB defined by Huawei. The following describes each
group.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

43

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

2 RMON Configuration

Statistic group
The statistics group collects the basic statistics of each monitored sub-network. The
statistics include date flows on a network segment, distribution of various packets, error
frames, and collisions.
The statistics group has one table: ethernetStatsTable.
NOTE

The RMON statistics result is not consistent with the output of the display interface command.
Although data is collected from the bottom layer in both the cases, the RMON information is more
comprehensive.

History group
A history group periodically collects the network state statistics and stores them for future
reference. The history group has the following tables:
historyControlTable: is used to set the control information, such as sampling intervals.
etherHistoryTable: provides network administrators with other history statistics, such
as the traffic on a network segment, error packets, broadcast packets, utilization, and
collisions.
Each entry in the historyControlTable corresponds to a maximum of 10 pieces of history
records in the etherHistoryTable. The previous pieces are overwritten in a circular
manner if the threshold of records in etherHistoryTable is crossed.

Alarm group
An alarm group allows predefining a set of thresholds for alarm variables (any object in
the local MIB). A monitor records logs or sends trap messages to the NM Station when the
sampled data in a certain direction crosses a threshold.
As defined in RFC 2819, the alarm function has a hysteresis mechanism to limit the
generation of alarms. If this mechanism is adopted, an alarm event is generated when the
sampled data in a direction crosses the threshold. No more events will be generated until
the sampled data in the opposite direction crosses the threshold.
The AR1200-S does not apply this mechanism because it will not generate the alarms for
a long period. For the AR1200-S, the alarms are re-generated if the smapling value turns
to the noraml threshold.
The alarm group contains one table: alarmTable.

Event group
An event group stores all the events generated by the RMON agent in a table. It records
logs or sends trap messages to the NM Station when an event occurs.
The event group implements the output of three events: log, trap, and log-trap. Each event
entry corresponds to a maximum of 10 pieces of logs. The previous logs are overwritten in
a circular manner if the threshold of logs is crossed.
The event group has two tables: eventTable and logTable.

Performance-MIB
The RMON prialarm group is an enhancement of alarmTable defined in RFC 2819.
Compared with the alarmTable, the RMON prialarm group supports the setting of alarm
objects and time spans of alarm entries through expressions.
The RMON Performance-MIB has one table: prialarmTable.
In the AR1200-S, to save system resources, each entry is given a specific time span. The
time span indicates the period for an entry to keep the invalid state. The entry is deleted
when the time span goes down to 0.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

44

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

2 RMON Configuration

Table 2-1 shows the capacity of various tables and the maximum time span of each table.
Table 2-1 Time span of each table
Table

Entry Capacity (Byte)

Maximum Time Span(s)

ethernetStatsTable

100

600

historyControlTable

100

600

alarmTable

60

6000

eventTable

60

600

logTable

600

prialarmTable

50

6000

NOTE

logTable does not have a time span. Each log entry can have a maximum of 10 pieces of logs. The
excessive logs supersede the older ones in a circular manner.

When an interface board or an interface card is removed, the corresponding entries in the
ethernetStatsTable and historyControlTable become invalid. If the time spans of tables are
respectively set to 1200s, the entries in the tables are deleted when the time spans go down
to 0.
If an interface is added before its corresponding entries are deleted from the table, these
entries can take effect again.

2.2 Configuring RMON


This section describes how to monitor the network status and traffic through RMON.

2.2.1 Establishing the Configuration Task


Before configuring RMON, familiarize yourself with the applicable environment, complete the
pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.

Applicable Environment
To monitor network status and collect traffic statistics on a network segment, you can configure
RMON.
Enabling the RMON function does not need any special requirement. You can enable it in
advance, or configure it when you suspect that the traffic of the sub-network where interface
resides is abnormal. You can configure RMON depending on actual situations.
It is recommended to configure the statistics table in advance, configure two history control
policies on the interface where the traffic is abnormal, configure the alarm for one or more
suspicious entries, set the high and low thresholds, and view the alarm information.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

45

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

2 RMON Configuration

NOTE

RMON only stores traffic statistics and information or abnormalities but cannot avoid the generation of
these statistics or information. To clear abnormalities, you need to adopt the other management measures.

Pre-configuration Tasks
Before configuring RMON, complete the following tasks:
l

Configuring parameters for Ethernet interfaces

Configuring basic SNMP functions

Data Preparation
To configure RMON, you need the following data.
No.

Data

Interface on which the statistics function is enabled

Statistics table to be used and related parameters

HistoryControl table to be used and related parameters

Event table to be used and related parameters

Alarm table to be used and related parameters

Prialarm table to be used and related parameters

2.2.2 Enabling the RMON Statistics Function on the Interface


You need to enable traffic statistics function on the interface where traffic statistics are collected.
If the traffic statistics function is not enabled on the interface, statistics values of in both
ethernetStatsTable and HistoryControlTable are 0.

Context
Do as follows on the router on which traffic statistics should be collected:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface { ethernet | gigabitethernet } interface-number

The interface view is displayed.


Step 3 Run:
rmon-statistics enable

The RMON statistics function is enabled on the interface.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

46

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

2 RMON Configuration

If the statistics function is not enabled on the interface, the statistics value in ethernetStatsTable
and historyControlTable of RMON is 0.
----End

2.2.3 Configuring the ethernetStatsTable


EthernetStatsTable records traffic information that RMON collects on interfaces.

Context
Do as follows on the router on which traffic statistics should be collected:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface { ethernet | gigabitethernet } interface-number

The interface view is displayed.


Step 3 Run:
rmon statistics entry-number [ owner owner-name ]

The ethernetStatsTable is configured.


To monitor the statistics of an interface on a device, a network administrator needs to create a
table entry for this interface and specify the interface OID, entry index, and entry state. The
network administrator can then read the corresponding entry to obtain the latest statistics.
----End

2.2.4 Configuring the HistoryControlTable


HistoryControlTable provides the historical data management function. With this function, you
can sample traffic of a certain interface, set the maximum number of items to be saved and the
sampling interval, collect traffic statistics on the specific interface periodically, and save the
statistics to etherHistoryTable for future use.

Context
As recommended by the RMON specifications, each monitored interface should be configured
with more than two history control entries. One entry is sampled every 30 seconds while another
entry is sampled every 30 minutes.
The short sampling interval enables a monitor to probe the sudden changes of traffic modes, and
the long sampling interval is applicable if the interface status is relatively stable.
Currently, the AR1200-S reserves up to 10 pieces of the latest records for each history control
entry.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

47

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

2 RMON Configuration

NOTE

To reduce the effect on the performance of the system, the sampling interval of the history table should be
longer than 10 seconds, and the same port should not be configured with too many history control entries
and alarm entries.

Do as follows on the router on which traffic statistics should be collected:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface { ethernet | gigabitethernet } interface-number

The interface view is displayed.


Step 3 Run:
rmon history entry-number buckets number interval sampling-interval [ owner ownername ]

The historyControlTable is configured.


----End

2.2.5 Configuring the EventTable


After EventTable is configured, when the number of events exceeds the alarm threshold, the
router generates logs, sends traps, or generates logs and sends traps.

Context
Do as follows on the router that is monitored:
The RMON event management module is responsible for adding events to the corresponding
rows in the eventTable and defining the methods of processing events:
l

log: sending only logs

log-trap: sending both logs and trap messages to the NM Station

none: marking that no event occurs

trap: sending trap messages to the NM Station

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
rmon event entry-number [ description string ] { log | trap object | log-trap
object | none } [ owner owner-name ]

The eventTable is configured.


----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

48

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

2 RMON Configuration

2.2.6 Configuring the AlarmTable


The RMON alarm management function monitors a specified trap variable identified by its OID
at a specified sampling interval. When the monitored variable exceeds the defined threshold, an
alarm is generated.

Context
The RMON alarm management is responsible for monitoring a specified alarm variable
(identified by OID) at a specified sampling interval. An alarm event occurs when the monitored
variable exceeds the defined threshold. Generally, the event is recorded in the log table, or
RMON sends a trap message to the NM Station.
If the events that correspond to the alarm upper limit and lower limit (event-entry1, evententry2) are not configured in the eventTable, an alarm is not generated even if the alarm condition
is satisfied. At this time, the status of alarm recording is undercreation and not VALID.
If an event corresponding to either the alarm upper limit or the alarm lower limit is configured,
an alarm is triggered once the alarm condition is satisfied. (At this time, the status of alarm
recording is VALID.) If an incorrect alarm variable is configured (for example, an inexistent
OID is specified), the status of alarm recording is undercreation and no alarm is generated.
Do as follows on the router that is monitored:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
rmon alarm entry-number alarm-OID sampling-time { absolute | changeratio | delta }
rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2
event-entry2 [ owner owner-name ]

The alarmTable is configured.


----End

2.2.7 Configuring the PrialarmTable


Compared with AlarmTable, PrialarmTable is enhanced with the function of setting the trap
object through an expression.

Context
Based on the alarmTable in RFC 2819, the RMON prialarm management is enhanced with two
functions: setting the alarm object in the form of expressions and limiting the time to live (TTL)
value of a prialarm entry.
Compared with the alarmTable, the prialarmTable has several additional entries:
l

Expression of alarm variables. It can be an arithmetic expression composed of the OIDs of


alarm variables(+, -, *, / or brackets).

Description of the prialarm entry in a character string.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

49

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

2 RMON Configuration

Prialarm state period, in seconds. It must be larger than the sampling interval.

Two prialarm state types: Forever or Cycle. If Cycle is set, an alarm does not occur and the
entry is deleted after the specified prialarm state period.

If the events that correspond to the alarm upper limit and lower limit (event-entry1, evententry2) are not configured in the eventTable, an alarm does not occur even if the alarm conditions
are satisfied. (The alarm record is in the undercreation state rather than in the VALID state.)
If either the alarm upper limit event or the alarm lower limit event is configured, the alarm is
triggered once the conditions for an alarm are satisfied. (The alarm record is in the VALID state.)
Do as follows on the router that is monitored.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
rmon prialarm entry-number prialarm-formula description-string sampling-interval
{ absolute | changeratio | delta } rising-threshold threshold-value1 event-entry1
falling-threshold threshold-value2 event-entry2 entrytype { cycle entry-period |
forever } [ owner owner-name ]

The prialarmTable is configured.


----End

2.2.8 Checking the Configuration


After configuring RMON, you can view the traffic statistics collected by RMON.

Prerequisites
The configurations of the RMON are complete.

Procedure
l

Run the display rmon alarm [ entry-number ] command to view the RMON alarm
information.

Run the display rmon event [ entry-number ] command to view the RMON events.

Run the display rmon eventlog [ entry-number ] command to view the RMON event logs.

Run the display rmon history [ ethernet interface-number | gigabitethernet interfacenumber ] command to view the RMON history information.

Run the display rmon prialarm [ entry-number ] command to view the information of the
RMON prialarmTable.

Run the display rmon statistics [ ethernet interface-number | gigabitethernet interfacenumber ] command to view the RMON statistics.

----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

50

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

2 RMON Configuration

Example
Run the display rmon alarm command. If information about the alarm table is displayed, it
means that the configuration succeeds.
<Huawei> display rmon alarm 1
Alarm table 1 owned by Test300 is VALID.
Samples absolute value
: 1.3.6.1.2.1.16.1.1.1.6.1 <etherStatsBroadcastPkts.1>
Sampling interval
: 30(sec)
Rising threshold
: 500(linked with event 1)
Falling threshold
: 100(linked with event 1)
When startup enables
: risingOrFallingAlarm
Latest value
: 1975

Run the display rmon event command. If information about the event table is displayed, it
means that the configuration succeeds.
<Huawei> display rmon event
Event table 1 owned by Test300 is VALID.
Description: null
Will cause log when triggered, last triggered at 0days 00h:24m:10s.34th.
Event table 2 owned by Test300 is VALID.
Description: forUseofPrialarm.
Will cause snmp-trap when triggered, last triggered at 0days 00h:26m:10s.73th.

Run the display rmon eventlog command. If information about the event logs is displayed, it
means that the configuration succeeds.
<Huawei> display rmon eventlog
Event table 1 owned by Test300 is VALID.
Generates eventLog 1.1 at 0days 00h:39m:30s.05th.
Description: The 1.3.6.1.2.1.16.1.1.1.6.1 defined in alarm table 1,
less than or equal to 100 with alarm value 0. Alarm sample type is absolute.

Run the display rmon history command to display the RMON history.
<Huawei> display rmon history
History control entry 1 owned by Test300 is VALID,
Samples interface
: Ethernet1/0/0<ifEntry.402653698>
Sampling interval
: 30(sec) with 10 buckets max
Last Sampling time
: 0days 00h:09m:43s
Latest sampled values :
octets
:645
, packets
:7
broadcast packets
:7
, multicast packets :0
undersize packets
:6
, oversize packets :0
fragments packets
:0
, jabbers packets
:0
CRC alignment errors :0
, collisions
:0
Dropped packet:
:0
, utilization
:0

Run the display rmon prialarm command. If information about the extended alarm table is
displayed, it means that the configuration succeeds.
<Huawei> display rmon prialarm 1
Prialarm table 1 owned by Test300 is VALID.
Samples delta value
: .1.3.6.1.2.1.16.1.1.1.6.1+.1.3.6.1.2.1.16.1.1.1.7.1
Sampling interval
: 30(sec)
Rising threshold
: 1000(linked with event 2)
Falling threshold
: 0(linked with event 2)
When startup enables
: risingOrFallingAlarm
This entry will exist
: forever
Latest value
: 16

Run the display rmon statistics command to display the RMON statistics.
<Huawei> display rmon statistics
Statistics entry 1 owned by Test300 is VALID.
Interface : GigabitEthernet1/0/0<ifEntry.402653698>
Received :
octets
:142915224 , packets
:1749151
broadcast packets
:11603
, multicast packets:756252
undersize packets
:0
, oversize packets :0

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

51

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

2 RMON Configuration

fragments packets
:0
, jabbers packets :0
CRC alignment errors:0
, collisions
:0
Dropped packet (insufficient resources):1795
Packets received according to length (octets):
64
:150183
, 65-127 :150183
, 128-255 :1383
256-511:3698
, 512-1023:0
, 1024-1518:0

2.3 RMON Configuration Examples


This section provides examples for configuring RMON, and illustrates the networking
requirements, configuration roadmap, and configuration notes. You can better understand the
configuration procedures with the help of the configuration flowchart.

2.3.1 Example for Configuring RMON


This part provides examples for configuring RMON to collect the traffic statistics on an interface.
When the traffic exceeds the threshold, the router generates logs.

Networking Requirements
As shown in Figure 2-1, it is required to monitor a sub-network connected to GE2/0/0, involving:
l

Collecting realtime statistics and history statistics about traffic and various packets.

Enabling the alarm monitoring function for the traffic (in bytes) passing through the
interface and enabling the log function when the traffic sent in one minute exceeds the set
value.

Monitoring the unicast packets on the sub-network and enabling the alarm function for
these packets. The system then automatically reports the alarm to the NM Station when the
unicast streams on the sub-network exceed the set value.

Figure 2-1 Networking diagram of RMON configuration

IP N e tw o rk

G E 1 /0 /0
1 0 .2 .2 .1 /2 4

N M S ta tio n
1 0 .1 .1 .1 /2 4

G E 2 /0 /0
1 0 .3 .3 .1 /2 4
R o u te r

LAN

Configuration Roadmap
The configuration roadmap is as follows:
1.

Execute the SNMP configuration command in advance to enable sending Trap messages
and configure the community name.

2.

Enable collecting statistics and configure the ethernetStatsTable.

3.

Configure the History Control Table.

4.

Configure the EventTable.

5.

Configuring the AlarmTable.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

52

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6.

2 RMON Configuration

Configure the PrialarmTable.

Data Preparation
To complete the configuration, you need the following data:
l

Interval for sampling information

Threshold for triggering alarm events

Procedure
Step 1 Configure routes between the Example for Configuring RMON and the NM Station. The detailed
configuration procedure is not mentioned here.
Step 2 Enable sending Trap messages to the NM Station.
# Enable the Trap function.
<Huawei> system-view
[Huawei] sysname Router
[Router] snmp-agent trap enable

# Set Trap messages to be sent to the specified NM Station.


[Router] snmp-agent target-host trap-paramsname hw v1 securityname public
[Router] snmp-agent target-host trap-hostname hwnm address 10.1.1.1 trapparamsname hw

Step 3 Enable collecting statistics.


# Enable the statistics function on an RMON interface.
[Router] interface gigabitethernet 2/0/0
[Router-GigabitEthernet2/0/0] rmon-statistics enable

# Configure the ethernetStatsTable.


[Router-GigabitEthernet2/0/0] rmon statistics 1 owner Test300

Step 4 Configure the historyControlTable.


# Set RMON to sample the traffic every 30 seconds and save the latest 10 pieces of history
records.
[Router-GigabitEthernet2/0/0] rmon history 1 buckets 10 interval 30 owner Test300

Step 5 Configure the eventTable.


# Set recording logs for RMON event 1, and set sending Trap messages to the NM Station for
event 2.
[Router] rmon event 1 log owner Test300
[Router] rmon event 2 description forUseofPrialarm trap public owner Test300

Step 6 Configure the alarmTable.


# Set the sampling interval and set the threshold that triggers event 1.
[Router] rmon alarm 1 1.3.6.1.2.1.2.2.1.11.22 30 absolute rising-threshold 10000 1
falling-threshold 100 1 owner Test300

Step 7 Verify the configuration.


# Verify the configuration result. You can check the traffic information about the sub-network
at any time.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

53

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

2 RMON Configuration

<Router> display rmon statistics gigabitethernet 2/0/0


Statistics entry 1 owned by Test300 is VALID.
Interface : GigabitEthernet2/0/0<ifEntry.22>
Received :
octets
:142915224 , packets
:1749151
broadcast packets
:11603
, multicast packets:756252
undersize packets
:0
, oversize packets :0
fragments packets
:0
, jabbers packets :0
CRC alignment errors:0
, collisions
:0
Dropped packet (insufficient resources):1795
Packets received according to length (octets):
64
:150183
, 65-127 :150183
, 128-255 :1383
256-511:3698
, 512-1023:0
, 1024-1518:0

# Verify the configuration.


<Router> display rmon history gigabitethernet 2/0/0
History control entry 1 owned by Test300 is VALID
Samples interface
: GigabitEthernet2/0/0<ifEntry.22>
Sampling interval
: 30(sec) with 10 buckets max
Last Sampling time
: 0days 00h:19m:43s
Latest sampled values :
octets
:645
, packets
:7
broadcast packets
:7
, multicast packets :0
undersize packets
:6
, oversize packets :0
fragments packets
:0
, jabbers packets
:0
CRC alignment errors :0
, collisions
:0
Dropped packet:
:0
, utilization
:0
History record:
Record No.1 (Sample time: 0days 00h:02m:30s)
octets
:0
, packets
:0
broadcast packets
:0
, multicast packets :0
undersize packets
:0
, oversize packets :0
fragments packets
:0
, jabbers packets
:0
CRC alignment errors :0
, collisions
:0
Dropped packet:
:0
, utilization
:0

# Verify the event.


<Router> display rmon event
Event table 1 owned by Test300 is VALID.
Description: null.
Will cause log when triggered, last triggered at 0days 00h:24m:10s.
Event table 2 owned by Test300 is VALID.
Description: forUseofPrialarm
Will cause snmp-trap when triggered, last triggered at 0days 00h:26m:10s.

# View the alarms.


<Router> display rmon alarm 1
Alarm table 1 owned by Test300 is VALID.
Samples absolute value
: 1.3.6.1.2.1.2.2.1.11.22 <ifInUcastPkts.22>
Sampling interval
: 30(sec)
Rising threshold
: 500(linked with event 1)
Falling threshold
: 100(linked with event 1)
When startup enables
: risingOrFallingAlarm
Latest value
: 1975

# Display the event logs.


<Router> display rmon eventlog
Event table 1 owned by Test300 is VALID.
Generates eventLog 1.1 at 0days 00h:39m:30s.
Description: The 1.3.6.1.2.1.16.1.1.1.6.1 defined in alarm table 1,
less than or equal to 100 with alarm value 0. Alarm sample type is absolute.

The NM Station receives trap messages when the set prialarm variable exceeds the preset
threshold.
----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

54

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

2 RMON Configuration

Configuration File
#
sysname Router
#
snmp-agent target-host trap-hostname hwnm address 10.1.1.1 udp-port 162 trapparamsname hw
snmp-agent target-host trap-paramsname hw v1 securityname public
snmp-agent trap enable
#
interface GigabitEthernet1/0/0
ip address 10.2.2.1 255.255.255.0
interface GigabitEthernet2/0/0
ip address 10.3.3.1 255.255.2555.0
rmon-statistics enable
rmon statistics 1 owner Test300
rmon history 1 buckets 10 interval 30 owner Test300
#
rmon event 1 description null log owner Test300
rmon event 2 description forUseofPrialarm trap public owner Test 300
rmon alarm 1 1.3.6.1.2.1.2.2.1.11.22 30 absolute rising-threshold 10000 1 fallingthreshold 100 1 owner Test300
#
return

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

55

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

LLDP Configuration

About This Chapter


This chapter describes the LLDP concept, configuration procedures, and configuration
examples.
3.1 Introduction to LLDP
The Link Layer Discovery Protocol (LLDP) is a Layer 2 discovery protocol defined in the IEEE
802.1ab standard.
3.2 LLDP Feature Supported by the AR1200-S
This section describes the usage scenarios of the LLDP feature and TLV types supported by the
AR1200-S.
3.3 Configuring LLDP
This section describes how to configure LLDP.
3.4 Maintaining LLDP
This section describes how to clear LLDP statistics and monitor LLDP status.
3.5 Configuration Examples
This section provides LLDP configuration examples.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

56

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

3.1 Introduction to LLDP


The Link Layer Discovery Protocol (LLDP) is a Layer 2 discovery protocol defined in the IEEE
802.1ab standard.

Background
Currently, the Ethernet technology is widely used in the Local Area Network (LAN) and
Metropolitan Area Network (MAN). Compared with small-scale networks, large-scale networks
require that the network management system (NMS) have more functions and higher processing
capability. For example, the NMS needs to obtain the topology of connected devices and
configuration conflicts between devices.
Currently, many NMSs use the automated discovery function to trace the topology changes.
However, most of them at best analyze the Layer 3 network topology and group devices into
different IP subnets. These NMSs provide only the data concerning the basic events such as
adding or deleting of devices, but does not determine the connected interfaces between devices
or obtain information about configuration conflicts.
The Layer 2 discovery protocol precisely discovers the interfaces on each device and obtains
connection information between devices. In addition, it displays the paths between clients,
switches, routers, application servers, and network servers. The Layer 2 information helps you
quickly know the device topology, detect configuration conflicts between devices, and locate
network faults.
The LLDP protocol is a Layer 2 discovery protocol defined in the IEEE 802.1ab standard.

LLDP working mechanism


Figure 3-1 LLDP diagram
Organizationally
defined local device
LLDP MIB extension
(Optional)

Organizationally
defined remote device
LLDP MIB extension
(Optional)

PTOPO MIB
(Optional)

Entity MIB
(Optional)
LLDP local system MIB

LLDP remote system MIB


Interface MIB
(Optional)

LLDP agent

LLDP frames

Local device information

Issue 02 (2012-03-30)

Other MIBs
(Optional)

LLDP/LSAP

Remote device information

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

57

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

LLDP is implemented by the MIB. It performs the following functions:


l

The LLDP module updates the LLDP local system MIB and its own extended MIB
(Organizationally defined local device LLDP MIB extension in the figure) by interacting
with the PTOPO MIB, Entity MIB, Interface MIB, and Other MIBs.

The LLDP module sends the LLDP packets carrying its own information to the peer device
through the interface connected to the peer device.

The LLDP module receives the LLDP packets from the peer device, and then updates the
LLDP remote system MIB stored on the local device.

By using the MIB, the device obtains the neighbor information, including the remote interface
connected to the local device and the bridge MAC address of the peer device.

Concept
MIB
Management information bases (MIBs) are classified into LLDP Local System MIBs and the
LLDP Remote System MIBs.
l

LLDP Local System MIB: stores information about the local device, including the device
ID, port ID, system name, system description, port description, system capability, and
management address.

LLDP Remote System MIB: stores information about neighbor devices, including the
device ID, port ID, system name, system description, port description, system capability,
and management address.

LLDP Agent
An LLDP agent manages LLDP operations for an interface.
The LLDP agent performs the following operations:
l

Maintains information in the LLDP local system MIB.

Obtains and sends LLDP local system MIB information to neighbor devices when the status
of the local device status changes. If the local device status keeps unchanged, the LLDP
agent also obtains and sends LLDP local system MIB information to neighbor devices at
intervals.

Identifies and processes received LLDP packets.

Maintains information in the LLDP remote system MIB.

Sends LLDP traps to the NMS when information in the LLDP local system MIB or the
LLDP remote system MIB changes.

LLDP Management Address


The LLDP management address (short for management address) is used by the NMS to identify
the AR1200-S and implement network management. A management address identifies a device.
It makes the network topology clear and facilitates network management. The management
address is carried in the Management Address Type-Length-Value (TLV) field of an LLDP
packet to be transmitted to neighbor devices.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

58

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

LLDP Trap
When information in the LLDP local system MIB or the LLDP remote system MIB changes,
the device sends traps to the NMS, requesting the NMS to update the topology. The information
changes include:
l

Change of global LLDP status

Change of local management address

Change of neighbor information, excluding the change of neighbor management address

The LLDP trap function is applied to all interfaces.

LLDP Packet
Figure 3-2 shows the LLDP packet format.
Figure 3-2 LLDP packet format

LLDP
Ethertype

DA

SA

Data + pad

LLDP_Multicast
address

MAC
address

88-cc

LLDPDU

FCS

6 octects

6 octects

2 octects

1500 octects

4 octects

DA: indicates the destination address of the LLDP packet. It is the multicast address 01-80C2-00-00-0E.

SA: indicates the bridge MAC address of the neighbor device.

LLDP Ethertype: indicates the LLDP packet type. If a packet contains this field, it is an
LLDP packet and it is sent to the LLDP module. The value of this field is 0x88CC.

LLDPDU: indicates the LLDP data unit. It is the major content of an LLDP packet.

FCS: indicates the Frame Check Sequence.

LLDPDU in the LLDP packet contains the Layer 2 information discovered by the device, so it
is the most important part in the LLDP packet.
Figure 3-3 shows the LLDPDU structure.
Figure 3-3 LLDPDU structure

Chassis ID Port ID Time to Optional


TLV
TLV Live TLV TLV
M

...

End of
Optional
LLDPDU
TLV
TLV

The basic unit in the LLDPDU is TLV.


l
Issue 02 (2012-03-30)

T: information type
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

59

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

L: information length

V: content value

3 LLDP Configuration

The LLDPDU carries different types of TLVs to meet the LLDP interaction requirements. The
device sends or receives the local and remote information by using these TLVs.
The LLDPDU starts with Chassis ID TLV, Port ID TLV, and Time to Live TLV, and ends with
End of LLDPDU TLV; therefore, these four TLVs are mandatory for an LLDPDU. The other
TLVs are optional. The device can add and remove the optional TLVs.

3.2 LLDP Feature Supported by the AR1200-S


This section describes the usage scenarios of the LLDP feature and TLV types supported by the
AR1200-S.

Usage Scenario
The LLDP feature of the AR1200-S is applicable to three types of networks.
Networks Where an Interface Has Only One Neighbor
The interfaces between two routers or the interfaces between a router and a media endpoint (ME)
are directly connected, so each interface has only one neighbor. As shown in Figure 3-4,
RouterA is directly connected to RouterB and ME. Each interface on RouterA and RouterB has
only one neighbor.
Figure 3-4 Each interface has only one neighbor

Internet
NMS

Router A

RouterB

ME

Networks Where an Interface Has Multiple Neighbors


The interfaces between two routers are connected through an unknown network, so each interface
has multiple neighbors. As shown in Figure 3-5, RouterA, RouterB, and RouterC are connected
through an unknown network. The devices on the unknown network may not have the LLDP
function or not be managed by the network management system (NMS); however, they must
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

60

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

have the ability to transparently transmit LLDP packets. On this network, each interface of
RouterA, RouterB, and RouterC has multiple neighbors.
Figure 3-5 Each interface has multiple neighbors

SNMP

SNMP

NMS

RouterF

LL LLDPDU
D
PD
U

RouterE

10.10.10.1

LLDPDU

LL
D
PD
U

RouterD

LL
D
PD

10.10.10.2

RouterA
RouterB

10.10.10.3
RouterC

LLDP interface

SNMP packet

NMS: Network Management System

LLDPDU packet

Networks Where Link Aggregation Is Configured


As shown in Figure 3-6, a link aggregation group is configured between the routers. Each
interface in the link aggregation group has only one neighbor.
Figure 3-6 Link aggregation is configured on the network

N e tw o rk

E n te rp ris e
User

Issue 02 (2012-03-30)

NMS

E th -T ru n k
R o u te rA

R o u te rB

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

E n te rp ris e
User

61

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

TLV Types Supported by the AR1200-S


Besides the mandatory TLVs Chassis ID TLV, Port ID TLV, Time to Live TLV, and End of
LLDPDU, the AR1200-S supports the following optional TLVs.
l

Basic TLV
Type

Description

Management Address TLV

Management IP address

Port Description TLV

Interface description

System Capabilities TLV

Capacities of the local device, including:


l other: other capability
l repeater
l bridge
l wlanAccessPoint: wireless access point
l router
l telephone: wireless device
l docsisCableDevice: management
station
l stationOnly: station

Issue 02 (2012-03-30)

System Description TLV

Device description

System Name TLV

Device name

Organizationally Specific TLV defined in 802.1


Type

Description

Port VLAN TLV

VLAN ID of an interface

Port protocol VLAN TLV

Protocol VLAN ID of an interface

VLAN Name TLV

VLAN name

Protocol identity TLV

Protocol types supported by an interface

Organizationally Specific TLV defined in 802.3


Type

Description

Link Aggregation TLV

Whether a port supports link aggregation


and is enabled with link aggregation

MAC/PHY Configuration/Status TLV

Rate and duplex status of a port, whether


auto-negotiation is supported, and whether
auto-negotiation is enabled

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

62

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Type

Description

Maximum Frame Size TLV

Maximum frame length supported by a


port, namely, the maximum transmission
unit (MTU)

Power Via MDI TLV

Power capability of a port, for example,


whether the port supports PoE and whether
the port is a powering device or powered
device

LLDP-MED TLV
Type

Description

LLDP-MED Capabilities TLV

MED type of a device and the type of an


LLDP MED TLV that can be encapsulated
in an LLDPDU

Inventory TLV

Manufacturer of the device

Location Identification TLV

Location identification, which identifies


the location of the local device

Network Policy TLV

VLAN ID, Layer 2 priority, and DSCP of


a voice VLAN

Extended Power-via-MDI TLV

Power capability of the device

By default, LLDP advertises all types of TLVs except the Location Identification TLV.

3.3 Configuring LLDP


This section describes how to configure LLDP.

3.3.1 Establishing the Configuration Task


Applicable Environment
The LLDP function on network devices allows the NMS to obtain device topology, management
addresses, device identifications, and interface identifications.

Pre-configuration Tasks
Before configuring LLDP, complete the following tasks:
l

Configuring a reachable route between the router and the NMS and setting the SNMP
parameters

Configuring an LLDP management address

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

63

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

NOTE

The LLDP management address contained in an LLDP packet is used to identify a device. Therefore, the
management address of a device must be unique and easy to manage. The IP address to be set as the
management address must already exist on the device. That is, this IP address must be configured before
3.3.4 (Optional) Configuring an LLDP Management Address.

Data Preparation
To configure LLDP, you need the following data.
No.

Data

IP address to be set as the LLDP management address

(Optional) Interval for sending LLDP packets

(Optional) Delay to send LLDP packets

(Optional) Hold time multiplier of device information stored on neighbors

(Optional) Delay to re-enable the LLDP function on an interface

(Optional) Delay to send neighbor change traps to the NMS

3.3.2 Enabling Global LLDP


After LLDP is enabled on the router and its neighbors, the router and its neighbors obtain status
information of each other by exchanging LLDP packets. The NMS obtains Layer 2 connection
status from the router for network topology analysis.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
lldp enable

LLDP is enabled globally.


----End

3.3.3 (Optional) Disabling LLDP on an Interface


After global LLDP is enabled, all the interfaces on the device are enabled with LLDP. To disable
LLDP on some interfaces, run the undo lldp enable command on the interface.

Prerequisites
LLDP has been enabled globally.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

64

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Context
LLDP can be enabled in the system view and the interface view. It performs the following
functions:
l

After LLDP is enabled in the system view, all interfaces are enabled with LLDP.

After LLDP is disabled in the system view, all LLDP settings are restored to the default
settings except the setting of LLDP trap. Therefore, LLDP is also disabled on all interfaces.

An interface can send and receive LLDP packets only after LLDP is enabled in both the
system view and the interface view.

After LLDP is disabled globally, the commands for enabling and disabling LLDP on an
interface do not take effect.

If LLDP needs to be disabled on some interfaces, enable LLDP globally first, and then run
the undo lldp enable command on these interfaces. To re-enable LLDP on these interfaces,
run the lldp enable command in the views of these interfaces.
NOTE

l On an Eth-Trunk, LLDP can only be enabled on member interfaces. The interfaces enabled with LLDP
and not enabled with LLDP can exist in the same Eth-Trunk.
l LLDP can be enabled and disabled only on the physical interfaces such as Ethernet and GE interfaces,
but cannot be used on logical interfaces such as VLANIF interfaces and Eth-Trunk.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
undo lldp enable

LLDP is disabled on the interface.


----End

3.3.4 (Optional) Configuring an LLDP Management Address


The LLDP management address uniquely identifies a device on the NMS.

Prerequisites
LLDP has been enabled globally.

Context
If the configured management address is invalid or no management address is configured, the
system sets an IP address in the address list as the management address. The system selects the
IP address in the following priority order: loopback interface address, and then VLANIF
interface address. Among the IP addresses of the same type, the system selects the smallest one.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

65

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

If the system does not find a management address, the bridge MAC address is used as the
management address.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
lldp management-address ip-address

The LLDP management address is configured.


The value of ip-address must be a valid unicast IP address existing on the device.
----End

3.3.5 (Optional) Configuring the TLV in the LLDPDU


The LLDPDUs contain different types of TLVs. The devices send and receive device
information by using these TLVs. The TLVs that can be encapsulated in an LLDP packet include
basic TLVs, organizationally specific TLVs, and TLVs related to media endpoint discovery
(MED).

Prerequisites
l

LLDP has been enabled globally.

LLDP has been enabled on the interfaces.

Context
To enable an interface to send the 802.3 Power via MDI TLV, run the lldp tlv-enable dot3-tlv
power command. The 802.3 Power via MDI TLV has the following formats:
l

802.1ab format: [TLV type | TLV information string length | 802.3 OUI | MDI power
support | PSE power pair | power class]

802.3at format: [TLV type | TLV information string length | 802.3 OUI | MDI power support
| PSE power pair | power class | type/source/priority | PD requested power value | PSE
allocated power value]

Based on 802.1ab, 802.3at extends three fields: type/source/priority, PD requested power value,
and PSE allocated power value.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

66

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Step 3 Run:
lldp tlv-enable { basic-tlv { all | management-address | port-description | systemcapability | system-description | system-name } | dot1-tlv { all | port-vlan-id |
protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] | protocol-identity } | dot3tlv { all | link-aggregation | mac-physic | max-frame-size | power } | med-tlv
{ all | capability | inventory | location-id { civic-address device-type countrycode { ca-type ca-value }&<1-10> | elin-address Tel-Number } | network-policy |
power-over-ethernet } }

The TLVs supported by the interface are specified.


By default, LLDP advertises all types of TLVs except the Location Identification TLV.
NOTE

l When the supported TLVs on the device are basic TLVs, TLVs in the IEEE 802.1 format, and TLVs
in the IEEE 802.3 format, the lldp tlv-enable command with the all parameter advertises all TLVs.
When the supported TLVs on the device are LLDP-MED TLVs, the lldp tlv-enable command with
the all parameter advertises all TLVs except Location Identification TLV.
If the all parameter is not specified, only one type of TLV can be sent. To send multiple types of TLVs,
run the command multiple times.
l You can specify the other types of LLDP-MED TLVs only after specifying the LLDP-MED
Capabilities TLV.
To disable the LLDP-MED Capabilities TLV, you must disable the other types of LLDP-MED TLVs
first.
To disable the MAC/PHY Configuration/Status TLVs, you must disable the LLDP-MED Capabilities
TLV first.
l The 802.3 MAC/PHY Configuration/Status TLVs are advertised automatically after the LLDP-MED
Capabilities TLV is advertised.
l If you disable the LLDP-MED TLVs and use the all keyword, the MAC/PHY Configuration/Status
TLVs are not disabled automatically.

Step 4 Run:
lldp dot3-tlv power { 802.1ab | 802.3at }

The standard with which the 802.3 Power via MDI TLV sent by the interface complies is set.
By default, the 802.3 Power via MDI TLV conforms to 802.1 ab.
NOTE

Before selecting a format of the 802.3 Power via MDI TLV, you must know the TLV format supported by
the peer device. The TLV format on the local device must be also supported by the peer device.

----End

3.3.6 (Optional) Configuring LLDP Timers


The LLDP timers include interval for sending LLDP packets, delay to send LLDP packets, hold
time multiplier of device information stored on neighbors, delay to re-enable LLDP on an
interface, and delay to send neighbor change traps to the NMS.

Prerequisites
LLDP has been enabled globally.

Context
Interval for sending LLDP packets and delay to send LLDP packets
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

67

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

When the LLDP status of the device keeps unchanged and the device does not discover new
neighbors, the interface module sends LLDP packets to the neighbors at a certain interval. After
the LLDP transmission interval is set on the device, the LLDP enabled interfaces send LLDP
packets to neighbors at this interval. The interfaces may send LLDP packets at different time
points. The LLDP transmission interval should be set properly and adjusted according to network
loads.
l

A long interval reduces the LLDP packet interaction frequency, and thus saves system
resource. However, if the interval is too long, the device cannot notify neighbors of its
status in time, and the NMS cannot discover the network topology changes in real time.

A short interval increases the LLDP packet transmission frequency and enables the NMS
to discover network topology changes in real time. However, if the interval is too short, the
LLDP packets are exchanged frequently, and thus the system load is increased.

There is a delay before the interface module sends an LLDP packet to the neighbor when the
device status changes frequently. After the LLDP transmission delay is set on the device, the
LLDP enabled interfaces send LLDP packets to neighbors after a delay (the delay is the same
as or longer than the delay you specified). The interfaces may send LLDP packets at different
time points. If the device status changes frequently, extend the delay to prevent the device from
frequently sending traps to the NMS. A delay suppresses the network topology flapping. The
LLDP transmission delay should be set properly and adjusted according to network loads.
l

A long delay reduces the LLDP packet interaction frequency, and thus saves system
resource. However, if the delay is too long, the device cannot notify neighbors of its status
in time, and the NMS cannot discover the network topology changes in real time.

A short delay increases the LLDP packet transmission frequency and enables the NMS to
discover network topology changes in real time. However, if the delay is too short, the
LLDP packets are exchanged frequently, and thus the system load is increased.

You should consider the value of delay when adjusting the value of interval because it is restricted
by the value of delay.
l

The value of interval ranges from 5 to 32768.

The value of interval must be equal to or greater than four times the value of delay.
Therefore, if you want to set interval to be smaller than four times the value of delay, first
reduce the delay value to be equal to or smaller than a quarter of the new interval value,
and then reduce the interval value.
NOTE

If the interval value is smaller than four times the delay value, the system displays an error message when
you run the undo lldp message-transmission delay command. To run the undo lldp messagetransmission delay command in this case, increase the interval value to at least four times the delay value
first.

Hold time multiplier of device information on neighbors


The hold time multiplier is the Time to Live (TTL) of the packets sent by the local device. You
can specify the storage time of device information on the neighbors. After receiving the LLDP
packets, the neighbors update the aging time of the device information from the sender according
to the TTL.
The storage time calculation formula is: TTL = Min (65535, (interval x hold)).
l

Issue 02 (2012-03-30)

TTL is the device information storage time. It is the smaller value between 65535 and
(interval x hold).
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

68

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

interval is the interval at which the device sends LLDP packets to neighbors. This parameter
is set by lldp message-transmission interval.

hold is the hold time multiplier of device information on neighbors.

After the LLDP function is disabled on the device, its neighbors wait until the TTL of the device
information expires, and then delete the device information. This prevents network topology
flapping. The hold time multiplier of device information on neighbors must be set to a proper
value.
l

A great value of the hold time multiplier prevents network topology flapping. However, if
the value is too large, the device cannot notify neighbors of its status in time, and the NMS
cannot discover the network topology changes in real time.

A small value of the hold time multiplier enables the NMS to discover topology change in
time. However, if the value is too small, the neighbors update device information too
frequently. This increases the load on the system and wastes resources.

The default value is recommended.

Delay to re-enable LLDP on an interface


There is a delay before LLDP is re-enabled on an interface. The delay suppresses the topology
flapping of the neighbors caused by the frequent LLDP status changes. The delay to re-enable
the LLDP function on an interface must be set properly.
l

A great value of the delay prevents network topology flapping. However, if the value is too
large, the device cannot notify neighbors of its status in time, and the NMS cannot discover
the network topology changes in real time.

A small value of the delay enables the NMS to discover topology change in time. However,
if the value is too small, the neighbors update device information too frequently. This
increases the load on the system and wastes resources.

The default value is recommended.

Delay to send neighbor change traps to the NMS


There is a delay before the device sends LLDP traps to the NMS. When the neighbor information
changes frequently, extend the delay to prevent the device from sending traps to the NMS too
frequently. This command suppresses the topology flapping. After the delay is set on the device,
the LLDP enabled interfaces send LLDP traps to neighbors after a delay (the delay is the same
as or longer than the delay you specified). The interfaces may send LLDP packets at different
time points.
The delay is applied to only the following traps: traps for adding neighbors, traps for deleting
neighbors, neighbor aging traps, and traps for discarding neighbor packets
(LLDP_1.0.8802.1.1.2.0.0.1 lldpRemTablesChange).

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
lldp message-transmission interval interval

The interval for sending LLDP packets is set.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

69

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

By default, the interval for sending LLDP packets is 30 seconds.


Step 3 Run:
lldp message-transmission delay delay

The delay to send LLDP packets is set.


By default, the delay to send LLDP packets is 2 seconds.
Step 4 Run:
lldp message-transmission hold-multiplier hold

The hold time multiplier of device information stored on neighbors is set.


The default value is 4.
NOTE

l You can extend the storage time of device information on the neighbors by increasing the value of
hold.
l The value of hold ranges from 2 to 10; however, when the value of (hold x interval) is greater than
65535, the hold value is invalid.

Step 5 Run:
lldp restart-delay delay

The delay to re-enable LLDP on an interface is set.


The default value is 2, in seconds.
If LLDP is disabled on an interface, the system re-enables LLDP for the interface after a delay.
Step 6 Run:
lldp trap-interval interval

The delay to send neighbor change traps to the NMS is set.


The default value is 5, in seconds.
----End

3.3.7 (Optional) Enabling the LLDP Trap Function


To send traps to the NMS when the neighbor information changes, you must enable the trap
function on the router.

Context
After the trap function is enabled, the router sends traps to the NMS in one of the following
cases:
l

The LLDP function is enabled or disabled globally. The traps are


LLDP_1.3.6.1.4.1.2011.5.25.134.2.1 hwLldpEnabled and
LLDP_1.3.6.1.4.1.2011.5.25.134.2.2 hwLldpDisabled.

The local management address changes. The trap is LLDP_1.3.6.1.4.1.2011.5.25.134.2.5


hwLldpLocManIPAddrChange.

Neighbor information changes. The trap is LLDP_1.0.8802.1.1.2.0.0.1


lldpRemTablesChange. A trap is not generated if the management address of a neighbor
changes.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

70

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

The trap function is applied to all interfaces. The trap function can take effect no matter whether
the LLDP function is enabled globally. If the network topology is unstable, disable the LLDP
function to prevent frequent trap sending.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
snmp-agent trap enable

The trap function is enabled.


By default, the trap function is disabled on the AR1200-S.
NOTE

A reachable route exists between the AR1200-S and the network management system and the SNMP
parameters are set before enabling the LLDP trap function.

----End

3.3.8 Checking the Configuration


Prerequisites
All configurations are complete.

Procedure
l

Run the display lldp local [ interface interface-type interface-number ] command to view
local LLDP status.

Run the display lldp neighbor [ interface interface-type interface-number ] command to


view neighbor information of an interface.

Run the display lldp neighbor brief command to view brief information about neighbors.

Run the display lldp tlv-config command to view the TLV types supported by the interface.

----End

Example
Run the display lldp local command. The following information shows the LLDP status in the
system and on the interface, LLDP management address, and all timers.
<Huawei> display lldp local
System information
Chassis type
:macAddress
Chassis ID
:00e0-11fc-1710
System name
:Huawei
System description :Huawei AR1220 Huawei Versatile Routing Platform Software V
RP (R) software,Version 5.100 (AR1220 V200R002C00) Copyright (C) 2000-2011 Huawei
Technologies Co., Ltd
System capabilities supported
:bridge
System capabilities enabled
:bridge
LLDP Up time
:2011/6/13 11:40:49
MED system information

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

71

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Device class
:Network Connectivity
(MED inventory information of master board)
HardwareRev
:AR01SRU1A VER.A
FirmwareRev
:NA
SoftwareRev
:V200R002C00
SerialNum
:NA
Manufacturer name :HUAWEI TECH CO.,
LTD
Model name
:NA
Asset tracking identifier :NA
System configuration
LLDP Status
LLDP Message Tx Interval
LLDP Message Tx Hold Multiplier
LLDP Refresh Delay
LLDP Tx Delay
LLDP Notification Interval
LLDP Notification Enable
Management Address

:enabled
:30
:4
:2
:2
:5
:enabled
:IP: 10.10.10.1

Remote Table Statistics:


Remote Table Last Change Time

:0 days, 5 hours, 57 minutes, 32 seconds

Remote Neighbors Added

:15

Remote Neighbors Deleted

:13

Remote Neighbors Dropped

:0

Remote Neighbors Aged

:0

Total Neighbors

:2

(default
(default
(default
(default
(default
(default
(default

is
is
is
is
is
is
is

disabled)
30s)
4)
2s)
2s)
5s)
disabled)

Port information:
Interface GigabitEthernet0/0/0 currently is L3 interface.
Interface GigabitEthernet0/0/1 currently is L3 interface.
Interface Ethernet0/0/0:
LLDP Enable Status
:enabled
Total Neighbors
:1
Port ID subtype
Port ID
Port description

(default is disabled)

:interfaceName
:Ethernet0/0/0
:HUAWEI, AR Series, Interface

Port And Protocol VLAN ID(PPVID) don't supported


Port VLAN ID(PVID) :
1
VLAN name of VLAN 1: VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM CFM
Auto-negotiation supported
:Yes
Auto-negotiation enabled
:Yes
OperMau
:speed(100)/duplex(Full)
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
PSE pairs control ability:No
Power pairs
:Unknown
Port power classification:Unknown
Link aggregation supported:Yes
Link aggregation enabled :No
Aggregation port ID
:0
Maximum frame Size
:1628

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

72

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

MED port information


Media policy type
:Unknown
Unknown Policy
:Yes
VLAN tagged
:No
Media policy VlanID
Media policy L2 priority
Media policy Dscp

:0
:0
:0

Power Type
:Unknown
PoE PSE power source
:Unknown
Port PSE Priority
:Unknown
Port Available power value:0
---- More
----

Run the display lldp neighbor [ interface interface-type interface-number ] command. The
following information shows the LLDP status in the system and on the interface, device ID,
interface ID, device name, device description, management address, and aging time.
<Huawei> display lldp neighbor
Ethernet0/0/0 has 1 neighbors:
Neighbor index : 1
Chassis type
:macAddress
Chassis ID
:00e0-11fc-1710
Port ID type
:interfaceName
Port ID
:Ethernet0/0/0
Port description
:HUAWEI, AR Series, Interface
System name
:Huawei
System description :Huawei AR1220 Huawei Versatile Routing Platform Software V
RP (R) software,Version 5.100 (AR1220 V200R002C00) Copyright (C) 2000-2011 Huawei
Technologies Co., Ltd
System capabilities supported
:bridge
System capabilities enabled
:bridge
Management address type :ipV4
Management address
: 127.0.0.1
Expired time
:104s
Port VLAN ID(PVID) :1
VLAN name of VLAN 1: VLAN1
Protocol identity
:STP RSTP/MSTP LACP GVRP
Auto-negotiation supported
:Yes
Auto-negotiation enabled
:Yes
OperMau
:speed(100)/duplex(Full)
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
PSE pairs control ability:No
Power pairs
:Signal
Port power classification:Class3
Link aggregation supported:Yes
Link aggregation enabled :No
Aggregation port ID
:0
Maximum frame Size
:1600
MED Device information
Device class
:Network Connectivity
HardwareRev
FirmwareRev
SoftwareRev
SerialNum
Manufacturer name
LTD

Issue 02 (2012-03-30)

:AR01SRU1A VER.A
:128
:V200R002C00
:NA
:HUAWEI TECH CO.,

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

73

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Model name
:NA
Asset tracking identifier :NA
Media policy type
:Voice
Unknown
Policy
:Defined
VLAN tagged
:Yes
Media policy VlanID
:0
Media policy L2 priority :6
Media policy Dscp
:46
Power Type
:PSE
PoE PSE power source
:PSE
Port PSE Priority
:Low
Port Available power value:2

Run display lldp neighbor brief command to view the brief information about neighbors,
including local interface name, neighbor device name, neighbor interface name, and aging time.
<Huawei> display lldp neighbor brief
Local Intf
Neighbor Dev
Eth0/0/0
AR

Neighbor Intf
Eth0/0/0

Exptime
103

3.4 Maintaining LLDP


This section describes how to clear LLDP statistics and monitor LLDP status.

3.4.1 Clearing LLDP Statistics


To clear LLDP statistics, run the following reset command in the user view.

Procedure
l

Run the reset lldp statistics [ interface interface-type interface-number ] command to


clear LLDP statistics.

----End

3.4.2 Monitoring LLDP Status


To view LLDP status, run the following display commands.

Procedure
l

Run the display lldp local [ interface interface-type interface-number ] command to view
LLDP status in the entire system or on an interface.

Run the display lldp statistics [ interface interface-type interface-number ] command to


view statistics about packets sent and received on an interface.

Run the display lldp neighbor [ interface interface-type interface-number ] command to


view neighbor information of an interface.

----End

3.5 Configuration Examples


This section provides LLDP configuration examples.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

74

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

3.5.1 Example for Configuring LLDP on the Device That Has a


Single Neighbor
After LLDP is configured on the network devices, the NMS can obtain the network topology.
The following example describes how to configure LLDP on the devices that have a single
neighbor.

Networking Requirements
As shown in Figure 3-7, RouterA is directly connected to RouterB and media endpoint (ME).
The NMS needs to obtain Layer 2 information about RouterA, RouterB, and ME. By using the
Layer 2 information, a network administrator can learn about the detailed network topology
information and configuration conflicts. These requirements can be met by configuring LLDP
on RouterA and RouterB.
In addition, the administrator requires that RouterA and RouterB send LLDP traps to the NMS
when the LLDP management address changes, global LLDP is enabled or disabled, or the
neighbor information changes. This ensures that the administrator detects topology changes in
time.
The ME supports the LLDP function. Reachable routes exist between the NMS and Routers.
The SNMP parameters are set on all devices.
Figure 3-7 Configuring LLDP on the device that has a single neighbor
In te rn e t
NMS
R o u te r A
1 0 .1 0 .1 0 .1
E th e rn e t0 /0 /0

E th e rn e t0 /0 /1

E th e rn e t0 /0 /0

R o u te rB

ME

1 0 .1 0 .1 0 .2

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enable global LLDP on RouterA and RouterB.

2.

Configure management addresses for RouterA and RouterB.

3.

Enable the LLDP trap function on RouterA and RouterB.

Data Preparation
To complete the configuration, you need the following data:
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

75

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Management address 10.10.10.1 for RouterA and management address 10.10.10.2 for
RouterB

Procedure
Step 1 Enable global LLDP on RouterA and RouterB.
# Configure RouterA.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] lldp enable

# Configure RouterB.
<Huawei> system-view
[Huawei] sysname RouterB
[RouterB] lldp enable

Step 2 Configure management addresses for RouterA and RouterB.


# Configure RouterA.
[RouterA] lldp management-address 10.10.10.1

# Configure RouterB.
[RouterB] lldp management-address 10.10.10.2

Step 3 Enable the LLDP trap function on RouterA and RouterB.


# Configure RouterA.
[RouterA] snmp-agent trap enable

# Configure RouterB.
[RouterB] snmp-agent trap enable

Step 4 Verify the configuration.


# Check whether the LLDP function is enabled, management addresses are configured, and the
LLDP trap function is enabled.
l View the configurations on RouterA.
<RouterA> display lldp local
System
information
Chassis
type
:macAddress
Chassis ID
:
00e0-11fc-1710
System name
:RouterA
System description :Huawei AR1220 Huawei Versatile Routing Platform Software
V
RP (R) software,Version 5.100 (AR1220 V200R002C00) Copyright (C) 2000-2011
Huawei
Technologies Co., Ltd
System capabilities
supported
:bridge
System capabilities
enabled
:bridge
LLDP Up time
:2011/06/13
11:40:49
MED system
information
Device class

Issue 02 (2012-03-30)

:Network

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

76

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Connectivity
(MED inventory information of master
board)
HardwareRev
:AR01SRU1A
VER.A
FirmwareRev
:NA
SoftwareRev
:V200R002C00
SerialNum
:NA
Manufacturer name :HUAWEI TECH CO.,
LTD
Model
name
:NA
Asset tracking identifier :NA
System configuration
LLDP Status
LLDP Message Tx Interval
LLDP Message Tx Hold Multiplier
LLDP Refresh Delay
LLDP Tx Delay
LLDP Notification Interval
LLDP Notification Enable
Management Address

:enabled
:30
:4
:2
:2
:5
:enabled
:IP: 10.10.10.1

Remote Table Statistics:


Remote Table Last Change Time

:0 days, 5 hours, 57 minutes, 32 seconds

Remote Neighbors Added

:15

Remote Neighbors Deleted

:13

Remote Neighbors Dropped

:0

Remote Neighbors Aged

:0

Total Neighbors

:2

(default is disabled)
(default is 30s)
(default is 4)
(default is 2s)
(default is 2s)
(default is 5s)
(default is disabled)
MAC: 00e0-11fc-1710

Port information:
Interface GigabitEthernet0/0/0 currently is L3 interface.
Interface GigabitEthernet0/0/1 currently is L3 interface.
Interface Ethernet0/0/0:
LLDP Enable Status
:enabled
disabled)
Total Neighbors
:
1

(default is

Port ID
subtype
:interfaceName
Port ID
:Ethernet0/0/0
Port description
:HUAWEI, AR Series, Ethernet0/0/0 Interface
Port And Protocol VLAN ID(PPVID) don't
supported
Port VLAN ID(PVID) :
1
VLAN name of VLAN 1:
VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM
CFM
Auto-negotiation
supported
:Yes
Auto-negotiation
enabled
:Yes
OperMau
:speed(100)/duplex(Full)

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

77

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Power port
class
:PD
PSE power
supported
:No
PSE power
enabled
:No
PSE pairs control
ability:No
Power
pairs
:Unknown
Port power
classification:Unknown
Link aggregation
supported:Yes
Link aggregation
enabled :No
Aggregation port ID
0
Maximum frame Size
1628

:
:

MED port
information
Media policy type
:Voice
Unknown
Policy
:Defined
VLAN
tagged
:Yes
Media policy VlanID
0
Media policy L2 priority
6
Media policy Dscp
46

:
:
:

Power
Type
:Unknown
PoE PSE power
source
:Unknown
Port PSE
Priority
:Unknown
Port Available power value:
2

# View the neighbor information of RouterA.


<RouterA> display lldp neighbor interface ethernet 0/0/0
Ethernet0/0/0 has 1 neighbors:
Neighbor index :
1
Chassis
type
:macAddress
Chassis ID
:
00e0-11fc-1710
Port ID
type
:interfaceName
Port ID
:Ethernet0/0/0
Port description
:HUAWEI, AR Series, Ethernet0/0/0 Interface
System
name
:RouterB
System description :Huawei AR1220 Huawei Versatile Routing Platform Software
V
RP (R) software,Version 5.100 (AR1220 V200R002C00) Copyright (C) 2000-2011
Huawei
Technologies Co., Ltd
System capabilities

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

78

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

supported
:bridge
System capabilities
enabled
:bridge
Management address
type :ipV4
Management address
10.10.10.2
Expired time
:
104s

Port VLAN ID(PVID) :


1
VLAN name of VLAN 1:
VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM
CFM
Auto-negotiation
supported
:Yes
Auto-negotiation
enabled
:Yes
OperMau
:speed(100)/duplex(Full)
Power port
class
:PD
PSE power
supported
:No
PSE power
enabled
:No
PSE pairs control
ability:No
Power
pairs
:Unknown
Port power
classification:Unknown
Link aggregation
supported:Yes
Link aggregation
enabled :No
Aggregation port ID
0
Maximum frame Size
9216
MED Device
information
Device class
Connectivity

:
:

:Network

HardwareRev
VER.A
FirmwareRev
100
SoftwareRev
SerialNum
Manufacturer name
LTD
Model
name
:NA
Asset tracking
identifier :NA

:AR01SRU3A
:
:V200R002C00
:NA
:HUAWEI TECH CO.,

Media policy type


:Voice
Unknown
Policy
:Defined
VLAN
tagged
:Yes

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

79

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Media policy VlanID


:
0
Media policy L2 priority :
6
Media policy Dscp
:
46
Power
Type
:Unknown
PoE PSE power
source
:Unknown
Port PSE
Priority
:Unknown
Port Available power value:
2

l View the configurations on RouterB.


Similar to information about RouterA.
----End

Configuration Files
l

Configuration file of RouterA


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.10.10.1 255.255.255.0
#
lldp enable
#
snmp trap enable
#
lldp management-address 10.10.10.1
#
return

Configuration file of RouterB


#
sysname RouterB
#
interface GigabitEthernet1/0/0
ip address 10.10.10.2 255.255.255.0
#
lldp enable
#
snmp trap enable
#
lldp management-address 10.10.10.2
#
return

3.5.2 Example for Configuring LLDP on the Device That Has


Multiple Neighbors
After LLDP is configured on the network devices, the NMS can obtain the network topology.
The following example describes how to configure LLDP on the devices that have multiple
neighbors.

Networking Requirements
As shown in Figure 3-8, RouterA, RouterB, and RouterC are connected through an unknown
network. The unknown network is not managed by the NMS, but can transparently transmit
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

80

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

LLDP packets. The NMS needs to obtain Layer 2 information about RouterA, RouterB, and
RouterC. By using the Layer 2 information, a network administrator can know the detailed
network topology information and configuration conflicts. These requirements can be met by
configuring LLDP on RouterA, RouterB, and RouterC.
The NMS has reachable routes to RouterA, RouterB, and RouterC and SNMP parameters are
set on all devices.
Figure 3-8 Configuring LLDP on the device that has multiple neighbors

SNMP

SNMP

NMS

RouterF

LL LLDPDU
D
PD
U

RouterE

10.10.10.1

LLDPDU

LL
D
PD
U

RouterD

LL
D
PD

10.10.10.2

RouterA
RouterB
LLDP interface

NMS: Network Management System

10.10.10.3
RouterC
SNMP packet
LLDPDU packet

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enable global LLDP on RouterA, RouterB, and RouterC.

2.

Configure management addresses for RouterA, RouterB, and RouterC.

Data Preparation
To complete the configuration, you need the following data:
l

Management addresses for RouterA, RouterB, and RouterC

Procedure
Step 1 Enable global LLDP on RouterA, RouterB, and RouterC.
# Configure RouterA.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

81

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] lldp enable

# Configure RouterB.
Same as the configurations on RouterA.
# Configure RouterC.
Same as the configurations on RouterA.
Step 2 Configure management addresses for RouterA, RouterB, and RouterC.
# Configure RouterA.
[RouterA] lldp management-address 10.10.10.1

# Configure RouterB.
[RouterB] lldp management-address 10.10.10.2

# Configure RouterC.
[RouterC] lldp management-address 10.10.10.3

Step 3 Verify the configuration.


# Check whether LLDP function is enabled and management addresses are configured.
l View the configurations on RouterA.
<RouterA> display lldp local
System
information
Chassis
type
:macAddress
Chassis ID
:
00e0-11fc-1710
System
name
:RouterA
System description :Huawei AR1220 Huawei Versatile Routing Platform Software
V
RP (R) software,Version 5.100 (AR1220 V200R002C00) Copyright (C) 2000-2011
Huawei
Technologies Co., Ltd
System capabilities
supported
:bridge
System capabilities
enabled
:bridge
LLDP Up time
:2010/11/13
11:40:49
MED system
information
Device class
:Network
Connectivity
(MED inventory information of master
board)
HardwareRev
:AR01SRU1A
VER.A
FirmwareRev
:NA
SoftwareRev
:V200R002C00
SerialNum
:NA
Manufacturer name :HUAWEI TECH CO.,
LTD
Model
name
:NA

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

82

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Asset tracking identifier :NA


System configuration
LLDP Status
LLDP Message Tx Interval
LLDP Message Tx Hold Multiplier
LLDP Refresh Delay
LLDP Tx Delay
LLDP Notification Interval
LLDP Notification Enable
Management Address

:enabled
:30
:4
:2
:2
:5
:enabled
:IP: 10.10.10.1

Remote Table Statistics:


Remote Table Last Change Time

:0 days, 5 hours, 57 minutes, 32 seconds

Remote Neighbors Added

:15

Remote Neighbors Deleted

:13

Remote Neighbors Dropped

:0

Remote Neighbors Aged

:0

Total Neighbors

:2

(default is disabled)
(default is 30s)
(default is 4)
(default is 2s)
(default is 2s)
(default is 5s)
(default is disabled)
MAC: 00e0-11fc-1710

Port information:
Interface GigabitEthernet0/0/0 currently is L3 interface.
Interface GigabitEthernet0/0/1 currently is L3 interface.
Interface Ethernet0/0/0:
LLDP Enable Status
:enabled
disabled)
Total Neighbors
:
1

(default is

Port ID
subtype
:interfaceName
Port ID
:Ethernet0/0/0
Port description
:HUAWEI, AR Series, Ethernet0/0/0 Interface
Port And Protocol VLAN ID(PPVID) don't
supported
Port VLAN ID(PVID) :
1
VLAN name of VLAN 1:
VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM
CFM
Auto-negotiation
supported
:Yes
Auto-negotiation
enabled
:Yes
OperMau
:speed(100)/duplex(Full)
Power port
class
:PD
PSE power
supported
:No
PSE power
enabled
:No
PSE pairs control
ability:No
Power
pairs
:Unknown
Port power
classification:Unknown

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

83

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Link aggregation
supported:Yes
Link aggregation
enabled :No
Aggregation port ID
0
Maximum frame Size
1628

:
:

MED port
information
Media policy type
:Voice
Unknown
Policy
:Defined
VLAN
tagged
:Yes
Media policy VlanID
0
Media policy L2 priority
6
Media policy Dscp
46

:
:
:

Power
Type
:Unknown
PoE PSE power
source
:Unknown
Port PSE
Priority
:Unknown
Port Available power value:
2
---- More
----

# View the neighbor information of RouterA.


<RouterA> display lldp neighbor interface ethernet 0/0/0
Ethernet0/0/0 has 1 neighbors:
Neighbor index :
1
Chassis
type
:macAddress
Chassis ID
:
00e0-11fc-1710
Port ID
type
:interfaceName
Port ID
:Ethernet0/0/0
Port description
:HUAWEI, AR Series, Ethernet0/0/0 Interface
System name
:RouterB
System description :Huawei AR1220 Huawei Versatile Routing Platform Software
V
RP (R) software,Version 5.100 (AR1220 V200R002C00) Copyright (C) 2000-2011
Huawei
Technologies Co., Ltd
System capabilities
supported
:bridge
System capabilities
enabled
:bridge
Management address
type :ipV4
Management address
:
10.10.10.2
Expired time
:
104s
Port VLAN ID(PVID)
1

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

84

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

VLAN name of VLAN


VLAN1
Protocol identity
CFM

1:
:STP RSTP/MSTP LACP EthOAM

Auto-negotiation
supported
:Yes
Auto-negotiation
enabled
:Yes
OperMau
:speed(100)/duplex(Full)
Power port
class
:PD
PSE power
supported
:No
PSE power
enabled
:No
PSE pairs control
ability:No
Power
pairs
:Unknown
Port power
classification:Unknown
Link aggregation
supported:Yes
Link aggregation
enabled :No
Aggregation port ID
0
Maximum frame Size
9216
MED Device
information
Device class
Connectivity

:
:

:Network

HardwareRev
VER.A
FirmwareRev
100
SoftwareRev
SerialNum
Manufacturer name
LTD
Model
name
:NA
Asset tracking
identifier :NA

:AR01SRU3A
:
:V200R002C00
:NA
:HUAWEI TECH CO.,

Media policy type


:Voice
Unknown
Policy
:Defined
VLAN
tagged
:Yes
Media policy VlanID
:
0
Media policy L2 priority :
6
Media policy Dscp
:
46
Power
Type
:Unknown
PoE PSE power
source
:Unknown
Port PSE
Priority
:Unknown

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

85

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Port Available power value:


2

l View the configurations on RouterB.


Same as information about RouterA.
l View the configurations on RouterC.
Same as information about RouterA.
----End

Configuration Files
l

Configuration file of RouterA


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.10.10.1 255.255.255.0
#
lldp enable
#
lldp management-address 10.10.10.1
#
return

Configuration file of RouterB


#
sysname RouterB
#
interface interface GigabitEthernet1/0/0
ip address 10.10.10.2 255.255.255.0
#
lldp enable
#
lldp management-address 10.10.10.2
#
return

Configuration file of RouterC


#
sysname RouterC
#
interface GigabitEthernet1/0/0
ip address 10.10.10.3 255.255.255.0
#
lldp enable
#
lldp management-address 10.10.10.3
#
return

3.5.3 Example for Configuring LLDP on the Network Where Link


Aggregation Is Configured
After LLDP is configured on the interfaces of network devices, the NMS can obtain the network
topology. The following example describes how to configure LLDP on the network where link
aggregation is configured.

Networking Requirements
As shown in Figure 3-9, RouterA and RouterB need to be connected by an Eth-Trunk. The NMS
needs to obtain the Layer 2 information between the Routers. By using the Layer 2 information,
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

86

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

a network administrator can know the detailed topology information and configuration errors
on the devices outside the unknown network. These requirements can be met by configuring
LLDP on RouterA and RouterB.
The NMS has reachable routes to RouterA and RouterB and SNMP parameters are set on all
devices.
Figure 3-9 Configuring LLDP on the network where link aggregation is configured

NMS

Network

Eth-Trunk
Enterprise
User

RouterA

RouterB

10.10.10.1

10.10.10.2

Enterprise
User

Configuration Roadmap
The configuration roadmap is as follows:
1.

Add the physical interfaces of RouterA and RouterB to the Eth-Trunk.

2.

Enable global LLDP on RouterA and RouterB.

3.

Configure management addresses for RouterA and RouterB.

Data Preparation
To complete the configuration, you need the following data:
l

Management address 10.10.10.1 for RouterA and management address 10.10.10.2 for
RouterB

Number of the Eth-Trunk between RouterA and RouterB, and numbers of the interfaces
added to the Eth-Trunk

Procedure
Step 1 Configure the Eth-Trunk between RouterA and RouterB.
# Configure RouterA.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] vlan batch 100
[RouterA] interface eth-trunk 1

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

87

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management
[RouterA-Eth-Trunk1]
[RouterA-Eth-Trunk1]
[RouterA-Eth-Trunk1]
[RouterA-Eth-Trunk1]

3 LLDP Configuration
trunkport ethernet 0/0/0 to 0/0/2
port link-type trunk
port trunk allow-pass vlan 100
quit

# Configure RouterB.
Same as the configurations on RouterA.
Step 2 Enable global LLDP on RouterA and RouterB.
# Configure RouterA.
[RouterA] lldp enable

# Configure RouterB.
Same as the configurations on RouterA.
Step 3 Configure management addresses for RouterA and RouterB.
# Configure RouterA.
[RouterA] lldp management-address 10.10.10.1

# Configure RouterB.
[RouterB] lldp management-address 10.10.10.2

Step 4 Verify the configuration.


l View the configurations on RouterA.
# Check whether the physical interfaces are added to Eth-Trunk1.
[RouterA] display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: NORMAL
Hash arithmetic: According to SA-XOR-DA
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber:
8
Operate status: up
Number Of Up Port In Trunk:
3
------------------------------------------------------------------------------PortName
Status
Weight
Ethernet0/0/0
Up
1
Ethernet0/0/1
Up
1
Ethernet0/0/2
Up
1

# View the LLDP configurations.


<RouterA> display lldp local
System
information
Chassis
type
:macAddress
Chassis ID
:
00e0-11fc-1710
System
name
:RouterA
System description :Huawei AR1220 Huawei Versatile Routing Platform Software
V
RP (R) software,Version 5.100
(AR1220 V200R002C00) Copyright (C) 2000-2011 Huawei
Technologies Co., Ltd
System capabilities
supported
:bridge
System capabilities

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

88

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

enabled
:bridge
LLDP Up time
:2010/12/13
11:40:49
MED system
information
Device class
:Network
Connectivity
(MED inventory information of master
board)
HardwareRev
:AR01SRU1A
VER.A
FirmwareRev
:NA
SoftwareRev
:V200R002C00
SerialNum
:NA
Manufacturer name :HUAWEI TECH CO.,
LTD
Model
name
:NA
Asset tracking identifier :NA
System configuration
LLDP Status
LLDP Message Tx Interval
LLDP Message Tx Hold Multiplier
LLDP Refresh Delay
LLDP Tx Delay
LLDP Notification Interval
LLDP Notification Enable
Management Address

:enabled
:30
:4
:2
:2
:5
:enabled
:IP: 10.10.10.1

Remote Table Statistics:


Remote Table Last Change Time

:0 days, 5 hours, 57 minutes, 32 seconds

Remote Neighbors Added

:15

Remote Neighbors Deleted

:13

Remote Neighbors Dropped

:0

Remote Neighbors Aged

:0

Total Neighbors

:2

(default is disabled)
(default is 30s)
(default is 4)
(default is 2s)
(default is 2s)
(default is 5s)
(default is disabled)
MAC: 00e0-11fc-1710

Port information:
Interface GigabitEthernet0/0/0 currently is L3 interface.
Interface GigabitEthernet0/0/1 currently is L3 interface.
Interface Ethernet0/0/0:
LLDP Enable Status
:enabled
disabled)
Total Neighbors
:
1

(default is

Port ID
subtype
:interfaceName
Port ID
:Ethernet0/0/0
Port description
:HUAWEI, AR Series, Ethernet0/0/0 Interface
Port And Protocol VLAN ID(PPVID) don't
supported
Port VLAN ID(PVID) :
1
VLAN name of VLAN 1 :
VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM
CFM

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

89

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Auto-negotiation
supported
:Yes
Auto-negotiation
enabled
:Yes
OperMau
:speed(100)/duplex(Full)
Power port
class
:PD
PSE power
supported
:No
PSE power
enabled
:No
PSE pairs control
ability:No
Power
pairs
:Unknown
Port power
classification:Unknown
Link aggregation
supported:Yes
Link aggregation
enabled :No
Aggregation port ID
0
Maximum frame Size
1628

:
:

MED port
information
Media policy type
:Voice
Unknown
Policy
:Defined
VLAN
tagged
:Yes
Media policy VlanID
0
Media policy L2 priority
6
Media policy Dscp
46

:
:
:

Power
Type
:Unknown
PoE PSE power
source
:Unknown
Port PSE
Priority
:Unknown
Port Available power value:
2
Interface Ethernet0/0/1:
LLDP Enable Status
:enabled
disabled)
Total Neighbors
:
1

(default is

Port ID
subtype
:interfaceName
Port ID
:Ethernet0/0/1
Port description
:HUAWEI, AR Series, Ethernet0/0/1 Interface
Port And Protocol VLAN ID(PPVID) don't
supported
Port VLAN ID(PVID) :
1

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

90

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

VLAN name of VLAN 1:


VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM
CFM
Auto-negotiation
supported
:Yes
Auto-negotiation
enabled
:Yes
OperMau
:speed(100)/duplex(Full)
Power port
class
:PD
PSE power
supported
:No
PSE power
enabled
:No
PSE pairs control
ability:No
Power
pairs
:Unknown
Port power
classification:Unknown
Link aggregation
supported:Yes
Link aggregation
enabled :No
Aggregation port ID
0
Maximum frame Size
1628

:
:

MED port
information
Media policy type
:Voice
Unknown
Policy
:Defined
VLAN
tagged
:Yes
Media policy VlanID
0
Media policy L2 priority
6
Media policy Dscp
46

:
:
:

Power
Type
:Unknown
PoE PSE power
source
:Unknown
Port PSE
Priority
:Unknown
Port Available power value:
2
Interface Ethernet0/0/2:
LLDP Enable Status
:enabled
disabled)
Total Neighbors
:
1

(default is

Port ID
subtype
:interfaceName
Port ID
:Ethernet0/0/2
Port description
:HUAWEI, AR Series, Ethernet0/0/2 Interface

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

91

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Port And Protocol VLAN ID(PPVID) don't


supported
Port VLAN ID(PVID) :
1
VLAN name of VLAN 1:
VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM
CFM
Auto-negotiation
supported
:Yes
Auto-negotiation
enabled
:Yes
OperMau
:speed(100)/duplex(Full)
Power port
class
:PD
PSE power
supported
:No
PSE power
enabled
:No
PSE pairs control
ability:No
Power
pairs
:Unknown
Port power
classification:Unknown
Link aggregation
supported:Yes
Link aggregation
enabled :No
Aggregation port ID
0
Maximum frame Size
1628

:
:

MED port
information
Media policy type
:Voice
Unknown
Policy
:Defined
VLAN
tagged
:Yes
Media policy VlanID
0
Media policy L2 priority
6
Media policy Dscp
46

:
:
:

Power
Type
:Unknown
PoE PSE power
source
:Unknown
Port PSE
Priority
:Unknown
Port Available power value:
2

# View the neighbor information of RouterA.


[RouterA] display lldp neighbor brief
Local Intf
Neighbor Dev
Neighbor Intf
Exptime
Eth0/0/0
RouterB
Eth0/0/0
Eth0/0/1
RouterB
Eth0/0/1
Eth0/0/2
RouterB
Eth0/0/2

115
115
115

l View the configurations on RouterB.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

92

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

3 LLDP Configuration

Same as information about RouterA.


----End

Configuration Files
l

Configuration file of RouterA


#
sysname RouterA
#
vlan batch 100
#
interface GigabitEthernet1/0/0
ip address 10.10.10.1 255.255.255.0
#
lldp enable
#
lldp management-address 10.10.10.1
#
interface Eth-Trunk1
port link-type
trunk
port trunk allow-pass vlan 100
#
interface Ethernet0/0/0
eth-trunk 1
#
interface Ethernet0/0/1
eth-trunk 1
#
interface Ethernet0/0/2
eth-trunk 1
#
return

Configuration file of RouterB


#
sysname RouterB
#
interface GigabitEthernet1/0/0
ip address 10.10.10.2 255.255.255.0
#
vlan batch 100
#
lldp enable
#
lldp management-address 10.10.10.2
#
interface Eth-Trunk1
port link-type
trunk
port trunk allow-pass vlan 100
#
interface Ethernet0/0/0
eth-trunk 1
#
interface Ethernet0/0/1
eth-trunk 1
#
interface Ethernet0/0/2
eth-trunk 1
#
return

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

93

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4 CWMP Configuration

CWMP Configuration

About This Chapter


This chapter describes the basic concept, configuration procedures, and configuration examples
of CWMP.
4.1 CWMP Overview
CWMP defines a communication mechanism between CPEs and ACSs, and allows an ACS to
manage CPEs in a uniform manner.
4.2 CWMP Features Supported by the AR1200-S
The AR1200-S functions as a CPE. The ACS requires a connection to the CPE in order to manage
it. During connection setup, the CPE or ACS needs to be authenticated. The connection can be
set up only after the CPE or ACS is authenticated. After the connection is set up, the ACS invokes
Remote Procedure Call (RPC) methods to manage and maintain the CPE.
4.3 Configuring CWMP
This section describes how to configure CWMP.
4.4 Configuration Examples
This chapter provides CWMP configuration examples.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

94

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4 CWMP Configuration

4.1 CWMP Overview


CWMP defines a communication mechanism between CPEs and ACSs, and allows an ACS to
manage CPEs in a uniform manner.

Introduction to CWMP
The CPE WAN Management Protocol (CWMP) is drafted by the Digital Subscriber's Line (DSL)
forum. It is also called TR-069 standard. CWMP is applicable to DSL networks. On a DSL
network, device management is difficult because there are many user-side devices distributed
at different locations. CWMP defines that the customer premises equipment (CPE) is remotely
managed by an auto-configuration server (ACS). CWMP facilitates CPE management, reduces
maintenance and operation costs, and improves troubleshooting efficiency.

CWMP Network Model


Figure 4-1 shows the CWMP network model.
Figure 4-1 CWMP network model

DHCP Server

DNS Server

IP Network
CPE

ACS

A CWMP network model consists of:


l

ACS: manages and maintains CPEs on the network.

CPE: managed by the ACS.

DNS server: defines that an ACS and a CPE use URL to identify and access each other.
DNS resolves the URL.

DHCP server: assigns IP addresses to ACSs and CPEs, and sets parameters for CPEs by
using the Options field in DHCP packets.
NOTE

The AR1200-S functions as a CPE.

4.2 CWMP Features Supported by the AR1200-S


The AR1200-S functions as a CPE. The ACS requires a connection to the CPE in order to manage
it. During connection setup, the CPE or ACS needs to be authenticated. The connection can be
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

95

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4 CWMP Configuration

set up only after the CPE or ACS is authenticated. After the connection is set up, the ACS invokes
Remote Procedure Call (RPC) methods to manage and maintain the CPE.

Auto Connection Between ACS and CPE


A session can be initiated by a CPE or an ACS.
Both the CPE and the ACS are allowed to initiate connections. This avoids the need for a
persistent connection to be maintained between each CPE and an ACS to reduce use of network
resources and costs.
l

A session initiated by a CPE


A CPE can connect to an ACS automatically by sending an Inform message. After the CPE
is authenticated by the ACS, the connection can be set up. The following conditions may
trigger an auto connection:
After startup, the CPE finds the corresponding ACS according to the obtained URL,
and automatically initiates a connection with the ACS.
The CPE is configured to send Inform messages periodically. The CPE automatically
send an Inform message at the specified interval (1 hour for example) to set up
connections.
The CPE is configured to send Inform messages at a specific time. The CPE
automatically send an Inform message on schedule to set up connections.
The session setup is interrupted unexpectedly. If the number of CPE auto-connection
retries has not reached the upper limit, the CPE automatically sets up a new connection.

A session initiated by an ACS


An ACS can initiate a Connect Request to a CPE at any time. After the CPE authenticates
the request, a session can be set up.
This mode requires that the CPE have successfully set up a connection with the ACS. The
ACS then stores the IP address of the CPE in its own address list so that the ACS can initiate
connections with the CPE.

SSL
Security Socket Layer (SSL) is a security protocol developed by Netscape. It uses public keys
to ensure secure and reliable communication between two ends. Communication data between
clients and the server is encrypted to prevent interception.
SSL operates independently of application-layer protocols. Any types of application-layer
protocols (including HTTP, FTP, and Telnet) can set up connections based on SSL. SSL finishes
data encryption, key negotiation, and server authentication before the application-layer protocols
set up connections. Therefore, all data transmitted by the application-layer protocols is
encrypted.

CPE Management and Maintenance


After setting up a connection with the ACS, the ACS can manage and maintain the CPE by using
RPC methods defined by the CWMP protocol. The ACS provides the following functions:
l

CPE auto-configuration
When a CPE has set up a connection with an ACS, the ACS automatically delivers
configurations to the CPE. Auto-configuration parameters include:

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

96

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4 CWMP Configuration

Address of the ACS


User name of the ACS
Password of the ACS
Flag indicating that Inform messages are sent automatically
Interval at which Inform messages are sent
Time when Inform messages are sent
User name of the CPE
Password of the CPE
l

CPE file uploading and downloading


A network administrator can store the key files such as system startup files and
configuration files to the file server. If the ACS detects that a file is updated, it requests the
CPE to download the file. After the CPE receives the request, it automatically downloads
the file from the specified file server according to the file name and download address
provided in the ACS request. After downloading the file, the CPE checks file validity and
reports the download result to the ACS.

CPE status and performance monitoring


An ACS monitors the status and performance of all the connected CPEs. Different CPEs
have different performance and functions. Therefore, an ACS must be able to identify each
type of CPE and monitor the configurations and configuration changes of each CPE.
CWMP allows network administrators to define monitoring parameters and obtain the CPE
status and statistics by using an ACS.
NOTE

The configurations on the ACS are not mentioned here.

4.3 Configuring CWMP


This section describes how to configure CWMP.

4.3.1 Establishing the Configuration Task


Applicable Environment
The CPEs enabled with CWMP can be remotely managed by an ACS. The CWMP function
facilitates CPE management, saves maintenance costs, and improves troubleshooting efficiency.

Pre-configuration Tasks
Before configuring CWMP, complete the following tasks:
l

Ensuring that there is a reachable route between the router and the ACS

Assigning an IP address to the interface connected to the ACS

Data Preparation
To configure CWMP, you need the following data.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

97

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4 CWMP Configuration

No.

Data

URL, user name, and password used by the router to connect to the ACS

user name and password used by the ACS to connect to the router

Name and number of the interface used by the router to communicate with the
ACS

Interval at which the CPE sends Inform messages

Date and time when the CPE sends an Inform message

Number of auto-connection attempts

Close-wait timer of the CPE

4.3.2 Enabling the CWMP Function


The CWMP configurations take effect only after the CWMP function is enabled.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
cwmp

The CWMP view is displayed.


Step 3 Run:
cwmp enable

The CWMP function is enabled.


----End

4.3.3 Configuring CWMP Auto-Connection


To allow the ACS to manage the CPE, set up a connection between the ACS and the CPE.

Context
How a CPE obtains the URL of ACS
To set up a connection with an ACS, the CPE must obtain the URL of the ACS. The AR1200S supports three methods to obtain the URL.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

98

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4 CWMP Configuration

Method

Description

Applicable Scenario

DHCP

The URL is specified by


Option 43 on a DHCP server.
When the CPE accesses the
DHCP server, the DHCP
server sends the URL to the
CPE.

The IP addresses of the ACS


and CPE are assigned by a
DHCP server.

Auto-delivery by ACS

When the URL of the ACS


changes, the ACS
automatically delivers the
updated URL to the CPE.

A connection has been set up


between the ACS and the
CPE.

Local configuration on the


CPE

The URL of the ACS is


configured on the CPE by
using commands.

The CPE executes


commands to set up a
connection with the ACS.

NOTE

In the following configuration procedure, only the local configuration on the CPE is mentioned.

The ACS's URL is in the HTTP or HTTPS format. The HTTPS format can ensure the
communication security and data integrity between the ACS and CPE.
Auto connection between ACS and CPE
A session can be initiated by a CPE or an ACS.
Both the CPE and the ACS are allowed to initiate connections. This avoids the need for a
persistent connection to be maintained between each CPE and an ACS. The following
configuration procedure shows how a CPE initiates a connection with the ACS.
To set up a connection, the CPE sends Inform messages to the ACS. You can configure the CPE
to automatically send Inform messages to the ACS by setting Inform message parameters. The
CPE can use two methods to send Inform messages.

Issue 02 (2012-03-30)

Method

Advantage

Disadvantage

Applicable
Scenario

Sending Inform
messages
periodically

This avoids the need


for a persistent
connection to be
maintained between
each CPE and an
ACS.

If the interval is
short, the CPE
frequently sends
Inform messages,
which occupy many
network resources.

The connections
between the CPE and
the ACS need to be
maintained
periodically, and
routine maintenance
needs to be
performed on the
ACS and CPE.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

99

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4 CWMP Configuration

Method

Advantage

Disadvantage

Applicable
Scenario

Sending an Inform
message at a
specified time

The CPE can initiate


a connection with the
ACS at the specified
time. This method is
flexible.

The CPE sends an


Inform message only
once.

A connection
between the CPE and
the ACS needs to be
set up at the specified
time.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
cwmp

The CWMP view is displayed.


Step 3 Run:
cwmp acs url url

The ACS's URL to which the CPE connects is specified.


Step 4 The CPE can use the following methods to send Inform messages:
l

Sending Inform messages periodically

1.

Run:
cwmp cpe inform interval enable

The CPE is enabled to periodically send Inform messages.


By default, the CPE does not periodically send Inform messages.
2.

Run:
cwmp cpe inform interval

The interval at which a CPE sends Inform messages is set.


By default, a CPE sends an Inform message every 600 seconds.
l

Sending an Inform message at a specified time

1.

Run:
cwmp cpe inform time time

The time when a CPE sends an Inform message is set.


By default, no time is specified for the CPE to send an Inform message.
NOTE

You can configure either one or both methods.

----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

100

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4 CWMP Configuration

4.3.4 Setting CWMP Connection Parameters


CWMP connection parameters include CWMP connection interface, authentication parameters,
maximum number of connection attempts, and close-wait timer.

Context
CWMP connection interface
A CWMP connection interface refers to the interface on the CPE connected to the ACS. The
Inform message sent by a CPE to an ACS contains the IP address of the CWMP connection
interface. After authenticating the CPE, the ACS connects to this IP address and saves the IP
address in its own address list. When the ACS initiates a connection with the CPE, the ACS
sends an HTTP packet containing this IP address.
Generally, a CPE chooses an interface from all the interfaces to which the ACS have reachable
routes; if you need to specify a certain interface to connect the CPE to an ACS, use the cwmp
cpe connect interface command.
Authentication parameters
The ACS and the CPE can authenticate each other:
l

The ACS authenticates the CPE: After the CPE sends an Inform message containing a URL
address to the ACS, the ACS authenticates the CPE by using the user name and password.
After being authenticated, the CPE can set up a connection with the ACS.

The CPE authenticates the ACS: After the ACS sends an HTTP packet containing the IP
address of the CPE, the CPE authenticates the ACS by using the user name and password.
After being authenticated, the ACS can set up a connection with the CPE.

Maximum number of connection attempts


If the CPE fails to set up a connection with the ACS or a connection is torn down unexpectedly,
the CPE can be configured to automatically re-set up the connection. If the connection is still
failed when the maximum number of connection attempts is reached, the CPE does not initiate
connections with the ACS until the specified interval expires or at the specified time.
Close-wait timer of the CPE
The close-wait timer is used in either of the following scenarios:
l

After sending an Inform message to the ACS, if the CPE does not receive a response within
the close-wait timer, the CPE considers that the connection fails.

After a connection is set up, if the CPE and the ACS do not exchange any messages within
the close-wait timer, the CPE considers that the connection is invalid and tears down the
connection.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
cwmp

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

101

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4 CWMP Configuration

The CWMP view is displayed.


Step 3 Run:
cwmp cpe connect interface interface-type interface-number

The CWMP connection interface is specified.


Step 4 Setting parameters for authenticating the CPE
1.

Run:
cwmp acs username username

The user name used to connect the CPE to the ACS is configured.
2.

Run:
cwmp acs password password

The password used to connect the CPE to the ACS is configured.


Step 5 Setting parameters for authenticating the ACS
1.

Run:
cwmp cpe username username

The user name used to connect the ACS to the CPE is configured.
2.

Run:
cwmp cpe password password

The password used to connect the ACS to the CPE is configured.


Step 6 Run:
cwmp cpe connect retry times

The maximum number of attempts the CPE can make to retry a connection is set.
By default, the maximum number of attempts is 3.
Step 7 Run:
cwmp cpe wait timeout seconds

The close-wait timer of the CPE is set.


By default, the close-wait timer is 30 seconds.
----End

4.3.5 Configuring CWMP SSL


CWMP SSL ensures communication security and data integrity between the ACS and CPE.

Context
Security Socket Layer (SSL) is a security protocol developed by Netscape. It uses public keys
to ensure secure and reliable communication between two ends. Communication data between
clients and the server is encrypted to prevent interception.
The CPE must validate the ACS when using the ACS URL in the HTTPS format. After validating
the certificate, the CPE sets up an SSL connection with the ACS.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

102

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4 CWMP Configuration

NOTE

Certificate contains personal or an enterprise's information and public key:


l

Public key: The two ends share a public key to encrypt data and verify signatures.

Private key: Each end has a private key to decrypt data and sign signature.

Signature: Information containing a signature cannot be modified by anyone except the creator. It
ensures data security and integrity.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
cwmp

The CWMP view is displayed.


Step 3 Run:
cwmp acs url url

The ACS URL to which the CPE connects is specified.


NOTE

The ACS URL must be in the HTTPS format.

Step 4 Run:
cwmp ssl-client { client-root-cert { rootcert-path1 } [ rootcert-path2 ] | sslpolicy policy-name }

The CPE is configured to validate the certificate from the ACS.


NOTE

The system time must be correctly set; otherwise, certificate validation may fail. To use a new certificate,
uninstall the existing certificate first.
Before configuring a CPE to authenticate the ACS using an SSL policy, run the ssl policy policy-name
type client command to configure the SSL policy on the CPE.

----End

4.3.6 Checking the Configuration


Prerequisites
All the CWMP configurations are complete.

Procedure
l

Run the display cwmp configuration command to check CWMP configurations on the
AR1200-S.

Run the display cwmp status to check CWMP status on the AR1200-S.

----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

103

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4 CWMP Configuration

Example
The display cwmp configuration command output includes the CWMP function status, URL
of the ACS, user name and password, Inform message sending status, interval for sending Inform
messages, time when an Inform message is sent, close-wait timer, and maximum number of
connection attempts.
<Huawei> display cwmp configuration
CWMP is enabled
ACS URL:
ACS username:
ACS password:
Inform enable status:
Inform interval:
Inform time:
Wait timeout:
Reconnection times:

http://www.acs.com:80/acs
newacsname
newacspsw
enabled
1000s
2011-01-01T20:00:00
100s
5

The display cwmp status command output includes the CWMP function status, URL of the
ACS, user name and password, method to obtain the URL of the ACS, status of the connection
between the CPE and the ACS, and time when the last connection is set up.
<Huawei> display cwmp status
CWMP is enabled
ACS URL:
ACS information is set by:
ACS username:
ACS password:
Connection status:
Time of last successful connection:

http://www.acs.com:80/acs
user
newacsname
newacspsw
connected
2010-12-01T20:00:00

4.4 Configuration Examples


This chapter provides CWMP configuration examples.

4.4.1 Example for Configuring CWMP


By using the CWMP function, an ACS can manage CPEs.

Networking Requirements
As shown in Figure 4-2, multiple hosts in Enterprise A access an enterprise gateway Router.
The Router connects to the Internet.
Enterprise A requires a service to upgrade Router software and hardware remotely, download
configuration files to the Router automatically, and restart the Router remotely during upgrade
or troubleshooting. The CWMP function needs to be configured on the Router to provide these
functions.
Figure 4-2 The ACS manages the Router by using CWMP
R o u te r

G E 1 /0 /0
1 0 .1 .1 .1 /2 4

ACS
1 0 .2 .1 .1 /2 4
In te rn e t

E n te rp ris e A

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

104

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4 CWMP Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enable the CWMP function on the Router.

2.

Enable the Router to initiate connections with the ACS automatically.

3.

Set the CWMP connection parameters on the Router.

Data Preparation
To complete the configuration, you need the following data:
l

URL of the ACS

IP address of the Router

Procedure
Step 1 Configure an interface address on the Router according to Figure 4-2 and ensure that there is a
reachable route between the Router and the ACS. The configuration procedure is not mentioned
here.
Step 2 Enable the CWMP function on the Router.
<Huawei> system-view
[Huawei] sysname Router
[Router] cwmp
[Router-cwmp] cwmp enable

Step 3 Configure the Router to automatically initiate connections.


# Configure the URL used by the Router to connect to the ACS.
[Router-cwmp] cwmp acs url http://www.acs.com:80/acs

# Enable the Router to send Inform messages.


[Router-cwmp] cwmp cpe inform interval enable

# Set the interval at which the Router sends Inform messages to 1000 seconds.
[Router-cwmp] cwmp cpe inform interval 1000

# Configure the Router to send an Inform message at 2011-01-01 20:00:00.


[Router-cwmp] cwmp cpe inform time 2011-01-01T20:00:00

Step 4 Set CWMP parameters on the Router.


# Configure the interface on the Router to connect to the ACS.
[Router-cwmp] cwmp cpe connect interface gigabitethernet 1/0/0

# Set parameters for authenticating the Router.


[Router-cwmp] cwmp acs username newacsname
[Router-cwmp] cwmp acs password newacspsw

# Set parameters for authenticating the ACS.


[Router-cwmp] cwmp cpe username newcpename
[Router-cwmp] cwmp cpe password newcpepsw

# Set the maximum number of connection attempts to 5.


[Router-cwmp] cwmp cpe connect retry 5

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

105

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4 CWMP Configuration

# Set the close-wait timer of the Router to 100 seconds.


[Router-cwmp] cwmp cpe wait timeout 100

Step 5 Verify the configuration.


You can see the CWMP function status, URL of the ACS, user name and password, Inform
message sending status, interval for sending Inform messages, time when an Inform message is
sent, close-wait timer, and maximum number of connection attempts.
<Router> display cwmp configuration
CWMP is enabled
ACS URL:
ACS username:
ACS password:
Inform enable status:
Inform interval:
Inform time:
Wait timeout:
Reconnection times:

http://www.acs.com:80/acs
newacsname
newacspsw
enabled
1000s
2011-01-01T20:00:00
100s
5

You can see the CWMP function status, URL of the ACS, user name and password, method to
obtain the URL of the ACS, status of the connection between the CPE and the ACS, and time
when the last connection is set up.
<Router> display cwmp status
CWMP is enabled
ACS URL:
ACS information is set by:
ACS username:
ACS password:
Connection status:
Time of last successful connection:

http://www.acs.com:80/acs
user
newacsname
newacspsw
connected
2010-12-01T20:00:00

----End

Configuration Files
Configuration file of the Router
#
sysname Router
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
cwmp
cwmp cpe inform interval enable
cwmp acs url http://www.acs.com:80/acs
cwmp acs username newacsname
cwmp acs password newacspsw
cwmp cpe username newcpename
cwmp cpe password newcpepsw
cwmp cpe inform interval 1000
cwmp cpe connect retry 5
cwmp cpe wait timeout 100
cwmp cpe connect interface GigabitEthernet 1/0/0
#
return

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

106

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

NTP Configuration

About This Chapter


This chapter describes how to configure Network Time Protocol (NTP) to make clocks of the
devices on the network identical.
5.1 Overview of NTP
This section describes NTP.
5.2 Configuring Basic NTP Functions
This section describes how to configure basic NTP functions, including the NTP operating
modes.
5.3 Configuring NTP Security Mechanisms
This section describes how to configure NTP security mechanisms to guarantee reliable clock
synchronization on networks demanding high security.
5.4 NTP Configuration Examples
This section provides examples for configuring NTP, and illustrates the networking
requirements, configuration roadmap, and configuration notes. You can better understand the
configuration procedures with the help of the configuration flowchart.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

107

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

5.1 Overview of NTP


This section describes NTP.

5.1.1 Introduction to NTP


This part describes the application and working principles of NTP.
Network Time Protocol (NTP) synchronizes clocks of all devices in a network. It keeps all the
clocks of these devices consistent, and enables devices to implement various applications based
on the uniform time.
Any local system that runs NTP can be time synchronized by other clock sources, and also
functions as a clock source to synchronize other clocks. In addition, mutual synchronization can
be performed by exchanging NTP packets.
NTP packets are encapsulated in UDP packets for transmission and the port used by the NTP
protocol is 123.

NTP Application
NTP is applied to the following situations where all the clocks of hosts or routers in a network
need to be consistent:
l

Network management: Analysis on logs or debugging information collected from different


routers should be performed based on time.

Charging system: requires the clocks of all devices to be consistent.

Completing certain functions: For example, restart of all the routers in a network requires
the clocks of all the routers be consistent.

Several systems working together on the same complicate event: Systems have to take the
same clock for reference to ensure a proper sequence of implementation.

Incremental backup between the backup server and clients: Clocks on the backup server
and clients should be synchronized.

User login time: Some applications need to know the time when user logs in to the system
and the file revision time.

When all the devices on a network need to be synchronized, it is almost impossible for an
administrator to manually change the system clock by executing command lines. This is because
the work load is heavy and clock accuracy cannot be ensured. NTP can quickly synchronize the
clocks of network devices and ensure their precision.
NTP has the following advantages:
l

Defines clock accuracy by means of stratum to synchronize the time of network devices in
a short time

Supports access control and MD5 authentication

Transmits packets in unicast, manycast, or broadcast mode

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

108

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

Principles of NTP
Figure 5-1 shows the principles of NTP. Router A and Router B are connected through a WAN.
They both have their own system clocks. NTP implements automatic synchronization of their
clocks.
Suppose:
l

Before the system clocks of Router A and Router B are synchronized, the clock of Router
A is set to 10:00:00 am and the clock of Router B is set to 11:00:00 am.

Router B functions as an NTP time server. That is, Router A synchronizes its clock with
that of Router B.

One-way transmission of data packets between Router A and Router B takes one second.

Processing of data packets on the Router A or the Router B takes one second.

Figure 5-1 NTP basic principle diagram

NTP packet 10:00:00am

Step1:

Network
RouterB

RouterA
NTP packet

Step2:

10:00:00am 11:00:01am

Network
RouterB

RouterA

NTP packet 10:00:00am 11:00:01am 11:00:02am

Step3:
RouterA

Network

RouterB

NTP Packet received at 10:00:03

Step4:
RouterA

Network

RouterB

The process of synchronizing system clocks is as follows:


1.

Router A sends an NTP packet to Router B. The packet carries the originating timestamp
when it leaves Router A, which is 10:00:00 am (T1).

2.

When the NTP packet reaches Router B, Router B adds its receiving timestamp to the NTP
packet, which is 11: 00:01 am (T2).

3.

When the NTP packet leaves Router B, Router B adds its transmitting timestamp to the
NTP packet, which is 11:00:02 am (T3).

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

109

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

4.

5 NTP Configuration

When Router A receives the response packet, it adds a new receiving timestamp to it, which
is 10:00:03 am (T4).
Router A uses the received information to calculate the following two important values:
l Delay for the NTP message cycle: Delay = (T4 - T1) - (T3 - T2).
l Offset of Router A relative to Router B: Offset = ((T2 - T1) + (T3 - T4))/2.
According to the delay and the offset, Router A sets its own clock again to synchronize
with the clock of Router B.
The preceding example is only a simple description of the NTP operating principle. As
described in RFC 1305, NTP uses a complex algorithm to ensure the precision of clock
synchronization.
The server and client are two relative concepts. The device that provides standard time is
referred to as a time server, and the device that enjoys the time service is referred to as a
client.

5.1.2 NTP Supported by the AR1200-S


This part describes NTP operating modes supported by the AR1200-S.
The router supports the following NTP working modes
l

Unicast Client/Server Mode

Peer Mode

Broadcast Mode

Multicast Mode

Unicast Client/Server Mode


In this mode, you need to configure only the client. The server needs to be configured with only
one NTP primary clock.
Note that the client can be synchronized to the server but the server cannot be synchronized to
the client.
After the configuration, the following actions occur:
1.

The client sends a synchronization request packet to the server, with the mode field being
set to 3. The value 3 indicates the client mode.

2.

Upon receiving the request packet, the server automatically works in the server mode and
sends a response packet with the mode field being set to 4. The value 4 indicates the server
mode.

3.

After receiving the response packet, the client performs clock filtering and selection, and
finally, is synchronized with the optimal server.

Peer Mode
In this mode, you need to configure NTP only on the symmetric active end. The symmetric active
end and symmetric passive end can be synchronized with each other.
Note that the clock with a lower stratum is synchronized to the one with a higher stratum.
After the configurations, the following actions occur:
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

110

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

The symmetric active end sends a synchronization request packet to the symmetric passive
end with the mode field being set to 1. The value 1 indicates the symmetric active mode.

Upon receiving the request packet, the symmetric passive end automatically works in
symmetric passive mode and sends a response packet with the mode field being set to 2.
The value 2 indicates the symmetric passive mode.

Broadcast Mode
In this mode, you need to configure both the server and the client.
After the configurations, the following actions occur:
l

The server periodically sends clock synchronization packets to the broadcast address
255.255.255.255.

The client senses broadcast packets from the server.

After receiving the first broadcast packet, to estimate the network delay, the client enables
a temporary Client/Server model for exchanging messages with the remote server.

The client then works in broadcast client mode, and continues to sense the incoming
broadcast packets to synchronize the local clock.

Multicast Mode
In this mode, you need to configure both the server and the client.
After the configurations, the following actions occur:
l

The server periodically sends clock synchronization packets to the configured multicast
address. By default, the multicast address is 224.0.1.1.

The client senses multicast packets from the server.

After receiving the first multicast packet, to estimate the network delay, the client enables
a temporary Client/Server model for exchanging messages with the remote server.

The client works in multicast client mode, and continues to sense the incoming multicast
packets to synchronize the local clock.

5.2 Configuring Basic NTP Functions


This section describes how to configure basic NTP functions, including the NTP operating
modes.

5.2.1 Establishing the Configuration Task


Before configuring basic NTP functions, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.

Applicable Environment
NTP has the following operation modes:
l
Issue 02 (2012-03-30)

Client/Server mode
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

111

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

Peer mode

Broadcast mode

Multicast mode

Manycast mode

5 NTP Configuration

In actual applications, a proper operation mode needs to be selected according to the networking
topology to meet various clock synchronization requirements.
For the unicast Client/Sever mode and the peer mode, all the NTP packets sent locally can have
the same interface IP address as the source IP address.

Pre-configuration Tasks
Before configuring basic functions of NTP, you need to complete the following tasks:
l

Configuring the link layer protocol for the interface

Configuring an IP address and a routing protocol for the interface to ensure that NTP packets
can reach destinations

Data Preparation
To configure basic functions of NTP, you need the following data.
No.

Data

Primary NTP clock and its stratum

Interfaces to send and receive NTP packets

NTP version

Preparing the data according to the operation mode


l Client/Server mode: IP address of the server and the VPN instance that the server
belongs to
l Peer mode: IP address of the symmetric passive end and the VPN instance that it
belongs to
l Broadcast mode: interfaces to send and receive broadcast NTP packets and the
maximum sessions set up dynamically on the client
l Multicast mode: IP address of the multicast group, the TTL value of the multicast
packets, the interfaces to send and receive the multicast packets, and the maximum
number of the session dynamically set up on the client

Interface disabled from receiving NTP packets

5.2.2 Configuring the NTP Primary Clock


The stratum configured for the master clock on the server must be lower than the stratum
configured for the clock on the client. Otherwise, the clock on the client cannot synchronize with
the master clock on the server.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

112

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

Context
If you want to configure a router to provide a primary NTP clock, do as follows on the router
functioning as the NTP server.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ntp-service refclock-master [ ip-address ] [ stratum ]

A primary NTP server is displayed.


ip-address is the IP address of the local reference clock. Its value is 127.127.t.u. Here, "t" ranges
from 0 to 37. Currently, "t" can be only 1, indicating the local reference clock. "u" indicates the
NTP process number, ranging from 0 to 3.
When no IP address is specified, the local clock whose IP address is 127.127.1.0 functions as
the primary NTP clock by default, with the stratum being 8.
----End

5.2.3 Configuring the Unicast Client/Server Mode


In Client/Server mode, the clock on the client synchronizes with the master clock on the server.

Context
Commonly, specify the IP address of the NTP server on the client. The client and server can
then exchange NTP packets using this IP address.
If the source interface to send NTP packets is specified on the server, the IP address of the server
configured on the client should be the same; otherwise, the client cannot process NTP packets
sent from the server and clock synchronization fails.

Procedure
l

Configuring the NTP Client


Do as follows on the router functioning as a client:
1.

Run:
system-view

The system view is displayed.


2.

(Optional) Run:
ntp-service source-interface interface-type interface-number [ vpninstance vpn-instance-name ]
ntp-service [ ipv6 ] source-interface interface-type interface-number
[ vpn-instance vpn-instance-name ]

The local source interface that receives the NTP packet is configured.
3.
Issue 02 (2012-03-30)

Run:
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

113

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

ntp-service unicast-server ip-address [ version number | authenticationkeyid key-id | source-interface interface-type interface-number | vpninstance vpn-instance-name | preference ] *

The IP address of the NTP server is configured.


Step 2 is optional. If source-interface is specified in Step 3, use it preferentially.
ip-address is the address of the NTP server. It can be the IPv4 or IPv6 address of the
host other than a broadcast address, a multicast address, or the IP address of the
reference clock.
NOTE

When the unicast NTP server is specified, the local router functions as the client automatically.
The server needs to be configured with only a primary clock.

(Optional) Configuring the Source Interface for the NTP Server to Send NTP Packets
Do as follows on the router working as a server:
1.

Run:
system-view

The system view is displayed.


2.

Run:
ntp-service source-interface interface-type interface-number [ vpninstance vpn-instance-name ]
ntp-service [ ipv6 ] source-interface interface-type interface-number
[ vpn-instance vpn-instance-name ]

The local source interface that sends NTP packets is specified.


----End

5.2.4 Configuring the Peer Mode


This part describes how to configure the NTP peer mode. In this mode, clocks on the two peers
synchronize with each other based on the stratum. Each side can send the clock synchronization
request message to the peer and reply the clock synchronization request message from the peer.

Procedure
l

Configuring the NTP Symmetric Active End


1.

Run:
system-view

The system view is displayed.


2.

(Optional) Run:
ntp-service source-interface interface-type interface-number [ vpninstance vpn-instance-name ]

The local source interface that sends NTP packets is specified.


3.

Run:
ntp-service unicast-peer ip-address [ version number | authenticationkeyid key-id | source-interface interface-type interface-number | vpninstance vpn-instance-name | preference ] *

The NTP peer is configured.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

114

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

Step 2 is optional. If source-interface is specified in both Step 2 and Step 3, use the
source interface specified in Step 3 preferentially.
ip-address is the address of the NTP peer. It can be the IPv4 or IPv6 address of a host
other than a broadcast address, a multicast address, or the IP address of the reference
clock.
NOTE

After the NTP peer is specified, the local router runs in symmetric active mode. The symmetric
passive end need not be configured.

(Optional) Configuring the Source Interface of the NTP Symmetric Passive End
1.

Run:
system-view

The system view is displayed.


2.

Run:
ntp-service source-interface interface-type interface-number [ vpninstance vpn-instance-name ]

The local source interface that sends NTP packets is specified.


Commonly, specify the IP address of the NTP server on the client. The client and
server can then exchange NTP packets using this IP address
If the source interface to send NTP packets is specified on the symmetric active end,
the IP address of the NTP peer configured on the symmetric passive end should be
the same; otherwise, the passive end cannot process NTP packets sent from the active
end and clock synchronization fails.
----End

5.2.5 Configuring the Broadcast Mode


This part describes how to configure the NTP broadcast mode on the LAN to synchronize clocks
on the LAN.

Procedure
l

Configuring an NTP Broadcast Server


Do as follows on the router functioning as an NTP broadcast server:
1.

Run:
system-view

The system view is displayed.


2.

Run:
interface interface-type interface-number

The interface to send NTP broadcast packets is specified.


3.

Run:
quit

The system view is displayed.


4.

Run:
ntp-service broadcast-server [ authentication-keyid key-id | version
number ]*

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

115

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

The local router is set as an NTP broadcast server.


After the configurations, the local router periodically sends the clock synchronization
packets to the broadcast address 255.255.255.255.
NOTE

Broadcast mode can be used only in the same LAN.

Configuring an NTP Broadcast Client


Do as follows on the router functioning as an NTP broadcast client:
1.

Run:
system-view

The system view is displayed.


2.

(Optional) Run:
ntp-service max-dynamic-sessions number

The number of local sessions allowed to be set up dynamically is set.


3.

Run:
interface interface-type interface-number

The interface to receive broadcast NTP packets is specified.


4.

Run:
ntp-service broadcast-client

The local router is configured as an NTP broadcast client.


Step 2 is optional. By default, a maximum of 100 NTP sessions can be set up
dynamically.
After the configurations, the local router senses the broadcast NTP packets sent from
the server and synchronizes the local clock.
Running the ntp-service max-dynamic-sessions command does not affect the
existence of NTP sessions. When the number of the sessions reaches or exceeds the
maximum, the new session cannot be set up further.
----End

5.2.6 Configuring the Multicast Mode


This part describes how to configure the NTP multicast mode to synchronize clocks in a multicast
domain.

Procedure
l

Configuring an NTP Multicast Server


Do as follows on the router functioning as an NTP multicast server:
1.

Run:
system-view

The system view is displayed.


2.

Run:
interface interface-type interface-number

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

116

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

The interface to send multicast NTP packets is specified.


3.

Run:
quit

The system view is displayed.


4.

Run:
ntp-service multicast-server [ ip-address ] [ authentication-keyid key-id
| ttl ttl-number | version number ] *

The local router is set to be an NTP multicast server.


After the configurations, the local router periodically sends clock synchronization
packets to the multicast address 224.0.1.1.
l

Configuring an NTP Multicast Client


Do as follows on the router functioning as an NTP multicast client:
1.

Run:
system-view

The system view is displayed.


2.

(Optional) Run:
ntp-service max-dynamic-sessions number

The number of local sessions allowed to be set up dynamically is set.


3.

Run:
interface interface-type interface-number

The interface to receive multicast NTP packets is specified.


4.

Run:
ntp-service multicast-client [ ip-address ]

The local router is set to be an NTP multicast client.


Step 2 is optional. By default, up to 100 NTP sessions can be set up dynamically.
After the configurations, the local router senses the multicast NTP packets sent from
the server and synchronizes the local clock.
Running the ntp-service max-dynamic-sessions command does not affect the
existence of NTP sessions. When the number of the sessions reaches or exceeds the
maximum, the new session cannot be set up further.
----End

5.2.7 Disabling the Interface from Receiving NTP Packets


To prevent a host on the LAN from synchronizing the clock on the specified server, you can
disable the specified interface on the host from receiving NTP packets.

Context
Do as follows on the router that needs to be disabled from receiving NTP packets.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

117

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
quit

The system view is displayed.


Step 4 Run:
ntp-service in-interface disable

The interface on the router is disabled from receiving NTP packets.


----End

5.2.8 Checking the Configuration


After basic NTP functions are configured, you can view the configuration.

Prerequisites
The configurations of the Basic NTP Functions are complete.

Procedure
l

Run the display ntp-service status command to view the status of the NTP service.

Run the display ntp-service sessions [ verbose ] command to view the status of NTP
sessions.

Run the display ntp-service trace command to view the summary information on each
passing NTP server when tracing from the local device to the reference clock source.

----End

Example
Run the display ntp-service status command to view the status of the NTP service.
<Huawei> display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 10.00 ms
reference time: 15:51:36.259 UTC Apr 25 2010(C6179088.426490A3)

Run the display ntp-service sessions [ verbose ] command to view the status of NTP sessions.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

118

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

<Huawei> display ntp-service sessions


source
reference
stra reach poll now offset delay
disper
********************************************************************************
[12345]127.127.1.0
LOCAL(0)
7
1
64
2
0.0
15.6
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured,
6 vpn-instance

Run the display ntp-service trace command to view the summary information on each passing
NTP server when tracing from the local device to the reference clock source.
<Huawei> display ntp-service trace
server 127.0.0.1,stratum 5, offset
server 171.1.1.2,stratum 4, offset
server 201.1.1.2,stratum 3, offset
server 200.1.7.1,stratum 2, offset
refid 127.127.1.0

0.024099,
0.028786,
0.035199,
0.039855,

synch
synch
synch
synch

distance
distance
distance
distance

0.06337
0.04575
0.03075
0.01096

5.3 Configuring NTP Security Mechanisms


This section describes how to configure NTP security mechanisms to guarantee reliable clock
synchronization on networks demanding high security.

5.3.1 Establishing the Configuration Task


Before configuring NTP security mechanisms, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.

Applicable Environment
NTP supports two security mechanisms: access authority and NTP authentication.
l

Access authority
Access authority is a type of simple security method provided by the AR1200-S to protect
local NTP services.
The AR1200-S provides four access authority levels. When an NTP access request packet
reaches the local end, it is matched in an order from the minimum access authority to the
maximum access authority. The first matched authority level takes effect. The matching
order is as follows:
peer: indicates the minimum access authority. The remote end can send the request of
the local time and the control query to the local end. The local clock can also be
synchronized with that of the remote server.
server: indicates the remote end can perform the time request and control query to the
local end but the local clock cannot be synchronized with that of the remote end.
synchronization: indicates that the remote end can perform only the time request to the
local end.
query: indicates the maximum access authority. The remote end can perform only the
control query to the local end.

NTP authentication
NTP authentication is required in some networks with high security demands.
The configuration of NTP authentication involves configuring NTP authentication on both
the client and the server.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

119

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

During the configuration of NTP authentication, pay attention to the following rules:
Configure NTP authentication on both the client and the server; otherwise, the
authentication does not take effect.
If NTP authentication is enabled, a reliable key needs to be configured at the same time.
The authentication key configured on the server and that on the client should be
consistent.
In NTP peer mode, the symmetric active end equals the client, and the symmetric passive
end equals the server.

Pre-configuration Tasks
Before configuring NTP security mechanisms, complete the following tasks:
l

Configuring the link layer protocol on the interface

Configuring the network layer address and routing protocol to make the server and client
reachable

Configuring ACL rules if the access authority is configured

Data Preparation
To configure NTP security mechanisms, you need the following data.
No.

Data

ACL rules

Shared key and its ID that are used in NTP authentication

NTP primary clock and its stratum

Interfaces that send and receive NTP packets

NTP version

5.3.2 Setting NTP Access Authorities


When receiving an access request packet, the NTP server matches the request packet with the
access authority in descending order (from peer, server, synchronization to query). The first
matched authority takes effect.

Context
Do as follows on the router.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

120

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

Step 2 Run:
ntp-service access { peer | query | server | synchronization } acl-number

Access authority for the NTP service on the local router is configured.
You can configure the ntp-service access command depending on the actual situations.
Table 5-1 shows the detailed NTP access authorities.
Table 5-1 Description of the NTP access authorities
NTP Operation Mode

Limited NTP Query

Supported Devices

Unicast NTP Client/Server


mode

Synchronizing the client with


the server

Client

Unicast NTP Client/Server


mode

Clock synchronization
request from the client

Server

NTP peer mode

Clock synchronization with


each other

Symmetric active end

NTP peer mode

Clock synchronization
request from the active end

Symmetric passive end

NTP multicast mode

Synchronizing the client with


the server

NTP multicast client

NTP broadcast mode

Synchronizing the client with


the server

NTP broadcast client

----End

5.3.3 Enabling NTP Authentication


This part describes how to set NTP Autokey authentication and MD5 authentication on the
device.

Context
NTP client synchronizes to authenticated NTP servers to ensure that time service is reliable
across the network. Authentication prevents the modification of NTP message data from
malicious network attacks.

Procedure
l

Configuring NTP MD5 authentication


NOTE

l Configure the same authentication key on the server and client and affirm that the key is reliable;
otherwise, NTP authentication fails.
l Enable NTP authentication before performing actual authentication.

1.

Run:
system-view

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

121

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

The system view is displayed.


2.

Run:
ntp-service authentication enable

NTP authentication is enabled.


3.

Run:
ntp-service authentication-keyid key-id authentication-mode md5 password

The NTP authentication key is configured.


4.

Run:
ntp-service reliable authentication-keyid key-id

The authentication key is declared to be reliable.


----End

5.3.4 Configuring NTP Authentication in Unicast Client/Server


Mode
By configuring the authentication key ID used in the synchronization with the specific NTP
server on the NTP client, you can apply NTP authentication in Client/Server mode.

Context
Do as follows on the router that functions as an NTP unicast client.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ntp-service unicast-server ip-address [ authentication-keyid key-id | version
number | source-interface interface-type interface-number | vpn-instance vpninstance-name | preference ]*

The ID of the authentication key used for the synchronization of the server and client clocks is
configured.
----End

5.3.5 Configuring NTP Authentication in Peer Mode


By configuring the authentication key ID used in the synchronization with the peer on the local
end, you can apply NTP authentication in peer mode.

Context
Do as follows on the router that functions as the symmetric active end.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

122

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ntp-service unicast-peer ip-address [ version number | authentication-keyid key-id
| source-interface interface-type interface-number | preference ] *

The ID of the authentication key used for the synchronization of the clocks on the NAT peer is
configured.
----End

5.3.6 Configuring NTP Authentication in Broadcast Mode


By configuring the authentication key ID used in the synchronization with the NTP broadcast
server on the local router, you can apply NTP authentication in broadcast mode.

Context
Do as follows on the router that functions as an NTP broadcast server.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface to send broadcast NTP packets is configured.


Step 3 Run:
quit

The system view is displayed.


Step 4 Run:
ntp-service broadcast-server [ authentication-keyid key-id | version number ] *

The ID of the authentication key used by the NTP broadcast server is configured.
For configuring the broadcast client, see Configuring the Broadcast Mode.
----End

5.3.7 Configuring NTP Authentication in Multicast Mode


By configuring the authentication key ID used in the synchronization with the NTP multicast
server on the local router, you can apply NTP authentication in multicast mode.

Context
Do as follows on the router that functions as an NTP multicast server.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

123

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface to send multicast NTP packets is specified.


Step 3 Run:
ntp-service multicast-server [ authentication-keyid key-id | version number ]*

The ID of the authentication key used by the NTP multicast server is configured.
For configuring the multicast client, see Configuring the Broadcast Mode.
----End

5.3.8 Checking the Configuration


After NTP security mechanisms are configured, you can view the configuration.

Prerequisites
The configurations of the NTP Security Mechanisms are complete.

Procedure
l

Run the display ntp-service status command to view the status of the NTP service.

Run the display ntp-service sessions [ verbose ] command to view the status of NTP
sessions.

----End

Example
Run the display ntp-service status command to view the status of the NTP service.
<Huawei> display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 10.00 ms
reference time: 15:51:36.259 UTC Apr 25 2010(C6179088.426490A3)

Run the display ntp-service sessions [ verbose ] command to view the status of NTP sessions.
<Huawei> display ntp-service sessions
source
reference
stra reach poll now offset delay
disper
********************************************************************************
[12345]127.127.1.0
LOCAL(0)
7
1
64
2
0.0
15.6

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

124

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured,


6 vpn-instance

5.4 NTP Configuration Examples


This section provides examples for configuring NTP, and illustrates the networking
requirements, configuration roadmap, and configuration notes. You can better understand the
configuration procedures with the help of the configuration flowchart.

5.4.1 Example for Configuring NTP Authentication in Unicast


Server and Client Mode
This part provides examples for configuring NTP authentication in unicast server and client
mode. You must first enable NTP authentication on the client and then specify IP address of the
NTP server and the authentication key delivered to the server. Configurations on the client and
server must be complete; otherwise, the authentication cannot be passed.

Networking Requirements
As shown in Figure 5-2,
l

RouterA functions as a unicast NTP server. The clock on it functions as a primary NTP
clock with the stratum being 2.

RouterB functions as a unicast NTP client. Its clock needs to be synchronized with the
clock on RouterA.

RouterC and RouterD function as NTP clients of RouterB.

Enable NTP authentication.

Figure 5-2 Networking diagram of the unicast Client/Server mode


G E 1 /0 /0
1 0 .0 .0 .2 /2 4
G E 1 /0 /0
2 .2 .2 .2 /2 4
R o u te r A

IP
N e tw o rk

G E 2 /0 /0
G E 1 /0 /0
R o u te r C
1 0 .0 .0 .1 /2 4 G E 1 /0 /0
1 0 .0 .1 .1 /2 4
1 0 .0 .0 .3 /2 4
R o u te r B
R o u te r D

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure RouterA to be an NTP server and configure a primary clock on it.

2.

Configure RouterB to be an NTP client and synchronize its clock with the clock of
RouterA.

3.

Configure RouterC and RouterD to synchronize their clocks with the clock of RouterB.

4.

Enable NTP authentication on all Routers.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

125

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

NOTE

l You must enable NTP authentication on the client prior to specifying the IP address of the NTP server
and authentication key to be sent to the server; otherwise, NTP authentication is not performed before
clock synchronization.
l To implement authentication successfully, configure both the server and the client.

Data Preparation
To complete the configuration, you need the following data:
l

IP address of the reference clock

Stratum of the primary NTP clock

Authentication key and its ID

Password

Procedure
Step 1 Configure the IP addresses based on Figure 5-2 so that RouterA, RouterB, RouterC and
RouterD are routable. The detailed procedures are not mentioned here.
Step 2 Configure a primary NTP clock on RouterA and enable NTP authentication.
# On RouterA, set its local clock as a primary NTP clock with stratum being 2.
<RouterA> system-view
[RouterA] ntp-service refclock-master 2

# Enable NTP authentication, configure the authentication key, and declare the key to be reliable.
[RouterA] ntp-service authentication enable
[RouterA] ntp-service authentication-keyid 42 authentication-mode md5 Hello
[RouterA] ntp-service reliable authentication-keyid 42

Note that authentication keys configured on the server and the client should be the same.
Step 3 Configure a primary NTP clock on RouterB and enable NTP authentication.
# On RouterB, enable NTP authentication. Configure the authentication key and declare the key
to be reliable.
<RouterB>
[RouterB]
[RouterB]
[RouterB]

system-view
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 Hello
ntp-service reliable authentication-keyid 42

# Specify RouterA to be the NTP server of RouterB and use the authentication key.
[RouterB] ntp-service unicast-server 2.2.2.2 authentication-keyid 42

Step 4 On RouterC, specify RouterB to be the NTP server of RouterC.


<RouterC>
[RouterC]
[RouterC]
[RouterC]
[RouterC]

system-view
ntp-service
ntp-service
ntp-service
ntp-service

authentication enable
authentication-keyid 42 authentication-mode md5 Hello
reliable authentication-keyid 42
unicast-server 10.0.0.1 authentication-keyid 42

Step 5 On RouterD, specify RouterB to be the NTP server of RouterD.


<RouterD>
[RouterD]
[RouterD]
[RouterD]

Issue 02 (2012-03-30)

system-view
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 Hello
ntp-service reliable authentication-keyid 42

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

126

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

[RouterD] ntp-service unicast-server 10.0.0.1 authentication-keyid 42

Step 6 Verify the configuration


After the configurations, the clock on RouterB can be synchronized with the clock on RouterA.
View the NTP status on RouterB and find that the clock synchronized. The stratum of the clock
is 3, one stratum lower than that on RouterA.
[RouterB] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 2.2.2.2
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Mar 2 2006(C7B15BCC.D5604189)

After the configurations, the clock on RouterC can be synchronized with the clock on RouterB.
View the NTP status on RouterC and find that the clock is synchronized. The stratum of the
clock is 4, one stratum lower than that on RouterB.
[RouterC] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.0.1
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Mar 2 2006(C7B15BCC.D5604189)

View the NTP status on RouterD and find that the clock is synchronized. The stratum of the
clock is 4, one stratum lower than that on RouterB.
[RouterD] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.0.1
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Mar 2 2006(C7B15BCC.D5604189)

View NTP status on RouterA.


[RouterA] display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 26.50 ms
peer dispersion: 10.00 ms

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

127

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

reference time: 12:01:48.377 UTC Mar 2 2006(C7B15D2C.60A15981)

----End

Configuration Files
l

Configuration file of RouterA


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 2.2.2.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 2.2.2.0 0.0.0.255
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 42
ntp-service refclock-master 2
#
return

Configuration file of RouterB


#
sysname RouterB
#
interface GigabitEthernet1/0/0
ip address 10.0.0.1 255.255.255.0
interface GigabitEthernet2/0/0
ip address 10.0.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.0.1.0 0.0.0.255
network 10.0.0.0 0.0.0.255
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 42
ntp-service unicast-server 2.2.2.2 authentication-keyid 42
#
return

Configuration file of RouterC


#
sysname RouterC
#
interface GigabitEthernet1/0/0
ip address 10.0.0.2 255.255.255.0
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 42
ntp-service unicast-server 10.0.0.1 authentication-keyid 42
#
return

Configuration file of RouterD


#
sysname RouterD
#
interface GigabitEthernet1/0/0
ip address 10.0.0.3 255.255.255.0

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

128

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 42
ntp-service unicast-server 10.0.0.1 authentication-keyid 42
#
return

5.4.2 Example for Configuring NTP Peer Mode


In peer mode, clocks on the two peers synchronize with each other.

Networking Requirements
As shown in Figure 5-3, three devices are located in a LAN.
l

Configure the clock on RouterC to be an primary NTP clock with the stratum being 2.

RouterD takes RouterC as its NTP server. That is, RouterD functions as the client.

RouterE takes RouterD as its symmetric passive end. That is, RouterE is the symmetric
active end.

Figure 5-3 Networking diagram of the NTP peer mode


R o u te r C

G E 1 /0 /0
1 0 .0 .1 .1 /2 4
G E 1 /0 /0
1 0 .0 .1 .3 /2 4
R o u te r E

G E 1 /0 /0
1 0 .0 .1 .2 /2 4

R o u te r D

Configuration Roadmap
The configuration roadmap is as follows
1.

Configure the clock on RouterC to be the NTP primary clock. The clock on RouterD should
be synchronized to the clock on RouterC.

2.

Configure RouterE and RouterD to be NTP peer so that RouterE should send clock
synchronization requests to RouterD

3.

Finally, the clocks on RouterC, RouterD and RouterE can be synchronized.

Data Preparation
To complete the configuration, you need the following data:
l

IP address of RouterC

IP address of RouterD

Stratum of the NTP primary clock

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

129

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

Procedure
Step 1 Configure IP addresses for RouterC, RouterD, and RouterE.
Configure an IP address for each interface based on Figure 5-3. After configurations, the three
routers can ping through each other.
The detailed procedures are not mentioned here.
Step 2 Configure the NTP Client/Server mode.
# Configure the clock on RouterC to be its own reference clock with the stratum being 2.
<RouterC> system-view
[RouterC] ntp-service refclock-master 2

# On RouterD, configure RouterC to be its NTP server.


<RouterD> system-view
[RouterD] ntp-service unicast-server 10.0.1.1

After configurations, the clock on RouterD can be synchronized to the clock on RouterC.
View the NTP status on RouterD and find that the clock is synchronized. The stratum of the
clock on RouterD is 3, one stratum lower than that on RouterC.
[RouterD] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 10.0.1.1
nominal frequency: 64.0029 Hz
actual frequency: 64.0029 Hz
clock precision: 2^7
clock offset: 0.0000 ms
root delay: 62.50 ms
root dispersion: 0.20 ms
peer dispersion: 7.81 ms
reference time: 06:52:33.465 UTC Mar 7 2006(C7B7AC31.773E89A8)

Step 3 Configure the unicast NTP peer mode.


# On RouterE, configure RouterD to be the symmetric passive end.
<RouterE> system-view
[RouterE] ntp-service unicast-peer 10.0.1.2

Since no primary clock is configured on RouterE, the clock on RouterE should be synchronized
to the clock on RouterD.
Step 4 Verify the configuration.
View the status of RouterE after clock synchronization and you can find that the status is
"synchronized". That is, clock synchronization completes. You can also find that the stratum of
the clock on RouterE is 4, one stratum lower than that on RouterD.
[RouterE] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.1.2
nominal frequency: 64.0029 Hz
actual frequency: 64.0029 Hz
clock precision: 2^7
clock offset: 0.0000 ms
root delay: 124.98 ms
root dispersion: 0.15 ms
peer dispersion: 10.96 ms

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

130

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

reference time: 06:55:50.784 UTC Mar 7 2006(C7B7ACF6.C8D002E2)

----End

Configuration Files
l

Configuration file of RouterC


#
sysname RouterC
#
interface GigabitEthernet1/0/0
ip address 10.0.1.1 255.255.255.0
#
ntp-service refclock-master 2
#
return

Configuration file of RouterD


#
sysname RouterD
#
interface GigabitEthernet1/0/0
ip address 10.0.1.2 255.255.255.0
#
ntp-service unicast-server 10.0.1.1
#
return

Configuration file of RouterE


#
sysname RouterE
#
interface GigabitEthernet1/0/0
ip address 10.0.1.3 255.255.255.0
#
ntp-service unicast-peer 10.0.1.2
#
return

5.4.3 Example for Configuring NTP Authentication in Broadcast


Mode
On a LAN, the device with the most precise clock is specified as the NTP server. Clocks on
other devices synchronize with the clock on the NTP server.

Networking Requirements
As shown in Figure 5-4,
l

RouterA,RouterB and RouterC are in the same network segment;

RouterA functions as the NTP broadcast server and its local clock is the NTP primary clock
with the stratum being 3. Broadcast packets are sent from GE 1/0/0.

RouterB and RouterC sense the broadcast packets respectively on GE 1/0/0 of them.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

131

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

Figure 5-4 Networking diagram of the NTP broadcast mode


G E 1 /0 /0
1 0 .1 .1 .2 //2 4
R o u te rB
G E 1 /0 /0
1 0 .1 .1 .1 /2 4
R o u te rA

G E 1 /0 /0
1 0 .1 .1 .3 /2 4
R o u te rC

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure RouterA as an NTP broadcast server.

2.

Configure RouterB and RouterC as the NTP broadcast clients.

3.

Configure NTP authentication on RouterA, RouterB, and RouterC.

Data Preparation
To complete the configuration, you need the following data:
l

IP addresses of RouterA, RouterB,andRouterC

Stratum of the NTP primary clock

Authentication key and its ID

Procedure
Step 1 Configure an IP address for each Router.
Configure IP addresses based on Figure 5-4. The detailed procedures are not mentioned here.
Step 2 Configure an NTP broadcast server and enable NTP authentication on it.
# Set the local clock of RouterA as a primary clock with stratum being 3.
<RouterA> system-view
[RouterA] ntp-service refclock-master 3

# Enable NTP authentication.


[RouterA] ntp-service authentication enable
[RouterA] ntp-service authentication-keyid 16 authentication-mode md5 Hello
[RouterA] ntp-service reliable authentication-keyid 16

# Configure RouterA to be an NTP broadcast server. Broadcast packets are encrypted by using
the authentication key ID 16 and then sent from GE 1/0/0.
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ntp-service broadcast-server authentication-keyid 16
[RouterA-GigabitEthernet1/0/0] quit

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

132

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

Step 3 Configure RouterB.


# Enable NTP authentication.
<RouterB>
[RouterB]
[RouterB]
[RouterB]

system-view
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode md5 Hello
ntp-service reliable authentication-keyid 16

# Configure RouterB to be the NTP broadcast client. RouterB senses the broadcast packets on
GE 1/0/0.
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ntp-service broadcast-client
[RouterB-GigabitEthernet1/0/0] quit

After configurations, the clock on RouterD is synchronized to the clock on RouterC.


Step 4 Configure RouterC.
# Enable NTP authentication.
[RouterC] ntp-service authentication enable
[RouterC] ntp-service authentication-keyid 16 authentication-mode md5 Hello
[RouterC] ntp-service reliable authentication-keyid 16

# Configure RouterC to be the NTP broadcast client. RouterC senses the NTP broadcast packets
on GE 1/0/0.
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] ntp-service broadcast-client
[RouterC-GigabitEthernet1/0/0]quit

Step 5 Verify the configuration.


After the configurations, the clock on RouterB and RouterC can be synchronized to the clock
on RouterA.
Check the NTP status on RouterB and you can find that the clock status is "synchronized". That
is, clock synchronization completes. The stratum of the clock on RouterBis 4, one stratum lower
than that of RouterA.
[RouterB] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.1.1.2
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.42 ms
peer dispersion: 0.00 ms
reference time: 12:17:21.773 UTC Mar 7 2006(C7B7F851.C5EAF25B)

----End

Configuration Files
l

Configuration file of RouterA


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
ntp-service broadcast-server authentication-keyid 16

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

133

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

#
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 16
ntp-service refclock-master 3
#
return

Configuration file of RouterB


#
sysname RouterB
#
interface GigabitEthernet1/0/0
ip address 10.1.1.2 255.255.255.0
ntp-service broadcast-client
#
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 16
#
Return

Configuration file of RouterC


#
sysname RouterC
#
interface GigabitEthernet1/0/0
ip address 10.1.1.3 255.255.255.0
ntp-service broadcast-client
#
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 16
#
return

5.4.4 Example for Configuring Multicast Mode


In a multicast domain, the device with the most precise clock is specified as the NTP server.
Clocks on other devices synchronize with the clock on the NTP server.

Networking Requirements
As shown in Figure 5-5,
l

RouterA ,RouterB and RouterC are in the same network segment;

RouterA functions as an NTP multicast server and its local clock is a primary clock with
the stratum 2. Multicast packets are sent out from GE 1/0/0.

RouterB and RouterC sense the multicast packets respectively on GE 1/0/0 of them.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

134

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

Figure 5-5 Networking diagram of the NTP multicast mode


GE1/0/0
10.1.1.2//24
RouterB
GE1/0/0
10.1.1.1/24
RouterA

GE1/0/0
10.1.1.3/24
RouterC

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure RouterA as an NTP multicast server.

2.

Configure RouterB and RouterC as NTP multicast clients.

Data Preparation
To complete the configuration, you need the following data:
l

IP addresses of RouterA, RouterB, and RouterC

Stratum of the NTP primary clock

Procedure
Step 1 Configure an IP address for each router
Configure IP addresses based on Figure 5-5. The detailed procedures are not mentioned here.
Step 2 Configure an NTP multicast server.
# Set the local clock on RouterA as an NTP primary clock with stratum 2.
<RouterA> system-view
[RouterA] ntp-service refclock-master 2

# Configure RouterA to be an NTP multicast server. NTP multicast packets are sent from GE
1/0/0.
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ntp-service multicast-server

Step 3 Configure RouterB.


# Configure RouterB to be an NTP multicast client. RouterB senses the NTP multicast packets
on GE 1/0/0.
<RouterB> system-view
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ntp-service multicast-client

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

135

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

5 NTP Configuration

Step 4 Configure RouterC.


# Configure RouterC to be an NTP multicast client. RouterC senses the NTP multicast packets
on GE 1/0/0.
<RouterC> system-view
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] ntp-service multicast-client

Step 5 Verify the configuration.


After the configurations, the clock on RouterB and RouterC can be synchronized to the clock
on RouterA.
Check the NTP status on RouterB and you can find that the clock status is "synchronized". That
is, clock synchronization completes. The stratum of the clock on RouterB is 3, one stratum lower
than that on RouterA.
[RouterB] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 10.1.1.2
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.66 ms
root delay: 24.47 ms
root dispersion: 208.39 ms
peer dispersion: 9.63 ms
reference time: 17:03:32.022 UTC Apr 25 2005(C61734FD.800303C0)

----End

Configuration Files
l

Configuration file of RouterA


#
sysname RouterA
#
ntp-service refclock-master 2
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
ntp-service multicast-server
#
return

Configuration file of RouterB


#
sysname RouterB
#
interface GigabitEthernet1/0/0
ip address 10.1.1.2 255.255.255.0
ntp-service multicast-client
#
return

Configuration file of RouterC


#
sysname RouterC
#
interface GigabitEthernet1/0/0
ip address 10.1.1.3 255.255.255.0
ntp-service multicast-client
#
return

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

136

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

NQA Configuration

About This Chapter


This chapter describes how to configure the Network Quality Analysis (NQA) to monitor the
network operating status and collect network operation indexes in real time.
6.1 Overview of NQA
This section describes the basic concepts of NQA and its functions.
6.2 Configuring the ICMP Test
This section describes how to configure an Internet Control Message Protocol (ICMP) test to
check the IP network connectivity.
6.3 Configuring the DHCP Test
This section describes how to configure a Dynamic Host Configuration Protocol (DHCP) test
to detect the speed at which a DHCP server that sets up a connection with an NQA agent obtains
the IP address.
6.4 Configuring the FTP Download Test
This section describes how to configure a File Transfer Protocol (FTP) download test to check
the FTP download performance.
6.5 Configuring the FTP Upload Test
This section describes how to configure an FTP upload test to check the FTP upload performance.
6.6 Configuring the HTTP Test
This section describes how to configure a Hypertext Transfer Protocol (HTTP) test to check the
responding speed of the HTTP service in each phase.
6.7 Configuring the DNS Test
This section describes how to configure a Domain Name System (DNS) test to check the DNS
resolution speed.
6.8 Configuring the Traceroute Test
This section describes how to configure a traceroute test to check the connectivity to each hop
on the network.
6.9 Configuring the SNMP Query Test
This section describes how to configure a Simple Network Management Protocol (SNMP) query
test to check the communications between the host and SNMP agent.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

137

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

6.10 Configuring the TCP Test


This section describes how to configure a Transmission Control Protocol (TCP) test to check
the responding speed of a TCP port.
6.11 Configuring the UDP Test
This section describes how to configure a User Datagram Protocol (UDP) test to check the
responding speed of a UDP port.
6.12 Configuring the Jitter Test
This section describes how to configure a jitter test to check jitter on the network. You can
perform a jitter test only when both the client and the server are Huawei devices.
6.13 Configuring Universal NQA Test Parameters
This section describes how to set and use universal parameters for NQA test instances.
6.14 Configuring Round-Trip Delay Thresholds
This section describes how to set a round-trip delay transmission threshold in an NQA test
instance.
6.15 Configuring Uni-directional Transmission Delay Thresholds
This section describes how to set a one-way transmission delay threshold in an NQA test
instance. After a one-way transmission delay threshold is set in an NQA test instance, the test
result will contain the statistics on the test packets that exceed the set threshold. This provides
the basis for the network manager to analyze the operating status of the specified service on the
network.
6.16 Configuring the Trap Function
This section describes how to configure the trap function in an NQA test instance. After the trap
function is configured, a trap message is sent to the NMS in case of transmission success or
transmission failure.
6.17 Configuring Test Results to Be Sent to the FTP Server
This section describes how to configure the system to send test results to the FTP server to avoid
loss of test results in the event that the NMS does not poll the test result in time.
6.18 Configuring a Threshold for the NQA Alarm
This section describes how to set an alarm threshold for test results. When the number of test
results exceeds the threshold, a trap message is sent to the NMS for notification.
6.19 Maintaining NQA
This section describes how to maintain an NQA test instance. You can restart the test instance
and clear the statistics on the test result to maintain a test instance.
6.20 NQA Configuration Examples
This section provides examples for configuring NQA and illustrates the networking
requirements, configuration roadmap, and configuration notes. You can better understand the
configuration procedures with the help of the configuration flowchart.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

138

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

6.1 Overview of NQA


This section describes the basic concepts of NQA and its functions.

6.1.1 Introduction to NQA


This part describes basic concepts and functions of NQA.
With the development of value-added services, users and carriers demand higher Quality of
Service (QoS). After voice over IP and video over IP services are carried out, carriers and users
all tend to sign Service Level Agreements (SLAs) to realize QoS guaranteed services.
To ensure users with the committed bandwidth, network operators should collect the statistics
of delay, jitter, and packet loss of the device. This helps them to analyze the performance of the
network in time.
The AR1200-S provides Network Quality Analysis (NQA) to meet the preceding requirements.
NQA measures the performance of each protocol running in the network and helps the network
operator to collect the network running indexes, such as the total delay of HTTP, delay of a TCP
connection, rate of file transfer, delay of an FTP connection, delay of Domain Name System
(DNS) resolution, and ratio of error DNS resolution. By controlling these indexes, network
operators provide users with services of various grades and charges users differently.
NQA is also an effective tool to diagnose and locate faults in a network.

6.1.2 Comparisons Between NQA and Ping


This part describes the differences between NQA and Ping tests.
NQA is the extension and enhancement of Ping.
By sending an Internet Control Message Protocol (ICMP) Echo-Request packet from the local
and expecting an ICMP Echo-Reply packet from the specified destination, the Ping program can
test the round-trip time (RTT) of an ICMP packet. In addition to testing the RRT of an ICMP
packet between the local and the desination, NQA can detect whether network services, such as
TCP, UDP, FTP, HTTP and the Simple Network Management Protocol (SNMP), are enabled
and test the response time of each service.
Figure 6-1 Diagram of the NQA test

Server

IP/MPLS
Network
NQA Client

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

139

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

In NQA, the RTT of each packet or timeout period of the packet is not displayed on the terminal
in real time, unlike the Ping program. Test results are displayed only when you run the display
nqa results command after a test is complete.
You can also configure the Network Management System (NM Station) to control each NQA
operation parameter and enable NQA tests.

6.1.3 NQA Server and NQA Clients


This part describes the relationships between NQA client, NQA server, and NQA test instance.

NQA test instance and NQA Client


NQA can be used to test many items. You must create a test instance for each item and each of
these test instances is a type of NQA test.
You need to create NQA test instances on NQA clients. Each test instance has an administrator
name and an operation tag as unique identification.
In the test view, configure the related test parameters. Note that a part of parameters applies to
only certain test types whereas others apply to all the test types.

NQA Server
In most types of tests, you need to configure only the NQA clients. In TCP, UDP, and Jitter tests,
however, you must configure the NQA server.
An NQA server processes the test packets received from the clients. As shown in Figure 6-2,
the NQA server responds to the test request packet received from the client through the
monitoring function.
Figure 6-2 Relationship between the NQA client and the NQA server

IP/MPLS
Network
NQA Client

NQA Server

You can create multiple TCP or UDP monitoring services on an NQA server. Each monitoring
service corresponds to a specific destination address and a port number. The destination address
and port number can be repeatedly specified.

Performing NQA Tests


After being configured with the destination address and the port number, the NQA server can
respond to test request packets. The IP address and port number specified in the monitoring
service must be consistent with those configured on the clients.
After creating a test group and configuring the related parameters, you must enable the NQA
test by using the start command and the display nqa results command to view test results.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

140

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

6.1.4 NQA Supported by the AR1200-S


This part describes NQA test types and scheduling modes supported by the AR1200-S.

Features Provided by NQA


l

Cooperates with the NM Station:


The NM Station can completely manage all NQA functions.
Supports the NQA MIB.
Supports the Disman-traceroute-MIB.
Supports the Disman-NSLookUp-MIB.
Supports the Disman-ping-MIB.

Supports multiple types of tests:


ICMP test
DHCP test
FTP test
HTTP test
DNS test
Traceroute test
SNMP test
TCP test
UDP test
UDP Jitter test

Jitter tests support the continuous sending of 3000 packets and support voice traffic
simulation.

Supports 64 tests.

Supports test task scheduling:


Implements the scheduling of test tasks to decrease the concurrent tasks on the device.
Supports the configuration of different start time and end time for a single test:
Supports three modes of starting tests: immediate, timely, and delayed.
Supports several modes of ending tests: automatic, immediate, timely, delayed, and
ending the test when the lifetime of the test expires.
Supports auto distributing the start time and the test interval when several tests are
performed at a time.

Supports the auto-delay function, with which the system resources can be effectively
utilized so that tests can be completed within a specified period.

Supports the collection of the uni-directional delay statistics and bi-directional delay
statistics. In addition, you can set a threshold and enable collecting statistics about the
packets in the test results that exceed the threshold.

Supports the collection of statistics on packet loss in one direction.

Supports dynamic reduction of test cases.

Supports the sending of the test results to the FTP server through FTP.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

141

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Supports the flexible alarm mechanism. That is, the upper and lower thresholds are set to
monitor the feature of the tested objects according to their OIDs. When the test result
exceeds the threshold, alarms are triggered based on the preset events.

6.2 Configuring the ICMP Test


This section describes how to configure an Internet Control Message Protocol (ICMP) test to
check the IP network connectivity.

6.2.1 Establishing the Configuration Task


Before configuring an ICMP test, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.

Applicable Environment
An ICMP test has a similar function with the ping command, but its output is more detailed.

Pre-configuration Tasks
Before configuring the ICMP test, configure reachable routes between the NQA client and the
tested device.

Data Preparation
To configure the ICMP test, you need the following data.
No.

Data

Administrator name and test name of the NQA test

Destination IP address

(Optional) Virtual Private Network (VPN) instance name, source interface that sends
test packets, source IP address, size of the Echo-Request packets, TTL value, ToS,
padding character, interval for sending test packets, and percentage of the failed NQA
tests

Start mode and end mode

6.2.2 Configuring ICMP Test Parameters


This part describes how to set ICMP test parameters.

Context
Do as follows on the NQA client:
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

142

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type icmp

The test type is set to ICMP.


Step 4 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Step 5 (Optional) Perform the following as required to configure other ICMP test parameters ( For
detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
l To configure the source interface that sends test packets, run the source-interface interfacetype interface-number command.
l To configure the source IP address, run the source-address ipv4 ip-address command.
source-address ipv4 ip-address equals the "-a" option in the ping command.
l To configure the size (packet header excluded) of the Echo-Request packet, run the
datasize size command.
datasize size equals the "-s" option in the ping command.
l To configure the time-to-live (TTL) value, run the ttl number command.
ttl number equals the "-h" option in the ping command.
l To configure the type of service (ToS) field in the IP packet header, run the tos value
command.
tos equals the "-tos" option in the ping command.
l To configure padding characters, run the datafill fillstring command.
datafill equals the "-p" option in the ping command.
l To configure the interval for sending the test packets, run the interval seconds interval
command.
interval seconds equals the "-m" option in the ping command.
l To configure the percentage of the failed NQA test, run the fail-percent percent command.
l To configure the NQA test packets to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
start

The NQA test is started.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

143

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End

6.2.3 Checking the Configuration


After configuring the ICMP test, you can view the test result.

Prerequisites
The configurations of the ICMP Test function are complete.

Context
NOTE

NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five test results.

Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End

Example
Run the display nqa results command. If the following is displayed, it means that the test is
successful.
l

testflag is inactive

The test is finished

Completion:success

For the ICMP test, you can also view the minimum time, maximum time, and RTT(Round Trip
Time ).
<Huawei> display nqa results
NQA entry(admin, test) :testflag is inactive ,testtype is icmp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

144

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.112.58.3
Min/Max/Average Completion Time: 2/5/3
Sum/Square-Sum Completion Time: 9/33
Last Good Probe Time: 2010-06-21 15:33:09.2
Lost packet ratio: 0 %

6.3 Configuring the DHCP Test


This section describes how to configure a Dynamic Host Configuration Protocol (DHCP) test
to detect the speed at which a DHCP server that sets up a connection with an NQA agent obtains
the IP address.

6.3.1 Establishing the Configuration Task


Before configuring a DHCP test, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.

Applicable Environment
To obtain the following information, you can create an NQA DHCP test:
l

Time for a client to set up a connection with a DHCP server

Time for a client to obtain its IP address

Pre-configuration Tasks
Before configuring the DHCP test, complete the following tasks:
l

Configuring the DHCP server or the DHCP relay

Configuring the routes between the NQA client and the DHCP server or between the NQA
client and the DHCP relay

Data Preparation
To configure the DHCP test, you need the following data.

Issue 02 (2012-03-30)

No.

Data

Administrator name and test name

Outbound interface connected with the DHCP server

(Optional) Timeout period of the test packets and percentage of the failed NQA tests

Start mode and end mode of the test

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

145

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

6.3.2 Configuring DHCP Test Parameters


This part describes how to set DHCP test parameters.

Context
NOTE

The AR1200-S supports a router to function as a DHCP server. For detailed configurations, refer to the
chapter "DHCP Configuration" in the Huawei AR1200-S Series Enterprise Routers Configuration Guide
- IP Services.

Do as follows on the NQA client:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type dhcp

The test type is set to DHCP.


Step 4 Run:
source-interface interface-type interface-number

The source interface that sends the DHCP Request packet is configured.
The specified source interface can be an Ethernet interface connected with the DHCP server.
Step 5 (Optional) Run the following commands to configure other parameters for the DHCP test. For
detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters
l To set the timeout period of the NQA test, run the timeout time command.
NOTE

For the DHCP test, the time taken to wait for the response to the probe packet may reach 10 seconds. By
default, the timeout period is 15 seconds. You are recommended to set the timeout period longer than 10
seconds.

l To set the percentage of the failed NQA test, run the fail-percent percent command.
Step 6 Run:
start

The NQA test is started.


Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

146

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

The test instance is started immediately.


l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End

6.3.3 Checking the Configuration


After configuring the DHCP test, you can view the test result.

Prerequisites
The configurations of the DHCP Test function are complete.

Context
NOTE

NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.

Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End

Example
Run the display nqa results command. If the test is successful, the following is displayed.
l

testflag is inactive

The test is finished

Completion:success

For the DHCP test, you can also view the following statistics in the extended result:
l

Number of times to disconnect with the server

Number of times of the timeout disconnection operations

Number of times the server in the busy state

Number of connections failed to be set up

Numbers of operations with wrong sequences

Number of the discarding operations

Number of times of wrong statistics collection operations

<Huawei> display nqa results

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

147

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

NQA entry(admin, dhcp) :testflag is inactive ,testtype is dhcp


1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number:
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.1.1.3
Min/Max/Average Completion Time: 1030/1030/1030
Sum/Square-Sum Completion Time: 1030/1060900
Last Good Probe Time: 2007-6-29 16:00:2.2
Lost packet ratio: 0 %

6.4 Configuring the FTP Download Test


This section describes how to configure a File Transfer Protocol (FTP) download test to check
the FTP download performance.

6.4.1 Establishing the Configuration Task


Before configuring an FTP download test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.

Applicable Environment
In an FTP download test, the local device functions as an NQA FTP client, intending to download
the specified file from an FTP server.
The test result contains statistics about each FTP phase, including the time to set up an FTP
control connection and the time to transport the data.

Pre-configuration Tasks
Before configuring the FTP download test, complete the following tasks:
l

Configuring the FTP user name and password and the login directory

Configuring routes between the NQA FTP client and the FTP server

Data Preparation
To configure the FTP download test, you need the following data.

Issue 02 (2012-03-30)

No.

Data

Administrator name and test name

IP address of the FTP server

(Optional) Source IP address of the FTP operation and VPN instance name and source
and destination port numbers of the FTP operation

FTP user name and password

Name of the file to be downloaded


Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

148

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

No.

Data

Start mode and end mode of the test

6 NQA Configuration

6.4.2 Configuring the FTP Download Test Parameters


This part describes how to set parameters for the FTP download test.

Context
Do as follows on the NQA client (FTP client):

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type ftp

The test type is set to FTP.


Step 4 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Step 5 (Optional) Perform the following as required to configure other parameters of the FTP Download
test ( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the FTP source port number, run the source-port port-number command.
l To configure the FTP destination port number, run the destination-port port-number
command.
l To configure the NQA test packet to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
ftp-operation get

The FTP operation type is set to Get.


By default, the FTP operation type is Get.
Step 7 Run:
ftp-username name

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

149

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

The FTP user name is configured.


Step 8 Run:
ftp-password password

The FTP password used during the login is configured.


Step 9 Run:
ftp-filename file-name

The name of the file to be downloaded is configured.


NOTE

During the FTP test, select a file with a relatively small size for the test. If the file is large, the test may fail
because of timeout.

Step 10 Run:
start

The NQA test is started.


Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End

6.4.3 Checking the Configuration


After configuring the FTP download test, you can view the test result.

Prerequisites
The configurations of the FTP Download Test function are complete.

Context
NOTE

NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

150

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End

Example
Run the display nqa results command. If the test is successful, the following is displayed.
l

CtrlConnTime: indicates the time when the connection is established.

DataConnTime: indicates the duration of data transmission.

SumTime: indicates the duration of the FTP operation.

<Huawei> display nqa results


NQA entry(admin, ftp) :testflag is inactive ,testtype is ftp
1 . Test 1 result
The test is finished
SendProbe:1
ResponseProbe:1
Completion :success
RTD OverThresholds number: 0
MessageBodyOctetsSum: 448
Stats errors number: 0
Operation timeout number: 0
System busy operation number:0
Drop operation number:0
Disconnect operation number: 0
CtrlConnTime Min/Max/Average: 438/438/438
DataConnTime Min/Max/Average: 218/218/218
SumTime Min/Max/Average: 656/656/656
Average RTT:380
Lost packet ratio: 0 %

6.5 Configuring the FTP Upload Test


This section describes how to configure an FTP upload test to check the FTP upload performance.

6.5.1 Establishing the Configuration Task


Before configuring an FTP upload test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.

Applicable Environment
In an FTP upload test, the local device functions as an FTP client, intending to upload the
specified file to an FTP server.
The test result contains the statistics about each FTP phase, including the time to set up an FTP
control connection and the time to transport the data.
In an FTP upload test, you can specify the file to be uploaded or the bytes to be uploaded. If
certain bytes are specified, the FTP client then automatically generates the test files for
uploading.

Pre-configuration Tasks
Before configuring the FTP upload test, complete the following tasks:
l
Issue 02 (2012-03-30)

Configuring the FTP user name and password and the login directory
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

151

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Configuring routes between the NQA client and the FTP server

Data Preparation
To configure the FTP upload test, you need the following data.
No.

Data

Administrator name and test name

IP address of the FTP server

FTP user name and password

(Optional) Source IP address of the FTP operation and VPN instance name and source
and destination port numbers of the FTP operation

Name or size of the uploaded file

Start mode and end mode of the test

6.5.2 Configuring the FTP Upload Test Parameters


This part describes how to set parameters for the FTP upload test.

Context
Do as follows on the NQA client (FTP client):

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type ftp

The test type is set to FTP.


Step 4 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Step 5 (Optional) Perform the following as required to configure other parameters for the FTP upload
test ( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the source IP address, run the source-address ipv4 ip-address command.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

152

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

l To configure the source port, run the source-port port-numbercommand.


l To configure the destination port, run the destination-port port-number command.
l To configure the NQA test packet to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
ftp-operation put

The FTP operation type is set to Put.


By default, the FTP operation type is Get.
Step 7 Run:
ftp-username name

The FTP user name is configured.


Step 8 Run:
ftp-password password

The FTP password used during the login is configured.


Step 9 Perform the following as required to upload the file.
l To upload the file with a specified name, run the ftp-filename file-name command.
NOTE

l If no file path is specified, the system searches for the file in the current path. If the specified file
name does not exist, a file is created according to the specified file name, and the size of the file is
set to 1 MB.
l The file name cannot contain characters such as ~, *, /, \, ', ", but the file path can contain these
characters.
l The file name can contain the extension name but cannot contain the extension name only, such
as .txt.

l To upload the file with a specified size, run the ftp-filesize size command. The client then
automatically creates a file name "nqa-ftp-test.txt" to upload.
NOTE

During the FTP test, select a file with a relatively small size. If the file is large, the test may fail because
of timeout.

Step 10 Run:
start

The NQA test is started.


Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

153

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End

6.5.3 Checking the Configuration


After configuring the FTP upload test, you can view the test result.

Prerequisites
The configurations of the FTP Upload Test function are complete.

Context
NOTE

NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.

Procedure
Step 1 Run the display nqa results command to view the test results on the NQA client.
----End

Example
Run the display nqa results command. If the test is successful, the following is displayed.
l

CtrlConnTime

DataConnTime

SumTime

<Huawei> display nqa results


NQA entry(admin, ftp) :testflag is inactive ,testtype is ftp
1 . Test 1 result
The test is finished
SendProbe:1
ResponseProbe:1
Completion :success
RTD OverThresholds number: 0
MessageBodyOctetsSum: 448
Stats errors number: 0
Operation timeout number: 0
System busy operation number:0
Drop operation number:0
Disconnect operation number: 0
CtrlConnTime Min/Max/Average: 438/438/438
DataConnTime Min/Max/Average: 218/218/218
SumTime Min/Max/Average: 656/656/656
Average RTT:380
Lost packet ratio: 0 %

6.6 Configuring the HTTP Test


This section describes how to configure a Hypertext Transfer Protocol (HTTP) test to check the
responding speed of the HTTP service in each phase.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

154

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

6.6.1 Establishing the Configuration Task


Before configuring an HTTP test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.

Applicable Environment
Through the NQA HTTP test, you can obtain the responding speed in three phases:
l

Time of DNS resolution: It is a period from the time the client sends the DNS packet to the
resolver for resolving the name of the HTTP server to an IP address to the time the DNS
resolution packets containing the IP address is returned.

Time to set up a TCP connection: It is the time taken by the client to set up a TCP connection
with an HTTP server through three-way handshake.

Transaction time: It is a period from the time the client sends the Get or Post packets to an
HTTP server to the time the Echo packet sent by the client reaches the HTTP server.

Pre-configuration Tasks
Before configuring the HTTP test, complete the following tasks:
l

Configuring the HTTP server

Configuring routes between the NQA client and the HTTP server

Data Preparation
To configure the HTTP test, you need the following data.
No.

Data

Administrator name and test name

Name of the HTTP server

l (Optional) Source address, Source port number


l (Optional) Destination port number
l (Optional) Fail percent

HTTP operation type

Web page to be visited and the HTTP version

Start mode and end mode of the test

6.6.2 Configuring HTTP Test Parameters


This part describes how to set HTTP test parameters.

Context
Do as follows on the NQA client (HTTP client):
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

155

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

An NQA test is created and the view is displayed.


Step 3 Run:
test-type http

The test type is set to HTTP.


Step 4 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Step 5 (Optional) Perform the following as required to configure other parameters for the HTTP test
( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port, run the source-port port-number command.
l To configure the destination port, run the destination-port port-number command.
l To configure the percentage of the failed NQA HTTP tests, run the fail-percent percent
command.
l To configure the NQA test packet to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
http-operation { get | post }

The HTTP operation type is configured.


By default, the HTTP operation type is Get.
Step 7 Run:
http-url deststring [ verstring ]

The web page to be visited and the HTTP version are configured.
NOTE

When information on the HTTP version is not configured, by default, HTTP1.0 is supported. HTTP1.1 can
be supported through your configurations.

Step 8 Run:
start

The NQA test is started.


Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

156

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

The test instance is started immediately.


l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End

6.6.3 Checking the Configuration


After configuring the HTTP test, you can view the test result.

Prerequisites
The configurations of the HTTP Test function are complete.

Context
NOTE

NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.

Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End

Example
Run the display nqa results command. If the test is successful, the following is displayed.
l

DNSRTT: indicates the time when the DNS sends a query request.

TCPConnectRTT: indicates the time when the TCP connection is established.

TransactionRTT and RTT: indicates the durations of data transmission and HTTP test
respectively.

<Huawei> display nqa results


NQA entry(admin, http) :testflag is inactive ,testtype is http
1 . Test 1 result
The test is finished
SendProbe:3
ResponseProbe:3
Completion:success
RTD OverThresholdsnumber: 0
MessageBodyOctetsSum: 411
TargetAddress: 100.2.1.200
DNSQueryError number: 0
HTTPError number: 0
TcpConnError number : 0
System busy operation number:0
DNSRTT Sum/Min/Max:0/0/0
TCPConnectRTT Sum/Min/Max: 6/1/4
TransactionRTT Sum/Min/Max: 3/1/1
RTT Sum/Min/Max/Avg: 7/1/5/2
DNSServerTimeout:0 TCPConnectTimeout:0 TransactionTimeout: 0
Lost packet ratio:0%

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

157

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

6.7 Configuring the DNS Test


This section describes how to configure a Domain Name System (DNS) test to check the DNS
resolution speed.

6.7.1 Establishing the Configuration Task


Before configuring a DNS test, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.

Applicable Environment
The DNS test is performed to obtain the speed at which the specified domain name is resolved
to an IP address.

Pre-configuration Tasks
Before configuring the DNS test, complete the following tasks:
l

Configuring the DNS server

Configuring routes between the NQA client and the DNS server

Data Preparation
To configure the DNS test, you need the following data.
No.

Data

Administrator name and test name

IP address of the DNS server

Host name to be resolved

Start mode and end mode of the test

6.7.2 Configuring the DNS Test Parameters


This part describes how to set DNS test parameters.

Context
Do as follows on the NQA client (DNS client):

Procedure
Step 1 Run
system-view

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

158

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

The system view is displayed.


Step 2 Run:
dns resolve

Enable dynamic DNS resolution. By default, the function is disabled.


Step 3 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 4 Run:
test-type dns

The test type is set to DNS.


Step 5 Run:
dns-server ipv4 ip-address

The IPv4 address of the DNS server is configured.


NOTE

For detailed parameter configurations, see the chapter Configuring Universal NQA Test Parameters

Step 6 Run:
destination-address url urlstring

The name of the destination host is configured.


Step 7 Run:
start

The NQA test is started.


Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End

6.7.3 Checking the Configuration


After configuring the DNS test, you can view the test result.

Prerequisites
The configurations of the DNS Test function are complete.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

159

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Context
NOTE

NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.

Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End

Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Huawei> display nqa results
NQA entry(t, t) :testflag is inactive ,testtype is dns
1 . Test 1 result
The test is finished
Send operation times: 1
Receive response times: 1
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.82.55.191
Min/Max/Average Completion Time: 4/4/4
Sum/Square-Sum Completion Time: 4/16
Last Good Probe Time: 2010-06-21 15:40:12.6
Lost packet ratio: 0 %

6.8 Configuring the Traceroute Test


This section describes how to configure a traceroute test to check the connectivity to each hop
on the network.

6.8.1 Establishing the Configuration Task


Before configuring a traceroute test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the data required for the configuration. This
will help you complete the configuration task quickly and accurately.

Applicable Environment
An NQA Traceroute test can provide functions similar to those provided by the tracert
command, but outputs more detailed information.

Pre-configuration Tasks
Before configuring a traceroute test, configure reachable routes between the NQA client and the
device to be tested.

Data Preparation
To configure a traceroute test, you need the following data.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

160

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

No.

Data

Administrator and name of an NQA test instance

Destination IP address

(Optional) VPN instance name, maximum hops, initial TTL and maximum TTL value
of the packet, and source IP address and destination port of the packet

Start and end modes of a test

6.8.2 Configuring Parameters for a Traceroute Test


This part describes how to configure parameters for a traceroute test.

Context
Do as follows on the NQA client:

Procedure
Step 1 Run
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type trace

A traceroute test is created.


Step 4 Run:
destination-address ipv4 ip-address

The destination address of the traceroute test is configured.


Step 5 Run the following commands as required ( For detailed parameter configurations, see the chapter
Configuring Universal NQA Test Parameters ):
l To configure the maximum hops, run:
tracert-hopfailtimes times

l To configure the initial TTL and maximum TTL values of a packet, run:
tracert-livetime first-ttl first-ttl max-ttl max-ttl

l To configure the source IP address, run:


source-address ipv4 ip-address

l To configure the destination port number, run:


destination-port port-number

l To configure a NQA test packets to be sent without searching the routing table, run:
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

161

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

sendpacket passroute

Step 6 Run:
start

An NQA test is started.


Select the start mode as required because the start command has several forms.
l To start the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ] hh:mm:ss |
delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started immediately.
l To start the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss [ end
{ at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds
second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To start the NQA test after a certain delay, run the start delay { seconds second |
hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End

6.8.3 Checking the Configuration


After configuring a traceroute test, you can view the test result.

Prerequisites
The configurations of the traceroute test are complete.

Context
NOTE

NQA test results cannot be displayed automatically on the terminal. You need to run the display nqa
results command to view test results. By the default, the command output contains the records about only
the last five tests.

Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End

Example
Run the display nqa results command. If the statistics about each hop are displayed, it means
that the traceroute test is successful.
<Huawei> display nqa results
NQA entry(t, t) :testflag is inactive ,testtype is trace
1 . Test 1 result
The test is finished
Completion:success
Attempts number:1
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

162

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Operation sequence errors number:0


RTT Stats errors number:0
Drop operation number:0
Last good path Time:2010-06-21 15:41:01.7
1 . Hop 1
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 1/2/1
Sum/Square-Sum Completion Time: 4/6
RTD OverThresholds number: 0
Last Good Probe Time: 2010-06-21 15:41:01.7
Destination ip address:10.112.58.3
Lost packet ratio: 0 %

6.9 Configuring the SNMP Query Test


This section describes how to configure a Simple Network Management Protocol (SNMP) query
test to check the communications between the host and SNMP agent.

6.9.1 Establishing the Configuration Task


Before configuring an SNMP query test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.

Applicable Environment
Through the SNMP Query test, you can obtain the statistics of the communication between hosts
and SNMP agents.

Pre-configuration Tasks
Before configuring the SNMP Query test, complete the following tasks:
l

Configuring the SNMP agent

Configuring routes between the NQA client and the SNMP agent

Data Preparation
To configure the SNMP query test, you need the following data.
No.

Data

Administrator name and test name

IP address of the SNMP agent

(Optional) Source IP addresses and source port numbers of test packets, interval for
sending test packets, and percentage of the failed NQA tests

Start mode and end mode of the test

6.9.2 Configuring the SNMP Query Test Parameters


This part describes how to set SNMP query test parameters.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

163

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Context
Do as follows on the NQA client:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
snmp-agent

The SNMP agent function is enabled.


Step 3 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 4 Run:
test-type snmp

The test type is set to SNMP Query.


Step 5 Run:
destination-address ipv4 ip-address

The destination IP address, that is, the IP address of the SNMP agent, is configured.
NOTE

The SNMP function must be enabled on the destination host; otherwise, the destination host fails to receive
Echo packets.

Step 6 (Optional) Perform the following as required to configure other parameters for the SNMP test
( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port number, run the source-port port-number command.
l To configure the interval for sending test packets, run the interval seconds interval
command.
l To configure the percentage of the failed NQA tests, run the fail-percent percent command.
l To configure the NQA test packets to be sent without searching the routing table, run the
sendpacket passroute command.
Step 7 Run:
start

The NQA test is started.


Select the start mode as required because the start command has several forms.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

164

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End

6.9.3 Checking the Configuration


After configuring the SNMP query test, you can view the test result.

Prerequisites
The configurations of the SNMP Query Test function are complete.

Context
NOTE

NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.

Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End

Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Huawei> display nqa results
NQA entry(admin, snmp) :testflag is inactive ,testtype is snmp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:0
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 63/172/109
Sum/Square-Sum Completion Time: 329/42389
Last Good Probe Time: 2006-8-5 15:33:49.1
Lost packet ratio: 0 %

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

165

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

6.10 Configuring the TCP Test


This section describes how to configure a Transmission Control Protocol (TCP) test to check
the responding speed of a TCP port.

6.10.1 Establishing the Configuration Task


Before configuring a TCP test, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.

Applicable Environment
To obtain the time for the specified port to respond to a TCP connection request, you can create
an NQA TCP test instance.

Pre-configuration Tasks
Before configuring the TCP test, configure reachable routes between the NQA client and the
TCP server.

Data Preparation
To configure the TCP test, you need the following data.
No.

Data

Administrator name and test name

IP address and port number monitored by the TCP server

(Optional) Destination port numbers of the probe packets sent by the TCP client and
source IP addresses , source port numbers of test packets, interval for sending test
packets, and percentage of the failed NQA tests

Start mode and end mode of the test

6.10.2 Configuring the TCP Server


The IP address and number of the port monitored by the server must be identical with those
configured on the client.

Context
Do as follows on the NQA server (TCP server):

Procedure
Step 1 Run:
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

166

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

system-view

The system view is displayed.


Step 2 Run:
nqa-server tcpconnect

ip-address port-number

The TCP monitoring service is configured.


NOTE

Note that the IP address and port number monitored by the server should be consistent with those configured
on the client.

----End

6.10.3 Configuring the TCP Client


This part describes how to set TCP test parameters.

Context
Do as follows on the NQA client (TCP client):

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type tcp

The test type is set to TCP.


Step 4 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Step 5 To configure the destination port number, run the destination-port port-numbercommand.
Step 6 (Optional) Perform the following as required to configure other parameters for the TCP test ( For
detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port number, run the source-port port-numbercommand.
l To configure the interval for sending test packets, run the interval seconds interval
command.
l To configure the percentage of the failed NQA tests, run the fail-percent percentcommand.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

167

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

l To configure the NQA test packets to be sent without searching the routing table, run the
sendpacket passroute command.
Step 7 Run:
start

The NQA test is started.


Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
The differences between the TCP Public tests and the TCP Private tests are as follows:
l The TCP Public tests do not require the destination port to be configured on the client.
Connection requests are initiated and sent to the TCP port 7 of the destination address. The
server should monitor the TCP port 7.
l The TCP Private tests require the destination port be specified and the related monitoring
services enabled on the server.
----End

6.10.4 Checking the Configuration


After configuring the TCP test, you can view the test result.

Prerequisites
The configurations of the TCP Test function are complete.

Context
NOTE

NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.

Procedure
l

Run the display nqa results [ test-instance admin-name test-name ] command to view the
test results on the NQA client.

Run the display nqa-server command to view the information about the NQA server.

----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

168

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Huawei> display nqa results
NQA entry(admin, tcp) :testflag is inactive ,testtype is tcp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:0
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 31/62/51
Sum/Square-Sum Completion Time: 155/8649
Last Good Probe Time: 2006-8-5 15:55:15.3
Lost packet ratio: 0 %

6.11 Configuring the UDP Test


This section describes how to configure a User Datagram Protocol (UDP) test to check the
responding speed of a UDP port.

6.11.1 Establishing the Configuration Task


Before configuring a UDP test, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.

Applicable Environment
To obtain the time for the specified port to respond to a UDP connection request, you can create
a UDP test instance.

Pre-configuration Tasks
Before configuring the UDP test, configure reachable routes between the NQA client and the
UDP server.

Data Preparation
To configure the UDP test, you need the following data.

Issue 02 (2012-03-30)

No.

Data

Administrator name and test name

IP address and port of the UDP server

Destination IP address and the port of the probe packets sent by the UDP client

(Optional) Source IP addresses and source port numbers of test packets, interval for
sending test packets, and percentage of the failed NQA tests

Start mode and end mode of the test


Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

169

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

6.11.2 Configuring the UDP Server


The IP address and number of the port monitored by the server must be identical with those
configured on the client.

Context
Do as follows on the NQA server (UDP server):

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa-server udpecho

ip-address port-number

The UDP monitoring service is configured.


Note that the IP address and port number monitored by the server should be consistent with those
configured on the client.
----End

6.11.3 Configuring the UDP Client


This part describes how to set UDP test parameters.

Context
Do as follows on the NQA client (UDP client):

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type udp

The test type is set to UDP.


Step 4 Run:
destination-address ipv4 ip-address

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

170

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

The destination IP address is configured.


Step 5 Run:
destination-port port-number

The destination port number is configured.


Step 6 (Optional) Perform the following as required to configure other parameters for the UDP test
( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port number, run the source-port port-numbercommand.
l To configure the interval for sending test packets, run the interval seconds interval
command.
l To configure the percentage of the failed NQA tests, run the fail-percent percent command.
l To configure the NQA test packets to be sent without searching the routing table, run the
sendpacket passroute command.
Step 7 Run:
start

The NQA test is started.


Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End

6.11.4 Checking the Configuration


After configuring the UDP test, you can view the test result.

Prerequisites
The configurations of the UDP Test function are complete.

Context
NOTE

NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

171

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Procedure
l

Run the display nqa results [ test-instance admin-name test-name ] command to view the
test results on the NQA client.

Run the display nqa-server command to view the information about the NQA server.

----End

Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Huawei> display nqa results
NQA entry(admin, udp) :testflag is inactive ,testtype is udp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 32/109/67
Sum/Square-Sum Completion Time: 203/16749
Last Good Probe Time: 2006-8-5 16:9:21.6
Lost packet ratio: 0 %

6.12 Configuring the Jitter Test


This section describes how to configure a jitter test to check jitter on the network. You can
perform a jitter test only when both the client and the server are Huawei devices.

6.12.1 Establishing the Configuration Task


Before configuring a jitter test, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.

Applicable Environment
The jitter time refers to the interval for sending two adjacent packets minus the interval for
receiving the two packets.
The process of a Jitter test is as follows:
1.

The source sends a packet to the destination at a specified interval.

2.

After receiving the packet, the destination adds a timestamp to the packet and returns them
to the source.

3.

After receiving the returned packets, the source subtracts the interval for the source to send
two adjacent packets from the interval for the destination to receive the two packets and
then obtains the jitter time.

The maximum, minimum, and average jitter time calculated based on the information received
on the source can clearly show the network status.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

172

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

In a Jitter test, you can set the number of packets to be sent consecutively. Through this setting,
certain traffic can be simulated within a certain period. For example, if you set 3000 UDP packets
to be sent at an interval of 20 milliseconds. Then, in one minute, G.711 traffic is simulated.
NOTE

To improve the test accuracy, you can configure the Network Time Protocol (NTP) on both the client and
the server.

Pre-configuration Tasks
Before configuring the Jitter test, configure reachable routes between the NQA client and the
NQA server.

Data Preparation
To configure the Jitter test, you need the following data.
No.

Data

Administrator name and test name

IP address and the port number monitored by the UDP server

Destination IP addresses and port numbers of the probe packets sent by the UDP
client

(Optional) VPN instance name, source IP address and port number of the probe packet
sent by the UDP client, number of probe packets and test packets sent each time,
interval for sending probe packets and test packets, percentage of the failed NQA
tests, and version number carried in the Jitter packet

Start mode and end mode of the test

6.12.2 Configuring the Jitter Server


The IP address and number of the port monitored by the server must be identical with those
configured on the client.

Context
Do as follows on the NQA server (Jitter server):

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa-server udpecho ip-address

port-number

The UDP monitoring service is configured.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

173

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Note that the IP address and port number monitored by the Jitter server should be consistent
with those configured on the client.
----End

6.12.3 Configuring the Jitter Client


This part describes how to configure the client of the jitter test.

Context
NOTE

The system supports the collection of the statistics about the maximum uni-directional transmission delay.

Perform the following steps on the NQA client (Jitter client).

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 (Optional) To configure the version number of Jitter packets, run the nqa-jitter tag-version
version-number command in the system view.
If Version 2 is adopted, after collecting the packet loss across a uni-directional link is enabled,
you can find the packet loss across the link from the source to the destination (or from the
destination to the source or from an unknown direction). According to these statistics, the
network administrator can easily detect network faults and malicious attacks.
Step 3 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 4 Run:
test-type jitter

The test type is set to Jitter.


Step 5 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Step 6 Run:
destination-port port-number

The destination port number is configured.


Step 7 (Optional) Perform the following as required to configure other parameters for the Jitter test
( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port number, run the source-port port-numbercommand.
l To configure the probe times in the NQA test, run the probe-count number command.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

174

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

l To configure the number of test packets sent each time, run the jitter-packetnum number
command.
The Jitter test is used to collect statistics and perform analysis of the transmission delay
variation of the UDP packets. The system sends multiple test packets for each test to make
the statistics more accurate. The more test packets are sent, the more accurate the statistics
and analysis are. This process, however, is time consuming.
NOTE

The number of the Jitter tests depends on the probe-count command. The number of test packets sent
during each test depends on the jitter-packetnum command. During the actual configuration, the
product of the number of test times and the number of the test packets must be less than 3000.

l To configure the interval for sending test packets, run the interval { milliseconds interval |
seconds interval } command.
The shorter the interval for sending the Jitter test packets is, the faster the test is completed.
If the interval, however, is set to a very small value, the jitter statistics result may have a
greater error.
l To configure the percentage of the failed NQA tests, run the fail-percent percent command.
l To send the NQA test packet without searching the routing table, run the sendpacket
passroute command.
Step 8 Run:
start

The NQA test is started.


Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End

6.12.4 Checking the Configuration


After configuring the jitter test, you can view the test result.

Prerequisites
The configurations of the Jitter Test function are complete.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

175

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Context
NOTE

NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.

Procedure
l

Run the display nqa results [ test-instance admin-name test-name ] command to view the
test results on the NQA client.

Run the display nqa-server command to view the information about the NQA server.

----End

Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Huawei> display nqa results test-instance admin jitter
NQA entry(admin, jitter) :testflag is inactive ,testtype is jitter
1 . Test 2 result
The test is finished
SendProbe:60
ResponseProbe:60
Completion:success
RTD OverThresholds number:0
OWD OverThresholds SD number:0
OWD OverThresholds DS number:0
Min/Max/Avg/Sum RTT:1/1/1/60
RTT Square Sum:60
NumOfRTT:60
Drop operation number:0
Operation sequence errors number:0
RTT Stats errors number:0
System busy operation number:0
Operation timeout number:0
Min Positive SD:1
Min Positive DS:1
Max Positive SD:1
Max Positive DS:1
Positive SD Number:15
Positive DS Number:1
Positive SD Sum:15
Positive DS Sum:1
Positive SD Square Sum:15
Positive DS Square Sum:1
Min Negative SD:1
Min Negative DS:1
Max Negative SD:1
Max Negative DS:1
Negative SD Number:15
Negative DS Number:1
Negative SD Sum:15
Negative DS Sum:1
Negative SD Square Sum:15
Negative DS Square Sum:1
Min Delay SD:0
Min Delay DS:0
Avg Delay SD:0
Avg Delay DS:0
Max Delay SD:0
Max Delay DS:0
Delay SD Square Sum:27
Delay DS Square Sum:1
Packet Loss SD:0
Packet Loss DS:0
Packet Loss Unknown:0
Average of Jitter:1
Average of Jitter SD:1
Average of Jitter DS:1
jitter out value:0.0312500
jitter in value:0.0020833
NumberOfOWD:60
Packet Loss Ratio: 0%
OWD SD Sum:27
OWD DS Sum:1
ICPIF value: 0
MOS-CQ value: 0
TimeStamp unit: ms
Packet Rewrite Number: 0
Packet Rewrite Ratio: 0%
Packet Disorder Number: 0
Packet Disorder Ratio: 0%
Fragment-disorder Number: 0
Fragment-disorder Ratio: 0%

6.13 Configuring Universal NQA Test Parameters


This section describes how to set and use universal parameters for NQA test instances.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

176

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

6.13.1 Establishing the Configuration Task


Before setting universal parameters for NQA test instances, familiarize yourself with the
applicable environment, complete the pre-configuration tasks, and obtain the required data. This
can help you complete the configuration task quickly and accurately.

Applicable Environment
NQA supports not only the configuration of the parameters for various types of tests, but also
the configuration of universal options of a test group.
Commonly, the default configurations of the universal parameters are adopted.

Pre-configuration Tasks
Before configuring universal NQA parameters, create NQA tests correctly.

6.13.2 Configuring Universal Parameters for the NQA Test Instance


This part describes the application of each parameter in the NQA test instance.

Context
Perform the following steps on the NQA client.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

The NQA test instance view is displayed.


Step 3 Configure global parameters for the test instance as required.
l Run:
agetime hh:mm:ss

The aging time is set for the NQA test instance.


l Run:
alarm entry-number { lost-packet-ratio | jitter-average | jitter-ds-average |
jitter-sd-average | packet-loss-ds | packet-loss-sd | rtt-average } { absolute
| delta } { falling-threshold threshold-value1 event-entry1 | rising-threshold
threshold-value2 event-entry2 } * [ description ]

Configuration NQA alarms for the NQA test instance.


l Run:
datafill fillstring

The fill string is set for the NQA test instance.


NOTE

You can configure padding characters for only UDP, ICMP, Jitter and Trace tests.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

177

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

l Run:
datasize size

The packet size is set for the NQA test instance.


NOTE

This parameter can be configured for ICMP, UDP, Jitter, and Trace test instances.

l Run:
description string

The description is configured for the NQA test instance.


l Run:
destination-address ipv4 ip-address

The destination IP address is set for the NQA test instance.


NOTE

This parameter cannot be configured for DNS and DHCP test instances.

l Run:
destination-address url urlstring

The destination URL address is set for the NQA test instance.
NOTE

The destination URL address can be configured for DNS and HTTP test instances.

l Run:
destination-port port-number

The destination port number is set for the NQA test instance.
NOTE

The destination port number can be configured only for UDP, Jitter, TCP, Trace, FTP, and HTTP test
instances.

l Run:
dns-server ipv4 ip-address

The DNS server address is configured for the NQA test instance.
NOTE

The DNS server address can be configured only for DNS and HTTP test instances.

l Run:
fail-percent percent

The failure percentage is set for the NQA test instance.


NOTE

This parameter cannot be configured for Trace, FTP, and DNS test instances.

l Run:
frequency interval

The test period is set for the NQA test instance.


l Run:
ftp-filename file-name

The file name and file path are configured for the FTP test instance.
NOTE

The file name and file path can be configured only for the FTP test instance.

l Run:
ftp-filesize size

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

178

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

The size of the file is set for the FTP test instance.
NOTE

The size of the file can be configured only for the FTP test instance.

l Run:
ftp-operation { get | put }

The operation type is configured for the FTP test instance.


NOTE

The operation type can be configured only for the FTP test instance.

l Run:
ftp-password password

The user password is set for the FTP test instance.


NOTE

The user password can be configured only for the FTP test instance.

l Run:
ftp-username name

The user name is set for the FTP test instance.


NOTE

The user name can be configured only for the FTP test instance.

l Run:
http-operation { get | post }

The test type is set for the HTTP test instance.


NOTE

The operation type can be configured only for the HTTP test instance.

l Run:
http-url deststring [ verstring ]

The relative file path and version are configured for the HTTP test instance.
NOTE

The relative file path and version can be configured only for the HTTP test instance.

l Run:
interval { milliseconds

interval | seconds interval }

The interval for sending packets is set for the NQA test instance.
NOTE

The interval for sending packets can be configured only for the ICMP, UDP, SNMP, Jitter, and TCP
test instances.

l Run:
jitter-packetnum number

The number of test packets is set for the NQA test instance.
NOTE

The number of test packets can be configured only for Jitter type test instances.

l Run:
probe-count number

The number of probes for one time is set.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

179

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

NOTE

This parameter cannot be configured for FTP and DNS test instances.

l Run:
probe-failtimes times

The number of permitted maximum probe failures, that is, the threshold to trigger the trap
message, is set for the NQA test instance.
l Run:
records history number

The maximum number of history records is set for the NQA test instance.
l Run:
records result number

The maximum number of result records is set for the NQA test instance.
l Run:
sendpacket passroute

The NQA test is configured to send packets without searching for the routing table.
NOTE

This parameter cannot be configured for DHCP, and DNS test instance.

l Run:
set-df

Packet fragmentation is prohibited.


NOTE

This function can be configured only for the Trace test instances.

l Run:
send-trap { all | { owd-ds | owd-sd | probefailure | rtd | testcomplete |
testfailure } * }

The condition for triggering the trap message is configured.


l Run:
source-address ipv4 ip-address

The source IP address is set for the NQA test instance.


NOTE

This parameter cannot be configured for DHCP, and DNS test instances.

l Run:
source-interface interface-type interface-number

The source interface is configured for the NQA test instance.


NOTE

The source interface can be configured for ICMP, and DHCP test instances.

l Run:
source-port port-number

The source port number is set for the NQA test instance.
NOTE

This parameter is not applicable to the DNS test, ICMP test, DHCP test, and Trace test.

l Run:
test-failtimes times

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

180

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

The trap threshold for continuous probe failures is set for the NQA test instance.
l Run:
timeout time

The timeout period is set for the NQA test instance.


l Run:
ttl number

The TTL value in the NQA test packet is set.


NOTE

This parameter cannot be configured for DHCP, DNS, and Trace test instances.

l Run:
tos value

Type of Service (TOS) is set for the test packet.


NOTE

This parameter cannot be configured for DHCP, DNS, and Trace test instances.

l Run:
tracert-hopfailtimes times

The hop fail times are set for the Trace test instance.
NOTE

This parameter can be configured only for Trace test instance.

l Run:
tracert-livetime first-ttl first-ttl max-ttl max-ttl

The lifetime is set for the Trace test instance.


NOTE

This parameter can be configured only for Trace test instance.

l Run:
vpn-instance vpn-instance-name

The VPN instance name is configured for the NQA test instance.
NOTE

This parameter cannot be configured for DNS, and DHCP test instance.

----End

6.13.3 Checking the Configuration


After setting universal parameters for NQA test instances, you can view the test result.

Prerequisites
The configurations of the Universal NQA Test Parameters function are complete.

Procedure
Step 1 Run the display nqa-agent [admin-name test-name ] [ verbose ] to view the status of the test
instance configured on the NQA client.
----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

181

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Example
<Huawei> display nqa-agent
NQA Tests Max:64
NQA Flow Max:1000

NQA Tests Number:


2
NQA Flow Remained:1000

nqa test-instance a a
test-type tcp
destination-address ipv4 10.1.1.1
source-address ipv4 10.1.1.10
ttl 100
tos 50
interval seconds 30
timeout 20
nqa status : normal

6.14 Configuring Round-Trip Delay Thresholds


This section describes how to set a round-trip delay transmission threshold in an NQA test
instance.

6.14.1 Establishing the Configuration Task


Before setting a round-trip transmission delay threshold, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.

Applicable Environment
If the round-trip transmission delay threshold is configured for a NQA test instance, the NQA
test result will contain the statistics on the test packets that exceed the set threshold. This provides
the basis for the network manager to analyze the operation status of the specified service.

Pre-configuration Tasks
Before configuring the round-trip transmission delay threshold, complete the following tasks:
l

Running the device normally

Creating NQA test instances and configuring related parameters correctly

Data Preparation
To configure the round-trip transmission delay threshold, you need the following data.

Issue 02 (2012-03-30)

No.

Data

Administrator name and test name

Round-trip transmission delay threshold

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

182

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

6.14.2 Configuring Round-Trip Delay Thresholds


This part describes how to set a round-trip transmission delay threshold. When the transmission
duration exceeds the threshold, a trap message is sent to the Network Management System
(NMS).

Context
Do as follows on the router to perform the NQA test:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the NQA instance view is displayed.
Step 3 Run:
test-type { dhcp | dns | ftp | http | icmp | jitter | snmp | tcp | trace | udp }

The test type is configured.


Step 4 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Step 5 (Optional)Run:
destination-port port-number

The destination port number is configured.


Step 6 Run:
threshold rtd rtd-value

The round-trip transmission delay threshold is configured.


Step 7 Run:
send-trap rtd

The trap function is enabled.


----End

6.14.3 Checking the Configuration


After setting the round-trip transmission delay threshold, you can view the configuration.

Prerequisites
The configurations of the Round-Trip Delay Thresholds Test function are complete.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

183

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Procedure
Step 1 Run the display nqa-agent [ admin-name test-name ] [ verbose ] to view the status of the test
instance configured on the NQA client.
----End

Example
Run the display nqa-agent verbose command. If the test is successful, the following is
displayed. For example:
<Huawei> display nqa-agent verbose
NQA Tests Max:64
NQA Tests Number:
1
NQA Flow Max:1000
NQA Flow Remained:1000
nqa test-instance admin jitter
test-type jitter
destination-address ipv4 100.1.1.201
destination-port 80
threshold rtd 2000
send-trap rtd
nqa status : normal

6.15 Configuring Uni-directional Transmission Delay


Thresholds
This section describes how to set a one-way transmission delay threshold in an NQA test
instance. After a one-way transmission delay threshold is set in an NQA test instance, the test
result will contain the statistics on the test packets that exceed the set threshold. This provides
the basis for the network manager to analyze the operating status of the specified service on the
network.

6.15.1 Establishing the Configuration Task


Before setting a one-way transmission delay threshold, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.

Applicable Environment
In all jitter type tests, after the uni-directional transmission delay threshold is configured, the
test results contain statistics on the test packets that exceed the set threshold. This provides the
basis for the network manager to analyze the operation status of the specified service.

Pre-configuration Tasks
Before configuring the uni-directional transmission delay threshold, complete the following
tasks:
l

Running the device normally

Creating NQA tests and configuring related parameters correctly

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

184

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Data Preparation
To configure the uni-directional transmission delay threshold, you need the following data.
No.

Data

Administrator name and test name

Uni-directional transmission delay threshold

6.15.2 Configuring Uni-directional Transmission Delay Thresholds


This part describes how to set a one-way transmission delay threshold. When the transmission
duration exceeds the threshold, a trap message is sent to the NMS.

Context
Do as follows on the router to perform the NQA test:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the NQA instance view is displayed.
Step 3 Run:
test-type jitter

The test type is configured.


Step 4 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Step 5 (Optional)Run:
destination-port port-number

The destination port number is configured.


Step 6 Run:
threshold owd-sd owd-sd-value

The uni-directional transmission (from the source to the destination) delay threshold is
configured.
Step 7 Run:
threshold owd-sd owd-sd-value

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

185

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

The uni-directional transmission (from the destination to the source) delay threshold is
configured.
----End

6.15.3 Checking the Configuration


After setting the one-way transmission delay threshold, you can view the configuration.

Prerequisites
The configurations of the Uni-directional Transmission Delay Thresholds Test function are
complete.

Procedure
Step 1 Run the display nqa-agent [ admin-name test-name ] [ verbose ] to view the status of the test
instance configured on the NQA client.
----End

Example
Using the display nqa-agent [ admin-name test-name ] [ verbose ] command, you can view the
uni-directional transmission delay threshold configured for the NQA test. For example:
<Huawei> display nqa-agent verbose
NQA Tests Max:64
NQA Tests Number:
1
NQA Flow Max:1000
NQA Flow Remained:1000
nqa test-instance admin jitter
test-type jitter
destination-address ipv4 100.1.1.201
destination-port 80
send-trap probefailure
send-trap testfailure
send-trap testcomplete
send-trap rtd
send-trap owd-sd
send-trap owd-ds
threshold owd-sd 2000
threshold owd-ds 2000
nqa status : normal

6.16 Configuring the Trap Function


This section describes how to configure the trap function in an NQA test instance. After the trap
function is configured, a trap message is sent to the NMS in case of transmission success or
transmission failure.

6.16.1 Establishing the Configuration Task


Before configuring the trap function, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

186

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Applicable Environment
Trap messages are generated regardless of whether the NQA test is successful or fails. You can
control whether to send trap messages to the NM station by enabling or disabling the trap
function.
NQA supports three types of trap messages as defined in the DISMAN-PING-MIB.
l

Trap message sent when an NQA probe fails


This message checks whether the probe Echo packets are received.
If the number of packets that have no responses reaches the upper limit, trap messages are
sent to a specified NM station.

Trap message sent when an NQA test fails


This message checks whether the test fails.
If the number of the times that a test fails exceeds the limit, trap messages are sent to a
specified NM station.

Trap message sent when an NQA test is successful


This message checks whether the test is successful.
If Echo packets are received during an NQA test, trap messages are sent to a specified NM
station.

NQA also supports the sending of trap messages to the NM station when the uni-directional
transmission delay or the round-trip transmission delay exceeds the threshold.
l

For all tests supporting traps, if the round-trip transmission delay exceeds the threshold and
the trap function is enabled, trap messages are sent to the NM station with the specified IP
address.

For all the Jitter tests, if the uni-directional transmission delay exceeds the threshold and
the trap function is enabled, trap messages are sent to the NM station with the specified IP
address.

Trap messages carry information such as destination IP address, operation status, destination IP
address of the test packet, minimum RTT, maximum RTT and total RTT, number of sent probe
packets, number of received packets, RTT square sum, and time of the last successful probe.

Pre-configuration Tasks
Before configuring the trap function, complete the following tasks:
l

Configuring routes between the NQA client and the NM station

Creating an NQA test and configuring related parameters correctly

Data Preparation
To configure the trap function, you need the following data.

Issue 02 (2012-03-30)

No.

Data

Administrator name and test name

NQA events that trigger the trap function


Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

187

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

No.

Data

l (Optional) Number of test failures that trigger sending a trap message


l (Optional) Number of probe failures that trigger sending a trap message

6.16.2 Sending Trap Messages When Test Failed


A trap message is sent to the NMS when the transmission of NQA test packets fails.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type tcp

The test type is configured.


Step 4 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Step 5 (Optional)Run:
destination-port port-number

The destination port number is configured.


Step 6 Run:
send-trap testfailure

Sending trap messages when tests fail is enabled.


By default, the trap function is disabled.
Step 7 Run:
test-failtimes times

The number of test failures that trigger sending a trap message is configured.
By default, a trap message is sent for each test failure.
----End

6.16.3 Sending Trap Messages When Probes Failed


A trap message is sent to the NMS when the NQA test fails.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

188

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type tcp

The test type is configured.


Step 4 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Step 5 (Optional)Run:
destination-port port-number

The destination port number is configured.


Step 6 Run:
probe-failtimes times

The number probe failures that trigger sending a Trap message is configured.
By default, a trap message is sent for each probe failure.
Step 7 Run:
send-trap probefailure

Sending trap messages when probes fail is enabled.


By default, the trap function is disabled.
----End

6.16.4 Sending Trap Messages When Probes Are Complete


Successfully
A trap message is sent to the NMS when the NQA test is complete successfully.

Context
Do as follows on the NQA client:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

189

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Step 2 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type tcp

The test type is configured.


Step 4 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Step 5 (Optional)Run:
destination-port port-number

The destination port number is configured.


Step 6 Run:
send-trap testcomplete

Sending trap messages when tests are complete successfully is enabled.


By default, the trap function is disabled.
----End

6.16.5 Sending Trap Messages When the Transmission Delay


Exceeds Thresholds
A trap message is sent to the NMS when the test result exceeds the threshold.

Context
Do as follows on the NQA client:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type tcp

The test type is configured.


Step 4 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

190

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Step 5 (Optional)Run:
destination-port port-number

The destination port number is configured.


Step 6 Run:
send-trap rtd

Sending trap messages when the transmission delay exceeds the threshold is enabled.
By default, the trap function is disabled.
----End

6.16.6 Checking the Configuration


After the trap function is enabled in an NQA test instance, you can view trap messages in the
trap buffer.

Prerequisites
The configurations of the Trap function are complete.

Procedure
Step 1 Run the display trapbuffer [ size value ] to view the trap messages sent in an NQA test.
----End

Example
Run the display trapbuffer [ size value ] command. If information about the trap messages is
displayed, it means that the configuration succeeds.
For example:
<Huawei> display trapbuffer size 2
Trapping buffer configuration and contents:enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 11
#May 6 2009 12:54:17+00:00 CBB6-PE3 SINDEX/4/INDEXMAP:OID
1.3.6.1.4.1.2011.5.25.110.2.0.1 ShortIFIndexMapTable changed.
#May 6 2009 11:02:37+00:00 CBB6-PE3 SRM_BASE/4/ENTITYREGSUCCESS: OID
1.3.6.1.4.1.2011.5.25.129.2.1.18 Physical entity register succeeded.
(EntityPhysicalIndex=17367040, BaseTrapSeverity=2, BaseTrapProbableCause=70144,
BaseTrapEventType=5, EntPhysicalContainedIn=1677721
6, EntPhysicalName="SRU slot 9", RelativeResource="", ReasonDescription="MPU9")

6.17 Configuring Test Results to Be Sent to the FTP Server


This section describes how to configure the system to send test results to the FTP server to avoid
loss of test results in the event that the NMS does not poll the test result in time.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

191

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

6.17.1 Establishing the Configuration Task


Before configuring the system to send test results to the FTP server, familiarize yourself with
the applicable environment, complete the pre-configuration tasks, and obtain the required data.
This can help you complete the configuration task quickly and accurately.

Applicable Environment
In the test, the latest five test results can be saved by the system and earlier ones are overlapped.
Therefore, if the NM station does not perform result polling timely, test results are lost. You can
send the statistics on the test results that reach the capacity of the local storage or periodically
send the statistics to the FTP server for storage through FTP. This can effectively prevent the
loss of test results and facilitate the network management based on the analysis of test results at
different times.

Pre-configuration Tasks
Before configuring test results to be sent to the FTP server, complete the following tasks:
l

Configuring the FTP server

Configuring a reachable route between the NQA client and the NM station

Configuring a test instance

Data Preparation
To configure test results to be sent to the FTP server, you need the following data.
No.

Data

IP address of the FTP server

User name and password used for logging into the FTP server

Number of test results saved through FTP

Duration of saving test results through FTP

6.17.2 Configuring Parameters for Connecting the FTP Server


This part describes how to set parameters for accessing the FTP server that receives the test
results, such as address of the FTP server and user name and password for accessing the FTP
server.

Context
Do as follows on the NQA client:

Procedure
Step 1 Run:
system-view

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

192

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

The system view is displayed.


Step 2 Run:
nqa-ftp-record ip-address ip-address

or
nqa-ftp-record vpn-instance vpn-instance

The IP address of the FTP server is configured.


Step 3 Run:
nqa-ftp-record username username

The user name for logging into the FTP server is configured.
Step 4 Run:
nqa-ftp-record password password

The password for logging into the FTP server is configured.


Step 5 Run:
nqa-ftp-record filename filename

The file name used for saving test results is configured.


----End

6.17.3 Enabling the Function of Saving NQA Test Results Through


FTP
The system can send test results to the FTP server only after the FTP server is enabled with the
test result saving function.

Context
Do as follows on the NQA client:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa-ftp-record enable

The FTP server is enabled to save test results.


----End

6.17.4 (Optional) Configuring the Number of Test Results Saved


Through FTP
This part describes how to configure the number of test results that an FTP server can save.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

193

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Context
Do as follows on the NQA client:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa-ftp-record item-num item-number

The number of test results to be saved on the FTP server through FTP is configured.
----End

6.17.5 (Optional) Configuring the Duration of Saving Test Results


Through FTP
Each time, the system can send two test results to the FTP server. If the FTP server cannot
continue to write the file after being interrupted, a new file is created on the FTP server for the
test results sent each time.

Context
Do as follows on the NQA client:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa-ftp-record time time

The duration of saving test results to the FTP server through FTP is configured.
----End

6.17.6 (Optional) Enabling Alarms to Be Sent to the NM Station


After the FTP Transmission Succeeds
After test results are successfully saved on the FTP server, a trap message is sent to the NMS
for notification.

Context
Do as follows on the NQA client:
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

194

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa-ftp-record trap-enable

Alarms are configured to be sent to the NM station after the FTP transmission succeeds.
When the FTP transmission succeeds at the first time, no alarm message is generated. From the
second time on, each time when the FTP transmission succeeds, an alarm message is generated.
----End

6.17.7 Starting the Test Instance


After you start a test instance, test results are field periodically.

Context
Do as follows on the NQA client:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run the nqa test-instance admin-name test-name command, enter the NQA test instance view.
Step 3 Run:
test-type { dhcp | dns | ftp | http | icmp | jitter | snmp | tcp | trace | udp }

The test type is configured.


Step 4 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Step 5 (Optional)Run:
destination-port port-number

The destination port number is configured.


Step 6 Run:
start

The NQA test is started.


Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

195

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

The test instance is started immediately.


l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm | dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End

6.17.8 Checking the Configuration


After configuring the system to send test results to the FTP server, you can view the
configuration.

Prerequisites
The configurations of the Test Results to Be Sent to the FTP Server function are complete.

Procedure
Step 1 Run the display nqa-ftp-record configuration command to Check the configuration for saving
NQA test results.
----End

Example
Run the display nqa-ftp-record configuration command to check the configuration for saving
NQA test results.
<Huawei> display nqa-ftp-record configuration
---------------NQA FTP SAVE RECORD CONFIGURATION--------------FUNCTION: ENABLE
TRAP: DISABLE
IP-ADDRESS:11.1.1.8
VPN-INSTANCE:
USERNAME:wang
PASSWORD:123
FILENAME:icmp
ITEM-NUM:10010
TIME:2
LAST FINISHED FILENAME:icmp20080605-150350.txt

6.18 Configuring a Threshold for the NQA Alarm


This section describes how to set an alarm threshold for test results. When the number of test
results exceeds the threshold, a trap message is sent to the NMS for notification.

6.18.1 Establishing the Configuration Task


Before setting an alarm threshold for test results, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

196

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Applicable Environment
The user can monitor the network by configuring an alarm threshold. After monitoring
conditions are configured, when the monitored item in the test result exceeds the configured
upper or lower threshold, the device sends alarms to the NM station. Therefore, the user can
monitor the real-time operation status of the network.

Pre-configuration Tasks
Before configuring the threshold for the NQA alarm, complete the following task:
l

Configuring a test instance

Data Preparation
To configure the threshold for the NQA alarm, you need the following data.
No.

Data

Number of the event corresponding to the threshold

Number of the alarm threshold

Upper threshold

Lower threshold

6.18.2 Configuring the Event Corresponding to the Alarm


Threshold
This part describes the actions that the system needs to perform in response to the threshold
exceeding, such as generating logs, generating traps, or generating logs and traps.

Context
Do as follows on the NQA client:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa event event-entry { linkage admin-name test-name
none } [ description ]

| log | trap | log-trap |

The event number and the corresponding event are configured.


----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

197

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

6.18.3 Configuring the Alarm Threshold


This part describes how to configure the events triggered when the number of test results exceeds
the threshold.

Context
Do as follows on the NQA client:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name

The test instance view is displayed.


Step 3 Run:
test-type { dhcp | dns | ftp | http | icmp | jitter | snmp | tcp | trace | udp }

The test type is configured.


Step 4 Run:
destination-address ipv4 ip-address

The destination IP address is configured.


Step 5 (Optional)Run:
destination-port port-number

The destination port number is configured.


Step 6 Run:
alarm entry-number { lost-packet-ratio | jitter-average | jitter-ds-average |
jitter-sd-average | packet-loss-ds | packet-loss-sd | rtt-average } { absolute |
delta } { falling-threshold threshold-value1 event-entry1 | rising-threshold
threshold-value2 event-entry2 } * [ description description ]

The alarm number and the threshold are configured.


NOTE

At present, only the absolute statistics function rather than the relative statistics function is supported.

----End

6.18.4 Starting the Test Instance


You can start a test instance. When the number of test results exceeds the threshold,
corresponding action is taken.

Procedure
Step 1 Run:
system-view

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

198

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

The system view is displayed.


Step 2 Run:
nqa test-instance admin-name test-name
The test instance view is displayed.
Step 3 Run:
start

The NQA test is started.


Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End

6.18.5 Checking the Configuration


After the alarm threshold for test results is set, you can view the configuration.

Prerequisites
The configurations of the Threshold for the NQA Alarm function are complete.

Procedure
l

Run the display nqa-event command to check the maximum number of events that can be
configured and the number of events that are configured.

Run the display nqa alarm command in the NQA view to check the maximum number of
alarms that can be configured and the number of alarms that are configured.

Run the display nqa-agent [ admin-name test-name ] [ verbose ] command to Check the
status of the test instance configured on the NQA client.

----End

Example
Run the display nqa-event command to check the maximum number of events that can be
configured and the number of events that are configured.
<Huawei> display nqa-event
NQA event information:

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

199

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

-----------------------------------------------------NQA Event Max: 100


NQA Event Number: 1
------------------------------------------------------

Run the display nqa alarm command to check the maximum number of alarms that can be
configured and the number of alarms that are configured.
[Huawei-nqa-admin-icmp] display nqa alarm
NQA Alarm Information:
------------------------------------------------------------------Admin-Name
Operation-Tag
Alarm-Entry
AlarmType
Event-Entry
------------------------------------------------------------------admin
jitter
10
Rising
10

Run the display nqa-agent command to check the status of the test instance configured on the
NQA client.
<Huawei> display nqa-agent
NQA Tests Max:64
NQA Tests Number:
1
NQA Flow Max:1000
NQA Flow Remained:1000
nqa test-instance admin icmp
test-type icmp
destination-address ipv4 11.1.1.32
frequency 5
alarm 10 rtt-average 2 rising-threshold 200 10 falling-threshold 0 10
alarm 20 lost-packet-ratio 2 rising-threshold 10 10 falling-threshold 1 10
nqa status : normal

6.19 Maintaining NQA


This section describes how to maintain an NQA test instance. You can restart the test instance
and clear the statistics on the test result to maintain a test instance.

6.19.1 Restarting NQA Test Instances


If a test instance fails, you can try to restart the test instance in the next test period.

Prerequisites
To restart an NQA test instance, run the following command in the NQA instance view.

Context

CAUTION
Restarting an NQA test instance interrupts the running of tests.

Procedure
Step 1 Run the system-view command, enter the system view.
Step 2 Run the nqa test-instance admin-name test-name command, enter the NQA test instance view.
Step 3 Run the restart command in the NQA instance view to restart an NQA test instance.
----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

200

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

6.19.2 Clearing NQA Statistics


When the statistics on the current test instance are saved to the FTP server, you can clear test
results on the device.

Prerequisites
NQA statistics cannot be restored after you clear them. So, confirm the action before you use
the command.

Context
NOTE

Statistics about the test being performed cannot be cleared.

Procedure
Step 1 Run the system-view command, enter the system view.
Step 2 Run the nqa test-instance admin-name test-name command, enter the NQA test instance view.
Step 3 Run the clear-records command in the NQA view to clear history statistics on NQA tests and
test results.
----End

6.20 NQA Configuration Examples


This section provides examples for configuring NQA and illustrates the networking
requirements, configuration roadmap, and configuration notes. You can better understand the
configuration procedures with the help of the configuration flowchart.

6.20.1 Example for Configuring the ICMP Test


This part provides examples for configuring an ICMP test to check the IP network connectivity.

Networking Requirements
As shown in Figure 6-3, Router A functions as an NQA client. It is required to test whether
Router B is routable.
Figure 6-3 Networking diagram of the ICMP test
R o u te r A

R o u te r B

G E 1 /0 /0
1 0 .1 .1 .1 /2 4

G E 1 /0 /0
1 0 .1 .1 .2 /2 4

N Q A agent

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

201

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1.

Perform the NQA ICMP test to test whether the packet sent by Router A can reach Router
B.

2.

Perform the NQA ICMP test to obtain the RTT of the packet.

Data Preparation
To complete the configuration, you need the IP address of Router B.

Procedure
Step 1 Configure the IP address. (The detailed procedure is not mentioned here.)
Step 2 Enable the NQA client and create an NQA ICMP test.
<RouterA> system-view
[RouterA] nqa test-instance admin icmp
[RouterA-nqa-admin-icmp] test-type icmp
[RouterA-nqa-admin-icmp] destination-address ipv4 10.1.1.2

Step 3 Start the test immediately.


[RouterA-nqa-admin-icmp] start now

Step 4 View the test results.


[RouterA-nqa-admin-icmp] display nqa results test-instance admin icmp
NQA entry(admin, icmp) :testflag is inactive ,testtype is icmp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.1.1.2
Min/Max/Average Completion Time: 31/46/36
Sum/Square-Sum Completion Time: 108/4038
Last Good Probe Time: 2006-8-2 10:7:11.4
Lost packet ratio: 0 %

----End

Configuration Files
l

Configuration file of Router A


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
nqa test-instance admin icmp
test-type icmp
destination-address ipv4 10.1.1.2
#
return

Configuration file of Router B


#
sysname RouterB
#

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

202

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

interface GigabitEthernet1/0/0
ip address 10.1.1.2 255.255.255.0
#
return

6.20.2 Example for Configuring the DHCP Test


This part provides examples for configuring a DHCP test to detect the speed at which a DHCP
server that sets up a connection with an NQA agent obtains the IP address.

Networking Requirements
As shown in Figure 6-4, Router B functions as a DHCP server. It is required to perform an NQA
DHCP test to obtain the time taken by the DHCP server to allocate an IP address to the client.
Figure 6-4 Networking diagram of the DHCP test
R o u te r A

R o u te r B

G E 1 /0 /0

N Q A agent

G E 1 /0 /0
1 0 .1 .1 .2 /2 4

D H C P S e rv e r

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure Router A as the NQA client.

2.

Create and perform the DHCP test on Router A to check whether Router A can set up a
connection with Router B and obtain an IP address from Router B.

Data Preparation
To complete the configuration, you need the following data:
l

IP address of the DHCP server

Source interface

Timeout period

Procedure
Step 1 Configure the IP address. (The detailed procedure is not mentioned here.)
Step 2 Enable the NQA client and create an NQA DHCP test.
<RouterA> system-view
[RouterA] nqa test-instance admin dhcp
[RouterA-nqa-admin-dhcp] test-type dhcp
[RouterA-nqa-admin-dhcp] source-interface gigabitethernet 1/0/0
[RouterA-nqa-admin-dhcp] timeout 20

Step 3 Start the test.


[RouterA-nqa-admin-dhcp] start now

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

203

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Step 4 View the test results.


[RouterA-nqa-admin-dhcp] display nqa results test-instance admin dhcp
NQA entry(admin, dhcp) :testflag is inactive ,testtype is dhcp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.1.1.2
Min/Max/Average Completion Time: 1018/1019/1018
Sum/Square-Sum Completion Time: 3055/3111009
Last Good Probe Time: 2009-3-11 9:26:38.5
Lost packet ratio: 0 %

----End

Configuration Files
l

Configuration file of Router A


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address dhcp-alloc
#
nqa test-instance admin dhcp
test-type dhcp
timeout 20
source-interface GigabitEthernet1/0/0
#
return

Configuration file of Router B


#
sysname RouterB
#
ip-pool 1
network 10.1.1.0 mask 255.255.255.0
#
interface GigabitEthernet1/0/0
ip address 10.1.1.2 255.255.255.0
#
return

6.20.3 Example for Configuring the FTP Download Test


This part provides examples for configuring an FTP download test to check the performance of
the FTP download function.

Networking Requirements
As shown in Figure 6-5, Router B functions as an FTP server.
A user named user1 intends to log in to the FTP server by entering the password hello to
download the file named test.txt.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

204

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Figure 6-5 Networking diagram of the FTP download test


R o u te r A

R o u te r B

G E 1 /0 /0
1 0 .1 .1 .1 /2 4

G E 1 /0 /0
1 0 .1 .1 .2 /2 4

F T P C lie n t

F T P S e rv e r

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure Router A as the NQA client.

2.

Create and perform an FTP download test on Router A to check whether Router A can set
up a connection with the FTP server and to obtain the time taken by Router A to download
the file from the FTP server.

Data Preparation
To complete the configuration, you need the following data:
l

IP address of the FTP server

Source IP address for the test

FTP user name and password

Operation file of the FTP test

Procedure
Step 1 Configure IP addresses of Router A and Router B. (The detailed procedure is not mentioned
here.)
Step 2 Configure Router B as the FTP server.
<RouterB> system-view
[RouterB] ftp-server enable
[RouterB] aaa
[RouterB-aaa] local-user user1 password cipher hello
[RouterB-aaa] local-user user1 service-type ftp
[RouterB-aaa] local-user user1 ftp-directory flash:/
[RouterB-aaa] quit

Step 3 Create an NQA FTP test on Route A.


<RouterA> system-view
[RouterA] nqa test-instance admin ftp
[RouterA-nqa-admin-ftp] test-type ftp
[RouterA-nqa-admin-ftp] destination-address ipv4 10.1.1.2
[RouterA-nqa-admin-ftp] source-address ipv4 10.1.1.1
[RouterA-nqa-admin-ftp] ftp-operation get
[RouterA-nqa-admin-ftp] ftp-username user1
[RouterA-nqa-admin-ftp] ftp-password hello
[RouterA-nqa-admin-ftp] ftp-filename test.txt

Step 4 Start the test.


[RouterA-nqa-admin-ftp] start now

Step 5 View the test results.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

205

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

[RouterA-nqa-admin-ftp] display nqa results test-instance admin ftp


NQA entry(admin, ftp) :testflag is inactive ,testtype is ftp
1 . Test 1 result
The test is finished
SendProbe:1
ResponseProb:1
Completion :success
RTD OverThresholds number: 0
MessageBodyOctetsSum: 448
Stats errors number: 0
Operation timeout number: 0
System busy operation number:0
Drop operation number:0
Disconnect operation number: 0
CtrlConnTime Min/Max/Average: 438/438/438
DataConnTime Min/Max/Average: 218/218/218
SumTime Min/Max/Average: 656/656/656
Average RTT:656
Lost packet ratio:0 %

----End

Configuration Files
l

Configuration file of Router A


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
nqa test-instance admin ftp
test-type ftp
destination-address ipv4 10.1.1.2
source-address ipv4 10.1.1.1
ftp-filename test.txt
ftp-username user1
ftp-password hello
#
return

Configuration file of Router B


#
sysname RouterB
#
FTP server enable
#
interface GigabitEthernet1/0/0
ip address 10.1.1.2 255.255.255.0
#
aaa
local-user user1 password cipher 3MQ*TZ,O3KCQ=^Q`MAF4<1!!
local-user user1 service-type ftp
local-user user1 ftp-directory flash:/
#
return

6.20.4 Example for Configuring the FTP Upload Test


This part provides examples for configuring an FTP upload test to check the performance of the
FTP upload function.

Networking Requirements
As shown in Figure 6-6, it is required to test the speed of uploading a file from Router A to an
FTP server.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

206

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Figure 6-6 Networking diagram of the FTP upload test


R o u te r A

R o u te r B

G E 1 /0 /0
G E 1 /0 /0
1 0 .1 .1 .1 /2 4 1 0 .1 .1 .2 /2 4

R o u te r C

G E 2 /0 /0
G E 1 /0 /0
1 0 .2 .1 .1 /2 4 1 0 .2 .1 .2 /2 4

F T P C lie n t

F T P S e rv e r

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure Router A as an NQA client as well as an FTP client. Create and perform an FTP
test on Router A to check whether Router A can set up a connection with the FTP server
and to obtain the time taken by Router A to upload a file to the FTP server.

2.

A user named user1 logs in to the FTP server by entering the password hello to upload a
file with the size being 10 KB.

Data Preparation
To complete the configuration, you need the following data:
l

IP address of the FTP server

Source IP address for the test

FTP user name and password

Size of the uploaded file

Procedure
Step 1 Configure reachable routes between Router A, Router B, and Router C. (The detailed procedure
is not mentioned here.)
Step 2 Configure Router C as the FTP server.
<RouterC> system-view
[RouterC] ftp-server enable
[RouterC] aaa
[RouterC-aaa] local-user user1 password cipher hello
[RouterC-aaa] local-user user1 service-type ftp
[RouterC-aaa] local-user user1 ftp-directory flash:
[RouterC-aaa] quit

Step 3 Create an NQA FTP test on Router A and create a file with the size being 10 KB for uploading.
<Router> system-view
[RouterA] nqa test-instance admin ftp
[RouterA-nqa-admin-ftp] test-type ftp
[RouterA-nqa-admin-ftp] destination-address ipv4 10.2.1.2
[RouterA-nqa-admin-ftp] source-address ipv4 10.1.1.1
[RouterA-nqa-admin-ftp] ftp-operation put
[RouterA-nqa-admin-ftp] ftp-username user1
[RouterA-nqa-admin-ftp] ftp-password hello
[RouterA-nqa-admin-ftp] ftp-filesize 10

Step 4 Start the test.


[RouterA-nqa-admin-ftp] start now

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

207

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Step 5 View the test results.


# View the test results on Router A.
[RouterA-nqa-admin-ftp] display nqa results test-instance admin ftp
NQA entry(admin, ftp) :testflag is inactive ,testtype is ftp
1 . Test 1 result
The test is finished
SendProbe:1
ResponseProb:1
Completion :success
RTD OverThresholds number: 0
MessageBodyOctetsSum: 10240
Stats errors number: 0
Operation timeout number: 0
System busy operation number:0
Drop operation number:0
Disconnect operation number: 0
CtrlConnTime Min/Max/Average: 657/657/657
DataConnTime Min/Max/Average: 500/500/500
SumTime Min/Max/Average: 1157/1157/1157
Average RTT:656
Lost packet ratio:0 %

# On Router C, you can view that a file named nqa-ftp-test.txt is added.(Part of the configuration
file is displayed.)
<RouterC> dir
Directory of flash:/
0
-rw331 Jul 06 2007 18:34:34
1
-rw1024000 Jul 06 2007 18:37:06
2540 KB total (1536 KB free)

private-data.txt
nqa-ftp-test.txt

----End

Configuration Files
l

Configuration file of Router A


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
nqa test-instance admin ftp
test-type ftp
destination-address ipv4 10.2.1.2
source-address ipv4 10.1.1.1
ftp-operation put
ftp-filesize 10
ftp-username user1
ftp-password hello
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

Configuration file of Router B


#
sysname RouterB
#
interface GigabitEthernet1/0/0
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet2/0/0
ip address 10.2.1.1 255.255.255.0
#
return

Configuration file of Router C


#
sysname RouterC
#
FTP server enable

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

208

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

#
interface GigabitEthernet1/0/0
ip address 10.2.1.2 255.255.255.0
#
aaa
local-user user1 password cipher 3MQ*TZ,O3KCQ=^Q`MAF4<1!!
local-user user1 service-type ftp
local-user user1 ftp-directory flash:
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return

6.20.5 Example for Configuring the HTTP Test


This part provides examples for configuring an HTTP test to check the responding speed of the
HTTP service in each phase.

Networking Requirements
As shown in Figure 6-7, Router A is connected with the HTTP server through a WAN.
Figure 6-7 Networking diagram of the HTTP test
H T T P S e rv e r
1 0 .2 .1 .1 /2 4

R o u te r A
G E 1 /0 /0
1 0 .1 .1 .1 /2 4

IP N e tw o rk

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure Router A as an NQA client.

2.

Create and perform an HTTP test on Router A to check whether Router A can set up a
connection with the HTTP server and to obtain the time of file transferring between Router
A and the HTTP server.

Data Preparation
To complete the configuration, you need the following data:
l

IP address of the HTTP server

HTTP operation type

Procedure
Step 1 Configure the IP address. (The detailed procedure is not mentioned here.)
Step 2 Enable the NQA client and create an NQA HTTP test.
<RouterA> system-view

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

209

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

[RouterA] nqa test-instance admin http


[RouterA-nqa-admin-http] test-type http
[RouterA-nqa-admin-http] destination-address ipv4 10.2.1.1
[RouterA-nqa-admin-http] http-operation get
[RouterA-nqa-admin-http] http-url www.huawei.com

Step 3 Start the test.


[RouterA-nqa-admin-http] start now

Step 4 View the test results.


[RouterA-nqa-admin-http] display nqa results test-instance admin http
NQA entry(admin, http) :testflag is inactive ,testtype is http
Test 1 result
The test is finished
SendProbe:3
ResponseProbe:3
Completion:success
RTD OverThresholdsnumber: 0
MessageBodyOctetsSum: 411
TargetAddress: 10.2.1.1
DNSQueryError number: 0
HTTPError number: 0
TcpConnError number : 0
System busy operation number:0
DNSRTT Sum/Min/Max:0/0/0
TCPConnectRTT Sum/Min/Max: 4/1/2
TransactionRTT Sum/Min/Max: 3/1/1
RTT Sum/Min/Max/Avg: 7/2/3/2
DNSServerTimeout:0 TCPConnectTimeout:0 TransactionTimeout: 0
Lost packet ratio:0%

----End

Configuration Files
The configuration file of Router A is as follows:
#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
nqa test-instance admin http
test-type http
destination-address ipv4 10.2.1.1
http-url www.huawei.com
#
return

6.20.6 Example for Configuring the DNS Test


This part provides examples for configuring a DNS test to check the DNS resolution speed.

Networking Requirements
As shown in Figure 6-8, Router A functions as a DNS client to access the host 10.2.1.1/24, using
a domain name server.com.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

210

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Figure 6-8 Networking diagram of the DNS test


s e rv e r.c o m
1 0 .2 .1 .1 /2 4

R o u te r A
IP N e tw o rk

G E 1 /0 /0
1 0 .1 .1 .1 /2 4

D N S S e rv e r
1 0 .3 .1 .1 /2 4

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure Router A as an NQA client.

2.

Create and perform a DNS test on Router A to check whether Router A can set up a
connection with the DNS server and to obtain the speed of responding an address resolution
request.

Data Preparation
To complete the configuration, you need the following data:
l

IP address of the DNS server

Name of the host to be accessed

Procedure
Step 1 Configure reachable routes between Router A, the DNS server, and the host to be accessed. (The
detailed procedure is not mentioned here.)
Step 2 Create an NQA DNS test.
<Router> system-view
[RouterA] dns resolve
[RouterA] dns server 10.3.1.1
[RouterA] nqa test-instance admin dns
[RouterA-nqa-admin-dns] test-type dns
[RouterA-nqa-admin-dns] dns-server ipv4 10.3.1.1
[RouterA-nqa-admin-dns] destination-address url server.com

Step 3 Start the test.


[RouterA-nqa-admin-dns] start now

Step 4 View the test results.


[RouterA-nqa-admin-dns] display nqa results test-instance admin dns
NQA entry(admin, dns) :testflag is inactive ,testtype is dns
1 . Test 1 result
The test is finished
Send operation times: 1
Receive response times: 1
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

211

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Operation sequence errors number:0


RTT Stats errors number:0
Destination ip address: 10.2.1.1
Min/Max/Average Completion Time: 1/1/1
Sum/Square-Sum Completion Time: 1/1
Last Good Probe Time: 2007-7-3 10:52:5.7
Lost packet ratio: 0 %

----End

Configuration Files
The configuration file of Router A is as follows:
#
sysname RouterA
#
dns resolve
dns server 10.3.1.1
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
nqa test-instance admin dns
test-type dns
destination-address url server.com
dns-server ipv4 10.3.1.1
#
ip route-static 10.3.1.0 255.255.255.0 10.1.1.2
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
#
return

6.20.7 Example for Configuring the Traceroute Test


This part provides examples for configuring a traceroute test to check the connectivity between
the client and devices along the transmission path.

Networking Requirements
As shown in Figure 6-9, perform the Traceroute test on Router A to trace the IP address of
GE 1/0/0 on Router C.
Figure 6-9 Networking diagram of the Traceroute test
R o u te r A

R o u te r B

G E 1 /0 /0
G E 1 /0 /0
1 0 .1 .1 .1 /2 4 1 0 .1 .1 .2 /2 4

G E 2 /0 /0
1 0 .2 .1 .1 /2 4

R o u te r C
G E 1 /0 /0
1 0 .2 .1 .2 /2 4

Configuration Roadmap
The configuration roadmap is as follows:
l

Configure Router A as an NQA client.

Create and perform the Traceroute on Router A to obtain the statistics about each hop
fromRouter A to Router C.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

212

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Data Preparation
To complete the Traceroute test, you need to configure the destination IP address to be tested.

Procedure
Step 1 Configure reachable routes between Router A, Router B, and Router C. (The detailed procedure
is not mentioned here.)
Step 2 Create an NQA Traceroute test on Router A and configure the destination IP address to be tested
to 10.2.1.2.
<Router > system-view
[RouterA] nqa test-instance admin trace
[RouterA-nqa-admin-trace] test-type trace
[RouterA-nqa-admin-trace] destination-address ipv4 10.2.1.2

Step 3 Start the test.


[RouterA-nqa-admin-trace] start now

Step 4 View the test results.


# View the test results on Router A.
[RouterA-nqa-admin-trace] display nqa results test-instance admin trace
NQA entry(admin, trace) :testflag is inactive ,testtype is trace
1 . Test 1 result
The test is finished
Completion:success
Attempts number:1
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Drop operation number:0
Last good path Time:2009-3-28 10:52:39.9
1 . Hop 1
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 1/1/1
Sum/Square-Sum Completion Time: 3/3
RTD OverThresholds number: 0
Last Good Probe Time: 2009-3-28 10:52:39.9
Destination ip address:10.1.1.2
Lost packet ratio: 0 %
2 . Hop 2
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 1/1/1
Sum/Square-Sum Completion Time: 3/3
RTD OverThresholds number: 0
Last Good Probe Time: 2009-3-28 10:52:39.9
Destination ip address:10.2.1.2
Lost packet ratio: 0 %

----End

Configuration Files
l

Configuration file of Router A


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
nqa test-instance admin trace
test-type trace
destination-address ipv4 10.2.1.2
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

213

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

#
return

Configuration file of Router B


#
sysname RouterB
#
interface GigabitEthernet1/0/0
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet2/0/0
ip address 10.2.1.1 255.255.255.0
#
return

Configuration file of Router C


#
sysname RouterC
#
interface GigabitEthernet1/0/0
ip address 10.2.1.2 255.255.255.0
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return

6.20.8 Example for Configuring the SNMP Query Test


This part provides examples for configuring a traceroute test to check the SNMP
communications between the client and the SNMP agent.

Networking Requirements
As shown in Figure 6-10, RouterA and Router C functions as an SNMP agent. It is required to
perform an NQA SNMP Query test to obtain the time from when routerA sends an SNMP query
packet to when Router A receives an Echo packet.
Figure 6-10 Networking diagram of the SNMP Query test
R o u te r A

R o u te r B

G E 1 /0 /0
G E 1 /0 /0
1 0 .1 .1 .1 /2 4 1 0 .1 .1 .2 /2 4

G E 2 /0 /0
1 0 .2 .1 .1 /2 4

R o u te r C
G E 1 /0 /0
1 0 .2 .1 .2 /2 4

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure Router A as an NQA client.

2.

Enable SNMP agent on Router A.

3.

Create and perform an SNMP Query test on Router A.

4.

Enable SNMP agent on Router C.

Data Preparation
To complete the configuration, you need to configure the IP address of the SNMP agent.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

214

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Procedure
Step 1 Configure reachable routes between Router A, Router B, and Router C. (The detailed procedure
is not mentioned here.)
Step 2 Enable SNMP agent on Router C.
<RouterC> system-view
[RouterC] snmp-agent

Step 3 Enable SNMP agent on Router A.


<RouterA> system-view
[RouterA] snmp-agent
[RouterA] quit

Step 4 Create an SNMP Query test on Router A.


<RouterA> system-view
[RouterA] nqa test-instance admin snmp
[RouterA-nqa-admin-snmp] test-type snmp
[RouterA-nqa-admin-snmp] destination-address ipv4 10.2.1.2

Step 5 Start the test.


[RouterA-nqa-admin-snmp] start now

Step 6 View the test results.


[RouterA-nqa-admin-snmp] display nqa results test-instance admin snmp
NQA entry(admin, snmp) :testflag is inactive ,testtype is snmp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:0
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 63/172/109
Sum/Square-Sum Completion Time: 329/42389
Last Good Probe Time: 2006-8-5 15:33:49.1
Lost packet ratio: 0 %

----End

Configuration Files
l

Configuration file of Router A


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
nqa test-instance admin snmp
test-type snmp
destination-address ipv4 10.2.1.2
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
snmp-agent
#
return

Configuration file of Router B


#
sysname RouterB
#
interface GigabitEthernet1/0/0

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

215

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

ip address 10.1.1.2 255.255.255.0


#
interface GigabitEthernet2/0/0
ip address 10.2.1.1 255.255.255.0
#
return

Configuration file of Router C


#
sysname RouterC
#
interface GigabitEthernet1/0/0
ip address 10.2.1.2 255.255.255.0
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
snmp-agent
snmp-agent local-engineid 000007DB7F00000100006294
#
return

6.20.9 Example for Configuring the TCP Test


This part provides examples for configuring a TCP test to check the TCP communications
between the client and the server.

Networking Requirements
As shown in Figure 6-11, it is required to perform an NQA TCP Private test to obtain the time
taken by Router A to set up a TCP connection with Router C.
Figure 6-11 Networking diagram of the TCP test
R o u te r A

R o u te r C

R o u te r B

G E 1 /0 /0
G E 1 /0 /0
1 0 .1 .1 .1 /2 4 1 0 .1 .1 .2 /2 4

G E 2 /0 /0
1 0 .2 .1 .1 /2 4

G E 1 /0 /0
1 0 .2 .1 .2 /2 4

N Q A S e rv e r

Configuration Roadmap
The configuration roadmap is as follows:
1.

Router A functions as an NQA client; Router C functions as an NQA server.

2.

Configure the port number monitored by the NQA server and create an NQA TCP test on
the NQA client.

Data Preparation
To complete the configuration, you need the following data:
l

IP address of the NQA server

TCP port number monitored by the server

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

216

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Procedure
Step 1 Configure reachable routes between Router A, Router B, and Router C. (The detailed procedure
is not mentioned here.)
Step 2 Configure Router C as the NQA server.
# Configure the IP address and port number monitored by the NQA server.
<RouterC> system-view
[RouterC] nqa-server tcpconnect 10.2.1.2 9000

Step 3 Configure Router A.


Enable the NQA client and create a TCP test.
<RouterA> system-view
[RouterA] nqa test-instance admin tcp
[RouterA-nqa-admin-tcp] test-type tcp
[RouterA-nqa-admin-tcp] destination-address ipv4 10.2.1.2
[RouterA-nqa-admin-tcp] destination-port 9000

Step 4 Start the test.


[RouterA-nqa-admin-tcp] start now

Step 5 View the test results.


[RouterA-nqa-admin-tcp] display nqa results test-instance admin tcp
NQA entry(admin, tcp) :testflag is inactive ,testtype is tcp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:0
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0 RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 46/63/52
Sum/Square-Sum Completion Time: 156/8294
Last Good Probe Time: 2006-8-5 15:53:17.8
Lost packet ratio: 0 %

----End

Configuration Files
l

Configuration file of Router A


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
nqa test-instance admin tcp
test-type tcp
destination-address ipv4 10.2.1.2
destination-port 9000
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

Configuration file of Router B


#
sysname RouterB
#
interface GigabitEthernet1/0/0

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

217

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

ip address 10.1.1.2 255.255.255.0


#
interface GigabitEthernet2/0/0
ip address 10.2.1.1 255.255.255.0
#
return

Configuration file of Router C


#
sysname RouterC
#
interface GigabitEthernet1/0/0
ip address 10.2.1.2 255.255.255.0
#
nqa-server tcpconnect 10.2.1.2 9000
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return

6.20.10 Example for Configuring the UDP Test


This part provides examples for configuring a UDP test to check the UDP communications
between the client and the server.

Networking Requirements
As shown in Figure 6-12, it is required to perform an NQA UDP Public test to obtain the RTT
of a UDP packet transmitted between Router A and Router C.
Figure 6-12 Networking diagram of the UDP test
R o u te r A

R o u te r C

R o u te r B

G E 1 /0 /0
G E 1 /0 /0
1 0 .1 .1 .1 /2 4 1 0 .1 .1 .2 /2 4

G E 2 /0 /0
1 0 .2 .1 .1 /2 4

G E 1 /0 /0
1 0 .2 .1 .2 /2 4

NQA
S e rv e r

Configuration Roadmap
The configuration roadmap is as follows:
1.

Router A functions as an NQA client; Router C functions as an NQA server.

2.

Configure the port number monitored by the NQA server and create an NQA UDP test on
the NQA client.

Data Preparation
To complete the configuration, you need the following data:
l

IP address of the NQA server

UDP port number monitored by the server

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

218

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Procedure
Step 1 Configure reachable routes between Router A, Router B, and Router C. (The detailed procedure
is not mentioned here.)
Step 2 Configure Router C as the NQA server.
# Configure the IP address and UDP port number monitored by the NQA server.
<RouterC> system-view
[RouterC] nqa-server udpecho 10.2.1.2 6000

Step 3 Configure Router A.


# Enable the NQA client and create a UDP test.
<RouterA> system-view
[RouterA] nqa test-instance admin udp
[RouterA-nqa-admin-udp] test-type udp
[RouterA-nqa-admin-udp] destination-address ipv4 10.2.1.2
[RouterA-nqa-admin-udp] destination-port 6000

Step 4 Start the test.


[RouterA-nqa-admin-udp] start now

Step 5 View the test results.


[RouterA-nqa-admin-udp] display nqa results test-instance admin udp
NQA entry(admin, udp) :testflag is inactive ,testtype is udp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:0
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 32/109/67
Sum/Square-Sum Completion Time: 203/16749
Last Good Probe Time: 2006-8-5 16:9:21.6
Lost packet ratio: 0 %

----End

Configuration Files
l

Configuration file of Router A


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
nqa test-instance admin udp
test-type udp
destination-address ipv4 10.2.1.2
destination-port 6000
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

Configuration file of Router B


#
sysname RouterB
#
interface GigabitEthernet1/0/0

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

219

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

ip address 10.1.1.2 255.255.255.0


#
interface GigabitEthernet2/0/0
ip address 10.2.1.1 255.255.255.0
#
return

Configuration file of Router C


#
sysname RouterC
#
interface GigabitEthernet1/0/0
ip address 10.2.1.2 255.255.255.0
#
nqa-server udpecho 10.2.1.2 6000
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return

6.20.11 Example for Configuring the Jitter Test


This part provides examples for configuring a jitter test to measure jitter on the network.

Networking Requirements
As shown in Figure 6-13, it is required to perform an NQA Jitter test to obtain the jitter time of
the packet transmitted from Router A to Router C.
Figure 6-13 Networking diagram of the Jitter test
R o u te r A

R o u te r B

G E 1 /0 /0
G E 1 /0 /0
1 0 .1 .1 .1 /2 4 1 0 .1 .1 .2 /2 4

R o u te r C

G E 2 /0 /0
G E 1 /0 /0
1 0 .2 .1 .1 /2 4 1 0 .2 .1 .2 /2 4

N Q A S e rv e r

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure Router A as an NQA client, with Router C being its server.

2.

Configure the monitoring service types and the port number to be monitored on the NQA
server.

3.

Create Jitter tests on the NQA clients.

Data Preparation
To complete the configuration, you need the following data:
l

IP address of the NQA server

UDP port number monitored by the server

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

220

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Procedure
Step 1 Configure reachable routes between Router A, Router B, and Router C. (The detailed procedure
is not mentioned here.)
Step 2 Configure Router C as the NQA server.
# Configure the IP address and UDP port number monitored by the NQA server.
<RouterC> system-view
[RouterC] nqa-server udpecho 10.2.1.2 9000

Step 3 Configure Router A.


# Enable the NQA client and create an NQA Jitter test.
<RouterA> system-view
[RouterA] nqa test-instance admin jitter
[RouterA-nqa-admin-jitter] test-type jitter
[RouterA-nqa-admin-jitter] destination-address ipv4 10.2.1.2
[RouterA-nqa-admin-jitter] destination-port 9000

Step 4 Start the test.


[RouterA-nqa-admin-jitter] start now

Step 5 View the test results.


[RouterA-nqa-admin-jitter] display nqa results test-instance admin jitter
NQA entry(admin, jitter) :testflag is inactive ,testtype is jitter
1 . Test 1 result
The test is finished
SendProbe:60
ResponseProbe:60
Completion:success
RTD OverThresholds number:0
OWD OverThresholds SD number:0
OWD OverThresholds DS number:0
Min/Max/Avg/Sum RTT:1/4/1/63
RTT Square Sum:75
NumOfRTT:60
Drop operation number:0
Operation sequence errors number:0
RTT Stats errors number:0
System busy operation number:0
Operation timeout number:0
Min Positive SD:1
Min Positive DS:1
Max Positive SD:1
Max Positive DS:3
Positive SD Number:15
Positive DS Number:14
Positive SD Sum:15
Positive DS Sum:16
Positive SD Square Sum:15
Positive DS Square Sum:22
Min Negative SD:1
Min Negative DS:1
Max Negative SD:1
Max Negative DS:4
Negative SD Number:16
Negative DS Number:12
Negative SD Sum:16
Negative DS Sum:15
Negative SD Square Sum:16
Negative DS Square Sum:27
Min Delay SD:0
Min Delay DS:0
Max Delay SD:2
Max Delay DS:1
Delay SD Square Sum:4
Delay DS Square Sum:1
Packet Loss SD:0
Packet Loss DS:0
Packet Loss Unknown:0
Average of Jitter:1
Average of Jitter SD:1
Average of Jitter DS:1
jitter out value:0.0322917
jitter in value:0.0322917
NumberOfOWD:60
Packet Loss Ratio: 0%
OWD SD Sum:2
OWD DS Sum:1
ICPIF value: 0
MOS-CQ value: 0
TimeStamp unit: ms
Packet Rewrite Number: 0
Packet Rewrite Ratio: 0%
Packet Disorder Number: 0
Packet Disorder Ratio: 0%
Fragment-disorder Number: 0
Fragment-disorder Ratio: 0%

----End

Configuration Files
l
Issue 02 (2012-03-30)

Configuration file of Router A


Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

221

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
nqa test-instance admin jitter
test-type jitter
destination-address ipv4 10.2.1.2
destination-port 9000
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

Configuration file of Router B


#
sysname RouterB
#
interface GigabitEthernet1/0/0
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet2/0/0
ip address 10.2.1.1 255.255.255.0
#
return

Configuration file of Router C


#
sysname RouterC
#
interface GigabitEthernet1/0/0
ip address 10.2.1.2 255.255.255.0
#
nqa-server udpecho 10.2.1.2 9000
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return

6.20.12 Example for Configuring NQA to Check VoIP Service Jitter


This example shows how to use a UDP jitter test to check the jitter for VoIP services.

Networking Requirements
As shown in Figure 6-14, the headquarters and a subsidiary of a company often need to use
VoIP to hold teleconferences. It is required that the round-trip delay be shorter than 250 ms and
the jitter be shorter than 20 ms. The UDP jitter test provided by NQA can be used to simulate
VoIP services.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

222

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Figure 6-14 Networking diagram for configuring NQA to check VoIP service jitter

GE1/0/0
10.1.1.1/24 RouterB
IP Core
RouterA

GE1/0/0
10.1.1.2/24

RouterC GE1/0/0
11.1.1.1/24
GE1/0/0
RouterD
11.1.1.2/24

HQs

Subsidiary

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure a UDP jitter test instance on Router D. Router D functions as the NQA client
and Router A functions as the NQA server.

2.

Start the UDP jitter test instance on Router D.

Data Preparation
To complete the configuration, you need the following data:
l

IP addresses of Router A and Router D

Code type for simulated VoIP services

Procedure
Step 1 Configure the NQA server Router A.
<RouterA> system-view
[RouterA] nqa-server udpecho 10.1.1.1 180

Step 2 Configure the NQA client Router D.


1.

Configure the packet version for the test instance.


<RouterD> system-view
[RouterD] nqa-jitter tag-version 2

2.

Create a UDP jitter test instance, and set the destination IP address to the IP address of
Router A.
[RouterD] nqa test-instance admin udpjitter
[RouterD-nqa-admin-udpjitter] test-type jitter
[RouterD-nqa-admin-udpjitter] destination-address ipv4 10.1.1.1
[RouterD-nqa-admin-udpjitter] destination-port 180

3.

Configure the code type for simulated VoIP services.


[RouterD-nqa-admin-udpjitter] jitter-codec g711a

Step 3 Start the test instance immediately.


[RouterD-nqa-admin-udpjitter] start now

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

223

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Step 4 Verify the test result. According to the command output, the round-trip delay is shorter than 250
ms and the jitter is shorter than 20 ms.
[RouterD-nqa-admin-udpjitter] display nqa results test-instance admin udpjitter
NQA entry(admin, udpjitter) :testflag is active ,testtype is jitter
1 . Test 1 result
The test is finished
SendProbe:1000
ResponseProbe:1000
Completion:success
RTD OverThresholds number:0
OWD OverThresholds SD number:0
OWD OverThresholds DS number:0
Min/Max/Avg/Sum RTT:10/38/13/12963
RTT Square Sum:171925
NumOfRTT:1000
Drop operation number:0
Operation sequence errors number:0
RTT Stats errors number:0
System busy operation number:0
Operation timeout number:0
Min Positive SD:1
Min Positive DS:1
Max Positive SD:16
Max Positive DS:27
Positive SD Number:288
Positive DS Number:287
Positive SD Sum:427
Positive DS Sum:485
Positive SD Square Sum:1317
Positive DS Square Sum:2455
Min Negative SD:1
Min Negative DS:1
Max Negative SD:16
Max Negative DS:26
Negative SD Number:292
Negative DS Number:285
Negative SD Sum:429
Negative DS Sum:486
Negative SD Square Sum:1235
Negative DS Square Sum:2714
Min Delay SD:5
Min Delay DS:4
Avg Delay SD:6
Avg Delay DS:5
Max Delay SD:19
Max Delay DS:18
Delay SD Square Sum:39901
Delay DS Square Sum:33856
Packet Loss SD:0
Packet Loss DS:0
Packet Loss Unknown:0
Average of Jitter:1
Average of Jitter SD:1
Average of Jitter DS:1
jitter out value:0.0535000
jitter in value:0.0606875
NumberOfOWD:1000
Packet Loss Ratio: 0%
OWD SD Sum:6239
OWD DS Sum:5724
ICPIF value: 0
MOS-CQ value: 438
TimeStamp unit: ms
Packet Rewrite Number: 0
Packet Rewrite Ratio: 0%
Packet Disorder Number: 0
Packet Disorder Ratio: 0%
Fragment-disorder Number: 0
Fragment-disorder Ratio: 0%

----End

Configuration Files
l

Configuration file of Router A


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
nqa-server udpecho 10.1.1.1 180
#
return

Configuration file of Router D


#
sysname RouterD
#
interface GigabitEthernet1/0/0
ip address 11.1.1.1 255.255.255.0
#
nqa-jitter tag-version 2
#
nqa test-instance admin udpjitter
test-type jitter
destination-address ipv4 10.1.1.1
destination-port 180
jitter-codec g711a
#

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

224

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

return

6.20.13 Example for Sending Trap Message When Transmission


Delay Exceeds Thresholds
This part provides example for setting an alarm threshold for test results. This can help the
network administrator better understand the device status.

Networking Requirements
Create a Jitter test based on the networking diagram shown in Figure 6-15. Configure a
transmission delay threshold and enable the trap function. After the Jitter test is completed, if
the test result shows that the delay of some test packets from Router A to Router C (or from
Router C to Router A) exceeds the uni-directional transmission delay, or the round-trip
transmission delay threshold, Router A sends a trap message to the NM station. Based on the
received trap message, the NM station can clearly find the cause of the fault.
Figure 6-15 Networking diagram of enabling the trap function when the transmission delay
exceeds the threshold

N M S ta tio n

2 0 .1 .1 .2 /2 4
G E 2 /0 /0
2 0 .1 .1 .1 /2 4

R o u te rB
G E 1 /0 /0

G E 1 /0 /0

R o u te rA 1 0 .1 .1 .1 /2 4 1 0 .1 .1 .2 /2 4

G E 1 /0 /0
3 0 .1 .1 .2 /2 4

G E 2 /0 /0
3 0 .1 .1 .1 /2 4

R o u te rC

N Q A S e rv e r

NOTE

For clock synchronization, refer to the chapter "NTP" in the Huawei AR1200-S Series Enterprise Routers
Feature Description - System Management.

Configuration Roadmap
The configuration roadmap is as follows:
1.

Set a transmission delay threshold.

2.

Enable the trap function.

3.

Enable sending trap messages to the NM station.

Data Preparation
To complete the configuration, you need the following data:
l

IP address and port number of the NQA server

Monitoring service type and the port number to be monitored

Uni-directional transmission delay and round-trip transmission delay

IP address of the NM station

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

225

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Procedure
Step 1 Configure routes between Router A, Router B, and Router C. (The detailed procedure is not
mentioned here.)
Step 2 Create a Jitter test.
# Configure Router C as an NQA server and set the IP address and UDP port number monitored
by the NQA server.
<RouterC> system-view
[RouterC] nqa-server udpecho 30.1.1.2 9000

# Configure Router A as an NQA client and create a Jitter test on Router A.


<RouterA> system-view
[RouterA] nqa test-instance test jitter
[RouterA-nqa-admin-jitter] test-type jitter
[RouterA-nqa-admin-jitter] destination-address ipv4 30.1.1.2
[RouterA-nqa-admin-jitter] destination-port 9000

Step 3 Configure the transmission delay threshold.


# Configure the round-trip transmission delay threshold on Router A.
[RouterA -nqa-test-jitter] threshold rtd 20

# Configure the uni-directional transmission (from the destination to the source) delay threshold
on Router A.
[RouterA -nqa-test-jitter] threshold owd-ds 100

# Configure the uni-directional transmission (from the source to the destination) delay threshold
on Router A.
[RouterA -nqa-test-jitter] threshold owd-sd 100

Step 4 Enable the trap function.


[RouterA -nqa-test-jitter] send-trap owd-ds owd-sd rtd
[RouterA -nqa-test-jitter] quit

Step 5 Enable sending trap messages to the NM station.


[RouterA] snmp-agent target-host trap-paramsname trapnms2 v2c securityname
nsmsecurity
[RouterA] snmp-agent target-host trap-hostname nsm2 address 20.1.1.2 trapparamsname trapnms2

Step 6 Start the Jitter test.


[RouterA] nqa test-instance admin jitter
[RouterA-nqa-admin-jitter] start now
[RouterA-nqa-admin-jitter] quit
[RouterA] quit

Step 7 Verify the configuration.


# View the NQA test results on Router A.
<RouterA> display nqa result
NQA entry(test, jitter) :testflag is inactive ,testtype is jitter
1 . Test 1 result
The test is finished
SendProbe:60
ResponseProbe:60
Completion:success
RTD OverThresholds number:0
OWD OverThresholds SD number:0
OWD OverThresholds DS number:0
Min/Max/Avg/Sum RTT:1/1/1/60
RTT Square Sum:60
NumOfRTT:60
Drop operation number:0
Operation sequence errors number:0
RTT Stats errors number:0

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

226

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management
System busy operation number:0
Min Positive SD:0
Max Positive SD:0
Positive SD Number:0
Positive SD Sum:0
Positive SD Square Sum:0
Min Negative SD:0
Max Negative SD:0
Negative SD Number:0
Negative SD Sum:0
Negative SD Square Sum:0
Min Delay SD:0
Max Delay SD:0
Delay SD Square Sum:0
Packet Loss SD:0
Packet Loss Unknown:0
Average of Jitter SD:0
jitter out value:0.0000000
NumberOfOWD:60
OWD SD Sum:0
ICPIF value: 0

6 NQA Configuration
Operation timeout number:0
Min Positive DS:1
Max Positive DS:1
Positive DS Number:5
Positive DS Sum:5
Positive DS Square Sum:5
Min Negative DS:1
Max Negative DS:1
Negative DS Number:6
Negative DS Sum:6
Negative DS Square Sum:6
Min Delay DS:0
Max Delay DS:0
Delay DS Square Sum:0
Packet Loss DS:0
Average of Jitter:1
Average of Jitter DS:1
jitter in value:0.0114583
Packet Loss Ratio: 0%
OWD DS Sum:0
MOS-CQ value: 0

# Check whether the trap buffer contains the trap message.


<RouterA> display trapbuffer
Trapping Buffer Configuration and contents:enabled
allowed max buffer size : 1024
actual buffer size : 256
channel number : 3 , channel name : trapbuffer
dropped messages : 0
overwritten messages : 2550
current messages : 256
#Jul 9 00:28:34 2009 Huawei NQA/4/RTDTHRESHOLD:OID 1.3.6.1.4.1.2011.5.25.111.6.16
NQA entry RTD over threshold. (OwnerIndex=admin, TestName=jitter)
#Jul 9 00:28:34 2009 Huawei NQA/4/SDTHRESHOLD:OID 1.3.6.1.4.1.2011.5.25.111.6.17
NQA entry OWD-SD over threshold. (OwnerIndex=admin, TestName=jitter)
#Jul 9 00:28:34 2009 Huawei NQA/4/DSTHRESHOLD:OID 1.3.6.1.4.1.2011.5.25.111.6.
18 NQA entry OWD-DS over threshold. (OwnerIndex=admin, TestName=jitter)

----End

Configuration Files
l

Configuration files of Router A


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet2/0/0
ip address 20.1.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
#
nqa test-instance test jitter
test-type jitter
destination-address ipv4 30.1.1.2
destination-port 9000
threshold rtd 20
threshold owd-sd 100
threshold owd-ds 100
send-trap rtd
send-trap owd-sd
send-trap owd-ds

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

227

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

#
snmp-agent
snmp-agent local-engineid 000007DB7F00000100007B29
snmp-agent sys-info version v2c
snmp-agent target-host trap-hostname nsm2 address 20.1.1.2 udp-port 162 trapparamsname trapnms2
snmp-agent target-host trap-paramsname trapnms2 v2c securityname nsmsecurity
public v2c
#
return

Configuration files of Router B


#
sysname RouterB
#
interface GigabitEthernet1/0/0
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet2/0/0
ip address 30.1.1.1 255.255.255.0
#
ospf 1
area 0.0.0.1
network 10.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return

Configuration files of Router C


#
sysname RouterC
#
interface GigabitEthernet1/0/0
ip address 30.1.1.2 255.255.255.0
#
nqa-server udpecho 30.1.1.2 9000
#
ospf 1
area 0.0.0.1
network 30.1.1.0 0.0.0.255
#
return

6.20.14 Example for Configuring Test Results to Be Sent to the FTP


Server
This part provides examples for sending send test results to the FTP server to save test results
to the most extent.

Networking Requirements
As shown in Figure 6-16, Router A serves as the client to perform the ICMP test and send test
results to the FTP server through FTP.
Figure 6-16 Networking diagram of sending test results to the FTP server
F T P se rve r
1 1 .1 .2 .8 /2 4
G E 2 /0 /0
1 1 .1 .2 .1 /2 4

G E 1 /0 /0
1 1 .1 .1 .1 0 /2 4

G E 1 /0 /0
R o u te rA 1 1 .1 .1 .1 1 /2 4

Issue 02 (2012-03-30)

R o u te rB

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

228

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure parameters for connecting the FTP server.

2.

Enable the FTP server to save test results through FTP.

3.

Configure the number of test results saved through FTP.

4.

Configure the duration of saving test results through FTP.

5.

Configure test results to be sent.

6.

Start the test instance.

7.

Verify the configuration.

Data Preparation
To complete the configuration, you need the following data:
l

User name and password used for logging into the FTP server

Number of test results saved through FTP

Duration of saving test results through FTP

Procedure
Step 1 Configure parameters for connecting the FTP server.
# Configure the IP address of the client that is connected to the FTP server.
<RouterA> system-view
[RouterA] nqa-ftp-record ip-address 11.1.2.8

# Configure the user name for logging into the FTP server.
[RouterA] nqa-ftp-record username ftp
[RouterA] nqa-ftp-record password ftp

# Configure the file name for saving test results.


[RouterA] nqa-ftp-record filename icmp

Step 2 Configure the number of test results to be saved in a file through FTP.
[RouterA] nqa-ftp-record item-num 10010

Step 3 Configure the duration of saving test results through FTP.


[RouterA] nqa-ftp-record time 2

Step 4 Send an alarm to the NM station after the FTP transmission succeeds.
[RouterA] nqa-ftp-record trap-enable

Step 5 Enable the FTP server to save NQA test results through FTP on Router A.
<RouterA> system-view
[RouterA] nqa-ftp-record enable

Step 6 Start the test instance.


[RouterA] nqa test-instance admin icmp
[RouterA-admin-icmp] start now

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

229

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Step 7 Verify the configuration.


# Display the NQA test results of each router.
<RouterA> display nqa-ftp-record configuration
---------------NQA FTP SAVE RECORD CONFIGURATION--------------FUNCTION: ENABLE
TRAP: ENABLE
IP-ADDRESS:11.1.1.8
VPN-INSTANCE:
USERNAME:ftp
PASSWORD:ftp
FILENAME:icmp
ITEM-NUM:10010
TIME:2
LAST FINISHED FILENAME:icmp20080605-150350.txt

----End

Configuration Files
l

Configuration file of Router A


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 11.1.1.11 255.255.255.0
#
interface GigabitEthernet2/0/0
ip address 11.1.2.1 255.255.255.0
#
interface NULL0
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
nqa-ftp-record enable
nqa-ftp-record trap-enable
nqa-ftp-record ip-address 11.1.1.8
nqa-ftp-record username ftp
nqa-ftp-record password ftp
nqa-ftp-record filename icmp
nqa-ftp-record item-num 10010
nqa-ftp-record time 2
nqa test-instance admin icmp
test-type icmp
destination-address ipv4 11.1.1.10
frequency 5
#
snmp-agent
snmp-agent local-engineid 000007DB7F000001000021D7
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
snmp-agent target-host trap-hostname nsm2 address 11.1.1.8 udp-port 162 trapparamsname trapnms2
snmp-agent target-host trap-paramsname trapnms2 v1 securityname wan
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

230

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Configuration file of Router B


#
sysname RouterB
#
interface GigabitEthernet1/0/0
ip address 11.1.1.10 255.255.255.0
#
return

6.20.15 Example for Configuring a Threshold for the NQA Alarm


This part provides examples for configuring the actions that the system needs to perform in
response to the threshold exceeding, such as generating logs, generating traps, or generating logs
and traps.

Networking Requirements
As shown in Figure 6-17, Router A serves as the client to perform the Jitter test and monitor
the packet loss ratio of the test result. If the ratio exceeds the threshold, an alarm is sent to the
NM station.
Figure 6-17 Networking diagram of configuring a threshold for the NQA alarm

N M S ta tio n
1 1 .1 .2 .8 /2 4
G E 2 /0 /0
1 1 .1 .2 .1 /2 4

G E 1 /0 /0
1 1 .1 .1 .1 /2 4

R o u te rA

G E 1 /0 /0
1 1 .1 .1 .2 0 /2 4

R o u te rB

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure the event corresponding to the alarm threshold.

2.

Configure the alarm threshold.

3.

Configure alarms to be sent to the NM station.

4.

Start the test instance.

Data Preparation
To complete the configuration, you need the following data:
l

Number of the event corresponding to the threshold

Number of the alarm threshold

Upper threshold and lower threshold

IP address of the NM station

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

231

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

Procedure
Step 1 Configure Router A as the client of the Jitter test. The configuration details are not mentioned
here.
Step 2 Configure the event corresponding to the alarm on Router A.
<RouterA> system-view
[RouterA] nqa event 10 log-trap

Step 3 Configure the alarm threshold.


[RouterA] nqa test-instance admin jitter
[RouterA-nqa-admin-jitter] test-type jitter
[RouterA-nqa-admin-jitter] destination-address ipv4 11.1.1.20
[RouterA-nqa-admin-jitter] frequency 5
[RouterA-nqa-admin-jitter] alarm 10 lost-packet-ratio absolute rising-threshold
100 10 falling-threshold 10 10
[RouterA-nqa-admin-jitter] quit

Step 4 Configure alarms to be sent to the NM station.


# Configure basic SNMP functions.
[RouterA] snmp community read public
[RouterA] snmp community write private
[RouterA] snmp sys-info version v2c

# Configure alarms to be sent to the NM station through the SNMP agent.


[RouterA] snmp-agent target-host trap-paramsname trapnms2 v2c securityname alarm
[RouterA] snmp-agent target-host trap-hostname nsm2 address 11.1.2.8 trapparamsname trapnms2

Step 5 Verify the configuration.


<RouterA> display nqa-event
NQA event information:
-----------------------------------------------------NQA Event Max: 100
NQA Event Number: 1
-----------------------------------------------------<Huawei> display nqa alarm
NQA Alarm Information:
------------------------------------------------------------------Admin-Name
Operation-Tag
Alarm-Entry
AlarmType
Event-Entry
------------------------------------------------------------------admin
jitter
10
Rising
10
<RouterA> display nqa-agent
NQA Tests Max:64
NQA Tests Number:
1
NQA Flow Max:1000
NQA Flow Remained:1000
nqa test-instance admin jitter
test-type jitter
destination-address ipv4 11.1.1.20
frequency 5
alarm 10 lost-packet-ratio absolute rising-threshold 100 10 falling-threshold 1
0 10
nqa status : normal

----End

Configuration Files
l

Configuration file of Router A


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 11.1.1.1 255.255.255.0
#

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

232

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

6 NQA Configuration

interface GigabitEthernet2/0/0
ip address 11.1.2.1 255.255.255.0
#
interface NULL0
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
nqa-jitter tag-version 2
nqa event 10 log-trap
nqa test-instance admin jitter
test-type jitter
destination-address ipv4 11.1.1.20
frequency 5
alarm 10 lost-packet-ratio absolute rising-threshold 100 10 falling-threshold
1
0 10
#
snmp-agent
snmp-agent local-engineid 000007DB7F00000100000B31
snmp-agent sys-info version v2c v3
snmp-agent target-host trap-hostname nsm2 address 11.1.2.8 udp-port 162 trapparamsname trapnms2
snmp-agent target-host trap-paramsname trapnms2 v2c securityname alarm
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
aps fast-interval 0
#
return

Configuration file of Router B


#
sysname RouterB
#
interface GigabitEthernet1/0/0
ip address 11.1.1.20 255.255.255.0
#
return

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

233

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

NetStream Configuration

About This Chapter


This chapter describes working principle of the NetStream and provides configuration examples.
7.1 Overview of NetStream
This section describes the working principle of NetStream.
7.2 NetStream Supported by the AR1200-S
The AR1200-S supports the sampling of IPv4, and the packet output in v5, v8, and v9 formats.
7.3 Collecting the Statistics of IPv4 Unicast Original Traffic
This section describes how to collect statistics about IPv4 unicast traffic passing through an
interface.
7.4 Collecting the Statistics of IPv4 Multicast Original Traffic
This section describes how to configure the IPv4 multicast original traffic statistics collection.
7.5 Configuring the Aggregation Statistics About IPv4 Traffic
This section describes how to configure the statistics about IPv4 aggregation traffic passing an
interface.
7.6 Configuring the Flexible NetStream Feature
This section describes how to configure the Flexible NetStream feature to flexibly create
NetStream statistics according to records.
7.7 Collecting the Statistics of RPF Traffic
By configuring the RPF traffic statistics collection, you can collect the statistics on abnormal
traffic failed by RPF check.
7.8 Maintaining NetStream
This section describes how to clear the NetStream traffic statistics.
7.9 Example for Configuring NetStream
This section provides several configuration examples of NetStream.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

234

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

7.1 Overview of NetStream


This section describes the working principle of NetStream.

Concepts of NetStream
NetStream is a technology of collecting and advertising statistics about network traffic. It
classifies and collects statistics about the communication traffic and resource usage on the
network. NetStream also manages the network and conducts charging based on the service types
and QoS. NetStream involves three types of devices:
l

Netstream Data Exporter (NDE)


The NDE collects and sends traffic statistics.

Netstream Collector (NSC)


The NSC receives and stores the traffic statistics sent by the NDE.

Netstream Data Analyse (NDA)


The NDA analyzes the traffic statistics. The analysis result provides the basis for network
accounting, network planning, network monitoring, and application monitoring and
analysis.

NetStream Application
Due to the connectionless-oriented feature of the IP network, communications among different
types of services are realized by the transmission of IP packets from one terminal to another.
Such IP packets constitute a data stream of a particular service on the network. Most data streams
on the network are ephemeral and bidirectional. Based on the destination IP address, source IP
address, destination port number, source port number, protocol number, Type of Service (ToS),
and inbound and outbound interfaces of packets, NetStream identifies different streams and
collects statistics for each stream. The router sends the collected traffic statistics regularly to the
NSC for further processing and then sends the statistics to the NDA for data analysis. The report
generated based on the analysis result is the basis for accounting and network planning. As shown
in Figure 7-1.
Figure 7-1 Diagram of NetStream data collection and analysis

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

235

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

7.2 NetStream Supported by the AR1200-S


The AR1200-S supports the sampling of IPv4, and the packet output in v5, v8, and v9 formats.

Sampling and Statistics of the IPv4 Network Traffic


The AR1200-S supports collection of statistics and sampling of the original traffic of IPv4
packets. These IPv4 packets include unicast and multicast packets, and reverse path forwarding
(RPF) check fails packets. In addition to the destination and source IP addresses, the destination
and source port numbers, the protocol ID, and the inbound or outbound interface, the original
statistics include the source and destination ASs, and the next hop of BGP.

Sampling Methods
The AR1200-S supports four types of sampling methods: fixed packet sampling, random packet
sampling, fixed time sampling, and random time sampling.
l

Fixed packets sampling


This indicates that one sampling is performed each time a certain number of packets are
received.

Random packets sampling


This indicates that one sampling is randomly performed on a certain packet in the specified
packets.

Fixed time sampling


This indicates that one sampling is performed on packets at a certain interval.

Random time sampling


This indicates that one sampling is randomly performed on packets in the specified period.

Versions of Original Traffic and Aggregated Traffic


The Huawei AR1200-S Series supports three types of output modes: original traffic, aggregated
traffic and Flexible traffic. The original traffic is output in the V5/V9 version, the aggregated
traffic is output in the v8/v9 version, and the Flexible traffic is output in the v9 version.

Statistics Aggregation
AR1200-S supports ten aggregation modes, namely, AS, AS-ToS, protocol-port, protocol-portToS, source-prefix, source-prefix-ToS, destination-prefix, destination-prefix-ToS, prefix,
prefix-ToS.

Aging Methods
The AR1200-S supports four types of aging methods: timeout aging of the active time, timeout
aging of the inactive time, disconnection aging of the TCP connection, overflow aging of the
counting.
l
Issue 02 (2012-03-30)

Timeout aging of the inactive time


Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

236

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

The inactive time indicates the interval between the time the last packet arrives and the
current time. When the inactive time expires, the system ages the traffic immediately.
l

Timeout aging of the active time


The active time indicates the interval from the time the first packet arrives to the current
time. After the traffic in the cache expires, the system ages the traffic in the cache.

Disconnection aging of the TCP connection


For a TCP connection, when the packets containing the FIN or RST flag are sent and the
flag is set, this indicates that a session is complete. When a packet containing the FIN or
RST flag is sampled from the existing TCP traffic, the system ages the corresponding traffic.

Overflow aging of the counting


When the load of traffic entering the cache exceeds the default, the system automatically
ages the traffic.

7.3 Collecting the Statistics of IPv4 Unicast Original Traffic


This section describes how to collect statistics about IPv4 unicast traffic passing through an
interface.

7.3.1 Establishing the Configuration Task


Before configuring the IPv4 unicast traffic statistics collection, familiarize yourself with the
applicable environment, complete the pre-configuration tasks, and obtain the data required for
the configuration. This will help you complete the configuration task quickly and accurately.

Applicable Environment
You need to configure the NetStream on an interface to collect statistics about inbound and
outbound IPv4 unicast packets respectively. The statistics result is sent to the Network
Management System (NMS). By analyzing the traffic statistics, the NMS can obtain the traffic
situation on the network and thus performs effective network management.

Pre-configuration Tasks
Before configuring the statistics about the IPv4 unicast original traffic, complete the following
tasks:
l

Setting physical parameters on an interface

Setting the link-layer parameters of the interface

Data Preparation
To collect the statistics of the IPv4 unicast original traffic, you need the following data.

Issue 02 (2012-03-30)

No.

Data

Name and number of the interface on which


traffic statistics need to be collected

Version of the exported packets of the


NetStream traffic statistics
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

237

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

No.

Data

IP addresses and port numbers of the NSC

7.3.2 Configuring the Version of Exported Packets


This section describes how to output original traffic in v5 or v9 format.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream export version version [ origin-as | peer-as ]

The version of exported packets is configured.


By default, the version of exported packets is v5, the AS option is none.
----End

7.3.3 Setting the Destination Address of the Statistics


This section describes how to send the IPv4 unicast traffic statistics to the NMS for analysis.

Context
You cannot export the NetStream statistics without the pre-configured source and destination
addresses.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream export source ip-address

The source address for exporting statistics is configured.


Step 3 Run:
ip netstream export host ip-address port-number

The destination IP address of the exported statistics, that is, the IP address of the NSC, is
configured.
You can configure up to 2 destination addresses to implement the backup between 2 NSCs.
----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

238

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

7.3.4 (Optional) Aging the TCP Traffic According to Its FIN or RST
Flag
Context
The TCP traffic can be aged according to the FIN or RST flag. If the traffic received by the
AR1200-S contains the TCP FIN or RST flag, the traffic is aged. Then the statistics collection
is ended and the result is sent to the NSC.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream tcp-flag enable

The TCP traffic is aged according to its FIN or RST flag in the TCP packet header.
By default, the TCP traffic is not aged according to the FIN or RST flag.
NOTE

If multiple aging conditions are configured on the AR1200-S, the traffic ages when it meets any condition.

----End

7.3.5 (Optional) Configuring the Inactive Aging Time


The inactive time indicates the interval between the time the last packet arrives and the current
time. When the inactive time expires, the system ages the traffic immediately.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream timeout inactive inactive-interval

The inactive aging time of the original traffic is set.


By default, the inactive aging time of the original traffic is 30s.
----End

7.3.6 (Optional) Configuring the Active Aging Time


The active time indicates the interval from the time the first packet arrives to the current time.
After the traffic in the cache expires, the system ages the traffic in the cache.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

239

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream timeout active active-interval

The active aging time is set.


By default, the active aging time is 30 minutes.
----End

7.3.7 Enabling NetStream on an Interface


You can collect the statistics on IPv4 unicast traffic only of the NetStream-enabled interface.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 (Optional) Run:
ip netstream sampler { fix-packets packet-interval | fix-time time-interval |
random-packets packet-interval | random-time time-interval } { inbound | outbound }

The packet sampling ratio is set on the interface.


By default, an interface samples packets at fixed packet intervals, and the packet interval is 100.
Step 4 Run:
ip netstream { inbound | outbound }

The NetStream function is enabled on the interface to collect statistics about IPv4 unicast traffic.
By default, NetStream is disabled for the IPv4 traffic.
----End

7.3.8 Checking the Configuration


After configuring the IPv4 unicast traffic statistics collection, you can view the configuration.

Prerequisites
The configurations of the NetStream function are complete.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

240

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

Procedure
l

Run the display ip netstreamall command to view the NetStream configuration.

Run the display ip netstreamstatistic command to view the NetStream traffic statistics.

----End

Example
# After successful configurations, run the display ip netstreamall command in the user view
to check the configurations.
<Huawei> display ip netstream all
ip netstream timeout inactive 100
ip netstream export source 100.1.10.10
ip netstream export host 100.1.10.1 100
GigabitEthernet1/0/0
ip netstream inbound
ip netstream outbound

# After successful configurations, run the display ip netstreamstatistic command in the user
view to view the NetStream traffic statistics.
<Huawei> display ip netstream statistic
Origin ingress entries
: 30000
Origin ingress packets
: 30000
Origin ingress octets
: 1380000
Origin egress entries
: 0
Origin egress packets
: 0
Origin egress octets
: 0
Origin total entries
: 30000
Origin total entries
: 0
Agility ingress entries
: 0
Agility ingress packets
: 0
Agility ingress octets
: 0
Agility egress entries
: 0
Agility egress packets
: 0
Agility egress octets
: 0
Agility total entries
: 0
Handle origin entries
: 0
Handle agility entries
: 0
Handle As aggre entries
: 0
Handle ProtPort aggre entries
: 0
Handle SrcPrefix aggre entries
: 0
Handle DstPrefix aggre entries
: 0
Handle Prefix aggre entries
: 0
Handle AsTos aggre entries
: 0
Handle ProtPortTos aggre entries : 0
Handle SrcPreTos aggre entries
: 0
Handle DstPreTos aggre entries
: 0
Handle PreTos aggre entries
: 0

7.4 Collecting the Statistics of IPv4 Multicast Original


Traffic
This section describes how to configure the IPv4 multicast original traffic statistics collection.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

241

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

7.4.1 Establishing the Configuration Task


Before configuring the IPv4 multicast original traffic statistics collection, familiarize yourself
with the applicable environment, complete the pre-configuration tasks, and obtain the required
data. This can help you complete the configuration task quickly and accurately.

Applicable Environment
You can collect the respective statistics of incoming and outgoing IPv4 multicast packets on an
interface by configuring NetStream on this interface. In addition, the statistics are sent to the
NMS. By analyzing the statistics, the NMS can know the network traffic and thus effectively
manages the network.

Pre-configuration Tasks
Before collecting the statistics of the IPv4 multicast original traffic, complete the following tasks:
l

Configuring the physical attributes of the interface

Configuring the link layer attributes of the interface

Configuring an IP address for the interface

Data Preparation
To collect the statistics of the IPv4 multicast original traffic, you need the following data.
No.

Data

Name and number of the interface on which the traffic statistics need to be collected

Number of the version in which the traffic collected through NetStream is output

IP address and interface number of NSC&NDA

7.4.2 Configuring the Format of the Output Statistics


This part describes how to output original traffic in v5 or v9 format.

Context
Do as follows on the router on which traffic statistics need to be collected.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream export version version [ origin-as | peer-as ]

The format of the output statistics is configured.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

242

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

The default format is Version 5 with the AS option as peer-as.


----End

7.4.3 Outputting the Statistics


This part describes how to send the IPv4 multicast traffic statistics to the NMS for analysis.

Context
Do as follows on the router on which traffic statistics need to be collected.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream export source ip-address

The source address of the output statistics is configured.


Step 3 Run:
ip netstream export host ip-address port-nubmer

The destination address of the output statistics is configured.


You can configure at most two destination IP addresses respectively for the active and the
standby NSCs.
----End

7.4.4 (Optional) Configuring the Inactive Aging Time


The inactive time indicates the interval between the time the last packet arrives and the current
time. When the inactive time expires, the system ages the traffic immediately.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream timeout inactive inactive-interval

The inactive aging time of the original traffic is set.


By default, the inactive aging time of the original traffic is 30s.
----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

243

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

7.4.5 (Optional) Configuring the Active Aging Time


The active time indicates the interval from the time the first packet arrives to the current time.
After the traffic in the cache expires, the system ages the traffic in the cache.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream timeout active active-interval

The active aging time is set.


By default, the active aging time is 30 minutes.
----End

7.4.6 Enabling NetStream for Multicast Traffic on an Interface


You can collect the statistics on IPv4 multicast traffic only of the NetStream-enabled interface.

Context
Do as follows on the router on which traffic statistics need to be collected.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
ip netstream multicast { inbound | outbound }

NetStream is enabled for multicast traffic on an interface.


By default, NetStream is disabled for incoming and outgoing IPv4 multicast traffic.
NetStream can collect the statistics of incoming and outgoing packets simultaneously and
separately without any interference.
----End

7.4.7 Checking the Configuration


After configuring the IPv4 multicast traffic statistics collection, you can view the configuration.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

244

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

Prerequisites
The configurations of the NetStream function are complete.

Procedure
l

Run the display ip netstream all command to view the NetStream configuration.

Run the display ip netstream statistic command to view the NetStream traffic statistics.

----End

Example
# After successful configurations, run the display ip netstream all command in the user view
to check the configurations.
<Huawei> display ip netstream all
ip netstream timeout inactive 100
ip netstream export source 100.1.10.10
ip netstream export host 100.1.10.1 100
GigabitEthernet1/0/0
ip netstream multicast
inbound
ip netstream multicast outbound

# After successful configurations, run the display ip netstream statistic command in the user
view to view the NetStream traffic statistics.
<Huawei> display ip netstream statistic
Origin ingress entries
: 30000
Origin ingress packets
: 30000
Origin ingress octets
: 1380000
Origin egress entries
: 0
Origin egress packets
: 0
Origin egress octets
: 0
Origin total entries
: 30000
Origin total entries
: 0
Agility ingress entries
: 30000
Agility ingress packets
: 30000
Agility ingress octets
: 3960000
Agility egress entries
: 0
Agility egress packets
: 0
Agility egress octets
: 0
Agility total entries
: 30000
Handle origin entries
: 29035
Handle agility entries
: 29050
Handle As aggre entries
: 1
Handle ProtPort aggre entries
: 1
Handle SrcPrefix aggre entries
: 118
Handle DstPrefix aggre entries
: 1
Handle Prefix aggre entries
: 118
Handle AsTos aggre entries
: 1
Handle ProtPortTos aggre entries : 1
Handle SrcPreTos aggre entries
: 118
Handle DstPreTos aggre entries
: 1
Handle PreTos aggre entries
: 118

7.5 Configuring the Aggregation Statistics About IPv4


Traffic
This section describes how to configure the statistics about IPv4 aggregation traffic passing an
interface.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

245

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

7.5.1 Establishing the Configuration Task


Before aggregating the original IPv4 unicast traffic statistics, familiarize yourself with the
applicable environment, complete the pre-configuration tasks, and obtain the data required for
the configuration. This will help you complete the configuration task quickly and accurately.

Applicable Environment
When the NetStream function is configured, a mode of collecting statistics about aggregation
traffic must be configured to classify statistics about packets according to certain rules.

Pre-configuration Tasks
Before configuring NetStream for aggregation traffic, complete the following tasks:
l

Setting physical parameters on an interface

Setting the link-layer parameters of the interface

Setting an IP address for the interface

Data Preparation
To complete the configuration, you need the following data.
No.

Data

Name and number of the interface on which


traffic statistics need to be collected

Version number of exported packets of the


NetStream traffic statistics

IP addresses and port numbers of the NSC

7.5.2 Configuring the Aggregation Function


You can aggregate the original IPv4 unicast traffic statistics based on the as, as-tos, protocolport, protocol-port-tos, source-prefix, source-prefix-tos, destination-prefix, destination-prefixtos, prefix, or prefix-tos.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream aggregation { as | as-tos | destination-prefix | destination-prefixtos | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix |
source-prefix-tos }

The NetStream aggregation view is displayed.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

246

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

Step 3 Run:
enable

The aggregation mode is enabled.


----End

7.5.3 Configuring the Version of Exported Packets


You can output the aggregated IPv4 unicast traffic statistics in v8 or v9 format.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream aggregation { as | as-tos | destination-prefix | destination-prefixtos | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix |
source-prefix-tos }

The NetStream aggregation view is displayed.


Step 3 (Optional) Run:
export version version

The version of the exported packets is configured.


By default, the version of the exported packets is V8.
----End

7.5.4 Configuring the Export of Statistics


This section describes how to send the aggregated IPv4 unicast traffic statistics to the NMS for
analysis.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream aggregation { as | as-tos | destination-prefix | destination-prefixtos | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix |
source-prefix-tos }

The NetStream aggregation view is displayed.


Step 3 Run:
ip netstream export source ip-address

The source address for exporting statistics is configured.


Step 4 Run:
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

247

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

ip netstream export host ip-address port-number

The destination address for exporting statistics is configured.


The destination NSC address of the exported statistics can be configured in either the system
view or the NetStream aggregation view. You can configure up to 2 destination addresses to
implement the backup between 2 NSCs.
The priority of the destination NSC address configured in the NetStream aggregation view is
higher than that configured in the system view. After the destination NSC address is successfully
configured,
l Original traffic can only be sent to the destination NSC address configured in the system
view.
l Aggregation traffic is sent to the destination NSC address configured in the NetStream
aggregation view.
----End

7.5.5 (Optional) Configuring the Inactive Aging Time


The inactive time indicates the interval between the time the last packet arrives and the current
time. When the inactive time expires, the system ages the traffic immediately.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream aggregation timeout inactive inactive-interval

The inactive aging time of the aggregation traffic is set.


By default, the inactive aging time of the aggregation traffic is 30s.
----End

7.5.6 (Optional) Configuring the Active Aging Time


The active time indicates the interval from the time the first packet arrives to the current time.
After the traffic in the cache expires, the system ages the traffic in the cache.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream aggregation timeout active active-interval

The active aging time of the aggregation traffic is set.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

248

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

By default, the active aging time of the aggregation traffic is 30 minutes.


----End

7.5.7 Enabling NetStream on an Interface


You can collect the statistics on aggregated IPv4 unicast traffic only of the interface enabled
with the NetStream function.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 (Optional) Run:
ip netstream sampler { fix-packets packet-interval | fix-time time-interval |
random-packets packet-interval | random-time time-interval } { inbound | outbound }

The packet sampling ratio is set on the interface.


By default, an interface samples packets at fixed packet intervals, and the packet interval is 100.
Step 4 If the aggregation mode is as-tos, destination-prefix-tos, prefix-tos, protocol-port-tos, or sourceprefix-tos, run the trust dscp command to configure DSCP priority mapping on the interface.
Step 5 Run:
ip netstream { inbound | outbound }

The NetStream function is enabled on the interface to collect statistics about IPv4 unicast traffic.
By default, NetStream is disabled for IPv4 traffic.
----End

7.5.8 Checking the Configuration


After configuring the function of aggregating the original IPv4 unicast traffic statistics, you can
view the configuration.

Prerequisites
All configurations are complete.

Procedure
l

Run the display ip netstream all command to view the NetStream configuration.

Run the display ip netstream statistic command to view the NetStream traffic statistics.

----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

249

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

Example
# After successful configurations, run the display ip netstream all command in the user view
to check the configurations.
<Huawei> display ip netstream all
ip netstream aggregation timeout inactive
100
ip netstream aggregation as
enable
ip netstream export source 100.1.10.10
ip netstream export host 100.1.10.1 100
GigabitEthernet1/0/0
ip netstream inbound
ip netstream outbound

# After successful configurations, run the display ip netstream statistic command in the user
view to view the NetStream traffic statistics.
<Huawei> display ip netstream statistic
Origin ingress entries
: 30000
Origin ingress packets
: 30000
Origin ingress octets
: 1380000
Origin egress entries
: 0
Origin egress packets
: 0
Origin egress octets
: 0
Origin total entries
: 30000
Origin total entries
: 0
Agility ingress entries
: 30000
Agility ingress packets
: 30000
Agility ingress octets
: 3960000
Agility egress entries
: 0
Agility egress packets
: 0
Agility egress octets
: 0
Agility total entries
: 30000
Handle origin entries
: 29035
Handle agility entries
: 29050
Handle As aggre entries
: 1
Handle ProtPort aggre entries
: 1
Handle SrcPrefix aggre entries
: 118
Handle DstPrefix aggre entries
: 1
Handle Prefix aggre entries
: 118
Handle AsTos aggre entries
: 1
Handle ProtPortTos aggre entries : 1
Handle SrcPreTos aggre entries
: 118
Handle DstPreTos aggre entries
: 1
Handle PreTos aggre entries
: 118

7.6 Configuring the Flexible NetStream Feature


This section describes how to configure the Flexible NetStream feature to flexibly create
NetStream statistics according to records.

7.6.1 Establishing the Configuration Task


Applicable Environment
To collect statistics on packets based on the protocol type, TOS, source IP address, destination
IP address, source port number, destination port number, you can configure Flexible NetStream.

Pre-configuration Tasks
Before configuring IPV4 Flexible NetStream, complete the following task:
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

250

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

Setting physical parameters on interfaces

Setting the link-layer parameters of the interface

Setting an IP address for the interface

Data Preparation
To complete the configuration, you need the following data.
No.

Data

Name and number of the interface on which


traffic statistics need to be collected

IP addresses and port numbers of the NSC

7.6.2 Creating a Record and Entering the Record View


Before enabling Flexible NetStream, create and configure a traffic statistics record.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream record record-name

A record is created and the record view is displayed.


Step 3 Run:
match ipv4 { protocol | tos | source-address | destination-address | source-port |
destination-port }

The IPv4 aggregation key words of records are configured.


Step 4 Run:
collect counter { bytes | packets }

The mode of exporting traffic statistics is configured.


Step 5 Run:
collect interface { input | output }

The traffic statistics sent to the NSC contain the indexes of the inbound interface and outbound
interface of the flows.
----End

7.6.3 Configuring the Version of Exported Packets


To export statistics packets of flexible traffic, set the version of exported packets to V9.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

251

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream export version 9 [ origin-as | peer-as ]

The version of exported statistics packets is set to V9.


By default, the version of exported packets is v5, the AS option is none.
----End

7.6.4 Setting the Destination Address of the Statistics


This section describes how to send the IPv4 unicast traffic statistics to the NMS for analysis.

Context
You cannot export the NetStream statistics without the pre-configured source and destination
addresses.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream export source ip-address

The source address for exporting statistics is configured.


Step 3 Run:
ip netstream export host ip-address port-number

The destination IP address of the exported statistics, that is, the IP address of the NSC, is
configured.
You can configure up to 2 destination addresses to implement the backup between 2 NSCs.
----End

7.6.5 (Optional) Configuring the Inactive Aging Time


The inactive time indicates the interval between the time the last packet arrives and the current
time. When the inactive time expires, the system ages the traffic immediately.

Procedure
Step 1 Run:
system-view

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

252

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

The system view is displayed.


Step 2 Run:
ip netstream timeout inactive inactive-interval

The inactive aging time of the original traffic is set.


By default, the inactive aging time of the original traffic is 30s.
----End

7.6.6 (Optional) Configuring the Active Aging Time


The active time indicates the interval from the time the first packet arrives to the current time.
After the traffic in the cache expires, the system ages the traffic in the cache.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream timeout active active-interval

The active aging time is set.


By default, the active aging time is 30 minutes.
----End

7.6.7 Enabling Flexible NetStream on Interfaces


You can collect the statistics on aggregated IPv4 unicast traffic only of the interface enabled
with the NetStream function.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
port ip netstream record record-name

The record is applied to the interface.


NOTE

Only one record can be configured on an interface. To modify the record in the same interface view, you
must first delete the existing configuration by running the undo port ip netstream record command.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

253

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

Step 4 (Optional) Run:


ip netstream sampler { fix-packets packet-interval | fix-time time-interval |
random-packets packet-interval | random-time time-interval } { inbound | outbound }

The packet sampling ratio is set on the interface.


By default, an interface samples packets at fixed packet intervals, and the packet interval is 100.
Step 5 Run:
ip netstream { inbound | outbound }

The NetStream function is enabled for the IPv4 traffic on the interface.
----End

7.6.8 Checking the Configuration


After configuring IPv4 flexible NetStream, you can view the configurations.

Prerequisites
All configurations are complete.

Procedure
l

Run the display ip netstream all command to view the NetStream configuration.

Run the display ip netstream statistic command to view the NetStream traffic statistics.

----End

Example
# After successful configurations, run the display ip netstream all command in the user view
to check the configurations.
<Huawei> display ip netstream all
ip netstream timeout inactive 100
ip netstream export source 100.1.10.10
ip netstream export host 100.1.10.1 100
ip netstream record hwrecord
match ipv4 destination-address
collect counter packets
collect interface input
collect interface output
GigabitEthernet1/0/0
port ip netstream record hwrecord
ip netstream inbound
ip netstream outbound

# After successful configurations, run the display ip netstream statistic command in the user
view to view the NetStream traffic statistics.
<Huawei> display ip netstream statistic
Origin ingress entries
: 30000
Origin ingress packets
: 30000
Origin ingress octets
: 1380000
Origin egress entries
: 0
Origin egress packets
: 0
Origin egress octets
: 0
Origin total entries
: 30000
Origin total entries
: 0
Agility ingress entries
: 30000
Agility ingress packets
: 30000

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

254

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management
Agility ingress octets
Agility egress entries
Agility egress packets
Agility egress octets
Agility total entries
Handle origin entries
Handle agility entries
Handle As aggre entries
Handle ProtPort aggre entries
Handle SrcPrefix aggre entries
Handle DstPrefix aggre entries
Handle Prefix aggre entries
Handle AsTos aggre entries
Handle ProtPortTos aggre entries
Handle SrcPreTos aggre entries
Handle DstPreTos aggre entries
Handle PreTos aggre entries

7 NetStream Configuration
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:

3960000
0
0
0
30000
29035
29050
1
1
118
1
118
1
1
118
1
118

7.7 Collecting the Statistics of RPF Traffic


By configuring the RPF traffic statistics collection, you can collect the statistics on abnormal
traffic failed by RPF check.

7.7.1 Establishing the Configuration Task


Before configuring the RPF traffic statistics collection, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.

Application Environment
After RPF is configured, some IPv4 multicast packets are discarded because they fail to pass
the detection. In this case, you can collect the statistics of these discarded packets to
comprehensively know information about the multicast traffic in a network.

Pre-configuration Tasks
Before collecting the statistics of RPF traffic, complete the following tasks:
l

Configuring the physical attributes of the interface

Configuring the link layer attributes of the interface

Configuring an IP address for the interface

Data Preparation
To collect the statistics of RPF traffic, you need the following data.

Issue 02 (2012-03-30)

No.

Data

Name and number of the interface on which the traffic statistics need to be collected

Number of the version in which the traffic collected through NetStream is output

IP address and interface number of NSC&NDA

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

255

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

7.7.2 Configuring the Format of the Output Statistics


This part describes how to output original traffic in v5 or v9 format.

Context
Do as follows on the router on which the statistics of the discarded packets need to be collected.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream export version version [ origin-as | peer-as ]

The format of the output statistics is configured.


The default format is Version 5 with the AS option as peer-as.
----End

7.7.3 Outputting the Statistics


This part describes how to send the RPF traffic statistics to the NMS for analysis.

Context
Do as follows on the router on which the statistics of the discarded packets need to be collected.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream export source ip-address

The source address of the output statistics is configured.


Step 3 Run:
ip netstream export host ip-address port-number

The destination address of the output statistics is configured.


You can configure at most two destination IP addresses respectively for the active and the
standby NSCs.
----End

7.7.4 (Optional) Configuring the Inactive Aging Time


The inactive time indicates the interval between the time the last packet arrives and the current
time. When the inactive time expires, the system ages the traffic immediately.
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

256

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream timeout inactive inactive-interval

The inactive aging time of the original traffic is set.


By default, the inactive aging time of the original traffic is 30s.
----End

7.7.5 (Optional) Configuring the Active Aging Time


The active time indicates the interval from the time the first packet arrives to the current time.
After the traffic in the cache expires, the system ages the traffic in the cache.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip netstream timeout active active-interval

The active aging time is set.


By default, the active aging time is 30 minutes.
----End

7.7.6 Enabling the Traffic Statistics Function of RPF


This part describes how to enable the RPF check over abnormal multicast traffic.

Context
Do as follows on the router on which the statistics of the discarded packets need to be collected.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

257

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

ip netstream rpf-failure inbound

The traffic statistics function of RPF is enabled.


By default, NetStream is disabled for RPF traffic.
NetStream can collect the statistics of incoming packets.
----End

7.7.7 Checking the Configuration


After configuring the RPF traffic statistics collection, you can view the configuration.

Prerequisites
The configurations of the Collecting the Statistics of RPF Traffic function are complete.

Procedure
l

Run the display ip netstream all command to view the NetStream configuration.

Run the display ip netstream statistic command to view the NetStream traffic statistics.

----End

Example
# After successful configurations, run the display ip netstream all command in the user view
to check the configurations.
<Huawei> display ip netstream all
ip netstream timeout inactive 100
ip netstream export source 100.1.10.10
ip netstream export host 100.1.10.1 100
GigabitEthernet1/0/0
ip netstream rpf-failure inbound

# After successful configurations, run the display ip netstream statistic command in the user
view to view the NetStream traffic statistics.
<Huawei> display ip netstream statistic
Origin ingress entries
: 30000
Origin ingress packets
: 30000
Origin ingress octets
: 1380000
Origin egress entries
: 0
Origin egress packets
: 0
Origin egress octets
: 0
Origin total entries
: 30000
Origin total entries
: 0
Agility ingress entries
: 30000
Agility ingress packets
: 30000
Agility ingress octets
: 3960000
Agility egress entries
: 0
Agility egress packets
: 0
Agility egress octets
: 0
Agility total entries
: 30000
Handle origin entries
: 29035
Handle agility entries
: 29050
Handle As aggre entries
: 1
Handle ProtPort aggre entries
: 1
Handle SrcPrefix aggre entries
: 118
Handle DstPrefix aggre entries
: 1
Handle Prefix aggre entries
: 118
Handle AsTos aggre entries
: 1

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

258

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management
Handle
Handle
Handle
Handle

ProtPortTos aggre entries


SrcPreTos aggre entries
DstPreTos aggre entries
PreTos aggre entries

7 NetStream Configuration
:
:
:
:

1
118
1
118

7.8 Maintaining NetStream


This section describes how to clear the NetStream traffic statistics.

7.8.1 Resetting the Statistics Collected Through NetStream


This part describes how to use the reset ip netstream statistics command to clear the NetStream
traffic statistics. Note that the cleared information cannot be restored.

Context

CAUTION
Statistics cannot be restored after you clear it. So confirm the action before you use the command.

Procedure
Step 1 Run the reset ip netstream statistic command in the user view to reset the statistics collected
through NetStream and the output statistics, and run the reset ip netstream cache command to
age all traffic in the cache.
----End

7.9 Example for Configuring NetStream


This section provides several configuration examples of NetStream.

7.9.1 Example for Collecting the Statistics of IPv4 Unicast Traffic


This part provides examples for configuring the IPv4 unicast traffic statistics collection.

Networking Requirements
As shown in Figure 7-2, the user network accesses carrier'sRouter B through Router A.
NetStream is enabled on Router B. The carrier thus can collect the respective statistics of
incoming and outgoing traffic on GE1/0/0 of Router B. This provides reference for network
accounting.
Figure 7-2 Networking diagram of collecting the statistics of IPv4 unicast traffic

U ser
N e tw o rk

G E 2 /0 /0
G E 1 /0 /0
1 0 .2 .1 .1 /2 4
1 0 .1 .1 .1 /2 4
G E 1 /0 /0
1
0
.1
.1 .2 /2 4
R o u te r A

NSC&NDA
1 0 .2 .1 .2 /2 4

IS P

R o u te r B

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

259

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure IP addresses for the interfaces on router.

2.

Enable NetStream for incoming and outgoing traffic on Router B.

Data Preparation
To complete the configuration, you need the following data:
l

IP addresses of the interfaces

Destination address, source address, and destination interface of the output statistics

Procedure
Step 1 Configure IP addresses for the interfaces on Router A and Router B. The configuration details
are not mentioned here.
Step 2 Enable NetStream for incoming and outgoing traffic on Router B.
# Enable NetStream for outgoing traffic on Router B.
<Huawei> system-view
[Huawei] sysname RouterB
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ip netstream outbound

# Enable NetStream for incoming traffic on Router B.


[RouterB-GigabitEthernet1/0/0] ip netstream inbound

# Configure the version of the output statistics on Router B.


[RouterB] ip netstream export version 9

By default, export the statistics in Version 5.


# Configure Router B to output the statistics to NSC&NDA.
[RouterB] ip netstream export host 10.2.1.2 6000

# Configure the source address of the output statistics on Router B.


[RouterB] ip netstream export source 10.2.1.1

Step 3 Verify the configuration.


# After successful configurations, run the display ip netstream all command in the user view
of Router B to check the configurations.
<RouterB> display ip netstream all
ip netstream export source 10.2.1.1
ip netstream export host 10.2.1.2 6000
GigabitEthernet1/0/0
ip netstream inbound
ip netstream outbound

----End
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

260

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

Configuration Files
l

Configuration file of Router A


#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
return

Configuration file of Router B


#
sysname RouterB
#
ip netstream export version 9
ip netstream export source 10.2.1.1
ip netstream export host 10.2.1.2 6000
#
interface GigabitEthernet1/0/0
ip address 10.1.1.2 255.255.255.0
ip netstream inbound
ip netstream outbound
#
interface GigabitEthernet2/0/0
ip address 10.2.1.1 255.255.255.0
#
return

7.9.2 Example for Configuring NetStream of IPv4 Aggregation


Traffic
This section provides examples for configuring the IPv4 aggregation traffic statistics collection.

Networking Requirements
As shown in Figure 7-3, the NetStream function is configured on Router B to collect statistics
on the traffic from the user network to different ISPs. The traffic statistics serve as the basis for
accounting.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

261

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

Figure 7-3 Networking diagram of NetStream aggregation

RouterC
Eth1/0/0

ISP1

NSC&NDA
10.4.1.2/24
Eth1/0/0
Eth2/0/1

User
Network

Eth1/0/1
Eth1/0/0
RouterA

Eth2/0/0
RouterB

Eth1/0/0
ISP2
RouterD

Router

Physical interface

IP address

Router A

Ethernet1/0/0

10.1.1.1/24

Router B

Ethernet1/0/0

10.2.1.1/24

Ethernet1/0/1

10.4.1.1/24

Ethernet2/0/0

10.3.1.1/24

Ethernet2/0/1

10.1.1.2/24

Router C

Ethernet1/0/0

10.2.1.2/24

Router D

Ethernet1/0/0

10.3.1.2/24

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enable NetStream statistics for incoming and outgoing packets and NetStream sampling
on Eth 2/0/1 of Router B.

2.

Enable NetStream aggregation on Router B to reduce traffic sent to the NMS.

3.

Specify the version of the NetStream packet format on Router B.

4.

Configure the destination address and port number on Router B for sending NetStream
packets to the NSC&NDA.

5.

Specify the source address for NetStream packets on Router B. In this example, Eth 1/0/1
on Router B is the source port.

Data Preparation
To complete the configuration, you need the following data:
Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

262

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

IP addresses of interfaces

IP address and port number of the NSC

Packet sampling ratio

Version number of exported packets

Procedure
Step 1 Configure reachable routes between Router B on the access network, Router A on the user
network, Router C on ISP1, and Router D on ISP2 (The detailed procedure is not mentioned
here.).
Step 2 Configure the NetStream function on Router B.
# Configure Router B to export the statistics about the aggregation traffic and set the version of
the exported packets.
[RouterB] ip netstream aggregation as
[RouterB-aggregation-as] export version 9
[RouterB-aggregation-as] ip netstream export host 10.4.1.2 6000
[RouterB-aggregation-as] ip netstream export source 10.4.1.1
[RouterB-aggregation-as] enable
[RouterB-aggregation-as] quit

# Set the sampling ratio and enable traffic statistics for inbound and outbound traffic.
[RouterB] interface ethernet 2/0/1
[RouterB-Ethernet2/0/1] ip netstream
[RouterB-Ethernet2/0/1] ip netstream
[RouterB-Ethernet2/0/1] ip netstream
[RouterB-Ethernet2/0/1] ip netstream
[RouterB-Ethernet2/0/1] quit
[RouterB] quit

sampler fix-packets 100 inbound


sampler fix-packets 100 outbound
inbound
outbound

Step 3 Verify the configuration.


# After successful configurations, run the display ip netstream all command in the user view
of Router B to check the configurations.
<RouterB> display ip netstream all
ip netstream aggregation as
enable
export version 9
ip netstream export source 10.4.1.1
ip netstream export host 10.4.1.2 6000
Ethernet2/0/1
ip netstream inbound
ip netstream outbound

----End

Configuration Files
Configuration file of Router A.
#
sysname RouterA
#
interface Ethernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
return

Configuration file of Router B.


Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

263

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

#
sysname RouterB
#
interface Ethernet1/0/0
ip address 10.2.1.1 255.255.255.0
#
interface Ethernet1/0/1
ip address 10.4.1.1 255.255.255.0
#
interface Ethernet2/0/0
ip address 10.3.1.1 255.255.255.0
#
interface Ethernet2/0/1
ip address 10.1.1.2 255.255.255.0
ip netstream inbound
ip netstream outbound
#
ip netstream aggregation as
enable
export version 9
ip netstream export source 10.4.1.1
ip netstream export host 10.4.1.2 6000
#
return

Configuration file of Router C.


#
sysname RouterC
#
interface Ethernet1/0/0
ip address 10.2.1.2 255.255.255.0
#
return

Configuration file of Router D.


#
sysname RouterD
#
interface Ethernet1/0/0
ip address 10.3.1.2 255.255.255.0
#
return

7.9.3 Example for Configuring Flexible NetStream Traffic Statistics


To collect statistics on packets based on the protocol type, TOS, source IP address, destination
IP address, source port number, destination port number, you can configure IPv4 Flexible
NetStream.

Networking Requirements
As shown in Figure 7-4, the enterprise network is connected to Router B of the carrier through
Router A. The Flexible NetStream feature is enabled on GE1/0/0 of Router B. Then you can
collect statistics on the inbound and outbound traffic on an interface based on the destination IP
address aggregation and destination port aggregation. The statistics can be sent to the NSC.
Figure 7-4 Networking diagram for configuring Flexible NetStream

U ser
N e tw o rk

G E 2 /0 /0
G E 1 /0 /0
1 0 .2 .1 .1 /2 4
1 0 .1 .1 .1 /2 4
G E 1 /0 /0
1
0
.1
.1 .2 /2 4
R o u te r A

NSC&NDA
1 0 .2 .1 .2 /2 4

IS P

R o u te r B

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

264

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1.

Set IP addresses for the interfaces on Router A and Router B.

2.

Specify the version of the exported packets.

3.

Configure the source address, destination address, and destination port number for
exporting packets.

4.

Configure the Flexible NetStream feature on GE 1/0/0 of Router B.

Data Preparation
To complete the configuration, you need the following data:
l

IP address of each interface

Version of the exported packets

Address and port number of the NSC and the source address contained in the packets

Traffic statistics to be sent to the NSC

Procedure
Step 1 Set the IP addresses for the interfaces of Router A and Router B, as shown in Figure 7-4. The
configuration procedure is not mentioned here.
Step 2 Specify the version of the exported packets.
# Set the version of the exported packets to V9.
<Huawei> system-view
[Huawei] sysname RouterB
[RouterB] ip netstream export version 9

Step 3 Set the source address, destination port number, and destination address for exporting packets.
# Set the destination address and destination port number for exporting packets.
[RouterB] ip netstream export host 10.2.1.2 6000

# Configure the source address for exporting packets.


[RouterB] ip netstream export source 10.2.1.1

Step 4 Configure the Flexible NetStream feature on Router B.


# Create a record named test and enter the test view.
[RouterB] ip netstream record test
[RouterB-record-test]

# Configure the aggregation key words of the test record.


[RouterB-record-test] match ipv4 destination-address
[RouterB-record-test] match ipv4 destination-port

# Configure Router B to send the inbound and outbound interface indexes in the test record to
the NSC.
[RouterB-record-test] collect interface input
[RouterB-record-test] collect interface output

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

265

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

# Send the number of packets and bytes of the inbound and outbound traffic to the NSC.
[RouterB-record-test] collect counter bytes
[RouterB-record-test] collect counter packets
[RouterB-record-test] quit

Step 5 Configure the Flexible NetStream feature on GE 1/0/0.


# Apply the record test to GE 1/0/0.
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] port ip netstream record test

# Set the fixed-packets sampling ratio for the inbound and outbound traffic on GE 1/0/0 to 100.
[RouterB-GigabitEthernet1/0/0] ip netstream sampler fix-packets 100 inbound
[RouterB-GigabitEthernet1/0/0] ip netstream sampler fix-packets 100 outbound

# Enable the NetStream function for the inbound and outbound traffic on GE 1/0/0.
[RouterB-GigabitEthernet1/0/0] ip netstream inbound
[RouterB-GigabitEthernet1/0/0] ip netstream outbound
[RouterB-GigabitEthernet1/0/0] quit

Step 6 Verify the configuration.


# After successful configurations, run the display ip netstream all command in the user view
of Router B to check the configurations.
<RouterB> display ip netstream all
ip netstream export source 10.2.1.1
ip netstream export host 10.2.1.2 6000
ip netstream export version 9
ip netstream record test
match ipv4 destination-address
match ipv4 destination-port
collect counter packets
collect counter bytes
collect interface input
collect interface output
GigabitEthernet1/0/0
port ip netstream record test
ip netstream inbound
ip netstream outbound

----End

Configuration Files
Configuration file of Router A.
#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
return

Configuration file of Router B


#
ip netstream export source 10.2.1.1
ip netstream export host 10.2.1.2 6000
ip netstream record test
ip netstream export version 9
#
ip netstream record test
match ipv4 destination-address
match ipv4 destination-port

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

266

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

7 NetStream Configuration

collect counter packets


collect interface input
#
interface GigabitEthernet1/0/0
ip address 10.1.1.2 255.255.255.0
ip netstream inbound
ip netstream outbound
#
interface GigabitEthernet2/0/0
ip address 10.2.1.1 255.255.255.0
#
return

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

267

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

8 Ping and Tracert

Ping and Tracert

About This Chapter


This chapter describes how to check the network connectivity through ping and tracert
operations.
8.1 Ping and Tracert Overview
This section describes the basic concepts of ping and tracert, and the support for ping and tracert
on the AR1200-S.
8.2 Configuring Ping and Tracert
This part describes how to check the network connectivity through ping and tracert operations.

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

268

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

8 Ping and Tracert

8.1 Ping and Tracert Overview


This section describes the basic concepts of ping and tracert, and the support for ping and tracert
on the AR1200-S.

8.1.1 Introduction to Ping and Tracert


When a device is faulty, you can use ping and tracert operations to check the network
connectivity.
The ping command is used to check network connections and detect whether a host is reachable.
The tracert command is used to detect the gateways that packets pass when being transmitted
from source hosts to destinations. It is mainly used to check if the network connection is
reachable, and locate the network fault.
The process of executing the tracert command is as follows:
1.

A packet with TTL being 1 is transmitted.

2.

An ICMP error message is returned in the first hop, indicating that the packet cannot be
transmitted because the TTL has timed out.

3.

The packet with TTL increased by 1 is retransmitted.

4.

A similar TTL timeout error message is returned in the second hop.


The process continues until the packet reaches its destination. In this process, the source
host can record the source address of each ICMP TTL timeout message and obtain the IP
packet transmission path.

8.2 Configuring Ping and Tracert


This part describes how to check the network connectivity through ping and tracert operations.

8.2.1 Establishing the Configuration Task


Before checking the network connectivity through ping and tracert operations, familiarize
yourself with the applicable environment, complete the pre-configuration tasks, and obtain the
required data. This can help you complete the configuration task quickly and accurately.

Applicable Environment
A user cannot access the network. Then you need to use Ping and Tracert to test the network
connectivity.

Pre-configuration Task
Before configuring Ping or Tracert, complete the following tasks:
l

Connecting the user and the network correctly

Assigning an IP address to the user correctly

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

269

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

8 Ping and Tracert

Data Preparation
To configure Ping and Tracert, you need the following data.
No.

Data

IP address of the user

IP address of the gateway

8.2.2 Applying Ping to Test the Network Connection


This part describes how to check the communications between two nodes on the network through
the ping operation.

Context
Do as follows on the user end in all views.

Procedure
Step 1 To test the network connection, run ping [ ip ] [ -a source-ip-address | -c count | -d | -f | -h ttlvalue | -i interface-type interface-number | -si source-interface-type source-interface-number |
-m time | -n | -name | -p pattern | -q | -r | -s packetsize | -system-time | -t timeout | -tos tosvalue | -v | -vpn-instance vpn-instance-name ] * host [ ip-forwarding ]
The preceding command contains only a part of the parameters. For descriptions of the
parameters of this command, refer to the Huawei AR1200-S Series Enterprise Routers Command
Reference.
The output of the ping command includes:
l Status of the responses to the Ping. If the system does not receive a response packet within
the timeout period, it outputs a "Request time out" message; if receiving a response packet,
the system outputs bytes of data, sequence number, TTL, and response time of each response
packet.
l Final statistics, including the number of sent packets, number of received packets, percentage
of unacknowledged packets to all transmitted packets, and the minimum, maximum, and
mean response time.
NOTE

If the destination address of the ping command is a broadcast address, the source address carried in the
Reply message is the broadcast address.
<Huawei> ping 202.20.36.25
PING 202.20.36.25: 56 data bytes, press CTRL_C to break
Reply from 202.20.36.25: bytes=56 Sequence=1 ttl=255 time=2
Reply from 202.20.36.25: bytes=56 Sequence=2 ttl=255 time=1
Reply from 202.20.36.25: bytes=56 Sequence=3 ttl=255 time=1
Reply from 202.20.36.25: bytes=56 Sequence=4 ttl=255 time=1
Reply from 202.20.36.25: bytes=56 Sequence=5 ttl=255 time=1

ms
ms
ms
ms
ms

--- 202.20.36.25 ping statistics --5 packet(s) transmitted


5 packet(s) received

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

270

Huawei AR1200-S Series Enterprise Routers


Configuration Guide - Network Management

8 Ping and Tracert

0.00% packet loss


round-trip min/avg/max = 1/1/2 ms

----End

8.2.3 Applying Tracert to Locate Faults in the Network


This part describes how to check the communication among nodes on the network through the
tracert operation.

Context
Do as follows in all views on the user end. Before running the tracert command to check network
connectivity, you can run the icmp time-exceed command to specify the format of ICMP Time
Exceeded packets.

Procedure
Step 1 (Optional) Run:
icmp time-exceed { extension { compliant | non-compliant } | classic }

The format of ICMP Time Exceeded packets is specified.


NOTE

Please run this command in the system view.

Step 2 To locate the fault in the network, run tracert [ -a source-ip-address | -f first-ttl | -m max-ttl | p port | -q nqueries | -v | -vpn-instance vpn-instance-name | -w timeout ] * host
The preceding command contains only a part of the parameters. For the description of the options
and parameters of this command, refer to the Huawei AR1200-S Series Enterprise Routers
Command Reference.
An example of applying Tracert program to analyze the network is as follows.
<Huawei> tracert -m 10 35.1.1.48
traceroute to 35.1.1.48 (35.1.1.48), max hops: 30, packet length: 40, press CTRL_C
to break
1 128.3.112.1
19 ms
19 ms
0 ms
2 128.32.216.1
39 ms
39 ms
19 ms
3 128.32.136.23 39 ms
40 ms
39 ms
4 128.32.168.22 39 ms
39 ms
39 ms
5 128.32.197.4
40 ms
59 ms
59 ms
6 131.119.2.5
59 ms
59 ms
59 ms
7 129.140.70.13 99 ms
99 ms
80 ms
8 129.140.71.6
139 ms 239 ms 319 ms
9 129.140.81.7
220 ms 199 ms 199 ms
10 35.1.1.48
239 ms 239 ms 239 ms

----End

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

271