Configuration Guide - Network Management (V100R006C01 - 01)

Quidway S3700 Series Ethernet Switches
V100R006C01
Configuration Guide - Network

Management
Issue
01
Date
2011-10-26
HUAWEI TECHNOLOGIES CO., LTD.
Copyright Huawei Technologies Co., Ltd. 2011. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address:
Huawei Industrial Base

Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://www.huawei.com
Email:
support@huawei.com
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential

Copyright Huawei Technologies Co., Ltd.

Configuration Guide - Network Management
About This Document
About This Document

Intended Audience
This document provides the basic concepts, configuration procedures, and configuration
examples in different application scenarios of the Network Management feature supported by
the S3700.
This document describes how to configure the Network Management feature.
This document is intended for:
l
Data configuration engineers
Commissioning engineers
Network monitoring engineers
System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
DANGER
WARNING
CAUTION
Issue 01 (2011-10-26)
Indicates a hazard with a high level of risk, which if not

avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.
TIP
Indicates a tip that may help you solve a problem or save

time.
NOTE
Provides additional information to emphasize or supplement

important points of the main text.

ii

About This Document
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italics.
[]
Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... }
Optional items are grouped in braces and separated by

vertical bars. One item is selected.
[ x | y | ... ]
Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.
{ x | y | ... }*
Optional items are grouped in braces and separated by

vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]*
Optional items are grouped in brackets and separated by

vertical bars. Several items or no item can be selected.
&<1-n>
The parameter before the & sign can be repeated 1 to n times.
A line starting with the # sign is comments.
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Changes in Issue 01 (2011-10-26)

Initial commercial release.
Issue 01 (2011-10-26)

iii

Contents
Contents
About This Document.....................................................................................................................ii
1 SNMP Configuration....................................................................................................................1
1.1 Introduction to SNMP........................................................................................................................................2
1.1.1 SNMP Overview........................................................................................................................................2
1.1.2 SNMP Features Supported by the S3700..................................................................................................4
1.2 Configuring a Device to Communicate with an NM Station by Running SNMPv1..........................................7
1.2.1 Establishing the Configuration Task.........................................................................................................7
1.2.2 Configuring Basic SNMPv1 Functions.....................................................................................................8
1.2.3 (Optional) Controlling the NM Station's Access to the Device...............................................................11
1.2.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................12
1.2.5 (Optional) Configuring the Trap Function..............................................................................................13
1.2.6 (Optional) Configuring the Constant Interface Index Feature.................................................................14
1.2.7 Checking the Configuration.....................................................................................................................15
1.3 Configuring a Device to Communicate with an NM Station by Running SNMPv2c......................................15
1.3.1 Establishing the Configuration Task.......................................................................................................16
1.3.2 Configuring Basic SNMPv2c Functions.................................................................................................17
1.4 Configuring a Device to Communicate with an NM Station by Running SNMPv3........................................25
1.4.2 Configuring Basic SNMPv3 Functions...................................................................................................27
1.5 SNMP Configuration Examples.......................................................................................................................34
1.5.1 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv1..............35
1.5.2 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv2c............38
1.5.3 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv3..............42
Issue 01 (2011-10-26)

iv

Contents
2 LLDP Configuration...................................................................................................................46
2.1 Introduction to LLDP.......................................................................................................................................47
2.2 LLDP Feature Supported by the S3700............................................................................................................50
2.3 Configuring LLDP............................................................................................................................................53
2.3.2 Enabling Global LLDP............................................................................................................................54
2.3.3 (Optional) Disabling LLDP on an Interface............................................................................................55
2.3.4 (Optional) Configuring an LLDP Management Address........................................................................55
2.3.5 (Optional) Configuring the TLV in the LLDPDU...................................................................................56
2.3.6 (Optional) Configuring LLDP Timers.....................................................................................................58
2.3.7 (Optional) Enabling the LLDP Trap Function........................................................................................60
2.4 Maintaining LLDP............................................................................................................................................61
2.4.1 Clearing LLDP Statistics.........................................................................................................................62
2.4.2 Monitoring LLDP Status.........................................................................................................................62
2.5 Configuration Examples...................................................................................................................................62
2.5.1 Example for Configuring LLDP on the Device That Has a Single Neighbor.........................................62
2.5.2 Example for Configuring LLDP on the Device That Has Multiple Neighbors.......................................67
2.5.3 Example for Configuring LLDP on the Network Where Link Aggregation Is Configured....................72
3 HGMP Configuration.................................................................................................................79
3.1 Introduction to HGMP......................................................................................................................................80
3.2 HGMP Features Supported by the S3700.........................................................................................................82
3.3 Configuring Basic HGMP Functions...............................................................................................................86
3.3.2 Configuring NDP.....................................................................................................................................86
3.3.3 Configuring NTDP..................................................................................................................................88
3.3.4 Creating a Cluster....................................................................................................................................89
3.3.5 Adding a Member Switch........................................................................................................................92
3.3.6 (Optional) Deleting or Quitting a Cluster................................................................................................93
3.3.7 (Optional) Deleting a Member Switch....................................................................................................94
3.4 Configuring Advanced HGMP Functions........................................................................................................97
3.4.2 Adjusting Parameters of the Cluster........................................................................................................98
3.4.3 Managing Switches in a Cluster Through HGMP.................................................................................101
3.4.4 Checking the Configuration...................................................................................................................105
3.5 Maintaining HGMP........................................................................................................................................108
3.5.1 Clearing the NDP Statistics...................................................................................................................108
3.5.2 Monitoring the Operation Status of the HGMP Cluster........................................................................108
3.5.3 Debugging HGMP.................................................................................................................................109
3.6 HGMP Configuration Examples....................................................................................................................109
3.6.1 Example for Configuring Basic HGMP Functions for a Cluster...........................................................109
Issue 01 (2011-10-26)


Contents
3.6.2 Example for Configuring the Interconnection of FTP Servers and Devices in and out of the HGMP Cluster
(in NAT Mode)...............................................................................................................................................119
3.6.3 Example for Configuring the Interconnection of FTP Servers and Devices in and out of the HGMP Cluster
(in Non-NAT Mode).......................................................................................................................................129
3.6.4 Example for Configuring Devices in the HGMP Cluster to Access the Outside SNMP Host (in NAT
Mode)..............................................................................................................................................................138
3.6.5 Example for Configuring Devices in the HGMP Cluster to Access the Outside SNMP Host (in non-NAT
Mode)..............................................................................................................................................................148
3.6.6 Example for Configuring the Batch Distribution Function for an HGMP Cluster...............................159
3.6.7 Example for Configuring the Batch Restart Function for an HGMP Cluster.......................................169
3.6.8 Example for Configuring the Incremental Configuration Function for an HGMP Cluster...................178
3.6.9 Example for Configuring the Configuration Synchronization Function for an HGMP Cluster............188
3.6.10 Example for Configuring Security Features for an HGMP Cluster....................................................198
4 NTP Configuration....................................................................................................................209
4.1 Introduction to NTP........................................................................................................................................210
4.2 NTP Supported by the S3700.........................................................................................................................212
4.3 Configuring Basic NTP Functions.................................................................................................................213
4.3.1 Establishing the Configuration Task.....................................................................................................213
4.3.2 Configuring the NTP Primary Clock.....................................................................................................214
4.3.3 Configuring the Unicast Server/Client Mode........................................................................................215
4.3.4 Configuring the Peer Mode...................................................................................................................216
4.3.5 Configuring the Broadcast Mode..........................................................................................................217
4.3.6 Configuring the Multicast Mode...........................................................................................................218
4.3.7 Disabling the Interface From Receiving NTP Packets..........................................................................219
4.3.8 (Optional) Setting the Maximum Number of Dynamic NTP Sessions.................................................220
4.4 Configuring NTP Security Mechanisms.........................................................................................................221
4.4.2 Setting NTP Access Authorities............................................................................................................223
4.4.3 Enabling NTP Authentication...............................................................................................................224
4.4.4 Configuring NTP Authentication in Unicast Server/Client Mode........................................................225
4.4.5 Configuring NTP Authentication in Peer Mode....................................................................................225
4.4.6 Configuring NTP Authentication in Broadcast Mode...........................................................................226
4.4.7 Configuring NTP Authentication in Multicast Mode............................................................................226
4.5 Maintaining NTP............................................................................................................................................228
4.6 Configuration Examples.................................................................................................................................228
4.6.1 Example for Configuring NTP Authentication in Unicast Client/Server Mode....................................228
4.6.2 Example for Configuring the Common NTP Peer Mode......................................................................233
4.6.3 Example for Configuring NTP Authentication in Broadcast Mode......................................................236
4.6.4 Example for Configuring the Common NTP Multicast Mode..............................................................240
5 Ping and Tracert.........................................................................................................................245

5.1 Ping.................................................................................................................................................................246
Issue 01 (2011-10-26)

vi

Contents
5.2 Tracert.............................................................................................................................................................246
5.3 Performing Ping and Tracert Operations........................................................................................................247
5.3.2 Checking Network Connectivity Through the Ping Operation.............................................................248
5.3.3 Locating Faults on the Network Through the Tracert Operation..........................................................249
5.4 Debugging Ping and Tracert...........................................................................................................................250
5.5.1 Example for Performing Ping and Tracert Operations..........................................................................250
6 NQA Configuration..................................................................................................................253
6.1 Introduction to NQA.......................................................................................................................................255
6.2 Comparisons Between NQA and Ping...........................................................................................................255
6.3 NQA Server and NQA Clients.......................................................................................................................256
6.4 NQA Supported by the S3700........................................................................................................................256
6.5 Configuring the ICMP Test............................................................................................................................258
6.5.2 Configuring ICMP Test Parameters......................................................................................................259
6.6 Configuring the FTP Download Test.............................................................................................................261
6.6.2 Configuring the FTP Download Test Parameters..................................................................................262
6.7 Configuring the FTP Upload Test..................................................................................................................264
6.7.2 Configuring the FTP Upload Test Parameters......................................................................................265
6.8 Configuring the HTTP Test............................................................................................................................268
6.8.2 Configuring HTTP Test Parameters......................................................................................................269
6.9 Configuring the DNS Test..............................................................................................................................271
6.9.2 Configuring the DNS Test Parameters..................................................................................................272
6.10 Configuring the Traceroute Test...................................................................................................................274
6.10.1 Establishing the Configuration Task...................................................................................................274
6.10.2 Configuring Parameters for a Traceroute Test....................................................................................274
6.10.3 Checking the Configuration.................................................................................................................276
6.11 Configuring the SNMP Query Test..............................................................................................................276
6.11.2 Configuring the SNMP Query Test Parameters..................................................................................277
6.12 Configuring the TCP Test.............................................................................................................................279
Issue 01 (2011-10-26)

vii

Contents

6.12.2 Configuring the TCP Server................................................................................................................280
6.12.3 Configuring the TCP Client.................................................................................................................280
6.13 Configuring the UDP Test............................................................................................................................283
6.13.2 Configuring the UDP Server...............................................................................................................283
6.13.3 Configuring the UDP Client................................................................................................................284
6.14 Configuring the Jitter Test............................................................................................................................286
6.14.2 Configuring the Jitter Server...............................................................................................................287
6.14.3 Configuring the Jitter Client................................................................................................................288
6.15 Configuring an ICMP Jitter Test..................................................................................................................291
6.15.2 Configuring Parameters for the ICMP Jitter Test................................................................................292
6.16 Configuring Universal NQA Test Parameters..............................................................................................294
6.16.2 Configuring Universal Parameters for the NQA Test Instance...........................................................295
6.17 Configuring Round-Trip Delay Thresholds.................................................................................................299
6.17.2 Configuring Round-Trip Delay Thresholds........................................................................................300
6.18 Configuring the Trap Function.....................................................................................................................301
6.18.2 Sending Trap Messages When Test Failed..........................................................................................303
6.18.3 Sending Trap Messages When Probes Failed......................................................................................304
6.18.4 Sending Trap Messages When Probes Are Complete.........................................................................304
6.18.5 Sending Trap Messages When the Transmission Delay Exceeds Thresholds....................................305
6.19 Maintaining NQA.........................................................................................................................................307
6.19.1 Restarting NQA Test Instances...........................................................................................................307
6.19.2 Clearing NQA Statistics......................................................................................................................307
6.19.3 Debugging NQA..................................................................................................................................308
6.20 Configuration Examples...............................................................................................................................308
6.20.1 Example for Configuring the ICMP Test............................................................................................308
6.20.2 Example for Configuring the FTP Download Test.............................................................................311
6.20.3 Example for Configuring the FTP Upload Test..................................................................................313
6.20.4 Example for Configuring the HTTP Test............................................................................................315
Issue 01 (2011-10-26)

viii

Contents
6.20.5 Example for Configuring the DNS Test..............................................................................................317

6.20.6 Example for Configuring the Traceroute Test.....................................................................................319
6.20.7 Example for Configuring the SNMP Query Test................................................................................321
6.20.8 Example for Configuring the TCP Test...............................................................................................323
6.20.9 Example for Configuring the UDP Test..............................................................................................325
6.20.10 Example for Configuring the Jitter Test............................................................................................328
6.20.11 Example for Configuring an ICMP Jitter Test..................................................................................330
6.20.12 Example for Configuring the Test of Sending NQA Threshold Traps to the NMS..........................332
7 RMON Configuration...............................................................................................................337
7.1 Introduction to RMON...................................................................................................................................338
7.2 RMON Suported by the S3700.......................................................................................................................338
7.3 Configuring RMON........................................................................................................................................340
7.3.2 Enabling the RMON Statistics Function on the Interface.....................................................................341
7.3.3 Configuring the ethernetStatsTable.......................................................................................................342
7.3.4 Configuring the HistoryControlTable...................................................................................................342
7.3.5 Configuring the EventTable..................................................................................................................343
7.3.6 Configuring the AlarmTable.................................................................................................................344
7.3.7 Configuring the PrialarmTable..............................................................................................................344
7.4 Maintaining RMON........................................................................................................................................347
7.5.1 Examples for Configuring RMON........................................................................................................347
Issue 01 (2011-10-26)

ix

1 SNMP Configuration
SNMP Configuration
About This Chapter

The Simple Network Management Protocol (SNMP) is a standard network management protocol
widely used on TCP/IP networks. It uses a central computer (a network management station)
that runs network management software to manage network elements. There are three SNMP
versions, SNMPv1, SNMPv2c, and SNMPv3. Users can choose to configure one or more
versions if needed.
1.1 Introduction to SNMP
SNMP provides a set of standard protocols for the communication between the network
management station (NM station) and devices, allowing the NM station to normally manage
devices and receive alarms reported by the devices.
1.2 Configuring a Device to Communicate with an NM Station by Running SNMPv1
After SNMPv1 is configured, a managed device and an NM station can run SNMPv1 to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
1.3 Configuring a Device to Communicate with an NM Station by Running SNMPv2c
After SNMPv2c is configured, a managed device and an NM station can run SNMPv2c to
1.4 Configuring a Device to Communicate with an NM Station by Running SNMPv3
1.5 SNMP Configuration Examples
This section provides several configuration examples of SNMP. The configuration roadmap in
the examples will help you understand the configuration procedures. Each configuration
example provides information about the networking requirements, configuration notes, and
configuration roadmap.
Issue 01 (2011-10-26)


1.1 Introduction to SNMP

SNMP provides a set of standard protocols for the communication between the network
management station (NM station) and devices, allowing the NM station to normally manage
devices and receive alarms reported by the devices.
1.1.1 SNMP Overview

Get and Set operations can be performed on a managed device that runs the SNMP agent to
manage device objects by NM stations These objects are uniquely identified in the Management
Information Base (MIB).
As network services develop, more and more devices are deployed on existing networks. It is
some distance from the devices to the central equipment room where a network administrator
works. Once faults occur on the remote devices, it is impossible for the network administrator
to detect, locate and rectify faults immediately because the faults will not be reported by the
devices. This affects maintenance efficiency and greatly increases maintenance workload.
To solve this problem, equipment vendors have provided network management functions in
some products. The NM station then can query the status of remote devices, and devices can
send alarms to the NM station in the case of particular events.
SNMP operates at the application layer of the IP suite and defines how to transmit management
information between the NM station and devices. SNMP defines several device management
operations that can be performed by the NM station and allows devices to notify the NM station
of device faults by sending alarms.
An SNMP-managed network consists of three components: NM station, agent, and managed
device. The NM station uses the MIB to identify and manage device objects. The operations
used for device management include GetRequest, GetNextRequest, GetResponse, GetBulk,
SetRequest, and notification from the agent to the NM station. The following sections give details
on the components, MIB, and operations.
SNMP Components
Three components are used in SNMP device management:
l
NM station: sends various query packets to query managed devices and receives alarms
from these devices.
Agent: is a network-management process on a managed device. An agent has the following

functions:
Receives and parses query packets sent from the NM station.
Reads or writes management variables based on the query type, and generates and sends
response packets to the NM station.
Sends an alarm to the NM station when triggering conditions defined on each protocol
module corresponding to the alarm are met. For example, the system view is displayed
or closed, or the device is restarted.
Managed device: is managed by an NM station and generates and reports alarms to the NM
station.
Figure 1-1 shows the relationship between the NM station and agent.
Issue 01 (2011-10-26)


Figure 1-1 SNMP structure
UDP Port161
Request
Response
Agent
NM Station
UDP Port162
Agent
NM Station
MIB
SNMP uses a hierarchical naming convention to identify managed objects and to distinguish
between managed objects. This hierarchical structure is similar to a tree with the nodes
representing managed objects, Figure 1-2 shows a managed object that can be identified by the
path from the root to the node representing it.
Figure 1-2 Structure of a MIB tree
1
2
1
1
1 B
5
A
2
6
As shown in Figure 1-2, object B is uniquely identified by a string of numbers, {1.2.1.1}. Such
a number string is called an Object Identifier (OID). A MIB tree is used to describe the hierarchy
of data in a MIB that collects the definitions of variables on the managed devices.
A user can use a standard MIB or define a MIB based on certain standards. Using a standard
MIB can reduce the costs on proxy deployment and therefore reduce the costs on the entire
network management system.
SNMP Operations
SNMP uses Get and Set operations to replace a complex command set. The operations described
in Figure 1-3 can implement all functions.
Issue 01 (2011-10-26)


Figure 1-3 Schematic diagram of SNMP operations
get-request
get-response
get-next-request
get-response
NM Station
UDP Port162
set-request
get-response
Agent
UDP Port161
trap
Table 1-1 gives details on the SNMP operations.

Table 1-1 SNMP operations
Operation
Function
GetRequest
Retrieves the value of a variable. The NM station sends the

request to a managed device to obtain the value of an object
on the device.
GetNextRequest
Retrieves the value of the next variable. The NM station

sends the request to a managed device to obtain the status
of the next object on the device.
GetResponse
Responds to GetRequest, GetNextRequest, and

SetRequest operations. It is sent from the managed device
to the NM station.
GetBulk
Is an NMS-to-agent request, equaling continuous GetNext

operations.
SetRequest
Sets the value of a variable. The NM station sends the

request to a managed device to adjust the status of an object
on the device.
Trap
Reports an event to the NM station.
1.1.2 SNMP Features Supported by the S3700

This section compares SNMP versions in terms of their support for features and usage scenarios
to provide a reference for your SNMP version selection during network deployment.
The S3700 supports SNMPv1, SNMPv2c, and SNMPv3. Table 1-2 lists the features supported
by SNMP, and Table 1-3 shows the support of different SNMP versions for the features. Table
1-4 describes the usage scenarios of SNMP versions, which will help you choose a proper version
for the communication between an NM station and managed devices based on the network
operation conditions.
Issue 01 (2011-10-26)


NOTE
When multiple NM stations using different SNMP versions manage the same device in a network,
SNMPv1, SNMPv2c, and SNMPv3 can all be configured on the device for its communication with all the
NM stations.
Table 1-2 Description of features supported by SNMP

Feature
Description
Access control
This function is used to restrict a user's device

administration rights. It gives specific users
the rights to manage specified objects on
devices and therefore provides fine
management.
Authentication and encryption
Packets transmitted between the NM station

and managed devices are authenticated and
encrypted. This prevents data packets from
being intercepted or modified, improving
data sending security.
Error code
Error codes are used to identify particular

faults. They help an administrator quickly
locate and rectify faults. The larger the variety
of error codes, the more greatly they help an
administrator in device management.
Trap
Traps are sent from managed devices to the

NM station. These traps allow an
administrator to discover device faults
immediately.
The managed devices do not require the
acknowledgement from the NM station after
sending traps.
Inform
Informs are sent from managed devices to the

NM station.
The managed devices require the
sending informs. If a managed device does
not receive an acknowledgement after
sending an inform, it will resend the inform
to the NM station and generate alarm logs.
Even if the NM station restarts, it can still
synchronize the informs sent during the
restart process.
If the device does not receive an
sending an inform, it will store the inform in
its memory. In this regard, using informs may
consume lots of system resources.
Issue 01 (2011-10-26)


Feature
Description
GetBulk
GetBulk allows an administrator to perform

Get-next operation in batches. In a large-scale
network, GetBulk reduces the administrator's
workload and improves management
efficiency.
Table 1-3 Different SNMP versions' support for the features

Feature
SNMPv1
SNMPv2c
SNMPv3
Access control
Community-namebased access control

supported
Community-namebased access control

supported
User or user-groupbased access control

supported
Authentication and
encryption
Not supported
Not supported
Supported, and the

supported
authentication and
encryption modes are
as follows:
Authentication
mode:
l MD5
l SHA
Encryption mode:
DES56
Error code
6 error codes
supported
16 error codes
supported
16 error codes
supported
Trap
Supported
Supported
Supported
Inform
Not supported
Supported
Not supported
GetBulk
Not supported
Supported
Supported
Table 1-4 Usage scenarios of different SNMP versions
Issue 01 (2011-10-26)
Version
Usage Scenario
SNMPv1
This version is applicable to small-scale

networks whose networking is simple and
security requirements are low or whose
security and stability are good, such as
campus networks and small enterprise
networks.


Version
Usage Scenario
SNMPv2c
This version is applicable to medium and

large-scale networks whose security
requirements are not strict or whose security
is good (for example, VPNs) but whose
services are so busy that traffic congestion
may occur.
Using informs can ensure that the messages
sent from managed devices are received by
the NM station.
SNMPv3
This version is applicable to networks of

various scales, especially the networks that
have strict requirements on security and can
be managed only by authorized
administrators, such as the scenario where
data between the NM station and managed
devices needs to be transmitted over a public
network.
If you plan to build a new network, choose an SNMP version based on your usage scenario. If
you plan to expand or upgrade an existing network, choose an SNMP version to match the SNMP
version running on the NM station to ensure the normal communication between managed
devices and the NM station.
1.2 Configuring a Device to Communicate with an NM

Station by Running SNMPv1
The NM station manages a device in the following manners:
l
Sends requests to the managed device to perform the GetRequest, GetNextRequest,

GetResponse, GetBulk, or SetRequest operation, obtaining data and setting values.
Receives alarms from the managed device and locates and rectify device faults based on
the alarm information.
In the following configuration, after basic SNMP functions are configured, the NM station can
manage the device in these manners. For details on how to configure finer management such as
accurate access control or alarm module specification, see the following configuration
procedures.
1.2.1 Establishing the Configuration Task

Before configuring a device to communicate with an NM station by running SNMPv1,
familiarize yourself with the applicable environment, complete the pre-configuration tasks, and
Issue 01 (2011-10-26)


obtain the data required for the configuration. This will help you complete the configuration task
quickly and accurately.
Applicable Environment
SNMP needs to be deployed in a network to allow the NM station to manage network devices.
If the network has a few devices and its security is good, such as a campus network or a small
enterprise network, SNMPv1 can be deployed to ensure the normal communication between the
NM station and managed devices.
Pre-configuration Tasks
Before configuring a device to communicate with an NM station by running SNMPv1, complete
the following task:
l
Configuring a routing protocol to ensure that the switch and NM station are routable
Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv1, you need
the following data.
No.
Data
SNMP version, SNMP community name, destination address of alarm messages,

administrator's contact information and location, and SNMP packet size
(Optional) ACL number, IP address of the NM station, and MIB object
(Optional) Name of the alarm-sending module, source address of trap messages,

queue length for trap messages, and lifetime of trap messages
(Optional) Number of interfaces indexed by fixed numbers
1.2.2 Configuring Basic SNMPv1 Functions

After basic SNMP functions are configured, an NM station can perform basic operations such
as Get and Set operations on a managed device, and the managed device can send alarms to the
NM station.
Context
Steps 3, 4, and 5 are mandatory for the configuration of basic SNMP functions. After the
configurations are complete, basic SNMP communication can be conducted between the NM
station and managed device.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)


The system view is displayed.

Step 2 (Optional) Run:
snmp-agent
The SNMP agent function is enabled.

By default, the SNMP agent function is disabled. Running any command with the parameter
snmp-agent can enable the SNMP agent function, so this step is optional.
Step 3 Run:
snmp-agent sys-info version v1
The SNMP version is set.

By default, SNMPv3 is enabled.
After SNMPv1 is enabled on the managed device, the device supports both SNMPv1 and
SNMPv3. This means that the device can be monitored and managed by NM stations running
SNMPv1 or SNMPv3.
Step 4 Run:
snmp-agent community { read | write } community-name
The community name is set.

After the community name is set, if no MIB view is configured, the NM station that uses the
community name has rights to access objects in the Viewdefault view (1.3.6.1).
l read needs to be configured in the command if the NM station administrator needs the read
permission in a specified view in some cases. For example, a low-level administrator needs
to read certain data.
l write needs to be configured in the command if the NM station administrator needs the read
and write permissions in a specified view in some cases. For example, a high-level
administrator needs to read and write certain data.
Step 5 Choose either of the following commands as needed to configure a destination IP address for
the alarms and error codes sent from the device.
l To configure a destination IPv4 address for the alarms and error codes sent from the device,
run:
snmp-agent target-host trap address udp-domain ip-address [ udp-port portnumber ] [ public-net | vpn-instance vpn-instance-name ] params securityname
security-string [ v1 ] [ private-netmanager | ext-vb ]*
The descriptions of the command parameters are as follows:

l The default destination UDP port number is 162. In some special cases (for example, port
mirroring is configured to prevent a well-known port from being attacked), the parameter
udp-port can be used to specify a non-well-known UDP port number. This ensures normal
communication between the NM station and managed device.
l If the alarms sent from the managed device to the NM station need to be transmitted over a
public network, the parameter public-net needs to be configured. If the alarms sent from the
managed device to the NM station need to be transmitted over a private network, the
parameter vpn-instance vpn-instance-name needs to be used to specify a VPN that will take
over the sending task.
l The parameter securityname identifies the alarm sender, which will help you learn the alarm
source.
Issue 01 (2011-10-26)


l If the NM station and managed device are both Huawei products, the parameter privatenetmanager can be configured to add more information to alarms, such as the alarm type,
alarm sequence number, and alarm sending time. The information will help you locate and
rectify faults more quickly.
l The ext-vb parameter sets extended bound variables for traps sent to the target host. By
default, the traps sent to the target host do not carry extended bound variables.
snmp-agent sys-info { contact contact | location location }
The equipment administrator's contact information or location is configured.

This step is needed if the NM station administrator needs to know equipment administrators'
contact information and locations when the NM station manages many devices. This will allow
the NM station administrator to quickly contact the equipment administrators for fault location
and rectification.
To configure both the equipment administrator's contact information and location, you need to
run the command twice to configure them separately.
snmp-agent packet max-size byte-count
The maximum size of an SNMP packet that the device can receive or send is set.
By default, the maximum size of an SNMP packet that the device can receive or send is 12000
bytes.
After the maximum size is set, the device will discard any SNMP packet that is larger than the
set size. The allowable maximum size of an SNMP packet for a device depends on the size of a
packet that the NM station can process; otherwise, the NM station cannot process the SNMP
packets sent from the device.
----End
Follow-up Procedure
After the configurations are complete, basic communication can be conducted between the NM
l
Access control allows any NM station that uses the community name to monitor and manage
all the objects on the managed device.
The managed device sends alarms generated by the modules that are enabled by default to
the NM station.
If finer device management is required, follow directions below to configure a managed device:
l
To allow a specified NM station that uses the community name to manage specified objects
on the device, follow the procedure described in Controlling the NM Station's Access to
the Device.
To allow a specified module on the managed device to report alarms to the NM station,
follow the procedure described in Configuring the Trap Function.
If the NM station and managed device are both Huawei products, follow the procedure
described in Enabling the SNMP Extended Error Code Function to allow the device to
send more types of error codes. This allows more specific error identification and facilitates
your fault location and rectification.
Issue 01 (2011-10-26)

10

If the functions such as accounting and fault location need to be bound to specified
interfaces to prevent changes in interface indexes during device or interface restart, follow
the procedure described in Configuring the Constant Interface Index Feature.
1.2.3 (Optional) Controlling the NM Station's Access to the Device

This section describes how to specify an NM station and manageable MIB objects for SNMPbased communication between the NM station and managed device to improve communication
security.
Context
If a device is managed by multiple NM stations that use the same community name, note the
following points:
l
If all the NM stations that use the community name need to have rights to access the objects
in the Viewdefault view (1.3.6.1), skip the following steps.
If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), skip Step 5.
If all the NM stations need to manage specified objects on the device, skip Steps 2, 3, and
4.
If some of the NM stations that use the community name need to manage specified objects
on the device, perform all the following steps.
Procedure
Step 1 Run:
system-view

Step 2 Run:
acl acl-number
A basic ACL is created to filter the NM station users that can manage the device.
Step 3 Run:
rule [ rule-id ] { deny | permit } source { source-ip-address source-wildcard |
any }
A rule is added to the ACL.

Step 4 Run:
quit
Return to the system view.

Step 5 Run:
snmp-agent mib-view { excluded | included } view-name oid-tree
A MIB view is created, and manageable MIB objects are specified.

By default, an NM station has rights to access the objects in the Viewdefault view (1.3.6.1).
l If a few MIB objects on a device or some objects in the current MIB view do not or no longer
need to be managed by the NM station, excluded needs to be specified in the related command
to exclude these MIB objects.
Issue 01 (2011-10-26)

11

l If a few MIB objects on the device or some objects in the current MIB view need to be
managed by the NM station, included needs to be specified in the related command to include
these MIB objects.
Step 6 Run:
snmp-agent community { read | write } { community-name | cipher community-name } [
mib-view view-name | acl acl-number ]*
The NM station's access rights are specified.

permission in the specified view in some cases. For example, a low-level administrator needs
to read certain data. write needs to be configured in the command if the NM station
administrator needs the read and write permissions in the specified view in some cases. For
example, a high-level administrator needs to read and write certain data.
l cipher is used to display the community name in cipher text. It can be configured in the
command to improve security. If the parameter is configured, the administrator needs to
remember the community name. If the community name is forgotten, it cannot be obtained
by querying the device.
l If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), mib-view view-name does not need to be
configured in the command.
l If all the NM stations that use the community name need to manage specified objects on the
device, acl acl-number does not need to be configured in the command.
l If some of the NM stations that use the community name need to manage specified objects
on the device, both mib-view and acl need to be configured in the command.
----End
Follow-up Procedure
After the access rights are configured, especially after the IP address of the NM station is
specified, if the IP address changes (for example, the NM station changes its location, or IP
addresses are reallocated due to network adjustment), you need to change the IP address of the
NM station in the ACL. Otherwise, the NM station cannot access the device.
1.2.4 (Optional) Enabling the SNMP Extended Error Code Function

This section describes how to enable the extended SNMP error code function when both the NM
station and managed device are Huawei products. After this function is enabled, more types of
error codes are provided to help you locate and rectify faults more quickly and accurately.
Procedure
Step 1 Run:
system-view

Step 2 Run:
snmp-agent extend error-code enable
The SNMP extended error code function is enabled.

Issue 01 (2011-10-26)

12

By default, SNMP standard error codes are used. After the extended error code function is
enabled, extended error codes can be sent to the NM station.
----End
1.2.5 (Optional) Configuring the Trap Function

This section describes how to specify the alarms to be sent to the NM station, which will help
you to locate important problems. After relevant parameters are set, the security of alarm sending
can be improved.
Procedure
Step 1 Run:
system-view

Step 2 Run:
snmp-agent trap enable
Alarm sending is enabled.

NOTE
If the snmp-agent trap enable command is run to enable the trap functions of all modules, or the snmpagent trap enable feature-name command is run to enable three or more trap functions of a module, note
the following points:
l To disable the trap functions of all modules, you need to run the snmp-agent trap disable command.
l To restore the trap functions of all modules to the default status, you need to run the undo snmp-agent
trap enable or undo snmp-agent trap disable command.
l To disable one trap function of a module, you need to run the undo snmp-agent trap enable featurename command.
Step 3 Run:
snmp-agent trap enable feature-name feature-name trap-name trap-name
A trap function of a feature module is enabled. This means that an alarm of a specified feature
can be sent to the NM station.
The undo snmp-agent trap enable feature-name command can be used to disable a trap
function of a module.
Step 4 Run:
snmp-agent trap source interface-type interface-number
The source interface for trap messages is specified.

After the source interface is specified, its IP address becomes the source IP address of trap
messages. Configuring the IP address of the local loopback interface as the source interface is
recommended, which can ensure device security.
The source interface specified on the switch for trap messages must be consistent with that
specified on the NM station; otherwise, the NM station will not accept the trap messages sent
from the switch.
Step 5 Run:
snmp-agent trap queue-size size
Issue 01 (2011-10-26)

13

The length of the queue storing trap messages to be sent to the destination host is set.
The queue length depends on the number of generated trap messages. If the switch frequently
generates trap messages, a longer queue length can be set to prevent trap messages from being
lost.
Step 6 Run:
snmp-agent trap life seconds
The lifetime of every trap message is set.

The lifetime of every trap message depends on the number of generated trap messages. If the
switch frequently generates trap messages, a longer lifetime can be set for every trap message
to prevent trap messages from being lost.
----End
1.2.6 (Optional) Configuring the Constant Interface Index Feature

This section describes how to configure the constant interface index feature. This feature allows
some interface indexes remain unchanged in the case of interface deletion or addition, system
restart, or hardware or software configuration change to meet the need of some functions such
as accounting and fault diagnosis that require fixed interfaces.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ifindex constant
The constant interface index feature is enabled.

After the feature is enabled, the indexes for all the existing interfaces and newly created interfaces
are fixed. If the system needs to restart, the save command must be run to save interface
configurations; otherwise, the interface indexes will change after the system is restarted.
Step 3 Run:
set constant-ifindex max-number number
The maximum number of interfaces indexed by fixed numbers is set.

If interfaces are frequently added or deleted during system operation, the interface index file
stored in the device may have a great size and consume too many system resources. Setting the
maximum number of interfaces indexed by fixed numbers can prevent the interface index file
from exceeding an expected size.
After the maximum number of interfaces indexed by fixed numbers is set, the system will allocate
fixed indexes to interfaces within the specified value range. If the specified value is smaller than
the number of interfaces configured on the device, the system allocates fixed interface indexes
to the interfaces enabled earlier. The interfaces enabled later are not indexed by fixed numbers.
By default, a maximum of 131070 interfaces can be indexed by fixed numbers. If the value is
set to 0, no interfaces will be indexed by fixed numbers.
Issue 01 (2011-10-26)

14

Step 4 Run:
set constant-ifindex subinterface { dense-mode | sparse-mode }
The memory distribution mode for the sub-interface index is set.

When a sub-interface is created, the system generates an index image file for the sub-interface
in the memory in a specified mode. You may use various sub-interface numbering modes, such
as the continuous mode or the discontinuous mode. In real-world situations, one of the following
distribution modes can be used as needed:
l Sparse mode: applies to discontinuous sub-interface numbering.
l Dense mode: applies to continuous sub-interface numbering.
----End
1.2.7 Checking the Configuration

After SNMPv1 functions are configured, you can view the SNMPv1 configurations.
Prerequisite
The configurations of basic SNMPv1 functions are complete.
Procedure
l
Run the display snmp-agent community command to check the configured community
name.
Run the display snmp-agent sys-info version command to check the enabled SNMP
version.
Run the display acl acl-number command to check the rules in the specified ACL.
Run the display snmp-agent mib-view command to check the MIB view.
Run the display snmp-agent sys-info contact command to check the equipment
administrator's contact information.
Run the display snmp-agent sys-info location command to check the location of the
device.
Run the display snmp-agent target-host command to check the information about the
target host.
Run the display snmp-agent extend error-code status command to check whether the
SNMP extended error code feature is enabled.
Run the display constant-ifindex configuration command to check the constant interface
index function and relevant configuration information.
----End

Station by Running SNMPv2c
After SNMPv2c is configured, a managed device and an NM station can run SNMPv2c to
Issue 01 (2011-10-26)

15


l

procedures.

Before configuring a device to communicate with an NM station by running SNMPv2c,
If your network is a large scale with many devices and its security requirements are not strict or
its security is good (for example, a VPN network) but services on the network are so busy that
traffic congestion may occur, SNMPv2c can be deployed to ensure communication between the
NM station and managed devices.
Before configuring a device to communicate with an NM station by running SNMPv2c, complete
the following task:
l
Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv2c, you
need the following data.
Issue 01 (2011-10-26)
No.
Data
SNMP version, SNMP community name, address of the alarm destination host,
(Optional) ACL number, IP address of the NM station, MIB object

queue length for trap messages, lifetime of trap messages, expiry time of informs,
allowable number of inform retransmissions, allowable maximum number of informs
to be acknowledged, aging time of log messages, and allowable maximum number
of log messages about the trap and inform events in the log buffer

16

1.3.2 Configuring Basic SNMPv2c Functions

NM station.
Context
configurations, basic SNMP communication can be conducted between the NM station and
managed device.
Procedure
Step 1 Run:
system-view

snmp-agent

Step 3 Run:
snmp-agent sys-info version v2c

By default, SNMPv3 is enabled.
After SNMPv2c is enabled on the managed device, the device supports both SNMPv2c and
SNMPv3. This means that the device can be monitored and managed by NM stations running
SNMPv2c and SNMPv3.
Step 4 Run:
snmp-agent community { read | write } community-name
The community name is set.

After the community name is set, if no MIB view is configured, the NM station that uses the
community name has rights to access objects in the Viewdefault view (1.3.6.1).
permission in a specified view in some cases. For example, a low-level administrator needs
to read certain data.
l write needs to be configured in the command if the NM station administrator needs the read
and write permissions in a specified view in some cases. For example, a high-level
administrator needs to read and write certain data.
Step 5 Choose one of the following commands as needed to configure the destination IP address for
l If the network is an IPv4 network, configure the device to send either traps or informs to the
NM station.
Issue 01 (2011-10-26)

17

NOTE
The differences between traps and informs are as follows:

l The traps sent by the managed device do not need to be acknowledged by the NM station.
l The informs sent by the managed device need to be acknowledged by the NM station. If no
acknowledgement message from the NM station is received within a specified time period, the
managed device will resend the inform until the number of retransmissions reaches the maximum.
When the managed device sends an inform, it records the inform in the log. If the NM station and
link between the NM station and managed device recovers from a fault, the NM station can still
learn the inform sent during the fault occurrence and rectification.
In this regard, informs are more reliable than traps, but the device may need to buffer a lot of informs
because of the inform retransmission mechanism and this may consume many memory resources.
If the network is stable, using traps is recommended. If the network is unstable and the device's memory
capacity is sufficient, using informs is recommended.
To configure a destination IP address for the traps and error codes sent from the device,
run:
security-string [ v2c ] [ private-netmanager | ext-vb ]*
To configure a destination IP address for the informs and error codes sent from the device,
run:
snmp-agent target-host inform address udp-domain ip-address [ udp-port portnumber ] [ vpn-instance vpn-instance-name ] params securityname securitystring v2c [ ext-vb ]

source.
NOTE
An IPv6 network supports only traps, not informs.


Issue 01 (2011-10-26)

18

and rectification.
bytes.
----End
Follow-up Procedure
l
Access control allows any NM station that uses the community name to monitor and manage
all the objects on the managed device.
The managed device sends alarms generated by the modules that are open by default to the
NM station.
If finer device management is required, follow directions below to configure the managed
device:
l
To allow a specified NM station that uses the community name to manage specified objects
of the device, follow the procedure described in Controlling the NM Station's Access to
the Device.
follow the procedure described in Configuring the Trap FunctionConfiguring the Trap
Function.

This section describes how to specify an NM station and manageable MIB objects for SNMPbased communication between the NM station and managed device to improve communication
security.
Issue 01 (2011-10-26)

19

Context
If a device is managed by multiple NM stations that use the same community name, note the
following points:
l
If all the NM stations that use the community name need to have rights to access the objects
in the Viewdefault view (1.3.6.1), skip the following steps.
If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), skip Step 5.
4.
If some of the NM stations that use the community name need to manage specified objects
on the device, perform all the following steps.
Procedure
Step 1 Run:
system-view

Step 2 Run:
acl acl-number
Step 3 Run:
any }

Step 4 Run:
quit

Step 5 Run:

l If a few MIB objects on a device or some objects in the current MIB view do not or no longer
need to be managed by the NM station, excluded needs to be specified in the related command
managed by the NM station, included needs to be specified in the related command to include
these MIB objects.
Step 6 Run:
snmp-agent community { read | write } { community-name | cipher community-name } [
mib-view view-name | acl acl-number ]*
The NM station's access rights are specified.

permission in the specified view in some cases. For example, a low-level administrator needs
Issue 01 (2011-10-26)

20

to read certain data. write needs to be configured in the command if the NM station
administrator needs the read and write permissions in the specified view in some cases. For
example, a high-level administrator needs to read and write certain data.
l cipher is used to display the community name in cipher text. It can be configured in the
command to improve security. If the parameter is configured, the administrator needs to
remember the community name. If the community name is forgotten, it cannot be obtained
by querying the device.
l If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), mib-view view-name does not need to be
configured in the command.
l If all the NM stations that use the community name need to manage specified objects on the
device, acl acl-number does not need to be configured in the command.
l If some of the NM stations that use the community name need to manage specified objects
on the device, both mib-view and acl need to be configured in the command.
----End
Follow-up Procedure

Procedure
Step 1 Run:
system-view

Step 2 Run:

----End

can be improved.
Issue 01 (2011-10-26)

21

Procedure
Step 1 Run:
system-view

Step 2 Run:

NOTE
Step 3 Run:
The undo snmp-agent trap enable feature-name feature-name trap-name trap-name
command can be used to disable a trap function of a module.
Step 4 Configure trap function parameters based on the trap usage or inform usage selected during the
configuration of basic SNMPv2c functions.
If traps are used, follow the procedure described in Configuring trap parameters; if informs
are used, follow the procedure described in Configuring inform parameters.
Configuring trap parameters:
1.
Run:

messages. Configuring the IP address of the local loopback interface as the source interface
is recommended, which can ensure device security.
specified on the NM station; otherwise, the NM station will not accept the trap messages
sent from the switch.
2.
Run:
Issue 01 (2011-10-26)

22

The queue length depends on the number of generated trap messages. If the switch
frequently generates trap messages, a longer queue length can be set to prevent trap
messages from being lost.
3.
Run:

The lifetime of every trap message depends on the number of generated trap messages. If
the switch frequently generates trap messages, a longer lifetime can be set for every trap
message to prevent trap messages from being lost.
Configuring inform parameters:
1.
Run:
snmp-agent inform { timeout seconds | resend-times times | pending number }*
The timeout period for waiting for Inform ACK messages, number of inform
retransmissions, and allowable maximum number of informs to be acknowledged are set.
If the network is unstable, you need to specify the number of inform retransmissions and
allowable maximum number of informs to be acknowledged when you set a timeout period
for waiting for Inform ACK messages. By default, the timeout period for waiting for Inform
ACK messages is 15 seconds; the number of inform retransmissions is 3; the allowable
maximum number of informs waiting to be acknowledged is 39.
Setting the number of inform retransmissions to a value smaller than or equal to 10 is
recommended. Otherwise, device performance will be affected.
2.
Run:
snmp-agent inform { timeout seconds | resend-times times } *address udpdomain ip-address[ vpn-instance vpn-instance-name ] params securityname
security-string
The timeout period for waiting for Inform ACK messages from a specified NM station and
the number of inform retransmissions are set.
If the network is unstable, you need to specify the number of inform retransmissions and
allowable maximum number of informs to be acknowledged when you set a timeout period
for waiting for Inform ACK messages. By default, the timeout period for waiting for Inform
ACK messages is 15 seconds, and the number of inform retransmissions is 3.
Setting the number of inform retransmissions to a value smaller than or equal to 10 is
recommended. Otherwise, device performance will be affected.
3.
Run:
snmp-agent notification-log enable
The alarm logging function is enabled.

If the link between the switch and the NM station fails, the switch will stop sending informs
to the NM station because the NM station is unroutable but the switch will continue logging
informs. If the link recovers, the NM station will learn the informs logged by the switch
during the link failure.
After the alarm logging function is enabled, the system logs only informs, not traps.
By default, the alarm logging function is disabled.
4.
Issue 01 (2011-10-26)
Run:
23

snmp-agent notification-log { global-ageout ageout | global-limit limit }*
The aging time of alarm logs and maximum number of alarm logs allowed to be stored in
the log buffer are set.
By default, the aging time of alarm logs is 24 hours. If the aging time expires, alarms logs
will be automatically deleted.
By default, the log buffer can store a maximum of 500 alarm logs. If the number of alarm
logs in the log buffer exceeds 500, the device will delete the alarm logs from the earliest
one.
----End

Procedure
Step 1 Run:
system-view

Step 2 Run:
ifindex constant

Step 3 Run:

Step 4 Run:

Issue 01 (2011-10-26)

24

----End

After SNMPv2c functions are configured, you can view the SNMPv2c configurations.
Prerequisite
The configurations of basic SNMPv2c functions are complete.
Procedure
l
Run the display snmp-agent community command to check the configured community
name.
version.
device.
Run the display snmp-agent target-host command to check information about the target
host.
Run the display snmp-agent inform [ address udp-domain ip-address [ vpn-instance

vpn-instance-name ] params securityname security-string ] command to check inform
parameters and device statistics with the NM station being specified or not.
Run the display snmp-agent notification-log info command to check alarm logs stored
in the log buffer.
Run the display constant-ifindex configuration command to check the constant interface
index function and relevant configuration information.
----End

Station by Running SNMPv3
Issue 01 (2011-10-26)

25

l

procedures.

Before configuring a device to communicate with an NM station by running SNMPv3,
Assume your network has a strict requirement on security, only authorized administrators can
manage network devices, and the security and accuracy of transmitted network data need to be
ensured. For example, the data between the NM station and managed devices is transmitted over
a public network. In this case, SNMPv3 can be deployed. The authentication and encryption
functions provided by SNMPv3 ensure the security of data sending and normal communication
between the NM station and managed devices.
Before configuring a device to communicate with an NM station by running SNMPv3, complete
the following task:
l
Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv3, you need
the following data.
Issue 01 (2011-10-26)
No.
Data
SNMP version, user name and user group name, address of the alarm destination host,
(Optional) ACL number, IP address of the NM station, and MIB object

queue length for trap messages, and lifetime of trap messages
26

No.
Data
1.4.2 Configuring Basic SNMPv3 Functions

NM station.
Context
configurations, basic SNMP communication can be conducted between the NM station and
managed device.
Procedure
Step 1 Run:
system-view

snmp-agent


By default, SNMPv3 is enabled. So, this step is optional.
Step 4 Run:
snmp-agent group v3 group-name [ authentication | privacy ]
An SNMPv3 user group is configured.

If the network or network devices are in an environment lacking security (for example, the
network is vulnerable to attacks), authentication or privacy can be configured in the command
to enable data authentication or encryption.
The available authentication and encryption modes are as follows:
l No authentication and no encryption: authentication and privacy are not configured in the
command. This mode is applicable to secure networks managed by a specified administrator.
l Authentication without encryption: Only authentication is configured in the command. This
mode is applicable to secure networks managed by many administrators who may frequently
perform operations on the same device. In this mode, only the authenticated administrators
can access the managed device.
Issue 01 (2011-10-26)

27

l Authentication and encryption: privacy is configured in the command. This mode is

applicable to insecure networks managed by many administrators who may frequently
perform operations on the same device. In this mode, only the authenticated administrators
can access the managed device, and transmitted data is encrypted to guard against
interception and data leaking.
Step 5 Run:
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha }
password [ privacy-mode des56 password ] ]
A user is added to the SNMPv3 user group.

After a user is added to the user group, the NM station that uses the name of the user can access
the objects in the Viewdefault view (1.3.6.1).
If authentication and encryption have been enabled for the user group, the following
authentication and encryption modes can be configured for the data transmitted on the network.
l Authentication mode
Message Digest 5 (MD5): generates a 128-bit message digest for an input message of any
length.
Secure Hash Algorithm (SHA-1): generates a 160-bit message digest for an input message
of less than 264 bits.
MD5 is faster than SHA-1, but is considered less secure.
l Encryption mode
DES uses a 56-bit key to encrypt a 64-bit plain text block.
Step 6 Choose one of the following commands as needed to configure the destination IP address for
l To configure a destination IPv4 address for the alarms and error codes sent from the device,
run:
security-string [ v3 [ authentication | privacy ] ] [ private-netmanager | extvb ]*

source.
Issue 01 (2011-10-26)

28


and rectification.
bytes.
----End
Follow-up Procedure
l
Access control allows any NM station in the configured SNMPv3 user group to monitor
and manage all the objects on the managed device.
The managed device sends alarms generated by the modules that are open by default to the
NM station.
If finer device management is required, follow directions below to configure the managed
device:
l
To allow a specified NM station in an SNMPv3 user group to manage specified objects of

the device, follow the procedure described in Controlling the NM Station's Access to the
Device.
follow the procedure described in Configuring the Trap Function.
Issue 01 (2011-10-26)

29


This section describes how to specify an NM station and manageable MIB objects for SNMPv3based communication between the NM station and managed device to improve communication
security.
Context
If a device is managed by multiple NM stations that are in the same SNMPv3 user group, note
l
If all the NM stations need to have rights to access the objects in the Viewdefault view
(1.3.6.1), skip the following steps.
If some of the NM stations need to have rights to access the objects in the Viewdefault view
(1.3.6.1), skip Step 5.
4.
If some of the NM stations need to manage specified objects on the device, perform all the
following steps.
Procedure
Step 1 Run:
system-view

Step 2 Run:
acl acl-number
Step 3 Run:
any }

Step 4 Run:
quit

Step 5 Run:

l If a few MIB objects on the device or some objects in the current MIB view do not or no
longer need to be managed by the NM station, excluded needs to be specified in the command
managed by the NM station, included needs to be specified in the command to include these
MIB objects.
Issue 01 (2011-10-26)

30

Step 6 Run:
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view
| write-view write-view | notify-view notify-view ]* [ acl acl-number ]
The read and write permissions are configured for the user group.
l read-view needs to be configured in the command if the NM station administrator needs the
read permission in the specified view in some cases. For example, a low-level administrator
needs to read certain data. write-view needs to be configured in the command if the NM
station administrator needs the read and write permissions in the specified view in some
cases. For example, a high-level administrator needs to read and write certain data.
l notify-view notify-view needs to be configured in the command if you want to filter out
irrelevant alarms and configure the managed device to send only the alarms of specified MIB
objects to the NM station. If the parameter is configured, only the alarms of the MIB objects
specified by notify-view will be sent to the NM station.
l authentication or privacy can be configured in the command to improve security. If
authentication is configured, only authentication is performed. If privacy is configured,
both authentication and encryption are performed. For details, see the authentication and
encryption selection guide.
l If some NM stations that are in the same SNMPv3 user group need to have rights to access
the objects in the Viewdefault view (1.3.6.1), [ read-view read-view | write-view writeview | notify-view notify-view ] does not need to be configured in the command.
l If all the NM stations that are in the same SNMPv3 user group need to manage specified
objects on the device, acl acl-number does not need to be configured in the command.
l If some of the NM stations that are in the same SNMPv3 user group need to manage specified
objects on the device, both the MIB view and ACL need to be configured in the command.
----End
Follow-up Procedure

Procedure
Step 1 Run:
system-view

Step 2 Run:

Issue 01 (2011-10-26)

31

----End

can be improved.
Procedure
Step 1 Run:
system-view

Step 2 Run:

NOTE
Step 3 Run:
The undo snmp-agent trap enable feature-name command can be used to disable a trap
function of a module.
Step 4 Run:

messages. Configuring the IP address of the local loopback interface as the source interface is
recommended, which can ensure device security.
specified on the NM station; otherwise, the NM station will not accept the trap messages sent
from the switch.
Step 5 Run:
Issue 01 (2011-10-26)

32

The queue length depends on the number of generated trap messages. If the switch frequently
generates trap messages, a longer queue length can be set to prevent trap messages from being
lost.
Step 6 Run:

The lifetime of every trap message depends on the number of generated trap messages. If the
switch frequently generates trap messages, a longer lifetime can be set for every trap message
to prevent trap messages from being lost.
----End

Procedure
Step 1 Run:
system-view

Step 2 Run:
ifindex constant

Step 3 Run:

Issue 01 (2011-10-26)

33

Step 4 Run:

----End

After SNMPv3 functions are configured, you can view the SNMPv3 configurations.
Prerequisite
The configurations of basic SNMPv3 functions are complete.
Procedure
l
Run the display snmp-agent usm-user [ engineid engineid | group group-name |

username user-name ]* command to check user information.
version.
device.
Run the display snmp-agent target-host command to check the information about the
target host.
Run the display constant-ifindex configuration command to check whether the constant
interface index function is enabled and the relevant configuration information.
----End
1.5 SNMP Configuration Examples

This section provides several configuration examples of SNMP. The configuration roadmap in
the examples will help you understand the configuration procedures. Each configuration
example provides information about the networking requirements, configuration notes, and
configuration roadmap.
Issue 01 (2011-10-26)

34

1.5.1 Example for Configuring a Device to Communicate with an

NM Station by Using SNMPv1
This section provides an example to describe how to configure a device to communicate with
an NM station by using SNMPv1 and how to specify the MIB objects that can be managed by
the NM station.
Networking Requirements
As shown in Figure 1-4, two NM stations (NMS1 and NMS2) and the switch are connected
across a public network. According to the network planning, NMS2 can manage every MIB
object except HGMP on the switch, and NMS1 does not manage the switch.
On the switch, only the modules that are enabled by default are allowed to send alarms to NMS2.
This prevents an excess of unwanted alarms from being sent to NMS2. Excessive alarms can
make faults location difficult.
Equipment administrator's contact information needs to be configured on the switch. This allows
the NMS administrator to contact the equipment administrator quickly if a fault occurs.
Figure 1-4 Networking diagram for configuring a device to communicate with an NM station
by using SNMPv1
GE0/0/1
VLANIF100
1.1.2.1/24
NMS1
1.1.1.1/24
IP Network
Switch
NMS2
1.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable the SNMP agent.
2.
Configure the switch to run SNMPv1.
3.
Configure an ACL to allow NMS2 to manage every MIB object except HGMP on the
switch.
4.
Configure the trap function to allow the switch to send alarms to NMS2.
5.
Configure the equipment administrator's contact information on the switch.
6.
Configure NMS2.
Data Preparation
To complete the configuration, you need the following data:
Issue 01 (2011-10-26)

35

SNMP version
Community name
ACL number
IP address of the NM station
Equipment administrator's contact information
Procedure
Step 1 Configure available routes between the switch and the NM stations. Details for the configuration
procedure are not provided here.
Step 2 Enable the SNMP agent.
<Quidway> system-view
[Quidway] snmp-agent
Step 3 Configure the switch to run SNMPv1.

[Quidway] snmp-agent sys-info version v1
# Check the configured SNMP version.

[Quidway] display snmp-agent sys-info version
SNMP version running in the system:
SNMPv1 SNMPv3
Step 4 Configure the NM stations' access rights.

# Configure an ACL to allow NMS2 to manage and disallow NMS1 from managing the
switch.
[Quidway] acl 2001
[Quidway-acl-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
[Quidway-acl-basic-2001] rule 6 deny source 1.1.1.1 0.0.0.0
[Quidway-acl-basic-2001] quit
# Configure a MIB view and allow NMS2 to manage every MIB object except HGMP on the
switch.
[Quidway] snmp-agent mib-view excluded allexthgmp 1.3.6.1.4.1.2011.6.7
# Configure a community name to allow NMS2 to manage the objects in the MIB view.
[Quidway] snmp-agent community write adminnms2 mib-view allexthgmp acl 2001
Step 5 Configure the trap function.

securityname 1.1.3.1
target-host trap address udp-domain 1.1.1.2 params

trap source Loopback0
trap queue-size 200
trap life 60
Step 6 Configure the equipment administrator's contact information.

[Quidway] snmp-agent sys-info contact call Operator at 010-12345678
Step 7 Configure NMS2.

For details on how to configure NMS2, see the relevant NMS configuration guide.
Step 8 Verify the configuration.
After the configurations are complete, run the following commands to verify that the
configurations have taken effect.
Issue 01 (2011-10-26)

36

# Check information about the SNMP community name.

<Quidway> display snmp-agent community
Community name:adminnms2
Group name:adminnms2
Acl:2001
Storage-type: nonVolatile
# Check the configured ACL.

<Quidway> display acl 2001
Basic ACL 2001, 2 rules
Acl's step is 5
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
# Check the MIB view.

<Quidway> display snmp-agent mib-view viewname allexthgmp
View name:allexthgmp
MIB Subtree:hwCluster
Subtree mask:
View Type:excluded
View status:active
# Check the target host.

<Quidway> display snmp-agent target-host
Target-host NO. 1
----------------------------------------------------------IP-address
: 1.1.1.2
Source interface : VPN instance
: Security name
: 1.1.3.1
Port
: 162
Type
: trap
Version
: v1
Level
: No authentication and privacy
NMS type
: NMS
-----------------------------------------------------------
# When an alarm is generated, run the display trapbuffer command to view the details.
<Quidway> display trapbuffer
Trapping buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , Channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 98
#Oct 11 2010 18:57:59 RouterA DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011
.5.25.191.3.1 configurations have been changed. The current change number is 95,
the change loop count is 0, and the maximum number of records is 4095.
# Check the equipment administrator's contact information.

<Quidway> display snmp-agent sys-info contact
The contact person for this managed node:
call Operator at 010-12345678
----End
Configuration Files
Configuration file of the switch
Issue 01 (2011-10-26)

37

#
vlan batch 100
#
acl number 2001
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface LoopBack0
ip address 1.1.3.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
network 1.1.3.1 0.0.0.0
#
snmp-agent
snmp-agent local-engineid 000007DB7FFFFFFF00001AA7
snmp-agent community write adminnms2 mib-view allexthgmp acl 2001
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v1 v3
snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname
1.1.3.1
snmp-agent
snmp-agent
snmp-agent
snmp-agent
#
return
mib-view excluded allexthgmp hwCluster

trap source LoopBack0
trap queue-size 200
trap life 60

NM Station by Using SNMPv2c
an NM station by using SNMPv2c and how to specify the MIB objects that can be managed by
the NM station.
make faults location difficult. Informs need to be used to ensure that alarms are received by
NMS2 because alarms sent by the switch have to travel across the public network to reach NMS2.
Issue 01 (2011-10-26)

38

by using SNMPv2c
NMS1
1.1.1.1/24
IP Network
GE0/0/1
VLANIF100
1.1.2.1/24
Switch
NMS2
1.1.1.2/24
1.
2.
Configure the switch to run SNMPv2c.
3.
switch.
4.
Configure the switch to send informs to NMS2 to ensure alarm sending reliability.
5.
6.
Configure NMS2.
Data Preparation
l
SNMP version
Community name
ACL number
Procedure
Step 3 Configure the switch to run SNMPv2c.

[Quidway] snmp-agent sys-info version v2c

Issue 01 (2011-10-26)

39


SNMPv2c SNMPv3

switch.
[Quidway] acl 2001
# Configure a MIB view.

[Quidway] snmp-agent mib-view excluded allexthgmp 1.3.6.1.4.1.2011.6.7
# Configure a community name to allow NMS2 to manage the objects in the MIB view.
[Quidway] snmp-agent community write adminnms2 mib-view allexthgmp acl 2001

securityname 1.1.2.1
target-host inform address udp-domain 1.1.1.2 params

v2c
inform timeout 15 resend-times 3 pending 39
notification-log enable
notification-log global-ageout 12

Step 7 Configure NMS2.

# Check information about the SNMP community name.
<Quidway> display snmp-agent community
Community name:adminnms2
Group name:adminnms2
Acl:2001

Acl's step is 5

<Quidway> display snmp-agent mib-view viewname allexthgmp
View name:allexthgmp
MIB Subtree:hwCluster
Subtree mask:
View Type:excluded
View status:active

Issue 01 (2011-10-26)

40


Target-host NO. 1
----------------------------------------------------------IP-address
: 1.1.1.2
: Security name
: 1.1.2.1
Port
: 162
Type
: inform
Version
: v2c
Level
NMS type
: NMS
-----------------------------------------------------------

----End
Configuration Files
#
vlan batch 100
#
acl number 2001
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
#
snmp-agent
snmp-agent local-engineid 000007DB7FFFFFFF00001AA7
snmp-agent community write adminnms2 mib-view allexthgmp acl 2001
snmp-agent sys-info version v2c v3
snmp-agent target-host inform address udp-domain 1.1.1.2 params securityname
1.1.2.1 v2c
snmp-agent mib-view excluded allexthgmp hwCluster
snmp-agent inform timeout 15 resend-times 3 pending 39
snmp-agent notification-log enable
Issue 01 (2011-10-26)

41

snmp-agent notification-log global-ageout 12

#
return

NM Station by Using SNMPv3
an NM station by using SNMPv3 and how to specify the MIB objects that can be managed by
the NM station.
make faults location difficult.
The data transmitted between NMS2 and the switch needs to be encrypted and the NMS
administrator needs to be authenticated because the data has to travel across the public network.
by using SNMPv3
NMS1
1.1.1.1/24
GE0/0/1
VLANIF100
1.1.2.1/24
IP Network
Switch
NMS2
1.1.1.2/24
1.
2.
Configure the switch to run SNMPv3.
3.
switch and configure data encryption.
4.
Configure the trap function to allow the switch to send alarms to NMS2.
Issue 01 (2011-10-26)

42

5.
6.
Configure NMS2.
Data Preparation
l
SNMP version
User group name
User name and password
Authentication and encryption algorithms
ACL number
Procedure
Step 3 Configure the switch to run SNMPv3.

[Quidway] snmp-agent sys-info version v3

SNMPv3

switch.
[Quidway] acl 2001
# Configure a MIB view.

[Quidway] snmp-agent mib-view included testview iso
# Configure an SNMPv3 user group and add a user to the group, and configure authentication
for the NMS administrator and encryption for the data transmitted between the switch and NMS2.
[Quidway] snmp-agent usm-user v3 testuser testgroup authentication-mode md5
87654321 privacy-mode des56 87654321
[Quidway] snmp-agent group v3 testgroup privacy write-view testview notify-view
testview acl 2001

[Quidway] snmp-agent target-host trap address udp-domain 1.1.1.2 params
securityname testuser
[Quidway] snmp-agent trap source loopback0
Issue 01 (2011-10-26)

43

[Quidway] snmp-agent trap queue-size 200

[Quidway] snmp-agent trap life 60

Step 7 Configure the NMS2.

# Check information about the user group.
<Quidway> display snmp-agent group testgroup
Group name: testgroup
Security model: v3 AuthPriv
Readview: ViewDefault
Writeview: testview
Notifyview: testview
Acl:2001
# Check information about the user.

<Quidway> display snmp-agent usm-user
User name: testuser
Engine ID: 000007DB7F00000100004C3F active
Group name:testgroup

Acl's step is 5

<Quidway> display snmp-agent mib-view viewname testview
View name:testview
MIB Subtree:iso
Subtree mask:
View Type:included
View status:active

Target-host NO. 1
----------------------------------------------------------IP-address
: 1.1.1.2
: Security name
: testuser
Port
: 162
Type
: trap
Version
: v1
Level
NMS type
: NMS
-----------------------------------------------------------
Issue 01 (2011-10-26)

44


----End
Configuration Files
#
vlan batch 100
#
acl number 2001
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
#
interface LoopBack0
ip address 1.1.3.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
network 1.1.3.1 0.0.0.0
#
snmp-agent
snmp-agent local-engineid 000007DB7FFFFFFF000004A7
snmp-agent group v3 testgroup privacy write-view testview notify-view testview
acl 2001
testuser
snmp-agent mib-view included testview iso
snmp-agent usm-user v3 testuser testgroup authentication-mode md5 N'!2Z
[^HZ0T&P'@XIM=F#Q!! privacy-mode des56 N'!2Z[^HZ0T&P'@XIM=F#Q!!
snmp-agent trap source LoopBack0
snmp-agent trap queue-size 200
snmp-agent trap life 60
#
return
Issue 01 (2011-10-26)

45

2 LLDP Configuration
LLDP Configuration
About This Chapter

This chapter describes the LLDP concept, configuration procedures, and configuration
examples.
2.1 Introduction to LLDP
The Link Layer Discovery Protocol (LLDP) is a Layer 2 discovery protocol defined in the IEEE
802.1ab standard.
2.2 LLDP Feature Supported by the S3700
This section describes the usage scenarios of the LLDP feature and TLV types supported by the
S3700.
2.3 Configuring LLDP
This section describes how to configure LLDP.
2.4 Maintaining LLDP
This section describes how to clear LLDP statistics and monitor LLDP status.
2.5 Configuration Examples
This section provides LLDP configuration examples.
Issue 01 (2011-10-26)

46

2.1 Introduction to LLDP

The Link Layer Discovery Protocol (LLDP) is a Layer 2 discovery protocol defined in the IEEE
802.1ab standard.
Background
Currently, the Ethernet technology is widely used in the network. Compared with small-scale
networks, large-scale networks require that the network management system (NMS) have more
functions and higher processing capability. For example, the NMS needs to obtain the topology
of connected devices and configuration conflicts between devices.
Currently, many NMSs use the automated discovery function to trace the topology changes.
However, most of them at best analyze the Layer 3 network topology and group devices into
different IP subnets. These NMSs provide only the data concerning the basic events such as
adding or deleting of devices, but do not determine the connected interfaces between devices or
obtain information about configuration conflicts.
The Layer 2 discovery protocol precisely discovers the interfaces on each device and obtains
connection information between devices. In addition, it displays the paths between clients,
switches, routers, application servers, and network servers. The Layer 2 information helps you
quickly know the device topology, detect configuration conflicts between devices, and locate
network faults.
The LLDP protocol is a Layer 2 discovery protocol defined in the IEEE 802.1ab standard.
LLDP working mechanism

Figure 2-1 LLDP diagram
Organizationally
defined local device
LLDP MIB extension
(Optional)
Organizationally
defined remote device
LLDP MIB extension
(Optional)
PTOPO MIB
(Optional)
Entity MIB
(Optional)
LLDP local system MIB
LLDP remote system MIB

Interface MIB
(Optional)
LLDP agent
LLDP frames
Local device information
Issue 01 (2011-10-26)
Other MIBs
(Optional)
LLDP/LSAP
Remote device information

47

LLDP is implemented by the MIB.

l
The LLDP module updates the LLDP local system MIB and its own extended MIB
(Organizationally defined local device LLDP MIB extension in the figure) by interacting
with the PTOPO MIB, Entity MIB, Interface MIB, and Other MIBs.
The LLDP module sends the LLDP packets carrying its own information to the peer device
through the interface connected to the peer device.
The LLDP module receives the LLDP packets from the peer device, and then updates the
LLDP remote system MIB stored on the local device.
By using the MIB, the device obtains the neighbor information, including the remote interface
connected to the local device and the bridge MAC address of the peer device.
MIB
Management information bases (MIBs) are classified into LLDP Local System MIBs and the
LLDP Remote System MIBs.
l
LLDP Local System MIB: stores information about the local device, including the device
ID, port ID, system name, system description, port description, system capability, and
management address.
LLDP Remote System MIB: stores information about neighbor devices, including the
device ID, port ID, system name, system description, port description, system capability,
and management address.
LLDP Agent
An LLDP agent manages LLDP operations for an interface.
The LLDP agent performs the following operations:
l
Maintains information in the LLDP local system MIB.
Obtains and sends LLDP local system MIB information to neighbor devices when the status
of the local device status changes. If the local device status keeps unchanged, the LLDP
agent also obtains and sends LLDP local system MIB information to neighbor devices at
intervals.
Identifies and processes received LLDP packets.
Maintains information in the LLDP remote system MIB.
Sends LLDP traps to the NMS when information in the LLDP local system MIB or the
LLDP remote system MIB changes.
LLDP Management Address

The LLDP management address (short for management address) is used by the NMS to identify
the S3700 and implement network management. A management address identifies a device. It
makes the network topology clear and facilitates network management. The management
address is carried in the Management Address Type-Length-Value (TLV) field of an LLDP
packet to be transmitted to neighbor devices.
Issue 01 (2011-10-26)

48

LLDP Trap
When information in the LLDP local system MIB or the LLDP remote system MIB changes,
the device sends traps to the NMS, requesting the NMS to update the topology. The information
changes include:
l
Change of global LLDP status
Change of local management address
Change of neighbor information, excluding the change of neighbor management address
The LLDP trap function is applied to all interfaces.
LLDP Packet
Figure 2-2 shows the LLDP packet format.
Figure 2-2 LLDP packet format
DA: indicates the destination address of the LLDP packet. It is the multicast address 01-80C2-00-00-0E.
SA: indicates the bridge MAC address of the neighbor device.
LLDP Ethertype: indicates the LLDP packet type. If a packet contains this field, it is an
LLDP packet and it is sent to the LLDP module. The value of this field is 0x88CC.
LLDPDU: indicates the LLDP data unit. It is the major content of an LLDP packet.
FCS: indicates the Frame Check Sequence.
LLDPDU in the LLDP packet contains the Layer 2 information discovered by the device, so it
is the most important part in the LLDP packet.
Figure 2-3 shows the LLDPDU structure.
Figure 2-3 LLDPDU structure
The basic unit in the LLDPDU is TLV.

l
T: information type
L: information length
Issue 01 (2011-10-26)

49

V: content value
The LLDPDU carries different types of TLVs to meet the LLDP interaction requirements. The
device sends or receives the local and remote information by using these TLVs.
The LLDPDU starts with Chassis ID TLV, Port ID TLV, and Time to Live TLV, and ends with
End of LLDPDU TLV; therefore, these four TLVs are mandatory for an LLDPDU. The other
TLVs are optional. The device can add and remove the optional TLVs.
2.2 LLDP Feature Supported by the S3700

This section describes the usage scenarios of the LLDP feature and TLV types supported by the
S3700.
Usage Scenario
The LLDP feature of the S3700 is applicable to three types of networks.
The network where an interface has only one neighbor
The interfaces between two switches or the interfaces between a switch and a media endpoint
(ME) are directly connected, so each interface has only one neighbor. As shown in Figure
2-4, SwitchA is directly connected to SwitchB and ME. Each interface on SwitchA and
SwitchB has only one neighbor.
Figure 2-4 Each interface has only one neighbor
Internet
NMS
Switch A
Switch B
ME
The network where an interface has multiple neighbors

The interfaces between two switches are connected through an unknown network, so each
interface has multiple neighbors. As shown in Figure 2-5, SwitchA, SwitchB, and SwitchC are
connected through an unknown network. The devices on the unknown network may not have
the LLDP function or not be managed by the network management system (NMS); however,
they must have the ability to transparently transmit LLDP packets. On this network, each
interface of SwitchA, SwitchB, and SwitchC has multiple neighbors.
Issue 01 (2011-10-26)

50

Figure 2-5 Each interface has multiple neighbors
SNMP
SNMP
NMS
SwitchD
SwitchF
LL LLDPDU
D
PD
U
SwitchE
10.10.10.1
LLDPDU
LL
D
PD
LL
D
PD
10.10.10.2
SwitchA
SwitchB
10.10.10.3
SwitchC
LLDP interface
SNMP packet
NMS: Network Management System
LLDPDU packet
The network where link aggregation is configured

As shown in Figure 2-6, a link aggregation group is configured between the switches. Each
interface in the link aggregation group has only one neighbor.
Figure 2-6 Link aggregation is configured on the network
Network
Enterprise
User
Issue 01 (2011-10-26)
NMS
Eth-Trunk
SwitchA
SwitchB

Enterprise
User
51

TLV Types Supported by the S3700

Besides the mandatory TLVs Chassis ID TLV, Port ID TLV, Time to Live TLV, and End of
LDPDU, the S3700 supports the following optional TLVs.
l
Basic TLV
Type
Description
Management Address TLV
Management IP address
Port Description TLV
Interface description
System Capabilities TLV
Capacities of the local device, including:

l other: other capability
l repeater
l bridge
l wlanAccessPoint: wireless access point
l router
l telephone: wireless device
l docsisCableDevice: management
station
l stationOnly: station
Issue 01 (2011-10-26)
System Description TLV
Device description
System Name TLV
Device name
Organizationally Specific TLV defined in 802.1

Type
Description
Port VLAN TLV
VLAN ID of an interface
Port protocol VLAN TLV
Protocol VLAN ID of an interface
VLAN Name TLV
VLAN name
Protocol identity TLV
Protocol types supported by an interface
Organizationally Specific TLV defined in 802.3

Type
Description
Link Aggregation TLV
Whether a port supports link aggregation

and is enabled with link aggregation
MAC/PHY Configuration/Status TLV
Rate and duplex status of a port, whether

auto-negotiation is supported, and whether
auto-negotiation is enabled

52

Type
Description
Maximum Frame Size TLV
Maximum frame length supported by a

port, namely, the maximum transmission
unit (MTU)
Power Via MDI TLV
Power capability of a port, for example,

whether the port supports PoE and whether
the port is a powering device or powered
device
LLDP-MED TLV
Type
Description
LLDP-MED Capabilities TLV
MED type of a device and the type of an

LLDP MED TLV that can be encapsulated
in an LLDPDU
Inventory TLV
Manufacturer of the device
Location Identification TLV
Location identification, which identifies

the location of the local device
Network Policy TLV
VLAN ID, Layer 2 priority, and DSCP of

a voice VLAN
Extended Power-via-MDI TLV
Power capability of the device
By default, LLDP advertises all types of TLVs except the Location Identification TLV.
2.3 Configuring LLDP

This section describes how to configure LLDP.

The LLDP function on network devices allows the NMS to obtain device capabilities, device
topology, management addresses, device identifications, and interface identifications.
Before configuring LLDP, complete the following tasks:
l
Configuring a reachable route between the switch and the NMS and setting the SNMP
parameters
Configuring an LLDP management address
Issue 01 (2011-10-26)

53

NOTE
The LLDP management address contained in an LLDP packet is used to identify a device. Therefore, the
management address of a device must be unique and easy to manage, for example, the IP address of the
management port. The IP address to be set as the management address must already exist on the device.
That is, this IP address must be configured before 2.3.4 (Optional) Configuring an LLDP Management
Address.
Data Preparation
To configure LLDP, you need the following data.
No.
Data
IP address to be set as the LLDP management address
(Optional) Interval for sending LLDP packets
(Optional) Delay to send LLDP packets
(Optional) Hold time multiplier of device information stored on neighbors
(Optional) Delay to re-enable the LLDP function on an interface
(Optional) Delay to send neighbor change traps to the NMS
2.3.2 Enabling Global LLDP

After LLDP is enabled on the switch and its neighbors, the switch and its neighbors obtain status
information of each other by exchanging LLDP packets. The NMS obtains Layer 2 connection
status from the switch for network topology analysis.
Procedure
Step 1 Run:
system-view

Step 2 Run:
lldp enable
LLDP is enabled globally.

Step 3 Run:
interface interface-type interface-number
The interface view is displayed.

Step 4 Run:
bpdu enable
The interface is enabled to forward LLDP BPDUs.

----End
Issue 01 (2011-10-26)

54

2.3.3 (Optional) Disabling LLDP on an Interface

After global LLDP is enabled, all the interfaces on the device are enabled with LLDP. To disable
LLDP on some interfaces, run the undo lldp enable command on these interfaces.
Prerequisite
LLDP has been enabled globally.
Context
LLDP can be enabled in the system view and the interface view:
l
After LLDP is enabled in the system view, all interfaces are enabled with LLDP.
After LLDP is disabled in the system view, all LLDP settings are restored to the default
settings except the setting of LLDP trap. Therefore, LLDP is also disabled on all interfaces.
An interface can send and receive LLDP packets only after LLDP is enabled in both the
system view and the interface view.
After LLDP is disabled globally, the commands for enabling and disabling LLDP on an
interface do not take effect.
If LLDP needs to be disabled on some interfaces, enable LLDP globally first, and then run
the undo lldp enable command on these interfaces. To re-enable LLDP on these interfaces,
run the lldp enable command in the views of these interfaces.
NOTE
l On an Eth-Trunk, LLDP can only be enabled on member interfaces. The interfaces enabled with LLDP
and not enabled with LLDP can exist in the same Eth-Trunk.
l LLDP can be enabled and disabled only on the physical interfaces such as Ethernet, GE, and XGE
interfaces. Before enabling or disabling LLDP on an interface, ensure that LLDP has been enabled
globally.
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
undo lldp enable
LLDP is disabled on the interface.

----End
2.3.4 (Optional) Configuring an LLDP Management Address

The LLDP management address uniquely identifies a device on the NMS.
Issue 01 (2011-10-26)

55

Prerequisite
Context
If the configured management address is invalid or no management address is configured, the
system sets an IP address in the address list as the management address. The system selects the
IP address in the following priority order: loopback interface address, console port address, and
then VLANIF interface address. Among the IP addresses of the same type, the system selects
the smallest one. If the system does not find a management address, the bridge MAC address is
used as the management address.
Procedure
Step 1 Run:
system-view

Step 2 Run:
lldp management-address ip-address
The LLDP management address is configured.

The value of ip-address must be a valid unicast IP address existing on the device. Using the IP
address of the console port as the LLDP management address is recommended.
----End
2.3.5 (Optional) Configuring the TLV in the LLDPDU

The LLDPDUs contain different types of TLVs. The devices send and receive device
information by using these TLVs. The TLVs that can be encapsulated in an LLDP packet include
basic TLVs, organizationally specific TLVs, and TLVs related to media endpoint discovery
(MED).
Prerequisite
l
LLDP has been enabled on the interfaces.
Context
To enable an interface to send the 802.3 Power via MDI TLV, run the lldp tlv-enable dot3-tlv
power command. The 802.3 Power via MDI TLV has the following formats:
l
802.1ab format: [TLV type | TLV information string length | 802.3 OUI | MDI power
support | PSE power pair | power class]
802.3at format: [TLV type | TLV information string length | 802.3 OUI | MDI power support
| PSE power pair | power class | type/source/priority | PD requested power value | PSE
allocated power value]
Based on 802.1ab, 802.3at extends three fields: type/source/priority, PD requested power value,
and PSE allocated power value.
Issue 01 (2011-10-26)

56

Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
lldp tlv-enable { basic-tlv { all | management-address | port-description | systemcapability | system-description | system-name } | dot1-tlv { all | port-vlan-id |
protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] | protocol-identity } | dot3tlv { all | link-aggregation | mac-physic | max-frame-size | power } | med-tlv
{ all | capability | inventory | location-id { civic-address device-type countrycode { ca-type ca-value }&<1-10> | elin-address Tel-Number } | network-policy |
power-over-ethernet } }
The TLVs supported by the interface are specified.

By default, LLDP advertises all types of TLVs except the Location Identification TLV.
NOTE
l When the supported TLVs on the device are basic TLVs, TLVs in the IEEE 802.1 format, and TLVs
in the IEEE 802.3 format, the lldp tlv-enable command with the all parameter advertises all TLVs.
When the supported TLVs on the device are LLDP-MED TLVs, the lldp tlv-enable command with
the all parameter advertises all TLVs except Location Identification TLV.
If the all parameter is not specified, only one type of TLV can be sent. To send multiple types of TLVs,
run the command multiple times.
l You can specify the other types of LLDP-MED TLVs only after specifying the LLDP-MED
Capabilities TLV.
To disable the LLDP-MED Capabilities TLV, you must disable the other types of LLDP-MED TLVs
first.
To disable the MAC/PHY Configuration/Status TLVs, you must disable the LLDP-MED Capabilities
TLV first.
l The 802.3 MAC/PHY Configuration/Status TLVs are advertised automatically after the LLDP-MED
Capabilities TLV is advertised.
l If you disable the LLDP-MED TLVs and use the all keyword, the MAC/PHY Configuration/Status
TLVs are not disabled automatically.
Step 4 Run:
lldp dot3-tlv power {802.1ab | 802.3at }
The standard with which the 802.3 Power via MDI TLV sent by the interface complies is set.
By default, the 802.3 Power via MDI TLV conforms to 802.1 ab.
NOTE
Before selecting a format of the 802.3 Power via MDI TLV, you must know the TLV format supported by
the peer device. The TLV format on the local device must be also supported by the peer device.
----End
Issue 01 (2011-10-26)

57

2.3.6 (Optional) Configuring LLDP Timers

The LLDP timers include interval for sending LLDP packets, delay to send LLDP packets, hold
time multiplier of device information stored on neighbors, delay to re-enable LLDP on an
interface, and delay to send neighbor change traps to the NMS.
Prerequisite
Context
Interval for sending LLDP packets and delay to send LLDP packets
When the LLDP status of the device keeps unchanged and the device does not discover new
neighbors, the interface module sends LLDP packets to the neighbors at a certain interval. After
the LLDP transmission interval is set on the device, the LLDP enabled interfaces send LLDP
packets to neighbors at this interval. The interfaces may send LLDP packets at different time
points. The LLDP transmission interval should be set properly and adjusted according to network
loads.
l
A long interval reduces the LLDP packet interaction frequency, and thus saves system
resource. However, if the interval is too long, the device cannot notify neighbors of its
status in time, and the NMS cannot discover the network topology changes in real time.
A short interval increases the LLDP packet transmission frequency and enables the NMS
to discover network topology changes in real time. However, if the interval is too short, the
LLDP packets are exchanged frequently, and thus the system load is increased and
resources are saved.
There is a delay before the interface module sends an LLDP packet to the neighbor when the
device status changes frequently. After the LLDP transmission delay is set on the device, the
LLDP enabled interfaces send LLDP packets to neighbors after a delay (the delay is the same
as or longer than the delay you specified). The interfaces may send LLDP packets at different
time points. If the device status changes frequently, extend the delay to prevent the device from
frequently sending traps to the NMS. A delay suppresses the network topology flapping. The
LLDP transmission delay should be set properly and adjusted according to network loads.
l
A long delay reduces the LLDP packet interaction frequency, and thus saves system
resource. However, if the delay is too long, the device cannot notify neighbors of its status
in time, and the NMS cannot discover the network topology changes in real time.
A short delay increases the LLDP packet transmission frequency and enables the NMS to
discover network topology changes in real time. However, if the delay is too short, the
LLDP packets are exchanged frequently, and thus the system load is increased and
resources are saved.
You should consider the value of delay when adjusting the value of interval because it is restricted
by the value of delay.
l
The value of interval ranges from 5 to 32768.
The value of interval must be equal to or greater than four times the value of delay.
Therefore, if you want to set interval to be smaller than four times the value of delay, first
reduce the delay value to be equal to or smaller than a quarter of the new interval value,
and then reduce the interval value.
Issue 01 (2011-10-26)

58

NOTE
If the interval value is smaller than four times the delay value, the system displays an error message when
you run the undo lldp message-transmission delay command. To run the undo lldp messagetransmission delay command in this case, increase the interval value to at least four times the delay value
first.
Hold time multiplier of device information on neighbors

The hold time multiplier is the Time to Live (TTL) of the packets sent by the local device. You
can specify the storage time of device information on the neighbors. After receiving the LLDP
packets, the neighbors update the aging time of the device information from the sender according
to the TTL.
The storage time calculation formula is: TTL = Min (65535, (interval x hold)).
l
TTL is the device information storage time. It is the smaller value between 65535 and
(interval x hold).
interval is the interval at which the device sends LLDP packets to neighbors. This parameter
is set by lldp message-transmission interval.
hold is the hold time multiplier of device information on neighbors.
After the LLDP function is disabled on the device, its neighbors wait until the TTL of the device
information expires, and then delete the device information. This prevents network topology
flapping. The hold time multiplier of device information on neighbors must be set to a proper
value.
l
A great value of the hold time multiplier prevents network topology flapping. However, if
the value is too large, the device cannot notify neighbors of its status in time, and the NMS
cannot discover the network topology changes in real time.
A small value of the hold time multiplier enables the NMS to discover topology change in
time. However, if the value is too small, the neighbors update device information too
frequently. This increases the load on the system and wastes resources.
The default value is recommended.
Delay to re-enable LLDP on an interface

There is a delay before LLDP is re-enabled on an interface. The delay suppresses the topology
flapping of the neighbors caused by the frequent LLDP status changes. The delay to re-enable
the LLDP function on an interface must be set properly.
l
A great value of the delay prevents network topology flapping. However, if the value is too
large, the device cannot notify neighbors of its status in time, and the NMS cannot discover
the network topology changes in real time.
A small value of the delay enables the NMS to discover topology change in time. However,
if the value is too small, the neighbors update device information too frequently. This
increases the load on the system and wastes resources.
The default value is recommended.
Delay to send neighbor change traps to the NMS

There is a delay before the device sends LLDP traps to the NMS. When the neighbor information
changes frequently, extend the delay to prevent the device from sending traps to the NMS too
frequently. This command suppresses the topology flapping. After the delay is set on the device,
the LLDP enabled interfaces send LLDP traps to neighbors after a delay (the delay is the same
as or longer than the delay you specified). The interfaces may send LLDP packets at different
time points.
Issue 01 (2011-10-26)

59

The delay is applied to only the following traps: traps for adding neighbors, traps for deleting
neighbors, neighbor aging traps, and traps for discarding neighbor packets
(LLDP_1.0.8802.1.1.2.0.0.1 lldpRemTablesChange).
Procedure
Step 1 Run:
system-view

Step 2 Run:
lldp message-transmission interval interval
The interval for sending LLDP packets is set.

By default, the interval for sending LLDP packets is 30 seconds.
Step 3 Run:
lldp message-transmission delay delay
The delay to send LLDP packets is set.

By default, the delay to send LLDP packets is 2 seconds.
Step 4 Run:
lldp message-transmission hold-multiplier hold
The hold time multiplier of device information stored on neighbors is set.

The default value is 4.
NOTE
l You can extend the storage time of device information on the neighbors by increasing the value of
hold.
l The value of hold ranges from 2 to 10; however, when the value of (hold x interval) is greater than
65535, the hold value is invalid.
Step 5 Run:
lldp restart-delay delay
The delay to re-enable LLDP on an interface is set.

The default value is 2, in seconds.
If LLDP is disabled on an interface, the system re-enables LLDP for the interface after a delay.
Step 6 Run:
lldp trap-interval interval
The delay to send neighbor change traps to the NMS is set.

The default value is 5, in seconds.
----End
2.3.7 (Optional) Enabling the LLDP Trap Function

To send traps to the NMS when the neighbor information changes, you need to enable the LLDP
trap function on the switch.
Issue 01 (2011-10-26)

60

Context
After the LLDP trap function is enabled, the switch sends traps to the NMS in one of the following
cases:
l
The LLDP function is enabled or disabled globally. The traps are

LLDP_1.3.6.1.4.1.2011.5.25.134.2.1 hwLldpEnabled and
LLDP_1.3.6.1.4.1.2011.5.25.134.2.2 hwLldpDisabled.
The local management address changes. The trap is LLDP_1.3.6.1.4.1.2011.5.25.134.2.5

hwLldpLocManIPAddrChange.
Neighbor information changes. The trap is LLDP_1.0.8802.1.1.2.0.0.1

lldpRemTablesChange. A trap is not generated if the management address of a neighbor
changes.
The LLDP trap function is applied to all interfaces. The LLDP trap function can take effect no
matter whether the LLDP function is enabled globally. If the network topology is unstable,
disable the LLDP function to prevent frequent trap sending.
Procedure
Step 1 Run:
system-view

Step 2 Run:
snmp-agent trap enable feature-name lldptrap
The LLDP trap function is enabled.

By default, the LLDP trap function is disabled on the S3700.
----End

Prerequisite
All configurations are complete.
Procedure
l
Run the display lldp local [ interface interface-type interface-number ] command to view
local LLDP status.
Run the display lldp neighbor [ interface interface-type interface-number ] command to

view neighbor information of an interface.
Run the display lldp neighbor brief command to view brief information about neighbors.
Run the display lldp tlv-config command to view the TLV types supported by the interface.
----End
2.4 Maintaining LLDP

This section describes how to clear LLDP statistics and monitor LLDP status.
Issue 01 (2011-10-26)

61

2.4.1 Clearing LLDP Statistics

To clear LLDP statistics, run the following reset command in the user view.
Procedure
l
Run the reset lldp statistics [ interface interface-type interface-number ] command to

clear LLDP statistics.
----End
2.4.2 Monitoring LLDP Status

To view LLDP status, run the following display commands.
Procedure
l
Run the display lldp local [ interface interface-type interface-number ] command to view
LLDP status in the entire system or on an interface.
Run the display lldp statistics [ interface interface-type interface-number ] command to

view statistics about packets sent and received on an interface.
Run the display lldp neighbor [ interface interface-type interface-number ] command to

view neighbor information of an interface.
----End

This section provides LLDP configuration examples.
2.5.1 Example for Configuring LLDP on the Device That Has a

Single Neighbor
After LLDP is configured on the network devices, the NMS can obtain the network topology.
The following example describes how to configure LLDP on the devices that have a single
neighbor.
As shown in Figure 2-7, SwitchA is directly connected to SwitchB and media endpoint (ME).
The NMS needs to obtain Layer 2 information about SwitchA, SwitchB, and ME. By using the
Layer 2 information, a network administrator can know the detailed network topology
information and configuration conflicts. These requirements can be met by configuring LLDP
on SwitchA and SwitchB.
In addition, the administrator requires that SwitchA and SwitchB send LLDP traps to the NMS
when the LLDP management address changes, global LLDP is enabled or disabled, or the
neighbor information changes. This ensures that the administrator detects topology changes in
time.
The ME supports the LLDP function. Reachable routes exist between the NMS and Switches.
The SNMP parameters are set on all devices.
Issue 01 (2011-10-26)

62

Figure 2-7 Configuring LLDP on the device that has a single neighbor
Internet
NMS
10.10.10.1
Eethernet0/0/1
Switch A
Eethernet0/0/2
Ethernet0/0/1
10.10.10.2
Switch B
ME
1.
Enable global LLDP on SwitchA and SwitchB.
2.
Enable SwitchA and SwitchB to process LLDP BPDUs.
3.
Configure management addresses for SwitchA and SwitchB.
4.
Enable the LLDP trap function on SwitchA and SwitchB.
Data Preparation
l
Management address 10.10.10.1 for SwitchA and management address 10.10.10.2 for
SwitchB
Procedure
Step 1 Enable global LLDP on SwitchA and SwitchB.
# Configure SwitchA.
[Quidway] sysname SwitchA
[SwitchA] lldp enable
# Configure SwitchB.
[Quidway] sysname SwitchB
[SwitchB] lldp enable
Step 2 Enable SwitchA and SwitchB to process LLDP BPDUs.

Issue 01 (2011-10-26)

63

[SwitchA] interface ethernet 0/0/1

[SwitchA-Ethernet0/0/1] bpdu enable
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] bpdu enable
Step 3 Configure management addresses for SwitchA and SwitchB.

[SwitchA] lldp management-address 10.10.10.1
[SwitchB] lldp management-address 10.10.10.2
Step 4 Enable the LLDP trap function on SwitchA and SwitchB.

[SwitchA] snmp-agent trap enable feature-name lldptrap
[SwitchB] snmp-agent trap enable feature-name lldptrap

# Check whether the LLDP function is enabled, management addresses are configured, and the
LLDP trap function is enabled.
l View the configurations on SwitchA.
[SwitchA] display lldp local
System
information
Chassis
type
:macAddress
Chassis ID
:00e0fc33-0011
System name
:SwitchA
System description :Quidway
Huawei Versatile Routing Platform
Software
VRP (R) Software, Version 5.70 (S3700 V200R006C00)
Copyright (c) 2003-2010 Huawei Technologies Co.,
Ltd
System capabilities
supported
:bridge
System capabilities
enabled
:bridge
LLDP Up time
:2009/2/13
18:31:37
MED system information
Device class
:Network Connectivity
(MED inventory information of master board)
HardwareRev
:VER B
FirmwareRev
:NC
SoftwareRev
:Version 5.70 V200R006C00
SerialNum
:NA
Manufacturer name :NA
Model name
:NA
Asset tracking identifier :NA
System configuration
LLDP Status
Issue 01 (2011-10-26)
:enabled

(default is disabled)
64

LLDP Message Tx Interval

LLDP Message Tx Hold Multiplier
LLDP Refresh Delay
LLDP Tx Delay
LLDP Notification Interval
LLDP Notification Enable
Management Address
:30
:4
:2
:2
:5
:enabled
:IP: 10.10.10.1
(default
(default
(default
(default
(default
(default
is
is
is
is
is
is
30s)
4)
2s)
2s)
5s)
disabled)
Remote Table Statistics:

Remote Table Last Change Time
:0 days, 0 hours, 0 minutes, 0 seconds
Remote Neighbors Added
:0
Remote Neighbors Deleted
:0
Remote Neighbors Dropped
:0
Remote Neighbors Aged
:0
Total Neighbors
Port information:
:1
Port information:
Interface Ethernet0/0/1:
LLDP Enable Status
:enabled
Total Neighbors
:1
Port ID subtype
Port ID
Port description
:interfaceName
:Ethernet0/0/1
:HUAWEI, Quidway Series, Ethernet0/0/1 Interface
Port And Protocol vlan ID(PPVID) don't supported

Port VLAN ID(PVID) :1
VLAN name of VLAN 1: VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM CFM
Auto-negotiation supported
:Yes
Auto-negotiation enabled
:Yes
OperMau
:speed(100)/duplex(Full)
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
PSE pairs control ability:No
Power pairs
:Unknown
Port power classification:Unknown
Link aggregation supported:Yes
Link aggregation enabled :No
Aggregation port ID
:0
Maximum frame Size
:1600
MED port information
Media policy type
:Unknown
Unknown Policy
:Yes
VLAN tagged
:No
Media policy VlanID
Media policy L2 priority
Media policy Dscp
:0
:0
:0
Power Type
:Unknown
PoE PSE power source
:Unknown
Port PSE Priority
:Unknown
Port Available power value:0
# View the neighbor information of SwitchA.

Issue 01 (2011-10-26)

65

<SwitchA> display lldp neighbor interface ethernet 0/0/1

Ethernet0/0/1 has 1 neighbors:
Neighbor index : 1
Chassis type
:macAddress
Chassis ID
:00e0-fc33-0011
Port ID type
:interfaceName
Port ID
:Ethernet0/0/1
Port description
System name
:SwitchB
Huawei Versatile Routing Platform Software
Copyright (c) 2003-2010 Huawei Technologies Co., Ltd
System capabilities supported
:bridge
System capabilities enabled
:bridge
Management address type :ipV4
Management address
: 10.10.10.2
Expired time
:118s
Protocol identity
:Yes
:Yes
OperMau
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
Power pairs
:Unknown
Aggregation port ID
:0
Maximum frame Size
:1600
MED Device information
Device class
HardwareRev
:LE01MCUA VER.A
FirmwareRev
:NC
SoftwareRev
SerialNum
:NA
Manufacturer name :HUAWEI TECH CO., LTD
Model name
:NA
Media policy type
:Unknown
Unknown Policy
:Yes
VLAN tagged
:No
Media policy VlanID
:0
Media policy L2 priority :0
Media policy Dscp
:0
Power Type
:Unknown
:Unknown
Port PSE Priority
:Unknown
l View the configurations on SwitchB.
Issue 01 (2011-10-26)

66

Similar to information about SwitchA.

----End
Configuration Files
l
Configuration file of SwitchA

#
sysname SwitchA
#
lldp enable
#
interface Ethernet0/0/1
undo port hybrid vlan 1
bpdu enable
#
lldp management-address
#
return
10.10.10.1
Configuration file of SwitchB

#
sysname SwitchB
#
lldp enable
#
bpdu enable
#
lldp management-address 10.10.10.2
#
return
2.5.2 Example for Configuring LLDP on the Device That Has

Multiple Neighbors
After LLDP is configured on the network devices, the NMS can obtain the network topology.
The following example describes how to configure LLDP on the devices that have multiple
neighbors.
As shown in Figure 2-8, SwitchA, SwitchB, and SwitchC are connected through an unknown
network. The unknown network is not managed by the NMS, but can transparently transmit
LLDP packets. The NMS needs to obtain Layer 2 information about SwitchA, SwitchB, and
SwitchC. By using the Layer 2 information, a network administrator can know the detailed
network topology information and configuration conflicts. These requirements can be met by
configuring LLDP on SwitchA, SwitchB, and SwitchC.
The NMS has reachable routes to SwitchA, SwitchB, and SwitchC and SNMP parameters are
set on all devices.
Issue 01 (2011-10-26)

67

Figure 2-8 Configuring LLDP on the device that has multiple neighbors
SNMP
SNMP
NMS
LL LLDPDU
D
PD
U
SwitchE
10.10.10.1
LLDPDU
LL
D
PD
U
SwitchD
SwitchF
LL
D
PD
U
10.10.10.2
SwitchA
SwitchB
10.10.10.3
SwitchC
LLDP interface
SNMP packet
NMS: Network Management System
LLDPDU packet
1.
Enable global LLDP on SwitchA, SwitchB, and SwitchC.
2.
Enable SwitchA, SwitchB, and SwitchC to process LLDP BPDUs.
3.
Configure management addresses for SwitchA, SwitchB, and SwitchC.
Data Preparation
l
Management addresses for SwitchA, SwitchB, and SwitchC
Procedure
Step 1 Enable global LLDP on SwitchA, SwitchB, and SwitchC.
Issue 01 (2011-10-26)

68

Same as the configurations on SwitchA.

# Configure SwitchC.
Step 2 Enable SwitchA, SwitchB, and SwitchC to process LLDP BPDUs.
[SwitchA-interface Ethernet0/0/1] bpdu enable
Step 3 Configure management addresses for SwitchA, SwitchB, and SwitchC.
[SwitchC] lldp management-address 10.10.10.3

# Check whether LLDP function is enabled and management addresses are configured.
<SwitchA> display lldp neighbor interface ethernet 0/0/1
Ethernet0/0/1 has 2 neighbors:
Neighbor index : 1
Chassis type
:macAddress
Chassis ID
:00e0-fc33-0012
Port ID type
:interfaceName
Port ID
:Ethernet0/0/1
Port description
System name
:SwitchB
VRP (R) Software, Version 5.70 (S3700 )
:bridge
:bridge
Management address
: 10.10.10.2
Expired time
:118s
Protocol identity
Issue 01 (2011-10-26)

69

:Yes
:Yes
OperMau
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
Power pairs
:Unknown
Aggregation port ID
:0
Maximum frame Size
:1600
Device class
HardwareRev
:VER B
FirmwareRev
:NC
SoftwareRev
SerialNum
:NA
Model name
:NA
Media policy type
:Unknown
Unknown Policy
:Undefined
VLAN tagged
:No
Media policy VlanID
:0
Media policy Dscp
:0
Power Type
:Unknown
:Unknown
Port PSE Priority
:Unknown
Neighbor index : 2
Chassis type
:macAddress
Chassis ID
:00e0-fc33-0013
Port ID type
:interfaceName
Port ID
:Ethernet0/0/1
Port description
System name
:SwitchC
VRP (R) Software, Version 5.70 (S3700 )
:bridge
:bridge
Management address
: 10.10.10.3
Expired time
:118s
Protocol identity
:Yes
:Yes
OperMau
Power port class
PSE power supported
Issue 01 (2011-10-26)
:PD
:No

70

PSE power enabled

:No
Power pairs
:Unknown
Aggregation port ID
:0
Maximum frame Size
:1600
Device class
HardwareRev
:VER B
FirmwareRev
:NC
SoftwareRev
SerialNum
:NA
Model name
:NA
Media policy type
:Unknown
Unknown Policy
:Undefined
VLAN tagged
:No
Media policy VlanID
:0
Media policy Dscp
:0
Power Type
:Unknown
:Unknown
Port PSE Priority
:Unknown

Same as information about SwitchA.
l View the configurations on SwitchC.
----End
Configuration Files
l

#
sysname SwitchA
#
#
lldp enable
#
#
bpdu enable
#
return

#
sysname SwitchB
#
#
lldp enable
#
#
Issue 01 (2011-10-26)

71

bpdu enable
#
return
Configuration file of SwitchC

#
sysname SwitchC
#
#
lldp enable
#
#
bpdu enable
#
return
2.5.3 Example for Configuring LLDP on the Network Where Link

Aggregation Is Configured
After LLDP is configured on the interfaces of network devices, the NMS can obtain the network
topology. The following example describes how to configure LLDP on the network where link
aggregation is configured.
As shown in Figure 2-9, SwitchA and SwitchB need to be connected by an Eth-Trunk. The
NMS needs to obtain the Layer 2 information between the Switches. By using the Layer 2
information, a network administrator can know the detailed topology information and
configuration errors on the devices outside the unknown network. These requirements can be
met by configuring LLDP on SwitchA and SwitchB.
The NMS has reachable routes to SwitchA and SwitchB and SNMP parameters are set on all
devices.
Figure 2-9 Configuring LLDP on the network where link aggregation is configured
GE1/0/3 GE1/0/2
10.10.10.1
GE2/0/2
GE2/0/3
10.10.10.2
GE1/0/1 Eth-Trunk1 GE2/0/1

SwitchA
SwitchB
1.
Add the physical interfaces of SwitchA and SwitchB to the Eth-Trunk.
2.
Enable global LLDP on SwitchA and SwitchB.
Issue 01 (2011-10-26)

72

3.
Enable SwitchA and SwitchB to process LLDP BPDUs.
4.
Configure management addresses for SwitchA and SwitchB.
Data Preparation
l
Management address 10.10.10.1 for SwitchA and management address 10.10.10.2 for
SwitchB
Number of the Eth-Trunk between SwitchA and SwitchB, and numbers of the interfaces
added to the Eth-Trunk
Procedure
Step 1 Configure the Eth-Trunk between SwitchA and SwitchB.
[SwitchA] vlan batch 100
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] trunkport ethernet 0/0/1
[SwitchA-Eth-Trunk1] port link-type trunk
[SwitchA-Eth-Trunk1] port trunk allow-pass vlan 100
[SwitchA-Eth-Trunk1] quit
Step 2 Enable global LLDP on SwitchA and SwitchB.
Step 3 Enable SwitchA and SwitchB to process LLDP BPDUs.
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] bpdu enable
[SwitchA-Eth-Trunk1] quit
Step 4 Configure management addresses for SwitchA and SwitchB.
Issue 01 (2011-10-26)

73


# Check whether the physical interfaces are added to Eth-Trunk1.
[SwitchA] display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: NORMAL
Hash arithmetic: According to SIP-XORDIP
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber:
8
Operate status: up
Number Of Up Port In Trunk:
3
------------------------------------------------------------------------------PortName
Status
Weight
Ethernet0/0/1
Up
1
Ethernet0/0/2
Up
1
Ethernet0/0/3
Up
1
# View the LLDP configurations.

[SwitchA] display lldp local
System
information
Chassis
type
:macAddress
Chassis ID
:00e0fc33-0011
System name
:SwitchA
Huawei Versatile Routing Platform
Software
Copyright (c) 2003-2010 Huawei Technologies Co.,
Ltd
System capabilities
supported
:bridge
System capabilities
enabled
:bridge
LLDP Up time
:2010/2/13
18:31:37
MED system information
Device class
(MED inventory information of master board)
HardwareRev
:VER B
FirmwareRev
:NA
SoftwareRev
SerialNum
:NA
Manufacturer name :HUAWEI TECH CO.,LTD
Model name
:NA
Issue 01 (2011-10-26)
System configuration
LLDP Status
LLDP Message Tx Interval
LLDP Message Tx Hold Multiplier
LLDP Refresh Delay
LLDP Tx Delay
LLDP Notification Interval
LLDP Notification Enable
Management Address
:enabled
:30
:4
:2
:2
:5
:enabled
:IP: 10.10.10.1
Remote Table Statistics:

Remote Table Last Change Time
Remote Neighbors Added
:0 days, 15 hours, 1 minutes, 21 seconds

:1

(default
(default
(default
(default
(default
(default
(default
is
is
is
is
is
is
is
disabled)
30s)
4)
2s)
2s)
5s)
disabled)
74

Remote Neighbors Deleted
:0
Remote Neighbors Dropped
:0
Remote Neighbors Aged
:0
Total Neighbors
:2
Port information:
LLDP Enable Status
:enabled
Total Neighbors
:1
Port ID subtype
Port ID
Port description
:interfaceName
:Ethernet0/0/1

VLAN Name of VLAN 1: VLAN1
Protocol identity
:Yes
:Yes
OperMau
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
Power pairs
:Unknown
Aggregation port ID
:1
Maximum frame Size
:1600
Media policy type
:Unknown
Unknown Policy
:Yes
VLAN tagged
:No
Media policy VlanID
Media policy Dscp
:0
:0
:0
Power Type
:Unknown
:Unknown
Port PSE Priority
:Unknown
LLDP Enable Status
:enabled
Total Neighbors
:1
Port ID subtype
Port ID
Port description
:interfaceName
:Ethernet0/0/2

Protocol identity
Issue 01 (2011-10-26)
:Yes

75

:Yes
OperMau
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
Power pairs
:Unknown
Link aggregation enabled :Yes
Aggregation port ID
:1
Maximum frame Size
:1600
Media policy type
:Unknown
Unknown Policy
:Yes
VLAN tagged
:No
Media policy VlanID
Media policy Dscp
:0
:0
:0
Power Type
:Unknown
:Unknown
Port PSE Priority
:Unknown
LLDP Enable Status
:enabled
Total Neighbors
:1
Port ID subtype
Port ID
Port description
:interfaceName
:Ethernet0/0/3

Protocol identity
:Yes
:Yes
OperMau
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
Power pairs
:Unknown
Link aggregation enabled :Yes
Aggregation port ID
:1
Maximum frame Size
:1600
Media policy type
:Unknown
Unknown Policy
:Yes
VLAN tagged
:No
Media policy VlanID
Media policy Dscp
Power Type
Issue 01 (2011-10-26)
:0
:0
:0
:Unknown
:Unknown

76

Port PSE Priority

:Unknown

[SwitchA] display lldp neighbor brief
Local Intf
Neighbor Dev
Neighbor Intf
Exptime
Eth0/0/1
SwitchB
Eth0/0/1
Eth0/0/2
SwitchB
Eth0/0/2
Eth0/0/3
SwitchB
Eth0/0/3
115
115
115

----End
Configuration Files
l

#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif1
ip address 10.10.10.1 255.255.255.0
#
lldp enable
#
interface Eth-Trunk1
port link-type
trunk
port trunk allow-pass vlan 100
#
eth-trunk 1
#
eth-trunk 1
#
eth-trunk 1
#
#
return

#
sysname SwitchB
#
interface Vlanif1
ip address 10.10.10.2 255.255.255.0
#
vlan batch 100
#
lldp enable
#
interface Eth-Trunk1
port link-type
trunk
#
eth-trunk 1
#
eth-trunk 1
Issue 01 (2011-10-26)

77

#
eth-trunk 1
#
lldp management-address
#
return
Issue 01 (2011-10-26)
10.10.10.2

78

3 HGMP Configuration
HGMP Configuration
About This Chapter

By running the Huawei Group Management Protocol (HGMP), you can appoint a switch as the
administrator switch to create a cluster and add a large number of Ethernet switches to the cluster.
The administrator is used to perform unified management and configuration over these switches,
which simplifies maintenance and engineering.
3.1 Introduction to HGMP
This part describes the reason for introducing HGMP and the typical networking of HGMP.
3.2 HGMP Features Supported by the S3700
This part describes the HGMP features supported by the S3700.
3.3 Configuring Basic HGMP Functions
This section describes how to configure basic HGMP functions to create or manage a cluster.
3.4 Configuring Advanced HGMP Functions
This section describes how to configure advanced HGMP functions to simplify the management
and maintenance of a basic cluster.
3.5 Maintaining HGMP
This section describes how to clear the statistics on NDP, and monitor the operation status of
the HGMP cluster.
3.6 HGMP Configuration Examples
This section provides several configuration examples of HGMP.
Issue 01 (2011-10-26)

79

3.1 Introduction to HGMP

This part describes the reason for introducing HGMP and the typical networking of HGMP.
Currently, the Ethernet technology is widely used on both metropolitan area networks (MANs)
and enterprise networks. With the expansion of networks, a large number of access devices are
deployed at the edge of the networks. In this situation, you have to maintain and manage a great
number of devices individually and assign IP addresses for them one by one. This leads to the
waste of IP addresses.
The Huawei Group Management Protocol (HGMP) is developed to manage a group of Ethernet
switches. By running HGMP, you can appoint a switch as the administrator in a cluster to perform
integrated management and configurations over other switches added to the cluster. This
simplifies maintenance and engineering. In addition, all the switches in a cluster share one public
IP address to communicate with outside devices, which saves IP addresses.
Figure 3-1, and Figure 3-2 show the networking diagram of a cluster.
Issue 01 (2011-10-26)

80

Figure 3-1 Networking diagram of a cluster (tree)
FTP
Server
IDC
Server
IP/MPLS
core
I n te rnnet
Router
Cluster1
Administrator
Member1
Member2
Member4
Member3
DSLAM
Host
Administrator: administrator switch
Issue 01 (2011-10-26)
Member: member switch

81

Figure 3-2 Networking diagram of a cluster (RRPP)
FTP
Server
IDC
Server
IP/MPLS
core
I n te rnnet
Router
Cluster1
Administrator
Member1
Member3
Member2
Member4
DSLAM
Host
Administrator: administrator switch
Member: member switch
3.2 HGMP Features Supported by the S3700

This part describes the HGMP features supported by the S3700.
NDP
In HGMP, Neighbor Discovery Protocol (NDP) packets are used to collect information about
the directly connected neighbors, including the device model, software version, hardware
version, connection interface, member number, private IP address used for communication
within a cluster, and hardware platform.
NOTE
Any device that supports HGMP does not forward NDP packets.
An NDP table is created to store information about neighbors.

Issue 01 (2011-10-26)

82

After receiving an NDP packet from the neighbor, the device compares the contents of the packet
with those of a corresponding entry in the NDP table and updates the entry.
NTDP
In HGMP, Network Topology Discovery Protocol (NTDP) packets are used to collect
information about topologies. According to the neighbor information in the NDP table, the
device sends and forwards requests for topology collection, and then collects entries in the NDP
table of each device in a certain network segment.
After receiving an NTDP topology request packet, the device sends an NTDP response packet
immediately. At the same time, the device forwards the received NTDP packet to other interfaces
according to NTDP forwarding rules.
Roles in a Cluster
HGMP defines four roles in a cluster: administrator switch, member switch, candidate switch,
and standby switch.
NOTE
Currently, the S3700 cannot function as a standby switch.
An administrator switch is the management device in a cluster. To ensure the

communication between devices in and out of the cluster, you need to assign a public IP
address to the administrator switch.
A member switches is the member device in a cluster. The member switch is managed by
the administrator switch that acts as an agent. Therefore, the public IP address is not required
for a member switch.
A candidate switch is a device that has the cluster function but does not join any cluster.
A standby switch is the backup administrator switch in a cluster. When the administrator
switch fails, the standby switch automatically serves as the administrator switch.
You can determine the role of a switch in a cluster. Each of the four roles, however, can be
changed according to certain rules.
Basic Cluster Management

The basic cluster management includes the following items:
l
Establishment of a cluster management domain
Addition and deletion of a member
Status transition of a member
Communication in the cluster
Switchover between the administrator switch and the candidate switch
Display of the topology
Modification of the cluster management configuration
Automatic configuration of SNMP
Issue 01 (2011-10-26)

83

NAT
In HGMP, member switches in a cluster can communicate with devices in the public network
through Network Address Transmission (NAT). Whether to use NAT for the communication
can be controlled through commands.
l
The administrator switch is the management device in a cluster. To ensure the

communication between devices in and out of the cluster, you need to assign a public IP
address to the administrator switch.
To ensure that devices in and out of the cluster can communicate through NAT, you need
to enable NAT of specified protocols on the administrator switch.
NAT rules used by a cluster are automatically configured by the administrator switch. When
member switches access devices out of the cluster, they can automatically obtain the
interface mapped through NAT; when devices out of the cluster access member switches,
they need to calculate the number of the port of specified services on member switches.
Batch Distribution
HGMP can perform batch distribution over all the member switches under its management.
Objects to be distributed in batches include: the system software, configuration files, patch files.
l
The batch distribution command can be performed only on the administrator switch.
The administrator switch can be configured with the plug-and-play IP address, user name,
and password. If no IP address, user name, or password are specified in the command, the
plug-and-play IP address, user name, and password are adopted. If neither kinds of IP
address, user name, and password are configured, the command cannot be performed.
Member switches download specified files from the FTP server and then set them as the
default files for the next startup.
To avoid congestion, you can set the maximum number of member switches that
concurrently download files from the FTP server.
Batch Restart
HGMP can perform batch restart over a specified group of member switches.
l
During the process of batch restart, member switches do not save the current configuration.
After receiving the batch restart command, member switches wait 1 second to guarantee
the pervasion of control packets throughout the cluster.
Incremental Configuration
In a cluster, some member switches may have the same configurations, such as creating a VLAN
and enabling a feature. The incremental configuration function is used to remotely control the
selected member switches in batches. With this mode, you only need to configure a control
command list on the administrator switch. Then, you can deliver the control command list to
member switches at a time and query the control command output on each member switch. The
member selection mode can be all, device type-based, member switch ID-based, or IP addressbased.
l
Incremental configuration can be performed only on the administrator switch.
Incremental configuration is applied to the scenario of configuring member switches in

batches and is performed once on selected switches.
Issue 01 (2011-10-26)

84

After incremental configuration is performed, a result list is returned to report the command
output on each member switch. If an error occurs during the command execution, the faulty
command can be located according to the sequence number.
Latter execution results of the incremental configuration overwrite previous ones and only
the last result is saved.
You can edit a configuration command list in the incremental configuration view. The
command execution is closely related to specific views and its sequence is the same as that
on a device.
Configuration Synchronization
After a cluster is created and configured with basic functions, you can save the configuration
files of the cluster members to a specified FTP server through the configuration synchronization
command.
l
To perform configuration synchronization, you need to specify an FTP server in advance.
Security Features
After a cluster is created and configured with basic functions, you can close the network edge
of the cluster as required and then the topology of the cluster becomes stable. When plug and
play is enabled and the PAF is used to control devices configured with HGMP functions to
automatically enable NDP and NTDP on Layer 2 interfaces, a great number of Layer 2 interfaces
are automatically enabled with NDP and NTDP on member switches. NDP and NTDP, however,
are not required on interfaces unrelated to the cluster. Therefore, you need to disable NDP or
NTDP on unrelated interfaces. As a result, less packets are transmitted and the topology of the
cluster is stable.
l
On the administrator switch, disable NDP or NDTP on unrelated interfaces in the cluster.
After you disable NDP on unrelated interfaces in the cluster, NDP packets of the interfaces
are not sent to the administrator switch.
After you disable NTDP on unrelated interfaces in the cluster, NTDP packets of the
interfaces are not sent to the administrator switch.
When the topology of the cluster becomes stable, the unrelated interfaces in the cluster are
defined as interfaces that have not NDP neighbors.
Plug and Play

Before a device joins a cluster, you need to configure the device manually. When a great number
of devices need to be added to a cluster, you can use plug and play to simplify the process. You
can use the PAF to control the performance of basic configuration on devices. Then, connect
devices to the cluster devices physically. After that, the devices can be added to the cluster
automatically.
l
Plug and play uses the PAF to control the performance of basic configuration on devices.
Plug and play needs to be enabled on the administrator switch.
The interfaces connecting the administrator switch and the member switches need to be
added to a control VLAN in trunk mode.
The interval for collecting NTDP packets needs to be set on the administrator switch.
Issue 01 (2011-10-26)

85

3.3 Configuring Basic HGMP Functions

This section describes how to configure basic HGMP functions to create or manage a cluster.

Before configuring basic HGMP functions, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.
When you need to create or manage a cluster, you can configure the cluster with basic HGMP
functions.
Before configuring basic HGMP functions, complete the following tasks:
l
Ensuring that the device is correctly powered on and operates normally
Configuring basic attributes of interfaces on the device
Data Preparation
To configure basic HGMP functions, you need the following data.
No.
Data
Range of private IP addresses used in the cluster
Cluster name
Medium access control (MAC) address of the member switch
(Optional) Aging time of NDP packets and interval for sending NDP packets
(Optional) Range of topology collection, hop delay and interface delay in forwarding
NTDP topology request packets, interval for topology collection
(Optional) ID of the management VLAN, aging time of NDP packets, interval for
sending handshake packets, address of the SNMP host, and IP addresses of the FTP
server and the SFTP server
3.3.2 Configuring NDP

This part describes how to configure the Neighbor Discovery Protocol (NDP) to collect
information about directly connected neighbors.
Issue 01 (2011-10-26)

86

Procedure
l
Enabling NDP in the system view

Do as follows on the administrator switch and member switches:
1.
Run:
system-view

2.
Run:
ndp enable
By default, NDP is enabled in the system view.

l
Enabling NDP on an interface

1.
Run:
system-view

2.
Run the following command as required:

Run:
ndp enable interface { interface-type interface-number [ to interfacetype interface-number ] }&<1-10>
NDP on an interface is enabled in the system view.

Run:

Run:
ndp enable
NDP is enabled on the interface.

l
(Optional) Setting the aging time of NDP packets

1.
Run:
system-view

2.
Run:
ndp timer aging aging-time
The aging time of NDP packets is set.

By default, the aging time of NDP packets is set to 180 seconds. The aging time of
NDP packets must be longer than the interval for sending NDP packets.
l
(Optional) Setting the interval for sending NDP packets

1.
Run:
system-view
Issue 01 (2011-10-26)

87


2.
Run:
ndp timer hello interval
The interval for sending NDP packets is set.

By default, the interval for sending NDP packets is set to 60 seconds. The interval for
sending NDP packets must be shorter than the aging time of NDP packets.
----End
3.3.3 Configuring NTDP

This section describes how to configure the Network Topology Discovery Protocol (NTDP) to
collect information about network topologies.
Procedure
l
Enabling NTDP in the system view

1.
Run:
system-view

2.
Run:
ntdp enable
NTDP is enabled in the system view.

By default, NTDP is enabled in the system view.
l
Enabling NTDP on an interface

1.
Run:
system-view

2.
Run:

3.
Run:
ntdp enable
NTDP is enabled on the interface.

l
(Optional) Configuring the range of topology collection

1.
Run:
system-view

2.
Run:
ntdp hop max-hop-value
The range of topology collection is configured.

By default, the value is 3 hops. The greater the value is, the more memory is occupied.
l
Issue 01 (2011-10-26)
(Optional) Setting the delay in forwarding NTDP packets

88

1.
Run:
system-view

2.
Run:
ntdp timer hop-delay hop-delay-time
The hop delay in forwarding NTDP packets is set.

3.
Run:
ntdp timer port-delay port-delay-time
The interface delay in forwarding NTDP packets is set.

By default, the hop delay is 200 ms and the interface delay is 20 ms.
l
(Optional) Setting the interval for collecting topology information

1.
Run:
system-view

2.
Run:
ntdp timer interval
The interval for collecting topology information is set.

By default, the interval for collecting topology information is set to 0 minutes, that is,
topology information is not collected regularly.
l
(Optional) Enabling topology collection

1.
Run the following command in the user view:

ntdp explore
Topology collection is enabled.

You can run this command to collect topology information at any time.
----End
3.3.4 Creating a Cluster

To perform unified management over switches, you must first create a cluster and add switches
to be managed to the cluster.
Procedure
l
Configuring a management VLAN

1.
Run:
system-view

2.
Run:
vlan vlan-id
A VLAN is created and the VLAN view is displayed.

Issue 01 (2011-10-26)

89

By default, the ID of the management VLAN on the device is 1, which should be

created manually.
If you do not need to change the default ID of the management VLAN, you can
skip Step 6 and Step 7. The VLAN ID in Step 2 is 1.
If you need to change the ID of the management VLAN, VLAN IDs in Step 2,
Step 4, and Step 7 must be the same.
3.
Run:
quit
The VLAN view is quit.

4.
Run:
interface vlanif vlan-id
A VLANIF interface is created and the VLANIF interface view is displayed.

5.
Run:
quit
The VLANIF interface view is quit.

6.
Run:
cluster
The cluster view is displayed.

7.
Run:
mngvlanid vlan-id
A management VLAN is configured.

If you change the ID of the management VLAN or delete the management VLAN and
its corresponding VLANIF interface on the administrator switch, the cluster is
automatically deleted.
If you change the ID of the management VLAN or delete the management VLAN and
its corresponding VLANIF interface on a member switch, the member switch
automatically quits the cluster.
l
Enabling the cluster function

1.
Run:
system-view

2.
Run:
cluster enable
The cluster function is enabled.

By default, the cluster function is not enabled on the device.
l
Creating a cluster
A cluster can be created manually or automatically on the S3700.
NOTE
If the administrator switch is rebooted after the HGMP cluster is created, member switches need to
be re-added into the cluster. In such a situation, numbering of these member switches may be changed.
Issue 01 (2011-10-26)

90

Creating a cluster manually

These steps need to be configured only on the administrator switch or on the switch which
will be the administrator in a created HGMP cluster.
In this mode, you need to manually add member switches to the cluster.
1.
Run:
system-view

2.
Run:
cluster

3.
Run:
ip-pool administrator-ip-address { mask-length | mask }
The range of private IP addresses used in a cluster is set.

This command can be run only before the cluster is set up. If the cluster is set up, you
are not allowed to change the range of private IP addresses used in the cluster.
NOTE
The private IP addresses used by a cluster cannot be the same as any IP address on the device.
4.
Run:
build cluster-name
Names of the administrator switch and the cluster are configured and the cluster is
created.
This command can only be run on the administrator switch and the switch that does
not join any cluster.
Creating a cluster automatically
These steps need to be configured only on the administrator switch or on the switch which
will be the administrator in a created HGMP cluster.
In this mode, the administrator switch prompts you whether to add all the existing candidate
switches to the cluster.
1.
Run:
system-view

2.
Run:
cluster

3.
Run:
ip-pool administrator-ip-address { mask-length | mask }
The range of private IP addresses used in a cluster is set.

This command can be run only before the cluster is set up. If the cluster is set up, you
are not allowed to change the range of private IP addresses used in the cluster.
Issue 01 (2011-10-26)

91

NOTE
The private IP addresses used by a cluster cannot be the same as any IP address on the device.
4.
Run:
auto-build [ recover ]
A cluster is created automatically.

The auto-build command can also be used to add member switches automatically.
For configuration details, see Adding a Member Switch.
----End
3.3.5 Adding a Member Switch

To perform unified management over a switch that is not a member of a cluster, you must first
add the switch to the cluster.
Context
After a cluster is set up, you can add a member switch to the cluster either manually or
automatically.
Procedure
l
Adding a member switch manually

In this mode, you must manually specify the MAC address of the member switch.
Do as follows only on the administrator switch:
1.
Run:
system-view

2.
Run:
cluster

3.
Run:
add-member [ member-number ] mac-address mac-address [ password password]
A member switch is added.

l
Adding a member switch automatically

In this mode, the administrator switch prompts you whether to add all the existing candidate
switches to the cluster. If the authentication mode is used to add member switches, the
administrator switch quits the action of adding a member switch.
1.
Run:
system-view

2.
Run:
cluster
Issue 01 (2011-10-26)

92


3.
Run:
auto-build [ recover ]
A member switch is added automatically.

The auto-build command can also be used to create a cluster automatically. For
configuration details, see Creating a Cluster.
recover indicates that all member switches, including the member switches missing
on the administrator switch should re-join the HGMP cluster.
NOTE
If the administrator switch of HGMP cluster A considers that switch N does not belong to
cluster A but switch N considers that it belongs to cluster A, switch N is called the missing
member switch on the administrator switch.
----End
3.3.6 (Optional) Deleting or Quitting a Cluster

Context
If you do not need to use a cluster to manage a switch, you can delete the switch or configure
the switch to quit the cluster.
Procedure
l
Deleting a cluster
Do as follows on the administrator switch:
1.
Run:
system-view

2.
Run
cluster

3.
Run:
undo build
A cluster is deleted.
After the command is run on an administrator switch, except the mngvlanid and ippool commands, configurations of the administrator switch in the HGMP cluster view
are deleted; all member switches automatically quit the cluster.
l
Disabling a cluster
Do as follows on the administrator switch or a member switch:
1.
Run:
system-view

Issue 01 (2011-10-26)

93

2.
Run:
undo cluster enable
The administrator switch or member switch disable the cluster function.

After the command is run on an administrator switch, except the mngvlanid
command, configurations of the HGMP cluster in the HGMP cluster view are
deleted; all member switches automatically quit the cluster.
After the command is run on a member switch, the member switch automatically
quits the cluster, without affecting the administrator switch and other member
switches.
l
Quitting a cluster
Do as follows on a member switch:
1.
Run:
system-view

2.
Run
cluster

3.
Run:
undo administrator-address
The member switch quits a specified cluster.

NOTE
When you run the undo administrator-address command on member switches, the member
switch temporarily exits from the cluster, whereas the administrator switch does not delete the
member switch. To delete a member switch from the HGMP cluster, run the delete-member
command.
----End
3.3.7 (Optional) Deleting a Member Switch

If you do not need to use a cluster to manage a switch in a management domain, you can delete
the switch from the cluster.
Context
If you do not need a cluster to manage a switch, you can delete the member switch from the
cluster.
Procedure
Step 1 Run:
system-view

Step 2 Run:
Issue 01 (2011-10-26)

94

cluster

Step 3 Run:
delete-member member-number
A member switch is deleted from the cluster.

----End

After configuring basic HGMP functions, you can view the configuration.
Prerequisite
The configurations of the Basic HGMP are complete.
Procedure
l
Run the display ndp to check the NDP configuration in the system view.
Run the display ndp interface { interface-type interface-number [ to interface-type

interface-number ] }&<1-10> to check the neighbor information detected through NDP on
a specified interface.
Run the display ntdp to check the global NTDP settings.
Run the display ntdp device-list [ verbose ] to check the device information collected
through NTDP.
Run the display cluster to check the status and statistics of cluster.
Run the display cluster candidates [ mac-address mac-address | verbose ] to check

information about candidate switches.
Run the display cluster members [ member-number | verbose ] to check information about
member switches.
----End
Example
If the NDP neighbor can be normally established, you can run the display ndp command to
check information about the MAC addresses of all the neighboring stations and the number of
the interface on the neighboring station that is connected to the local interface.
<Quidway> display ndp
Neighbor discovery protocol is enabled.
Neighbor Discovery Protocol Ver: 1, Hello Timer: 60(s), Aging Timer: 180(s)
Interface: GigabitEthernet0/0/1
Status: Disabled, Packets Sent: 0, Packets Received: 0, Packets Error: 0
Status: Enabled, Packets Sent: 114, Packets Received: 108, Packets Error: 0
Neighbor 1: Aging Time: 174(s)
MAC Address : 0018-8203-39d8
Port Name
: GigabitEthernet0/0/1
Software Version: VRP 5.70 V100R006C00
Device Name : S3700
Port Duplex : FULL
Product Ver : S3700
Issue 01 (2011-10-26)

95

If the NDP neighbor is normally established, you can run the display ndp interface command
to check information about the MAC address of the neighboring station and the number of the
interface on the neighboring station that is connected to the local interface.
<Quidway> display ndp interface gigabitethernet 0/0/1
MAC Address : 0018-8203-39d8
Port Name
: GigabitEthernet0/0/1
Software Version: VRP 5.70 V100R006C00
Device Name : S3700
Port Duplex : FULL
Product Ver : S3700
If the NTDP neighbor is normally established, you can run the display ntdp command to check
the NTDP settings.
<Quidway> display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:462ms
If device information is successfully collected through NTDP, you can run the display ntdp
device-list [ verbose ] command to view information lists of all the devices.
<Quidway> display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700
If the cluster is established successfully, you can run the display cluster command to view
information about the HGMP cluster to which the device belongs, such as the cluster name and
ID of the management VLAN.
<HUAWEI_0.Quidway> display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.1.1.1/24
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 2 member(s) in the cluster, and 0 of them are down.
If the cluster is established successfully, you can run the display cluster candidates command
to view information about candidate switches, such as the MAC address and device type.
Issue 01 (2011-10-26)

96

<HUAWEI_0.Quidway> display cluster candidates

MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
If the cluster is established successfully, you can run the display cluster members command
to view information about member switches, such as the MAC address and device type. Member
switches are in the Up state.
<HUAWEI_0.Quidway> display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
00e0-fcb8-d6b6 Admin HUAWEI_0.Administrator-1
1
S3700
0018-8267-7f7d Up
HUAWEI_1.Member-1
2
S3700
00e0-0003-0003 Up
HUAWEI_2.Member-2
3.4 Configuring Advanced HGMP Functions

This section describes how to configure advanced HGMP functions to simplify the management
and maintenance of a basic cluster.

Before configuring advanced HGMP functions, familiarize yourself with the applicable
To optimize the performance parameters of the established cluster, you can configure advanced
HGMP functions to facilitate the management and maintenance of the HGMP cluster and better
manage member switches in the cluster.
Before configuring advanced HGMP functions, complete the following tasks:
l
Ensuring that the device is correctly powered on and operates normally
Configuring basic attributes of interfaces on the device
Configuring Basic HGMP Functions
Data Preparation
To configure advanced HGMP functions, you need the following data.
Issue 01 (2011-10-26)
No.
Data
Interval for sending handshake packets
Aging time of the device status
Aging time of member switches

97

No.
Data
Multicast MAC address of the cluster
IP addresses of the public FTP server, SFTP server, log host, SNMP host used in the
cluster
Default information about the FTP server that is configured for the cluster, including
the IP address, user name, and password
3.4.2 Adjusting Parameters of the Cluster

To better manage switches in a cluster, you can adjust HGMP parameters as required. Adjustable
parameters include the interval for sending Handshake packets, holdtime of the configuration,
whether to enable candidate switches to automatically join a cluster, aging time of member
switches, multicast address of the cluster, mode of adding management interfaces of the cluster
to a VLAN, and public server and host of the cluster.
Procedure
l
Configure the interval for sending handshake packets.

1.
Run:
system-view

2.
Run:
cluster

3.
Run:
timer interval
The interval for sending handshake packets is set.

By default, the interval for sending handshake packets is 10 seconds. This interval
must be equal to or less than one third of the holdtime of the device status.
l
Configure the holdtime of the status for the member switch.

1.
Run:
system-view

2.
Run:
cluster

3.
Run:
holdtime hold-time
The holdtime of the status of the member switch is set.

Issue 01 (2011-10-26)

98

By default, the holdtime is 60 seconds. The holdtime must be at least three times the
interval for sending handshake packets.
l
Enable candidate switches to automatically join a cluster.

1.
Run:
system-view

2.
Run:
cluster

3.
Run:
cluster-autojoin
Candidate switches are enabled to automatically join the cluster.

l
Set the aging time of the Disconnecting state for member switches.
1.
Run:
system-view

2.
Run:
cluster

3.
Run:
cluster-discagingtime disconnect-aging-time
The aging time of member switches is set.

By default, no aging time is set. It indicates that the Disconnecting state of member
switches is not aged.
l
Configure a multicast MAC address for the cluster.

1.
Run:
system-view

2.
Run:
cluster

3.
Run:
cluster-multimac mac-address
A multicast MAC address is configured for the cluster.

By default, the multicast MAC address of the cluster is 01-80-C2-00-00-0A. For
details of the range of the multicast MAC addresses, refer to the Command
Reference.
Issue 01 (2011-10-26)

99

Before setting up a cluster, you need to assign a multicast MAC address to the cluster
or use the default multicast MAC address. To enhance the network security or if the
default multicast MAC address is already used by other services on the network, you
can reassign a multicast MAC address to the cluster within the permitted range. Once
the cluster is set up, you cannot change the multicast MAC address of the cluster. In
addition, you need to assign the same multicast MAC address to all the devices in the
cluster.
l
Configure the mode for interfaces in the cluster to join a VLAN.

1.
Run:
system-view

2.
Run:
cluster

3.
Run:
port-tagged vlan
Communication interfaces in the cluster are added to the management VLAN in trunk
mode.
l
Configure public servers and hosts.

1.
Run:
system-view

2.
Run:
cluster

3.
Run:
ftp-server ip-address
A public FTP server is configured for the cluster.

NOTE
The member switches in a cluster can communicate with the FTP server in either of the
following modes:
l Non-NAT: There must be reachable routes between member switches and FTP server.
l NAT: The cluster-ftp-nat enable command must be run in the cluster view to enable the
FTP NAT function on the administrator switch. The NAT rules are automatically generated
on the administrator switch, and the member switches obtain the NAT mapped ports.
The FTP NAT function on the administrator switch is disabled by default. That is, the member
switches communicate with the FTP server in non-NAT mode.
After the FTP server for the cluster is configured successfully, you can run the cluster-ftp
command so that the member switches can access the FTP server.
4.
Run:
sftp-server ip-address
Issue 01 (2011-10-26)

100

A public SFTP server is configured for the cluster.

5.
Run:
snmp-host ip-address
A public SNMP host is configured for the cluster.

NOTE
The member switches in a cluster can communicate with the SNMP server in either of the
following modes:
l Non-NAT: There must be reachable routes between member switches and SNMP server.
l NAT: The cluster-snmp-nat enable command must be run in the cluster view to enable
the SNMP NAT function on the administrator switch. The NAT rules are automatically
generated on the administrator switch, and the member switches obtain the NAT mapped
ports.
The SNMP NAT function on the administrator switch is enabled by default. That is, the member
switches communicate with the SNMP server in NAT mode.
6.
Run:
logging-host ip-address
A public log host is configured for the cluster.

Member switches can access the servers and hosts that are configured through Steps
3 to 6 by accessing the administrator switch.
Steps 3 to 6 are optional and are not listed in sequence.
By default, no public server and host is configured for a cluster.
----End
3.4.3 Managing Switches in a Cluster Through HGMP

You can use commands to configure the following features for member switches of an HGMP
cluster in batches: batch distribution, batch restart, incremental configuration, configuration
synchronization, and security features.
Procedure
l
Configuring the batch distribution function

1.
Run:
system-view

2.
Run:
cluster

3.
(Optional) Run:
cluster-plug-play ip ftp-ip-address username user-name password password
[ path-separator pathseparator ]
The default information for logging in to the FTP server is configured.

Issue 01 (2011-10-26)

101

After the configuration, the configured information is used by default during the
process of batch distribution.
4.
(Optional) Run:
cluster-member ftp-timeout time
The timeout period for member switches to download the configuration file, the
version file or the patch files through FTP is configured.
5.
Run:
cluster-member [ group-by { device-type device-type | ip {ip-address [ to
ip-address ] } &<1-10> | member-number { member-number [ to membernumber ] } &<1-10> } ] get { configuration-file | system-software | patch
| paf | license } file-name [ ip ftp-ip-address user-name user-name
password password ] [ path-separator pathseparator ]
The batch distribution function is performed.

During the process of batch distribution, the group-by command can be used to
specify member switch groups according to different selection modes.
If Step 3 is not performed, you must enter the IP address, user name, and password
when using this command.
If Step 3 is performed, the IP address, user name, and password configured in Step
3 are used by default.
IP addresses used in batch distribution are private IP addresses used in the cluster.
l
Configuring the batch restart function

1.
Run:
system-view

2.
Run:
cluster

3.
(Optional) Run:
cluster-member reboot-timeout time
The timeout period for member switches to reboot is configured.

4.
Run:
cluster-member reboot [ group-by { device-type device-type | ip {ipaddress [ to ip-address ] } &<1-10> | member-number { member-number [ to
member-number ] } &<1-10> } ]
The batch restart function is performed.

The current configuration of the device is not saved during the process of batch restart.
l
Configuring the plug-and-play function

1.
Run:
system-view

Issue 01 (2011-10-26)

102

2.
Run:
cluster

3.
(Optional) Run:
cluster-plug-play ip ftp-ip-address username user-name password password
[ path-separator pathseparator ]
The default information for logging in to the FTP server is configured.

4.
Run:
cluster-plug-play enable
The plug-and-play function is enabled.

To configure the management VLAN for the interface of the administrator switch,
you should run the port trunk allow-pass vlan command rather than the port
default vlan command if the cluster-plug-play enable command needs to be used.
This interface is directly connected to the candidate switch.
Step 3 is used in the scenario of replacing devices. The new device automatically
downloads the configuration files of the old device. Prerequisites for the operation
is that configuration files of the old device exist on the FTP server and the physical
topologies and types of the new device and old device are the same.
l
Configuring Communication Between Huawei Devices and Non-Huawei Devices

1.
Run:
system-view

2.
Run:
cluster

3.
Run:
cluster-packet-extend enable
Communication Between Huawei Devices and Non-Huawei Devices is enabled.

To configure the management VLAN for the interface of the administrator switch,
you should run the port trunk allow-pass vlan command rather than the port
default vlan command if the cluster-packet-extend enable command needs to
be used. This interface is directly connected to the candidate switch.
l
Configuring the incremental configuration function

1.
Run:
system-view

2.
Run:
cluster

Issue 01 (2011-10-26)

103

3.
Run:
increment
The incremental configuration view is displayed.

4.
Run:
increment-command [ command-number command-number ] command-text commandtext
The command list is edited.

5.
Run:
increment-run [ group-by { device-type device-type | ip { ip-address [ to
ip-address ] } &<1-10> | member-number { member-number [ to membernumber ] } &<1-10> } ]
The result whether commands in the command list are sent to the specified member
switch is displayed.
Only the last execution result of the incremental configuration is saved.
The member selection mode can be device type-based, member switch ID-based,
IP address-based, or all.
If you use the ID of an existing command during the process of editing the
command list, the command will be overwritten.
To delete the existed incremental configuration command, run the undo
increment-command { command-number command-number | all } command.
To check the list of incremental configuration commands that is currently edited,
run the display increment-command command.
l
Synchronizing configuration files

1.
Run:
system-view

2.
Run:
cluster

3.
Run:
increment-config synchronization [ group-by { device-type device-type |
ip {ip-address [ to ip-address ] } &<1-10> | member-number { membernumber [ to member-number ] } &<1-10> } ]
The result whether configuration files of the specified member switch are
synchronized to the FTP server is displayed.
This command is valid only after the cluster is enabled.
l
Configuring security features

1.
Run:
system-view
Issue 01 (2011-10-26)

104


2.
Run:
cluster

3.
Run:
cluster-member unrelated-port [ group-by { device-type device-type | ip
{ip-address [ to ip-address ] } &<1-10> | member-number { member-number
[ to member-number ] } &<1-10> } ] { ndp | ntdp }
NDP or NTDP is disabled on unrelated interfaces.

Only the last command execution result is saved.
This command can be performed only after the cluster is enabled.
----End

After configuring advanced HGMP functions, you can view the configuration.
Prerequisite
The configurations of the Advanced HGMP are complete.
Procedure
l
Run the display cluster-increment-result to check the delivery of incremental

configuration.
Run the display cluster-license to check the cluster license.
Run the display cluster-topology-info to check the cluster topology.
Run the display increment-command to check the incremental configuration command.
Run the display increment-synchronization-result to check whether configuration files

of member switches are synchronized to the FTP server.
Run the display member-getfile-state to check whether member switches successfully

obtain configuration files, version files, or patch files.
Run the display member-interface-state { ndp | ntdp } to check the status of NDP or
NTDP on unrelated interfaces of member switches.
Run the display member-reboot-state to check whether member switches are restarted
successfully.
Run the display member-save-state to check whether member switches successfully save
the current configurations to the FTP server
Run the display synchronization-result to check whether member switches successfully

synchronize configuration files to the FTP server.
----End
Issue 01 (2011-10-26)

105

Example
If the incremental configuration command is successfully delivered to member switches, run the
display cluster-increment-result command, and you can view that success is displayed.
<HUAWEI_0.Quidway> display cluster-increment-result
The result of member switches executing increment commands:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
Result
CommandId
-----------------------------------------------------------------------------2
S3700
0003-0003-0003 10.0.0.3
success
3
S3700
0004-0004-0004 10.0.0.4
success
Run the display cluster-license command, and you can check the contents of the cluster license,
including the number of member switches that can be managed by the administrator switch and
maximum layers that member switches can concatenate.
<Quidway> display cluster-license
The max numbers and hops of manage member switch:
------------------------------------------------------------Max numbers of manage member switch: 255
Max hops of manage member switch
: 16
Run the display cluster-topology-info command, and you can view the cluster topology,
including the topology of normal links, candidate links, and faulty links.
<Quidway> display cluster-topology-info
<-->:normal device
<++>:candidate device
<??>:lost device
------------------------------------------------------------------------Total topology node number is 5.
[HUAWEI_0.Administrator: Root-00e0-ad14-c600]
|-(GigabitEthernet0/0/1)<-->(GigabitEthernet0/0/1)[HUAWEI_3.Member-3: 00e0da1c-4c00]
| |-(GigabitEthernet0/0/2)<-->(GigabitEthernet0/0/1)[HUAWEI_2.Member-2:
00e0-875b-8f00]
| | |-(GigabitEthernet0/0/2)<-->(GigabitEthernet0/0/1)[HUAWEI_1.Member-1:
00e0-0f68-6f00]
|-(GigabitEthernet0/0/2)<-->(GigabitEthernet0/0/1)[HUAWEI_4.Member-4:
00e0-9f7e-0b00]
Run the display increment-command command, and you can check the incremental
configuration of the cluster, including the number and contents of the incremental configuration.
<Quidway> display increment-command
The content of increment commands:
-----------------------------------------------------------------------------SN
Content
-----------------------------------------------------------------------------10
vlan batch 10 to 20
20
ip route-static 2.0.0.0 8 10.0.0.1
If the configuration files of member switches are successfully synchronized with the FTP server,
run the display increment-synchronization-result command, and you can view that success
is displayed.
<Quidway> display increment-synchronization-result
The result of member switches' synchronization:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------1
S3700
0002-0002-0002 10.0.0.2
success
2
S3700
0003-0003-0003 10.0.0.3
success
3
S3700
0004-0004-0004 10.0.0.4
success
If member switches successfully obtain configuration files, PAF files, or patch files, run the
display member-getfile-state command, and you can view that success is displayed.
Issue 01 (2011-10-26)

106

<Quidway> display member-getfile-state

The status of member switches getting file:
-----------------------------------------------------------------------SN
Device
MacAddress
IPAddress
Result
-----------------------------------------------------------------------2
S3700
0002-0002-0002
10.0.0.2
success
3
S3700
0003-0003-0003
10.0.0.3
success
Interfaces running NDP and NTDP are not required on member switches. If NDP and NTDP
are disabled successfully, run the display member-interface-state command, and you can view
that success is displayed.
<HUAWEI_0.Quidway> display member-interface-state ndp
The result of member switches executed disable member interface command:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------3
S3700
0004-0004-0004
10.0.0.4
success
2
S3700
0003-0003-0003
10.0.0.3
success
1
S3700
0002-0002-0002
10.0.0.2
success
[HUAWEI_0.Quidway-cluster] display member-interface-state ntdp
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------3
S3700
0004-0004-0004
10.0.0.4
success
2
S3700
0003-0003-0003
10.0.0.3
success
1
S3700
0002-0002-0002
10.0.0.2
success
If member switches are successfully restarted, run the display member-reboot-state command,
and you can view that success is displayed.
<Quidway> display member-reboot-state
The result of member switches rebooting:
-----------------------------------------------------------------------SN
Device
MacAddress
IPAddress
Result
-----------------------------------------------------------------------1
S3700
0002-0002-0002
10.0.0.2
success
2
S3700
0003-0003-0003
10.0.0.3
success
------------------------------------------------------------------------
If the current configurations are successfully saved on member switches, run the display
member-save-state command, and you can view that success is displayed.
<Quidway> display member-save-state
The result of member switches saving:
-----------------------------------------------------------------------SN
Device
MacAddress
IPAddress
Result
-----------------------------------------------------------------------1
S3700
0002-0002-0002
10.0.0.2
success
2
S3700
0003-0003-0003
10.0.0.3
success
------------------------------------------------------------------------
If member switches successfully synchronize configuration files to the FTP server, run the
display synchronization-result command, and you can view that success is displayed.
<Quidway> display synchronization-result
The result of member switches' synchronization:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------1
S3700
0002-0002-0002 10.0.0.2
success
2
S3700
0003-0003-0003 10.0.0.3
success
3
S3700
0004-0004-0004 10.0.0.4
success
Issue 01 (2011-10-26)

107

3.5 Maintaining HGMP

This section describes how to clear the statistics on NDP, and monitor the operation status of
the HGMP cluster.
3.5.1 Clearing the NDP Statistics

This part describes how to use the reset ndp statistics command to clear the statistics on NDP.
Context
CAUTION
Once statistics are cleared, they cannot be restored. Confirm the action before you use the
command.
Procedure
Step 1 Run the reset ndp statistics [ interface { interface-type interface-number [ to interface-type
interface-number ] } &<1-10> ] command in the user view to clear the NDP statistics.
----End
3.5.2 Monitoring the Operation Status of the HGMP Cluster

This part describes how to use the display commands to monitor the operating status of the
HGMP cluster.
Context
In routine maintenance, you can run the following commands in any view to display the operation
stauts of HGMP.
Procedure
l
Run the display ndp to check the NDP configuration in the system view.
Run the display ntdp to check the global NTDP configuration.
Run the display cluster to check information about the HGMP cluster to which the device
belongs.
Run the display ntdp device-list [ verbose ] to check information about the HGMP cluster
to which the device belongs.
Run the display cluster-topology-info to check the cluster topology information.
Run the display cluster candidates [ mac-address mac-address | verbose ] to check

information about candidate switches.
----End
Issue 01 (2011-10-26)

108

3.5.3 Debugging HGMP

When a fault occurs on NDP, NTDP, or a cluster, you can run the debugging command in the
user view to debug NDP, NTDP, or the cluster, view debugging information, locate the fault,
and analyze the cause.
Context
CAUTION
Debugging affects the performance of the system. After the debugging, run the undo debugging
all command to timely disable it.
When a fault occurs on NDP, NTDP, or a cluster, run the debugging command in the user view
to debug NDP, NTDP or the cluster, and you can view debugging information, locate the fault,
and then analyze the cause.
For more information about the debugging command, refer to the Debugging Reference.
Procedure
l
Run the debugging ndp packet [ interface { interface-type interface-number [ to

interface-type interface-number ] } &<1-10> ] command to enable NDP debugging.
Run the debugging ntdp { all | data | error | message | packet [ verbose ] } to enable
NTDP debugging.
Run the debugging cluster { all | event | handshake | member | mrc | nat | packet |
state } command or debugging cluster { packet | handshake | mrc } [verbose ] command
to enable cluster debugging.
----End
3.6 HGMP Configuration Examples

This section provides several configuration examples of HGMP.
3.6.1 Example for Configuring Basic HGMP Functions for a Cluster

As shown in Figure 3-3, a carrier sets up a Layer 2 network through Layer 2 devices. Too many
Layer 2 devices are hard to be maintained and managed on the site. In addition, to save public
IP addresses, you cannot assign a public IP address to each device.
To effectively manage the Layer 2 network, you can create a cluster for the Layer 2 network
and manage the cluster through HGMP.
In this example, Administrator-1 is nearest to the network administrator and is therefore
appointed as the administrator switch.
Issue 01 (2011-10-26)

109

NOTE
For convenience, only four devices in the Layer 2 network are described.
Figure 3-3 Networking diagram of configuring basic HGMP functions for a cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC address
Device
MAC address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
1.
Create a management VLAN on all devices. Enable NDP and NTDP to ensure that each
device can detect the topology structure of the network through NTDP.
2.
Choose the administrator switch, and then create a cluster named HUAWEI on the
administrator switch.
3.
Add all the devices that support HGMP in the Layer 2 network to the cluster.
4.
Assign an IP address to VLANIF 10 to facilitate the communication between member

switches in the cluster and devices out of the cluster.
Issue 01 (2011-10-26)

110

5.
Configure public servers and hosts for the cluster.
Data Preparation
l
Management VLAN ID of the cluster, that is 10
IP address of VLANIF 10, that is 1.0.0.1/8
Address pool of the cluster, that is 10.0.0.0/8
IP address of the administrator in the cluster, that is 10.0.0.1/8
MAC addresses of devices, as shown in Figure 3-3
IP addresses of servers and hosts, as shown in Figure 3-3
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface ethernet 0/0/1
[Administrator-1-Ethernet0/0/1] port link-type trunk
[Administrator-1-Ethernet0/0/1] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/1] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
# Configure member switch 1.

[Quidway] sysname Member-1
[Member-1] vlan 10
[Member-1-vlan10] quit
[Member-1] interface ethernet 0/0/1
[Member-1-Ethernet0/0/1] port link-type trunk
[Member-1-Ethernet0/0/1] port trunk allow-pass vlan 10
[Member-1-Ethernet0/0/1] quit
[Member-1] interface vlanif 10
[Member-1-Vlanif10] quit

[Member-2] vlan 10
Issue 01 (2011-10-26)

111


[Member-3] vlan 10
Step 2 Configure NDP.

# On switches, enable NDP in the system view and on an interface.
[Administrator-1] ndp enable
[Administrator-1-Ethernet0/0/1] ndp enable

[Member-1] ndp enable
[Member-1-Ethernet0/0/1] ndp enable


After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface ethernet 0/0/1 ethernet 0/0/2
Interface: Ethernet0/0/1
MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Issue 01 (2011-10-26)

112

Software Version: Version 5.70 V200R006C00

Device Name : Member-1
Port Duplex : FULL
Product Ver : S3700
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Port Duplex : FULL
Product Ver : S3700
Step 3 Configure NTDP.

# On devices, enable NTDP in the system view and on the interface and configure the interval
and range for NTDP to collect topologies to 10 minutes and 3 hops respectively.
[Administrator-1] ntdp enable
[Administrator-1] ntdp timer 10
[Administrator-1] ntdp hop 3
[Administrator-1] interface ethernet
[Administrator-1-Ethernet0/0/1] ntdp
0/0/1
enable
0/0/2
enable

[Member-1] ntdp enable
[Member-1] ntdp timer 10
[Member-1] ntdp hop 3
[Member-1] interface ethernet
[Member-1-Ethernet0/0/1] ntdp
0/0/1
enable
0/0/2
enable

[Member-2-Ethernet0/0/1] ntdp enable

After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Hops
: 3
Timer
: 10 min
Issue 01 (2011-10-26)

113

Hop Delay : 200 ms

Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit

[Member-1] cluster enable
[Member-1] cluster
[Member-1-cluster] mngvlanid 10
[Member-1-cluster] quit

[Member-2] cluster

[Member-3] cluster
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700
Step 5 Create a cluster.

NOTE
Following steps can be performed only on the administrator switch.
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1-cluster] ip-pool 10.0.0.1 8
# Create a cluster named HUAWEI on the administrator switch.

[Administrator-1-cluster] build HUAWEI
[HUAWEI_0.Administrator-1-cluster]
Issue 01 (2011-10-26)

114

After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
Step 6 Add member switches.

NOTE
l Following steps can be performed only on the administrator switch.

l Take the mode of automatically adding member switches as an example. To add member switches
manually, see Adding a Member Switch.
# Add all candidate switches to the cluster.

[HUAWEI_0.Administrator-1-cluster] auto-build
Collecting candidate list, please wait...
Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
Warning: Add all to cluster?(Y/N) y
Info: Cluster auto-build is complete.
Added 3 member(s) into the cluster successfully.
DeviceType
S3700
S3700
S3700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3
Step 7 Assign an IP address to VLANIF 10.

Issue 01 (2011-10-26)

115

# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
Step 8 Configure a static route on the administrator switch.

# This operation is to ensure that a reachable route exists between switches in the cluster and
servers or hosts.
[HUAWEI_0.Administrator-1] ip route-static 0.0.0.0 0 1.0.0.2
NOTE
You can also run a routing protocol.
Step 9 Configure public servers and hosts of the cluster.

# Configure an FTP server.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] cluster-ftp-nat enable
[HUAWEI_0.Administrator-1-cluster] ftp-server 2.0.0.1
# Configure a SFTP server.

[HUAWEI_0.Administrator-1-cluster] sftp-server 2.0.0.2
# Configure a Simple Network Management Protocol (SNMP) host.

[HUAWEI_0.Administrator-1-cluster] snmp-host 3.0.0.1
# Configure a log host.

[HUAWEI_0.Administrator-1-cluster] logging-host 4.0.0.1
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
Logging host:4.0.0.1
Issue 01 (2011-10-26)

116

SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
Cluster FTP NAT capability : enabled
----End
Configuration Files
l
Configuration file of Administrator-1.

#
sysname Administrator-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
port link-type trunk
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp server 2.0.0.2
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
Configuration file of Member-1.

#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
Issue 01 (2011-10-26)

117

#
interface Vlanif10
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return

#
sysname Member-2
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return

#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
Issue 01 (2011-10-26)

118

#
return
3.6.2 Example for Configuring the Interconnection of FTP Servers

and Devices in and out of the HGMP Cluster (in NAT Mode)
As shown in Figure 3-4, all the Layer 2 switches belong to the same cluster. Administrator-1 is
the administrator switch of the cluster and other switches are member switches. The member ID
of Member-1 is 1, the member ID of Member-2 is 2 and the member ID of Member-3 is 3.
To upload files to Member-1, Member-2, and Member-3 or download files from them, you can
set up an FTP connection between the devices out of the cluster and member switches in NAT
or non-NAT mode.
NOTE
In this configuration example where the NAT mode is adopted, Member-3 accesses the FTP server
(2.0.0.1/8) out of the cluster and devices out of the cluster access the FTP server (Member-2) in the cluster.
Figure 3-4 Networking diagram of configuring the interconnection of FTP servers and devices
in and out of the HGMP cluster (in NAT Mode)
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Device
Issue 01 (2011-10-26)
MAC Address
Cluster
Device

MAC Address
119

Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
1.
Create a cluster and configure basic HGMP functions for the cluster according to the steps
described in the section "Example for Configuring Basic HGMP Functions for a
Cluster."
2.
For the situation that Member-3 accesses the FTP server (2.0.0.1/8) out of the cluster:
l Run the cluster-ftp command on the member switch to set up a connection with the
public FTP server of the cluster.
3.
For the situation that a device out of the cluster accesses the FTP server (Member-2):
l Calculate the port number reserved on the administrator switch for the FTP protocol of
a certain member switch in the cluster.
l Run the FTP client program on the PC and create an FTP connection with the member
switch.
Data Preparation
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the FTP server
IP address of the administrator switch used in the cluster, that is 10.0.0.1/8
Member-2 serving as the FTP server in the cluster with the member ID being 2
Procedure
[Administrator-1-Ethernet0/0/1] port
Issue 01 (2011-10-26)
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
0/0/3

120



[Member-1] vlan 10

[Member-2] vlan 10

[Member-3] vlan 10


Issue 01 (2011-10-26)

121




MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Port Duplex : FULL
Product Ver : S3700
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Port Duplex : FULL
Product Ver : S3700

0/0/1
enable
0/0/2
enable

Issue 01 (2011-10-26)
0/0/1
enable
0/0/2
enable

122



Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms

[Member-1] cluster

[Member-2] cluster

[Member-3] cluster
of related devices.
------------------------------------------------------------------------------
Issue 01 (2011-10-26)

123

MAC
HOP
IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700

NOTE

management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700

NOTE


Candidate list:
Issue 01 (2011-10-26)

124

Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
DeviceType
S3700
S3700
S3700
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3

in the Up state.

servers or hosts.
NOTE


Issue 01 (2011-10-26)

125



management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2

l Member switches access the FTP server in NAT mode.
<HUAWEI_3.Member-3> cluster-ftp
Trying 10.0.0.1 ...
Press CTRL+K to abort
Connected to 10.0.0.1.
220 FTP service ready.
User(10.0.0.1:(none)):hgmp
331 Password required for hgmp.
Enter password:
230 User logged in.
[ftp]
l A device out of the cluster accesses the FTP server in the cluster in NAT mode.
# Configure an FTP server on Member-2. The configuration details see Configuration Files,
and are not mentioned here.
# Calculate the port number reserved for the FTP protocol of a member switch in the cluster.
The member ID of Member-2 is 2. Using the formula for computing port numbers reserved
for a cluster ( Interface number reserved for a cluster = Base interface number + Member
number*2) , you can obtain that the reserved port number, which is used by Member-2 to
enable the FTP server, is 53248 + 2*2 = 53252.
# Run the FTP client program on the PC and set up an FTP connection with Member-2 in
NAT mode.
NOTE
A device out of the cluster accesses the FTP server in the cluster in NAT mode. IP address of the FTP
server is that of the management VLANIF interface on the administrator switch. The FTP server uses
a port number reserved in the cluster instead of the commonly-used 21.
ftp> open 1.0.0.1 53252
User (1.0.0.1:(none)): hgmp
Issue 01 (2011-10-26)

126

Password:
230 User logged in.
ftp>
----End
Configuration Files
l

#
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
ftp-server 2.0.0.1
sftp-server 2.0.0.2
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return

#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
Issue 01 (2011-10-26)

127


ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return

#
sysname Member-2
#
FTP server enable
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return

#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
Issue 01 (2011-10-26)

128

return
3.6.3 Example for Configuring the Interconnection of FTP Servers

and Devices in and out of the HGMP Cluster (in Non-NAT Mode)
of Member-2 is 2 and the member ID of Member-3 is 3.
To upload files to Member-1, Member-2, and Member-3 or download files from them, you can
set up an FTP connection between devices out of the cluster and member switches in NAT or
non-NAT mode.
NOTE
In this configuration example where the Non-NAT mode is adopted, Member-3 accesses the FTP server
(2.0.0.1/8) out of the cluster and devices out of the cluster access the FTP server (Member-2) in the cluster.
Figure 3-5 Networking diagram of configuring the interconnection of FTP servers and devices
in and out of the HGMP cluster (in non-NAT mode)
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Device
Issue 01 (2011-10-26)
MAC Address
Cluster
Device

MAC Address
129

Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
1.
described in the section Example for Configuring Basic HGMP Functions for a
Cluster.
2.
Disable FTP NAT on the administrator switch (The function is disabled by default.)
NOTE
Related configurations of cluster NAT must be performed on the administrator switch.
3.
Configure routes on the administrator switch and member switches to ensure that reachable
routes exist between the FTP server and member switches.
4.
For the situation that Member-3 accesses the FTP server (2.0.0.1/8) out of the cluster:
l Run the ftp command on the member switch to set up a connection with the public FTP
server of the cluster.
5.
For the situation that the device out of the cluster accesses the FTP server (Member-2):
l Run the FTP client program on the PC and create an FTP connection with the member
switch.
Context
l
the FTP server
Member ID serving as the FTP server in the cluster with the member ID being 2
Procedure
Issue 01 (2011-10-26)

130


[Member-1] vlan 10

[Member-2] vlan 10

[Member-3] vlan 10


Issue 01 (2011-10-26)

131




MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Port Duplex : FULL
Product Ver : S3700
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Port Duplex : FULL
Product Ver : S3700

0/0/1
enable
0/0/2
enable

[Member-1]
[Member-1]
[Member-1]
[Member-1]
Issue 01 (2011-10-26)
ntdp enable
ntdp timer 10
ntdp hop 3
interface ethernet 0/0/1

132




Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms

[Member-1] cluster

[Member-2] cluster

[Member-3] cluster
of related devices.
Issue 01 (2011-10-26)

133


-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700

NOTE

management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700

NOTE

Issue 01 (2011-10-26)

134


Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
DeviceType
S3700
S3700
S3700
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3

in the Up state.

servers or hosts.
NOTE
Step 9 Configure routes for the member switches and ensure that reachable routes exist between
member switches and the FTP server.
Issue 01 (2011-10-26)

135

[HUAWEI_1.Member-1] ip route-static 2.0.0.0 8 10.0.0.1


NOTE
Multiple member switches can be configured simultaneously through incremental configuration. For
configuration details, see Example for Configuring the Incremental Configuration Function for an
HGMP Cluster.

l Member switches access the FTP server in non-NAT mode.
< HUAWEI_3.Member-3> ftp 2.0.0.1
Trying 2.0.0.1 ...
Press CTRL+K to abort
User(2.0.0.1:(none)):hgmp
Enter password:
230 User logged in.
[ftp]
l Devices out of the cluster access the FTP server in the cluster in non-NAT mode.
# Configure an FTP server on the corresponding member switch (Member-2). The
configuration details see Configuration Files, and are not mentioned here.
# Run the FTP client program on the PC and set up an FTP connection with Member-2 in
non-NAT mode.
NOTE
Devices out of the cluster access the FTP server in the cluster in non-NAT mode. The IP address of
the FTP server is that of the management VLANIF interface on the member switch. The FTP server
uses a port number reserved in the cluster instead of the commonly-used 21.
ftp> open 10.0.0.2
Connected to 10.0.0.2
User (10.0.0.2:(none)): hgmp
Password:
230 User logged in.
ftp>
----End
Configuration Files
l

#
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
Issue 01 (2011-10-26)

136

interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return

#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
ip route-static 2.0.0.0 255.0.0.0 10.0.0.1
#
return

#
sysname Member-2
#
FTP server enable
#
vlan batch 10
#
Issue 01 (2011-10-26)

137

cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
#
mngvlanid 10
ip route-static 2.0.0.0 255.0.0.0 10.0.0.1
#
return

#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
#
mngvlanid 10
ip route-static 2.0.0.0 255.0.0.0 10.0.0.1
#
return
3.6.4 Example for Configuring Devices in the HGMP Cluster to

Access the Outside SNMP Host (in NAT Mode)
When Member-1, Member-2, and Member-3 are required to send packets to the SNMP host, a
connection can be set up between the SNMP host out of the cluster and member switches in
NAT or non-NAT mode.
Issue 01 (2011-10-26)

138

NOTE
In this configuration example where the NAT mode is adopted, Member-3 accesses the outside SNMP host
(3.0.0.1/8).
Figure 3-6 Networking diagram of configuring devices in the HGMP cluster to access the
outside SNMP host (in NAT mode)
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
1.
described in Example for Configuring Basic HGMP Functions for a Cluster.
2.
Enable SNMP NAT on the administrator switch (The function is enabled by default.)
NOTE
Issue 01 (2011-10-26)

139

3.
Assign an IP address to the SNMP host.
Data Preparation
l
IP address of the SNMP host, that is 3.0.0.1/8
the SNMP host
Procedure

[Member-1] vlan 10

[Member-2] vlan 10
Issue 01 (2011-10-26)

140


[Member-3] vlan 10




MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Issue 01 (2011-10-26)

141


Port Duplex : FULL
Product Ver : S3700
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Port Duplex : FULL
Product Ver : S3700

0/0/1
enable
0/0/2
enable

0/0/1
enable
0/0/2
enable


Hops
: 3
Timer
: 10 min
Issue 01 (2011-10-26)

142

Hop Delay : 200 ms

Port Delay: 20 ms

[Member-1] cluster

[Member-2] cluster

[Member-3] cluster
of related devices.
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700

NOTE

Issue 01 (2011-10-26)

143

management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700

NOTE


Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
DeviceType
S3700
S3700
S3700
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3

Issue 01 (2011-10-26)

144

in the Up state.

servers or hosts.
NOTE




management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
Issue 01 (2011-10-26)

145

SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
----End
Configuration Files
l

#
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
ftp-server 2.0.0.1
sftp-server 2.0.0.2
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return

#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
Issue 01 (2011-10-26)

146

#
interface Vlanif10
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return

#
sysname Member-2
#
FTP server enable
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return

#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
Issue 01 (2011-10-26)

147

mngvlanid 10
#
return
3.6.5 Example for Configuring Devices in the HGMP Cluster to

Access the Outside SNMP Host (in non-NAT Mode)
When Member-1, Member-2, and Member-3 are required to send packets to the SNMP host out
of the cluster, a connection can be set up between the SNMP host and member switches in NAT
or non-NAT mode.
NOTE
In this configuration example where the non-NAT mode is adopted, Member-3 accesses the SNMP host
(3.0.0.1/8).
Issue 01 (2011-10-26)

148

Figure 3-7 Networking diagram of configuring devices in the HGMP cluster to access the
outside SNMP host (in non-NAT mode)
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/1
......
Ethernet0/0/2
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
1.
described in Example for Configuring Basic HGMP Functions for a Cluster.
2.
Disable SNMP NAT on the administrator switch (The function is enabled by default.)
NOTE
3.
Configure routes on the administrator switch and member switches respectively to ensure
that reachable routes exist between SNMP host and member switches.
4.
Assign an IP address to the SNMP host.
Issue 01 (2011-10-26)

149

Data Preparation
l
IP address of the SNMP host, that is 3.0.0.1/8
the SNMP host
Procedure

[Member-1] vlan 10

[Member-2] vlan 10
Issue 01 (2011-10-26)

150



[Member-3] vlan 10




MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Port Duplex : FULL
Issue 01 (2011-10-26)

151

Product Ver : S3700

MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Port Duplex : FULL
Product Ver : S3700

0/0/1
enable
0/0/2
enable

0/0/1
enable
0/0/2
enable


Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Issue 01 (2011-10-26)

152

Port Delay: 20 ms

[Member-1] cluster

[Member-2] cluster

[Member-3] cluster
of related devices.
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700

NOTE

Issue 01 (2011-10-26)

153

management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700

NOTE


Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
DeviceType
S3700
S3700
S3700
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3

Issue 01 (2011-10-26)

154

in the Up state.

servers or hosts.
NOTE




management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
Issue 01 (2011-10-26)

155

SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
Step 10 Disable SNMP NAT on the administrator switch.

[HUAWEI_0.Administrator-1-cluster] undo cluster-snmp-nat enable
Step 11 Configure the routes of member switches to ensure that reachable routes exist between member
switches and the SNMP host.


NOTE
HGMP Cluster.
Step 12 Configure the SNMP agent function on member switches.

[HUAWEI_1.Member-1] snmp-agent target-host trap address udp-domain 3.0.0.1 params
securityname cluster


NOTE
HGMP Cluster.
----End
Configuration Files
l

#
#
vlan batch 10
#
cluster enable
ntdp enable
Issue 01 (2011-10-26)

156

ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
undo cluster-snmp-nat enable
ftp-server 2.0.0.1
sftp-server 2.0.0.2
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return

#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
ip route-static 3.0.0.0 255.0.0.0 10.0.0.1
#
Issue 01 (2011-10-26)

157

snmp-agent
cluster
#
return

#
sysname Member-2
#
FTP server enable
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
ip route-static 3.0.0.0 255.0.0.0 10.0.0.1
#
snmp-agent
cluster
#
return

#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
ip route-static 3.0.0.0 255.0.0.0 10.0.0.1
#
snmp-agent
cluster
#
Issue 01 (2011-10-26)

158

return
3.6.6 Example for Configuring the Batch Distribution Function for

an HGMP Cluster
Member-2 and Member-3 are required to download configuration files in batches from the FTP
server.
Figure 3-8 Networking diagram of configuring the batch distribution function for an HGMP
cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Issue 01 (2011-10-26)

159

1.
Create a cluster according to the steps described in 3.6.1 Example for Configuring Basic
HGMP Functions for a Cluster.
2.
3.6.1 Example for Configuring Basic HGMP Functions for a Cluster

NOTE
l Configure the interconnection of FTP servers and devices in and out of the HGMP cluster in
NAT or non-NAT mode. The following takes the configuration in NAT mode as an example.
l If the system software, patch files, or configuration files, batch distribution can be distributed in
batches without accessing the FTP server out of the cluster, you can skip this step.
3.
Configure batch distribution on the administrator switch.
Data Preparation
l
the FTP server
Member ID of Member-2 being 2 and member ID of Member-3 being 3
Procedure

[Member-1] vlan 10
Issue 01 (2011-10-26)

160


[Member-2] vlan 10

[Member-3] vlan 10




Issue 01 (2011-10-26)

161


MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Port Duplex : FULL
Product Ver : S3700
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Port Duplex : FULL
Product Ver : S3700

0/0/1
enable
0/0/2
enable

0/0/1
enable
0/0/2
enable


Issue 01 (2011-10-26)

162


Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms

[Member-1] cluster

[Member-2] cluster

[Member-3] cluster
of related devices.
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700

Issue 01 (2011-10-26)

163

NOTE

management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700

NOTE


Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
Issue 01 (2011-10-26)

DeviceType
S3700
S3700
S3700
164

-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3

in the Up state.

servers or hosts.
NOTE




Issue 01 (2011-10-26)

165

management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
Step 10 Distribute configuration files in batches.

# Run the batch distribution command on the administrator switch. Member switches download
configuration files from the FTP server (2.0.0.1) in NAT mode and automatically set them as
the default configuration files for the next startup.
[HUAWEI_0.Administrator-1-cluster] cluster-plug-play ip 2.0.0.1 username user1
password 123
[HUAWEI_0.Administrator-1-cluster] cluster-member group-by member-number 2 to 3
get configuration-file vrpcfg-hgmp.zip

# Run the display member-getfile-stat command on the administrator switch to check whether
member switches successfully obtain the configuration files, system software, and patch files,
[HUAWEI_0.Administrator-1] display member-getfile-stat
The status of member switchs getting file:
-----------------------------------------------------------------------SN
Device
MacAddress
IPAddress
Result
-----------------------------------------------------------------------2
S3700
0003-0003-0003
10.0.0.3
success
3
S3700
0004-0004-0004
10.0.0.4
success
# Run the dir command on member switches and you can find that member switches successfully
download the specified configuration files. Take Member-2 as an example.
<HUAWEI_2.Member-2> dir *.zip
Directory of flash:/
Idx Attr Size(Byte) Date
Time
0
-rw1,491 Sep 03 2008 17:43:52
1
-rw752 Aug 05 2008 15:04:36
506,880 KB total (35,920 KB free)
FileName
vrpcfg.zip
vrpcfg-hgmp.zip
# Run the display startup command on member switches and you can find that names of the
configuration files for the next startup of the member switch is changed. Take Member-2 as an
example.
<HUAWEI_2.Member-2> display startup
MainBoard:
Configured startup system software:
Startup system software:
Next startup system software:
Issue 01 (2011-10-26)
flash:/S3700.cc
flash:/S3700.cc
flash:/S3700.cc

166

Startup saved-configuration file:
Next startup saved-configuration file:
Startup paf file:
Next startup paf file:
Startup license file:
Next startup license file:
Startup patch package:
Next startup patch package:
flash:/vrpcfg.zip
flash:/vrpcfg-hgmp.zip
NULL
NULL
NULL
NULL
NULL
NULL
----End
Configuration Files
l

#
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
ftp-server 2.0.0.1
sftp-server 2.0.0.2
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return

#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
Issue 01 (2011-10-26)

167

ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return

#
sysname Member-2
#
FTP server enable
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return

#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
Issue 01 (2011-10-26)

168

cluster
mngvlanid 10
#
return
3.6.7 Example for Configuring the Batch Restart Function for an

HGMP Cluster
Member switches Member-2 and Member-3 are required to be restarted.
Figure 3-9 Networking diagram of configuring the batch restart function for an HGMP cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Issue 01 (2011-10-26)

169

1.
2.
Configure batch restart on the administrator switch.
Data Preparation
l
Member ID of Member-2 being 2 and the member ID of Member-3 being 3
Procedure

[Member-1] vlan 10
Issue 01 (2011-10-26)

170


[Member-2] vlan 10

[Member-3] vlan 10




Issue 01 (2011-10-26)

171

Status: Enabled, Packets Sent: 0,
MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Software Version: Version 5.70
Port Duplex : FULL
Product Ver : S3700
Status: Enabled, Packets Sent: 6,
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Software Version: Version 5.70
Port Duplex : FULL
Product Ver : S3700
Packets Received: 11, Packets Error: 0
V200R006C00
Packets Received: 16, Packets Error: 0
V200R006C00

0/0/1
enable
0/0/2
enable

0/0/1
enable
0/0/2
enable


Issue 01 (2011-10-26)

172


Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms

[Member-1] cluster

[Member-2] cluster

[Member-3] cluster
of related devices.
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700

NOTE

Issue 01 (2011-10-26)

173

management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700

NOTE


Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
DeviceType
S3700
S3700
S3700
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3
Issue 01 (2011-10-26)

174


in the Up state.

servers or hosts.
NOTE




management vlan id
: 10
Cluster auto-join
: disabled
Issue 01 (2011-10-26)

175

IP pool:10.0.0.1/8
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
Step 10 Restart member switches in batches.

# Run the cluster-member reboot group-by member-number 2 to 3 command on the
administrator switch to restart Member-2 and Member-3.
[HUAWEI_0.Administrator-1-cluster] cluster-member reboot group-by member-number 2
to 3
Info: This command will take members reboot.
Are you sure?[Y/N]y

Run the display member-reboot-stat command on administrator switch to check the restart
status of the member switches, and you can view that success is displayed, which indicates that
the specified member switches are restarted successfully.
[HUAWEI_2.Member-2] display member-reboot-stat
The result of member switchs rebooting:
-----------------------------------------------------------------------SN
Device
MacAddress
IPAddress
Result
-----------------------------------------------------------------------1
S3700
0003-0003-0003
10.0.0.3
success
2
S3700
0004-0004-0004
10.0.0.4
success
----End
Configuration Files
l

#
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
Issue 01 (2011-10-26)

176


#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
ftp-server 2.0.0.1
sftp server 2.0.0.2
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return

#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return

#
sysname Member-2
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
Issue 01 (2011-10-26)

177

mngvlanid 10
#
return

#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return
3.6.8 Example for Configuring the Incremental Configuration

Function for an HGMP Cluster
As shown in Figure 3-10, all the Layer 2 switches belong to the same cluster. Administrator-1
is the administrator switch of the cluster and other switches are member switches. The member
ID of Member-2 is 2 and the member ID of Member-3 is 3.
To configure VLAN 100 to VLAN 200 on Member-2 and Member-3 and a static route with its
next hop address being the administrator switch, you can use the incremental configuration
function of the HGMP cluster.
Issue 01 (2011-10-26)

178

Figure 3-10 Networking diagram of configuring the incremental configuration function for an
HGMP cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
1.
2.
Edit the list of incremental configurations command on the administrator switch.
3.
Deliver the list of incremental configuration commands to the specified member switch.
Data Preparation
l
Issue 01 (2011-10-26)

179

Member ID of Member-2 being 2 and the member ID of Member-3 being 3
Procedure

[Member-1] vlan 10

[Member-2] vlan 10

Issue 01 (2011-10-26)

180


[Member-3] vlan 10




MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Port Duplex : FULL
Product Ver : S3700
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Issue 01 (2011-10-26)

181

Port Duplex : FULL

Product Ver : S3700

0/0/1
enable
0/0/2
enable

0/0/1
enable
0/0/2
enable


Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Issue 01 (2011-10-26)

182


[Member-1] cluster

[Member-2] cluster

[Member-3] cluster
of related devices.
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700

NOTE

management vlan id
: 10
Cluster auto-join
: disabled
Issue 01 (2011-10-26)

183

IP pool:10.0.0.1/8
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700

NOTE


Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
DeviceType
S3700
S3700
S3700
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3

in the Up state.
Issue 01 (2011-10-26)

184



servers or hosts.
NOTE




management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
Step 10 Edit the list of incremental configuration commands on the administrator switch.
[HUAWEI_0.Administrator-1-cluster] increment
[HUAWEI_0.Administrator-1-cluster-increment] increment-command command-number 10
command-text vlan batch 100 to 200
Issue 01 (2011-10-26)

185

[HUAWEI_0.Administrator-1-cluster-increment] increment-command command-number 20

command-text ip route-static 2.0.0.0 8 10.0.0.1
After the previous configuration, run the display increment-command command on the
administrator switch to check the list of incremental configuration commands.
[HUAWEI_0.Administrator-1] display increment-command
The content of increment commands:
-----------------------------------------------------------------------------SN
Content
-----------------------------------------------------------------------------10
vlan batch 100 to 200
20
ip route-static 2.0.0.0 8 10.0.0.1
Step 11 Deliver the list of incremental configurations command to the specified member switch.
[HUAWEI_0.Administrator-1-cluster-increment] increment-run group-by member-number
2 to 3

Run the display cluster-increment-result command on administrator switch to check whether
the list of incremental configuration commands is delivered to the specified member switch, and
you can view that success is displayed.
[HUAWEI_0.Administrator-1] display cluster-increment-result
The result of member switch executing increment commands:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
Result
CommandId
-----------------------------------------------------------------------------2
S3700
0003-0003-0003 10.0.0.3
success
3
S3700
0004-0004-0004 10.0.0.4
success
----End
Configuration Files
l

#
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
Issue 01 (2011-10-26)

186

#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
ftp-server 2.0.0.1
sftp server 2.0.0.2
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return

#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return

#
sysname Member-2
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
Issue 01 (2011-10-26)

187

#
return

#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return
3.6.9 Example for Configuring the Configuration Synchronization

Function for an HGMP Cluster
To synchronize the configuration files of all member switches to the FTP server as required, you
can configure the configuration synchronization function for the HGMP cluster.
Issue 01 (2011-10-26)

188

Figure 3-11 Networking diagram of configuring the configuration synchronization function for
an HGMP cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
1.
2.
3.6.2 Example for Configuring the Interconnection of FTP Servers and Devices in and
out of the HGMP Cluster (in NAT Mode)
NOTE
l Configure the interconnection of FTP servers and devices in and out of the HGMP cluster in
NAT or non-NAT mode. The following takes the configuration in NAT mode as an example.
l If it is not required to synchronize the configuration files of the HGMP cluster by accessing the
FTP server out of the cluster, you can skip this step.
Issue 01 (2011-10-26)

189

3.
Run the configuration synchronization command on the administrator switch.
Data Preparation
l
the FTP server
Procedure

[Member-1] vlan 10

[Member-2] vlan 10
Issue 01 (2011-10-26)

190



[Member-3] vlan 10




MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Issue 01 (2011-10-26)

191

Port Duplex : FULL

Product Ver : S3700
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Port Duplex : FULL
Product Ver : S3700

0/0/1
enable
0/0/2
enable

0/0/1
enable
0/0/2
enable


Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Issue 01 (2011-10-26)

192

Port Delay: 20 ms

[Member-1] cluster

[Member-2] cluster

[Member-3] cluster
of related devices.
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700

NOTE

Issue 01 (2011-10-26)

193

management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700

NOTE


Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
DeviceType
S3700
S3700
S3700
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3

Issue 01 (2011-10-26)

194

in the Up state.

servers or hosts.
NOTE




management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
Issue 01 (2011-10-26)

195

SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
Step 10 Synchronize configuration files.

# Run the configuration synchronization command on the administrator switch, and then member
switches synchronize configuration files to the FTP server (2.0.0.1) in NAT mode.
[HUAWEI_0.Administrator-1-cluster] cluster-plug-play ip 2.0.0.1 username hgmp
password hgmp
[HUAWEI_0.Administrator-1-cluster] increment-config synchronization

After the previous configuration, run the display increment-synchronization-result command
on administrator switch to check whether configuration files are synchronized to the FTP server,
[HUAWEi_0.Administrator-1] display increment-synchronization-result
The result of member switchs' synchronization:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------1
S3700
0002-0002-0002 10.0.0.2
success
2
S3700
0003-0003-0003 10.0.0.3
success
3
S3700
0004-0004-0004 10.0.0.4
success
On the FTP server, you can view that the names of configuration files are the MAC address of
member switches, which indicates that configuration synchronization is successful.
----End
Configuration Files
l

#
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
Issue 01 (2011-10-26)

196

#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
ftp-server 2.0.0.1
sftp-server 2.0.0.2
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return

#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return

#
sysname Member-2
#
FTP server enable
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
Issue 01 (2011-10-26)

197

ndp enable
#
cluster
mngvlanid 10
#
return

#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return
3.6.10 Example for Configuring Security Features for an HGMP

Cluster
Disable NDP and NTDP on the interfaces of all the member switches that do not need NDP or
NTDP. To perform the action and improve the security of the cluster, you can configure security
features for the HGMP cluster.
NOTE
After NDP or NTDP is disabled on unrelated interfaces of member switches, if the new candidate switches
are connected to these unrelated interfaces, they cannot join the cluster until NDP or NTDP is enabled.
Issue 01 (2011-10-26)

198

Figure 3-12 Networking diagram of configuring security features for an HGMP cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
1.
2.
On the administrator switch, disable NDP and NTDP on unrelated interfaces of member
switches.
Data Preparation
l
Issue 01 (2011-10-26)

199

the FTP server
Procedure

[Member-1] vlan 10

[Member-2] vlan 10

Issue 01 (2011-10-26)

200


[Member-3] vlan 10




MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Port Duplex : FULL
Product Ver : S3700
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Issue 01 (2011-10-26)

201

Port Duplex : FULL

Product Ver : S3700

0/0/1
enable
0/0/2
enable

0/0/1
enable
0/0/2
enable


Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Issue 01 (2011-10-26)

202


[Member-1] cluster

[Member-2] cluster

[Member-3] cluster
of related devices.
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700

NOTE

management vlan id
: 10
Cluster auto-join
: disabled
Issue 01 (2011-10-26)

203

IP pool:10.0.0.1/8
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700

NOTE


Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
DeviceType
S3700
S3700
S3700
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3

in the Up state.
Issue 01 (2011-10-26)

204



servers or hosts.
NOTE




management vlan id
: 10
Cluster auto-join
: disabled
IP pool:10.0.0.1/8
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
Step 10 Disable NDP and NTDP.

# Disable NDP and NTDP on interfaces of all the member switches that do not need NDP and
NTDP.
Issue 01 (2011-10-26)

205

# Disable NDP on the unrelated interfaces of member switches

[HUAWEI_0.Administrator-1-cluster] undo cluster-member unrelated-port ndp
# Disable NTDP on the unrelated interfaces of member switches
[HUAWEI_0.Administrator-1-cluster] undo cluster-member unrelated-port ntdp

After the previous configuration, run the display member-interface-state command on
administrator switch to check whether NDP or NTDP is disabled on unrelated interfaces of the
member switches, and you can view that success is displayed.
[HUAWEI_0.Administrator-1] display member-interface-state ndp
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------3
S3700
0004-0004-0004
10.0.0.4
success
2
S3700
0003-0003-0003
10.0.0.3
success
1
S3700
0002-0002-0002
10.0.0.2
success
[HUAWEI_0.Administrator-1] display member-interface-state ntdp
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------3
S3700
0004-0004-0004
10.0.0.4
success
2
S3700
0003-0003-0003
10.0.0.3
success
1
S3700
0002-0002-0002
10.0.0.2
success
----End
Configuration Files
l

#
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
Issue 01 (2011-10-26)

206

build HUAWEI
ftp-server 2.0.0.1
sftp server 2.0.0.2
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return

#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return

#
sysname Member-2
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return
Issue 01 (2011-10-26)

207


#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
ntdp enable
ndp enable
#
cluster
mngvlanid 10
#
return
Issue 01 (2011-10-26)

208

4 NTP Configuration
NTP Configuration
About This Chapter

This chapter describes how to configure Network Time Protocol (NTP) to make clocks of the
devices on the network identical.
4.1 Introduction to NTP
This part describes the application and working principles of NTP.
4.2 NTP Supported by the S3700
This part describes NTP operating modes supported by the S3700.
4.3 Configuring Basic NTP Functions
This section describes how to configure basic NTP functions, including the NTP operating
modes.
4.4 Configuring NTP Security Mechanisms
This section describes how to configure NTP security mechanisms to guarantee reliable clock
synchronization on networks demanding high security.
4.5 Maintaining NTP
This section describes how to debug NTP through the debugging command in case of an NTP
operation fault.
This section provides several configuration examples of NTP.
Issue 01 (2011-10-26)

209

4 NTP Configuration
4.1 Introduction to NTP

This part describes the application and working principles of NTP.
NTP(Network Time Protocol) aims to synchronizing clocks of all devices in a network. It keeps
all the clocks of these devices consistent, and enables devices to implement various applications
based on the uniform time.
Any local system that runs NTP can be time synchronized by other clock sources, and also
functions as a clock source to synchronize other clocks. In addition, mutual synchronization can
be performed by exchanging NTP packets.
NTP packets are encapsulated in UDP packets for transmission and the port used by the NTP
protocol is 123.
NTP Application
NTP is applied to the following situations where all the clocks of hosts or switchs in a network
need to be consistent:
l
Network management: Analysis on logs or debugging information collected from different

switchs should be performed based on time.
Charging system: requires the clocks of all devices to be consistent.
Completing certain functions: For example, timing restart of all the switchs in a network
requires the clocks of all the switchs be consistent.
Several systems working together on the same complicate event: Systems have to take the
same clock for reference to ensure a proper sequence of implementation.
Incremental backup between the backup server and clients: Clocks on the backup server
and clients should be synchronized.
When all the devices on a network need to be synchronized, it is almost impossible for an
administrator to manually change the system clock by executing command lines. This is because
the work load is heavy and clock accuracy cannot be ensured. NTP can quickly synchronize the
clocks of network devices and ensure their precision.
NTP has the following advantages:
l
Defining clock accuracy by means of stratum to synchronize the time of network devices
in a short time
Supporting access control and MD5 authentication
Transmitting packets in unicast, multicast, or broadcast mode
Principles of NTP
Figure 4-1 shows the principles of NTP. Switch A and Switch B are connected through a WAN.
They both have their own system clocks. NTP implements automatic synchronization of their
clocks.
Suppose:
l
Issue 01 (2011-10-26)
Before the system clocks of Switch A and Switch B are synchronized, the clock of Switch
A is set to 10:00:00 am and the clock of Switch B is set to 11:00:00 am.
210

4 NTP Configuration
Switch B functions as an NTP time server. That is, Switch A synchronizes its clock with
that of Switch B.
One-way transmission of data packets between Switch A and Switch B takes one second.
Processing of data packets on the Switch A or theSwitch B takes one second.
Figure 4-1 NTP basic principle diagram
NTP packet 10:00:00am
Step 1:
Network
SwitchA
SwitchB
NTP packet 10:00:00am
Step 2:
11:00:01am
Network
SwitchA
SwitchB
NTP packet 10:00:00am 11:00:01am 11:00:02am
Step 3:
Network
SwitchA
SwitchB
NTP packet received at

10:00:03
Step 4:
Network
SwitchA
SwitchB
The process of synchronizing system clocks is as follows:

1.
Switch A sends an NTP packet to Switch B. The packet carries the originating timestamp
when it leaves Switch A, which is 10:00:00 am (T1).
2.
When the NTP packet reaches Switch B, Switch B adds its receiving timestamp to the NTP
packet, which is 11: 00:01 am (T2).
3.
When the NTP packet leaves Switch B, Switch B adds its transmitting timestamp to the
NTP packet, which is 11:00:02 am (T3).
4.
When Switch A receives the response packet, it adds a new receiving timestamp to it, which
is 10:00:03 am (T4).
Issue 01 (2011-10-26)

211

4 NTP Configuration
Switch A uses the received information to calculate the following two important values:
l Delay for the NTP message cycle: Delay = (T4 - T1) - (T3 - T2).
l Offset of Switch A relative to Switch B: Offset = ((T2 - T1) + (T3 - T4))/2.
According to the delay and the offset, Switch A sets its own clock again to synchronize
with the clock of Switch B.
The preceding example is only a simple description of the NTP operating principle. As
described in RFC 1305, NTP uses a complex algorithm to ensure the precision of clock
synchronization.
The server and client are two relative concepts. The device that provides standard time is
referred to as a time server, and the device that enjoys the time service is referred to as a
client.
4.2 NTP Supported by the S3700

This part describes NTP operating modes supported by the S3700.
The switch supports the following NTP working modes
l
Unicast Server/Client Mode
Peer Mode
Broadcast Mode
Multicast Mode
Unicast Server/Client Mode

In this mode, you need to configure only the client. The server needs to be configured with only
one NTP primary clock.
Note that the client can be synchronized to the server but the server cannot be synchronized to
the client.
After the configuration:
1.
The client sends a synchronization request packet to the server, with the mode field being
set to 3. The value 3 indicates the client mode.
2.
Upon receiving the request packet, the server automatically works in the server mode and
sends a response packet with the mode field being set to 4. The value 4 indicates the server
mode.
3.
After receiving the response packet, the client performs clock filtering and selection, and
finally, is synchronized with the optimal server.
Peer Mode
In this mode, you need to configure NTP only on the symmetric active end. The symmetric active
end and symmetric passive end can be synchronized with each other.
Note that the clock with a lower stratum is synchronized to the one with a higher stratum.
After the configurations:
Issue 01 (2011-10-26)

212

4 NTP Configuration
The symmetric active end sends a synchronization request packet to the symmetric passive
end with the mode field being set to 1. The value 1 indicates the symmetric active mode.
Upon receiving the request packet, the symmetric passive end automatically works in
symmetric passive mode and sends a response packet with the mode field being set to 2.
The value 2 indicates the symmetric passive mode.
Broadcast Mode
In this mode, you need to configure both the server and the client.
l
The server periodically sends clock synchronization packets to the broadcast address
255.255.255.255.
The client senses broadcast packets from the server.
After receiving the first broadcast packet, to estimate the network delay, the client enables
a temporary server/client model for exchanging messages with the remote server.
The client then works in broadcast client mode, and continues to sense the incoming
broadcast packets to synchronize the local clock.
Multicast Mode
In this mode, you need to configure both the server and the client.
l
The server periodically sends clock synchronization packets to the multicast address
224.0.1.1.
The client senses multicast packets from the server.
After receiving the first multicast packet, to estimate the network delay, the client enables
a temporary server/client model for exchanging messages with the remote server.
The client works in multicast client mode, and continues to sense the incoming multicast
packets to synchronize the local clock.
4.3 Configuring Basic NTP Functions

This section describes how to configure basic NTP functions, including the NTP operating
modes.

Before configuring basic NTP functions, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
NTP has the following operation modes:
l
Issue 01 (2011-10-26)
Server/client mode
213

Peer mode
Broadcast mode
Multicast mode
4 NTP Configuration
In actual applications, a proper operation mode needs to be selected according to the networking
topology to meet various clock synchronization requirements.
For the unicast server/client mode and the peer mode, all the NTP packets sent locally can have
the same interface IP address as the source IP address.
Before configuring basic functions of NTP, you need to complete the following tasks:
l
Configuring the link layer protocol for the interface
Configuring an IP address and a routing protocol for the interface to ensure that NTP packets
can reach destinations
Data Preparation
To configure basic functions of NTP, you need the following data.
No.
Data
Primary NTP clock and its stratum
Interfaces to send and receive NTP packets
NTP version
Preparing the data according to the operation mode

l Server/client mode: IP address of the server and the VPN instance that the server
belongs to
l Peer mode: IP address of the symmetric passive end and the VPN instance that it
belongs to
l Broadcast mode: interfaces to send and receive broadcast NTP packets and the
maximum sessions set up dynamically on the client
l Multicast mode: IP address of the multicast group, the TTL value of the multicast
packets, the interfaces to send and receive the multicast packets, and the maximum
number of the session dynamically set up on the client
Interface disabled from receiving NTP packets
4.3.2 Configuring the NTP Primary Clock

The stratum configured for the master clock on the server must be lower than the stratum
configured for the clock on the client. Otherwise, the clock on the client cannot synchronize with
the master clock on the server.
Issue 01 (2011-10-26)

214

4 NTP Configuration
Context
If you want to configure a switch to provide a primary NTP clock, do as follows on the switch
functioning as the NTP server.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ntp-service refclock-master [ ip-address ] [ stratum ]
A primary NTP server is displayed.

ip-address is the IP address of the local reference clock. Its value is 127.127.t.u. Here, "t" ranges
from 0 to 37. Currently, "t" can be only 1, indicating the local reference clock. "u" indicates the
NTP process number, ranging from 0 to 3.
When no IP address is specified, the local clock whose IP address is 127.127.1.0 functions as
the primary NTP clock by default, with the stratum being 8.
----End
4.3.3 Configuring the Unicast Server/Client Mode

In C/S mode, the clock on the client synchronizes with the master clock on the server.
Context
Commonly, specify the IP address of the NTP server on the client. The client and server can
then exchange NTP packets using this IP address.
If the source interface to send NTP packets is specified on the server, the IP address of the server
configured on the client should be the same; otherwise, the client cannot process NTP packets
sent from the server and clock synchronization fails.
Procedure
l
Configuring the NTP Client

Do as follows on the switch functioning as a client:
1.
Run:
system-view

2.
(Optional) Run:
ntp-service source-interface vlanif vlan-id
The local source interface that receives the NTP packet is configured.
3.
Run:
ntp-service unicast-server ip-address [ version number | authenticationkeyid key-id | source-interface interface-type interface-number |
preference ] *
Issue 01 (2011-10-26)

215

4 NTP Configuration
The IP address of the NTP server is configured.

Step 2 is optional. If source-interface is specified in Step 3, use it preferentially.
ip-address is the IP address of the NTP server. It can be the IP address of the host
rather than a broadcast address, a multicast address, or the IP address of the reference
clock.
NOTE
When the unicast NTP server is specified, the local switch functions as the client automatically.
The server needs to be configured with only a primary clock.
(Optional) Configuring the Source Interface for the NTP Server to Send NTP Packets
Do as follows on the switch working as a client:
1.
Run:
system-view

2.
Run:
The local source interface that sends NTP packets is specified.

Commonly, specify the IP address of the NTP server on the client. The client and
server can then exchange NTP packets using this IP address
If the source interface to send NTP packets is specified on the server, the IP address
of the server configured on the client should be the same; otherwise, the client cannot
process NTP packets sent from the server and clock synchronization fails.
----End
4.3.4 Configuring the Peer Mode

This part describes how to configure the NTP peer mode. In this mode, clocks on the two peers
synchronize with each other. Each side can send the clock synchronization request message to
the peer and reply the clock synchronization request message from the peer.
Procedure
l
Configuring the NTP Symmetric Active End

1.
Run:
system-view

2.
(Optional) Run:

3.
Run:
ntp-service unicast-peer ip-address [ version number | authenticationkeyid key-id | source-interface interface-type interface-number |
preference ] *
The NTP peer is configured.

Issue 01 (2011-10-26)

216

4 NTP Configuration
Step 2 is optional. If source-interface is specified in both Step 2 and Step 3, use the
source interface specified in Step 3 preferentially.
ip-address is the IP address of the NTP peer. It can be the IP address of a host address
rather than a broadcast address, a multicast address, or the IP address of the reference
clock.
NOTE
After the NTP peer is specified, the local switch runs in symmetric active mode. The symmetric
passive end need not be configured.
(Optional) Configuring the Source Interface of the NTP Symmetric Passive End
1.
Run:
system-view

2.
Run:

Commonly, specify the IP address of the NTP server on the client. The client and
server can then exchange NTP packets using this IP address
If the source interface to send NTP packets is specified on the symmetric active end,
the IP address of the NTP peer configured on the symmetric passive end should be
the same; otherwise, the passive end cannot process NTP packets sent from the active
end and clock synchronization fails.
----End
4.3.5 Configuring the Broadcast Mode

This part describes how to configure the NTP broadcast mode on the LAN to synchronize clocks
on the LAN.
Procedure
l
Configuring an NTP Broadcast Server

Do as follows on the switch functioning as an NTP broadcast server:
1.
Run:
system-view

2.
Run:
vlan vlan-id

3.
Run:
The interface that sends NTP broadcast packets is specified.

4.
Run:
ntp-service broadcast-server [ authentication-keyid key-id | version
number ]*
Issue 01 (2011-10-26)

217

4 NTP Configuration
The local switch is set as an NTP broadcast server.

After the configurations, the local switch periodically sends the clock synchronization
packets to the broadcast address 255.255.255.255.
NOTE
Broadcast mode can be used only in the same LAN.
Configuring an NTP Broadcast Client

Do as follows on the switch functioning as an NTP broadcast client:
1.
Run:
system-view

2.
(Optional) Run:
ntp-service max-dynamic-sessions number
The number of local sessions allowed to be set up dynamically is set.

3.
Run:
vlan vlan-id

4.
Run:
The interface that receives NTP broadcast packets is specified.

5.
Run:
ntp-service broadcast-client
The local switch is configured as an NTP broadcast client.

Step 2 is optional. By default, a maximum of 100 NTP sessions can be set up
dynamically.
After the configurations, the local switch senses the broadcast NTP packets sent from
the server and synchronizes the local clock.
Running the ntp-service max-dynamic-sessions command does not affect the
existence of NTP sessions. When the number of the sessions reaches or exceeds the
maximum, the new session cannot be set up further.
----End
4.3.6 Configuring the Multicast Mode

This part describes how to configure the NTP multicast mode to synchronize clocks in a multicast
domain.
Procedure
l
Configuring an NTP Multicast Server

Do as follows on the switch functioning as an NTP multicast server:
1.
Run:
system-view
Issue 01 (2011-10-26)

218

4 NTP Configuration

2.
Run:
vlan vlan-id

3.
Run:
The interface that sends NTP multicast packets is specified.

4.
Run:
ntp-service multicast-server [ ip-address ] [ authentication-keyid key-id
| ttl ttl-number | version number ] *
The local switch is set to be an NTP multicast server.

After the configurations, the local switch periodically sends clock synchronization
packets to the multicast address 224.0.1.1.
l
Configuring an NTP Multicast Client

Do as follows on the switch functioning as an NTP multicast client:
1.
Run:
system-view

2.
(Optional) Run:
The number of local sessions allowed to be set up dynamically is set.

3.
Run:
vlan vlan-id

4.
Run:
The interface that receives NTP multicast packets is specified.

5.
Run:
ntp-service multicast-client [ ip-address ]
The local switch is set to be an NTP multicast client.

Step 2 is optional. By default, up to 100 NTP sessions can be set up dynamically.
After the configurations, the local switch senses the multicast NTP packets sent from
the server and synchronizes the local clock.
Running the ntp-service max-dynamic-sessions command does not affect the
existence of NTP sessions. When the number of the sessions reaches or exceeds the
maximum, the new session cannot be set up further.
----End
4.3.7 Disabling the Interface From Receiving NTP Packets

To prevent a host on the LAN from synchronizing the clock on the specified server, you can
disable the specified interface on the host from receiving NTP packets.
Issue 01 (2011-10-26)

219

4 NTP Configuration
Context
Do as follows on the switch that needs to be disabled from receiving NTP packets.
Procedure
Step 1 Run:
system-view

Step 2 Run:
vlan vlan-id

Step 3 Run:
The interface that receives NTP packets is specified.

Step 4 Run:
ntp-service in-interface disable
The interface on the switch is disabled from receiving NTP packets.

----End
4.3.8 (Optional) Setting the Maximum Number of Dynamic NTP

Sessions
Context
Do as follows on the S3700 that functions as a client.
Procedure
Step 1 Run:
system-view

Step 2 Run:
The maximum number of dynamic NTP sessions is set.

----End

After basic NTP functions are configured, you can view the configuration.
Prerequisite
The configurations of the Basic NTP Functions are complete.
Issue 01 (2011-10-26)

220

4 NTP Configuration
Procedure
l
Run the display ntp-service status command to view the status of the NTP service.
Run the display ntp-service sessions [ verbose ] command to view the status of NTP
sessions.
Run the display ntp-service trace command to view the summary information on each
passing NTP server when tracing from the local device to the reference clock source.
----End
Example
<Quidway> display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 10.00 ms
reference time: 15:51:36.259 UTC Apr 25 2010(C6179088.426490A3)
Run the display ntp-service sessions [ verbose ] command to view the status of NTP sessions.
<Quidway> display ntp-service sessions
source
reference
stra reach poll now offset delay
disper
********************************************************************************
[12345]127.127.1.0
LOCAL(0)
7
1
64
2
0.0
15.6
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured,
6 vpn-instance
Run the display ntp-service trace command to view the summary information on each passing
NTP server when tracing from the local device to the reference clock source.
<Quidway> display ntp-service trace
server 127.0.0.1,stratum 5, offset 0.024099,
refid 127.127.1.0
synch
synch
synch
synch
distance
distance
distance
distance
0.06337
0.04575
0.03075
0.01096
4.4 Configuring NTP Security Mechanisms

This section describes how to configure NTP security mechanisms to guarantee reliable clock
synchronization on networks demanding high security.

Before configuring NTP security mechanisms , familiarize yourself with the applicable
Issue 01 (2011-10-26)

221

4 NTP Configuration
NTP supports two security mechanisms: access authority and NTP authentication.
l
Access authority
Access authority is a type of simple security method provided by the S3700 to protect local
NTP services.
The S3700 provides four access authority levels. When an NTP access request packet
reaches the local end, it is matched in an order from the minimum access authority to the
maximum access authority. The first matched authority level takes effect. The matching
order is as follows:
peer: indicates the minimum access authority. The remote end can send the request of
the local time and the control query to the local end. The local clock can also be
synchronized with that of the remote server.
server: indicates the remote end can perform the time request and control query to the
local end but the local clock cannot be synchronized with that of the remote end.
synchronization: indicates that the remote end can perform only the time request to the
local end.
query: indicates the maximum access authority. The remote end can perform only the
control query to the local end.
NTP authentication
NTP authentication is required in some networks with high security demands.
The configuration of NTP authentication involves configuring NTP authentication on both
the client and the server.
During the configuration of NTP authentication, pay attention to the following rules:
Configure NTP authentication on both the client and the server; otherwise, the
authentication does not take effect.
If NTP authentication is enabled, a reliable key needs to be configured at the same time.
The authentication key configured on the server and that on the client should be
consistent.
In NTP peer mode, the symmetric active end equals the client, and the symmetric passive
end equals the server.
Before configuring NTP security mechanisms, complete the following tasks:
l
Configuring the link layer protocol on the interface
Configuring the network layer address and routing protocol to make the server and client
reachable
Configuring ACL rules if the access authority is configured
Data Preparation
To configure NTP security mechanisms, you need the following data.
Issue 01 (2011-10-26)

222

4 NTP Configuration
No.
Data
ACL rules
Shared key and its ID that are used in NTP authentication
NTP primary clock and its stratum
Interfaces that send and receive NTP packets
NTP version
Preparing the following data according to the NTP operation mode:

l Server/client mode: IP address of the server and the VPN instance the server
belongs to
l Peer mode: IP address of the symmetric passive end and the VPN instance it
belongs to
l Broadcast mode: interfaces to send and receive broadcast NTP packets and the
maximum number of the sessions set up dynamically on the client
l Multicast mode: IP address of the multicast group and the TTL values of the
multicast packets
4.4.2 Setting NTP Access Authorities

When receiving an access request packet, the NTP server matches the request packet with the
access authority in descending order (from peer, server, synchronization to query). The first
matched authority takes effect.
Context
Do as follows on the switch.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ntp-service access { peer | query | server | synchronization } acl-number
Access authority for the NTP service on the local switch is configured.
You can configure the ntp-service access command depending on the actual situations.
Table 4-1 shows the detailed NTP access authorities.
Issue 01 (2011-10-26)

223

4 NTP Configuration
Table 4-1 Description of the NTP access authorities

NTP Operation Mode
Limited NTP Query
Supported Devices
Unicast NTP server/client

mode
Synchronizing the client with

the server
Client
Unicast NTP server/client

mode
Clock synchronization
request from the client
Server
NTP peer mode
Clock synchronization with

each other
Symmetric active end
NTP peer mode
Clock synchronization
request from the active end
Symmetric passive end
NTP multicast mode

the server
NTP multicast client
NTP broadcast mode

the server
NTP broadcast client
----End
4.4.3 Enabling NTP Authentication

This part describes how to set NTP Autokey authentication on the device.
Context
NTP client synchronizes to authenticated NTP servers to ensure that time service is reliable
across the network. Authentication prevents the modification of NTP message data from
malicious network attacks.
Do as follows on the switch.
Procedure
l
Configuring NTP MD5 autentication

NOTE
l Configure the same authentication key on the server and client and affirm that the key is reliable;
otherwise, NTP authentication fails.
l Enable NTP authentication before performing actual authentication.
1.
Run:
system-view

2.
Run:
ntp-service authentication enable
NTP authentication is enabled.

3.
Run:
ntp-service authentication-keyid key-id authentication-mode md5 password
Issue 01 (2011-10-26)

224

4 NTP Configuration
The NTP authentication key is configured.

4.
Run:
ntp-service reliable authentication-keyid key-id
The authentication key is declared to be reliable.

----End
4.4.4 Configuring NTP Authentication in Unicast Server/Client

Mode
By configuring the authentication key ID used in the synchronization with the specific NTP
server on the NTP client, you can apply NTP authentication in C/S mode.
Context
Do as follows on the switch that functions as an NTP unicast client.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ntp-service unicast-server ip-address [ [ authentication-keyid key-id ] |
[ version number ] | [ source-interface interface-type interface-number ]
[ preference ] ]*
The ID of the authentication key used for the synchronization of the server and client clocks is
configured.
----End
4.4.5 Configuring NTP Authentication in Peer Mode

By configuring the authentication key ID used in the synchronization with the peer on the local
end, you can apply NTP authentication in peer mode.
Context
Do as follows on the switch that functions as the symmetric active end.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ntp-service unicast-peer ip-address [ version number | authentication-keyid key-id
| source-interface interface-type interface-number | preference ] *
Issue 01 (2011-10-26)

225

4 NTP Configuration
The ID of the authentication key used for the synchronization of the clocks on the NAT peer is
configured.
----End
4.4.6 Configuring NTP Authentication in Broadcast Mode

By configuring the authentication key ID used in the synchronization with the NTP broadcast
server on the local switch, you can apply NTP authentication in broadcast mode.
Context
Do as follows on the switch that functions as an NTP broadcast server.
Procedure
Step 1 Run:
system-view

Step 2 Run:
vlan vlan-id

Step 3 Run:
The interface that receives NTP broadcast packets is specified.

Step 4 Run:
ntp-service broadcast-server [ authentication-keyid key-id | version number ] *
The ID of the authentication key used by the NTP broadcast server is configured.
For configuring the broadcast client, see Configuring the Broadcast Mode.
----End
4.4.7 Configuring NTP Authentication in Multicast Mode

By configuring the authentication key ID used in the synchronization with the NTP multicast
server on the local switch, you can apply NTP authentication in multicast mode.
Context
Do as follows on the switch that functions as an NTP multicast server.
Procedure
Step 1 Run:
system-view

Step 2 Run:
Issue 01 (2011-10-26)

226

4 NTP Configuration
vlan vlan-id

Step 3 Run:
The interface to send multicast NTP packets is specified.

Step 4 Run:
ntp-service multicast-server [ authentication-keyid key-id | version number ]*
The ID of the authentication key used by the NTP multicast server is configured.
For configuring the multicast client, see Configuring the Broadcast Mode.
----End

After NTP security mechanisms are configured, you can view the configuration.
Prerequisite
The configurations of the NTP Security Mechanisms are complete.
Procedure
l
Run the display ntp-service sessions [ verbose ] command to view the status of NTP
sessions.
----End
Example
<Quidway> display ntp-service status
clock stratum: 2
root delay: 0.00 ms
reference time: 15:51:36.259 UTC Apr 25 2010(C6179088.426490A3)
Run the display ntp-service sessions [ verbose ] command to view the status of NTP sessions.
<Quidway> display ntp-service sessions
source
reference
stra reach poll now offset delay
disper
********************************************************************************
[12345]127.127.1.0
LOCAL(0)
7
1
64
2
0.0
15.6
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured,
6 vpn-instance
Issue 01 (2011-10-26)

227

4 NTP Configuration
4.5 Maintaining NTP

This section describes how to debug NTP through the debugging command in case of an NTP
operation fault.
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
Run the following debugging commands in the user view to debug NTP and locate the fault.
For the description about the debugging commands, refer to the Quidway S3700 Series Ethernet
Switches Command Reference.
Procedure
Step 1 Run the debugging ntp-service { access | adjustment | all | authentication | event | filter |
packet | parameter | refclock | selection | synchronization | validity } to enable NTP
debugging.
----End

This section provides several configuration examples of NTP.
4.6.1 Example for Configuring NTP Authentication in Unicast

Client/Server Mode
Figure 4-2 shows the diagram of NTP.
l
Switch A functions as a unicast NTP server. The clock of Switch A is the master clock with
the stratum being 2.
Switch B functions as a unicast NTP client. Its clock needs to be synchronized with the
clock of Switch A.
Switch C and Switch D function as NTP clients of Switch B.
NTP authentication needs to be enabled.
Issue 01 (2011-10-26)

228

4 NTP Configuration
Figure 4-2 Networking diagram for configuring the unicast client/server mode
VLANIF111
10.0.0.2/24
VLANIF100
2.2.2.2/24
SwitchA
IP
Network
VLANIF110
VLANIF111
SwitchC
VLANIF111
10.0.0.1/24
1.0.1.11/24
10.0.0.3/24
SwitchB
SwitchD
1.
Configure Switch A as an NTP server and configure the master clock on Switch A.
2.
Configure Switch B as an NTP client. Switch B synchronizes its clock with the clock of
Switch A.
3.
Configure Switch C and Switch D to synchronize their clocks with the clock of Switch B.
4.
Configure NTP authentication on Switch A, Switch B, Switch C, and Switch D.

NOTE
When configuring NTP authentication in unicast client/server mode, pay attention to the following
points:
l You must enable NTP authentication on the client before specifying the IP address of the NTP
server and authentication key to be sent to the server; otherwise, NTP authentication is not
performed before clock synchronization.
l To implement authentication successfully, configure both the server and the client.
Data Preparation
l
IP address of the reference clock
Stratum count of the NTP master clock
Key ID
Password
Procedure
Step 1 Configure the IP addresses of the Switches and ensure that the routes between them are reachable.
Configure the IP addresses according to Figure 4-2 so that Switch A, Switch B, Switch C and
Switch D are routable.
The configuration procedure is not mentioned.
Issue 01 (2011-10-26)

229

4 NTP Configuration
Step 2 Configure a master NTP clock on Switch A and enable NTP authentication.
# On Switch A, set the clock as a master NTP clock with stratum being 2.
<SwitchA> system-view
[SwitchA] ntp-service refclock-master 2
# Enable NTP authentication on Switch A, configure the authentication key, and declare the key
to be reliable.
[SwitchA] ntp-service authentication enable
[SwitchA] ntp-service authentication-keyid 42 authentication-mode md5 Hello
[SwitchA] ntp-service reliable authentication-keyid 42
The authentication keys configured on the server and the client must be the same.
Step 3 Configure Switch B as the NTP server and enable the NTP authentication.
# Enable NTP authentication on Switch B, configure the authentication key, and declare the key
to be reliable.
<SwitchB>
[SwitchB]
[SwitchB]
[SwitchB]
system-view
ntp-service authentication-keyid 42 authentication-mode md5 Hello
ntp-service reliable authentication-keyid 42
# # Configure Switch A to be the NTP server of Switch B and use the authentication key.
[SwitchB] ntp-service unicast-server 2.2.2.2 authentication-keyid 42
Step 4 Specify the NTP server for Switch C.

# Configure Switch B as the NTP server of Switch C.
<SwitchC>
[SwitchC]
[SwitchC]
[SwitchC]
[SwitchC]
system-view
ntp-service
ntp-service
ntp-service
ntp-service
authentication enable
authentication-keyid 42 authentication-mode md5 Hello
reliable authentication-keyid 42
unicast-server 10.0.0.1 authentication-keyid 42
Step 5 Specify the NTP server for Switch D.

# Configure Switch B as the NTP server of Switch D.
<SwitchD>
[SwitchD]
[SwitchD]
[SwitchD]
[SwitchD]
system-view
ntp-service
ntp-service
ntp-service
ntp-service
authentication enable
authentication-keyid 42 authentication-mode md5 Hello
reliable authentication-keyid 42
unicast-server 10.0.0.1 authentication-keyid 42

After the configurations, Switch B can synchronize its clock with the clock of Switch A.
Check the NTP status of Switch B, and you can view that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch B is 3, one
stratum lower than the clock stratum of Switch A.
[SwitchB] display ntp-service status
clock stratum: 3
reference clock ID: 2.2.2.2
root delay: 31.26 ms
Issue 01 (2011-10-26)

230

4 NTP Configuration

reference time: 11:55:56.833 UTC Mar 2 2006(C7B15BCC.D5604189)
After the configurations, Switch C can synchronize its clock with the clock of Switch B.
Check the NTP status of Switch C, and you can view that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch C is 4, one
stratum lower than the clock stratum of Switch B.
[SwitchC] display ntp-service status
clock stratum: 4
Check the NTP status of Switch D, and you can see that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch C is 4, one
stratum lower than the clock stratum of Switch B.
[SwitchD] display ntp-service status
clock stratum: 4
Check the NTP status of Switch A.

[SwitchA] display ntp-service status
clock stratum: 2
root delay: 0.00 ms
reference time: 12:01:48.377 UTC Mar 2 2006(C7B15D2C.60A15981)
----End
Configuration Files
l
Configuration file of Switch A

#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 2.2.2.2 255.255.255.0
#
Issue 01 (2011-10-26)

231

4 NTP Configuration
#
ospf 1
area 0.0.0.0
network 2.2.2.0 0.0.0.255
#
ntp-service authentication-keyid 42 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service refclock-master 2
#
return
Configuration file of Switch B

#
sysname SwitchB
#
vlan batch 110 111
#
interface Vlanif110
ip address 1.0.1.11 255.255.255.0
#
interface Vlanif111
ip address 10.0.0.1 255.255.255.0
#
#
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
network 10.0.0.0 0.0.0.255
#
\#Q=^Q`MAF4<1!!
ntp-service unicast-server 2.2.2.2 authentication-keyid 42
#
return
Configuration file of Switch C

#
sysname SwitchC
#
vlan batch 111
#
interface Vlanif111
ip address 10.0.0.2 255.255.255.0
#
#
\#Q=^Q`MAF4<1!!
#
return
Issue 01 (2011-10-26)

232

4 NTP Configuration
Configuration file of Switch D

#
sysname SwitchD
#
vlan batch 111
#
interface Vlanif111
ip address 10.0.0.3 255.255.255.0
#
#
\#Q=^Q`MAF4<1!!
#
return
4.6.2 Example for Configuring the Common NTP Peer Mode

As shown in Figure 4-3, three Switches reside on the LAN.
l
The clock of Switch C is the master clock and the clock stratum is 2.
Switch C is the NTP server of Switch D. That is, Switch D is the client.
Switch D is the passive peer of Switch E. That is, Switch E is the active end.
Figure 4-3 Networking diagram for configuring the NTP peer mode
SwitchC
Ethernet0/0/1
3.0.1.31/24
Ethernet0/0/1
3.0.1.33/24
SwitchE
Ethernet/0/01
3.0.1.32/24
SwitchD
1.
Configure the clock on Switch C as the master clock. The clock on Switch D should be
synchronized to the clock on Switch C.
2.
Configure Switch E and Switch D as the NTP peers so that Switch E should send clock
synchronization requests to Switch D.
Issue 01 (2011-10-26)

233

3.
4 NTP Configuration
The clocks on Switch C, Switch D and Switch E can be synchronized.
Data Preparation
l
IP address of Switch C
IP address of Switch D
Procedure
Step 1 Configure IP addresses for Switch C, Switch D, and Switch E.
Configure an IP address for each interface according to Figure 4-3. After configurations, the
three Switches can ping each other.
The configuration procedure is not mentioned.
Step 2 Configure the unicast NTP client/server mode.
# On Switch C, set the clock as a master NTP clock with stratum being 2.
<SwitchC> system-view
[SwitchC] ntp-service refclock-master 2
# Configure Switch C as the NTP server of Switch D.

<SwitchD> system-view
[SwitchD] ntp-service unicast-server 3.0.1.31
After the configurations, the clock of Switch D is synchronized with the clock of Switch C.
This means that the synchronization is complete. The stratum of the clock of Switch D is 3, one
stratum lower than the clock stratum of Switch C.
clock stratum: 3
reference time: 06:52:33.465 UTC Mar 7 2006(C7B7AC31.773E89A8)
Step 3 Configure the unicast NTP peer mode.

# Configure Switch D as the passive peer of Switch E.
<SwitchE> system-view
[SwitchE] ntp-service unicast-peer 3.0.1.32
No master clock is configured on Switch E, so the clock on Switch E should be synchronized

to the clock on Switch D.
View the status of Switch E after clock synchronization.
Issue 01 (2011-10-26)

234

4 NTP Configuration
Check the NTP status of Switch E, and you can see that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch E is 4, one
stratum lower than the clock stratum of Switch D.
[SwitchE] display ntp-service status
clock stratum: 4
reference time: 06:55:50.784 UTC Mar 7 2006(C7B7ACF6.C8D002E2)
----End
Configuration Files
l

#
sysname SwitchC
#
vlan batch 100
#
interface Vlanif100
ip address 3.0.1.31 255.255.255.0
#
#
#
return

#
sysname SwitchD
#
vlan batch 100
#
interface Vlanif100
ip address 3.0.1.32 255.255.255.0
#
#
ntp-service unicast-server 3.0.1.31
#
return
Configuration file of Switch E

#
sysname SwitchE
#
vlan batch 100
#
interface Vlanif100
ip address 3.0.1.33 255.255.255.0
#
Issue 01 (2011-10-26)

235

4 NTP Configuration

#
ntp-service unicast-peer 3.0.1.32
#
return
4.6.3 Example for Configuring NTP Authentication in Broadcast

Mode
As shown in Figure 4-4,
l
Switch C and Switch D are on the same network segment; Switch A is on another network
segment; Switch F connects the two network segments.
As the NTP broadcast server, Switch C uses the local clock as the NTP master clock, which
is a stratum-3 clock. Switch C sends broadcast packets through VLANIF10, namely,
Ethernet0/0/1.
Switch D uses VLANIF10, namely, Ethernet0/0/1, to listen to the broadcast packets.
Switch A uses VLANIF20, namely, Ethernet0/0/1, to listen to the broadcast packets.
NTP authentication needs to be enabled.
Figure 4-4 Networking diagram for configuring the NTP broadcast mode
Ethernet0/0/1
VLANIF10
3.0.1.31/24
Ethernet
0/0/1
SwitchA
Ethernet
0/0/1
Ethernet
0/0/2
SwitchC
VLANIF10 Ethernet0/0/1
VLANIF20 VLANIF20
SwitchF3.0.1.2/24
1.0.1.11/24 1.0.1.2/24
VLANIF10
3.0.1.32/24
SwitchD
1.
Configure Switch C as the NTP broadcast server.
2.
Configure Switch A and Switch D as the NTP broadcast clients.
3.
Configure NTP authentication on Switch A, Switch C, and Switch D.
Data Preparation
Issue 01 (2011-10-26)

236

IP address of each interface
IDs of VLANs to which the interfaces belong
Authentication key and key ID
4 NTP Configuration
Procedure
Step 1 Configure the IP addresses of the Switches.
Configure the IP address of each interface according to Figure 4-4.
# Configure the IP address of the VLANIF interface on Switch C.
[SwitchC] vlan 10
[SwitchC-Vlan10] quit
[SwitchC] interface ethernet 0/0/1
[SwitchC-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchC-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchC-Ethernet0/0/1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10]ip address 3.0.1.31 24
[SwitchC-Vlanif10]quit
# Configure the IP address of the VLANIF interface on Switch D.

[SwitchD] vlan 10
[SwitchD-Vlan10] quit
[SwitchD] interface ethernet 0/0/1
[SwitchD-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchD-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchD-Ethernet0/0/1] quit
[SwitchD] interface vlanif 10
[SwitchD-Vlanif10] ip address 3.0.1.32 24
[SwitchD-Vlanif10] quit
# Configure the IP address of the VLANIF interface on Switch F.

<SwitchF> system-view
[SwitchF] vlan 10
[SwitchF-Vlan10] quit
[SwitchF] interface ethernet 0/0/2
[SwitchF-Ethernet0/0/2] port hybrid pvid vlan 10
[SwitchF-Ethernet0/0/2] port hybrid untagged vlan 10
[SwitchF-Ethernet0/0/2] quit
[SwitchF] interface vlanif 10
[SwitchF-Vlanif10] ip address 3.0.1.2 24
[SwitchF-Vlanif10] quit
[SwitchF] vlan 20
[SwitchF-vlanif20] ip address 1.0.1.2 24
[SwitchF-vlanif20] quit
# Configure the IP address of the VLANIF interface on Switch A.

[SwitchA] vlan 20
[SwitchA-Vlan20] quit
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 20
Issue 01 (2011-10-26)

237

4 NTP Configuration
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 20

[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface vlanif 20
[SwitchA-vlanif20] ip address 1.0.1.11 24
[SwitchA-vlanif20] quit
Step 2 Configure the routes between them are reachable.The configuration procedure is not mentioned.
Step 3 Configure the NTP broadcast server and enable NTP authentication.
# Configure the clock of Switch C as the NTP master clock with the stratum being 3.
# Enable NTP authentication.

[SwitchC] ntp-service authentication enable
[SwitchC] ntp-service authentication-keyid 16 authentication-mode md5 Hello
[SwitchC] ntp-service reliable authentication-keyid 16
# Configure Switch C as an NTP broadcast server. Broadcast packets are encrypted by using the
authentication key ID 16 and then sent through VLANIF10.
[SwitchC-vlanif10] ntp-service broadcast-server authentication-keyid 16
[SwitchC-vlanif10] quit
Step 4 Configure Switch D, which resides on the same network segment with the server.
<SwitchD>
[SwitchD]
[SwitchD]
[SwitchD]
system-view
ntp-service authentication-keyid 16 authentication-mode md5 Hello
# Configure Switch D as the NTP broadcast client and configure Switch D to listen to NTP
broadcast packets through VLANIF10.
[SwitchD]interface vlanif 10
[SwitchD-vlanif10] ntp-service broadcast-client
[SwitchD-vlanif10] quit
After the configurations, the clock of Switch D is synchronized with the clock of Switch C.
Step 5 Configure Switch A, which resides on different network segment from the server.
[SwitchA] ntp-service authentication enable
[SwitchA] ntp-service authentication-keyid 16 authentication-mode md5 Hello
[SwitchA] ntp-service reliable authentication-keyid 16
# Configure Switch A as the NTP broadcast client and configure Switch A to listen to NTP
broadcast packets through VLANIF20.
[SwitchA]interface vlanif 20
[SwitchA-vlanif20] ntp-service broadcast-client

After the configurations, the clock on Switch D can be synchronized to the clock on Switch C,
but the clock on Switch A cannot be synchronized
because Switch A and Switch C are on different network segments and Switch A cannot receive
the broadcast packets sent from Switch C.
Issue 01 (2011-10-26)

238

4 NTP Configuration
clock stratum: 4
root delay: 0.00 ms
reference time: 12:17:21.773 UTC Mar 7 2006(C7B7F851.C5EAF25B)
----End
Configuration Files
l

#
sysname SwitchA
#
vlan batch 20
#
interface Vlanif20
ip address 1.0.1.11 255.255.255.0
#
#
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
#
\#Q=^Q`MAF4<1!!
#
return

#
sysname SwitchC
#
vlan batch 10
#
interface Vlanif10
ip address 3.0.1.31 255.255.255.0
ntp-service broadcast-server authentication-keyid 16
#
#
\#Q=^Q`MAF4<1!!
#
return
Issue 01 (2011-10-26)

239

4 NTP Configuration

#
sysname SwitchD
#
vlan batch 10
#
interface Vlanif10
ip address 3.0.1.32 255.255.255.0
#
#
\#Q=^Q`MAF4<1!!
#
return
Configuration file of Switch F

#
sysname SwitchF
#
vlan batch 10 20
#
interface Vlanif10
ip address 3.0.1.2 255.255.255.0
#
interface Vlanif20
ip address 1.0.1.2 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
network 3.0.1.0 0.0.0.255
#
return
4.6.4 Example for Configuring the Common NTP Multicast Mode

l
Switch C and Switch D are on the same network segment; Switch A is on another network
segment; Switch F connects the two network segments.
As the NTP multicast server, Switch C uses the local clock as the NTP master clock, which
is a stratum-2 clock. Switch C sends multicast packets through VLANIF 10, namely,
Ethernet0/0/1.
Switch D uses VLANIF 10, namely, Ethernet0/0/1, to listen to the multicast packets.
Switch A uses VLANIF 20, namely, Ethernet0/0/1, to listen to the multicast packets.
Issue 01 (2011-10-26)

240

4 NTP Configuration
Figure 4-5 Networking diagram for configuring the NTP multicast mode
Ethernet0/0/1
VLANIF10
3.0.1.31/24
Ethernet
0/0/1
SwitchA
Ethernet
0/0/1
Ethernet
0/0/2
SwitchC
VLANIF10 Ethernet0/0/1
VLANIF20 VLANIF20
SwitchF3.0.1.2/24
1.0.1.11/24 1.0.1.2/24
VLANIF10
3.0.1.32/24
SwitchD
1.
Configure Switch C as the NTP multicast server.
2.
Configure Switch A and Switch D as the NTP multicast clients.
Data Preparation
l
IP address of each interface
Procedure
Step 1 Configure the IP addresses of the Switches.
Configure the IP address of each interface according to Figure 4-5.
# Configure the IP address of the VLANIF interface on Switch C.
[SwitchC] vlan 10
[SwitchC-Vlan10] quit
[SwitchC] interface ethernet 0/0/1
[SwitchC-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchC-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchC-Ethernet0/0/1] quit
[SwitchC-Vlanif10]ip address 3.0.1.31 24
[SwitchC-Vlanif10]quit
# Configure the IP address of the VLANIF interface on Switch D.

[SwitchD] vlan 10
[SwitchD-Vlan10] quit
[SwitchD] interface ethernet 0/0/1
[SwitchD-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchD-Ethernet0/0/1] port hybrid untagged vlan 10
Issue 01 (2011-10-26)

241

4 NTP Configuration
[SwitchD-Ethernet0/0/1] quit
[SwitchD-Vlanif10] ip address 3.0.1.32 24
[SwitchD-Vlanif10] quit
# Configure the IP address of the VLANIF interface on Switch F.

<SwitchF> system-view
[SwitchF] vlan 10
[SwitchF-Vlanif10] ip address 3.0.1.2 24
[SwitchF-Vlanif10] quit
[SwitchF] vlan 20
[SwitchF-vlanif20] ip address 1.0.1.2 24
[SwitchF-vlanif20] quit
# Configure the IP address of the VLANIF interface on Switch A.

[SwitchA] vlan 20
[SwitchA-vlanif20] ip address 1.0.1.11 24
Step 2 Configure the routes between them are reachable.The configuration procedure is not mentioned.
Step 3 Configure the NTP multicast server.
# Configure the clock of Switch C as the NTP master clock with the stratum being 2.
# Configure Switch C as the NTP multicast client and configure Switch C to sense NTP multicast
packets through VLANIF10.
[SwitchC-vlanif10] ntp-service multicast-server
[SwitchC-vlanif10] quit
Step 4 Configure Switch D, which resides on the same network segment with the server.
# Configure Switch D as the NTP multicast client and configure Switch D to sense NTP multicast
[SwitchD-vlanif10] ntp-service multicast-client
[SwitchD-vlanif10] quit
Step 5 Configure Switch A, which resides on different network segment from the server.
Issue 01 (2011-10-26)

242

4 NTP Configuration
# Configure Switch A as the NTP multicast client and configure Switch A to sense NTP multicast
[SwitchA-vlanif20] ntp-service multicast-client

After the configurations, the clock on Switch D can be synchronized to the clock on Switch C,
but the clock on Switch A cannot be synchronized
because Switch A and Switch C are on different network segments and Switch A cannot receive
the multicast packets sent from Switch C.
clock stratum: 3
reference time: 17:03:32.022 UTC Apr 25 2005(C61734FD.800303C0)
----End
Configuration Files
l

#
sysname SwitchA
#
vlan batch 20
#
interface Vlanif20
ip address 1.0.1.11 255.255.255.0
ntp-service multicast-client
#
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
#
return

#
sysname SwitchC
#
vlan batch 10
#
#
interface Vlanif10
ip address 3.0.1.31 255.255.255.0
Issue 01 (2011-10-26)

243

4 NTP Configuration
ntp-service multicast-server
#
#
return

#
sysname SwitchD
#
vlan batch 10
#
interface Vlanif10
ip address 3.0.1.32 255.255.255.0
ntp-service multicast-client
#
#
Return
Configuration file of Switch F

#
sysname SwitchF
#
vlan batch 10 20
#
interface Vlanif10
ip address 3.0.1.2 255.255.255.0
#
interface Vlanif20
ip address 1.0.1.2 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
network 3.0.1.0 0.0.0.255
#
return
Issue 01 (2011-10-26)

244

5 Ping and Tracert
Ping and Tracert
About This Chapter

This chapter describes basic concepts and applications of the ping and tracert commands.
5.1 Ping
The ping command is used to check network connectivity and host reachability. The word "ping"
is derived from the sonar operation, indicating a pulse of sound.
5.2 Tracert
Tracert, also called Trace Route, is used to check the IP addresses and the number of gateways
between the source and the destination. Tracert is helpful in testing network reachability and
locating the fault on the network.
5.3 Performing Ping and Tracert Operations
This section describes the execution of the ping and tracert commands.
5.4 Debugging Ping and Tracert
This section describes how to locate faults through ICMP messages.
This section provides a configuration example of ping and tracert operations.
Issue 01 (2011-10-26)

245

5 Ping and Tracert
5.1 Ping
The ping command is used to check network connectivity and host reachability. The word "ping"
is derived from the sonar operation, indicating a pulse of sound.
Figure 5-1 shows the ping process.After you run the ping command, an Internet Control
Message Protocol (ICMP) Echo Request message is sent to the destination. The destination then
returns an ICMP Echo Reply message immediately when receiving the ICMP Echo Request
message.
Figure 5-1 Principle of the ping operation
Source
Destination
ICMP Echo Request message
ICMP Echo Reply message
Ping tests IP reachability and status of the link between the source and the destination by checking
whether the destination sends back an ICMP Echo Reply message and measuring the interval
between sending the ICMP Echo Request message and receiving the ICMP Echo Reply message.
Figure 5-2 Format of ICMP Echo Request and Echo Reply messages
0
7
Type
15
23
Checksum
Code
31
Sequence number
Identifier
Data
Figure 5-2 shows the format of ICMP Echo Request and Echo Reply messages. The length of
the Data field is a variable. You can specify the length of the Data field in the ping command.
5.2 Tracert
Tracert, also called Trace Route, is used to check the IP addresses and the number of gateways
between the source and the destination. Tracert is helpful in testing network reachability and
locating the fault on the network.
Issue 01 (2011-10-26)

246

5 Ping and Tracert
The S3700 implements tracert based on ICMP. Tracert records the gateways that the ICMP
message passes along the path between a source host and a destination. In this manner, you can
check network connectivity and locate the fault.
Figure 5-3 Principle of the tracert operation
Switch
Step 1
Step 2
Step 3
TTL=1
Router-A
Router-B
Log Host
TTL=2
TTL=3
UDP datagram
ICMP Time Exceeded message
ICMP Destination Unreachable message
Take the networking in Figure 5-3 as an example to show tracert implementation on the
S3700. On the S3700, run the tracert command. The destination IP address is the IP address of
the log host and other parameters adopt the default values.
1.
The S3700 sends a UDP datagram to the log host, with the TTL value being 1 and the
destination UDP port number being 33434.
2.
After receiving the UDP datagram from the S3700, Router-A finds that the destination IP
address carried in the datagram is not its own address. Then, Router-A reduces the TTL
value by 1. Finding that the TTL value reaches 0, Router-A sends an ICMP Time Exceeded
message to the S3700.
3.
After receiving the ICMP Time Exceeded message, the S3700 increases the TTL value and
the UDP port number in the UDP datagram by 1 respectively and then sends out the UDP
datagram again.
4.
Perform Step 2 and Step 3, the log host receives the UDP datagram from the S3700.
5.
After receiving the UDP datagram from the S3700, the log host finds that the destination
is itself. It begins to process the datagram. The log host tries to find the upper layer protocol
corresponding to the destination UDP port number carried in the datagram. In most cases,
the UDP ports whose number is greater than 30000 are not used by any protocols. Therefore,
the log host sends an ICMP Destination Unreachable message to the S3700 to notify the
source that the destination port is unreachable.
6.
After receiving the ICMP Destination Unreachable message from the log host, the S3700
knows that the UDP datagram has reached the destination and thus stops running the tracert
program.
In the preceding steps, the tracert program on the source records the IP addresses of the gateways
between the source and the destination through the ICMP Time Exceeded message mentioned
in Step 3.
5.3 Performing Ping and Tracert Operations

This section describes the execution of the ping and tracert commands.
Issue 01 (2011-10-26)

247

5 Ping and Tracert

Application Environment
The Customer Edge (CE) connected to the S3700 cannot access the Internet. You need to run
the ping and tracert commands to check network connectivity.
Before performing ping and tracert operations, complete the following tasks:
l
Checking the physical connections between the CE and the S3700
Correctly configuring an IP address for the CE device
Data Preparation
To perform ping and tracert operations, you need the following data.
No.
Data
IP address of the CE device
IP address of the gateway
5.3.2 Checking Network Connectivity Through the Ping Operation

Context
Do as follows on the S3700:
Procedure
Step 1 Run:
ping [ ip ] [ -a source-ip-address | -c count | -d | -f | -h ttl-value | -i
interface-type interface-number | -m time | -n | -p pattern | -q | -r | -s
packetsize | -t timeout | -tos tos-value | -v ] * host
Network connectivity is tested.

Only some of the parameters are specified in the preceding ping command. For details on more
parameters, refer to the Quidway S3700 Series Ethernet Switches Command Reference.
The output of the ping command is as follows:
l Response to each ICMP Echo Request message: If no Echo Reply message is received within
a certain period, a message of "Request time out" is displayed in the output. Otherwise, the
bytes of the data, the sequence number of the message, the TTL value carried in the Reply
message are displayed.
Issue 01 (2011-10-26)

248

5 Ping and Tracert
l Statistics: total number of sent and received messages, percentage of message loss, and
minimum value, average value, and maximum value of the response time.
<Quidway> ping 202.38.160.244
PING 202.38.160.244 : 56 data bytes, press CTRL_C
Reply from 202.38.160.244 : bytes=56 sequence=1
--202.38.160.244 ping statistics-5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/2/3 ms
to break
ttl=255 time
ttl=255 time
ttl=255 time
ttl=255 time
ttl=255 time
=
=
=
=
=
1ms
2ms
1ms
3ms
2ms
----End
5.3.3 Locating Faults on the Network Through the Tracert Operation

Context
Do as follows on the S3700:
Procedure
Step 1 Run:
tracert [ -a source-ip-address | -f first-ttl | -m max-ttl | -p port | -q nqueries
| -w timeout ]* host
The tracert operation is performed to locate the fault on the network.

Only some of the parameters are specified in the preceding tracert command. For details on
more parameters, refer to the Quidway S3700 Series Ethernet Switches Command Reference.
The output of the tracert command displays a list of gateways traversed between the source and
the destination hosts.
<Quidway> tracert 18.26.0.115
traceroute to 18.26.0.115 (18.26.0.115), max hops: 30 ,packet length: 40
1 128.3.112.1 (128.3.112.1) 0 ms 0 ms 0 ms
2 128.32.216.1 (128.32.216.1) 19 ms 19 ms 19 ms
3 128.32.216.1 (128.32.216.1) 39 ms 19 ms 19 ms
4 128.32.136.23 (128.32.136.23) 19 ms 39 ms 39 ms
5 128.32.168.22) (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 18.26.0.115 (18.26.0.115) 339 ms 279 ms 279 ms
----End
Issue 01 (2011-10-26)

249

5 Ping and Tracert
5.4 Debugging Ping and Tracert

This section describes how to locate faults through ICMP messages.
Context
CAUTION
Debugging affects the performance of the system. After debugging, run the undo debugging
If you run the ping or the tracert command on the two S3700s but the ping or tracert operation
fails, you can run the following command respectively on each S3700 to further locate the fault
after confirming that the physical link between the two S3700s is normal.
Procedure
Step 1 Run the debugging ip icmp command to enable ICMP packet debugging.
Through this command, you can check the transmission of ICMP messages during the running
of the ping or the tracert command and thus locate which device fails.
----End

This section provides a configuration example of ping and tracert operations.
5.5.1 Example for Performing Ping and Tracert Operations

As shown in Figure 5-4, after configuring Switch A, you check the link between Switch A and
the log host. If Switch A and the log host are disconnected, you cannot know which device fails
because there are other network devices between Switch A and the log host. To locate on which
link segment the fault occurs, you can perform ping and tracert operations.
Figure 5-4 Networking diagram of ping and tracert operations
1.1.1.2/8
2.1.1.2/8
SwitchA
Router
1.1.1.1/8
2.1.1.1/8
SwitchB
LAN switch
PC
Issue 01 (2011-10-26)
3.1.1.1/8
3.1.1.2/8
Log host

250

5 Ping and Tracert
1.
Run the ping command on Switch A to check the connectivity between Switch A and the
log host.
2.
Run the tracert command to locate the fault after you find that the link is faulty.
Data Preparation
l
IP addresses of the interfaces on Switch B (In this example, IP addresses of the interfaces
are 1.1.1.2/8 and 2.1.1.1/8.)
IP addresses of the interfaces on Router (In this example, IP addresses of the interfaces are
2.1.1.2/8 and 3.1.1.1/8.)
IP address of the log host (In this example, the IP address of the log host is 3.1.1.2/8.)
Procedure
Step 1 Run the ping command.
# Run the ping command on Switch A to check the connectivity between Switch A and the log
host.
<Quidway> ping 3.1.1.2
PING 3.1.1.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 3.1.1.2 ping statistics --5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
The display on Switch A shows that the log host is unreachable, which indicates that a fault
occurs on some link segment between Switch A and the log host.
Step 2 Run the tracert command.
# Run the tracert command on Switch A to locate which link segment fails.
<Quidway> tracert 3.1.1.2
traceroute to 3.1.1.2(3.1.1.2), max hops: 30 ,packet length: 40
1 1.1.1.2
4 ms 5 ms 5 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
...
The preceding display shows that the ICMP Echo Request message passes Switch B but does
not reach Router. It indicates that the link between Switch B and Router fails. After the link
Issue 01 (2011-10-26)

251

5 Ping and Tracert
between Switch B and Router is recovered, you can repeat Step 1 and Step 2 to ensure that Switch
A and the log host can communicate properly.
----End
Configuration Files
None.
Issue 01 (2011-10-26)

252

6 NQA Configuration
NQA Configuration
About This Chapter

This chapter describes how to configure the Network Quality Analysis (NQA) to monitor the
network operating status and collect network operation indexes in real time.
6.1 Introduction to NQA
This section helps you understand the background and functions of Network Quality Analysis
(NQA).
6.2 Comparisons Between NQA and Ping
This part describes the differences between NQA and Ping tests.
6.3 NQA Server and NQA Clients
This part describes the relationships between NQA client, NQA server, and NQA test instance.
6.4 NQA Supported by the S3700
This part describes NQA test types and scheduling modes supported by the S3700.
6.5 Configuring the ICMP Test
This section describes how to configure an Internet Control Message Protocol (ICMP) test to
check the IP network connectivity.
6.6 Configuring the FTP Download Test
This section describes how to configure a File Transfer Protocol (FTP) download test to check
the FTP download performance.
6.7 Configuring the FTP Upload Test
This section describes how to configure an FTP upload test to check the FTP upload performance.
6.8 Configuring the HTTP Test
This section describes how to configure a Hypertext Transfer Protocol (HTTP) test to check the
responding speed of the HTTP service in each phase.
6.9 Configuring the DNS Test
This section describes how to configure a Domain Name System (DNS) test to check the DNS
resolution speed.
6.10 Configuring the Traceroute Test
Issue 01 (2011-10-26)

253

6 NQA Configuration
This section describes how to configure a traceroute test to check the connectivity to each hop
on the network.
6.11 Configuring the SNMP Query Test
This section describes how to configure a Simple Network Management Protocol (SNMP) query
test to check the communications between the host and SNMP agent.
6.12 Configuring the TCP Test
This section describes how to configure a Transmission Control Protocol (TCP) test to check
the responding speed of a TCP port.
6.13 Configuring the UDP Test
This section describes how to configure a User Datagram Protocol (UDP) test to check the
responding speed of a UDP port.
6.14 Configuring the Jitter Test
This section describes how to configure a jitter test to check jitter on the network. You can
perform a jitter test only when both the client and the server are Huawei devices.
6.15 Configuring an ICMP Jitter Test
This section describes how to configure an ICMP jitter test to measure jitter on IP networks.
6.16 Configuring Universal NQA Test Parameters
This section describes how to set and use universal parameters for NQA test instances.
6.17 Configuring Round-Trip Delay Thresholds
This section describes how to set a round-trip delay transmission threshold in an NQA test
instance.
6.18 Configuring the Trap Function
This section describes how to configure the trap function in an NQA test instance. After the trap
function is configured, a trap message is sent to the NMS in case of transmission success or
transmission failure.
6.19 Maintaining NQA
This section describes how to maintain an NQA test instance. You can restart the test instance,
clear the statistics on the test result,to maintain a test instance.
This section provides several configuration examples of NQA.
Issue 01 (2011-10-26)

254

6 NQA Configuration
6.1 Introduction to NQA

This section helps you understand the background and functions of Network Quality Analysis
(NQA).
As the value-added services on networks are developed, users and carriers demand higher
Quality of Service (QoS). To ensure users with the committed bandwidth, network operators
should collect the statistics of latency, jitter, and packet loss of the device. This helps them
analyze network performance in time.
NQA on the S3700 meets the preceding requirements.
NQA measures the performance of each protocol running on the network and helps network
operators collect network operation statistics, such as the total HTTP delay, TCP connection
delay, file transfer rate, FTP connection delay, Domain Name System (DNS) resolution delay,
and DNS resolution error ratio. By collecting these statistics, network operators provide users
with network services of various grades.
NQA is an efficient tool for diagnosing and locating faults on a network.
6.2 Comparisons Between NQA and Ping

This part describes the differences between NQA and Ping tests.
NQA is the extension and enhancement of Ping.
By sending an Internet Control Message Protocol (ICMP) Echo-Request packet from the local
and expecting an ICMP Echo-Reply packet from the specified destination, the Ping program can
test the round-trip time (RTT) of an ICMP packet. In addition to testing the RRT of an ICMP
packet between the local and the desination, NQA can detect whether network services, such as
TCP, UDP, FTP, HTTP and the Simple Network Management Protocol (SNMP), are enabled
and test the response time of each service.
Figure 6-1 Diagram of the NQA test
Server
IP/MPLS
Network
NQA Client
In NQA, the RTT of each packet or timeout period of the packet is not displayed on the terminal
in real time, unlike the Ping program. Test results are displayed only when you run the display
nqa results command after a test is complete.
You can also configure the Network Management System (NM Station) to control each NQA
operation parameter and enable NQA tests.
Issue 01 (2011-10-26)

255

6 NQA Configuration
6.3 NQA Server and NQA Clients

This part describes the relationships between NQA client, NQA server, and NQA test instance.
NQA test instance and NQA Client

NQA can be used to test many items. You must create a test instance for each item and each of
these test instances is a type of NQA test.
You need to create NQA test instances on NQA clients. Each test instance has an administrator
name and an operation tag as unique identification.
In the test view, configure the related test parameters. Note that a part of parameters applies to
only certain test types whereas others apply to all the test types.
NQA Server
In most types of tests, you need to configure only the NQA clients. In TCP, UDP, and Jitter tests,
however, you must configure the NQA server.
An NQA server processes the test packets received from the clients. As shown in Figure 6-2,
the NQA server responds to the test request packet received from the client through the
monitoring function.
Figure 6-2 Relationship between the NQA client and the NQA server
IP/MPLS
Network
NQA Server
NQA Client
You can create multiple TCP or UDP monitoring services on an NQA server. Each monitoring
service corresponds to a specific destination address and a port number. The destination address
and port number can be repeatedly specified.
Performing NQA Tests

After being configured with the destination address and the port number, the NQA server can
respond to test request packets. The IP address and port number specified in the monitoring
service must be consistent with those configured on the clients.
After creating a test group and configuring the related parameters, you must enable the NQA
test by using the start command and the display nqa results command to view test results.
6.4 NQA Supported by the S3700

This part describes NQA test types and scheduling modes supported by the S3700.
Issue 01 (2011-10-26)

256

6 NQA Configuration
Features Provided by NQA

l
Cooperates with the NM Station:

The NM Station can completely manage all NQA functions.
Supports the NQA MIB.
Supports the Disman-traceroute-MIB.
Supports the Disman-NSLookUp-MIB.
Supports the Disman-ping-MIB.
Jitter tests support the continuous sending of 3000 packets and support voice traffic
simulation.
Supports statistics collection at the millisecond level.
Supports hot backup:

This function implements the synchronization of the configurations of NQA tests between
the master control board and the slave board. Therefore, after the master/slave switchover,
NQA tests can be performed normally.
Jitter tests support the continuous sending of 3000 packets and support voice traffic
simulation.
Supports 2000 tests.
Supports statistics collection at the millisecond level.
Supports hot backup:

This function implements the synchronization of the configurations of NQA tests between
the master control board and the slave board. Therefore, after the master/slave switchover,
NQA tests can be performed normally.
Supports test task scheduling:

Implements the scheduling of test tasks to decrease the concurrent tasks on the device.
Supports the configuration of different start time and end time for a single test:
Supports three modes of starting tests: immediate, timely, and delayed.
Supports several modes of ending tests: automatic, immediate, timely, delayed, and
ending the test when the lifetime of the test expires.
Supports auto distributing the start time and the test interval when several tests are
performed at a time.
Supports the auto-delay function, with which the system resources can be effectively
utilized so that tests can be completed within a specified period.
Supports the collection of the uni-directional delay statistics and bi-directional delay
statistics. In addition, you can set a threshold and enable collecting statistics about the
packets in the test results that exceed the threshold.
Supports the collection of statistics on packet loss in one direction.
Supports test task scheduling:

Implements the scheduling of test tasks to decrease the concurrent tasks on the device.
Supports the configuration of different start time and end time for a single test:
Supports three modes of starting tests: immediate, timely, and delayed.
Supports several modes of ending tests: automatic, immediate, timely, delayed, and
ending the test when the lifetime of the test expires.
Issue 01 (2011-10-26)

257

6 NQA Configuration
Supports auto distributing the start time and the test interval when several tests are
performed at a time.
l
Supports the auto-delay function, with which the system resources can be effectively
utilized so that tests can be completed within a specified period.
Supports the collection of the uni-directional delay statistics and bi-directional delay
statistics. In addition, you can set a threshold and enable collecting statistics about the
packets in the test results that exceed the threshold.
Supports the collection of statistics on packet loss in one direction.
Supports the flexible alarm mechanism. That is, the upper and lower thresholds are set to
monitor the feature of the tested objects according to their OIDs. When the test result
exceeds the threshold, alarms are triggered based on the preset events.
6.5 Configuring the ICMP Test

This section describes how to configure an Internet Control Message Protocol (ICMP) test to
check the IP network connectivity.

Before configuring an ICMP test, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.
An ICMP test has a similar function with the ping command, but its output is more detailed.
Before configuring the ICMP test, configure reachable routes between the NQA client and the
tested device.
Data Preparation
To configure the ICMP test, you need the following data.
Issue 01 (2011-10-26)
No.
Data
Administrator name and test name of the NQA test
Destination IP address
(Optional) Virtual Private Network (VPN) instance name, source interface that sends
test packets, source IP address, size of the Echo-Request packets, TTL value, ToS,
padding character, interval for sending test packets, and percentage of the failed NQA
test
Start mode and end mode

258

6 NQA Configuration
6.5.2 Configuring ICMP Test Parameters

This part describes how to set ICMP test parameters.
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view

Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type icmp
The test type is set to ICMP.

Step 4 Run:
destination-address ipv4 ip-address
The destination IP address is configured.

Step 5 (Optional) Perform the following as required to configure other ICMP test parameters ( For
detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
NOTE
Only S3700EI and S3700HI support the vpn-instance command.
l To configure the source interface that sends test packets, run the source-interface interfacetype interface-number command.
l To configure the source IP address, run the source-address ipv4 ip-address command.
source-address ipv4 ip-address equals the "-a" option in the ping command.
l To configure the size (packet header excluded) of the Echo-Request packet, run the
datasize size command.
datasize size equals the "-s" option in the ping command.
l To configure the time-to-live (TTL) value, run the ttl number command.
ttl number equals the "-h" option in the ping command.
l To configure the type of service (ToS) field in the IP packet header, run the tos value
command.
tos equals the "-tos" option in the ping command.
l To configure padding characters, run the datafill fillstring command.
datafill equals the "-p" option in the ping command.
Issue 01 (2011-10-26)

259

6 NQA Configuration
l To configure the interval for sending the test packets, run the interval seconds interval
command.
interval seconds equals the "-m" option in the ping command.
l To configure the percentage of the failed NQA test, run the fail-percent percent command.
l To configure the NQA test packets to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
start
The NQA test is started.

Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End

After configuring the ICMP test, you can view the test result.
Prerequisite
The configurations of the ICMP Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five test results.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Issue 01 (2011-10-26)

260

6 NQA Configuration
Example
Run the display nqa results command. If the following is displayed, it means that the test is
successful.
l
"testFlag is inactive"
"The test is finished"
"Completion:success"
For the ICMP test, you can also view the minimum time, maximum time, and RTT(Round Trip
Time ).
<Quidway> display nqa results
NQA entry(admin, test) :testflag is inactive ,testtype is icmp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.112.58.3
Min/Max/Average Completion Time: 2/5/3
Sum/Square-Sum Completion Time: 9/33
Last Good Probe Time: 2010-06-21 15:33:09.2
Lost packet ratio: 0 %
6.6 Configuring the FTP Download Test

This section describes how to configure a File Transfer Protocol (FTP) download test to check
the FTP download performance.

Before configuring an FTP download test, familiarize yourself with the applicable environment,
In an FTP download test, the local device functions as an NQA FTP client, intending to download
the specified file from an FTP server.
The test result contains statistics about each FTP phase, including the time to set up an FTP
control connection and the time to transport the data.
Before configuring the FTP download test, complete the following tasks:
l
Configuring the FTP user name and password and the login directory
Configuring routes between the NQA FTP client and the FTP server
Data Preparation
To configure the FTP download test, you need the following data.
Issue 01 (2011-10-26)

261

6 NQA Configuration
No.
Data
Administrator name and test name
IP address of the FTP server
(Optional) Source IP address of the FTP operation and VPN instance name and source
and destination port numbers of the FTP operation
FTP user name and password
Name of the file to be downloaded
Start mode and end mode of the test
6.6.2 Configuring the FTP Download Test Parameters

This part describes how to set parameters for the FTP download test.
Context
Do as follows on the NQA client (FTP client):
Procedure
Step 1 Run:
system-view

Step 2 Run:
Step 3 Run:
test-type ftp
The test type is set to FTP.

Step 4 Run:

Step 5 (Optional) Perform the following as required to configure other parameters of the FTP Download
test ( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
command.
NOTE
Issue 01 (2011-10-26)

262

6 NQA Configuration
l To configure the FTP source port number, run the source-port port-numbercommand.
l To configure the FTP destination port number, run the destination-port port-number
command.
l To configure the NQA test packet to be sent without searching the routing table, run the
Step 6 Run:
ftp-operation get
The FTP operation type is set to Get.

By default, the FTP operation type is Get.
Step 7 Run:
ftp-username name
The FTP user name is configured.

Step 8 Run:
ftp-password password
The FTP password used during the login is configured.

Step 9 Run:
ftp-filename file-name
The name of the file to be downloaded is configured.

NOTE
During the FTP test, select a file with a relatively small size for the test. If the file is large, the test may fail
because of timeout.
Step 10 Run:
start

command.
----End

After configuring the FTP download test, you can view the test result.
Issue 01 (2011-10-26)

263

6 NQA Configuration
Prerequisite
The configurations of the FTP Download Test function are complete.
Context
NOTE
five tests.
Procedure
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
l
"CtrlConnTime"
"DataConnTime"
"SumTime"

NQA entry(admin, ftp) :testflag is inactive ,testtype is ftp
1 . Test 1 result
SendProbe:1
ResponseProbe:1
Completion :success
MessageBodyOctetsSum: 448
Stats errors number: 0
Operation timeout number: 0
Disconnect operation number: 0
CtrlConnTime Min/Max/Average: 438/438/438
DataConnTime Min/Max/Average: 218/218/218
SumTime Min/Max/Average: 656/656/656
Average RTT:380
6.7 Configuring the FTP Upload Test

This section describes how to configure an FTP upload test to check the FTP upload performance.

Before configuring an FTP upload test, familiarize yourself with the applicable environment,
In an FTP upload test, the local device functions as an FTP client, intending to upload the
specified file to an FTP server.
The test result contains the statistics about each FTP phase, including the time to set up an FTP
control connection and the time to transport the data.
Issue 01 (2011-10-26)

264

6 NQA Configuration
In an FTP upload test, you can specify the file to be uploaded or the bytes to be uploaded. If
certain bytes are specified, the FTP client then automatically generates the test files for
uploading.
Before configuring the FTP upload test, complete the following tasks:
l
Configuring the FTP user name and password and the login directory
Configuring routes between the NQA client and the FTP server
Data Preparation
To configure the FTP upload test, you need the following data.
No.
Data
(Optional) Source IP address of the FTP operation and VPN instance name and source
and destination port numbers of the FTP operation
Name or size of the uploaded file
6.7.2 Configuring the FTP Upload Test Parameters

This part describes how to set parameters for the FTP upload test.
Context
Do as follows on the NQA client (FTP client):
Procedure
Step 1 Run:
system-view

Step 2 Run:
Step 3 Run:
test-type ftp
The test type is set to FTP.

Issue 01 (2011-10-26)

265

6 NQA Configuration
Step 4 Run:

Step 5 (Optional) Perform the following as required to configure other parameters for the FTP upload
test ( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
command.
NOTE
l To configure the source port, run the source-port port-numbercommand.

l To configure the destination port, run the destination-port port-number command.
Step 6 Run:
ftp-operation put
The FTP operation type is set to Put.

By default, the FTP operation type is Get.
Step 7 Run:
ftp-username name
The FTP user name is configured.

Step 8 Run:
The FTP password used during the login is configured.

Step 9 Perform the following as required to upload the file.
l To upload the file with a specified name, run the ftp-filename file-name command.
NOTE
l If no file path is specified, the system searches for the file in the current path. If the specified file
name does not exist, a file is created according to the specified file name, and the size of the file is
set to 1 MB.
l The file name cannot contain characters such as ~, *, /, \, ', ", but the file path can contain these
characters.
l The file name can contain the extension name but cannot contain the extension name only, such
as .txt.
l To upload the file with a specified size, run the ftp-filesize size command. The client then
automatically creates a file name "nqa-ftp-test.txt" to upload.
NOTE
During the FTP test, select a file with a relatively small size. If the file is large, the test may fail because
of timeout.
Step 10 Run:
start
Issue 01 (2011-10-26)

266

6 NQA Configuration

command.
----End

After configuring the FTP upload test, you can view the test result.
Prerequisite
The configurations of the FTP Upload Test function are complete.
Context
NOTE
five tests.
Procedure
Step 1 Run the display nqa results command to view the test results on the NQA client.
----End
Example
l
"CtrlConnTime"
"DataConnTime"
"SumTime"

1 . Test 1 result
SendProbe:1
ResponseProbe:1
Completion :success
Issue 01 (2011-10-26)

267

6 NQA Configuration

Average RTT:380
6.8 Configuring the HTTP Test

This section describes how to configure a Hypertext Transfer Protocol (HTTP) test to check the
responding speed of the HTTP service in each phase.

Before configuring an HTTP test, familiarize yourself with the applicable environment,
Through the NQA HTTP test, you can obtain the responding speed in three phases:
l
Time of DNS resolution: It is a period from the time the client sends the DNS packet to the
resolver for resolving the name of the HTTP server to an IP address to the time the DNS
resolution packets containing the IP address is returned.
Time to set up a TCP connection: It is the time taken by the client to set up a TCP connection
with an HTTP server through three-way handshake.
Transaction time: It is a period from the time the client sends the Get or Post packets to an
HTTP server to the time the Echo packet sent by the client reaches the HTTP server.
Before configuring the HTTP test, complete the following tasks:
l
Configuring the HTTP server
Configuring routes between the NQA client and the HTTP server
Data Preparation
To configure the HTTP test, you need the following data.
No.
Data
Name of the HTTP server
l (Optional) Source address, Source port number

l (Optional) Destination port number
l (Optional) Fail percent
Issue 01 (2011-10-26)
HTTP operation type
Web page to be visited and the HTTP version

268

No.
Data
6 NQA Configuration
6.8.2 Configuring HTTP Test Parameters

This part describes how to set HTTP test parameters.
Context
Do as follows on the NQA client (HTTP client):
Procedure
Step 1 Run:
system-view

Step 2 Run:
An NQA test is created and the view is displayed.

Step 3 Run:
test-type http
The test type is set to HTTP.

Step 4 Run:

Step 5 (Optional) Perform the following as required to configure other parameters for the HTTP test
( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
command.
NOTE
l To configure the source port, run the source-port port-numbercommand.
l To configure the destination port, run the destination-port port-number command.
l To configure the percentage of the failed NQA HTTP tests, run the fail-percent percent
command.
Step 6 Run:
http-operation { get | post }
Issue 01 (2011-10-26)

269

6 NQA Configuration
The HTTP operation type is configured.

By default, the HTTP operation type is Get.
Step 7 Run:
http-url deststring [ verstring ]
The web page to be visited and the HTTP version are configured.
NOTE
When information on the HTTP version is not configured, by default, HTTP1.0 is supported. HTTP1.1 can
be supported through your configurations.
Step 8 Run:
start

command.
----End

After configuring the HTTP test, you can view the test result.
Prerequisite
The configurations of the HTTP Test function are complete.
Context
NOTE
five tests.
Procedure
----End
Issue 01 (2011-10-26)

270

6 NQA Configuration
Example
l
"DNSRTT"
"TCPConnectRTT"
"TransactionRTT and RTT"

NQA entry(admin, http) :testflag is inactive ,testtype is http
1 . Test 1 result
SendProbe:3
ResponseProbe:3
Completion:success
RTD OverThresholdsnumber: 0
TargetAddress: 100.2.1.200
DNSQueryError number: 0
HTTPError number: 0
TcpConnError number : 0
DNSRTT Sum/Min/Max:0/0/0
TCPConnectRTT Sum/Min/Max: 6/1/4
TransactionRTT Sum/Min/Max: 3/1/1
RTT Sum/Min/Max/Avg: 7/1/5/2
DNSServerTimeout:0 TCPConnectTimeout:0 TransactionTimeout: 0
Lost packet ratio:0%
6.9 Configuring the DNS Test

This section describes how to configure a Domain Name System (DNS) test to check the DNS
resolution speed.

Before configuring a DNS test, familiarize yourself with the applicable environment, complete
The DNS test is performed to obtain the speed at which the specified domain name is resolved
to an IP address.
Before configuring the DNS test, complete the following tasks:
l
Configuring the DNS server
Configuring routes between the NQA client and the DNS server
Data Preparation
To configure the DNS test, you need the following data.
Issue 01 (2011-10-26)
No.
Data
IP address of the DNS server

271

No.
Data
Host name to be resolved
6 NQA Configuration
6.9.2 Configuring the DNS Test Parameters

This part describes how to set DNS test parameters.
Context
Do as follows on the NQA client (DNS client):
Procedure
Step 1 Run
system-view

Step 2 Run:
dns resolve
Enable dynamic DNS resolution. By default, the function is disabled.

Step 3 Run:
Step 4 Run:
test-type dns
The test type is set to DNS.

Step 5 Run:
dns-server ipv4 ip-address
The IPv4 address of the DNS server is configured.

Step 6 Run:
destination-address url urlstring
The name of the destination host is configured.

NOTE
For detailed parameter configurations, see the chapter Configuring Universal NQA Test Parameters
Step 7 Run:
start

Issue 01 (2011-10-26)

272

6 NQA Configuration
command.
----End

After configuring the DNS test, you can view the test result.
Prerequisite
The configurations of the DNS Test function are complete.
Context
NOTE
five tests.
Procedure
----End
Example
NQA entry(t, t) :testflag is inactive ,testtype is dns
1 . Test 1 result
Completion:success
Attempts number:1
Issue 01 (2011-10-26)

273

6 NQA Configuration
6.10 Configuring the Traceroute Test

This section describes how to configure a traceroute test to check the connectivity to each hop
on the network.

Before configuring a traceroute test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the data required for the configuration. This
will help you complete the configuration task quickly and accurately.
An NQA Traceroute test can provide functions similar to those provided by the tracert
command, but outputs more detailed information.
Before configuring a traceroute test, configure reachable routes between the NQA client and the
device to be tested.
Data Preparation
To configure a traceroute test, you need the following data.
No.
Data
Administrator and name of an NQA test instance
(Optional) VPN instance name, maximum hops, initial TTL and maximum TTL value
of the packet, and source IP address and destination port of the packet
Start and end modes of a test
6.10.2 Configuring Parameters for a Traceroute Test

This part describes how to configure parameters for a traceroute test.
Context
Procedure
Step 1 Run
system-view
Issue 01 (2011-10-26)

274

6 NQA Configuration

Step 2 Run:
Step 3 Run:
test-type trace
A traceroute test is created.

Step 4 Run:
The destination address of the traceroute test is configured.

Step 5 Run the following commands as required ( For detailed parameter configurations, see the chapter
Configuring Universal NQA Test Parameters ):
command.
NOTE
l To configure the maximum hops, run:

tracert-hopfailtimes times
l To configure the initial TTL and maximum TTL values of a packet, run:
tracert-livetime first-ttl first-ttl max-ttl max-ttl
l To configure the source IP address, run:

source-address ipv4 ip-address
l To configure the destination port number, run:

destination-port port-number
l To configure a NQA test packets to be sent without searching the routing table, run:
sendpacket passroute
Step 6 Run:
start
An NQA test is started.

l To start the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ] hh:mm:ss |
delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command.
l To start the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss [ end
{ at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds
second | hh:mm:ss } } ] command.
l To start the NQA test after a certain delay, run the start delay { seconds second |
hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
Issue 01 (2011-10-26)

275

6 NQA Configuration

----End

After configuring a traceroute test, you can view the test result.
Prerequisite
The configurations of the traceroute test are complete.
Context
NOTE
NQA test results cannot be displayed automatically on the terminal. You need to run the display nqa
results command to view test results. By the default, the command output contains the records about only
the last five tests.
Procedure
----End
Example
Run the display nqa results command. If the statistics about each hop are displayed, it means
that the traceroute test is successful.
NQA entry(t, t) :testflag is inactive ,testtype is trace
1 . Test 1 result
Completion:success
Attempts number:1
Last good path Time:2010-06-21 15:41:01.7
1 . Hop 1
6.11 Configuring the SNMP Query Test

This section describes how to configure a Simple Network Management Protocol (SNMP) query
test to check the communications between the host and SNMP agent.
Issue 01 (2011-10-26)

276

6 NQA Configuration

Before configuring an SNMP query test, familiarize yourself with the applicable environment,
Through the SNMP Query test, you can obtain the statistics of the communication between hosts
and SNMP agents.
Before configuring the SNMP Query test, complete the following tasks:
l
Configuring the SNMP agent
Configuring routes between the NQA client and the SNMP agent
Data Preparation
To configure the SNMP query test, you need the following data.
No.
Data
IP address of the SNMP agent
(Optional) Source IP addresses and source port numbers of test packets, interval for
sending test packets, and percentage of the failed NQA tests
6.11.2 Configuring the SNMP Query Test Parameters

This part describes how to set SNMP query test parameters.
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
Issue 01 (2011-10-26)

277

6 NQA Configuration
Step 3 Run:
test-type snmp
The test type is set to SNMP Query.

Step 4 Run:
The destination IP address, that is, the IP address of the SNMP agent, is configured.
NOTE
The SNMP function must be enabled on the destination host; otherwise, the destination host fails to receive
Echo packets.
Step 5 (Optional) Perform the following as required to configure other parameters for the SNMP test
Parameters ):
command.
NOTE
l To configure the source port number, run the source-port port-numbercommand.
l To configure the interval for sending test packets, run the interval seconds interval
command.
l To configure the percentage of the failed NQA tests, run the fail-percent percent command.
Step 6 Run:
start

command.
----End
Issue 01 (2011-10-26)

278

6 NQA Configuration

After configuring the SNMP query test, you can view the test result.
Prerequisite
The configurations of the SNMP Query Test function are complete.
Context
NOTE
five tests.
Procedure
----End
Example
NQA entry(admin, snmp) :testflag is inactive ,testtype is snmp
1 . Test 1 result
Completion:success
Attempts number:0
6.12 Configuring the TCP Test

This section describes how to configure a Transmission Control Protocol (TCP) test to check
the responding speed of a TCP port.

Before configuring a TCP test, familiarize yourself with the applicable environment, complete
To obtain the time for the specified port to respond to a TCP connection request, you can create
an NQA TCP test instance.
Issue 01 (2011-10-26)

279

6 NQA Configuration
Before configuring the TCP test, configure reachable routes between the NQA client and the
TCP server.
Data Preparation
To configure the TCP test, you need the following data.
No.
Data
IP address and port number monitored by the TCP server
(Optional) Destination port numbers of the probe packets sent by the TCP client and
source IP addresses , source port numbers of test packets, interval for sending test
packets, and percentage of the failed NQA tests
6.12.2 Configuring the TCP Server

The IP address and number of the port monitored by the server must be identical with those
configured on the client.
Context
Do as follows on the NQA server (TCP server):
Procedure
Step 1 Run:
system-view

Step 2 Run:
nqa-server tcpconnect [ vpn-instance vpn-instance-name ] ip-address port-number
The TCP monitoring service is configured.

NOTE
Note that the IP address and port number monitored by the server should be consistent with those configured
on the client.
Only S3700EI and S3700HI support vpn-instance vpn-instance-name.
----End
6.12.3 Configuring the TCP Client

This part describes how to set TCP test parameters.
Issue 01 (2011-10-26)

280

6 NQA Configuration
Context
Do as follows on the NQA client (TCP client):
Procedure
Step 1 Run:
system-view

Step 2 Run:
Step 3 Run:
test-type tcp
The test type is set to TCP.

Step 4 Run:

Step 5 To configure the destination port number, run the destination-port port-numbercommand.
Step 6 (Optional) Perform the following as required to configure other parameters for the TCP test ( For
detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
command.
NOTE
command.
l To configure the percentage of the failed NQA tests, run the fail-percent percentcommand.
Step 7 Run:
start

command.
Issue 01 (2011-10-26)

281

6 NQA Configuration
The differences between the TCP Public tests and the TCP Private tests are as follows:
l The TCP Public tests do not require the destination port to be configured on the client.
Connection requests are initiated and sent to the TCP port 7 of the destination address. The
server should monitor the TCP port 7.
l The TCP Private tests require the destination port be specified and the related monitoring
services enabled on the server.
----End

After configuring the TCP test, you can view the test result.
Prerequisite
The configurations of the TCP Test function are complete.
Context
NOTE
five tests.
Procedure
l
Run the display nqa results [ test-instance admin-name test-name ] command to view the
test results on the NQA client.
Run the display nqa-server command to view the information about the NQA server.
----End
Example
NQA entry(admin, tcp) :testflag is inactive ,testtype is tcp
1 . Test 1 result
Completion:success
Attempts number:0
Issue 01 (2011-10-26)

282

6 NQA Configuration

Run the display nqa-server command,the status of the NQA server is displayed.
<Quidway> display nqa-server
NQA Server Max: 100
NQA Concurrent TCP Server : 1
NQA Server Num: 1

NQA Concurrent UDP Server: 0
nqa-server tcpconnect 10.112.58.3 2000 ACTIVE
6.13 Configuring the UDP Test

This section describes how to configure a User Datagram Protocol (UDP) test to check the
responding speed of a UDP port.

Before configuring a UDP test, familiarize yourself with the applicable environment, complete
To obtain the time for the specified port to respond to a UDP connection request, you can create
a UDP test instance.
Before configuring the UDP test, configure reachable routes between the NQA client and the
UDP server.
Data Preparation
To configure the UDP test, you need the following data.
No.
Data
IP address and port of the UDP server
Destination IP addresss and the port of the probe packets sent by the UDP client
(Optional) Source IP addresses and source port numbers of test packets, interval for
sending test packets, and percentage of the failed NQA tests
6.13.2 Configuring the UDP Server

Issue 01 (2011-10-26)

283

6 NQA Configuration
Context
Do as follows on the NQA server (UDP server):
Procedure
Step 1 Run:
system-view

Step 2 Run:
nqa-server udpecho [ vpn-instance vpn-instance-name ] ip-address port-number
The UDP monitoring service is configured.

Note that the IP address and port number monitored by the server should be consistent with those
NOTE
Only S3700EI and S3700HI support the vpn-instance vpn-instance-name.
----End
6.13.3 Configuring the UDP Client

This part describes how to set UDP test parameters.
Context
Do as follows on the NQA client (UDP client):
Procedure
Step 1 Run:
system-view

Step 2 Run:
Step 3 Run:
test-type udp
The test type is set to UDP.

Step 4 Run:

Step 5 Run:
The destination port number is configured.

Issue 01 (2011-10-26)

284

6 NQA Configuration
Step 6 (Optional) Perform the following as required to configure other parameters for the UDP test
Parameters ):
command.
NOTE
command.
Step 7 Run:
start

command.
----End

After configuring the UDP test, you can view the test result.
Prerequisite
The configurations of the UDP Test function are complete.
Context
NOTE
five tests.
Issue 01 (2011-10-26)

285

6 NQA Configuration
Procedure
l
----End
Example
NQA entry(admin, udp) :testflag is inactive ,testtype is udp
1 . Test 1 result
Completion:success
Attempts number:1
Run the display nqa-server command. If the status of the NQA server is displayed, it means
that the configuration succeeds.
<Quidway> display nqa-server
NQA Server Max: 100
NQA Concurrent TCP Server : 0
NQA Server Num: 1

NQA Concurrent UDP Server: 1
nqa-server udpecho 10.112.58.3 3000 ACTIVE
6.14 Configuring the Jitter Test

This section describes how to configure a jitter test to check jitter on the network. You can
perform a jitter test only when both the client and the server are Huawei devices.

Before configuring a jitter test, familiarize yourself with the applicable environment, complete
The jitter time refers to the interval for sending two adjacent packets minus the interval for
receiving the two packets.
The process of a Jitter test is as follows:
1.
The source sends a packet to the destination at a specified interval.
2.
After receiving the packet, the destination adds a timestamp to the packet and returns them
to the source.
Issue 01 (2011-10-26)

286

3.
6 NQA Configuration
After receiving the returned packets, the source subtracts the interval for the source to send
two adjacent packets from the interval for the destination to receive the two packets and
then obtains the jitter time.
The maximum, minimum, and average jitter time calculated based on the information received
on the source can clearly show the network status.
In a Jitter test, you can set the number of packets to be sent consecutively. Through this setting,
certain traffic can be simulated within a certain period. For example, if you set 3000 UDP packets
to be sent at an interval of 20 milliseconds. Then, in one minute, G.711 traffic is simulated.
NOTE
To improve the test accuracy, you can configure the Network Time Protocol (NTP) on both the client and
the server.
Before configuring the Jitter test, configure reachable routes between the NQA client and the
NQA server.
Data Preparation
To configure the Jitter test, you need the following data.
No.
Data
IP address and the port number monitored by the UDP server
Destination IP addresses and port numbers of the probe packets sent by the UDP
client
(Optional) VPN instance name, source IP address and port number of the probe packet
sent by the UDP client, number of probe packets and test packets sent each time,
interval for sending probe packets and test packets, percentage of the failed NQA
tests, and version number carried in the Jitter packet
6.14.2 Configuring the Jitter Server

Context
Do as follows on the NQA server (Jitter server):
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)

287

6 NQA Configuration

Step 2 Run:
nqa-server udpecho [ vpn-instance vpn-instance-name ] ip-address port-number
The UDP monitoring service is configured.

Note that the IP address and port number monitored by the Jitter server should be consistent
with those configured on the client.
NOTE
Only S3700EI and S3700HI support the vpn-instance vpn-instance-name.
----End
6.14.3 Configuring the Jitter Client

This part describes how to configure the client of the jitter test.
Context
NOTE
The system supports the collection of the statistics about the maximum uni-directional transmission delay.
Do as follows on the NQA client (Jitter client):
Procedure
Step 1 Run:
system-view

Step 2 (Optional) To configure the version number of Jitter packets, run the nqa-jitter tag-version
version-number command in the system view.
If Version 2 is adopted, after collecting the packet loss across a uni-directional link is enabled,
you can find the packet loss across the link from the source to the destination (or from the
destination to the source or from an unknown direction). According to these statistics, the
network administrator can easily detect network faults and malicious attacks.
Step 3 Run:
Step 4 Run:
test-type jitter
The test type is set to Jitter.

Step 5 Run:

Step 6 Run:
Issue 01 (2011-10-26)

288

6 NQA Configuration

Step 7 (Optional) Perform the following as required to configure other parameters for the Jitter test
Parameters ):
command.
NOTE
l To configure the probe times in the NQA test, run the probe-count number command.
l To configure the number of test packets sent each time, run the jitter-packetnum number
command.
The Jitter test is used to collect statistics and perform analysis of the transmission delay
variation of the UDP packets. The system sends multiple test packets for each test to make
the statistics more accurate. The more test packets are sent, the more accurate the statistics
and analysis are. This process, however, is time consuming.
NOTE
The number of the Jitter tests depends on the probe-count command. The number of test packets sent
during each test depends on the jitter-packetnum command. During the actual configuration, the
product of the number of test times and the number of the test packets must be less than 3000.
l To configure the interval for sending test packets, run the interval { milliseconds interval |
seconds interval } command.
The shorter the interval for sending the Jitter test packets is, the faster the test is completed.
If the interval, however, is set to a very small value, the jitter statistics result may have a
greater error.
l To send the NQA test packet without searching the routing table, run the sendpacket
passroute command.
Step 8 Run:
start

command.
Issue 01 (2011-10-26)

289

6 NQA Configuration

----End

After configuring the jitter test, you can view the test result.
Prerequisite
The configurations of the Jitter Test function are complete.
Context
NOTE
five tests.
Procedure
l
----End
Example
<Quidway> display nqa results test-instance admin jitter
NQA entry(admin, jitter) :testflag is inactive ,testtype is jitter
1 . Test 1 result
SendProbe:60
ResponseProbe:60
Completion:success
RTD OverThresholds number:0
Min/Max/Avg/Sum RTT:1/1/1/60
RTT Square Sum:60
NumOfRTT:60
Min Positive SD:1
Min Positive DS:1
Max Positive SD:1
Max Positive DS:1
Positive SD Number:15
Positive DS Number:1
Positive SD Sum:15
Positive DS Sum:1
Positive SD Square Sum:15
Positive DS Square Sum:1
Min Negative SD:1
Min Negative DS:1
Max Negative SD:1
Max Negative DS:1
Negative SD Number:15
Negative DS Number:1
Negative SD Sum:15
Negative DS Sum:1
Negative SD Square Sum:15
Negative DS Square Sum:1
Min Delay SD:0
Min Delay DS:0
Avg Delay SD:27
Avg Delay DS:1
Max Delay SD:1
Max Delay DS:1
Packet Loss SD:0
Packet Loss DS:0
Packet Loss Unknown:0
jitter out value:0.0312500
jitter in value:0.0020833
NumberOfOWD:60
OWD SD Sum:27
OWD DS Sum:1
TimeStamp unit: ms
Issue 01 (2011-10-26)

290

6 NQA Configuration
6.15 Configuring an ICMP Jitter Test

This section describes how to configure an ICMP jitter test to measure jitter on IP networks.
NOTE
Only S3700HI support ICMP Jitter.

Before configuring an ICMP jitter test, familiarize yourself with the applicable environment,
Jitter time refers to the interval for receiving two consecutive packets minus the interval for
sending these two packets.
The process of the ICMP jitter test is as follows:
l
The source sends packets to the destination at a set interval.
After receiving a packet, the destination adds a timestamp to the packet and sends it back
to the source.
After receiving the returned packets, the source obtains the jitter time by subtracting the
interval for sending the packets from the interval for receiving the packets.
The maximum, minimum, and average jitter time and the maximum unidirectional delay of the
packets from the source to the destination and from the destination to the source are calculated
according to the information received on the source. Based on these data, the network status is
clearly presented.
In the jitter test, you can set the number of packets to be sent consecutively in each test instance.
Through this setting, the actual traffic of a kind of packet during a time period can be simulated.
If the server is a non-Huawei device, you can test the jitter of the network by configuring an
ICMP jitter test instance.
Before configuring an ICMP jitter test, configure a reachable route between the NQA client and
the server.
Data Preparation
To configure a jitter test, you need the following data.
Issue 01 (2011-10-26)
No.
Data
Administrator of the NQA test instance and name of the test instance
291

6 NQA Configuration
No.
Data
(Optional) Name of a VPN instance, source IP address ,number of test probes sent
each time, number of test packets sent each time, interval for sending test packets,
ratio of the failed NQA tests, and version number of jitter packets
Start mode and end mode
6.15.2 Configuring Parameters for the ICMP Jitter Test

This part describes how to set ICMP jitter test parameters.
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
Step 3 Run:
test-type icmpjitter
The type of the test instance is configured as ICMP jitter.

Step 4 Run:

Step 5 (Optional) Run the following commands to configure other parameters for the jitter test:
l Run:
icmp-jitter-mode { icmp-echo | icmp-timestamp }
The mode of the ICMP jitter test is configured.

l Run:
vpn-instance vpn-instance-name
The VPN instance to be tested is configured.

NOTE
Only the S3700HI supports this parameter.
l Run:
probe-count number
The number of test probes to be sent each time is set.

Issue 01 (2011-10-26)

292

6 NQA Configuration
l Run:
jitter-packetnum number
The number of test packets to be sent during each test is set.

NOTE
The probe-count command is used to configure the number of times for the jitter test and the jitterpacketnum command is used to configure the number of test packets to be sent during each test. In
actual configuration, the product of the number of times for the jitter test multiplied by the number of
test packets must be less than 3000.
l Run:
interval { milliseconds interval }
The interval for sending test packets is set.

The shorter the interval is, the sooner the test is complete. However, delays arise from sending
and receiving test packets on the processor. Therefore, if the interval for sending test packets
is set to a small value, a relatively greater error may occur in the statistics of the jitter test.
l Run:
fail-percent percent
The percentage of the failed NQA tests is set.

Step 6 Run:
start

Select the start mode as required because the startcommand has several forms.
command.
----End

After configuring the ICMP jitter test, you can view the test result.
Prerequisite
The configurations of the ICMP Jitter Test function are complete.
NOTE
NQA test results cannot be displayed automatically on the terminal. You should run the display nqa
results command to check the test results.
Issue 01 (2011-10-26)

293

6 NQA Configuration
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to check results
on the NQA client.
----End
Example
If the ICMP jitter test succeeds, you can view the following information by running the display
nqa results command.
<Quidway> display nqa results test-instance admin icmpjitter
NQA entry(admin, icmpjitter) :testflag is inactive ,testtype is icmpjitter
1 . Test 1 result
SendProbe:60
ResponseProbe:60
Completion :success
OWD OverThresholds SD number:0
OWD OverThresholds DS number:0
RTT Square Sum:61007
NumOfRTT:60
Min Positive SD:1
Min Positive DS:1
Max Positive SD:138
Max Positive DS:3
Positive SD Sum:152
Positive DS Sum:21
Positive SD Square Sum :19116
Positive DS Square Sum :27
Min Negative SD:1
Min Negative DS:1
Max Negative SD:21
Max Negative DS:4
Negative SD Sum:152
Negative DS Sum:22
Negative SD Square Sum :2796
Negative DS Square Sum :34
Min Delay SD:1
Min Delay DS:0
Max Delay SD:72
Max Delay DS:71
Delay SD Square Sum:15111
Delay DS Square Sum:14728
Packet Loss SD:0
Packet Loss DS:0
Average of Jitter:5
Average of Jitter SD:14
Average of Jitter DS:1
NumberOfOWD:60
Packet Loss Ratio: 0%
OWD SD Sum:339
OWD DS Sum:310
ICPIF value: 0
MOS-CQ value: 0
TimeStamp unit: ms
6.16 Configuring Universal NQA Test Parameters

This section describes how to set and use universal parameters for NQA test instances.

Before setting universal parameters for NQA test instances, familiarize yourself with the
applicable environment, complete the pre-configuration tasks, and obtain the required data. This
can help you complete the configuration task quickly and accurately.
NQA supports not only the configuration of the parameters for various types of tests, but also
the configuration of universal options of a test group.
Commonly, the default configurations of the universal parameters are adopted.
Issue 01 (2011-10-26)

294

6 NQA Configuration
Before configuring universal NQA parameters, create NQA tests correctly.
6.16.2 Configuring Universal Parameters for the NQA Test Instance

This part describes the application of each parameter in the NQA test instance.
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
The NQA test instance view is displayed.

Step 3 Perform the following as required to configure universal parameters:
l Run:
agetime hh:mm:ss
The aging time is set for the NQA test instance.

l Run:
datafill fillstring
The fill string is set for the NQA test instance.

NOTE
This parameter cannot be configured for SNMP, TCP, FTP, HTTP, and DNS test instances.
You can configure padding characters for only UDP, ICMP, Jitter and Trace tests.
l Run:
datasize size
The packet size is set for the NQA test instance.

NOTE
This parameter cannot be configured for SNMP, TCP, FTP, HTTP, and DNS test instances.
l Run:
description string
The description is configured for the NQA test instance.

l Run:
The destination IP address is set for the NQA test instance.

l Run:
destination-address url urlstring
The destination URL address is set for the NQA test instance.
Issue 01 (2011-10-26)

295

6 NQA Configuration
NOTE
The destination URL address can be configured for DNS and HTTP test instances.
l Run:
The destination port number is set for the NQA test instance.
NOTE
The destination port number can be configured only for UDP, Jitter, TCP, Trace, FTP, and HTTP test
instances.
l Run:
dns-server ipv4 ip-address
The DNS server address is configured for the NQA test instance.
NOTE
The DNS server address can be configured only for DNS and HTTP test instances.
l Run:
fail-percent percent
The failure percentage is set for the NQA test instance.

NOTE
This parameter cannot be configured for Trace, FTP, and DNS test instances.
l Run:
frequency interval
The test period is set for the NQA test instance.

l Run:
ftp-filename file-name
The file name and file path are configured for the FTP test instance.
NOTE
The file name and file path can be configured only for the FTP test instance.
l Run:
ftp-filesize size
The size of the file is set for the FTP test instance.
NOTE
The size of the file can be configured only for the FTP test instance.
l Run:
ftp-operation { get | put }
The operation type is configured for the FTP test instance.

NOTE
The operation type can be configured only for the FTP test instance.
l Run:
The user password is set for the FTP test instance.

NOTE
The user password can be configured only for the FTP test instance.
l Run:
ftp-username name
The user name is set for the FTP test instance.

Issue 01 (2011-10-26)

296

6 NQA Configuration
NOTE
The user name can be configured only for the FTP test instance.
l Run:
http-operation { get | post }
The test type is set for the HTTP test instance.

NOTE
The operation type can be configured only for the HTTP test instance.
l Run:
http-url deststring [ verstring ]
The relative file path and version are configured for the HTTP test instance.
NOTE
The relative file path and version can be configured only for the HTTP test instance.
l Run:
interval { milliseconds
interval | seconds interval }
The interval for sending packets is set for the NQA test instance.
NOTE
The interval for sending packets can be configured only for the ICMP, UDP, SNMP, Jitter, and TCP
test instances.
l Run:
jitter-packetnum number
The number of test packets is set for the NQA test instance.
l Run:
probe-count number
The number of probes for one time is set.

NOTE
This parameter cannot be configured for FTP and DNS test instances.
l Run:
probe-failtimes times
The number of permitted maximum probe failures, that is, the threshold to trigger the trap
message, is set for the NQA test instance.
l Run:
records history number
The maximum number of history records is set for the NQA test instance.
l Run:
records result number
The maximum number of result records is set for the NQA test instance.
l Run:
sendpacket passroute
The NQA test is configured to send packets without searching for the routing table.
NOTE
This parameter cannot be configured for DNS test instance.
l Run:
set-df
Packet fragmentation is prohibited.

Issue 01 (2011-10-26)

297

6 NQA Configuration
NOTE
This function can be configured only for the Trace test instances.
l Run:
send-trap { all | { owd-ds | owd-sd | probefailure | rtd | testcomplete |
testfailure } * }
The condition for triggering the trap message is configured.

l Run:
source-address ipv4 ip-address
The source IP address is set for the NQA test instance.

l Run:
source-interface interface-type interface-number
The source interface is configured for the NQA test instance.

NOTE
The source interface can be configured for ICMPtest instances.
l Run:
source-port port-number
The source port number is set for the NQA test instance.
NOTE
This parameter can be configured for UDP, SNMP, TCP, FTP, and HTTP test instances.
l Run:
test-failtimes times
The trap threshold for continuous probe failures is set for the NQA test instance.
l Run:
timeout time
The timeout period is set for the NQA test instance.

l Run:
ttl number
The TTL value in the NQA test packet is set.

NOTE
This parameter cannot be configured for DNS and Trace test instances.
l Run:
tos value
Type of Service (TOS) is set for the test packet.

NOTE
This parameter cannot be configured for DNS and Trace test instances.
l Run:
tracert-hopfailtimes times
The hop fail times are set for the Trace test instance.
NOTE
This parameter can be configured only for Trace test instance.
l Run:
tracert-livetime first-ttl first-ttl max-ttl max-ttl
The lifetime is set for the Trace test instance.

Issue 01 (2011-10-26)

298

6 NQA Configuration
NOTE
This parameter can be configured only for Trace test instance.
l Run:
The VPN instance name is configured for the NQA test instance.
NOTE
This parameter cannot be configured for DNS test instance.
l Run:
The VPN instance name is configured for the NQA test instance.
NOTE
This parameter cannot be configured for DNS, and DHCP test instance.
----End

After setting universal parameters for NQA test instances, you can view the test result.
Prerequisite
The configurations of the Universal NQA Test Parameters function are complete.
Procedure
Step 1 Run the display nqa-agent [admin-name test-name ] [ verbose ] to view the status of the test
instance configured on the NQA client.
----End
Example
<Quidway> display nqa-agent
nqa test-instance a a
test-type pwe3trace
local-pw-id 1
vc-type bgp
nqa status : normal
nqa test-instance a b
destination-address ipv4 100.1.1.201
source-address ipv4 100.1.1.200
hardware-based enable
ttl 100
tos 100
timeout 20
nqa status : normal
6.17 Configuring Round-Trip Delay Thresholds

This section describes how to set a round-trip delay transmission threshold in an NQA test
instance.
Issue 01 (2011-10-26)

299

6 NQA Configuration

Before setting a round-trip transmission delay threshold, familiarize yourself with the applicable
If the round-trip transmission delay threshold is configured for a NQA test instance, the NQA
test result will contain the statistics on the test packets that exceed the set threshold. This provides
the basis for the network manager to analyze the operation status of the specified service.
Before configuring the round-trip transmission delay threshold, complete the following tasks:
l
Running the device normally
Creating NQA test instances and configuring related parameters correctly
Data Preparation
To configure the round-trip transmission delay threshold, you need the following data.
No.
Data
Round-trip transmission delay threshold
6.17.2 Configuring Round-Trip Delay Thresholds

This part describes how to set a round-trip transmission delay threshold. When the transmission
duration exceeds the threshold, a trap message is sent to the Network Management System
(NMS).
Context
Do as follows on the switch to perform the NQA test:
Procedure
Step 1 Run:
system-view

Step 2 Run:
An NQA test instance is created and the NQA instance view is displayed.
Step 3 Run:
test-type test-type
Issue 01 (2011-10-26)

300

6 NQA Configuration
The test type is configured.

Step 4 Run:

Step 5 (Optional)Run:

Step 6 Run:
threshold rtd rtd-value
The round-trip transmission delay threshold is configured.

Step 7 Run:
send-trap rtd
The trap function is enabled.

----End

After setting the round-trip transmission delay threshold, you can view the configuration.
Prerequisite
The configurations of the Round-Trip Delay Thresholds Test function are complete.
Procedure
Step 1 Run the display nqa-agent [ admin-name test-name ] [ verbose ] to view the status of the test
instance configured on the NQA client.
----End
Example
Run the display nqa-agent verbose command. If the test is successful, the following is
displayed. For example:
<Quidway> display nqa-agent verbose
nqa test-instance admin jitter
test-type jitter
destination-port 80
threshold rtd 2000
send-trap rtd
nqa status : normal
6.18 Configuring the Trap Function

This section describes how to configure the trap function in an NQA test instance. After the trap
function is configured, a trap message is sent to the NMS in case of transmission success or
transmission failure.
Issue 01 (2011-10-26)

301

6 NQA Configuration

Before configuring the trap function, familiarize yourself with the applicable environment,
Trap messages are generated regardless of whether the NQA test is successful or fails. You can
control whether to send trap messages to the NM station by enabling or disabling the trap
function.
NQA supports three types of trap messages as defined in the DISMAN-PING-MIB.
l
Trap message sent when an NQA probe fails

It aims at checking whether the probe Echo packets are received.
If the number of packets that have no responses reaches the upper limit, trap messages are
sent to a specified NM station.
Trap message sent when an NQA test fails

It aims at checking whether the test fails.
If the number of the times that a test fails exceeds the limit, trap messages are sent to a
specified NM station.
Trap message sent when an NQA test is successful

It aims at checking whether the test is successful.
If Echo packets are received during an NQA test, trap messages are sent to a specified NM
station.
NQA also supports the sending of trap messages to the NM station when the uni-directional
transmission delay or the round-trip transmission delay exceeds the threshold.
l
For all tests supporting traps, if the round-trip transmission delay exceeds the threshold and
the trap function is enabled, trap messages are sent to the NM station with the specified IP
address.
For all the Jitter tests, if the uni-directional transmission delay exceeds the threshold and
the trap function is enabled, trap messages are sent to the NM station with the specified IP
address.
Trap messages carry information such as destination IP address, operation status, destination IP
address of the test packet, minimum RTT, maximum RTT and total RTT, number of sent probe
packets, number of received packets, RTT square sum, and time of the last successful probe.
Before configuring the trap function, complete the following tasks:
l
Configuring routes between the NQA client and the NM station
Creating an NQA test and configuring related parameters correctly
Data Preparation
To configure the trap function, you need the following data.
Issue 01 (2011-10-26)

302

6 NQA Configuration
No.
Data
NQA events that trigger the trap function
l (Optional) Number of test failures that trigger sending a trap message

l (Optional) Number of probe failures that trigger sending a trap message
6.18.2 Sending Trap Messages When Test Failed

A trap message is sent to the NMS when the transmission of NQA test packets fails.
Procedure
Step 1 Run:
system-view

Step 2 Run:
Step 3 Run:
test-type { jitter | icmpjitter }

NOTE
Step 4 Run:


Step 6 Run:
send-trap testfailure
Sending trap messages when tests fail is enabled.

By default, the trap function is disabled.
Step 7 Run:
test-failtimes times
The number of test failures that trigger sending a trap message is configured.
Issue 01 (2011-10-26)

303

6 NQA Configuration
By default, a trap message is sent for each test failure.

----End
6.18.3 Sending Trap Messages When Probes Failed

A trap message is sent to the NMS when the NQA test fails.
Procedure
Step 1 Run:
system-view

Step 2 Run:
Step 3 Run:

NOTE
Step 4 Run:


Step 6 Run:
send-trap probefailure
Sending trap messages when probes fail is enabled.

Step 7 Run:
probe-failtimes times
The number probe failures that trigger sending a Trap message is configured.
By default, a trap message is sent for each probe failure.
----End
6.18.4 Sending Trap Messages When Probes Are Complete

A trap message is sent to the NMS when the NQA test is complete.
Issue 01 (2011-10-26)

304

6 NQA Configuration
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
Step 3 Run:

NOTE
Step 4 Run:


Step 6 Run:
send-trap testcomplete
Sending trap messages when tests are completed is enabled.

----End
6.18.5 Sending Trap Messages When the Transmission Delay

Exceeds Thresholds
A trap message is sent to the NMS when the test result exceeds the threshold.
Context
Procedure
Step 1 Run:
system-view

Issue 01 (2011-10-26)

305

6 NQA Configuration
Step 2 Run:
Step 3 Run:

NOTE
Step 4 Run:


Step 6 Run:
send-trap rtd
Sending trap messages when the transmission delay exceeds the threshold is enabled.
----End

After the trap function is enabled in an NQA test instance, you can view trap messages in the
trap buffer.
Prerequisite
The configurations of the Trap function are complete.
Procedure
Step 1 Run the display trapbuffer [ size value ] to view the trap messages sent in an NQA test.
----End
Example
Run the display trapbuffer [ size value ] command. If information about the trap messages is
displayed, it means that the configuration succeeds.
For example:
<Quidway> display trapbuffer size 2
Trapping buffer configuration and contents:enabled
Channel number : 3 , channel name : trapbuffer
Issue 01 (2011-10-26)

306

6 NQA Configuration
#May 6 2009 12:54:17 CBB6-PE3 SINDEX/4/INDEXMAP:OID
1.3.6.1.4.1.2011.5.25.110.2.0.1 ShortIFIndexMapTable changed.
#May 6 2009 11:02:37 CBB6-PE3 SRM_BASE/4/ENTITYREGSUCCESS: OID
1.3.6.1.4.1.2011.5.25.129.2.1.18 Physical entity register succeeded.
(EntityPhysicalIndex=17367040, BaseTrapSeverity=2, BaseTrapProbableCause=70144,
BaseTrapEventType=5, EntPhysicalContainedIn=1677721
6, EntPhysicalName="SRU slot 9", RelativeResource="", ReasonDescription="MPU9")
6.19 Maintaining NQA

This section describes how to maintain an NQA test instance. You can restart the test instance,
clear the statistics on the test result,to maintain a test instance.
6.19.1 Restarting NQA Test Instances

If a test instance fails, you can try to restart the test instance in the next test period.
Prerequisite
To restart an NQA test instance, run the following command in the NQA instance view.
Context
CAUTION
Restarting an NQA test instance interrupts the running of tests.
Procedure
Step 1 Run the system-view command, enter the system view.
Step 2 Run the nqa test-instance admin-name test-name command, enter the NQA test instance view.
Step 3 Run the restart command in the NQA instance view to restart an NQA test instance.
----End
6.19.2 Clearing NQA Statistics

When the statistics on the current test instance are saved to the FTP server, you can clear test
results on the device.
Prerequisite
NQA statistics cannot be restored after you clear them. So, confirm the action before you use
the command.
Issue 01 (2011-10-26)

307

6 NQA Configuration
Context
NOTE
Statistics about the test being performed cannot be cleared.
Procedure
Step 1 Run the system-view command, enter the system view.
Step 2 Run the nqa test-instance admin-name test-name command, enter the NQA test instance view.
Step 3 Run the clear-records command in the NQA view to clear history statistics on NQA tests and
test results.
----End
6.19.3 Debugging NQA

This part describes how to debug test instances.
Prerequisite
When a fault occurs, run the following debugging command in the user view to debug NQA
and locate the fault.
Context
CAUTION
Procedure
Step 1 Run the debugging nqa all command in the NQA view to enable NQA debugging.
----End

This section provides several configuration examples of NQA.
6.20.1 Example for Configuring the ICMP Test

As shown in Figure 6-3, Switch A and Switch B must be connected at Layer 3 through the
VLANIF interface.
Switch A functions as the NQA client to check whether Switch B is reachable.
Issue 01 (2011-10-26)

308

6 NQA Configuration
Figure 6-3 Networking diagram for configuring the ICMP test

SwitchB
SwitchA
Ethernet0/0/1
VLANIF10
NQA agent 10.1.1.1/24
Ethernet0/0/1
VLANIF10
10.1.1.2/24
1.
Perform the NQA ICMP test to check whether the route between the local end (Switch A)
and the specified destination end (Switch B) is reachable and check the RTT of a test packet.
Data Preparation
l
Host address of Switch B
Procedure
Step 1 Create a VLAN and add interfaces to the VLAN.
# Configure Switch A.
[SwitchA] vlan 10
# Configure Switch B.
[Quidway] sysname SwitchB
[SwitchB] vlan 10
[SwitchB-Vlan10] quit
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchB-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchB-Ethernet0/0/1] quit
Step 2 Configure the VLANIF interface and assign an IP address to the VLANIF interface.
# Configure Switch A.
[SwitchA-Vlanif10] ip address 10.1.1.1 24
# Configure Switch B.
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 10.1.1.2 24
Step 3 Enable the NQA client and create an NQA ICMP test.
Issue 01 (2011-10-26)

309

6 NQA Configuration
[SwitchA] nqa test-instance admin icmp

[SwitchA-nqa-admin-icmp] test-type icmp
[SwitchA-nqa-admin-icmp] destination-address ipv4 10.1.1.2
Step 4 Perform the test immediately.

[SwitchA-nqa-admin-icmp] start now
Step 5 Verify the test result.

[SwitchA-nqa-admin-icmp] display nqa results test-instance admin icmp
NQA entry(admin, icmp) :testflag is inactive ,testtype is icmp
1 . Test 1 result
Completion:success
Attempts number:1
----End
Configuration Files
l

#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin icmp
test-type icmp
#
return

#
sysname SwitchB
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
#
return
Issue 01 (2011-10-26)

310

6 NQA Configuration
6.20.2 Example for Configuring the FTP Download Test

As shown in Figure 6-4:
l
Switch B functions as the FTP server.
A user with the name user1 and the password hello intends to log in to the FTP server to
download the test.txt file.
Figure 6-4 Networking diagram for configuring the FTP download test
SwitchA
SwitchB
Ethernet0/0/1 Ethernet0/0/1
VLANIF10
VLANIF10
FTP Client 10.1.1.1/24
10.1.1.2/24
1.
Configure Switch A as the NQA client.
2.
Create and perform the FTP test on Switch A to check whether a connection between
Switch A and the FTP server can be set up and to check the time for downloading a file
from the FTP server.
Data Preparation
l
Source IP address for the test
Operation file of the FTP test
Procedure
Step 1 Configure the IP addresses of Switch A and Switch B. The configuration details are not
mentioned here.
Step 2 Configure Switch B as the FTP server.
<SwitchB> system-view
[SwitchB] ftp server enable
[SwitchB] aaa
[SwitchB-aaa] local-user user1 password cipher hello
[SwitchB-aaa] local-user user1 service-type ftp
[SwitchB-aaa] local-user user1 ftp-directory flash:
[SwitchB-aaa] quit
Step 3 Configure an NQA FTP test on Switch A.

[SwitchA] nqa test-instance admin ftp
Issue 01 (2011-10-26)

311

[SwitchA-nqa-admin-ftp]
6 NQA Configuration
test-type ftp
ftp-operation get
ftp-username user1
ftp-password hello
ftp-filename test.txt
Step 4 Perform the test.

[SwitchA-nqa-admin-ftp] start now

[SwitchA-nqa-admin-ftp] display nqa results test-instance admin ftp
1 . Test 1 result
SendProbe:1
ResponseProbe:1
Completion :success
Average RTT:656
Lost packet ratio:0 %
----End
Configuration Files
l

#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin ftp
test-type ftp
ftp-username user1
ftp-password hello
ftp-filename test.txt
ftp-operation get
#
return

#
sysname SwitchB
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
#
Issue 01 (2011-10-26)

312

FTP server
#
aaa
local-user
local-user
local-user
#
return
6 NQA Configuration
enable
user1 password cipher 3MQ*TZ,O3KCQ=^Q`MAF4<1!!
user1 service-type ftp
user1 ftp-directory flash:
6.20.3 Example for Configuring the FTP Upload Test

You are required to test the speed of uploading a file from Switch C to the FTP server.
Figure 6-5 Networking diagram for configuring the FTP upload test
SwitchA
Ethernet
0/0/1
SwitchB
Ethernet
Ethernet
0/0/1
0/0/2
VLANIF10 VLANIF10
FTP 10.1.1.1/24 10.1.1.2/24
Client
SwitchC
Ethernet
0/0/2
VLANIF20 VLANIF20
10.2.1.1/24 10.2.1.2/24 FTP
Server
1.
Configure Switch A as the NQA client and the FTP client. Create and perform the FTP test
on Switch A to check whether a connection between Switch A and the FTP server can be
set up and to test the time for uploading a file to the FTP server.
2.
A user with the name user1 and the password hello logs in to the FTP server to upload a
file whose size is 10k.
Data Preparation
l
Source IP address for the test
Size of the uploaded file
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Configure Switch C as the FTP server.
[SwitchC] ftp server enable
Issue 01 (2011-10-26)

313

[SwitchC] aaa
[SwitchC-aaa]
[SwitchC-aaa]
[SwitchC-aaa]
[SwitchC-aaa]
6 NQA Configuration
local-user user1 password cipher hello

local-user user1 service-type ftp
local-user user1 ftp-directory flash:
quit
Step 3 Configure an NQA FTP test on Switch A and create a file of 10K bytes for uploading.
[SwitchA] nqa test-instance admin ftp
[SwitchA-nqa-admin-ftp] test-type ftp
[SwitchA-nqa-admin-ftp] destination-address ipv4 10.2.1.2
[SwitchA-nqa-admin-ftp] source-address ipv4 10.1.1.1
[SwitchA-nqa-admin-ftp] ftp-operation put
[SwitchA-nqa-admin-ftp] ftp-username user1
[SwitchA-nqa-admin-ftp] ftp-password hello
[SwitchA-nqa-admin-ftp] ftp-filename nqa-ftp-test.txt
[SwitchA-nqa-admin-ftp] ftp-filesize 10

[SwitchA-nqa-admin-ftp] start now

# Verify the NQA test result on Switch A.
[SwitchA-nqa-admin-ftp] display nqa results test-instance admin ftp
1 . Test 1 result
SendProbe:1
ResponseProb:1
Completion :success
Average RTT:1157
Lost packet ratio:0 %
# On Switch C, you can see that a file named nqa-ftp-test.txt is added.

<SwitchC> dir
Directory of flash:
Idx
0
1
Attr
-rw-rw-
Size(Byte)
331
10240
Date
Time(LMT)
Feb 06 2009 18:34:34
Feb 06 2009 18:37:06
FileName
private-data.txt
nqa-ftp-test.txt
2540 KB total (1536 KB free)
----End
Configuration Files
l

#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
Issue 01 (2011-10-26)

314

6 NQA Configuration
nqa test-instance admin ftp

test-type ftp
ftp-filesize 10
ftp-username user1
ftp-password hello
ftp-filename nqa-ftp-test.txt
ftp-operation put
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

#
sysname SwitchB
#
vlan batch 10 20
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
#
#
#
return

#
sysname SwitchC
#
FTP server enable
#
vlan batch 20
#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
#
#
aaa
local-user user1 password cipher 3MQ*TZ,O3KCQ=^Q`MAF4<1!!
local-user user1 service-type ftp
local-user user1 ftp-directory flash:
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return
6.20.4 Example for Configuring the HTTP Test

As shown in Figure 6-6, Switch is connected to the HTTP server through a WAN.
Issue 01 (2011-10-26)

315

6 NQA Configuration
Figure 6-6 Networking diagram for configuring the HTTP test
HTTP Server
10.2.1.1/24
Switch
10.1.1.2/24
Ethernet0/0/1
VLANIF10
10.1.1.1/24
IP
Network
1.
Configure the Switch as the NQA client.
2.
Create and perform the HTTP test on the Switch to check whether the a connection between
the Switch and the HTTP server can be set up and to check the time for transferring a file
between them.
Data Preparation
l
Host address of the HTTP server
HTTP operation type
Procedure
Step 1 Configure reachable routes between Switch and HTTP Server. The configuration details are not
mentioned here.
Step 2 Enable the NQA client and create an NQA HTTP test.
[Quidway] nqa test-instance admin http
[Quidway-nqa-admin-http] test-type http
[Quidway-nqa-admin-http] destination-address ipv4 10.2.1.1
[Quidway-nqa-admin-http] http-operation get
[Quidway-nqa-admin-http] http-url www.huawei.com

[Quidway-nqa-admin-http] start now

[Quidway-nqa-admin-http] display nqa results test-instance admin http
NQA entry(admin, http) :testflag is inactive ,testtype is http
1 . Test 1 result
SendProbe:3
ResponseProbe:3
Completions: success
RTD OverThresholdsnumber: 0
TargetAddress: 10.2.1.1
DNSQueryError number: 0
HTTPError number: 0
TcpConnError number : 3
DNSRTT Sum/Min/Max:0/0/0
TCPConnectRTT Sum/Min/Max: 0/0/0
TransactionRTT Sum/Min/Max: 11/3/4
Issue 01 (2011-10-26)

316

6 NQA Configuration
RTT Sum/Min/Max/Avg: 18/5/7/6

DNSServerTimeout:0 TCPConnectTimeout:0
Lost packet ratio:0%
TransactionTimeout: 0
----End
Configuration Files
Configuration file of Switch
#
sysname quidway
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin http
test-type http
http-operation get
http-url www.huawei.com
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
6.20.5 Example for Configuring the DNS Test

As shown in Figure 6-7, Switch functions as the DNS client to access the host whose IP address
is 10.2.1.1/24 through a domain named server.com.
Figure 6-7 Networking diagram for configuring the DNS test
server.com
10.2.1.1/24
Switch
Ethernet
0/0/1 10.1.1.2/24
VLANIF100
10.1.1.1/24
IP
Network
DNS Server
10.3.1.1/24
Issue 01 (2011-10-26)

317

6 NQA Configuration
1.
Configure the Switch as the NQA client.
2.
Create and perform the DNS test on the Switch to check whether a connection between the
Switch and the DNS server can be set up and to check the speed of responding to an address
resolution request.
Data Preparation
l
IP address of the DNS server
Name of the host to be accessed
Procedure
Step 1 Configure reachable routes between Switch A and the DNS server, between Switch A and the
host to be accessed, and between the DNS server and the host to be accessed. The configuration
details are not mentioned here.
Step 2 Create an NQA DNS test.
[Quidway] dns server 10.3.1.1
[Quidway] nqa test-instance admin dns
[Quidway-nqa-admin-dns] test-type dns
[Quidway-nqa-admin-dns] dns-server ipv4 10.3.1.1
[Quidway-nqa-admin-dns] destination-address url server.com

[Quidway-nqa-admin-dns] start now

[Quidway] display nqa results test-instance admin dns
NQA entry(admin, dns) :testflag is inactive ,testtype is dns
1 . Test 1 result
Completion:success
Attempts number:1
Destination ip address:
10.3.1.1
----End
Configuration Files
Configuration file of Switch
#
sysname Quidway
#
dns server 10.3.1.1
Issue 01 (2011-10-26)

318

6 NQA Configuration
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin dns
test-type dns
destination-address url server.com
dns-server ipv4 10.3.1.1
#
ip route-static 10.3.1.0 255.255.255.0 10.1.1.2
#
return
6.20.6 Example for Configuring the Traceroute Test

The traceroute test is used to check the IP address of the VLANIF 110 interface of Switch C on
Switch A.
Figure 6-8 Networking diagram for configuring the traceroute test
Ethernet
Ethernet
Ethernet
Ethernet
0/0/1
0/0/1
0/0/2
0/0/1
VLANIF100 VLANIF100
VLANIF110 VLANIF110
10.1.1.1/24 10.1.1.2/24
10.2.1.1/24 10.2.1.2/24
SwitchA
SwitchB
SwitchC
1.
2.
Create and perform the traceroute test on Switch A to check the statistics on each hop from
Switch A to Switch C.
Data Preparation
l
Destination address for the traceroute test
Procedure
Issue 01 (2011-10-26)

319

6 NQA Configuration
Step 2 Create an NQA traceroute test on Switch A and set the destination IP address to 10.2.1.2.
[SwitchA] nqa test-instance admin trace
[SwitchA-nqa-admin-trace] test-type trace
[SwitchA-nqa-admin-trace] destination-address ipv4 10.2.1.2

[SwitchA-nqa-admin-trace] start now

# Verify the NQA test result on Switch A.
[SwitchA-nqa-admin-trace] display nqa results test-instance admin trace
NQA entry(admin, trace) :testflag is inactive ,testtype is trace
1 . Test 1 result
Completion:success
Attempts number:1
Last good path Time:2006-8-5 14:38:58.5
1 . Hop 1
2 . Hop 2
----End
Configuration Files
l

#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin trace
test-type trace
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

#
sysname SwitchB
Issue 01 (2011-10-26)

320

6 NQA Configuration
#
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
#
#
return

#
sysname SwitchC
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return
6.20.7 Example for Configuring the SNMP Query Test

As shown in Figure 6-9, SNMP agent is enabled on Switch C. The NQA SNMP query test is
used to measure the time from sending an SNMP query packet to receiving an Echo packet.
Figure 6-9 Networking diagram for configuring the SNMP query test
SwitchA
SwitchB
SwitchC
Ethernet
Ethernet
Ethernet
Ethernet
0/0/1
0/0/1
0/0/2
0/0/1
VLANIF110 VLANIF110
VLANIF100 VLANIF100
10.2.1.1/24 10.2.1.2/24
10.1.1.1/24 10.1.1.2/24
SNMP Agent
1.
2.
Create and perform the SNMP query test on Switch A.
Issue 01 (2011-10-26)

321

3.
6 NQA Configuration
Enable SNMP agent on Switch C.
Data Preparation
l
Host address of the SNMP agent
Procedure
Step 2 Enable SNMP agent on Switch C.
[SwitchC] snmp-agent
Step 3 Create an SNMP query test on Switch A.

[SwitchA] nqa test-instance admin snmp
[SwitchA-nqa-admin-snmp] test-type snmp
[SwitchA-nqa-admin-snmp] destination-address ipv4 10.2.1.2

[SwitchA-nqa-admin-snmp] start now

[SwitchA-nqa-admin-snmp] display nqa results test-instance admin snmp
NQA entry(admin, snmp) :testflag is inactive ,testtype is snmp
1 . Test 1 result
Completion:success
Attempts number:1
----End
Configuration Files
l

#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin snmp
test-type snmp
#
Issue 01 (2011-10-26)

322

6 NQA Configuration
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2

#
return

#
sysname SwitchB
#
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
#
#
return

#
sysname SwitchC
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
snmp-agent
snmp-agent local-engineid 000007DB7F00000100006294
snmp-agent sys-info version all
#
return
6.20.8 Example for Configuring the TCP Test

As shown in Figure 6-10, the NQA TCP Private test is used to obtain the time for setting up a
TCP connection between Switch A and Switch B.
Figure 6-10 Networking diagram for configuring the TCP test
SwitchA
SwitchB
SwitchC
Ethernet
Ethernet
Ethernet
Ethernet
0/0/1
0/0/1
0/0/2
0/0/1
VLANIF110 VLANIF110
VLANIF100 VLANIF100
10.2.1.1/24 10.2.1.2/24
10.1.1.1/24 10.1.1.2/24
NQA Server
Issue 01 (2011-10-26)

323

6 NQA Configuration
1.
Configure Switch A as the NQA client and configure Switch C as the NQA server.
2.
Configure the monitoring port number on the NQA server and create an NQA TCP test on
the NQA client.
Data Preparation
l
Host address of the server
Port number used to monitor the TCP service on the server
Procedure
Step 2 Configure the NQA server on Switch C.
# Configure the IP address and port number used to monitor TCP connections on the NQA server.
[SwitchC] nqa-server tcpconnect 10.2.1.2 9000
Step 3 # Configure Switch A.

# Enable the NQA client and create a TCP Private test.
[SwitchA] nqa test-instance admin tcp
[SwitchA-nqa-admin-tcp] test-type tcp
[SwitchA-nqa-admin-tcp] destination-address ipv4 10.2.1.2
[SwitchA-nqa-admin-tcp] destination-port 9000

[SwitchA-nqa-admin-tcp] start now

[SwitchA-nqa-admin-tcp] display nqa results test-instance admin tcp
NQA entry(admin, tcp) :testFlag is inactive ,testtype is tcp
1 . Test 1 result
Completion:success
Attempts number:1
----End
Configuration Files
l
Issue 01 (2011-10-26)

324

6 NQA Configuration
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin tcp
test-type tcp
destination-port 9000
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

#
sysname SwitchB
#
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
#
#
return

#
sysname SwitchC
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
#
nqa-server tcpconnect 10.2.1.2 9000
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return
6.20.9 Example for Configuring the UDP Test

As shown in Figure 6-11, the NQA UDP Public test is used to obtain RTT of a UDP packet
transmitted between Switch A and Switch C.
Issue 01 (2011-10-26)

325

6 NQA Configuration
Figure 6-11 Networking diagram for configuring the UDP test
SwitchA
SwitchB
SwitchC
Ethernet
Ethernet
Ethernet
Ethernet
0/0/2
0/0/1
0/0/1
0/0/1
VLANIF100 VLANIF100
VLANIF110 VLANIF110
10.1.1.1/24 10.1.1.2/24
10.2.1.1/24 10.2.1.2/24
NQA Server
1.
2.
Configure the monitoring port number on the NQA server and create an NQA UDP Public
test on the NQA client.
Data Preparation
l
Port number used to monitor the UDP service on the server
Procedure
# Configure the IP address and UDP port number monitored by the NQA server.
[SwitchC] nqa-server udpecho 10.2.1.2 6000

# Enable the NQA client and create a UDP Public test.
[SwitchA] nqa test-instance admin udp
[SwitchA-nqa-admin-udp] test-type udp
[SwitchA-nqa-admin-udp] destination-address ipv4 10.2.1.2
[SwitchA-nqa-admin-udp] destination-port 6000

[SwitchA-nqa-admin-udp] start now

[SwitchA-nqa-admin-udp] display nqa results test-instance admin udp
NQA entry(admin, udp) :testflag is inactive ,testtype is udp
1 . Test 1 result
Completion:success
Attempts number:1
Issue 01 (2011-10-26)

326

6 NQA Configuration
----End
Configuration Files
l

#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin udp
test-type udp
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

#
sysname SwitchB
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
#
#
return

#
sysname SwitchC
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
#
nqa-server udpecho 10.2.1.2 6000
#
Issue 01 (2011-10-26)

327

6 NQA Configuration
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1

#
return
6.20.10 Example for Configuring the Jitter Test

As shown in Figure 6-12, the NQA Jitter test needs to be used to obtain the jitter time of
transmitting a packet from Switch A to Switch C. Switch A and Switch C synchronize the clock
from Switch B so that the test precision is improved.
NOTE
For information about clock synchronization, see "NTP" in the Quidway S3700 Series Ethernet Switches
Feature Description - Network Management.
Figure 6-12 Networking diagram for configuring the Jitter test

SwitchAEthernet
0/0/1
VLANIF100
10.1.1.1/24
Ethernet SwitchB Ethernet EthernetSwitchC

0/0/2
0/0/1
0/0/1
VLANIF100
VLANIF110 VLANIF110
10.1.1.2/24
10.2.1.1/24 10.2.1.2/24 NQA Server
1.
Configure Switch C as the NTP client and configure Switch B as the NTP server.
2.
3.
Configure the service type and port number monitored by the NQA server.
4.
Create and perform the NQA Jitter test on the NQA client.
Data Preparation
l
Port number used to monitor the UDP service on the server
Procedure
# Configure the IP address and UDP port number monitored by the NQA server.
Issue 01 (2011-10-26)

328

6 NQA Configuration

# Enable the NQA client and create an NQA Jitter test.
[SwitchA] nqa test-instance admin jitter
[SwitchA-nqa-admin-jitter] test-type jitter
[SwitchA-nqa-admin-jitter] destination-address ipv4 10.2.1.2
[SwitchA-nqa-admin-jitter] destination-port 9000

[SwitchA-nqa-admin-jitter] start now

[SwitchA-nqa-admin-jitter] display nqa results test-instance admin jitter
NQA entry(admin, jitter) :testflag is inactive ,testtype is jitter
1 . Test 1 result
SendProbe:60
ResponseProbe:60
Completion:success
RTT Square Sum:23037
NumOfRTT:60
Min Positive SD:1
Min Positive DS:1
Max Positive SD:96
Max Positive DS:8
Positive SD Sum:172
Positive DS Sum:18
Min Negative SD:1
Min Negative DS:1
Max Negative SD:20
Max Negative DS:10
Negative SD Sum:163
Negative DS Sum:28
Min Delay SD:0
Min Delay DS:0
Avg Delay SD:3
Avg Delay DS:3
Max Delay SD:49
Max Delay DS:48
Packet Loss SD:0
Packet Loss DS:0
NumberOfOWD:60
OWD SD Sum:206
OWD DS Sum:195
TimeStamp unit: ms
----End
Configuration Files
l

#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin jitter
test-type jitter
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
Issue 01 (2011-10-26)

329

6 NQA Configuration
#
return

#
sysname SwitchB
#
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
#
#
return

#
sysname SwitchC
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
#
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return
6.20.11 Example for Configuring an ICMP Jitter Test

This part provides examples for configuring an ICMP jitter test to measure jitter on the network.
A server is not required in an ICMP jitter test and the peer device in the test instance can be nonHuawei devices.
Switch A serves as the NQA client to test the jitter of the network between Switch A and Switch
B.
Figure 6-13 Networking diagram of an ICMP jitter test
Ethernet0/0/1
VLANIF10
10.1.1.1/24
SwitchA
Issue 01 (2011-10-26)
Ethernet0/0/1
VLANIF10
10.1.1.2/24
SwitchB

330

6 NQA Configuration
1.
Configure Switch A as the NQA client and create an ICMP jitter test instance on Switch
A.
2.
Configure Switch B as the NQA server.
Data Preparation
l
IP address of Switch B
Procedure
Step 1 Configure a reachable route between Switch A and Switch B.
The configuration details are not mentioned here.
Step 2 Configure an NQA test instance for Switch A.
# Enable the NQA client and configure the ICMP jitter test instance.
<RouterA> system-view
[RouterA] nqa test-instance admin icmpjitter
[RouterA-nqa-admin-icmpjitter] test-type icmpjitter
[RouterA-nqa-admin-icmpjitter] destination-address ipv4
10.1.1.2
Step 3 Start the test.

[RouterA-nqa-admin-icmpjitter] start now
Step 4 Check test results.

[RouterA-nqa-admin-icmpjitter] display nqa results test-instance admin icmpjitter
NQA entry(admin, icmpjitter) :testflag is inactive ,testtype is icmpjitter
1 . Test 1 result
SendProbe:60
ResponseProbe:60
Completion :success
OWD OverThresholds SD number:0
OWD OverThresholds DS number:0
RTT Square Sum:77
NumOfRTT:60
Min Positive SD:1
Min Positive DS:1
Max Positive SD:3
Max Positive DS:1
Positive SD Sum:22
Positive DS Sum:15
Min Negative SD:1
Min Negative DS:1
Max Negative SD:2
Max Negative DS:1
Negative SD Sum:22
Negative DS Sum:14
Min Delay SD:0
Min Delay DS:0
Max Delay SD:1
Max Delay DS:1
Delay SD Square Sum:4
Delay DS Square Sum:1
Packet Loss SD:0
Packet Loss DS:0
Average of Jitter:1
Average of Jitter SD:1
Average of Jitter DS:1
NumberOfOWD:60
Packet Loss Ratio: 0%
Issue 01 (2011-10-26)

331

OWD SD Sum:4
ICPIF value: 0
TimeStamp unit: ms
6 NQA Configuration
OWD DS Sum:1
MOS-CQ value: 0
----End
Configuration Files
l

#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin icmpjitter
#
return

#
sysname SwitchB
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
#
return
6.20.12 Example for Configuring the Test of Sending NQA

Threshold Traps to the NMS
As shown in Figure 6-14, the trap threshold are configured and the function of sending trap
messages is enabled when a Jitter test is configured. After the Jitter test is complete, Switch A
sends a trap message to the NMS when the interval for transmitting the test packet from
Switch A to Switch C or from Switch C to Switch A exceeds the configured unidirectional
transmission threshold, or when the RTT of the test packet exceeds the configured bidirectional
transmission threshold. Network administrators can view the cause of a trap in the trap message
received by the NMS.
Issue 01 (2011-10-26)

332

6 NQA Configuration
Figure 6-14 Network diagram for configuring the NQA threshold
Ethernet0/0/2
VLANIF110
20.1.1.1/24
SwitchA
NM Station
20.1.1.2/24
Ethernet0/0/1
SwitchB
Ethernet0/0/1
VLANIF130 SwitchC
VLANIF120
30.1.1.2/24
10.1.1.1/24
Ethernet0/0/2
Ethernet0/0/1
VLANIF130
VLANIF120
30.1.1.1/24 NQA Server
10.1.1.2/24
NOTE
For the information about clock synchronization, see "NTP" in the Quidway S3700 Series Ethernet
Switches Feature Description - Network Management.
1.
Configure a Jitter test.
2.
Configure the NQA thresholds.
3.
Enable the function of sending trap messages.
4.
Configure the function of sending trap messages to the NMS.
Data Preparation
l
IP address and port number of the server-side host.
Type of the monitored service and monitoring port number
RTD threshold and OWD threshold
IP address of the NMS
Procedure
Step 2 Configure a Jitter test.
# Configure the IP address and UDP port number monitored by the NQA server on Switch C.
# # Enable the NQA client on Switch A and create an NQA Jitter test on it.
Issue 01 (2011-10-26)

333

6 NQA Configuration
[SwitchA-nqa-admin-jitter] test-type jitter

[SwitchA-nqa-admin-jitter] destination-address ipv4 30.1.1.2
[SwitchA-nqa-admin-jitter] destination-port 9000
Step 3 Configure the NQA thresholds.

# Configure the RTD threshold on Switch A.
[SwitchA-nqa-admin-jitter] threshold rtd 20
Step 4 Enable the function of sending trap messages.

[SwitchA-nqa-admin-jitter] send-trap rtd
[SwitchA-nqa-admin-jitter] quit
Step 5 Configure the function of sending trap messages to the NMS.

[SwitchA] snmp-agent trap enable
[SwitchA] snmp-agent sys-info version v2c
[SwitchA] snmp-agent target-host trap address udp-domain 20.1.1.2 params
securityname public v2c

[SwitchA-nqa-admin-jitter] start now
[SwitchA-nqa-admin-jitter] quit
[SwitchA] quit

# Verify the NQA test result of each Switch.
<SwitchA> display nqa results
NQA entry(test, jitter) :testflag is inactive ,testtype is jitter
1 . Test 1 result
Send operation times:3000
Receive response times:3000
Completion :success
RTD RTD OverThresholds number:25
RTT Square Sum:5665
NumOfRTT:3000
Min Positive SD:1
Min Positive DS:0
Max Positive SD:27
Max Positive DS:0
Positive SD Sum:2128
Positive DS Sum:0
Min Negative SD:1
Min Negative DS:1
Max Negative SD:16
Max Negative DS:2
Negative SD Sum:129
Negative DS Sum:1998
Min Delay SD:0
Min Delay DS:0
Avg Delay SD:0
Avg Delay DS:0
Max Delay SD:13
Max Delay DS:12
Packet Loss SD:0
Packet Loss DS:0
Average of Jitter:1
NumberOfOWD:0
OWD SD Sum:81
OWD DS Sum:62
TimeStamp unit: ms
# Verify that a trap message is generated in the trap buffer.

Issue 01 (2011-10-26)

334

6 NQA Configuration
#Jul 9 00:28:34 2009 Quidway NQA/4/RTDTHRESHOLD:OID
1.3.6.1.4.1.2011.5.25.111.6.16 NQA entry RTD over threshold. (OwnerIndex=admin,
TestName=jitter)
#Jul 9 00:28:34 2009 Quidway NQA/4/SDTHRESHOLD:OID 1.3.6.1.4.1.2011.5.25.111.6.17
NQA entry OWD-SD over threshold. (OwnerIndex=admin, TestName=jitter)
#Jul 9 00:28:34 2009 Quidway NQA/4/DSTHRESHOLD:OID 1.3.6.1.4.1.2011.5.25.111.6.
18 NQA entry OWD-DS over threshold. (OwnerIndex=admin, TestName=jitter)
# Verify that the NMS can receive the trap message successfully. The displayed information is
not provided here.
----End
Configuration Files
l

#
sysname SwitchA
#
vlan batch 110 120
#
interface Vlanif110
ip address 20.1.1.1 255.255.255.0
#
interface Vlanif120
ip address 10.1.1.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.0
#
nqa test-instance test jitter
test-type jitter
threshold rtd 20
send-trap rtd
#
snmp-agent
snmp-agent local-engineid 000007DB7F00000100007B29
snmp-agent sys-info version v2c v3
public v2c
#
return

#
sysname SwitchB
#
vlan batch 120 130
#
interface Vlanif120
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif130
Issue 01 (2011-10-26)

335

6 NQA Configuration
ip address 30.1.1.1 255.255.255.0

#
#
#
ospf 1
area 0.0.0.1
network 10.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return

#
sysname SwitchC
#
vlan batch 130
#
interface Vlanif130
ip address 30.1.1.2 255.255.255.0
#
#
#
ospf 1
area 0.0.0.1
network 30.1.1.0 0.0.0.255
#
return
Issue 01 (2011-10-26)

336

7 RMON Configuration
RMON Configuration
About This Chapter

This chapter describes how to monitor the Ethernet interface through Remote Network
Monitoring (RMON).
7.1 Introduction to RMON
This part describes working principles of RMON.
7.2 RMON Suported by the S3700
This part describes the support for RMON on the S3700.
7.3 Configuring RMON
This section describes how to monitor the network status and traffic through RMON.
7.4 Maintaining RMON
When an RMON operation fault occurs, you can run the debuggingcommand in the user view
to locate the fault and analyze its cause.
This section provides several configuration examples of RMON and RMON2.
Issue 01 (2011-10-26)

337

7.1 Introduction to RMON

This part describes working principles of RMON.
RMON
RMON is implemented based on the Simple Network Management Protocol (SNMP)
architecture, and is compatible with the existing SNMP framework. There are two concepts
involved in RMON, namely, the Network Management Workstation (NM Station) and the agent.
A RMON agent collects statistics of various traffic in a network, including the number of packets
on a network segment within a period and the number of correct packets sent to a host.
Compared with SNMP, RMON monitors remote network devices more efficiently and actively.
It provides an efficient solution to monitor the running of sub-networks, which reduces the
communication traffic between the NM Station and the agent. Large-sized networks can thus be
managed in a simple and effective manner.
RMON allows multiple monitors. It collects data in the following ways:
l
Use a dedicated RMON Probe.

The NM Station obtains management information directly from the RMON Probe and
controls network resources. This ensures that the NM Station can obtain overall information
on the RMON MIB.
Embed a RMON agent into a network device (a switch for example) to enable the device
to be of the RMON Probe capability.
The NM Station uses the basic SNMP commands for exchanging data with the RMON
agent and collecting the network management information. This process is restricted by
device resources and hence the NM Station collects only information on four groups (alarm,
event, history, and statistics) and not the complete information on the RMON MIB.
Currently, the S3700 implements the monitoring and statistics collection function only on the
Ethernet interfaces of network devices.
7.2 RMON Suported by the S3700

This part describes the support for RMON on the S3700.
Features of RMON
The S3700 implements RMON by embedding agent modules to network devices to form a
complete system with other modules. The RMON NM Station is completely compatible with
the SNMP NM Station; so, the administrator can handle it properly without additional training.
RMON in the S3700 supports four groups, namely, statistics, history, alarm, and event, as
defined in RFC 2819, and a Performance-MIB defined by Huawei. The following describes each
group.
l
Statistic group
The statistics group collects the basic statistics of each monitored sub-network. The
statistics include date flows on a network segment, distribution of various packets, error
frames, and collisions.
Issue 01 (2011-10-26)

338

The statistics group has one table: ethernetStatsTable.

NOTE
The RMON statistics result is not consistent with the output of the display interface command.
Although data is collected from the bottom layer in both the cases, the RMON information is more
comprehensive.
History group
A history group periodically collects the network state statistics and stores them for future
reference. The history group has the following tables:
historyControlTable: is used to set the control information, such as sampling intervals.
etherHistoryTable: provides network administrators with other history statistics, such
as the traffic on a network segment, error packets, broadcast packets, utilization, and
collisions.
Each entry in the historyControlTable corresponds to a maximum of 10 pieces of history
records in the etherHistoryTable. The previous pieces are overwritten in a circular
manner if the threshold of records in etherHistoryTable is crossed.
Alarm group
An alarm group allows predefining a set of thresholds for alarm variables (any object in
the local MIB). A monitor records logs or sends trap messages to the NM Station when the
sampled data in a certain direction crosses a threshold.
As defined in RFC 2819, the alarm function has a hysteresis mechanism to limit the
generation of alarms. If this mechanism is adopted, an alarm event is generated when the
sampled data in a direction crosses the threshold. No more events will be generated until
the sampled data in the opposite direction crosses the threshold.
The S3700 does not apply this mechanism because it will not generate the alarms for a long
period. For the S3700, the alarms are re-generated if the smapling value turns to the noraml
threshold.
The alarm group contains one table: alarmTable.
Event group
An event group stores all the events generated by the RMON agent in a table. It records
logs or sends trap messages to the NM Station when an event occurs.
The event group implements the output of three events: log, trap, and log-trap. Each event
entry corresponds to a maximum of 10 pieces of logs. The previous logs are overwritten in
a circular manner if the threshold of logs is crossed.
The event group has two tables: eventTable and logTable.
Performance-MIB
The RMON prialarm group is an enhancement of alarmTable defined in RFC 2819.
Compared with the alarmTable, the RMON prialarm group supports the setting of alarm
objects and time spans of alarm entries through expressions.
The RMON Performance-MIB has one table: prialarmTable.
In the S3700, to save system resources, each entry is given a specific time span. The time
span indicates the period for an entry to keep the invalid state. The entry is deleted when
the time span goes down to 0.
Table 7-1 shows the capacity of various tables and the maximum time span of each table.
Issue 01 (2011-10-26)

339

Table 7-1 Time span of each table

Table
Entry Capacity (Byte)
Maximum Time Span(s)
ethernetStatsTable
100
600
historyControlTable
100
600
alarmTable
60
6000
eventTable
60
600
logTable
600
prialarmTable
50
6000
NOTE
logTable does not have a time span. Each log entry can have a maximum of 10 pieces of logs. The
excessive logs supersede the older ones in a circular manner.
When an interface board or an interface card is removed, the corresponding entries in the
ethernetStatsTable and historyControlTable become invalid. If the time spans of tables are
respectively set to 600s, the entries in the tables are deleted when the time spans go down
to 0.
If an interface is added before its corresponding entries are deleted from the table, these
entries can take effect again.
7.3 Configuring RMON

This section describes how to monitor the network status and traffic through RMON.

Before configuring RMON, familiarize yourself with the applicable environment, complete the
pre-configuration tasks, and obtain the required data. This can help you complete the
To monitor network status and collect traffic statistics on a network segment, you can configure
RMON.
Enabling the RMON function does not need any special requirement. You can enable it in
advance, or configure it when you suspect that the traffic of the sub-network where interface
resides is abnormal. You can configure RMON depending on actual situations.
It is recommended to configure the statistics table in advance, configure two history control
policies on the interface where the traffic is abnormal, configure the alarm for one or more
suspicious entries, set the high and low thresholds, and view the alarm information.
NOTE
RMON only stores traffic statistics and information or abnormalities but cannot avoid the generation of
these statistics or information. To clear abnormalities, you need to adopt the other management measures.
Issue 01 (2011-10-26)

340

Before configuring RMON, complete the following tasks:
l
Configuring parameters for Ethernet interfaces
Configuring basic SNMP functions
Data Preparation
To configure RMON, you need the following data.
No.
Data
Interface on which the statistics function is enabled
Statistics table to be used and related parameters
HistoryControl table to be used and related parameters
Event table to be used and related parameters
Alarm table to be used and related parameters
Prialarm table to be used and related parameters
7.3.2 Enabling the RMON Statistics Function on the Interface

You need to enable traffic statistics function on the interface where traffic statistics are collected.
If the traffic statistics function is not enabled on the interface, statistics values of in both
ethernetStatsTable and HistoryControlTable are 0.
Context
Do as follows on the switch on which traffic statistics should be collected:
Procedure
Step 1 Run:
system-view

Step 2 Run:
interface { ethernet | gigabitethernet } interface-number

Step 3 Run:
rmon-statistics enable
The RMON statistics function is enabled on the interface.

If the statistics function is not enabled on the interface, the statistics value in ethernetStatsTable
and historyControlTable of RMON is 0.
----End
Issue 01 (2011-10-26)

341

7.3.3 Configuring the ethernetStatsTable

EthernetStatsTable records traffic information that RMON collects on interfaces.
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
interface { ethernet | gigabitethernet } interface-number

Step 3 Run:
rmon statistics entry-number [ owner owner-name ]
The ethernetStatsTable is configured.

To monitor the statistics of an interface on a device, a network administrator needs to create a
table entry for this interface and specify the interface OID, entry index, and entry state. The
network administrator can then read the corresponding entry to obtain the latest statistics.
----End
7.3.4 Configuring the HistoryControlTable

HistoryControlTable provides the historical data management function. With this function, you
can sample traffic of a certain interface, set the maximum number of items to be saved and the
sampling interval, collect traffic statistics on the specific interface periodically, and save the
statistics to etherHistoryTable for future use.
Context
The history data management supports the setting of sampling, sampling interval, and saving
quantity for the traffic passing through a specified port. RMON periodically collects statistics
of the port and saves them to etherHistoryTable for future reference.
As recommended by the RMON specifications, each monitored interface should be configured
with more than two history control entries. One entry is sampled every 30 seconds while another
entry is sampled every 30 minutes.
The short sampling interval enables a monitor to probe the sudden changes of traffic modes, and
the long sampling interval is applicable if the interface status is relatively stable.
Currently, the S3700 reserves up to 10 pieces of the latest records for each history control entry.
NOTE
To reduce the effect on the performance of the system, the sampling interval of the history table should be
longer than 10 seconds, and the same port should not be configured with too many history control entries
and alarm entries.
Issue 01 (2011-10-26)

342

Procedure
Step 1 Run:
system-view

Step 2 Run:
interface { ethernet | gigabitethernet |
} interface-number

Step 3 Run:
rmon history entry-number buckets number interval sampling-interval [ owner ownername ]
The historyControlTable is configured.

----End
7.3.5 Configuring the EventTable

After EventTable is configured, when the number of events exceeds the alarm threshold, the
router generates logs, sends traps, or generates logs and sends traps.
Context
Do as follows on the switch that is monitored:
The RMON event management module is responsible for adding events to the corresponding
rows in the eventTable and defining the methods of processing events:
l
log: sending only logs
log-trap: sending both logs and trap messages to the NM Station
none: marking that no event occurs
trap: sending trap messages to the NM Station
Procedure
Step 1 Run:
system-view

Step 2 Run:
rmon event entry-number [ description string ] { log | trap object | log-trap
object | none } [ owner owner-name ]
The eventTable is configured.

----End
Issue 01 (2011-10-26)

343

7.3.6 Configuring the AlarmTable

The RMON alarm management function monitors a specified trap variable identified by its OID
at a specified sampling interval. When the monitored variable exceeds the defined threshold, an
alarm is generated.
Context
The RMON alarm management is responsible for monitoring a specified alarm variable
(identified by OID) at a specified sampling interval. An alarm event occurs when the monitored
variable exceeds the defined threshold. Generally, the event is recorded in the log table, or
RMON sends a trap message to the NM Station.
If the events that correspond to the alarm upper limit and lower limit (event-entry1, evententry2) are not configured in the eventTable, an alarm is not generated even if the alarm condition
is satisfied. At this time, the status of alarm recording is undercreation and not VALID.
If an event corresponding to either the alarm upper limit or the alarm lower limit is configured,
an alarm is triggered once the alarm condition is satisfied. At this time, the status of alarm
recording is VALID. If an incorrect alarm variable is configured (for example, an inexistent OID
is specified), the status of alarm recording is undercreation and no alarm is generated.
Do as follows on the switch that is monitored:
Procedure
Step 1 Run:
system-view

Step 2 Run:
rmon alarm entry-number alarm-OID sampling-time { absolute | changeratio | delta }
rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2
event-entry2 [ owner owner-name ]
The alarmTable is configured.

----End
7.3.7 Configuring the PrialarmTable

Compared with AlarmTable, PrialarmTable is enhanced with the function of setting the trap
object through an expression.
Context
Do as follows on the switch that is monitored.
Procedure
Step 1 Run:
system-view

Issue 01 (2011-10-26)

344

Step 2 Run:
rmon prialarm entry-number prialarm-formula description-string sampling-interval
{ absolute | changeratio | delta } rising-threshold threshold-value1 event-entry1
falling-threshold threshold-value2 event-entry2 entrytype { cycle entry-period |
forever } [ owner owner-name ]
The prialarmTable is configured.

Based on the alarmTable in RFC 2819, the RMON prialarm management is enhanced with two
functions: setting the alarm object in the form of expressions and limiting the time to live (TTL)
value of a prialarm entry.
Compared with the alarmTable, the prialarmTable has several additional entries:
l Expression of alarm variables. It can be an arithmetic expression composed of the OIDs of
alarm variables, +, -, *, / or brackets.
l Description of the prialarm entry in a character string.
l Prialarm state period, in seconds. It must be larger than the sampling interval.
l Two prialarm state types: Forever or Cycle. If Cycle is set, an alarm does not occur and the
entry is deleted after the specified prialarm state period.
If the events that correspond to the alarm upper limit and lower limit (event-entry1, evententry2) are not configured in the eventTable, an alarm does not occur even if the alarm conditions
are satisfied. (The alarm record is in the undercreation state rather than in the VALID state.)
If either the alarm upper limit event or the alarm lower limit event is configured, the alarm is
triggered once the conditions for an alarm are satisfied. (The alarm record is in the VALID state.)
----End

After configuring RMON, you can view the traffic statistics collected by RMON.
Prerequisite
The configurations of the RMON are complete.
Procedure
l
Run the display rmon alarm [ entry-number ] command to view the RMON alarm
information.
Run the display rmon event [ entry-number ] command to view the RMON events.
Run the display rmon eventlog [ entry-number ] command to view the RMON event logs.
Run the display rmon history [ ethernet interface-number | gigabitethernet interfacenumber ] command to view the RMON history information.
Run the display rmon prialarm [ entry-number ] command to view the information of the
RMON prialarmTable.
Run the display rmon statistics [ ethernet interface-number | gigabitethernet interfacenumber ] command to view the RMON statistics.
----End
Issue 01 (2011-10-26)

345

Example
Run the display rmon alarm command. If information about the alarm table is displayed, it
means that the configuration succeeds.
<Quidway> display rmon alarm 1
Alarm table 1 owned by Test300 is VALID.
Samples absolute value
: 1.3.6.1.2.1.16.1.1.1.6.1 <etherStatsBroadcastPkts.1>
Sampling interval
: 30(sec)
Rising threshold
: 500(linked with event 1)
Falling threshold
When startup enables
: risingOrFallingAlarm
Latest value
: 1975
Run the display rmon event command. If information about the event table is displayed, it
<Quidway> display rmon event
Event table 1 owned by Test300 is VALID.
Description: null.
Will cause log when triggered, last triggered at 0days 00h:24m:10s.
Description: forUseofPrialarm.
Will cause snmp-trap when triggered, last triggered at 0days 00h:26m:10s.
Run the display rmon eventlog command. If information about the event logs is displayed, it
<Quidway> display rmon eventlog
Generates eventLog 1.1 at 0days 00h:39m:30s.
Description: The 1.3.6.1.2.1.16.1.1.1.6.1 defined in alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
Run the display rmon history command to display the RMON history.
<Quidway> display rmon history
History control entry 1 owned by Test300 is VALID,
Samples interface
: Ethernet0/0/1<ifEntry.402653698>
Sampling interval
: 30(sec) with 10 buckets max.
Last Sampling time
: 0days 00h:09m:43s
Latest sampled values :
octets
:645
, packets
:7
broadcast packets
:7
, multicast packets :0
undersize packets
:6
, oversize packets :0
fragments packets
:0
, jabbers packets
:0
CRC alignment errors :0
, collisions
:0
Dropped packet:
:0
, utilization
:0
Run the display rmon prialarm command. If information about the extended alarm table is
displayed, it means that the configuration succeeds.
<Quidway> display rmon prialarm 1
Prialarm table 1 owned by Test300 is VALID.
Samples delta value
: .1.3.6.1.2.1.16.1.1.1.6.1+.1.3.6.1.2.1.16.1.1.1.7.1
Sampling interval
: 30(sec)
Rising threshold
Falling threshold
This entry will exist
: forever.
Latest value
: 16
Run the display rmon statistics command to display the RMON statistics.
<Quidway> display rmon statistics
Statistics entry 1 owned by Test300 is VALID.
Interface : GigabitEthernet<ifEntry.402653698>
Received :
octets
:142915224 , packets
:1749151
broadcast packets
:11603
, multicast packets:756252
undersized packets :0
, oversized packets:0
Issue 01 (2011-10-26)

346

fragments packets
:0
, jabbers packets :0
CRC alignment errors:0
, collisions
:0
Dropped packet (insufficient resources):1795
Packets received according to length (octets):
64
:150183
, 65-127 :150183
, 128-255 :1383
256-511:3698
, 512-1023:0
, 1024-1518:0
7.4 Maintaining RMON

When an RMON operation fault occurs, you can run the debuggingcommand in the user view
to locate the fault and analyze its cause.
Context
CAUTION
When an RMON fault occurs, run the following debugging command in the user view to locate
the fault.
For the description about the debugging commands, refer to the Quidway S3700 Series Ethernet
Switches Debugging Reference.
Perform the configuration in the user view.
Procedure
l
Run the debugging rmon to enable RMON debugging.
----End

This section provides several configuration examples of RMON and RMON2.
7.5.1 Examples for Configuring RMON

Ethernet0/0/1 on the Switch belongs to a VLAN.
As shown in Figure 7-1, it is required that the network connected to Ethernet0/0/1 be monitored
to obtain real-time and history statistics of broadcast, multicast, and unknown unicast packets
on the network.
If the number of broadcast, multicast, and unknown unicast packets in the VLAN becomes
abnormal, the Switch sends a Trap message to the NMS.
Issue 01 (2011-10-26)

347

Figure 7-1 Networking diagram of configuring RMON
Ethernet
0/0/1
.....
.
IP
Network
PC
Switch
NMS
PC
VLAN
To send a Trap message to the NMS, you need to use SNMP commands to enable the Trap
function and set a corresponding community name. For details, refer to the chapter SNMP
Configuration.
l
Enable the statistics function.
Configure the etherStatsTable.
Configure the historyControlTable.
Configure the eventTable.
Configure the alarmTable.
Data Preparation
l
Interval for sampling data
Threshold for triggering alarms
Community name for communicating with the NMS
Configuration Procedure
1.
Configure reachable routes between the Switch and the NMSs. The configuration procedure
is not mentioned.
2.
Enable the statistics function.

# Enable the RMON statistics function on the interface.
<Switch> system-view
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] rmon-statistics enable
# Configure the etherStatsTable.

[Switch-Ethernet0/0/1] rmon statistics 1 owner User01
# Verify the configuration. You can check the traffic on the subnet.
[Switch-Ethernet0/0/1] display rmon statistics ethernet 0/0/1
Issue 01 (2011-10-26)

348

Statistics entry 1 owned by User01 is VALID.Received :

Interface : Ethernet0/0/1<ifEntry.514>
Received :
octets
:156
, packets
:1
broadcast packets
:0
, multicast packets:1
undersized packets :0
, oversized packets:0
fragments packets
:0
, jabbers packets :0
CRC alignment errors:0
, collisions
:0
Dropped packet (insufficient resources):0
Packets received according to length (octets):
64
:0
, 65-127 :0
, 128-255 :1
256-511:0
, 512-1023:0
, 1024-1518:0
3.
# Configure Switch.
# Sample the traffic on the subnet every 30 seconds and save the latest 10 history entries.
[Switch-Ethernet0/0/1] rmon history 1 buckets 10 interval 30 owner User01
# Verify the configuration. Only the last sampling record is displayed through CLI. To
display all the history records, use the special NMS software.
[Switch-Ethernet0/0/1] quit
[Switch] display rmon history ethernet 0/0/1
History control entry 1 owned by User01 is VALID
Samples interface
: Ethernet0/0/1<ifEntry.514>
Sampling interval
: 30(sec) with 10 buckets max
Last Sampling time
: 0days 01h:56m:21s
Latest sampled
values :
octets
:11385
, packets
0
broadcast packets
:0
, multicast packets
9
undersize packets
:0
, oversize packets
0
fragments packets
:0
, jabbers packets
0
, collisions
0
Dropped packet:
:0
, utilization
0
History
record:
Record No.1 (Sample time: 1days 07h:37m:
29s)
octets
:11182
, packets
0
broadcast packets
:0
, multicast packets
8
undersize packets
:0
, oversize packets
0
fragments packets
:0
, jabbers packets
0
, collisions
0
Dropped packet:
:0
, utilization
4.
:
:
:
:
:
:
:
:
:
:
:
:0
Configure the eventTable.

# Set the device to record logs for RMON event 1.
[Switch] rmon event 1 description logevent log owner User01
# Set the device to send Trap messages to the NMS for RMON event 2 and set the
community name to public.
[Switch] rmon event 2 description prialarmevent trap public owner User01
# Display the alarms.

[Switch] display rmon event
Event table 1 owned by User01 is VALID.
Description: logevent.
Issue 01 (2011-10-26)

349

Will cause log when triggered, last triggered at 0days 00h:00m:00s.

Event table 2 owned by User01 is VALID.
Description: prialarmevent.
Will cause snmp-trap when triggered, last triggered at 0days 00h:00m:00s.
5.
Configure the alarmTable for broadcast packets.

# Sample the broadcast packets every 30 seconds. Trigger event 1 when 10000 or more
broadcast packets are received. Trigger event 2 when 100 broadcast or less broadcast
packets are received.
[Switch] rmon alarm 1 1.3.6.1.2.1.16.1.1.1.6.1 30 absolute rising-threshold
10000 2 falling-threshold 100 1 owner User01

[Switch] display rmon alarm 1
Alarm table 1 owned by User01 is VALID.
Samples absolute value : 1.3.6.1.2.1.16.1.1.1.6.1<etherStatsBroadcastPkts.
1>
Sampling interval
: 30(sec)
Rising threshold
Falling threshold
Latest value
: 0
6.
Configure the alarmTable for multicast packets.

# Sample the multicast packets every 30 seconds. Trigger event 1 when 50000 or more
multicast packets are received. Trigger event 2 when 100 or less multicast packets are
received.
[Switch] rmon alarm 2 1.3.6.1.2.1.16.1.1.1.7.1 30 absolute rising-threshold

Alarm table 2 owned by User01 is VALID.
Samples absolute value : 1.3.6.1.2.1.16.1.1.1.7.1<etherStatsMulticastPkts.
1>
Sampling interval
: 30(sec)
Rising threshold
Falling threshold
Latest value
: 0
7.
Configure the alarmTable for unknown unicast packets.

# Sample the unicast packets every 30 seconds. Trigger event 1 when 1000 or more unicast
packets are received. Trigger event 2 when 10 or less unicast packets are received.
[Switch] rmon alarm 3 1.3.6.1.2.1.2.2.1.12.898 30 absolute rising-threshold

Alarm table 3 owned by User01
Samples
absolute value :
Sampling interval
:
Rising threshold
:
Falling threshold
:
:
Latest value
: 0
is VALID.
1.3.6.1.2.1.2.2.1.12.898<ifInNUcastPkts.898>
30(sec)
1000(linked with event 2)
10(linked with event 1)
risingOrFallingAlarm
Configuration Files
#
sysname Switch
#
snmp-agent
snmp-agent local-engineid 000007DB7F000001000071B6
#
Issue 01 (2011-10-26)

350

rmon-statistics enable
rmon statistics 1 owner user01
rmon history 1 buckets 10 interval 30 owner user01
#
rmon event 1 description logevent log owner User01
rmon event 2 description prialarmeven trap public owner User01
rmon alarm 1 1.3.6.1.2.1.16.1.1.1.6.1 30 absolute rising-threshold 10000 2 fallingthreshold 100 1 owner User01
rmon alarm 2 1.3.6.1.2.1.16.1.1.1.7.1 30 absolute rising-threshold 50000 2 fallingthreshold 100 1 owner User01
rmon alarm 3 1.3.6.1.2.1.2.2.1.12.898 30 absolute rising-threshold 1000 2 fallingthreshold 10 1 owner User01
#
return
Issue 01 (2011-10-26)

351

Configuration Guide - Network Management (V100R006C01 - 01)

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Configuration Guide - Network Management (V100R006C01 - 01)

Hochgeladen von

Copyright:

Verfügbare Formate

Quidway S3700 Series Ethernet Switches