Beruflich Dokumente
Kultur Dokumente
V100R006C01
01
Date
2011-10-26
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Website:
http://www.huawei.com
Email:
support@huawei.com
Issue 01 (2011-10-26)
Commissioning engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
DANGER
WARNING
CAUTION
Issue 01 (2011-10-26)
TIP
NOTE
ii
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
Italic
[]
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... }*
[ x | y | ... ]*
&<1-n>
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Issue 01 (2011-10-26)
iii
Contents
Contents
About This Document.....................................................................................................................ii
1 SNMP Configuration....................................................................................................................1
1.1 Introduction to SNMP........................................................................................................................................2
1.1.1 SNMP Overview........................................................................................................................................2
1.1.2 SNMP Features Supported by the S3700..................................................................................................4
1.2 Configuring a Device to Communicate with an NM Station by Running SNMPv1..........................................7
1.2.1 Establishing the Configuration Task.........................................................................................................7
1.2.2 Configuring Basic SNMPv1 Functions.....................................................................................................8
1.2.3 (Optional) Controlling the NM Station's Access to the Device...............................................................11
1.2.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................12
1.2.5 (Optional) Configuring the Trap Function..............................................................................................13
1.2.6 (Optional) Configuring the Constant Interface Index Feature.................................................................14
1.2.7 Checking the Configuration.....................................................................................................................15
1.3 Configuring a Device to Communicate with an NM Station by Running SNMPv2c......................................15
1.3.1 Establishing the Configuration Task.......................................................................................................16
1.3.2 Configuring Basic SNMPv2c Functions.................................................................................................17
1.3.3 (Optional) Controlling the NM Station's Access to the Device...............................................................19
1.3.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................21
1.3.5 (Optional) Configuring the Trap Function..............................................................................................21
1.3.6 (Optional) Configuring the Constant Interface Index Feature.................................................................24
1.3.7 Checking the Configuration.....................................................................................................................25
1.4 Configuring a Device to Communicate with an NM Station by Running SNMPv3........................................25
1.4.1 Establishing the Configuration Task.......................................................................................................26
1.4.2 Configuring Basic SNMPv3 Functions...................................................................................................27
1.4.3 (Optional) Controlling the NM Station's Access to the Device...............................................................30
1.4.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................31
1.4.5 (Optional) Configuring the Trap Function..............................................................................................32
1.4.6 (Optional) Configuring the Constant Interface Index Feature.................................................................33
1.4.7 Checking the Configuration.....................................................................................................................34
1.5 SNMP Configuration Examples.......................................................................................................................34
1.5.1 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv1..............35
1.5.2 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv2c............38
1.5.3 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv3..............42
Issue 01 (2011-10-26)
iv
Contents
2 LLDP Configuration...................................................................................................................46
2.1 Introduction to LLDP.......................................................................................................................................47
2.2 LLDP Feature Supported by the S3700............................................................................................................50
2.3 Configuring LLDP............................................................................................................................................53
2.3.1 Establishing the Configuration Task.......................................................................................................53
2.3.2 Enabling Global LLDP............................................................................................................................54
2.3.3 (Optional) Disabling LLDP on an Interface............................................................................................55
2.3.4 (Optional) Configuring an LLDP Management Address........................................................................55
2.3.5 (Optional) Configuring the TLV in the LLDPDU...................................................................................56
2.3.6 (Optional) Configuring LLDP Timers.....................................................................................................58
2.3.7 (Optional) Enabling the LLDP Trap Function........................................................................................60
2.3.8 Checking the Configuration.....................................................................................................................61
2.4 Maintaining LLDP............................................................................................................................................61
2.4.1 Clearing LLDP Statistics.........................................................................................................................62
2.4.2 Monitoring LLDP Status.........................................................................................................................62
2.5 Configuration Examples...................................................................................................................................62
2.5.1 Example for Configuring LLDP on the Device That Has a Single Neighbor.........................................62
2.5.2 Example for Configuring LLDP on the Device That Has Multiple Neighbors.......................................67
2.5.3 Example for Configuring LLDP on the Network Where Link Aggregation Is Configured....................72
3 HGMP Configuration.................................................................................................................79
3.1 Introduction to HGMP......................................................................................................................................80
3.2 HGMP Features Supported by the S3700.........................................................................................................82
3.3 Configuring Basic HGMP Functions...............................................................................................................86
3.3.1 Establishing the Configuration Task.......................................................................................................86
3.3.2 Configuring NDP.....................................................................................................................................86
3.3.3 Configuring NTDP..................................................................................................................................88
3.3.4 Creating a Cluster....................................................................................................................................89
3.3.5 Adding a Member Switch........................................................................................................................92
3.3.6 (Optional) Deleting or Quitting a Cluster................................................................................................93
3.3.7 (Optional) Deleting a Member Switch....................................................................................................94
3.3.8 Checking the Configuration.....................................................................................................................95
3.4 Configuring Advanced HGMP Functions........................................................................................................97
3.4.1 Establishing the Configuration Task.......................................................................................................97
3.4.2 Adjusting Parameters of the Cluster........................................................................................................98
3.4.3 Managing Switches in a Cluster Through HGMP.................................................................................101
3.4.4 Checking the Configuration...................................................................................................................105
3.5 Maintaining HGMP........................................................................................................................................108
3.5.1 Clearing the NDP Statistics...................................................................................................................108
3.5.2 Monitoring the Operation Status of the HGMP Cluster........................................................................108
3.5.3 Debugging HGMP.................................................................................................................................109
3.6 HGMP Configuration Examples....................................................................................................................109
3.6.1 Example for Configuring Basic HGMP Functions for a Cluster...........................................................109
Issue 01 (2011-10-26)
Contents
3.6.2 Example for Configuring the Interconnection of FTP Servers and Devices in and out of the HGMP Cluster
(in NAT Mode)...............................................................................................................................................119
3.6.3 Example for Configuring the Interconnection of FTP Servers and Devices in and out of the HGMP Cluster
(in Non-NAT Mode).......................................................................................................................................129
3.6.4 Example for Configuring Devices in the HGMP Cluster to Access the Outside SNMP Host (in NAT
Mode)..............................................................................................................................................................138
3.6.5 Example for Configuring Devices in the HGMP Cluster to Access the Outside SNMP Host (in non-NAT
Mode)..............................................................................................................................................................148
3.6.6 Example for Configuring the Batch Distribution Function for an HGMP Cluster...............................159
3.6.7 Example for Configuring the Batch Restart Function for an HGMP Cluster.......................................169
3.6.8 Example for Configuring the Incremental Configuration Function for an HGMP Cluster...................178
3.6.9 Example for Configuring the Configuration Synchronization Function for an HGMP Cluster............188
3.6.10 Example for Configuring Security Features for an HGMP Cluster....................................................198
4 NTP Configuration....................................................................................................................209
4.1 Introduction to NTP........................................................................................................................................210
4.2 NTP Supported by the S3700.........................................................................................................................212
4.3 Configuring Basic NTP Functions.................................................................................................................213
4.3.1 Establishing the Configuration Task.....................................................................................................213
4.3.2 Configuring the NTP Primary Clock.....................................................................................................214
4.3.3 Configuring the Unicast Server/Client Mode........................................................................................215
4.3.4 Configuring the Peer Mode...................................................................................................................216
4.3.5 Configuring the Broadcast Mode..........................................................................................................217
4.3.6 Configuring the Multicast Mode...........................................................................................................218
4.3.7 Disabling the Interface From Receiving NTP Packets..........................................................................219
4.3.8 (Optional) Setting the Maximum Number of Dynamic NTP Sessions.................................................220
4.3.9 Checking the Configuration...................................................................................................................220
4.4 Configuring NTP Security Mechanisms.........................................................................................................221
4.4.1 Establishing the Configuration Task.....................................................................................................221
4.4.2 Setting NTP Access Authorities............................................................................................................223
4.4.3 Enabling NTP Authentication...............................................................................................................224
4.4.4 Configuring NTP Authentication in Unicast Server/Client Mode........................................................225
4.4.5 Configuring NTP Authentication in Peer Mode....................................................................................225
4.4.6 Configuring NTP Authentication in Broadcast Mode...........................................................................226
4.4.7 Configuring NTP Authentication in Multicast Mode............................................................................226
4.4.8 Checking the Configuration...................................................................................................................227
4.5 Maintaining NTP............................................................................................................................................228
4.6 Configuration Examples.................................................................................................................................228
4.6.1 Example for Configuring NTP Authentication in Unicast Client/Server Mode....................................228
4.6.2 Example for Configuring the Common NTP Peer Mode......................................................................233
4.6.3 Example for Configuring NTP Authentication in Broadcast Mode......................................................236
4.6.4 Example for Configuring the Common NTP Multicast Mode..............................................................240
vi
Contents
5.2 Tracert.............................................................................................................................................................246
5.3 Performing Ping and Tracert Operations........................................................................................................247
5.3.1 Establishing the Configuration Task.....................................................................................................248
5.3.2 Checking Network Connectivity Through the Ping Operation.............................................................248
5.3.3 Locating Faults on the Network Through the Tracert Operation..........................................................249
5.4 Debugging Ping and Tracert...........................................................................................................................250
5.5 Configuration Examples.................................................................................................................................250
5.5.1 Example for Performing Ping and Tracert Operations..........................................................................250
6 NQA Configuration..................................................................................................................253
6.1 Introduction to NQA.......................................................................................................................................255
6.2 Comparisons Between NQA and Ping...........................................................................................................255
6.3 NQA Server and NQA Clients.......................................................................................................................256
6.4 NQA Supported by the S3700........................................................................................................................256
6.5 Configuring the ICMP Test............................................................................................................................258
6.5.1 Establishing the Configuration Task.....................................................................................................258
6.5.2 Configuring ICMP Test Parameters......................................................................................................259
6.5.3 Checking the Configuration...................................................................................................................260
6.6 Configuring the FTP Download Test.............................................................................................................261
6.6.1 Establishing the Configuration Task.....................................................................................................261
6.6.2 Configuring the FTP Download Test Parameters..................................................................................262
6.6.3 Checking the Configuration...................................................................................................................263
6.7 Configuring the FTP Upload Test..................................................................................................................264
6.7.1 Establishing the Configuration Task.....................................................................................................264
6.7.2 Configuring the FTP Upload Test Parameters......................................................................................265
6.7.3 Checking the Configuration...................................................................................................................267
6.8 Configuring the HTTP Test............................................................................................................................268
6.8.1 Establishing the Configuration Task.....................................................................................................268
6.8.2 Configuring HTTP Test Parameters......................................................................................................269
6.8.3 Checking the Configuration...................................................................................................................270
6.9 Configuring the DNS Test..............................................................................................................................271
6.9.1 Establishing the Configuration Task.....................................................................................................271
6.9.2 Configuring the DNS Test Parameters..................................................................................................272
6.9.3 Checking the Configuration...................................................................................................................273
6.10 Configuring the Traceroute Test...................................................................................................................274
6.10.1 Establishing the Configuration Task...................................................................................................274
6.10.2 Configuring Parameters for a Traceroute Test....................................................................................274
6.10.3 Checking the Configuration.................................................................................................................276
6.11 Configuring the SNMP Query Test..............................................................................................................276
6.11.1 Establishing the Configuration Task...................................................................................................277
6.11.2 Configuring the SNMP Query Test Parameters..................................................................................277
6.11.3 Checking the Configuration.................................................................................................................279
6.12 Configuring the TCP Test.............................................................................................................................279
Issue 01 (2011-10-26)
vii
Contents
viii
Contents
7 RMON Configuration...............................................................................................................337
7.1 Introduction to RMON...................................................................................................................................338
7.2 RMON Suported by the S3700.......................................................................................................................338
7.3 Configuring RMON........................................................................................................................................340
7.3.1 Establishing the Configuration Task.....................................................................................................340
7.3.2 Enabling the RMON Statistics Function on the Interface.....................................................................341
7.3.3 Configuring the ethernetStatsTable.......................................................................................................342
7.3.4 Configuring the HistoryControlTable...................................................................................................342
7.3.5 Configuring the EventTable..................................................................................................................343
7.3.6 Configuring the AlarmTable.................................................................................................................344
7.3.7 Configuring the PrialarmTable..............................................................................................................344
7.3.8 Checking the Configuration...................................................................................................................345
7.4 Maintaining RMON........................................................................................................................................347
7.5 Configuration Examples.................................................................................................................................347
7.5.1 Examples for Configuring RMON........................................................................................................347
Issue 01 (2011-10-26)
ix
1 SNMP Configuration
SNMP Configuration
Issue 01 (2011-10-26)
1 SNMP Configuration
SNMP Components
Three components are used in SNMP device management:
l
NM station: sends various query packets to query managed devices and receives alarms
from these devices.
Managed device: is managed by an NM station and generates and reports alarms to the NM
station.
Figure 1-1 shows the relationship between the NM station and agent.
Issue 01 (2011-10-26)
1 SNMP Configuration
UDP Port161
Request
Response
Agent
NM Station
UDP Port162
Agent
NM Station
MIB
SNMP uses a hierarchical naming convention to identify managed objects and to distinguish
between managed objects. This hierarchical structure is similar to a tree with the nodes
representing managed objects, Figure 1-2 shows a managed object that can be identified by the
path from the root to the node representing it.
Figure 1-2 Structure of a MIB tree
1
2
1
1
1 B
5
A
2
6
As shown in Figure 1-2, object B is uniquely identified by a string of numbers, {1.2.1.1}. Such
a number string is called an Object Identifier (OID). A MIB tree is used to describe the hierarchy
of data in a MIB that collects the definitions of variables on the managed devices.
A user can use a standard MIB or define a MIB based on certain standards. Using a standard
MIB can reduce the costs on proxy deployment and therefore reduce the costs on the entire
network management system.
SNMP Operations
SNMP uses Get and Set operations to replace a complex command set. The operations described
in Figure 1-3 can implement all functions.
Issue 01 (2011-10-26)
1 SNMP Configuration
get-request
get-response
get-next-request
get-response
NM Station
UDP Port162
set-request
get-response
Agent
UDP Port161
trap
Function
GetRequest
GetNextRequest
GetResponse
GetBulk
SetRequest
Trap
1 SNMP Configuration
NOTE
When multiple NM stations using different SNMP versions manage the same device in a network,
SNMPv1, SNMPv2c, and SNMPv3 can all be configured on the device for its communication with all the
NM stations.
Description
Access control
Error code
Trap
Inform
Issue 01 (2011-10-26)
1 SNMP Configuration
Feature
Description
GetBulk
SNMPv1
SNMPv2c
SNMPv3
Access control
Authentication and
encryption
Not supported
Not supported
Error code
6 error codes
supported
16 error codes
supported
16 error codes
supported
Trap
Supported
Supported
Supported
Inform
Not supported
Supported
Not supported
GetBulk
Not supported
Supported
Supported
Issue 01 (2011-10-26)
Version
Usage Scenario
SNMPv1
1 SNMP Configuration
Version
Usage Scenario
SNMPv2c
SNMPv3
If you plan to build a new network, choose an SNMP version based on your usage scenario. If
you plan to expand or upgrade an existing network, choose an SNMP version to match the SNMP
version running on the NM station to ensure the normal communication between managed
devices and the NM station.
Receives alarms from the managed device and locates and rectify device faults based on
the alarm information.
In the following configuration, after basic SNMP functions are configured, the NM station can
manage the device in these manners. For details on how to configure finer management such as
accurate access control or alarm module specification, see the following configuration
procedures.
1 SNMP Configuration
obtain the data required for the configuration. This will help you complete the configuration task
quickly and accurately.
Applicable Environment
SNMP needs to be deployed in a network to allow the NM station to manage network devices.
If the network has a few devices and its security is good, such as a campus network or a small
enterprise network, SNMPv1 can be deployed to ensure the normal communication between the
NM station and managed devices.
Pre-configuration Tasks
Before configuring a device to communicate with an NM station by running SNMPv1, complete
the following task:
l
Configuring a routing protocol to ensure that the switch and NM station are routable
Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv1, you need
the following data.
No.
Data
Context
Steps 3, 4, and 5 are mandatory for the configuration of basic SNMP functions. After the
configurations are complete, basic SNMP communication can be conducted between the NM
station and managed device.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
1 SNMP Configuration
1 SNMP Configuration
l If the NM station and managed device are both Huawei products, the parameter privatenetmanager can be configured to add more information to alarms, such as the alarm type,
alarm sequence number, and alarm sending time. The information will help you locate and
rectify faults more quickly.
l The ext-vb parameter sets extended bound variables for traps sent to the target host. By
default, the traps sent to the target host do not carry extended bound variables.
Step 6 (Optional) Run:
snmp-agent sys-info { contact contact | location location }
The maximum size of an SNMP packet that the device can receive or send is set.
By default, the maximum size of an SNMP packet that the device can receive or send is 12000
bytes.
After the maximum size is set, the device will discard any SNMP packet that is larger than the
set size. The allowable maximum size of an SNMP packet for a device depends on the size of a
packet that the NM station can process; otherwise, the NM station cannot process the SNMP
packets sent from the device.
----End
Follow-up Procedure
After the configurations are complete, basic communication can be conducted between the NM
station and managed device.
l
Access control allows any NM station that uses the community name to monitor and manage
all the objects on the managed device.
The managed device sends alarms generated by the modules that are enabled by default to
the NM station.
If finer device management is required, follow directions below to configure a managed device:
l
To allow a specified NM station that uses the community name to manage specified objects
on the device, follow the procedure described in Controlling the NM Station's Access to
the Device.
To allow a specified module on the managed device to report alarms to the NM station,
follow the procedure described in Configuring the Trap Function.
If the NM station and managed device are both Huawei products, follow the procedure
described in Enabling the SNMP Extended Error Code Function to allow the device to
send more types of error codes. This allows more specific error identification and facilitates
your fault location and rectification.
Issue 01 (2011-10-26)
10
1 SNMP Configuration
If the functions such as accounting and fault location need to be bound to specified
interfaces to prevent changes in interface indexes during device or interface restart, follow
the procedure described in Configuring the Constant Interface Index Feature.
Context
If a device is managed by multiple NM stations that use the same community name, note the
following points:
l
If all the NM stations that use the community name need to have rights to access the objects
in the Viewdefault view (1.3.6.1), skip the following steps.
If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), skip Step 5.
If all the NM stations need to manage specified objects on the device, skip Steps 2, 3, and
4.
If some of the NM stations that use the community name need to manage specified objects
on the device, perform all the following steps.
Procedure
Step 1 Run:
system-view
A basic ACL is created to filter the NM station users that can manage the device.
Step 3 Run:
rule [ rule-id ] { deny | permit } source { source-ip-address source-wildcard |
any }
11
1 SNMP Configuration
l If a few MIB objects on the device or some objects in the current MIB view need to be
managed by the NM station, included needs to be specified in the related command to include
these MIB objects.
Step 6 Run:
snmp-agent community { read | write } { community-name | cipher community-name } [
mib-view view-name | acl acl-number ]*
Follow-up Procedure
After the access rights are configured, especially after the IP address of the NM station is
specified, if the IP address changes (for example, the NM station changes its location, or IP
addresses are reallocated due to network adjustment), you need to change the IP address of the
NM station in the ACL. Otherwise, the NM station cannot access the device.
Procedure
Step 1 Run:
system-view
12
1 SNMP Configuration
By default, SNMP standard error codes are used. After the extended error code function is
enabled, extended error codes can be sent to the NM station.
----End
Procedure
Step 1 Run:
system-view
If the snmp-agent trap enable command is run to enable the trap functions of all modules, or the snmpagent trap enable feature-name command is run to enable three or more trap functions of a module, note
the following points:
l To disable the trap functions of all modules, you need to run the snmp-agent trap disable command.
l To restore the trap functions of all modules to the default status, you need to run the undo snmp-agent
trap enable or undo snmp-agent trap disable command.
l To disable one trap function of a module, you need to run the undo snmp-agent trap enable featurename command.
Step 3 Run:
snmp-agent trap enable feature-name feature-name trap-name trap-name
A trap function of a feature module is enabled. This means that an alarm of a specified feature
can be sent to the NM station.
The undo snmp-agent trap enable feature-name command can be used to disable a trap
function of a module.
Step 4 Run:
snmp-agent trap source interface-type interface-number
Issue 01 (2011-10-26)
13
1 SNMP Configuration
The length of the queue storing trap messages to be sent to the destination host is set.
The queue length depends on the number of generated trap messages. If the switch frequently
generates trap messages, a longer queue length can be set to prevent trap messages from being
lost.
Step 6 Run:
snmp-agent trap life seconds
Procedure
Step 1 Run:
system-view
14
1 SNMP Configuration
Step 4 Run:
set constant-ifindex subinterface { dense-mode | sparse-mode }
Prerequisite
The configurations of basic SNMPv1 functions are complete.
Procedure
l
Run the display snmp-agent community command to check the configured community
name.
Run the display snmp-agent sys-info version command to check the enabled SNMP
version.
Run the display acl acl-number command to check the rules in the specified ACL.
Run the display snmp-agent mib-view command to check the MIB view.
Run the display snmp-agent sys-info contact command to check the equipment
administrator's contact information.
Run the display snmp-agent sys-info location command to check the location of the
device.
Run the display snmp-agent target-host command to check the information about the
target host.
Run the display snmp-agent extend error-code status command to check whether the
SNMP extended error code feature is enabled.
Run the display constant-ifindex configuration command to check the constant interface
index function and relevant configuration information.
----End
15
1 SNMP Configuration
Receives alarms from the managed device and locates and rectify device faults based on
the alarm information.
In the following configuration, after basic SNMP functions are configured, the NM station can
manage the device in these manners. For details on how to configure finer management such as
accurate access control or alarm module specification, see the following configuration
procedures.
Applicable Environment
SNMP needs to be deployed in a network to allow the NM station to manage network devices.
If your network is a large scale with many devices and its security requirements are not strict or
its security is good (for example, a VPN network) but services on the network are so busy that
traffic congestion may occur, SNMPv2c can be deployed to ensure communication between the
NM station and managed devices.
Pre-configuration Tasks
Before configuring a device to communicate with an NM station by running SNMPv2c, complete
the following task:
l
Configuring a routing protocol to ensure that the switch and NM station are routable
Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv2c, you
need the following data.
Issue 01 (2011-10-26)
No.
Data
SNMP version, SNMP community name, address of the alarm destination host,
administrator's contact information and location, and SNMP packet size
16
1 SNMP Configuration
Context
Steps 3, 4, and 5 are mandatory for the configuration of basic SNMP functions. After the
configurations, basic SNMP communication can be conducted between the NM station and
managed device.
Procedure
Step 1 Run:
system-view
17
1 SNMP Configuration
NOTE
To configure a destination IP address for the traps and error codes sent from the device,
run:
snmp-agent target-host trap address udp-domain ip-address [ udp-port portnumber ] [ public-net | vpn-instance vpn-instance-name ] params securityname
security-string [ v2c ] [ private-netmanager | ext-vb ]*
To configure a destination IP address for the informs and error codes sent from the device,
run:
snmp-agent target-host inform address udp-domain ip-address [ udp-port portnumber ] [ vpn-instance vpn-instance-name ] params securityname securitystring v2c [ ext-vb ]
18
1 SNMP Configuration
the NM station administrator to quickly contact the equipment administrators for fault location
and rectification.
To configure both the equipment administrator's contact information and location, you need to
run the command twice to configure them separately.
Step 7 (Optional) Run:
snmp-agent packet max-size byte-count
The maximum size of an SNMP packet that the device can receive or send is set.
By default, the maximum size of an SNMP packet that the device can receive or send is 12000
bytes.
After the maximum size is set, the device will discard any SNMP packet that is larger than the
set size. The allowable maximum size of an SNMP packet for a device depends on the size of a
packet that the NM station can process; otherwise, the NM station cannot process the SNMP
packets sent from the device.
----End
Follow-up Procedure
After the configurations are complete, basic communication can be conducted between the NM
station and managed device.
l
Access control allows any NM station that uses the community name to monitor and manage
all the objects on the managed device.
The managed device sends alarms generated by the modules that are open by default to the
NM station.
If finer device management is required, follow directions below to configure the managed
device:
l
To allow a specified NM station that uses the community name to manage specified objects
of the device, follow the procedure described in Controlling the NM Station's Access to
the Device.
To allow a specified module on the managed device to report alarms to the NM station,
follow the procedure described in Configuring the Trap FunctionConfiguring the Trap
Function.
If the NM station and managed device are both Huawei products, follow the procedure
described in Enabling the SNMP Extended Error Code Function to allow the device to
send more types of error codes. This allows more specific error identification and facilitates
your fault location and rectification.
If the functions such as accounting and fault location need to be bound to specified
interfaces to prevent changes in interface indexes during device or interface restart, follow
the procedure described in Configuring the Constant Interface Index Feature.
19
1 SNMP Configuration
Context
If a device is managed by multiple NM stations that use the same community name, note the
following points:
l
If all the NM stations that use the community name need to have rights to access the objects
in the Viewdefault view (1.3.6.1), skip the following steps.
If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), skip Step 5.
If all the NM stations need to manage specified objects on the device, skip Steps 2, 3, and
4.
If some of the NM stations that use the community name need to manage specified objects
on the device, perform all the following steps.
Procedure
Step 1 Run:
system-view
A basic ACL is created to filter the NM station users that can manage the device.
Step 3 Run:
rule [ rule-id ] { deny | permit } source { source-ip-address source-wildcard |
any }
20
1 SNMP Configuration
to read certain data. write needs to be configured in the command if the NM station
administrator needs the read and write permissions in the specified view in some cases. For
example, a high-level administrator needs to read and write certain data.
l cipher is used to display the community name in cipher text. It can be configured in the
command to improve security. If the parameter is configured, the administrator needs to
remember the community name. If the community name is forgotten, it cannot be obtained
by querying the device.
l If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), mib-view view-name does not need to be
configured in the command.
l If all the NM stations that use the community name need to manage specified objects on the
device, acl acl-number does not need to be configured in the command.
l If some of the NM stations that use the community name need to manage specified objects
on the device, both mib-view and acl need to be configured in the command.
----End
Follow-up Procedure
After the access rights are configured, especially after the IP address of the NM station is
specified, if the IP address changes (for example, the NM station changes its location, or IP
addresses are reallocated due to network adjustment), you need to change the IP address of the
NM station in the ACL. Otherwise, the NM station cannot access the device.
Procedure
Step 1 Run:
system-view
21
1 SNMP Configuration
Procedure
Step 1 Run:
system-view
If the snmp-agent trap enable command is run to enable the trap functions of all modules, or the snmpagent trap enable feature-name command is run to enable three or more trap functions of a module, note
the following points:
l To disable the trap functions of all modules, you need to run the snmp-agent trap disable command.
l To restore the trap functions of all modules to the default status, you need to run the undo snmp-agent
trap enable or undo snmp-agent trap disable command.
l To disable one trap function of a module, you need to run the undo snmp-agent trap enable featurename command.
Step 3 Run:
snmp-agent trap enable feature-name feature-name trap-name trap-name
A trap function of a feature module is enabled. This means that an alarm of a specified feature
can be sent to the NM station.
The undo snmp-agent trap enable feature-name feature-name trap-name trap-name
command can be used to disable a trap function of a module.
Step 4 Configure trap function parameters based on the trap usage or inform usage selected during the
configuration of basic SNMPv2c functions.
If traps are used, follow the procedure described in Configuring trap parameters; if informs
are used, follow the procedure described in Configuring inform parameters.
Configuring trap parameters:
1.
Run:
snmp-agent trap source interface-type interface-number
Run:
snmp-agent trap queue-size size
The length of the queue storing trap messages to be sent to the destination host is set.
Issue 01 (2011-10-26)
22
1 SNMP Configuration
The queue length depends on the number of generated trap messages. If the switch
frequently generates trap messages, a longer queue length can be set to prevent trap
messages from being lost.
3.
Run:
snmp-agent trap life seconds
Run:
snmp-agent inform { timeout seconds | resend-times times | pending number }*
The timeout period for waiting for Inform ACK messages, number of inform
retransmissions, and allowable maximum number of informs to be acknowledged are set.
If the network is unstable, you need to specify the number of inform retransmissions and
allowable maximum number of informs to be acknowledged when you set a timeout period
for waiting for Inform ACK messages. By default, the timeout period for waiting for Inform
ACK messages is 15 seconds; the number of inform retransmissions is 3; the allowable
maximum number of informs waiting to be acknowledged is 39.
Setting the number of inform retransmissions to a value smaller than or equal to 10 is
recommended. Otherwise, device performance will be affected.
2.
Run:
snmp-agent inform { timeout seconds | resend-times times } *address udpdomain ip-address[ vpn-instance vpn-instance-name ] params securityname
security-string
The timeout period for waiting for Inform ACK messages from a specified NM station and
the number of inform retransmissions are set.
If the network is unstable, you need to specify the number of inform retransmissions and
allowable maximum number of informs to be acknowledged when you set a timeout period
for waiting for Inform ACK messages. By default, the timeout period for waiting for Inform
ACK messages is 15 seconds, and the number of inform retransmissions is 3.
Setting the number of inform retransmissions to a value smaller than or equal to 10 is
recommended. Otherwise, device performance will be affected.
3.
Run:
snmp-agent notification-log enable
Run:
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
23
1 SNMP Configuration
The aging time of alarm logs and maximum number of alarm logs allowed to be stored in
the log buffer are set.
By default, the aging time of alarm logs is 24 hours. If the aging time expires, alarms logs
will be automatically deleted.
By default, the log buffer can store a maximum of 500 alarm logs. If the number of alarm
logs in the log buffer exceeds 500, the device will delete the alarm logs from the earliest
one.
----End
Procedure
Step 1 Run:
system-view
24
1 SNMP Configuration
When a sub-interface is created, the system generates an index image file for the sub-interface
in the memory in a specified mode. You may use various sub-interface numbering modes, such
as the continuous mode or the discontinuous mode. In real-world situations, one of the following
distribution modes can be used as needed:
l Sparse mode: applies to discontinuous sub-interface numbering.
l Dense mode: applies to continuous sub-interface numbering.
----End
Prerequisite
The configurations of basic SNMPv2c functions are complete.
Procedure
l
Run the display snmp-agent community command to check the configured community
name.
Run the display snmp-agent sys-info version command to check the enabled SNMP
version.
Run the display acl acl-number command to check the rules in the specified ACL.
Run the display snmp-agent mib-view command to check the MIB view.
Run the display snmp-agent sys-info contact command to check the equipment
administrator's contact information.
Run the display snmp-agent sys-info location command to check the location of the
device.
Run the display snmp-agent target-host command to check information about the target
host.
Run the display snmp-agent notification-log info command to check alarm logs stored
in the log buffer.
Run the display snmp-agent extend error-code status command to check whether the
SNMP extended error code feature is enabled.
Run the display constant-ifindex configuration command to check the constant interface
index function and relevant configuration information.
----End
25
1 SNMP Configuration
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
The NM station manages a device in the following manners:
l
Receives alarms from the managed device and locates and rectify device faults based on
the alarm information.
In the following configuration, after basic SNMP functions are configured, the NM station can
manage the device in these manners. For details on how to configure finer management such as
accurate access control or alarm module specification, see the following configuration
procedures.
Applicable Environment
SNMP needs to be deployed in a network to allow the NM station to manage network devices.
Assume your network has a strict requirement on security, only authorized administrators can
manage network devices, and the security and accuracy of transmitted network data need to be
ensured. For example, the data between the NM station and managed devices is transmitted over
a public network. In this case, SNMPv3 can be deployed. The authentication and encryption
functions provided by SNMPv3 ensure the security of data sending and normal communication
between the NM station and managed devices.
Pre-configuration Tasks
Before configuring a device to communicate with an NM station by running SNMPv3, complete
the following task:
l
Configuring a routing protocol to ensure that the switch and NM station are routable
Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv3, you need
the following data.
Issue 01 (2011-10-26)
No.
Data
SNMP version, user name and user group name, address of the alarm destination host,
administrator's contact information and location, and SNMP packet size
26
No.
Data
1 SNMP Configuration
Context
Steps 4, 5, and 6 are mandatory for the configuration of basic SNMP functions. After the
configurations, basic SNMP communication can be conducted between the NM station and
managed device.
Procedure
Step 1 Run:
system-view
27
1 SNMP Configuration
28
1 SNMP Configuration
l The ext-vb parameter sets extended bound variables for traps sent to the target host. By
default, the traps sent to the target host do not carry extended bound variables.
Step 7 (Optional) Run:
snmp-agent sys-info { contact contact | location location }
The maximum size of an SNMP packet that the device can receive or send is set.
By default, the maximum size of an SNMP packet that the device can receive or send is 12000
bytes.
After the maximum size is set, the device will discard any SNMP packet that is larger than the
set size. The allowable maximum size of an SNMP packet for a device depends on the size of a
packet that the NM station can process; otherwise, the NM station cannot process the SNMP
packets sent from the device.
----End
Follow-up Procedure
After the configurations are complete, basic communication can be conducted between the NM
station and managed device.
l
Access control allows any NM station in the configured SNMPv3 user group to monitor
and manage all the objects on the managed device.
The managed device sends alarms generated by the modules that are open by default to the
NM station.
If finer device management is required, follow directions below to configure the managed
device:
l
To allow a specified module on the managed device to report alarms to the NM station,
follow the procedure described in Configuring the Trap Function.
If the NM station and managed device are both Huawei products, follow the procedure
described in Enabling the SNMP Extended Error Code Function to allow the device to
send more types of error codes. This allows more specific error identification and facilitates
your fault location and rectification.
If the functions such as accounting and fault location need to be bound to specified
interfaces to prevent changes in interface indexes during device or interface restart, follow
the procedure described in Configuring the Constant Interface Index Feature.
Issue 01 (2011-10-26)
29
1 SNMP Configuration
Context
If a device is managed by multiple NM stations that are in the same SNMPv3 user group, note
the following points:
l
If all the NM stations need to have rights to access the objects in the Viewdefault view
(1.3.6.1), skip the following steps.
If some of the NM stations need to have rights to access the objects in the Viewdefault view
(1.3.6.1), skip Step 5.
If all the NM stations need to manage specified objects on the device, skip Steps 2, 3, and
4.
If some of the NM stations need to manage specified objects on the device, perform all the
following steps.
Procedure
Step 1 Run:
system-view
A basic ACL is created to filter the NM station users that can manage the device.
Step 3 Run:
rule [ rule-id ] { deny | permit } source { source-ip-address source-wildcard |
any }
30
1 SNMP Configuration
Step 6 Run:
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view
| write-view write-view | notify-view notify-view ]* [ acl acl-number ]
The read and write permissions are configured for the user group.
l read-view needs to be configured in the command if the NM station administrator needs the
read permission in the specified view in some cases. For example, a low-level administrator
needs to read certain data. write-view needs to be configured in the command if the NM
station administrator needs the read and write permissions in the specified view in some
cases. For example, a high-level administrator needs to read and write certain data.
l notify-view notify-view needs to be configured in the command if you want to filter out
irrelevant alarms and configure the managed device to send only the alarms of specified MIB
objects to the NM station. If the parameter is configured, only the alarms of the MIB objects
specified by notify-view will be sent to the NM station.
l authentication or privacy can be configured in the command to improve security. If
authentication is configured, only authentication is performed. If privacy is configured,
both authentication and encryption are performed. For details, see the authentication and
encryption selection guide.
l If some NM stations that are in the same SNMPv3 user group need to have rights to access
the objects in the Viewdefault view (1.3.6.1), [ read-view read-view | write-view writeview | notify-view notify-view ] does not need to be configured in the command.
l If all the NM stations that are in the same SNMPv3 user group need to manage specified
objects on the device, acl acl-number does not need to be configured in the command.
l If some of the NM stations that are in the same SNMPv3 user group need to manage specified
objects on the device, both the MIB view and ACL need to be configured in the command.
----End
Follow-up Procedure
After the access rights are configured, especially after the IP address of the NM station is
specified, if the IP address changes (for example, the NM station changes its location, or IP
addresses are reallocated due to network adjustment), you need to change the IP address of the
NM station in the ACL. Otherwise, the NM station cannot access the device.
Procedure
Step 1 Run:
system-view
31
1 SNMP Configuration
By default, SNMP standard error codes are used. After the extended error code function is
enabled, extended error codes can be sent to the NM station.
----End
Procedure
Step 1 Run:
system-view
If the snmp-agent trap enable command is run to enable the trap functions of all modules, or the snmpagent trap enable feature-name command is run to enable three or more trap functions of a module, note
the following points:
l To disable the trap functions of all modules, you need to run the snmp-agent trap disable command.
l To restore the trap functions of all modules to the default status, you need to run the undo snmp-agent
trap enable or undo snmp-agent trap disable command.
l To disable one trap function of a module, you need to run the undo snmp-agent trap enable featurename command.
Step 3 Run:
snmp-agent trap enable feature-name feature-name trap-name trap-name
A trap function of a feature module is enabled. This means that an alarm of a specified feature
can be sent to the NM station.
The undo snmp-agent trap enable feature-name command can be used to disable a trap
function of a module.
Step 4 Run:
snmp-agent trap source interface-type interface-number
Issue 01 (2011-10-26)
32
1 SNMP Configuration
The length of the queue storing trap messages to be sent to the destination host is set.
The queue length depends on the number of generated trap messages. If the switch frequently
generates trap messages, a longer queue length can be set to prevent trap messages from being
lost.
Step 6 Run:
snmp-agent trap life seconds
Procedure
Step 1 Run:
system-view
33
1 SNMP Configuration
Step 4 Run:
set constant-ifindex subinterface { dense-mode | sparse-mode }
Prerequisite
The configurations of basic SNMPv3 functions are complete.
Procedure
l
Run the display snmp-agent sys-info version command to check the enabled SNMP
version.
Run the display acl acl-number command to check the rules in the specified ACL.
Run the display snmp-agent mib-view command to check the MIB view.
Run the display snmp-agent sys-info contact command to check the equipment
administrator's contact information.
Run the display snmp-agent sys-info location command to check the location of the
device.
Run the display snmp-agent target-host command to check the information about the
target host.
Run the display snmp-agent extend error-code status command to check whether the
SNMP extended error code feature is enabled.
Run the display constant-ifindex configuration command to check whether the constant
interface index function is enabled and the relevant configuration information.
----End
Issue 01 (2011-10-26)
34
1 SNMP Configuration
Networking Requirements
As shown in Figure 1-4, two NM stations (NMS1 and NMS2) and the switch are connected
across a public network. According to the network planning, NMS2 can manage every MIB
object except HGMP on the switch, and NMS1 does not manage the switch.
On the switch, only the modules that are enabled by default are allowed to send alarms to NMS2.
This prevents an excess of unwanted alarms from being sent to NMS2. Excessive alarms can
make faults location difficult.
Equipment administrator's contact information needs to be configured on the switch. This allows
the NMS administrator to contact the equipment administrator quickly if a fault occurs.
Figure 1-4 Networking diagram for configuring a device to communicate with an NM station
by using SNMPv1
GE0/0/1
VLANIF100
1.1.2.1/24
NMS1
1.1.1.1/24
IP Network
Switch
NMS2
1.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Configure an ACL to allow NMS2 to manage every MIB object except HGMP on the
switch.
4.
Configure the trap function to allow the switch to send alarms to NMS2.
5.
6.
Configure NMS2.
Data Preparation
To complete the configuration, you need the following data:
Issue 01 (2011-10-26)
35
1 SNMP Configuration
SNMP version
Community name
ACL number
Procedure
Step 1 Configure available routes between the switch and the NM stations. Details for the configuration
procedure are not provided here.
Step 2 Enable the SNMP agent.
<Quidway> system-view
[Quidway] snmp-agent
# Configure a MIB view and allow NMS2 to manage every MIB object except HGMP on the
switch.
[Quidway] snmp-agent mib-view excluded allexthgmp 1.3.6.1.4.1.2011.6.7
# Configure a community name to allow NMS2 to manage the objects in the MIB view.
[Quidway] snmp-agent community write adminnms2 mib-view allexthgmp acl 2001
36
1 SNMP Configuration
# When an alarm is generated, run the display trapbuffer command to view the details.
<Quidway> display trapbuffer
Trapping buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , Channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 98
#Oct 11 2010 18:57:59 RouterA DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011
.5.25.191.3.1 configurations have been changed. The current change number is 95,
the change loop count is 0, and the maximum number of records is 4095.
----End
Configuration Files
Configuration file of the switch
Issue 01 (2011-10-26)
37
1 SNMP Configuration
#
vlan batch 100
#
acl number 2001
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface LoopBack0
ip address 1.1.3.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
network 1.1.3.1 0.0.0.0
#
snmp-agent
snmp-agent local-engineid 000007DB7FFFFFFF00001AA7
snmp-agent community write adminnms2 mib-view allexthgmp acl 2001
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v1 v3
snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname
1.1.3.1
snmp-agent
snmp-agent
snmp-agent
snmp-agent
#
return
Networking Requirements
As shown in Figure 1-5, two NM stations (NMS1 and NMS2) and the switch are connected
across a public network. According to the network planning, NMS2 can manage every MIB
object except HGMP on the switch, and NMS1 does not manage the switch.
On the switch, only the modules that are enabled by default are allowed to send alarms to NMS2.
This prevents an excess of unwanted alarms from being sent to NMS2. Excessive alarms can
make faults location difficult. Informs need to be used to ensure that alarms are received by
NMS2 because alarms sent by the switch have to travel across the public network to reach NMS2.
Equipment administrator's contact information needs to be configured on the switch. This allows
the NMS administrator to contact the equipment administrator quickly if a fault occurs.
Issue 01 (2011-10-26)
38
1 SNMP Configuration
Figure 1-5 Networking diagram for configuring a device to communicate with an NM station
by using SNMPv2c
NMS1
1.1.1.1/24
IP Network
GE0/0/1
VLANIF100
1.1.2.1/24
Switch
NMS2
1.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Configure an ACL to allow NMS2 to manage every MIB object except HGMP on the
switch.
4.
Configure the switch to send informs to NMS2 to ensure alarm sending reliability.
5.
6.
Configure NMS2.
Data Preparation
To complete the configuration, you need the following data:
l
SNMP version
Community name
ACL number
Procedure
Step 1 Configure available routes between the switch and the NM stations. Details for the configuration
procedure are not provided here.
Step 2 Enable the SNMP agent.
<Quidway> system-view
[Quidway] snmp-agent
39
1 SNMP Configuration
# Configure a community name to allow NMS2 to manage the objects in the MIB view.
[Quidway] snmp-agent community write adminnms2 mib-view allexthgmp acl 2001
40
1 SNMP Configuration
# When an alarm is generated, run the display trapbuffer command to view the details.
<Quidway> display trapbuffer
Trapping buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , Channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 98
#Oct 11 2010 18:57:59 RouterA DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011
.5.25.191.3.1 configurations have been changed. The current change number is 95,
the change loop count is 0, and the maximum number of records is 4095.
----End
Configuration Files
Configuration file of the switch
#
vlan batch 100
#
acl number 2001
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
#
snmp-agent
snmp-agent local-engineid 000007DB7FFFFFFF00001AA7
snmp-agent community write adminnms2 mib-view allexthgmp acl 2001
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v2c v3
snmp-agent target-host inform address udp-domain 1.1.1.2 params securityname
1.1.2.1 v2c
snmp-agent mib-view excluded allexthgmp hwCluster
snmp-agent inform timeout 15 resend-times 3 pending 39
snmp-agent notification-log enable
Issue 01 (2011-10-26)
41
1 SNMP Configuration
Networking Requirements
As shown in Figure 1-6, two NM stations (NMS1 and NMS2) and the switch are connected
across a public network. According to the network planning, NMS2 can manage every MIB
object except HGMP on the switch, and NMS1 does not manage the switch.
On the switch, only the modules that are enabled by default are allowed to send alarms to NMS2.
This prevents an excess of unwanted alarms from being sent to NMS2. Excessive alarms can
make faults location difficult.
The data transmitted between NMS2 and the switch needs to be encrypted and the NMS
administrator needs to be authenticated because the data has to travel across the public network.
Equipment administrator's contact information needs to be configured on the switch. This allows
the NMS administrator to contact the equipment administrator quickly if a fault occurs.
Figure 1-6 Networking diagram for configuring a device to communicate with an NM station
by using SNMPv3
NMS1
1.1.1.1/24
GE0/0/1
VLANIF100
1.1.2.1/24
IP Network
Switch
NMS2
1.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Configure an ACL to allow NMS2 to manage every MIB object except HGMP on the
switch and configure data encryption.
4.
Configure the trap function to allow the switch to send alarms to NMS2.
Issue 01 (2011-10-26)
42
1 SNMP Configuration
5.
6.
Configure NMS2.
Data Preparation
To complete the configuration, you need the following data:
l
SNMP version
ACL number
Procedure
Step 1 Configure available routes between the switch and the NM stations. Details for the configuration
procedure are not provided here.
Step 2 Enable the SNMP agent.
<Quidway> system-view
[Quidway] snmp-agent
# Configure an SNMPv3 user group and add a user to the group, and configure authentication
for the NMS administrator and encryption for the data transmitted between the switch and NMS2.
[Quidway] snmp-agent usm-user v3 testuser testgroup authentication-mode md5
87654321 privacy-mode des56 87654321
[Quidway] snmp-agent group v3 testgroup privacy write-view testview notify-view
testview acl 2001
Issue 01 (2011-10-26)
43
1 SNMP Configuration
Issue 01 (2011-10-26)
44
1 SNMP Configuration
# When an alarm is generated, run the display trapbuffer command to view the details.
<Quidway> display trapbuffer
Trapping buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , Channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 98
#Oct 11 2010 18:57:59 RouterA DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011
.5.25.191.3.1 configurations have been changed. The current change number is 95,
the change loop count is 0, and the maximum number of records is 4095.
----End
Configuration Files
Configuration file of the switch
#
vlan batch 100
#
acl number 2001
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface LoopBack0
ip address 1.1.3.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
network 1.1.3.1 0.0.0.0
#
snmp-agent
snmp-agent local-engineid 000007DB7FFFFFFF000004A7
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v3
snmp-agent group v3 testgroup privacy write-view testview notify-view testview
acl 2001
snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname
testuser
snmp-agent mib-view included testview iso
snmp-agent usm-user v3 testuser testgroup authentication-mode md5 N'!2Z
[^HZ0T&P'@XIM=F#Q!! privacy-mode des56 N'!2Z[^HZ0T&P'@XIM=F#Q!!
snmp-agent trap source LoopBack0
snmp-agent trap queue-size 200
snmp-agent trap life 60
#
return
Issue 01 (2011-10-26)
45
2 LLDP Configuration
LLDP Configuration
Issue 01 (2011-10-26)
46
2 LLDP Configuration
Background
Currently, the Ethernet technology is widely used in the network. Compared with small-scale
networks, large-scale networks require that the network management system (NMS) have more
functions and higher processing capability. For example, the NMS needs to obtain the topology
of connected devices and configuration conflicts between devices.
Currently, many NMSs use the automated discovery function to trace the topology changes.
However, most of them at best analyze the Layer 3 network topology and group devices into
different IP subnets. These NMSs provide only the data concerning the basic events such as
adding or deleting of devices, but do not determine the connected interfaces between devices or
obtain information about configuration conflicts.
The Layer 2 discovery protocol precisely discovers the interfaces on each device and obtains
connection information between devices. In addition, it displays the paths between clients,
switches, routers, application servers, and network servers. The Layer 2 information helps you
quickly know the device topology, detect configuration conflicts between devices, and locate
network faults.
The LLDP protocol is a Layer 2 discovery protocol defined in the IEEE 802.1ab standard.
Organizationally
defined remote device
LLDP MIB extension
(Optional)
PTOPO MIB
(Optional)
Entity MIB
(Optional)
LLDP local system MIB
LLDP agent
LLDP frames
Issue 01 (2011-10-26)
Other MIBs
(Optional)
LLDP/LSAP
47
2 LLDP Configuration
The LLDP module updates the LLDP local system MIB and its own extended MIB
(Organizationally defined local device LLDP MIB extension in the figure) by interacting
with the PTOPO MIB, Entity MIB, Interface MIB, and Other MIBs.
The LLDP module sends the LLDP packets carrying its own information to the peer device
through the interface connected to the peer device.
The LLDP module receives the LLDP packets from the peer device, and then updates the
LLDP remote system MIB stored on the local device.
By using the MIB, the device obtains the neighbor information, including the remote interface
connected to the local device and the bridge MAC address of the peer device.
MIB
Management information bases (MIBs) are classified into LLDP Local System MIBs and the
LLDP Remote System MIBs.
l
LLDP Local System MIB: stores information about the local device, including the device
ID, port ID, system name, system description, port description, system capability, and
management address.
LLDP Remote System MIB: stores information about neighbor devices, including the
device ID, port ID, system name, system description, port description, system capability,
and management address.
LLDP Agent
An LLDP agent manages LLDP operations for an interface.
The LLDP agent performs the following operations:
l
Obtains and sends LLDP local system MIB information to neighbor devices when the status
of the local device status changes. If the local device status keeps unchanged, the LLDP
agent also obtains and sends LLDP local system MIB information to neighbor devices at
intervals.
Sends LLDP traps to the NMS when information in the LLDP local system MIB or the
LLDP remote system MIB changes.
Issue 01 (2011-10-26)
48
2 LLDP Configuration
LLDP Trap
When information in the LLDP local system MIB or the LLDP remote system MIB changes,
the device sends traps to the NMS, requesting the NMS to update the topology. The information
changes include:
l
LLDP Packet
Figure 2-2 shows the LLDP packet format.
Figure 2-2 LLDP packet format
DA: indicates the destination address of the LLDP packet. It is the multicast address 01-80C2-00-00-0E.
LLDP Ethertype: indicates the LLDP packet type. If a packet contains this field, it is an
LLDP packet and it is sent to the LLDP module. The value of this field is 0x88CC.
LLDPDU: indicates the LLDP data unit. It is the major content of an LLDP packet.
LLDPDU in the LLDP packet contains the Layer 2 information discovered by the device, so it
is the most important part in the LLDP packet.
Figure 2-3 shows the LLDPDU structure.
Figure 2-3 LLDPDU structure
T: information type
L: information length
Issue 01 (2011-10-26)
49
2 LLDP Configuration
V: content value
The LLDPDU carries different types of TLVs to meet the LLDP interaction requirements. The
device sends or receives the local and remote information by using these TLVs.
The LLDPDU starts with Chassis ID TLV, Port ID TLV, and Time to Live TLV, and ends with
End of LLDPDU TLV; therefore, these four TLVs are mandatory for an LLDPDU. The other
TLVs are optional. The device can add and remove the optional TLVs.
Usage Scenario
The LLDP feature of the S3700 is applicable to three types of networks.
The network where an interface has only one neighbor
The interfaces between two switches or the interfaces between a switch and a media endpoint
(ME) are directly connected, so each interface has only one neighbor. As shown in Figure
2-4, SwitchA is directly connected to SwitchB and ME. Each interface on SwitchA and
SwitchB has only one neighbor.
Figure 2-4 Each interface has only one neighbor
Internet
NMS
Switch A
Switch B
ME
50
2 LLDP Configuration
SNMP
SNMP
NMS
SwitchD
SwitchF
LL LLDPDU
D
PD
U
SwitchE
10.10.10.1
LLDPDU
LL
D
PD
LL
D
PD
10.10.10.2
SwitchA
SwitchB
10.10.10.3
SwitchC
LLDP interface
SNMP packet
LLDPDU packet
Network
Enterprise
User
Issue 01 (2011-10-26)
NMS
Eth-Trunk
SwitchA
SwitchB
Enterprise
User
51
2 LLDP Configuration
Basic TLV
Type
Description
Management IP address
Interface description
Issue 01 (2011-10-26)
Device description
Device name
Description
VLAN ID of an interface
VLAN name
Description
52
2 LLDP Configuration
Type
Description
LLDP-MED TLV
Type
Description
Inventory TLV
By default, LLDP advertises all types of TLVs except the Location Identification TLV.
Pre-configuration Tasks
Before configuring LLDP, complete the following tasks:
l
Configuring a reachable route between the switch and the NMS and setting the SNMP
parameters
Issue 01 (2011-10-26)
53
2 LLDP Configuration
NOTE
The LLDP management address contained in an LLDP packet is used to identify a device. Therefore, the
management address of a device must be unique and easy to manage, for example, the IP address of the
management port. The IP address to be set as the management address must already exist on the device.
That is, this IP address must be configured before 2.3.4 (Optional) Configuring an LLDP Management
Address.
Data Preparation
To configure LLDP, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
54
2 LLDP Configuration
Prerequisite
LLDP has been enabled globally.
Context
LLDP can be enabled in the system view and the interface view:
l
After LLDP is enabled in the system view, all interfaces are enabled with LLDP.
After LLDP is disabled in the system view, all LLDP settings are restored to the default
settings except the setting of LLDP trap. Therefore, LLDP is also disabled on all interfaces.
An interface can send and receive LLDP packets only after LLDP is enabled in both the
system view and the interface view.
After LLDP is disabled globally, the commands for enabling and disabling LLDP on an
interface do not take effect.
If LLDP needs to be disabled on some interfaces, enable LLDP globally first, and then run
the undo lldp enable command on these interfaces. To re-enable LLDP on these interfaces,
run the lldp enable command in the views of these interfaces.
NOTE
l On an Eth-Trunk, LLDP can only be enabled on member interfaces. The interfaces enabled with LLDP
and not enabled with LLDP can exist in the same Eth-Trunk.
l LLDP can be enabled and disabled only on the physical interfaces such as Ethernet, GE, and XGE
interfaces. Before enabling or disabling LLDP on an interface, ensure that LLDP has been enabled
globally.
Procedure
Step 1 Run:
system-view
55
2 LLDP Configuration
Prerequisite
LLDP has been enabled globally.
Context
If the configured management address is invalid or no management address is configured, the
system sets an IP address in the address list as the management address. The system selects the
IP address in the following priority order: loopback interface address, console port address, and
then VLANIF interface address. Among the IP addresses of the same type, the system selects
the smallest one. If the system does not find a management address, the bridge MAC address is
used as the management address.
Procedure
Step 1 Run:
system-view
Prerequisite
l
Context
To enable an interface to send the 802.3 Power via MDI TLV, run the lldp tlv-enable dot3-tlv
power command. The 802.3 Power via MDI TLV has the following formats:
l
802.1ab format: [TLV type | TLV information string length | 802.3 OUI | MDI power
support | PSE power pair | power class]
802.3at format: [TLV type | TLV information string length | 802.3 OUI | MDI power support
| PSE power pair | power class | type/source/priority | PD requested power value | PSE
allocated power value]
Based on 802.1ab, 802.3at extends three fields: type/source/priority, PD requested power value,
and PSE allocated power value.
Issue 01 (2011-10-26)
56
2 LLDP Configuration
Procedure
Step 1 Run:
system-view
l When the supported TLVs on the device are basic TLVs, TLVs in the IEEE 802.1 format, and TLVs
in the IEEE 802.3 format, the lldp tlv-enable command with the all parameter advertises all TLVs.
When the supported TLVs on the device are LLDP-MED TLVs, the lldp tlv-enable command with
the all parameter advertises all TLVs except Location Identification TLV.
If the all parameter is not specified, only one type of TLV can be sent. To send multiple types of TLVs,
run the command multiple times.
l You can specify the other types of LLDP-MED TLVs only after specifying the LLDP-MED
Capabilities TLV.
To disable the LLDP-MED Capabilities TLV, you must disable the other types of LLDP-MED TLVs
first.
To disable the MAC/PHY Configuration/Status TLVs, you must disable the LLDP-MED Capabilities
TLV first.
l The 802.3 MAC/PHY Configuration/Status TLVs are advertised automatically after the LLDP-MED
Capabilities TLV is advertised.
l If you disable the LLDP-MED TLVs and use the all keyword, the MAC/PHY Configuration/Status
TLVs are not disabled automatically.
Step 4 Run:
lldp dot3-tlv power {802.1ab | 802.3at }
The standard with which the 802.3 Power via MDI TLV sent by the interface complies is set.
By default, the 802.3 Power via MDI TLV conforms to 802.1 ab.
NOTE
Before selecting a format of the 802.3 Power via MDI TLV, you must know the TLV format supported by
the peer device. The TLV format on the local device must be also supported by the peer device.
----End
Issue 01 (2011-10-26)
57
2 LLDP Configuration
Prerequisite
LLDP has been enabled globally.
Context
Interval for sending LLDP packets and delay to send LLDP packets
When the LLDP status of the device keeps unchanged and the device does not discover new
neighbors, the interface module sends LLDP packets to the neighbors at a certain interval. After
the LLDP transmission interval is set on the device, the LLDP enabled interfaces send LLDP
packets to neighbors at this interval. The interfaces may send LLDP packets at different time
points. The LLDP transmission interval should be set properly and adjusted according to network
loads.
l
A long interval reduces the LLDP packet interaction frequency, and thus saves system
resource. However, if the interval is too long, the device cannot notify neighbors of its
status in time, and the NMS cannot discover the network topology changes in real time.
A short interval increases the LLDP packet transmission frequency and enables the NMS
to discover network topology changes in real time. However, if the interval is too short, the
LLDP packets are exchanged frequently, and thus the system load is increased and
resources are saved.
There is a delay before the interface module sends an LLDP packet to the neighbor when the
device status changes frequently. After the LLDP transmission delay is set on the device, the
LLDP enabled interfaces send LLDP packets to neighbors after a delay (the delay is the same
as or longer than the delay you specified). The interfaces may send LLDP packets at different
time points. If the device status changes frequently, extend the delay to prevent the device from
frequently sending traps to the NMS. A delay suppresses the network topology flapping. The
LLDP transmission delay should be set properly and adjusted according to network loads.
l
A long delay reduces the LLDP packet interaction frequency, and thus saves system
resource. However, if the delay is too long, the device cannot notify neighbors of its status
in time, and the NMS cannot discover the network topology changes in real time.
A short delay increases the LLDP packet transmission frequency and enables the NMS to
discover network topology changes in real time. However, if the delay is too short, the
LLDP packets are exchanged frequently, and thus the system load is increased and
resources are saved.
You should consider the value of delay when adjusting the value of interval because it is restricted
by the value of delay.
l
The value of interval must be equal to or greater than four times the value of delay.
Therefore, if you want to set interval to be smaller than four times the value of delay, first
reduce the delay value to be equal to or smaller than a quarter of the new interval value,
and then reduce the interval value.
Issue 01 (2011-10-26)
58
2 LLDP Configuration
NOTE
If the interval value is smaller than four times the delay value, the system displays an error message when
you run the undo lldp message-transmission delay command. To run the undo lldp messagetransmission delay command in this case, increase the interval value to at least four times the delay value
first.
TTL is the device information storage time. It is the smaller value between 65535 and
(interval x hold).
interval is the interval at which the device sends LLDP packets to neighbors. This parameter
is set by lldp message-transmission interval.
After the LLDP function is disabled on the device, its neighbors wait until the TTL of the device
information expires, and then delete the device information. This prevents network topology
flapping. The hold time multiplier of device information on neighbors must be set to a proper
value.
l
A great value of the hold time multiplier prevents network topology flapping. However, if
the value is too large, the device cannot notify neighbors of its status in time, and the NMS
cannot discover the network topology changes in real time.
A small value of the hold time multiplier enables the NMS to discover topology change in
time. However, if the value is too small, the neighbors update device information too
frequently. This increases the load on the system and wastes resources.
A great value of the delay prevents network topology flapping. However, if the value is too
large, the device cannot notify neighbors of its status in time, and the NMS cannot discover
the network topology changes in real time.
A small value of the delay enables the NMS to discover topology change in time. However,
if the value is too small, the neighbors update device information too frequently. This
increases the load on the system and wastes resources.
59
2 LLDP Configuration
The delay is applied to only the following traps: traps for adding neighbors, traps for deleting
neighbors, neighbor aging traps, and traps for discarding neighbor packets
(LLDP_1.0.8802.1.1.2.0.0.1 lldpRemTablesChange).
Procedure
Step 1 Run:
system-view
l You can extend the storage time of device information on the neighbors by increasing the value of
hold.
l The value of hold ranges from 2 to 10; however, when the value of (hold x interval) is greater than
65535, the hold value is invalid.
Step 5 Run:
lldp restart-delay delay
60
2 LLDP Configuration
Context
After the LLDP trap function is enabled, the switch sends traps to the NMS in one of the following
cases:
l
The LLDP trap function is applied to all interfaces. The LLDP trap function can take effect no
matter whether the LLDP function is enabled globally. If the network topology is unstable,
disable the LLDP function to prevent frequent trap sending.
Procedure
Step 1 Run:
system-view
Procedure
l
Run the display lldp local [ interface interface-type interface-number ] command to view
local LLDP status.
Run the display lldp neighbor brief command to view brief information about neighbors.
Run the display lldp tlv-config command to view the TLV types supported by the interface.
----End
61
2 LLDP Configuration
Procedure
l
----End
Procedure
l
Run the display lldp local [ interface interface-type interface-number ] command to view
LLDP status in the entire system or on an interface.
----End
Networking Requirements
As shown in Figure 2-7, SwitchA is directly connected to SwitchB and media endpoint (ME).
The NMS needs to obtain Layer 2 information about SwitchA, SwitchB, and ME. By using the
Layer 2 information, a network administrator can know the detailed network topology
information and configuration conflicts. These requirements can be met by configuring LLDP
on SwitchA and SwitchB.
In addition, the administrator requires that SwitchA and SwitchB send LLDP traps to the NMS
when the LLDP management address changes, global LLDP is enabled or disabled, or the
neighbor information changes. This ensures that the administrator detects topology changes in
time.
The ME supports the LLDP function. Reachable routes exist between the NMS and Switches.
The SNMP parameters are set on all devices.
Issue 01 (2011-10-26)
62
2 LLDP Configuration
Figure 2-7 Configuring LLDP on the device that has a single neighbor
Internet
NMS
10.10.10.1
Eethernet0/0/1
Switch A
Eethernet0/0/2
Ethernet0/0/1
10.10.10.2
Switch B
ME
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
Management address 10.10.10.1 for SwitchA and management address 10.10.10.2 for
SwitchB
Procedure
Step 1 Enable global LLDP on SwitchA and SwitchB.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] lldp enable
# Configure SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] lldp enable
63
2 LLDP Configuration
# Configure SwitchB.
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] bpdu enable
# Configure SwitchB.
[SwitchB] lldp management-address 10.10.10.2
# Configure SwitchB.
[SwitchB] snmp-agent trap enable feature-name lldptrap
Issue 01 (2011-10-26)
:enabled
(default is disabled)
64
2 LLDP Configuration
:30
:4
:2
:2
:5
:enabled
:IP: 10.10.10.1
(default
(default
(default
(default
(default
(default
is
is
is
is
is
is
30s)
4)
2s)
2s)
5s)
disabled)
:0
:0
:0
:0
Total Neighbors
Port information:
:1
Port information:
Interface Ethernet0/0/1:
LLDP Enable Status
:enabled
Total Neighbors
:1
Port ID subtype
Port ID
Port description
(default is disabled)
:interfaceName
:Ethernet0/0/1
:HUAWEI, Quidway Series, Ethernet0/0/1 Interface
:0
:0
:0
Power Type
:Unknown
PoE PSE power source
:Unknown
Port PSE Priority
:Unknown
Port Available power value:0
65
2 LLDP Configuration
Issue 01 (2011-10-26)
66
2 LLDP Configuration
Configuration Files
l
10.10.10.1
Networking Requirements
As shown in Figure 2-8, SwitchA, SwitchB, and SwitchC are connected through an unknown
network. The unknown network is not managed by the NMS, but can transparently transmit
LLDP packets. The NMS needs to obtain Layer 2 information about SwitchA, SwitchB, and
SwitchC. By using the Layer 2 information, a network administrator can know the detailed
network topology information and configuration conflicts. These requirements can be met by
configuring LLDP on SwitchA, SwitchB, and SwitchC.
The NMS has reachable routes to SwitchA, SwitchB, and SwitchC and SNMP parameters are
set on all devices.
Issue 01 (2011-10-26)
67
2 LLDP Configuration
Figure 2-8 Configuring LLDP on the device that has multiple neighbors
SNMP
SNMP
NMS
LL LLDPDU
D
PD
U
SwitchE
10.10.10.1
LLDPDU
LL
D
PD
U
SwitchD
SwitchF
LL
D
PD
U
10.10.10.2
SwitchA
SwitchB
10.10.10.3
SwitchC
LLDP interface
SNMP packet
LLDPDU packet
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Enable global LLDP on SwitchA, SwitchB, and SwitchC.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] lldp enable
# Configure SwitchB.
Issue 01 (2011-10-26)
68
2 LLDP Configuration
# Configure SwitchB.
Same as the configurations on SwitchA.
# Configure SwitchC.
Same as the configurations on SwitchA.
Step 3 Configure management addresses for SwitchA, SwitchB, and SwitchC.
# Configure SwitchA.
[SwitchA] lldp management-address 10.10.10.1
# Configure SwitchB.
[SwitchB] lldp management-address 10.10.10.2
# Configure SwitchC.
[SwitchC] lldp management-address 10.10.10.3
Issue 01 (2011-10-26)
69
2 LLDP Configuration
Auto-negotiation supported
:Yes
Auto-negotiation enabled
:Yes
OperMau
:speed(100)/duplex(Full)
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
PSE pairs control ability:No
Power pairs
:Unknown
Port power classification:Unknown
Link aggregation supported:Yes
Link aggregation enabled :No
Aggregation port ID
:0
Maximum frame Size
:1600
MED Device information
Device class
:Network Connectivity
HardwareRev
:VER B
FirmwareRev
:NC
SoftwareRev
:Version 5.70 V200R006C00
SerialNum
:NA
Manufacturer name :HUAWEI TECH CO., LTD
Model name
:NA
Asset tracking identifier :NA
Media policy type
:Unknown
Unknown Policy
:Undefined
VLAN tagged
:No
Media policy VlanID
:0
Media policy L2 priority :0
Media policy Dscp
:0
Power Type
:Unknown
PoE PSE power source
:Unknown
Port PSE Priority
:Unknown
Port Available power value:0
Neighbor index : 2
Chassis type
:macAddress
Chassis ID
:00e0-fc33-0013
Port ID type
:interfaceName
Port ID
:Ethernet0/0/1
Port description
:HUAWEI, Quidway Series, Ethernet0/0/1 Interface
System name
:SwitchC
System description :Quidway
Huawei Versatile Routing Platform Software
VRP (R) Software, Version 5.70 (S3700 )
Copyright (c) 2003-2010 Huawei Technologies Co., Ltd
System capabilities supported
:bridge
System capabilities enabled
:bridge
Management address type :ipV4
Management address
: 10.10.10.3
Expired time
:118s
Port VLAN ID(PVID) :1
VLAN name of VLAN 1: VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM CFM
Auto-negotiation supported
:Yes
Auto-negotiation enabled
:Yes
OperMau
:speed(100)/duplex(Full)
Power port class
PSE power supported
Issue 01 (2011-10-26)
:PD
:No
70
2 LLDP Configuration
Configuration Files
l
Issue 01 (2011-10-26)
71
2 LLDP Configuration
interface Ethernet0/0/1
undo port hybrid vlan 1
bpdu enable
#
return
Networking Requirements
As shown in Figure 2-9, SwitchA and SwitchB need to be connected by an Eth-Trunk. The
NMS needs to obtain the Layer 2 information between the Switches. By using the Layer 2
information, a network administrator can know the detailed topology information and
configuration errors on the devices outside the unknown network. These requirements can be
met by configuring LLDP on SwitchA and SwitchB.
The NMS has reachable routes to SwitchA and SwitchB and SNMP parameters are set on all
devices.
Figure 2-9 Configuring LLDP on the network where link aggregation is configured
GE1/0/3 GE1/0/2
10.10.10.1
GE2/0/2
GE2/0/3
10.10.10.2
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Issue 01 (2011-10-26)
72
3.
4.
2 LLDP Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Management address 10.10.10.1 for SwitchA and management address 10.10.10.2 for
SwitchB
Number of the Eth-Trunk between SwitchA and SwitchB, and numbers of the interfaces
added to the Eth-Trunk
Procedure
Step 1 Configure the Eth-Trunk between SwitchA and SwitchB.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 100
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] trunkport ethernet 0/0/1
[SwitchA-Eth-Trunk1] trunkport ethernet 0/0/2
[SwitchA-Eth-Trunk1] trunkport ethernet 0/0/3
[SwitchA-Eth-Trunk1] port link-type trunk
[SwitchA-Eth-Trunk1] port trunk allow-pass vlan 100
[SwitchA-Eth-Trunk1] quit
# Configure SwitchB.
Same as the configurations on SwitchA.
Step 2 Enable global LLDP on SwitchA and SwitchB.
# Configure SwitchA.
[SwitchA] lldp enable
# Configure SwitchB.
Same as the configurations on SwitchA.
Step 3 Enable SwitchA and SwitchB to process LLDP BPDUs.
# Configure SwitchA.
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] bpdu enable
[SwitchA-Eth-Trunk1] quit
# Configure SwitchB.
Same as the configurations on SwitchA.
Step 4 Configure management addresses for SwitchA and SwitchB.
# Configure SwitchA.
[SwitchA] lldp management-address 10.10.10.1
# Configure SwitchB.
Issue 01 (2011-10-26)
73
2 LLDP Configuration
Issue 01 (2011-10-26)
System configuration
LLDP Status
LLDP Message Tx Interval
LLDP Message Tx Hold Multiplier
LLDP Refresh Delay
LLDP Tx Delay
LLDP Notification Interval
LLDP Notification Enable
Management Address
:enabled
:30
:4
:2
:2
:5
:enabled
:IP: 10.10.10.1
(default
(default
(default
(default
(default
(default
(default
is
is
is
is
is
is
is
disabled)
30s)
4)
2s)
2s)
5s)
disabled)
74
2 LLDP Configuration
:0
:0
:0
Total Neighbors
:2
Port information:
Interface Ethernet0/0/1:
LLDP Enable Status
:enabled
Total Neighbors
:1
Port ID subtype
Port ID
Port description
(default is disabled)
:interfaceName
:Ethernet0/0/1
:HUAWEI, Quidway Series, Ethernet0/0/1 Interface
:0
:0
:0
Power Type
:Unknown
PoE PSE power source
:Unknown
Port PSE Priority
:Unknown
Port Available power value:0
Interface Ethernet0/0/2:
LLDP Enable Status
:enabled
Total Neighbors
:1
Port ID subtype
Port ID
Port description
(default is disabled)
:interfaceName
:Ethernet0/0/2
:HUAWEI, Quidway Series, Ethernet0/0/2 Interface
Issue 01 (2011-10-26)
:Yes
75
2 LLDP Configuration
Auto-negotiation enabled
:Yes
OperMau
:speed(100)/duplex(Full)
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
PSE pairs control ability:No
Power pairs
:Unknown
Port power classification:Unknown
Link aggregation supported:Yes
Link aggregation enabled :Yes
Aggregation port ID
:1
Maximum frame Size
:1600
MED port information
Media policy type
:Unknown
Unknown Policy
:Yes
VLAN tagged
:No
Media policy VlanID
Media policy L2 priority
Media policy Dscp
:0
:0
:0
Power Type
:Unknown
PoE PSE power source
:Unknown
Port PSE Priority
:Unknown
Port Available power value:0
Interface Ethernet0/0/3:
LLDP Enable Status
:enabled
Total Neighbors
:1
Port ID subtype
Port ID
Port description
(default is disabled)
:interfaceName
:Ethernet0/0/3
:HUAWEI, Quidway Series, Ethernet0/0/3 Interface
Issue 01 (2011-10-26)
:0
:0
:0
:Unknown
:Unknown
76
2 LLDP Configuration
115
115
115
Configuration Files
l
Issue 01 (2011-10-26)
77
Issue 01 (2011-10-26)
2 LLDP Configuration
10.10.10.2
78
3 HGMP Configuration
HGMP Configuration
Issue 01 (2011-10-26)
79
3 HGMP Configuration
Issue 01 (2011-10-26)
80
3 HGMP Configuration
FTP
Server
IDC
Server
IP/MPLS
core
I n te rnnet
Router
Cluster1
Administrator
Member1
Member2
Member4
Member3
DSLAM
Host
Administrator: administrator switch
Issue 01 (2011-10-26)
81
3 HGMP Configuration
FTP
Server
IDC
Server
IP/MPLS
core
I n te rnnet
Router
Cluster1
Administrator
Member1
Member3
Member2
Member4
DSLAM
Host
Administrator: administrator switch
NDP
In HGMP, Neighbor Discovery Protocol (NDP) packets are used to collect information about
the directly connected neighbors, including the device model, software version, hardware
version, connection interface, member number, private IP address used for communication
within a cluster, and hardware platform.
NOTE
Any device that supports HGMP does not forward NDP packets.
82
3 HGMP Configuration
After receiving an NDP packet from the neighbor, the device compares the contents of the packet
with those of a corresponding entry in the NDP table and updates the entry.
NTDP
In HGMP, Network Topology Discovery Protocol (NTDP) packets are used to collect
information about topologies. According to the neighbor information in the NDP table, the
device sends and forwards requests for topology collection, and then collects entries in the NDP
table of each device in a certain network segment.
After receiving an NTDP topology request packet, the device sends an NTDP response packet
immediately. At the same time, the device forwards the received NTDP packet to other interfaces
according to NTDP forwarding rules.
Roles in a Cluster
HGMP defines four roles in a cluster: administrator switch, member switch, candidate switch,
and standby switch.
NOTE
A member switches is the member device in a cluster. The member switch is managed by
the administrator switch that acts as an agent. Therefore, the public IP address is not required
for a member switch.
A candidate switch is a device that has the cluster function but does not join any cluster.
A standby switch is the backup administrator switch in a cluster. When the administrator
switch fails, the standby switch automatically serves as the administrator switch.
You can determine the role of a switch in a cluster. Each of the four roles, however, can be
changed according to certain rules.
Issue 01 (2011-10-26)
83
3 HGMP Configuration
NAT
In HGMP, member switches in a cluster can communicate with devices in the public network
through Network Address Transmission (NAT). Whether to use NAT for the communication
can be controlled through commands.
l
To ensure that devices in and out of the cluster can communicate through NAT, you need
to enable NAT of specified protocols on the administrator switch.
NAT rules used by a cluster are automatically configured by the administrator switch. When
member switches access devices out of the cluster, they can automatically obtain the
interface mapped through NAT; when devices out of the cluster access member switches,
they need to calculate the number of the port of specified services on member switches.
Batch Distribution
HGMP can perform batch distribution over all the member switches under its management.
Objects to be distributed in batches include: the system software, configuration files, patch files.
l
The batch distribution command can be performed only on the administrator switch.
The administrator switch can be configured with the plug-and-play IP address, user name,
and password. If no IP address, user name, or password are specified in the command, the
plug-and-play IP address, user name, and password are adopted. If neither kinds of IP
address, user name, and password are configured, the command cannot be performed.
Member switches download specified files from the FTP server and then set them as the
default files for the next startup.
To avoid congestion, you can set the maximum number of member switches that
concurrently download files from the FTP server.
Batch Restart
HGMP can perform batch restart over a specified group of member switches.
l
During the process of batch restart, member switches do not save the current configuration.
After receiving the batch restart command, member switches wait 1 second to guarantee
the pervasion of control packets throughout the cluster.
Incremental Configuration
In a cluster, some member switches may have the same configurations, such as creating a VLAN
and enabling a feature. The incremental configuration function is used to remotely control the
selected member switches in batches. With this mode, you only need to configure a control
command list on the administrator switch. Then, you can deliver the control command list to
member switches at a time and query the control command output on each member switch. The
member selection mode can be all, device type-based, member switch ID-based, or IP addressbased.
l
Issue 01 (2011-10-26)
84
3 HGMP Configuration
After incremental configuration is performed, a result list is returned to report the command
output on each member switch. If an error occurs during the command execution, the faulty
command can be located according to the sequence number.
Latter execution results of the incremental configuration overwrite previous ones and only
the last result is saved.
You can edit a configuration command list in the incremental configuration view. The
command execution is closely related to specific views and its sequence is the same as that
on a device.
Configuration Synchronization
After a cluster is created and configured with basic functions, you can save the configuration
files of the cluster members to a specified FTP server through the configuration synchronization
command.
l
Security Features
After a cluster is created and configured with basic functions, you can close the network edge
of the cluster as required and then the topology of the cluster becomes stable. When plug and
play is enabled and the PAF is used to control devices configured with HGMP functions to
automatically enable NDP and NTDP on Layer 2 interfaces, a great number of Layer 2 interfaces
are automatically enabled with NDP and NTDP on member switches. NDP and NTDP, however,
are not required on interfaces unrelated to the cluster. Therefore, you need to disable NDP or
NTDP on unrelated interfaces. As a result, less packets are transmitted and the topology of the
cluster is stable.
l
On the administrator switch, disable NDP or NDTP on unrelated interfaces in the cluster.
After you disable NDP on unrelated interfaces in the cluster, NDP packets of the interfaces
are not sent to the administrator switch.
After you disable NTDP on unrelated interfaces in the cluster, NTDP packets of the
interfaces are not sent to the administrator switch.
When the topology of the cluster becomes stable, the unrelated interfaces in the cluster are
defined as interfaces that have not NDP neighbors.
Plug and play uses the PAF to control the performance of basic configuration on devices.
The interfaces connecting the administrator switch and the member switches need to be
added to a control VLAN in trunk mode.
The interval for collecting NTDP packets needs to be set on the administrator switch.
Issue 01 (2011-10-26)
85
3 HGMP Configuration
Applicable Environment
When you need to create or manage a cluster, you can configure the cluster with basic HGMP
functions.
Pre-configuration Tasks
Before configuring basic HGMP functions, complete the following tasks:
l
Data Preparation
To configure basic HGMP functions, you need the following data.
No.
Data
Cluster name
(Optional) Aging time of NDP packets and interval for sending NDP packets
(Optional) Range of topology collection, hop delay and interface delay in forwarding
NTDP topology request packets, interval for topology collection
(Optional) ID of the management VLAN, aging time of NDP packets, interval for
sending handshake packets, address of the SNMP host, and IP addresses of the FTP
server and the SFTP server
Issue 01 (2011-10-26)
86
3 HGMP Configuration
Procedure
l
Run:
system-view
Run:
ndp enable
Run:
system-view
Run:
system-view
Run:
ndp timer aging aging-time
Run:
system-view
Issue 01 (2011-10-26)
87
3 HGMP Configuration
Run:
ndp timer hello interval
Procedure
l
Run:
system-view
Run:
ntdp enable
Run:
system-view
Run:
interface interface-type interface-number
Run:
ntdp enable
Run:
system-view
Run:
ntdp hop max-hop-value
88
1.
3 HGMP Configuration
Run:
system-view
Run:
ntdp timer hop-delay hop-delay-time
Run:
ntdp timer port-delay port-delay-time
Run:
system-view
Run:
ntdp timer interval
Procedure
l
Run:
system-view
Run:
vlan vlan-id
89
3 HGMP Configuration
Run:
quit
Run:
interface vlanif vlan-id
Run:
quit
Run:
cluster
Run:
mngvlanid vlan-id
Run:
system-view
Run:
cluster enable
Creating a cluster
A cluster can be created manually or automatically on the S3700.
NOTE
If the administrator switch is rebooted after the HGMP cluster is created, member switches need to
be re-added into the cluster. In such a situation, numbering of these member switches may be changed.
Issue 01 (2011-10-26)
90
3 HGMP Configuration
Run:
system-view
Run:
cluster
Run:
ip-pool administrator-ip-address { mask-length | mask }
The private IP addresses used by a cluster cannot be the same as any IP address on the device.
4.
Run:
build cluster-name
Names of the administrator switch and the cluster are configured and the cluster is
created.
This command can only be run on the administrator switch and the switch that does
not join any cluster.
Creating a cluster automatically
These steps need to be configured only on the administrator switch or on the switch which
will be the administrator in a created HGMP cluster.
In this mode, the administrator switch prompts you whether to add all the existing candidate
switches to the cluster.
1.
Run:
system-view
Run:
cluster
Run:
ip-pool administrator-ip-address { mask-length | mask }
91
3 HGMP Configuration
NOTE
The private IP addresses used by a cluster cannot be the same as any IP address on the device.
4.
Run:
auto-build [ recover ]
Context
After a cluster is set up, you can add a member switch to the cluster either manually or
automatically.
Procedure
l
Run:
system-view
Run:
cluster
Run:
add-member [ member-number ] mac-address mac-address [ password password]
Run:
system-view
Run:
cluster
Issue 01 (2011-10-26)
92
3 HGMP Configuration
Run:
auto-build [ recover ]
If the administrator switch of HGMP cluster A considers that switch N does not belong to
cluster A but switch N considers that it belongs to cluster A, switch N is called the missing
member switch on the administrator switch.
----End
Procedure
l
Deleting a cluster
Do as follows on the administrator switch:
1.
Run:
system-view
Run
cluster
Run:
undo build
A cluster is deleted.
After the command is run on an administrator switch, except the mngvlanid and ippool commands, configurations of the administrator switch in the HGMP cluster view
are deleted; all member switches automatically quit the cluster.
l
Disabling a cluster
Do as follows on the administrator switch or a member switch:
1.
Run:
system-view
93
2.
3 HGMP Configuration
Run:
undo cluster enable
Quitting a cluster
Do as follows on a member switch:
1.
Run:
system-view
Run
cluster
Run:
undo administrator-address
When you run the undo administrator-address command on member switches, the member
switch temporarily exits from the cluster, whereas the administrator switch does not delete the
member switch. To delete a member switch from the HGMP cluster, run the delete-member
command.
----End
Context
If you do not need a cluster to manage a switch, you can delete the member switch from the
cluster.
Do as follows only on the administrator switch:
Procedure
Step 1 Run:
system-view
94
3 HGMP Configuration
cluster
Prerequisite
The configurations of the Basic HGMP are complete.
Procedure
l
Run the display ndp to check the NDP configuration in the system view.
Run the display ntdp device-list [ verbose ] to check the device information collected
through NTDP.
Run the display cluster to check the status and statistics of cluster.
Run the display cluster members [ member-number | verbose ] to check information about
member switches.
----End
Example
If the NDP neighbor can be normally established, you can run the display ndp command to
check information about the MAC addresses of all the neighboring stations and the number of
the interface on the neighboring station that is connected to the local interface.
<Quidway> display ndp
Neighbor discovery protocol is enabled.
Neighbor Discovery Protocol Ver: 1, Hello Timer: 60(s), Aging Timer: 180(s)
Interface: GigabitEthernet0/0/1
Status: Disabled, Packets Sent: 0, Packets Received: 0, Packets Error: 0
Interface: GigabitEthernet0/0/2
Status: Enabled, Packets Sent: 114, Packets Received: 108, Packets Error: 0
Neighbor 1: Aging Time: 174(s)
MAC Address : 0018-8203-39d8
Port Name
: GigabitEthernet0/0/1
Software Version: VRP 5.70 V100R006C00
Device Name : S3700
Port Duplex : FULL
Product Ver : S3700
Issue 01 (2011-10-26)
95
3 HGMP Configuration
If the NDP neighbor is normally established, you can run the display ndp interface command
to check information about the MAC address of the neighboring station and the number of the
interface on the neighboring station that is connected to the local interface.
<Quidway> display ndp interface gigabitethernet 0/0/1
Interface: GigabitEthernet0/0/1
Status: Enabled, Packets Sent: 116, Packets Received: 110, Packets Error: 0
Neighbor 1: Aging Time: 174(s)
MAC Address : 0018-8203-39d8
Port Name
: GigabitEthernet0/0/1
Software Version: VRP 5.70 V100R006C00
Device Name : S3700
Port Duplex : FULL
Product Ver : S3700
If the NTDP neighbor is normally established, you can run the display ntdp command to check
the NTDP settings.
<Quidway> display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:462ms
If device information is successfully collected through NTDP, you can run the display ntdp
device-list [ verbose ] command to view information lists of all the devices.
<Quidway> display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700
If the cluster is established successfully, you can run the display cluster command to view
information about the HGMP cluster to which the device belongs, such as the cluster name and
ID of the management VLAN.
<HUAWEI_0.Quidway> display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.1.1.1/24
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 2 member(s) in the cluster, and 0 of them are down.
If the cluster is established successfully, you can run the display cluster candidates command
to view information about candidate switches, such as the MAC address and device type.
Issue 01 (2011-10-26)
96
3 HGMP Configuration
If the cluster is established successfully, you can run the display cluster members command
to view information about member switches, such as the MAC address and device type. Member
switches are in the Up state.
<HUAWEI_0.Quidway> display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
00e0-fcb8-d6b6 Admin HUAWEI_0.Administrator-1
1
S3700
0018-8267-7f7d Up
HUAWEI_1.Member-1
2
S3700
00e0-0003-0003 Up
HUAWEI_2.Member-2
Applicable Environment
To optimize the performance parameters of the established cluster, you can configure advanced
HGMP functions to facilitate the management and maintenance of the HGMP cluster and better
manage member switches in the cluster.
Pre-configuration Tasks
Before configuring advanced HGMP functions, complete the following tasks:
l
Data Preparation
To configure advanced HGMP functions, you need the following data.
Issue 01 (2011-10-26)
No.
Data
97
3 HGMP Configuration
No.
Data
IP addresses of the public FTP server, SFTP server, log host, SNMP host used in the
cluster
Default information about the FTP server that is configured for the cluster, including
the IP address, user name, and password
Procedure
l
Run:
system-view
Run:
cluster
Run:
timer interval
Run:
system-view
Run:
cluster
Run:
holdtime hold-time
98
3 HGMP Configuration
By default, the holdtime is 60 seconds. The holdtime must be at least three times the
interval for sending handshake packets.
l
Run:
system-view
Run:
cluster
Run:
cluster-autojoin
Set the aging time of the Disconnecting state for member switches.
Do as follows on the administrator switch:
1.
Run:
system-view
Run:
cluster
Run:
cluster-discagingtime disconnect-aging-time
Run:
system-view
Run:
cluster
Run:
cluster-multimac mac-address
99
3 HGMP Configuration
Before setting up a cluster, you need to assign a multicast MAC address to the cluster
or use the default multicast MAC address. To enhance the network security or if the
default multicast MAC address is already used by other services on the network, you
can reassign a multicast MAC address to the cluster within the permitted range. Once
the cluster is set up, you cannot change the multicast MAC address of the cluster. In
addition, you need to assign the same multicast MAC address to all the devices in the
cluster.
l
Run:
system-view
Run:
cluster
Run:
port-tagged vlan
Communication interfaces in the cluster are added to the management VLAN in trunk
mode.
l
Run:
system-view
Run:
cluster
Run:
ftp-server ip-address
The member switches in a cluster can communicate with the FTP server in either of the
following modes:
l Non-NAT: There must be reachable routes between member switches and FTP server.
l NAT: The cluster-ftp-nat enable command must be run in the cluster view to enable the
FTP NAT function on the administrator switch. The NAT rules are automatically generated
on the administrator switch, and the member switches obtain the NAT mapped ports.
The FTP NAT function on the administrator switch is disabled by default. That is, the member
switches communicate with the FTP server in non-NAT mode.
After the FTP server for the cluster is configured successfully, you can run the cluster-ftp
command so that the member switches can access the FTP server.
4.
Run:
sftp-server ip-address
Issue 01 (2011-10-26)
100
3 HGMP Configuration
Run:
snmp-host ip-address
The member switches in a cluster can communicate with the SNMP server in either of the
following modes:
l Non-NAT: There must be reachable routes between member switches and SNMP server.
l NAT: The cluster-snmp-nat enable command must be run in the cluster view to enable
the SNMP NAT function on the administrator switch. The NAT rules are automatically
generated on the administrator switch, and the member switches obtain the NAT mapped
ports.
The SNMP NAT function on the administrator switch is enabled by default. That is, the member
switches communicate with the SNMP server in NAT mode.
6.
Run:
logging-host ip-address
Procedure
l
Run:
system-view
Run:
cluster
(Optional) Run:
cluster-plug-play ip ftp-ip-address username user-name password password
[ path-separator pathseparator ]
101
3 HGMP Configuration
After the configuration, the configured information is used by default during the
process of batch distribution.
4.
(Optional) Run:
cluster-member ftp-timeout time
The timeout period for member switches to download the configuration file, the
version file or the patch files through FTP is configured.
5.
Run:
cluster-member [ group-by { device-type device-type | ip {ip-address [ to
ip-address ] } &<1-10> | member-number { member-number [ to membernumber ] } &<1-10> } ] get { configuration-file | system-software | patch
| paf | license } file-name [ ip ftp-ip-address user-name user-name
password password ] [ path-separator pathseparator ]
Run:
system-view
Run:
cluster
(Optional) Run:
cluster-member reboot-timeout time
Run:
cluster-member reboot [ group-by { device-type device-type | ip {ipaddress [ to ip-address ] } &<1-10> | member-number { member-number [ to
member-number ] } &<1-10> } ]
Run:
system-view
102
2.
3 HGMP Configuration
Run:
cluster
(Optional) Run:
cluster-plug-play ip ftp-ip-address username user-name password password
[ path-separator pathseparator ]
Run:
cluster-plug-play enable
Run:
system-view
Run:
cluster
Run:
cluster-packet-extend enable
Run:
system-view
Run:
cluster
103
3.
3 HGMP Configuration
Run:
increment
Run:
increment-command [ command-number command-number ] command-text commandtext
Run:
increment-run [ group-by { device-type device-type | ip { ip-address [ to
ip-address ] } &<1-10> | member-number { member-number [ to membernumber ] } &<1-10> } ]
The result whether commands in the command list are sent to the specified member
switch is displayed.
Only the last execution result of the incremental configuration is saved.
The member selection mode can be device type-based, member switch ID-based,
IP address-based, or all.
If you use the ID of an existing command during the process of editing the
command list, the command will be overwritten.
To delete the existed incremental configuration command, run the undo
increment-command { command-number command-number | all } command.
To check the list of incremental configuration commands that is currently edited,
run the display increment-command command.
l
Run:
system-view
Run:
cluster
Run:
increment-config synchronization [ group-by { device-type device-type |
ip {ip-address [ to ip-address ] } &<1-10> | member-number { membernumber [ to member-number ] } &<1-10> } ]
The result whether configuration files of the specified member switch are
synchronized to the FTP server is displayed.
The member selection mode can be device type-based, member switch ID-based,
IP address-based, or all.
This command is valid only after the cluster is enabled.
l
Run:
system-view
Issue 01 (2011-10-26)
104
3 HGMP Configuration
Run:
cluster
Run:
cluster-member unrelated-port [ group-by { device-type device-type | ip
{ip-address [ to ip-address ] } &<1-10> | member-number { member-number
[ to member-number ] } &<1-10> } ] { ndp | ntdp }
Prerequisite
The configurations of the Advanced HGMP are complete.
Procedure
l
Run the display member-interface-state { ndp | ntdp } to check the status of NDP or
NTDP on unrelated interfaces of member switches.
Run the display member-reboot-state to check whether member switches are restarted
successfully.
Run the display member-save-state to check whether member switches successfully save
the current configurations to the FTP server
----End
Issue 01 (2011-10-26)
105
3 HGMP Configuration
Example
If the incremental configuration command is successfully delivered to member switches, run the
display cluster-increment-result command, and you can view that success is displayed.
<HUAWEI_0.Quidway> display cluster-increment-result
The result of member switches executing increment commands:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
Result
CommandId
-----------------------------------------------------------------------------2
S3700
0003-0003-0003 10.0.0.3
success
3
S3700
0004-0004-0004 10.0.0.4
success
Run the display cluster-license command, and you can check the contents of the cluster license,
including the number of member switches that can be managed by the administrator switch and
maximum layers that member switches can concatenate.
<Quidway> display cluster-license
The max numbers and hops of manage member switch:
------------------------------------------------------------Max numbers of manage member switch: 255
Max hops of manage member switch
: 16
Run the display cluster-topology-info command, and you can view the cluster topology,
including the topology of normal links, candidate links, and faulty links.
<Quidway> display cluster-topology-info
<-->:normal device
<++>:candidate device
<??>:lost device
------------------------------------------------------------------------Total topology node number is 5.
[HUAWEI_0.Administrator: Root-00e0-ad14-c600]
|-(GigabitEthernet0/0/1)<-->(GigabitEthernet0/0/1)[HUAWEI_3.Member-3: 00e0da1c-4c00]
| |-(GigabitEthernet0/0/2)<-->(GigabitEthernet0/0/1)[HUAWEI_2.Member-2:
00e0-875b-8f00]
| | |-(GigabitEthernet0/0/2)<-->(GigabitEthernet0/0/1)[HUAWEI_1.Member-1:
00e0-0f68-6f00]
|-(GigabitEthernet0/0/2)<-->(GigabitEthernet0/0/1)[HUAWEI_4.Member-4:
00e0-9f7e-0b00]
Run the display increment-command command, and you can check the incremental
configuration of the cluster, including the number and contents of the incremental configuration.
<Quidway> display increment-command
The content of increment commands:
-----------------------------------------------------------------------------SN
Content
-----------------------------------------------------------------------------10
vlan batch 10 to 20
20
ip route-static 2.0.0.0 8 10.0.0.1
If the configuration files of member switches are successfully synchronized with the FTP server,
run the display increment-synchronization-result command, and you can view that success
is displayed.
<Quidway> display increment-synchronization-result
The result of member switches' synchronization:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------1
S3700
0002-0002-0002 10.0.0.2
success
2
S3700
0003-0003-0003 10.0.0.3
success
3
S3700
0004-0004-0004 10.0.0.4
success
If member switches successfully obtain configuration files, PAF files, or patch files, run the
display member-getfile-state command, and you can view that success is displayed.
Issue 01 (2011-10-26)
106
3 HGMP Configuration
Interfaces running NDP and NTDP are not required on member switches. If NDP and NTDP
are disabled successfully, run the display member-interface-state command, and you can view
that success is displayed.
<HUAWEI_0.Quidway> display member-interface-state ndp
The result of member switches executed disable member interface command:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------3
S3700
0004-0004-0004
10.0.0.4
success
2
S3700
0003-0003-0003
10.0.0.3
success
1
S3700
0002-0002-0002
10.0.0.2
success
[HUAWEI_0.Quidway-cluster] display member-interface-state ntdp
The result of member switches executed disable member interface command:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------3
S3700
0004-0004-0004
10.0.0.4
success
2
S3700
0003-0003-0003
10.0.0.3
success
1
S3700
0002-0002-0002
10.0.0.2
success
If member switches are successfully restarted, run the display member-reboot-state command,
and you can view that success is displayed.
<Quidway> display member-reboot-state
The result of member switches rebooting:
-----------------------------------------------------------------------SN
Device
MacAddress
IPAddress
Result
-----------------------------------------------------------------------1
S3700
0002-0002-0002
10.0.0.2
success
2
S3700
0003-0003-0003
10.0.0.3
success
------------------------------------------------------------------------
If the current configurations are successfully saved on member switches, run the display
member-save-state command, and you can view that success is displayed.
<Quidway> display member-save-state
The result of member switches saving:
-----------------------------------------------------------------------SN
Device
MacAddress
IPAddress
Result
-----------------------------------------------------------------------1
S3700
0002-0002-0002
10.0.0.2
success
2
S3700
0003-0003-0003
10.0.0.3
success
------------------------------------------------------------------------
If member switches successfully synchronize configuration files to the FTP server, run the
display synchronization-result command, and you can view that success is displayed.
<Quidway> display synchronization-result
The result of member switches' synchronization:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------1
S3700
0002-0002-0002 10.0.0.2
success
2
S3700
0003-0003-0003 10.0.0.3
success
3
S3700
0004-0004-0004 10.0.0.4
success
Issue 01 (2011-10-26)
107
3 HGMP Configuration
Context
CAUTION
Once statistics are cleared, they cannot be restored. Confirm the action before you use the
command.
Procedure
Step 1 Run the reset ndp statistics [ interface { interface-type interface-number [ to interface-type
interface-number ] } &<1-10> ] command in the user view to clear the NDP statistics.
----End
Context
In routine maintenance, you can run the following commands in any view to display the operation
stauts of HGMP.
Procedure
l
Run the display ndp to check the NDP configuration in the system view.
Run the display cluster to check information about the HGMP cluster to which the device
belongs.
Run the display ntdp device-list [ verbose ] to check information about the HGMP cluster
to which the device belongs.
----End
Issue 01 (2011-10-26)
108
3 HGMP Configuration
Context
CAUTION
Debugging affects the performance of the system. After the debugging, run the undo debugging
all command to timely disable it.
When a fault occurs on NDP, NTDP, or a cluster, run the debugging command in the user view
to debug NDP, NTDP or the cluster, and you can view debugging information, locate the fault,
and then analyze the cause.
For more information about the debugging command, refer to the Debugging Reference.
Procedure
l
Run the debugging ntdp { all | data | error | message | packet [ verbose ] } to enable
NTDP debugging.
Run the debugging cluster { all | event | handshake | member | mrc | nat | packet |
state } command or debugging cluster { packet | handshake | mrc } [verbose ] command
to enable cluster debugging.
----End
109
3 HGMP Configuration
NOTE
For convenience, only four devices in the Layer 2 network are described.
Figure 3-3 Networking diagram of configuring basic HGMP functions for a cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC address
Device
MAC address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a management VLAN on all devices. Enable NDP and NTDP to ensure that each
device can detect the topology structure of the network through NTDP.
2.
Choose the administrator switch, and then create a cluster named HUAWEI on the
administrator switch.
3.
Add all the devices that support HGMP in the Layer 2 network to the cluster.
4.
Issue 01 (2011-10-26)
110
5.
3 HGMP Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface ethernet 0/0/1
[Administrator-1-Ethernet0/0/1] port link-type trunk
[Administrator-1-Ethernet0/0/1] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/1] quit
[Administrator-1] interface ethernet 0/0/2
[Administrator-1-Ethernet0/0/2] port link-type trunk
[Administrator-1-Ethernet0/0/2] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/2] quit
[Administrator-1] interface ethernet 0/0/3
[Administrator-1-Ethernet0/0/3] port link-type trunk
[Administrator-1-Ethernet0/0/3] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
Issue 01 (2011-10-26)
111
3 HGMP Configuration
[Member-2-vlan10] quit
[Member-2] interface ethernet 0/0/1
[Member-2-Ethernet0/0/1] port link-type trunk
[Member-2-Ethernet0/0/1] port trunk allow-pass vlan 10
[Member-2-Ethernet0/0/1] quit
[Member-2] interface vlanif 10
[Member-2-Vlanif10] quit
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface ethernet 0/0/1 ethernet 0/0/2
Interface: Ethernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Issue 01 (2011-10-26)
112
3 HGMP Configuration
0/0/1
enable
0/0/2
enable
0/0/1
enable
0/0/2
enable
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Issue 01 (2011-10-26)
113
3 HGMP Configuration
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
Issue 01 (2011-10-26)
114
3 HGMP Configuration
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
DeviceType
S3700
S3700
S3700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3
115
3 HGMP Configuration
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
Issue 01 (2011-10-26)
116
3 HGMP Configuration
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
----End
Configuration Files
l
Issue 01 (2011-10-26)
117
3 HGMP Configuration
#
interface Vlanif10
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
Issue 01 (2011-10-26)
118
3 HGMP Configuration
#
return
In this configuration example where the NAT mode is adopted, Member-3 accesses the FTP server
(2.0.0.1/8) out of the cluster and devices out of the cluster access the FTP server (Member-2) in the cluster.
Figure 3-4 Networking diagram of configuring the interconnection of FTP servers and devices
in and out of the HGMP cluster (in NAT Mode)
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Device
Issue 01 (2011-10-26)
MAC Address
Cluster
Device
MAC Address
119
3 HGMP Configuration
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster and configure basic HGMP functions for the cluster according to the steps
described in the section "Example for Configuring Basic HGMP Functions for a
Cluster."
2.
For the situation that Member-3 accesses the FTP server (2.0.0.1/8) out of the cluster:
l Run the cluster-ftp command on the member switch to set up a connection with the
public FTP server of the cluster.
3.
For the situation that a device out of the cluster accesses the FTP server (Member-2):
l Calculate the port number reserved on the administrator switch for the FTP protocol of
a certain member switch in the cluster.
l Run the FTP client program on the PC and create an FTP connection with the member
switch.
Data Preparation
To complete the configuration, you need the following data:
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the FTP server
Member-2 serving as the FTP server in the cluster with the member ID being 2
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface ethernet
[Administrator-1-Ethernet0/0/1] port
[Administrator-1-Ethernet0/0/1] port
[Administrator-1-Ethernet0/0/1] quit
[Administrator-1] interface ethernet
[Administrator-1-Ethernet0/0/2] port
[Administrator-1-Ethernet0/0/2] port
[Administrator-1-Ethernet0/0/2] quit
[Administrator-1] interface ethernet
Issue 01 (2011-10-26)
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
0/0/3
120
3 HGMP Configuration
Issue 01 (2011-10-26)
121
3 HGMP Configuration
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface ethernet 0/0/1 ethernet 0/0/2
Interface: Ethernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Product Ver : S3700
Interface: Ethernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Port Duplex : FULL
Product Ver : S3700
0/0/1
enable
0/0/2
enable
Issue 01 (2011-10-26)
0/0/1
enable
0/0/2
enable
122
3 HGMP Configuration
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
------------------------------------------------------------------------------
Issue 01 (2011-10-26)
123
HOP
3 HGMP Configuration
IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
Issue 01 (2011-10-26)
124
3 HGMP Configuration
DeviceType
S3700
S3700
S3700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
Issue 01 (2011-10-26)
125
3 HGMP Configuration
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
l A device out of the cluster accesses the FTP server in the cluster in NAT mode.
# Configure an FTP server on Member-2. The configuration details see Configuration Files,
and are not mentioned here.
# Calculate the port number reserved for the FTP protocol of a member switch in the cluster.
The member ID of Member-2 is 2. Using the formula for computing port numbers reserved
for a cluster ( Interface number reserved for a cluster = Base interface number + Member
number*2) , you can obtain that the reserved port number, which is used by Member-2 to
enable the FTP server, is 53248 + 2*2 = 53252.
# Run the FTP client program on the PC and set up an FTP connection with Member-2 in
NAT mode.
NOTE
A device out of the cluster accesses the FTP server in the cluster in NAT mode. IP address of the FTP
server is that of the management VLANIF interface on the administrator switch. The FTP server uses
a port number reserved in the cluster instead of the commonly-used 21.
ftp> open 1.0.0.1 53252
Connected to 1.0.0.1.
220 FTP service ready.
User (1.0.0.1:(none)): hgmp
331 Password required for hgmp.
Issue 01 (2011-10-26)
126
3 HGMP Configuration
Password:
230 User logged in.
ftp>
----End
Configuration Files
l
Issue 01 (2011-10-26)
127
3 HGMP Configuration
Issue 01 (2011-10-26)
128
3 HGMP Configuration
return
In this configuration example where the Non-NAT mode is adopted, Member-3 accesses the FTP server
(2.0.0.1/8) out of the cluster and devices out of the cluster access the FTP server (Member-2) in the cluster.
Figure 3-5 Networking diagram of configuring the interconnection of FTP servers and devices
in and out of the HGMP cluster (in non-NAT mode)
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Device
Issue 01 (2011-10-26)
MAC Address
Cluster
Device
MAC Address
129
3 HGMP Configuration
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster and configure basic HGMP functions for the cluster according to the steps
described in the section Example for Configuring Basic HGMP Functions for a
Cluster.
2.
Disable FTP NAT on the administrator switch (The function is disabled by default.)
NOTE
3.
Configure routes on the administrator switch and member switches to ensure that reachable
routes exist between the FTP server and member switches.
4.
For the situation that Member-3 accesses the FTP server (2.0.0.1/8) out of the cluster:
l Run the ftp command on the member switch to set up a connection with the public FTP
server of the cluster.
5.
For the situation that the device out of the cluster accesses the FTP server (Member-2):
l Run the FTP client program on the PC and create an FTP connection with the member
switch.
Context
To complete the configuration, you need the following data:
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the FTP server
Member ID serving as the FTP server in the cluster with the member ID being 2
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface ethernet 0/0/1
[Administrator-1-Ethernet0/0/1] port link-type trunk
[Administrator-1-Ethernet0/0/1] port trunk allow-pass vlan 10
Issue 01 (2011-10-26)
130
3 HGMP Configuration
[Administrator-1-Ethernet0/0/1] quit
[Administrator-1] interface ethernet 0/0/2
[Administrator-1-Ethernet0/0/2] port link-type trunk
[Administrator-1-Ethernet0/0/2] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/2] quit
[Administrator-1] interface ethernet 0/0/3
[Administrator-1-Ethernet0/0/3] port link-type trunk
[Administrator-1-Ethernet0/0/3] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
131
3 HGMP Configuration
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface ethernet 0/0/1 ethernet 0/0/2
Interface: Ethernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Product Ver : S3700
Interface: Ethernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Port Duplex : FULL
Product Ver : S3700
0/0/1
enable
0/0/2
enable
Issue 01 (2011-10-26)
ntdp enable
ntdp timer 10
ntdp hop 3
interface ethernet 0/0/1
132
3 HGMP Configuration
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
Issue 01 (2011-10-26)
133
3 HGMP Configuration
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
Issue 01 (2011-10-26)
134
3 HGMP Configuration
DeviceType
S3700
S3700
S3700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
Step 9 Configure routes for the member switches and ensure that reachable routes exist between
member switches and the FTP server.
# Configure member switch 1.
Issue 01 (2011-10-26)
135
3 HGMP Configuration
Multiple member switches can be configured simultaneously through incremental configuration. For
configuration details, see Example for Configuring the Incremental Configuration Function for an
HGMP Cluster.
l Devices out of the cluster access the FTP server in the cluster in non-NAT mode.
# Configure an FTP server on the corresponding member switch (Member-2). The
configuration details see Configuration Files, and are not mentioned here.
# Run the FTP client program on the PC and set up an FTP connection with Member-2 in
non-NAT mode.
NOTE
Devices out of the cluster access the FTP server in the cluster in non-NAT mode. The IP address of
the FTP server is that of the management VLANIF interface on the member switch. The FTP server
uses a port number reserved in the cluster instead of the commonly-used 21.
ftp> open 10.0.0.2
Connected to 10.0.0.2
220 FTP service ready.
User (10.0.0.2:(none)): hgmp
331 Password required for hgmp.
Password:
230 User logged in.
ftp>
----End
Configuration Files
l
Issue 01 (2011-10-26)
136
3 HGMP Configuration
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
Issue 01 (2011-10-26)
137
3 HGMP Configuration
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
administrator-address 0001-0001-0001 name HUAWEI
#
mngvlanid 10
ip route-static 2.0.0.0 255.0.0.0 10.0.0.1
#
return
Issue 01 (2011-10-26)
138
3 HGMP Configuration
NOTE
In this configuration example where the NAT mode is adopted, Member-3 accesses the outside SNMP host
(3.0.0.1/8).
Figure 3-6 Networking diagram of configuring devices in the HGMP cluster to access the
outside SNMP host (in NAT mode)
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster and configure basic HGMP functions for the cluster according to the steps
described in Example for Configuring Basic HGMP Functions for a Cluster.
2.
Enable SNMP NAT on the administrator switch (The function is enabled by default.)
NOTE
Issue 01 (2011-10-26)
139
3.
3 HGMP Configuration
Data Preparation
To complete the configuration, you need the following data:
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the SNMP host
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface ethernet 0/0/1
[Administrator-1-Ethernet0/0/1] port link-type trunk
[Administrator-1-Ethernet0/0/1] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/1] quit
[Administrator-1] interface ethernet 0/0/2
[Administrator-1-Ethernet0/0/2] port link-type trunk
[Administrator-1-Ethernet0/0/2] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/2] quit
[Administrator-1] interface ethernet 0/0/3
[Administrator-1-Ethernet0/0/3] port link-type trunk
[Administrator-1-Ethernet0/0/3] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
Issue 01 (2011-10-26)
140
3 HGMP Configuration
[Member-2-vlan10] quit
[Member-2] interface ethernet 0/0/1
[Member-2-Ethernet0/0/1] port link-type trunk
[Member-2-Ethernet0/0/1] port trunk allow-pass vlan 10
[Member-2-Ethernet0/0/1] quit
[Member-2] interface vlanif 10
[Member-2-Vlanif10] quit
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface ethernet 0/0/1 ethernet 0/0/2
Interface: Ethernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Issue 01 (2011-10-26)
141
3 HGMP Configuration
0/0/1
enable
0/0/2
enable
0/0/1
enable
0/0/2
enable
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Issue 01 (2011-10-26)
142
3 HGMP Configuration
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
Issue 01 (2011-10-26)
143
3 HGMP Configuration
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
DeviceType
S3700
S3700
S3700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3
144
3 HGMP Configuration
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
Issue 01 (2011-10-26)
145
3 HGMP Configuration
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
----End
Configuration Files
l
Issue 01 (2011-10-26)
146
3 HGMP Configuration
#
interface Vlanif10
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
Issue 01 (2011-10-26)
147
3 HGMP Configuration
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
In this configuration example where the non-NAT mode is adopted, Member-3 accesses the SNMP host
(3.0.0.1/8).
Issue 01 (2011-10-26)
148
3 HGMP Configuration
Figure 3-7 Networking diagram of configuring devices in the HGMP cluster to access the
outside SNMP host (in non-NAT mode)
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/1
......
Ethernet0/0/2
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster and configure basic HGMP functions for the cluster according to the steps
described in Example for Configuring Basic HGMP Functions for a Cluster.
2.
Disable SNMP NAT on the administrator switch (The function is enabled by default.)
NOTE
3.
Configure routes on the administrator switch and member switches respectively to ensure
that reachable routes exist between SNMP host and member switches.
4.
Issue 01 (2011-10-26)
149
3 HGMP Configuration
Data Preparation
To complete the configuration, you need the following data:
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the SNMP host
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface ethernet 0/0/1
[Administrator-1-Ethernet0/0/1] port link-type trunk
[Administrator-1-Ethernet0/0/1] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/1] quit
[Administrator-1] interface ethernet 0/0/2
[Administrator-1-Ethernet0/0/2] port link-type trunk
[Administrator-1-Ethernet0/0/2] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/2] quit
[Administrator-1] interface ethernet 0/0/3
[Administrator-1-Ethernet0/0/3] port link-type trunk
[Administrator-1-Ethernet0/0/3] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
Issue 01 (2011-10-26)
150
3 HGMP Configuration
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface ethernet 0/0/1 ethernet 0/0/2
Interface: Ethernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Issue 01 (2011-10-26)
151
3 HGMP Configuration
0/0/1
enable
0/0/2
enable
0/0/1
enable
0/0/2
enable
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Issue 01 (2011-10-26)
152
3 HGMP Configuration
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
Issue 01 (2011-10-26)
153
3 HGMP Configuration
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
DeviceType
S3700
S3700
S3700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3
154
3 HGMP Configuration
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
Issue 01 (2011-10-26)
155
3 HGMP Configuration
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
Step 11 Configure the routes of member switches to ensure that reachable routes exist between member
switches and the SNMP host.
# Configure member switch 1.
[HUAWEI_1.Member-1] ip route-static 3.0.0.0 8 10.0.0.1
Multiple member switches can be configured simultaneously through incremental configuration. For
configuration details, see Example for Configuring the Incremental Configuration Function for an
HGMP Cluster.
Multiple member switches can be configured simultaneously through incremental configuration. For
configuration details, see Example for Configuring the Incremental Configuration Function for an
HGMP Cluster.
----End
Configuration Files
l
Issue 01 (2011-10-26)
156
3 HGMP Configuration
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
undo cluster-snmp-nat enable
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp-server 2.0.0.2
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
Issue 01 (2011-10-26)
157
3 HGMP Configuration
snmp-agent
snmp-agent target-host trap address udp-domain 3.0.0.1 params securityname
cluster
#
return
Issue 01 (2011-10-26)
158
3 HGMP Configuration
return
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Issue 01 (2011-10-26)
159
3 HGMP Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster according to the steps described in 3.6.1 Example for Configuring Basic
HGMP Functions for a Cluster.
2.
l Configure the interconnection of FTP servers and devices in and out of the HGMP cluster in
NAT or non-NAT mode. The following takes the configuration in NAT mode as an example.
l If the system software, patch files, or configuration files, batch distribution can be distributed in
batches without accessing the FTP server out of the cluster, you can skip this step.
3.
Data Preparation
To complete the configuration, you need the following data:
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the FTP server
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface ethernet 0/0/1
[Administrator-1-Ethernet0/0/1] port link-type trunk
[Administrator-1-Ethernet0/0/1] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/1] quit
[Administrator-1] interface ethernet 0/0/2
[Administrator-1-Ethernet0/0/2] port link-type trunk
[Administrator-1-Ethernet0/0/2] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/2] quit
[Administrator-1] interface ethernet 0/0/3
[Administrator-1-Ethernet0/0/3] port link-type trunk
[Administrator-1-Ethernet0/0/3] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
Issue 01 (2011-10-26)
160
3 HGMP Configuration
[Member-1-vlan10] quit
[Member-1] interface ethernet 0/0/1
[Member-1-Ethernet0/0/1] port link-type trunk
[Member-1-Ethernet0/0/1] port trunk allow-pass vlan 10
[Member-1-Ethernet0/0/1] quit
[Member-1] interface ethernet 0/0/2
[Member-1-Ethernet0/0/2] port link-type trunk
[Member-1-Ethernet0/0/2] port trunk allow-pass vlan 10
[Member-1-Ethernet0/0/2] quit
[Member-1] interface vlanif 10
[Member-1-Vlanif10] quit
161
3 HGMP Configuration
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface ethernet 0/0/1 ethernet 0/0/2
Interface: Ethernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Product Ver : S3700
Interface: Ethernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Port Duplex : FULL
Product Ver : S3700
0/0/1
enable
0/0/2
enable
0/0/1
enable
0/0/2
enable
162
3 HGMP Configuration
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700
163
3 HGMP Configuration
NOTE
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
Issue 01 (2011-10-26)
DeviceType
S3700
S3700
S3700
164
3 HGMP Configuration
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
Issue 01 (2011-10-26)
165
3 HGMP Configuration
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
# Run the dir command on member switches and you can find that member switches successfully
download the specified configuration files. Take Member-2 as an example.
<HUAWEI_2.Member-2> dir *.zip
Directory of flash:/
Idx Attr Size(Byte) Date
Time
0
-rw1,491 Sep 03 2008 17:43:52
1
-rw752 Aug 05 2008 15:04:36
506,880 KB total (35,920 KB free)
FileName
vrpcfg.zip
vrpcfg-hgmp.zip
# Run the display startup command on member switches and you can find that names of the
configuration files for the next startup of the member switch is changed. Take Member-2 as an
example.
<HUAWEI_2.Member-2> display startup
MainBoard:
Configured startup system software:
Startup system software:
Next startup system software:
Issue 01 (2011-10-26)
flash:/S3700.cc
flash:/S3700.cc
flash:/S3700.cc
166
3 HGMP Configuration
flash:/vrpcfg.zip
flash:/vrpcfg-hgmp.zip
NULL
NULL
NULL
NULL
NULL
NULL
----End
Configuration Files
l
Issue 01 (2011-10-26)
167
3 HGMP Configuration
ndp enable
#
interface Vlanif10
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
Issue 01 (2011-10-26)
168
3 HGMP Configuration
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Issue 01 (2011-10-26)
169
3 HGMP Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster according to the steps described in 3.6.1 Example for Configuring Basic
HGMP Functions for a Cluster.
2.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface ethernet 0/0/1
[Administrator-1-Ethernet0/0/1] port link-type trunk
[Administrator-1-Ethernet0/0/1] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/1] quit
[Administrator-1] interface ethernet 0/0/2
[Administrator-1-Ethernet0/0/2] port link-type trunk
[Administrator-1-Ethernet0/0/2] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/2] quit
[Administrator-1] interface ethernet 0/0/3
[Administrator-1-Ethernet0/0/3] port link-type trunk
[Administrator-1-Ethernet0/0/3] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
Issue 01 (2011-10-26)
170
3 HGMP Configuration
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface ethernet 0/0/1 ethernet 0/0/2
Issue 01 (2011-10-26)
171
3 HGMP Configuration
Interface: Ethernet0/0/1
Status: Enabled, Packets Sent: 0,
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Software Version: Version 5.70
Device Name : Member-1
Port Duplex : FULL
Product Ver : S3700
Interface: Ethernet0/0/2
Status: Enabled, Packets Sent: 6,
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Software Version: Version 5.70
Device Name : Member-2
Port Duplex : FULL
Product Ver : S3700
V200R006C00
V200R006C00
0/0/1
enable
0/0/2
enable
0/0/1
enable
0/0/2
enable
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
Issue 01 (2011-10-26)
172
3 HGMP Configuration
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
Issue 01 (2011-10-26)
173
3 HGMP Configuration
[HUAWEI_0.Administrator-1-cluster]
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
DeviceType
S3700
S3700
S3700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3
Issue 01 (2011-10-26)
174
3 HGMP Configuration
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
Issue 01 (2011-10-26)
175
3 HGMP Configuration
IP pool:10.0.0.1/8
Logging host:4.0.0.1
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
----End
Configuration Files
l
Issue 01 (2011-10-26)
176
3 HGMP Configuration
Issue 01 (2011-10-26)
177
3 HGMP Configuration
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
Issue 01 (2011-10-26)
178
3 HGMP Configuration
Figure 3-10 Networking diagram of configuring the incremental configuration function for an
HGMP cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster according to the steps described in 3.6.1 Example for Configuring Basic
HGMP Functions for a Cluster.
2.
3.
Deliver the list of incremental configuration commands to the specified member switch.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 01 (2011-10-26)
179
3 HGMP Configuration
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface ethernet 0/0/1
[Administrator-1-Ethernet0/0/1] port link-type trunk
[Administrator-1-Ethernet0/0/1] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/1] quit
[Administrator-1] interface ethernet 0/0/2
[Administrator-1-Ethernet0/0/2] port link-type trunk
[Administrator-1-Ethernet0/0/2] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/2] quit
[Administrator-1] interface ethernet 0/0/3
[Administrator-1-Ethernet0/0/3] port link-type trunk
[Administrator-1-Ethernet0/0/3] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
Issue 01 (2011-10-26)
180
3 HGMP Configuration
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface ethernet 0/0/1 ethernet 0/0/2
Interface: Ethernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Product Ver : S3700
Interface: Ethernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Issue 01 (2011-10-26)
181
3 HGMP Configuration
0/0/1
enable
0/0/2
enable
0/0/1
enable
0/0/2
enable
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
Issue 01 (2011-10-26)
182
3 HGMP Configuration
[Administrator-1-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
Issue 01 (2011-10-26)
183
3 HGMP Configuration
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
DeviceType
S3700
S3700
S3700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
Issue 01 (2011-10-26)
184
3 HGMP Configuration
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
Step 10 Edit the list of incremental configuration commands on the administrator switch.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] increment
[HUAWEI_0.Administrator-1-cluster-increment] increment-command command-number 10
command-text vlan batch 100 to 200
Issue 01 (2011-10-26)
185
3 HGMP Configuration
After the previous configuration, run the display increment-command command on the
administrator switch to check the list of incremental configuration commands.
[HUAWEI_0.Administrator-1] display increment-command
The content of increment commands:
-----------------------------------------------------------------------------SN
Content
-----------------------------------------------------------------------------10
vlan batch 100 to 200
20
ip route-static 2.0.0.0 8 10.0.0.1
Step 11 Deliver the list of incremental configurations command to the specified member switch.
[HUAWEI_0.Administrator-1-cluster-increment] increment-run group-by member-number
2 to 3
S3700
0004-0004-0004 10.0.0.4
success
----End
Configuration Files
l
Issue 01 (2011-10-26)
186
3 HGMP Configuration
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp server 2.0.0.2
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
Issue 01 (2011-10-26)
187
3 HGMP Configuration
#
return
Issue 01 (2011-10-26)
188
3 HGMP Configuration
Figure 3-11 Networking diagram of configuring the configuration synchronization function for
an HGMP cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster according to the steps described in 3.6.1 Example for Configuring Basic
HGMP Functions for a Cluster.
2.
3.6.2 Example for Configuring the Interconnection of FTP Servers and Devices in and
out of the HGMP Cluster (in NAT Mode)
NOTE
l Configure the interconnection of FTP servers and devices in and out of the HGMP cluster in
NAT or non-NAT mode. The following takes the configuration in NAT mode as an example.
l If it is not required to synchronize the configuration files of the HGMP cluster by accessing the
FTP server out of the cluster, you can skip this step.
Issue 01 (2011-10-26)
189
3.
3 HGMP Configuration
Data Preparation
To complete the configuration, you need the following data:
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the FTP server
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface ethernet 0/0/1
[Administrator-1-Ethernet0/0/1] port link-type trunk
[Administrator-1-Ethernet0/0/1] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/1] quit
[Administrator-1] interface ethernet 0/0/2
[Administrator-1-Ethernet0/0/2] port link-type trunk
[Administrator-1-Ethernet0/0/2] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/2] quit
[Administrator-1] interface ethernet 0/0/3
[Administrator-1-Ethernet0/0/3] port link-type trunk
[Administrator-1-Ethernet0/0/3] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
Issue 01 (2011-10-26)
190
3 HGMP Configuration
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface ethernet 0/0/1 ethernet 0/0/2
Interface: Ethernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Issue 01 (2011-10-26)
191
3 HGMP Configuration
0/0/1
enable
0/0/2
enable
0/0/1
enable
0/0/2
enable
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Issue 01 (2011-10-26)
192
3 HGMP Configuration
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
Issue 01 (2011-10-26)
193
3 HGMP Configuration
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
DeviceType
S3700
S3700
S3700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3
194
3 HGMP Configuration
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
Issue 01 (2011-10-26)
195
3 HGMP Configuration
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
On the FTP server, you can view that the names of configuration files are the MAC address of
member switches, which indicates that configuration synchronization is successful.
----End
Configuration Files
l
Issue 01 (2011-10-26)
196
3 HGMP Configuration
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp-server 2.0.0.2
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
Issue 01 (2011-10-26)
197
3 HGMP Configuration
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
After NDP or NTDP is disabled on unrelated interfaces of member switches, if the new candidate switches
are connected to these unrelated interfaces, they cannot join the cluster until NDP or NTDP is enabled.
Issue 01 (2011-10-26)
198
3 HGMP Configuration
Figure 3-12 Networking diagram of configuring security features for an HGMP cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
Log station
4.0.0.1/8
Ethernet0/0/1
1.0.0.2/8
Ethernet0/0/3
Ethernet0/0/1
Ethernet0/0/1
Ethernet0/0/2
Administrator-1
10.0.0.1/8
Member-1
Ethernet0/0/2
Ethernet0/0/1
......
Member-2
Ethernet0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster according to the steps described in 3.6.1 Example for Configuring Basic
HGMP Functions for a Cluster.
2.
On the administrator switch, disable NDP and NTDP on unrelated interfaces of member
switches.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 01 (2011-10-26)
199
3 HGMP Configuration
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the FTP server
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface ethernet 0/0/1
[Administrator-1-Ethernet0/0/1] port link-type trunk
[Administrator-1-Ethernet0/0/1] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/1] quit
[Administrator-1] interface ethernet 0/0/2
[Administrator-1-Ethernet0/0/2] port link-type trunk
[Administrator-1-Ethernet0/0/2] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/2] quit
[Administrator-1] interface ethernet 0/0/3
[Administrator-1-Ethernet0/0/3] port link-type trunk
[Administrator-1-Ethernet0/0/3] port trunk allow-pass vlan 10
[Administrator-1-Ethernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
Issue 01 (2011-10-26)
200
3 HGMP Configuration
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface ethernet 0/0/1 ethernet 0/0/2
Interface: Ethernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: Ethernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Product Ver : S3700
Interface: Ethernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: Ethernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Issue 01 (2011-10-26)
201
3 HGMP Configuration
0/0/1
enable
0/0/2
enable
0/0/1
enable
0/0/2
enable
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
Issue 01 (2011-10-26)
202
3 HGMP Configuration
[Administrator-1-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
0001-0001-0001 0
S3700
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
Issue 01 (2011-10-26)
203
3 HGMP Configuration
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S3700
0003-0003-0003 1
S3700
0002-0002-0002 1
S3700
DeviceType
S3700
S3700
S3700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S3700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S3700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S3700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S3700
0004-0004-0004 Up
HUAWEI_3.Member-3
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
Issue 01 (2011-10-26)
204
3 HGMP Configuration
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
205
3 HGMP Configuration
----End
Configuration Files
l
Issue 01 (2011-10-26)
206
3 HGMP Configuration
build HUAWEI
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp server 2.0.0.2
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
Issue 01 (2011-10-26)
207
3 HGMP Configuration
Issue 01 (2011-10-26)
208
4 NTP Configuration
NTP Configuration
Issue 01 (2011-10-26)
209
4 NTP Configuration
NTP Application
NTP is applied to the following situations where all the clocks of hosts or switchs in a network
need to be consistent:
l
Completing certain functions: For example, timing restart of all the switchs in a network
requires the clocks of all the switchs be consistent.
Several systems working together on the same complicate event: Systems have to take the
same clock for reference to ensure a proper sequence of implementation.
Incremental backup between the backup server and clients: Clocks on the backup server
and clients should be synchronized.
When all the devices on a network need to be synchronized, it is almost impossible for an
administrator to manually change the system clock by executing command lines. This is because
the work load is heavy and clock accuracy cannot be ensured. NTP can quickly synchronize the
clocks of network devices and ensure their precision.
NTP has the following advantages:
l
Defining clock accuracy by means of stratum to synchronize the time of network devices
in a short time
Principles of NTP
Figure 4-1 shows the principles of NTP. Switch A and Switch B are connected through a WAN.
They both have their own system clocks. NTP implements automatic synchronization of their
clocks.
Suppose:
l
Issue 01 (2011-10-26)
Before the system clocks of Switch A and Switch B are synchronized, the clock of Switch
A is set to 10:00:00 am and the clock of Switch B is set to 11:00:00 am.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
210
4 NTP Configuration
Switch B functions as an NTP time server. That is, Switch A synchronizes its clock with
that of Switch B.
One-way transmission of data packets between Switch A and Switch B takes one second.
Step 1:
Network
SwitchA
SwitchB
NTP packet 10:00:00am
Step 2:
11:00:01am
Network
SwitchA
SwitchB
Step 3:
Network
SwitchA
SwitchB
Step 4:
Network
SwitchA
SwitchB
Switch A sends an NTP packet to Switch B. The packet carries the originating timestamp
when it leaves Switch A, which is 10:00:00 am (T1).
2.
When the NTP packet reaches Switch B, Switch B adds its receiving timestamp to the NTP
packet, which is 11: 00:01 am (T2).
3.
When the NTP packet leaves Switch B, Switch B adds its transmitting timestamp to the
NTP packet, which is 11:00:02 am (T3).
4.
When Switch A receives the response packet, it adds a new receiving timestamp to it, which
is 10:00:03 am (T4).
Issue 01 (2011-10-26)
211
4 NTP Configuration
Switch A uses the received information to calculate the following two important values:
l Delay for the NTP message cycle: Delay = (T4 - T1) - (T3 - T2).
l Offset of Switch A relative to Switch B: Offset = ((T2 - T1) + (T3 - T4))/2.
According to the delay and the offset, Switch A sets its own clock again to synchronize
with the clock of Switch B.
The preceding example is only a simple description of the NTP operating principle. As
described in RFC 1305, NTP uses a complex algorithm to ensure the precision of clock
synchronization.
The server and client are two relative concepts. The device that provides standard time is
referred to as a time server, and the device that enjoys the time service is referred to as a
client.
Peer Mode
Broadcast Mode
Multicast Mode
The client sends a synchronization request packet to the server, with the mode field being
set to 3. The value 3 indicates the client mode.
2.
Upon receiving the request packet, the server automatically works in the server mode and
sends a response packet with the mode field being set to 4. The value 4 indicates the server
mode.
3.
After receiving the response packet, the client performs clock filtering and selection, and
finally, is synchronized with the optimal server.
Peer Mode
In this mode, you need to configure NTP only on the symmetric active end. The symmetric active
end and symmetric passive end can be synchronized with each other.
Note that the clock with a lower stratum is synchronized to the one with a higher stratum.
After the configurations:
Issue 01 (2011-10-26)
212
4 NTP Configuration
The symmetric active end sends a synchronization request packet to the symmetric passive
end with the mode field being set to 1. The value 1 indicates the symmetric active mode.
Upon receiving the request packet, the symmetric passive end automatically works in
symmetric passive mode and sends a response packet with the mode field being set to 2.
The value 2 indicates the symmetric passive mode.
Broadcast Mode
In this mode, you need to configure both the server and the client.
After the configurations:
l
The server periodically sends clock synchronization packets to the broadcast address
255.255.255.255.
After receiving the first broadcast packet, to estimate the network delay, the client enables
a temporary server/client model for exchanging messages with the remote server.
The client then works in broadcast client mode, and continues to sense the incoming
broadcast packets to synchronize the local clock.
Multicast Mode
In this mode, you need to configure both the server and the client.
After the configurations:
l
The server periodically sends clock synchronization packets to the multicast address
224.0.1.1.
After receiving the first multicast packet, to estimate the network delay, the client enables
a temporary server/client model for exchanging messages with the remote server.
The client works in multicast client mode, and continues to sense the incoming multicast
packets to synchronize the local clock.
Applicable Environment
NTP has the following operation modes:
l
Issue 01 (2011-10-26)
Server/client mode
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
213
Peer mode
Broadcast mode
Multicast mode
4 NTP Configuration
In actual applications, a proper operation mode needs to be selected according to the networking
topology to meet various clock synchronization requirements.
For the unicast server/client mode and the peer mode, all the NTP packets sent locally can have
the same interface IP address as the source IP address.
Pre-configuration Tasks
Before configuring basic functions of NTP, you need to complete the following tasks:
l
Configuring an IP address and a routing protocol for the interface to ensure that NTP packets
can reach destinations
Data Preparation
To configure basic functions of NTP, you need the following data.
No.
Data
NTP version
Issue 01 (2011-10-26)
214
4 NTP Configuration
Context
If you want to configure a switch to provide a primary NTP clock, do as follows on the switch
functioning as the NTP server.
Procedure
Step 1 Run:
system-view
Context
Commonly, specify the IP address of the NTP server on the client. The client and server can
then exchange NTP packets using this IP address.
If the source interface to send NTP packets is specified on the server, the IP address of the server
configured on the client should be the same; otherwise, the client cannot process NTP packets
sent from the server and clock synchronization fails.
Procedure
l
Run:
system-view
(Optional) Run:
ntp-service source-interface vlanif vlan-id
The local source interface that receives the NTP packet is configured.
3.
Run:
ntp-service unicast-server ip-address [ version number | authenticationkeyid key-id | source-interface interface-type interface-number |
preference ] *
Issue 01 (2011-10-26)
215
4 NTP Configuration
When the unicast NTP server is specified, the local switch functions as the client automatically.
The server needs to be configured with only a primary clock.
(Optional) Configuring the Source Interface for the NTP Server to Send NTP Packets
Do as follows on the switch working as a client:
1.
Run:
system-view
Run:
ntp-service source-interface vlanif vlan-id
Procedure
l
Run:
system-view
(Optional) Run:
ntp-service source-interface vlanif vlan-id
Run:
ntp-service unicast-peer ip-address [ version number | authenticationkeyid key-id | source-interface interface-type interface-number |
preference ] *
216
4 NTP Configuration
Step 2 is optional. If source-interface is specified in both Step 2 and Step 3, use the
source interface specified in Step 3 preferentially.
ip-address is the IP address of the NTP peer. It can be the IP address of a host address
rather than a broadcast address, a multicast address, or the IP address of the reference
clock.
NOTE
After the NTP peer is specified, the local switch runs in symmetric active mode. The symmetric
passive end need not be configured.
(Optional) Configuring the Source Interface of the NTP Symmetric Passive End
1.
Run:
system-view
Run:
ntp-service source-interface vlanif vlan-id
Procedure
l
Run:
system-view
Run:
vlan vlan-id
Run:
interface vlanif vlan-id
Run:
ntp-service broadcast-server [ authentication-keyid key-id | version
number ]*
Issue 01 (2011-10-26)
217
4 NTP Configuration
Run:
system-view
(Optional) Run:
ntp-service max-dynamic-sessions number
Run:
vlan vlan-id
Run:
interface vlanif vlan-id
Run:
ntp-service broadcast-client
Procedure
l
Run:
system-view
Issue 01 (2011-10-26)
218
4 NTP Configuration
Run:
vlan vlan-id
Run:
interface vlanif vlan-id
Run:
ntp-service multicast-server [ ip-address ] [ authentication-keyid key-id
| ttl ttl-number | version number ] *
Run:
system-view
(Optional) Run:
ntp-service max-dynamic-sessions number
Run:
vlan vlan-id
Run:
interface vlanif vlan-id
Run:
ntp-service multicast-client [ ip-address ]
219
4 NTP Configuration
Context
Do as follows on the switch that needs to be disabled from receiving NTP packets.
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
Prerequisite
The configurations of the Basic NTP Functions are complete.
Issue 01 (2011-10-26)
220
4 NTP Configuration
Procedure
l
Run the display ntp-service status command to view the status of the NTP service.
Run the display ntp-service sessions [ verbose ] command to view the status of NTP
sessions.
Run the display ntp-service trace command to view the summary information on each
passing NTP server when tracing from the local device to the reference clock source.
----End
Example
Run the display ntp-service status command to view the status of the NTP service.
<Quidway> display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 10.00 ms
reference time: 15:51:36.259 UTC Apr 25 2010(C6179088.426490A3)
Run the display ntp-service sessions [ verbose ] command to view the status of NTP sessions.
<Quidway> display ntp-service sessions
source
reference
stra reach poll now offset delay
disper
********************************************************************************
[12345]127.127.1.0
LOCAL(0)
7
1
64
2
0.0
15.6
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured,
6 vpn-instance
Run the display ntp-service trace command to view the summary information on each passing
NTP server when tracing from the local device to the reference clock source.
<Quidway> display ntp-service trace
server 127.0.0.1,stratum 5, offset 0.024099,
server 171.1.1.2,stratum 4, offset 0.028786,
server 201.1.1.2,stratum 3, offset 0.035199,
server 200.1.7.1,stratum 2, offset 0.039855,
refid 127.127.1.0
synch
synch
synch
synch
distance
distance
distance
distance
0.06337
0.04575
0.03075
0.01096
221
4 NTP Configuration
Applicable Environment
NTP supports two security mechanisms: access authority and NTP authentication.
l
Access authority
Access authority is a type of simple security method provided by the S3700 to protect local
NTP services.
The S3700 provides four access authority levels. When an NTP access request packet
reaches the local end, it is matched in an order from the minimum access authority to the
maximum access authority. The first matched authority level takes effect. The matching
order is as follows:
peer: indicates the minimum access authority. The remote end can send the request of
the local time and the control query to the local end. The local clock can also be
synchronized with that of the remote server.
server: indicates the remote end can perform the time request and control query to the
local end but the local clock cannot be synchronized with that of the remote end.
synchronization: indicates that the remote end can perform only the time request to the
local end.
query: indicates the maximum access authority. The remote end can perform only the
control query to the local end.
NTP authentication
NTP authentication is required in some networks with high security demands.
The configuration of NTP authentication involves configuring NTP authentication on both
the client and the server.
During the configuration of NTP authentication, pay attention to the following rules:
Configure NTP authentication on both the client and the server; otherwise, the
authentication does not take effect.
If NTP authentication is enabled, a reliable key needs to be configured at the same time.
The authentication key configured on the server and that on the client should be
consistent.
In NTP peer mode, the symmetric active end equals the client, and the symmetric passive
end equals the server.
Pre-configuration Tasks
Before configuring NTP security mechanisms, complete the following tasks:
l
Configuring the network layer address and routing protocol to make the server and client
reachable
Data Preparation
To configure NTP security mechanisms, you need the following data.
Issue 01 (2011-10-26)
222
4 NTP Configuration
No.
Data
ACL rules
NTP version
Context
Do as follows on the switch.
Procedure
Step 1 Run:
system-view
Access authority for the NTP service on the local switch is configured.
You can configure the ntp-service access command depending on the actual situations.
Table 4-1 shows the detailed NTP access authorities.
Issue 01 (2011-10-26)
223
4 NTP Configuration
Supported Devices
Client
Clock synchronization
request from the client
Server
Clock synchronization
request from the active end
----End
Context
NTP client synchronizes to authenticated NTP servers to ensure that time service is reliable
across the network. Authentication prevents the modification of NTP message data from
malicious network attacks.
Do as follows on the switch.
Procedure
l
l Configure the same authentication key on the server and client and affirm that the key is reliable;
otherwise, NTP authentication fails.
l Enable NTP authentication before performing actual authentication.
1.
Run:
system-view
Run:
ntp-service authentication enable
Run:
ntp-service authentication-keyid key-id authentication-mode md5 password
Issue 01 (2011-10-26)
224
4 NTP Configuration
Run:
ntp-service reliable authentication-keyid key-id
Context
Do as follows on the switch that functions as an NTP unicast client.
Procedure
Step 1 Run:
system-view
The ID of the authentication key used for the synchronization of the server and client clocks is
configured.
----End
Context
Do as follows on the switch that functions as the symmetric active end.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
225
4 NTP Configuration
The ID of the authentication key used for the synchronization of the clocks on the NAT peer is
configured.
----End
Context
Do as follows on the switch that functions as an NTP broadcast server.
Procedure
Step 1 Run:
system-view
The ID of the authentication key used by the NTP broadcast server is configured.
For configuring the broadcast client, see Configuring the Broadcast Mode.
----End
Context
Do as follows on the switch that functions as an NTP multicast server.
Procedure
Step 1 Run:
system-view
226
4 NTP Configuration
vlan vlan-id
The ID of the authentication key used by the NTP multicast server is configured.
For configuring the multicast client, see Configuring the Broadcast Mode.
----End
Prerequisite
The configurations of the NTP Security Mechanisms are complete.
Procedure
l
Run the display ntp-service status command to view the status of the NTP service.
Run the display ntp-service sessions [ verbose ] command to view the status of NTP
sessions.
----End
Example
Run the display ntp-service status command to view the status of the NTP service.
<Quidway> display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 10.00 ms
reference time: 15:51:36.259 UTC Apr 25 2010(C6179088.426490A3)
Run the display ntp-service sessions [ verbose ] command to view the status of NTP sessions.
<Quidway> display ntp-service sessions
source
reference
stra reach poll now offset delay
disper
********************************************************************************
[12345]127.127.1.0
LOCAL(0)
7
1
64
2
0.0
15.6
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured,
6 vpn-instance
Issue 01 (2011-10-26)
227
4 NTP Configuration
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
Run the following debugging commands in the user view to debug NTP and locate the fault.
For the description about the debugging commands, refer to the Quidway S3700 Series Ethernet
Switches Command Reference.
Procedure
Step 1 Run the debugging ntp-service { access | adjustment | all | authentication | event | filter |
packet | parameter | refclock | selection | synchronization | validity } to enable NTP
debugging.
----End
Switch A functions as a unicast NTP server. The clock of Switch A is the master clock with
the stratum being 2.
Switch B functions as a unicast NTP client. Its clock needs to be synchronized with the
clock of Switch A.
Issue 01 (2011-10-26)
228
4 NTP Configuration
Figure 4-2 Networking diagram for configuring the unicast client/server mode
VLANIF111
10.0.0.2/24
VLANIF100
2.2.2.2/24
SwitchA
IP
Network
VLANIF110
VLANIF111
SwitchC
VLANIF111
10.0.0.1/24
1.0.1.11/24
10.0.0.3/24
SwitchB
SwitchD
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch A as an NTP server and configure the master clock on Switch A.
2.
Configure Switch B as an NTP client. Switch B synchronizes its clock with the clock of
Switch A.
3.
Configure Switch C and Switch D to synchronize their clocks with the clock of Switch B.
4.
When configuring NTP authentication in unicast client/server mode, pay attention to the following
points:
l You must enable NTP authentication on the client before specifying the IP address of the NTP
server and authentication key to be sent to the server; otherwise, NTP authentication is not
performed before clock synchronization.
l To implement authentication successfully, configure both the server and the client.
Data Preparation
To complete the configuration, you need the following data:
l
Key ID
Password
Procedure
Step 1 Configure the IP addresses of the Switches and ensure that the routes between them are reachable.
Configure the IP addresses according to Figure 4-2 so that Switch A, Switch B, Switch C and
Switch D are routable.
The configuration procedure is not mentioned.
Issue 01 (2011-10-26)
229
4 NTP Configuration
Step 2 Configure a master NTP clock on Switch A and enable NTP authentication.
# On Switch A, set the clock as a master NTP clock with stratum being 2.
<SwitchA> system-view
[SwitchA] ntp-service refclock-master 2
# Enable NTP authentication on Switch A, configure the authentication key, and declare the key
to be reliable.
[SwitchA] ntp-service authentication enable
[SwitchA] ntp-service authentication-keyid 42 authentication-mode md5 Hello
[SwitchA] ntp-service reliable authentication-keyid 42
The authentication keys configured on the server and the client must be the same.
Step 3 Configure Switch B as the NTP server and enable the NTP authentication.
# Enable NTP authentication on Switch B, configure the authentication key, and declare the key
to be reliable.
<SwitchB>
[SwitchB]
[SwitchB]
[SwitchB]
system-view
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 Hello
ntp-service reliable authentication-keyid 42
# # Configure Switch A to be the NTP server of Switch B and use the authentication key.
[SwitchB] ntp-service unicast-server 2.2.2.2 authentication-keyid 42
system-view
ntp-service
ntp-service
ntp-service
ntp-service
authentication enable
authentication-keyid 42 authentication-mode md5 Hello
reliable authentication-keyid 42
unicast-server 10.0.0.1 authentication-keyid 42
system-view
ntp-service
ntp-service
ntp-service
ntp-service
authentication enable
authentication-keyid 42 authentication-mode md5 Hello
reliable authentication-keyid 42
unicast-server 10.0.0.1 authentication-keyid 42
Issue 01 (2011-10-26)
230
4 NTP Configuration
After the configurations, Switch C can synchronize its clock with the clock of Switch B.
Check the NTP status of Switch C, and you can view that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch C is 4, one
stratum lower than the clock stratum of Switch B.
[SwitchC] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.0.1
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Mar 2 2006(C7B15BCC.D5604189)
Check the NTP status of Switch D, and you can see that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch C is 4, one
stratum lower than the clock stratum of Switch B.
[SwitchD] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.0.1
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Mar 2 2006(C7B15BCC.D5604189)
----End
Configuration Files
l
Issue 01 (2011-10-26)
231
4 NTP Configuration
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 2.2.2.0 0.0.0.255
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 42
ntp-service refclock-master 2
#
return
Issue 01 (2011-10-26)
232
4 NTP Configuration
The clock of Switch C is the master clock and the clock stratum is 2.
Switch C is the NTP server of Switch D. That is, Switch D is the client.
Switch D is the passive peer of Switch E. That is, Switch E is the active end.
Figure 4-3 Networking diagram for configuring the NTP peer mode
SwitchC
Ethernet0/0/1
3.0.1.31/24
Ethernet0/0/1
3.0.1.33/24
SwitchE
Ethernet/0/01
3.0.1.32/24
SwitchD
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the clock on Switch C as the master clock. The clock on Switch D should be
synchronized to the clock on Switch C.
2.
Configure Switch E and Switch D as the NTP peers so that Switch E should send clock
synchronization requests to Switch D.
Issue 01 (2011-10-26)
233
3.
4 NTP Configuration
Data Preparation
To complete the configuration, you need the following data:
l
IP address of Switch C
IP address of Switch D
Procedure
Step 1 Configure IP addresses for Switch C, Switch D, and Switch E.
Configure an IP address for each interface according to Figure 4-3. After configurations, the
three Switches can ping each other.
The configuration procedure is not mentioned.
Step 2 Configure the unicast NTP client/server mode.
# On Switch C, set the clock as a master NTP clock with stratum being 2.
<SwitchC> system-view
[SwitchC] ntp-service refclock-master 2
After the configurations, the clock of Switch D is synchronized with the clock of Switch C.
Check the NTP status of Switch D, and you can see that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch D is 3, one
stratum lower than the clock stratum of Switch C.
[SwitchD] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 3.0.1.31
nominal frequency: 64.0029 Hz
actual frequency: 64.0029 Hz
clock precision: 2^7
clock offset: 0.0000 ms
root delay: 62.50 ms
root dispersion: 0.20 ms
peer dispersion: 7.81 ms
reference time: 06:52:33.465 UTC Mar 7 2006(C7B7AC31.773E89A8)
234
4 NTP Configuration
Check the NTP status of Switch E, and you can see that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch E is 4, one
stratum lower than the clock stratum of Switch D.
[SwitchE] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 3.0.1.32
nominal frequency: 64.0029 Hz
actual frequency: 64.0029 Hz
clock precision: 2^7
clock offset: 0.0000 ms
root delay: 124.98 ms
root dispersion: 0.15 ms
peer dispersion: 10.96 ms
reference time: 06:55:50.784 UTC Mar 7 2006(C7B7ACF6.C8D002E2)
----End
Configuration Files
l
Issue 01 (2011-10-26)
235
4 NTP Configuration
Switch C and Switch D are on the same network segment; Switch A is on another network
segment; Switch F connects the two network segments.
As the NTP broadcast server, Switch C uses the local clock as the NTP master clock, which
is a stratum-3 clock. Switch C sends broadcast packets through VLANIF10, namely,
Ethernet0/0/1.
Figure 4-4 Networking diagram for configuring the NTP broadcast mode
Ethernet0/0/1
VLANIF10
3.0.1.31/24
Ethernet
0/0/1
SwitchA
Ethernet
0/0/1
Ethernet
0/0/2
SwitchC
VLANIF10 Ethernet0/0/1
VLANIF20 VLANIF20
SwitchF3.0.1.2/24
1.0.1.11/24 1.0.1.2/24
VLANIF10
3.0.1.32/24
SwitchD
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Data Preparation
To complete the configuration, you need the following data:
Issue 01 (2011-10-26)
236
4 NTP Configuration
Procedure
Step 1 Configure the IP addresses of the Switches.
Configure the IP address of each interface according to Figure 4-4.
# Configure the IP address of the VLANIF interface on Switch C.
<SwitchC> system-view
[SwitchC] vlan 10
[SwitchC-Vlan10] quit
[SwitchC] interface ethernet 0/0/1
[SwitchC-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchC-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchC-Ethernet0/0/1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10]ip address 3.0.1.31 24
[SwitchC-Vlanif10]quit
Issue 01 (2011-10-26)
237
4 NTP Configuration
Step 2 Configure the routes between them are reachable.The configuration procedure is not mentioned.
Step 3 Configure the NTP broadcast server and enable NTP authentication.
# Configure the clock of Switch C as the NTP master clock with the stratum being 3.
<SwitchC> system-view
[SwitchC] ntp-service refclock-master 3
# Configure Switch C as an NTP broadcast server. Broadcast packets are encrypted by using the
authentication key ID 16 and then sent through VLANIF10.
[SwitchC] interface vlanif 10
[SwitchC-vlanif10] ntp-service broadcast-server authentication-keyid 16
[SwitchC-vlanif10] quit
Step 4 Configure Switch D, which resides on the same network segment with the server.
# Enable NTP authentication.
<SwitchD>
[SwitchD]
[SwitchD]
[SwitchD]
system-view
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode md5 Hello
ntp-service reliable authentication-keyid 16
# Configure Switch D as the NTP broadcast client and configure Switch D to listen to NTP
broadcast packets through VLANIF10.
[SwitchD]interface vlanif 10
[SwitchD-vlanif10] ntp-service broadcast-client
[SwitchD-vlanif10] quit
After the configurations, the clock of Switch D is synchronized with the clock of Switch C.
Step 5 Configure Switch A, which resides on different network segment from the server.
# Enable NTP authentication.
[SwitchA] ntp-service authentication enable
[SwitchA] ntp-service authentication-keyid 16 authentication-mode md5 Hello
[SwitchA] ntp-service reliable authentication-keyid 16
# Configure Switch A as the NTP broadcast client and configure Switch A to listen to NTP
broadcast packets through VLANIF20.
[SwitchA]interface vlanif 20
[SwitchA-vlanif20] ntp-service broadcast-client
[SwitchA-vlanif20] quit
238
4 NTP Configuration
Check the NTP status of Switch D, and you can see that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch D is 4, one
stratum lower than the clock stratum of Switch C.
[SwitchD] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 3.0.1.31
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.42 ms
peer dispersion: 0.00 ms
reference time: 12:17:21.773 UTC Mar 7 2006(C7B7F851.C5EAF25B)
----End
Configuration Files
l
Issue 01 (2011-10-26)
239
4 NTP Configuration
Switch C and Switch D are on the same network segment; Switch A is on another network
segment; Switch F connects the two network segments.
As the NTP multicast server, Switch C uses the local clock as the NTP master clock, which
is a stratum-2 clock. Switch C sends multicast packets through VLANIF 10, namely,
Ethernet0/0/1.
Switch D uses VLANIF 10, namely, Ethernet0/0/1, to listen to the multicast packets.
Switch A uses VLANIF 20, namely, Ethernet0/0/1, to listen to the multicast packets.
Issue 01 (2011-10-26)
240
4 NTP Configuration
Figure 4-5 Networking diagram for configuring the NTP multicast mode
Ethernet0/0/1
VLANIF10
3.0.1.31/24
Ethernet
0/0/1
SwitchA
Ethernet
0/0/1
Ethernet
0/0/2
SwitchC
VLANIF10 Ethernet0/0/1
VLANIF20 VLANIF20
SwitchF3.0.1.2/24
1.0.1.11/24 1.0.1.2/24
VLANIF10
3.0.1.32/24
SwitchD
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure the IP addresses of the Switches.
Configure the IP address of each interface according to Figure 4-5.
# Configure the IP address of the VLANIF interface on Switch C.
<SwitchC> system-view
[SwitchC] vlan 10
[SwitchC-Vlan10] quit
[SwitchC] interface ethernet 0/0/1
[SwitchC-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchC-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchC-Ethernet0/0/1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10]ip address 3.0.1.31 24
[SwitchC-Vlanif10]quit
Issue 01 (2011-10-26)
241
4 NTP Configuration
[SwitchD-Ethernet0/0/1] quit
[SwitchD] interface vlanif 10
[SwitchD-Vlanif10] ip address 3.0.1.32 24
[SwitchD-Vlanif10] quit
Step 2 Configure the routes between them are reachable.The configuration procedure is not mentioned.
Step 3 Configure the NTP multicast server.
# Configure the clock of Switch C as the NTP master clock with the stratum being 2.
<SwitchC> system-view
[SwitchC] ntp-service refclock-master 2
# Configure Switch C as the NTP multicast client and configure Switch C to sense NTP multicast
packets through VLANIF10.
[SwitchC] interface vlanif 10
[SwitchC-vlanif10] ntp-service multicast-server
[SwitchC-vlanif10] quit
Step 4 Configure Switch D, which resides on the same network segment with the server.
# Configure Switch D as the NTP multicast client and configure Switch D to sense NTP multicast
packets through VLANIF10.
<SwitchD> system-view
[SwitchD] interface vlanif 10
[SwitchD-vlanif10] ntp-service multicast-client
[SwitchD-vlanif10] quit
Step 5 Configure Switch A, which resides on different network segment from the server.
Issue 01 (2011-10-26)
242
4 NTP Configuration
# Configure Switch A as the NTP multicast client and configure Switch A to sense NTP multicast
packets through VLANIF20.
<SwitchA> system-view
[SwitchA] interface vlanif 20
[SwitchA-vlanif20] ntp-service multicast-client
[SwitchA-vlanif20] quit
----End
Configuration Files
l
Issue 01 (2011-10-26)
243
4 NTP Configuration
ntp-service multicast-server
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
Issue 01 (2011-10-26)
244
Issue 01 (2011-10-26)
245
5.1 Ping
The ping command is used to check network connectivity and host reachability. The word "ping"
is derived from the sonar operation, indicating a pulse of sound.
Figure 5-1 shows the ping process.After you run the ping command, an Internet Control
Message Protocol (ICMP) Echo Request message is sent to the destination. The destination then
returns an ICMP Echo Reply message immediately when receiving the ICMP Echo Request
message.
Figure 5-1 Principle of the ping operation
Source
Destination
Ping tests IP reachability and status of the link between the source and the destination by checking
whether the destination sends back an ICMP Echo Reply message and measuring the interval
between sending the ICMP Echo Request message and receiving the ICMP Echo Reply message.
Figure 5-2 Format of ICMP Echo Request and Echo Reply messages
0
7
Type
15
23
Checksum
Code
31
Sequence number
Identifier
Data
Figure 5-2 shows the format of ICMP Echo Request and Echo Reply messages. The length of
the Data field is a variable. You can specify the length of the Data field in the ping command.
5.2 Tracert
Tracert, also called Trace Route, is used to check the IP addresses and the number of gateways
between the source and the destination. Tracert is helpful in testing network reachability and
locating the fault on the network.
Issue 01 (2011-10-26)
246
The S3700 implements tracert based on ICMP. Tracert records the gateways that the ICMP
message passes along the path between a source host and a destination. In this manner, you can
check network connectivity and locate the fault.
Figure 5-3 Principle of the tracert operation
Switch
Step 1
Step 2
Step 3
TTL=1
Router-A
Router-B
Log Host
TTL=2
TTL=3
UDP datagram
ICMP Time Exceeded message
ICMP Destination Unreachable message
Take the networking in Figure 5-3 as an example to show tracert implementation on the
S3700. On the S3700, run the tracert command. The destination IP address is the IP address of
the log host and other parameters adopt the default values.
1.
The S3700 sends a UDP datagram to the log host, with the TTL value being 1 and the
destination UDP port number being 33434.
2.
After receiving the UDP datagram from the S3700, Router-A finds that the destination IP
address carried in the datagram is not its own address. Then, Router-A reduces the TTL
value by 1. Finding that the TTL value reaches 0, Router-A sends an ICMP Time Exceeded
message to the S3700.
3.
After receiving the ICMP Time Exceeded message, the S3700 increases the TTL value and
the UDP port number in the UDP datagram by 1 respectively and then sends out the UDP
datagram again.
4.
Perform Step 2 and Step 3, the log host receives the UDP datagram from the S3700.
5.
After receiving the UDP datagram from the S3700, the log host finds that the destination
is itself. It begins to process the datagram. The log host tries to find the upper layer protocol
corresponding to the destination UDP port number carried in the datagram. In most cases,
the UDP ports whose number is greater than 30000 are not used by any protocols. Therefore,
the log host sends an ICMP Destination Unreachable message to the S3700 to notify the
source that the destination port is unreachable.
6.
After receiving the ICMP Destination Unreachable message from the log host, the S3700
knows that the UDP datagram has reached the destination and thus stops running the tracert
program.
In the preceding steps, the tracert program on the source records the IP addresses of the gateways
between the source and the destination through the ICMP Time Exceeded message mentioned
in Step 3.
247
Pre-configuration Tasks
Before performing ping and tracert operations, complete the following tasks:
l
Data Preparation
To perform ping and tracert operations, you need the following data.
No.
Data
Procedure
Step 1 Run:
ping [ ip ] [ -a source-ip-address | -c count | -d | -f | -h ttl-value | -i
interface-type interface-number | -m time | -n | -p pattern | -q | -r | -s
packetsize | -t timeout | -tos tos-value | -v ] * host
248
l Statistics: total number of sent and received messages, percentage of message loss, and
minimum value, average value, and maximum value of the response time.
<Quidway> ping 202.38.160.244
PING 202.38.160.244 : 56 data bytes, press CTRL_C
Reply from 202.38.160.244 : bytes=56 sequence=1
Reply from 202.38.160.244 : bytes=56 sequence=2
Reply from 202.38.160.244 : bytes=56 sequence=3
Reply from 202.38.160.244 : bytes=56 sequence=4
Reply from 202.38.160.244 : bytes=56 sequence=5
--202.38.160.244 ping statistics-5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/2/3 ms
to break
ttl=255 time
ttl=255 time
ttl=255 time
ttl=255 time
ttl=255 time
=
=
=
=
=
1ms
2ms
1ms
3ms
2ms
----End
Procedure
Step 1 Run:
tracert [ -a source-ip-address | -f first-ttl | -m max-ttl | -p port | -q nqueries
| -w timeout ]* host
----End
Issue 01 (2011-10-26)
249
Context
CAUTION
Debugging affects the performance of the system. After debugging, run the undo debugging
all command to disable it immediately.
If you run the ping or the tracert command on the two S3700s but the ping or tracert operation
fails, you can run the following command respectively on each S3700 to further locate the fault
after confirming that the physical link between the two S3700s is normal.
Procedure
Step 1 Run the debugging ip icmp command to enable ICMP packet debugging.
Through this command, you can check the transmission of ICMP messages during the running
of the ping or the tracert command and thus locate which device fails.
----End
1.1.1.2/8
2.1.1.2/8
SwitchA
Router
1.1.1.1/8
2.1.1.1/8
SwitchB
LAN switch
PC
Issue 01 (2011-10-26)
3.1.1.1/8
3.1.1.2/8
Log host
250
Configuration Roadmap
The configuration roadmap is as follows:
1.
Run the ping command on Switch A to check the connectivity between Switch A and the
log host.
2.
Run the tracert command to locate the fault after you find that the link is faulty.
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of the interfaces on Switch B (In this example, IP addresses of the interfaces
are 1.1.1.2/8 and 2.1.1.1/8.)
IP addresses of the interfaces on Router (In this example, IP addresses of the interfaces are
2.1.1.2/8 and 3.1.1.1/8.)
IP address of the log host (In this example, the IP address of the log host is 3.1.1.2/8.)
Procedure
Step 1 Run the ping command.
# Run the ping command on Switch A to check the connectivity between Switch A and the log
host.
<Quidway> ping 3.1.1.2
PING 3.1.1.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 3.1.1.2 ping statistics --5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
The display on Switch A shows that the log host is unreachable, which indicates that a fault
occurs on some link segment between Switch A and the log host.
Step 2 Run the tracert command.
# Run the tracert command on Switch A to locate which link segment fails.
<Quidway> tracert 3.1.1.2
traceroute to 3.1.1.2(3.1.1.2), max hops: 30 ,packet length: 40
1 1.1.1.2
4 ms 5 ms 5 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
...
The preceding display shows that the ICMP Echo Request message passes Switch B but does
not reach Router. It indicates that the link between Switch B and Router fails. After the link
Issue 01 (2011-10-26)
251
between Switch B and Router is recovered, you can repeat Step 1 and Step 2 to ensure that Switch
A and the log host can communicate properly.
----End
Configuration Files
None.
Issue 01 (2011-10-26)
252
6 NQA Configuration
NQA Configuration
Issue 01 (2011-10-26)
253
6 NQA Configuration
This section describes how to configure a traceroute test to check the connectivity to each hop
on the network.
6.11 Configuring the SNMP Query Test
This section describes how to configure a Simple Network Management Protocol (SNMP) query
test to check the communications between the host and SNMP agent.
6.12 Configuring the TCP Test
This section describes how to configure a Transmission Control Protocol (TCP) test to check
the responding speed of a TCP port.
6.13 Configuring the UDP Test
This section describes how to configure a User Datagram Protocol (UDP) test to check the
responding speed of a UDP port.
6.14 Configuring the Jitter Test
This section describes how to configure a jitter test to check jitter on the network. You can
perform a jitter test only when both the client and the server are Huawei devices.
6.15 Configuring an ICMP Jitter Test
This section describes how to configure an ICMP jitter test to measure jitter on IP networks.
6.16 Configuring Universal NQA Test Parameters
This section describes how to set and use universal parameters for NQA test instances.
6.17 Configuring Round-Trip Delay Thresholds
This section describes how to set a round-trip delay transmission threshold in an NQA test
instance.
6.18 Configuring the Trap Function
This section describes how to configure the trap function in an NQA test instance. After the trap
function is configured, a trap message is sent to the NMS in case of transmission success or
transmission failure.
6.19 Maintaining NQA
This section describes how to maintain an NQA test instance. You can restart the test instance,
clear the statistics on the test result,to maintain a test instance.
6.20 Configuration Examples
This section provides several configuration examples of NQA.
Issue 01 (2011-10-26)
254
6 NQA Configuration
Server
IP/MPLS
Network
NQA Client
In NQA, the RTT of each packet or timeout period of the packet is not displayed on the terminal
in real time, unlike the Ping program. Test results are displayed only when you run the display
nqa results command after a test is complete.
You can also configure the Network Management System (NM Station) to control each NQA
operation parameter and enable NQA tests.
Issue 01 (2011-10-26)
255
6 NQA Configuration
NQA Server
In most types of tests, you need to configure only the NQA clients. In TCP, UDP, and Jitter tests,
however, you must configure the NQA server.
An NQA server processes the test packets received from the clients. As shown in Figure 6-2,
the NQA server responds to the test request packet received from the client through the
monitoring function.
Figure 6-2 Relationship between the NQA client and the NQA server
IP/MPLS
Network
NQA Server
NQA Client
You can create multiple TCP or UDP monitoring services on an NQA server. Each monitoring
service corresponds to a specific destination address and a port number. The destination address
and port number can be repeatedly specified.
256
6 NQA Configuration
Jitter tests support the continuous sending of 3000 packets and support voice traffic
simulation.
Jitter tests support the continuous sending of 3000 packets and support voice traffic
simulation.
Supports the auto-delay function, with which the system resources can be effectively
utilized so that tests can be completed within a specified period.
Supports the collection of the uni-directional delay statistics and bi-directional delay
statistics. In addition, you can set a threshold and enable collecting statistics about the
packets in the test results that exceed the threshold.
Issue 01 (2011-10-26)
257
6 NQA Configuration
Supports auto distributing the start time and the test interval when several tests are
performed at a time.
l
Supports the auto-delay function, with which the system resources can be effectively
utilized so that tests can be completed within a specified period.
Supports the collection of the uni-directional delay statistics and bi-directional delay
statistics. In addition, you can set a threshold and enable collecting statistics about the
packets in the test results that exceed the threshold.
Supports the flexible alarm mechanism. That is, the upper and lower thresholds are set to
monitor the feature of the tested objects according to their OIDs. When the test result
exceeds the threshold, alarms are triggered based on the preset events.
Applicable Environment
An ICMP test has a similar function with the ping command, but its output is more detailed.
Pre-configuration Tasks
Before configuring the ICMP test, configure reachable routes between the NQA client and the
tested device.
Data Preparation
To configure the ICMP test, you need the following data.
Issue 01 (2011-10-26)
No.
Data
Destination IP address
(Optional) Virtual Private Network (VPN) instance name, source interface that sends
test packets, source IP address, size of the Echo-Request packets, TTL value, ToS,
padding character, interval for sending test packets, and percentage of the failed NQA
test
258
6 NQA Configuration
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type icmp
l To configure the source interface that sends test packets, run the source-interface interfacetype interface-number command.
l To configure the source IP address, run the source-address ipv4 ip-address command.
source-address ipv4 ip-address equals the "-a" option in the ping command.
l To configure the size (packet header excluded) of the Echo-Request packet, run the
datasize size command.
datasize size equals the "-s" option in the ping command.
l To configure the time-to-live (TTL) value, run the ttl number command.
ttl number equals the "-h" option in the ping command.
l To configure the type of service (ToS) field in the IP packet header, run the tos value
command.
tos equals the "-tos" option in the ping command.
l To configure padding characters, run the datafill fillstring command.
datafill equals the "-p" option in the ping command.
Issue 01 (2011-10-26)
259
6 NQA Configuration
l To configure the interval for sending the test packets, run the interval seconds interval
command.
interval seconds equals the "-m" option in the ping command.
l To configure the percentage of the failed NQA test, run the fail-percent percent command.
l To configure the NQA test packets to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
start
Prerequisite
The configurations of the ICMP Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five test results.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Issue 01 (2011-10-26)
260
6 NQA Configuration
Example
Run the display nqa results command. If the following is displayed, it means that the test is
successful.
l
"testFlag is inactive"
"Completion:success"
For the ICMP test, you can also view the minimum time, maximum time, and RTT(Round Trip
Time ).
<Quidway> display nqa results
NQA entry(admin, test) :testflag is inactive ,testtype is icmp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.112.58.3
Min/Max/Average Completion Time: 2/5/3
Sum/Square-Sum Completion Time: 9/33
Last Good Probe Time: 2010-06-21 15:33:09.2
Lost packet ratio: 0 %
Applicable Environment
In an FTP download test, the local device functions as an NQA FTP client, intending to download
the specified file from an FTP server.
The test result contains statistics about each FTP phase, including the time to set up an FTP
control connection and the time to transport the data.
Pre-configuration Tasks
Before configuring the FTP download test, complete the following tasks:
l
Configuring the FTP user name and password and the login directory
Configuring routes between the NQA FTP client and the FTP server
Data Preparation
To configure the FTP download test, you need the following data.
Issue 01 (2011-10-26)
261
6 NQA Configuration
No.
Data
(Optional) Source IP address of the FTP operation and VPN instance name and source
and destination port numbers of the FTP operation
Context
Do as follows on the NQA client (FTP client):
Procedure
Step 1 Run:
system-view
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type ftp
Issue 01 (2011-10-26)
262
6 NQA Configuration
l To configure the FTP source port number, run the source-port port-numbercommand.
l To configure the FTP destination port number, run the destination-port port-number
command.
l To configure the NQA test packet to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
ftp-operation get
During the FTP test, select a file with a relatively small size for the test. If the file is large, the test may fail
because of timeout.
Step 10 Run:
start
263
6 NQA Configuration
Prerequisite
The configurations of the FTP Download Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
l
"CtrlConnTime"
"DataConnTime"
"SumTime"
Applicable Environment
In an FTP upload test, the local device functions as an FTP client, intending to upload the
specified file to an FTP server.
The test result contains the statistics about each FTP phase, including the time to set up an FTP
control connection and the time to transport the data.
Issue 01 (2011-10-26)
264
6 NQA Configuration
In an FTP upload test, you can specify the file to be uploaded or the bytes to be uploaded. If
certain bytes are specified, the FTP client then automatically generates the test files for
uploading.
Pre-configuration Tasks
Before configuring the FTP upload test, complete the following tasks:
l
Configuring the FTP user name and password and the login directory
Configuring routes between the NQA client and the FTP server
Data Preparation
To configure the FTP upload test, you need the following data.
No.
Data
(Optional) Source IP address of the FTP operation and VPN instance name and source
and destination port numbers of the FTP operation
Context
Do as follows on the NQA client (FTP client):
Procedure
Step 1 Run:
system-view
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type ftp
265
6 NQA Configuration
Step 4 Run:
destination-address ipv4 ip-address
l If no file path is specified, the system searches for the file in the current path. If the specified file
name does not exist, a file is created according to the specified file name, and the size of the file is
set to 1 MB.
l The file name cannot contain characters such as ~, *, /, \, ', ", but the file path can contain these
characters.
l The file name can contain the extension name but cannot contain the extension name only, such
as .txt.
l To upload the file with a specified size, run the ftp-filesize size command. The client then
automatically creates a file name "nqa-ftp-test.txt" to upload.
NOTE
During the FTP test, select a file with a relatively small size. If the file is large, the test may fail because
of timeout.
Step 10 Run:
start
Issue 01 (2011-10-26)
266
6 NQA Configuration
Prerequisite
The configurations of the FTP Upload Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results command to view the test results on the NQA client.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
l
"CtrlConnTime"
"DataConnTime"
"SumTime"
Issue 01 (2011-10-26)
267
6 NQA Configuration
Applicable Environment
Through the NQA HTTP test, you can obtain the responding speed in three phases:
l
Time of DNS resolution: It is a period from the time the client sends the DNS packet to the
resolver for resolving the name of the HTTP server to an IP address to the time the DNS
resolution packets containing the IP address is returned.
Time to set up a TCP connection: It is the time taken by the client to set up a TCP connection
with an HTTP server through three-way handshake.
Transaction time: It is a period from the time the client sends the Get or Post packets to an
HTTP server to the time the Echo packet sent by the client reaches the HTTP server.
Pre-configuration Tasks
Before configuring the HTTP test, complete the following tasks:
l
Configuring routes between the NQA client and the HTTP server
Data Preparation
To configure the HTTP test, you need the following data.
No.
Data
Issue 01 (2011-10-26)
268
No.
Data
6 NQA Configuration
Context
Do as follows on the NQA client (HTTP client):
Procedure
Step 1 Run:
system-view
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port, run the source-port port-numbercommand.
l To configure the destination port, run the destination-port port-number command.
l To configure the percentage of the failed NQA HTTP tests, run the fail-percent percent
command.
l To configure the NQA test packet to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
http-operation { get | post }
Issue 01 (2011-10-26)
269
6 NQA Configuration
The web page to be visited and the HTTP version are configured.
NOTE
When information on the HTTP version is not configured, by default, HTTP1.0 is supported. HTTP1.1 can
be supported through your configurations.
Step 8 Run:
start
Prerequisite
The configurations of the HTTP Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Issue 01 (2011-10-26)
270
6 NQA Configuration
Example
Run the display nqa results command. If the test is successful, the following is displayed.
l
"DNSRTT"
"TCPConnectRTT"
Applicable Environment
The DNS test is performed to obtain the speed at which the specified domain name is resolved
to an IP address.
Pre-configuration Tasks
Before configuring the DNS test, complete the following tasks:
l
Configuring routes between the NQA client and the DNS server
Data Preparation
To configure the DNS test, you need the following data.
Issue 01 (2011-10-26)
No.
Data
271
No.
Data
6 NQA Configuration
Context
Do as follows on the NQA client (DNS client):
Procedure
Step 1 Run
system-view
An NQA test instance is created and the test instance view is displayed.
Step 4 Run:
test-type dns
For detailed parameter configurations, see the chapter Configuring Universal NQA Test Parameters
Step 7 Run:
start
272
6 NQA Configuration
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End
Prerequisite
The configurations of the DNS Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Quidway> display nqa results
NQA entry(t, t) :testflag is inactive ,testtype is dns
1 . Test 1 result
The test is finished
Send operation times: 1
Receive response times: 1
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.82.55.191
Min/Max/Average Completion Time: 4/4/4
Sum/Square-Sum Completion Time: 4/16
Last Good Probe Time: 2010-06-21 15:40:12.6
Lost packet ratio: 0 %
Issue 01 (2011-10-26)
273
6 NQA Configuration
Applicable Environment
An NQA Traceroute test can provide functions similar to those provided by the tracert
command, but outputs more detailed information.
Pre-configuration Tasks
Before configuring a traceroute test, configure reachable routes between the NQA client and the
device to be tested.
Data Preparation
To configure a traceroute test, you need the following data.
No.
Data
Destination IP address
(Optional) VPN instance name, maximum hops, initial TTL and maximum TTL value
of the packet, and source IP address and destination port of the packet
Context
Do as follows on the NQA client:
Procedure
Step 1 Run
system-view
Issue 01 (2011-10-26)
274
6 NQA Configuration
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type trace
l To configure the initial TTL and maximum TTL values of a packet, run:
tracert-livetime first-ttl first-ttl max-ttl max-ttl
l To configure a NQA test packets to be sent without searching the routing table, run:
sendpacket passroute
Step 6 Run:
start
275
6 NQA Configuration
Prerequisite
The configurations of the traceroute test are complete.
Context
NOTE
NQA test results cannot be displayed automatically on the terminal. You need to run the display nqa
results command to view test results. By the default, the command output contains the records about only
the last five tests.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Example
Run the display nqa results command. If the statistics about each hop are displayed, it means
that the traceroute test is successful.
<Quidway> display nqa results
NQA entry(t, t) :testflag is inactive ,testtype is trace
1 . Test 1 result
The test is finished
Completion:success
Attempts number:1
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Drop operation number:0
Last good path Time:2010-06-21 15:41:01.7
1 . Hop 1
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 1/2/1
Sum/Square-Sum Completion Time: 4/6
RTD OverThresholds number: 0
Last Good Probe Time: 2010-06-21 15:41:01.7
Destination ip address:10.112.58.3
Lost packet ratio: 0 %
Issue 01 (2011-10-26)
276
6 NQA Configuration
Applicable Environment
Through the SNMP Query test, you can obtain the statistics of the communication between hosts
and SNMP agents.
Pre-configuration Tasks
Before configuring the SNMP Query test, complete the following tasks:
l
Configuring routes between the NQA client and the SNMP agent
Data Preparation
To configure the SNMP query test, you need the following data.
No.
Data
(Optional) Source IP addresses and source port numbers of test packets, interval for
sending test packets, and percentage of the failed NQA tests
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
An NQA test instance is created and the test instance view is displayed.
Issue 01 (2011-10-26)
277
6 NQA Configuration
Step 3 Run:
test-type snmp
The destination IP address, that is, the IP address of the SNMP agent, is configured.
NOTE
The SNMP function must be enabled on the destination host; otherwise, the destination host fails to receive
Echo packets.
Step 5 (Optional) Perform the following as required to configure other parameters for the SNMP test
( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
NOTE
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port number, run the source-port port-numbercommand.
l To configure the interval for sending test packets, run the interval seconds interval
command.
l To configure the percentage of the failed NQA tests, run the fail-percent percent command.
l To configure the NQA test packets to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
start
278
6 NQA Configuration
Prerequisite
The configurations of the SNMP Query Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Quidway> display nqa results
NQA entry(admin, snmp) :testflag is inactive ,testtype is snmp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:0
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 63/172/109
Sum/Square-Sum Completion Time: 329/42389
Last Good Probe Time: 2006-8-5 15:33:49.1
Lost packet ratio: 0 %
Applicable Environment
To obtain the time for the specified port to respond to a TCP connection request, you can create
an NQA TCP test instance.
Issue 01 (2011-10-26)
279
6 NQA Configuration
Pre-configuration Tasks
Before configuring the TCP test, configure reachable routes between the NQA client and the
TCP server.
Data Preparation
To configure the TCP test, you need the following data.
No.
Data
(Optional) Destination port numbers of the probe packets sent by the TCP client and
source IP addresses , source port numbers of test packets, interval for sending test
packets, and percentage of the failed NQA tests
Context
Do as follows on the NQA server (TCP server):
Procedure
Step 1 Run:
system-view
Note that the IP address and port number monitored by the server should be consistent with those configured
on the client.
Only S3700EI and S3700HI support vpn-instance vpn-instance-name.
----End
280
6 NQA Configuration
Context
Do as follows on the NQA client (TCP client):
Procedure
Step 1 Run:
system-view
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type tcp
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port number, run the source-port port-numbercommand.
l To configure the interval for sending test packets, run the interval seconds interval
command.
l To configure the percentage of the failed NQA tests, run the fail-percent percentcommand.
l To configure the NQA test packets to be sent without searching the routing table, run the
sendpacket passroute command.
Step 7 Run:
start
281
6 NQA Configuration
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
The differences between the TCP Public tests and the TCP Private tests are as follows:
l The TCP Public tests do not require the destination port to be configured on the client.
Connection requests are initiated and sent to the TCP port 7 of the destination address. The
server should monitor the TCP port 7.
l The TCP Private tests require the destination port be specified and the related monitoring
services enabled on the server.
----End
Prerequisite
The configurations of the TCP Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
l
Run the display nqa results [ test-instance admin-name test-name ] command to view the
test results on the NQA client.
Run the display nqa-server command to view the information about the NQA server.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Quidway> display nqa results
NQA entry(admin, tcp) :testflag is inactive ,testtype is tcp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:0
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 31/62/51
Issue 01 (2011-10-26)
282
6 NQA Configuration
Run the display nqa-server command,the status of the NQA server is displayed.
<Quidway> display nqa-server
NQA Server Max: 100
NQA Concurrent TCP Server : 1
Applicable Environment
To obtain the time for the specified port to respond to a UDP connection request, you can create
a UDP test instance.
Pre-configuration Tasks
Before configuring the UDP test, configure reachable routes between the NQA client and the
UDP server.
Data Preparation
To configure the UDP test, you need the following data.
No.
Data
Destination IP addresss and the port of the probe packets sent by the UDP client
(Optional) Source IP addresses and source port numbers of test packets, interval for
sending test packets, and percentage of the failed NQA tests
283
6 NQA Configuration
Context
Do as follows on the NQA server (UDP server):
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on the NQA client (UDP client):
Procedure
Step 1 Run:
system-view
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type udp
284
6 NQA Configuration
Step 6 (Optional) Perform the following as required to configure other parameters for the UDP test
( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
NOTE
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port number, run the source-port port-numbercommand.
l To configure the interval for sending test packets, run the interval seconds interval
command.
l To configure the percentage of the failed NQA tests, run the fail-percent percent command.
l To configure the NQA test packets to be sent without searching the routing table, run the
sendpacket passroute command.
Step 7 Run:
start
Prerequisite
The configurations of the UDP Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Issue 01 (2011-10-26)
285
6 NQA Configuration
Procedure
l
Run the display nqa results [ test-instance admin-name test-name ] command to view the
test results on the NQA client.
Run the display nqa-server command to view the information about the NQA server.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Quidway> display nqa results
NQA entry(admin, udp) :testflag is inactive ,testtype is udp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 32/109/67
Sum/Square-Sum Completion Time: 203/16749
Last Good Probe Time: 2006-8-5 16:9:21.6
Lost packet ratio: 0 %
Run the display nqa-server command. If the status of the NQA server is displayed, it means
that the configuration succeeds.
<Quidway> display nqa-server
NQA Server Max: 100
NQA Concurrent TCP Server : 0
Applicable Environment
The jitter time refers to the interval for sending two adjacent packets minus the interval for
receiving the two packets.
The process of a Jitter test is as follows:
1.
2.
After receiving the packet, the destination adds a timestamp to the packet and returns them
to the source.
Issue 01 (2011-10-26)
286
3.
6 NQA Configuration
After receiving the returned packets, the source subtracts the interval for the source to send
two adjacent packets from the interval for the destination to receive the two packets and
then obtains the jitter time.
The maximum, minimum, and average jitter time calculated based on the information received
on the source can clearly show the network status.
In a Jitter test, you can set the number of packets to be sent consecutively. Through this setting,
certain traffic can be simulated within a certain period. For example, if you set 3000 UDP packets
to be sent at an interval of 20 milliseconds. Then, in one minute, G.711 traffic is simulated.
NOTE
To improve the test accuracy, you can configure the Network Time Protocol (NTP) on both the client and
the server.
Pre-configuration Tasks
Before configuring the Jitter test, configure reachable routes between the NQA client and the
NQA server.
Data Preparation
To configure the Jitter test, you need the following data.
No.
Data
Destination IP addresses and port numbers of the probe packets sent by the UDP
client
(Optional) VPN instance name, source IP address and port number of the probe packet
sent by the UDP client, number of probe packets and test packets sent each time,
interval for sending probe packets and test packets, percentage of the failed NQA
tests, and version number carried in the Jitter packet
Context
Do as follows on the NQA server (Jitter server):
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
287
6 NQA Configuration
----End
Context
NOTE
The system supports the collection of the statistics about the maximum uni-directional transmission delay.
Procedure
Step 1 Run:
system-view
An NQA test instance is created and the test instance view is displayed.
Step 4 Run:
test-type jitter
Issue 01 (2011-10-26)
288
6 NQA Configuration
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port number, run the source-port port-numbercommand.
l To configure the probe times in the NQA test, run the probe-count number command.
l To configure the number of test packets sent each time, run the jitter-packetnum number
command.
The Jitter test is used to collect statistics and perform analysis of the transmission delay
variation of the UDP packets. The system sends multiple test packets for each test to make
the statistics more accurate. The more test packets are sent, the more accurate the statistics
and analysis are. This process, however, is time consuming.
NOTE
The number of the Jitter tests depends on the probe-count command. The number of test packets sent
during each test depends on the jitter-packetnum command. During the actual configuration, the
product of the number of test times and the number of the test packets must be less than 3000.
l To configure the interval for sending test packets, run the interval { milliseconds interval |
seconds interval } command.
The shorter the interval for sending the Jitter test packets is, the faster the test is completed.
If the interval, however, is set to a very small value, the jitter statistics result may have a
greater error.
l To configure the percentage of the failed NQA tests, run the fail-percent percent command.
l To send the NQA test packet without searching the routing table, run the sendpacket
passroute command.
Step 8 Run:
start
289
6 NQA Configuration
Prerequisite
The configurations of the Jitter Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
l
Run the display nqa results [ test-instance admin-name test-name ] command to view the
test results on the NQA client.
Run the display nqa-server command to view the information about the NQA server.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Quidway> display nqa results test-instance admin jitter
NQA entry(admin, jitter) :testflag is inactive ,testtype is jitter
1 . Test 1 result
The test is finished
SendProbe:60
ResponseProbe:60
Completion:success
RTD OverThresholds number:0
Min/Max/Avg/Sum RTT:1/1/1/60
RTT Square Sum:60
NumOfRTT:60
Drop operation number:60
Operation sequence errors number:0
RTT Stats errors number:0
System busy operation number:0
Operation timeout number:0
Min Positive SD:1
Min Positive DS:1
Max Positive SD:1
Max Positive DS:1
Positive SD Number:15
Positive DS Number:1
Positive SD Sum:15
Positive DS Sum:1
Positive SD Square Sum:15
Positive DS Square Sum:1
Min Negative SD:1
Min Negative DS:1
Max Negative SD:1
Max Negative DS:1
Negative SD Number:15
Negative DS Number:1
Negative SD Sum:15
Negative DS Sum:1
Negative SD Square Sum:15
Negative DS Square Sum:1
Min Delay SD:0
Min Delay DS:0
Avg Delay SD:27
Avg Delay DS:1
Max Delay SD:1
Max Delay DS:1
Packet Loss SD:0
Packet Loss DS:0
Packet Loss Unknown:0
jitter out value:0.0312500
jitter in value:0.0020833
NumberOfOWD:60
OWD SD Sum:27
OWD DS Sum:1
TimeStamp unit: ms
Issue 01 (2011-10-26)
290
6 NQA Configuration
Applicable Environment
Jitter time refers to the interval for receiving two consecutive packets minus the interval for
sending these two packets.
The process of the ICMP jitter test is as follows:
l
After receiving a packet, the destination adds a timestamp to the packet and sends it back
to the source.
After receiving the returned packets, the source obtains the jitter time by subtracting the
interval for sending the packets from the interval for receiving the packets.
The maximum, minimum, and average jitter time and the maximum unidirectional delay of the
packets from the source to the destination and from the destination to the source are calculated
according to the information received on the source. Based on these data, the network status is
clearly presented.
In the jitter test, you can set the number of packets to be sent consecutively in each test instance.
Through this setting, the actual traffic of a kind of packet during a time period can be simulated.
If the server is a non-Huawei device, you can test the jitter of the network by configuring an
ICMP jitter test instance.
Pre-configuration Tasks
Before configuring an ICMP jitter test, configure a reachable route between the NQA client and
the server.
Data Preparation
To configure a jitter test, you need the following data.
Issue 01 (2011-10-26)
No.
Data
Administrator of the NQA test instance and name of the test instance
Destination IP address
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
291
6 NQA Configuration
No.
Data
(Optional) Name of a VPN instance, source IP address ,number of test probes sent
each time, number of test packets sent each time, interval for sending test packets,
ratio of the failed NQA tests, and version number of jitter packets
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type icmpjitter
l Run:
probe-count number
292
6 NQA Configuration
l Run:
jitter-packetnum number
The probe-count command is used to configure the number of times for the jitter test and the jitterpacketnum command is used to configure the number of test packets to be sent during each test. In
actual configuration, the product of the number of times for the jitter test multiplied by the number of
test packets must be less than 3000.
l Run:
interval { milliseconds interval }
Prerequisite
The configurations of the ICMP Jitter Test function are complete.
NOTE
NQA test results cannot be displayed automatically on the terminal. You should run the display nqa
results command to check the test results.
Issue 01 (2011-10-26)
293
6 NQA Configuration
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to check results
on the NQA client.
----End
Example
If the ICMP jitter test succeeds, you can view the following information by running the display
nqa results command.
<Quidway> display nqa results test-instance admin icmpjitter
NQA entry(admin, icmpjitter) :testflag is inactive ,testtype is icmpjitter
1 . Test 1 result
The test is finished
SendProbe:60
ResponseProbe:60
Completion :success
RTD OverThresholds number:0
OWD OverThresholds SD number:0
OWD OverThresholds DS number:0
Min/Max/Avg/Sum RTT:1/144/12/709
RTT Square Sum:61007
NumOfRTT:60
Drop operation number:0
Operation sequence errors number:0
RTT Stats errors number:0
System busy operation number:0
Operation timeout number:0
Min Positive SD:1
Min Positive DS:1
Max Positive SD:138
Max Positive DS:3
Positive SD Number:7
Positive DS Number:19
Positive SD Sum:152
Positive DS Sum:21
Positive SD Square Sum :19116
Positive DS Square Sum :27
Min Negative SD:1
Min Negative DS:1
Max Negative SD:21
Max Negative DS:4
Negative SD Number:14
Negative DS Number:19
Negative SD Sum:152
Negative DS Sum:22
Negative SD Square Sum :2796
Negative DS Square Sum :34
Min Delay SD:1
Min Delay DS:0
Max Delay SD:72
Max Delay DS:71
Delay SD Square Sum:15111
Delay DS Square Sum:14728
Packet Loss SD:0
Packet Loss DS:0
Packet Loss Unknown:0
Average of Jitter:5
Average of Jitter SD:14
Average of Jitter DS:1
jitter out value:4.7604818
jitter in value:0.5399519
NumberOfOWD:60
Packet Loss Ratio: 0%
OWD SD Sum:339
OWD DS Sum:310
ICPIF value: 0
MOS-CQ value: 0
TimeStamp unit: ms
Applicable Environment
NQA supports not only the configuration of the parameters for various types of tests, but also
the configuration of universal options of a test group.
Commonly, the default configurations of the universal parameters are adopted.
Issue 01 (2011-10-26)
294
6 NQA Configuration
Pre-configuration Tasks
Before configuring universal NQA parameters, create NQA tests correctly.
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
This parameter cannot be configured for SNMP, TCP, FTP, HTTP, and DNS test instances.
You can configure padding characters for only UDP, ICMP, Jitter and Trace tests.
l Run:
datasize size
This parameter cannot be configured for SNMP, TCP, FTP, HTTP, and DNS test instances.
l Run:
description string
The destination URL address is set for the NQA test instance.
Issue 01 (2011-10-26)
295
6 NQA Configuration
NOTE
The destination URL address can be configured for DNS and HTTP test instances.
l Run:
destination-port port-number
The destination port number is set for the NQA test instance.
NOTE
The destination port number can be configured only for UDP, Jitter, TCP, Trace, FTP, and HTTP test
instances.
l Run:
dns-server ipv4 ip-address
The DNS server address is configured for the NQA test instance.
NOTE
The DNS server address can be configured only for DNS and HTTP test instances.
l Run:
fail-percent percent
This parameter cannot be configured for Trace, FTP, and DNS test instances.
l Run:
frequency interval
The file name and file path are configured for the FTP test instance.
NOTE
The file name and file path can be configured only for the FTP test instance.
l Run:
ftp-filesize size
The size of the file is set for the FTP test instance.
NOTE
The size of the file can be configured only for the FTP test instance.
l Run:
ftp-operation { get | put }
The operation type can be configured only for the FTP test instance.
l Run:
ftp-password password
The user password can be configured only for the FTP test instance.
l Run:
ftp-username name
296
6 NQA Configuration
NOTE
The user name can be configured only for the FTP test instance.
l Run:
http-operation { get | post }
The operation type can be configured only for the HTTP test instance.
l Run:
http-url deststring [ verstring ]
The relative file path and version are configured for the HTTP test instance.
NOTE
The relative file path and version can be configured only for the HTTP test instance.
l Run:
interval { milliseconds
The interval for sending packets is set for the NQA test instance.
NOTE
The interval for sending packets can be configured only for the ICMP, UDP, SNMP, Jitter, and TCP
test instances.
l Run:
jitter-packetnum number
The number of test packets is set for the NQA test instance.
l Run:
probe-count number
This parameter cannot be configured for FTP and DNS test instances.
l Run:
probe-failtimes times
The number of permitted maximum probe failures, that is, the threshold to trigger the trap
message, is set for the NQA test instance.
l Run:
records history number
The maximum number of history records is set for the NQA test instance.
l Run:
records result number
The maximum number of result records is set for the NQA test instance.
l Run:
sendpacket passroute
The NQA test is configured to send packets without searching for the routing table.
NOTE
l Run:
set-df
297
6 NQA Configuration
NOTE
This function can be configured only for the Trace test instances.
l Run:
send-trap { all | { owd-ds | owd-sd | probefailure | rtd | testcomplete |
testfailure } * }
l Run:
source-port port-number
The source port number is set for the NQA test instance.
NOTE
This parameter can be configured for UDP, SNMP, TCP, FTP, and HTTP test instances.
l Run:
test-failtimes times
The trap threshold for continuous probe failures is set for the NQA test instance.
l Run:
timeout time
This parameter cannot be configured for DNS and Trace test instances.
l Run:
tos value
This parameter cannot be configured for DNS and Trace test instances.
l Run:
tracert-hopfailtimes times
The hop fail times are set for the Trace test instance.
NOTE
l Run:
tracert-livetime first-ttl first-ttl max-ttl max-ttl
298
6 NQA Configuration
NOTE
l Run:
vpn-instance vpn-instance-name
The VPN instance name is configured for the NQA test instance.
NOTE
l Run:
vpn-instance vpn-instance-name
The VPN instance name is configured for the NQA test instance.
NOTE
This parameter cannot be configured for DNS, and DHCP test instance.
----End
Prerequisite
The configurations of the Universal NQA Test Parameters function are complete.
Procedure
Step 1 Run the display nqa-agent [admin-name test-name ] [ verbose ] to view the status of the test
instance configured on the NQA client.
----End
Example
<Quidway> display nqa-agent
nqa test-instance a a
test-type pwe3trace
local-pw-id 1
vc-type bgp
nqa status : normal
nqa test-instance a b
test-type icmpjitter
destination-address ipv4 100.1.1.201
source-address ipv4 100.1.1.200
hardware-based enable
ttl 100
tos 100
timeout 20
nqa status : normal
Issue 01 (2011-10-26)
299
6 NQA Configuration
Applicable Environment
If the round-trip transmission delay threshold is configured for a NQA test instance, the NQA
test result will contain the statistics on the test packets that exceed the set threshold. This provides
the basis for the network manager to analyze the operation status of the specified service.
Pre-configuration Tasks
Before configuring the round-trip transmission delay threshold, complete the following tasks:
l
Data Preparation
To configure the round-trip transmission delay threshold, you need the following data.
No.
Data
Context
Do as follows on the switch to perform the NQA test:
Procedure
Step 1 Run:
system-view
An NQA test instance is created and the NQA instance view is displayed.
Step 3 Run:
test-type test-type
Issue 01 (2011-10-26)
300
6 NQA Configuration
Prerequisite
The configurations of the Round-Trip Delay Thresholds Test function are complete.
Procedure
Step 1 Run the display nqa-agent [ admin-name test-name ] [ verbose ] to view the status of the test
instance configured on the NQA client.
----End
Example
Run the display nqa-agent verbose command. If the test is successful, the following is
displayed. For example:
<Quidway> display nqa-agent verbose
nqa test-instance admin jitter
test-type jitter
destination-address ipv4 100.1.1.201
destination-port 80
threshold rtd 2000
send-trap rtd
nqa status : normal
301
6 NQA Configuration
Applicable Environment
Trap messages are generated regardless of whether the NQA test is successful or fails. You can
control whether to send trap messages to the NM station by enabling or disabling the trap
function.
NQA supports three types of trap messages as defined in the DISMAN-PING-MIB.
l
NQA also supports the sending of trap messages to the NM station when the uni-directional
transmission delay or the round-trip transmission delay exceeds the threshold.
l
For all tests supporting traps, if the round-trip transmission delay exceeds the threshold and
the trap function is enabled, trap messages are sent to the NM station with the specified IP
address.
For all the Jitter tests, if the uni-directional transmission delay exceeds the threshold and
the trap function is enabled, trap messages are sent to the NM station with the specified IP
address.
Trap messages carry information such as destination IP address, operation status, destination IP
address of the test packet, minimum RTT, maximum RTT and total RTT, number of sent probe
packets, number of received packets, RTT square sum, and time of the last successful probe.
Pre-configuration Tasks
Before configuring the trap function, complete the following tasks:
l
Data Preparation
To configure the trap function, you need the following data.
Issue 01 (2011-10-26)
302
6 NQA Configuration
No.
Data
Procedure
Step 1 Run:
system-view
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type { jitter | icmpjitter }
Step 4 Run:
destination-address ipv4 ip-address
The number of test failures that trigger sending a trap message is configured.
Issue 01 (2011-10-26)
303
6 NQA Configuration
Procedure
Step 1 Run:
system-view
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type { jitter | icmpjitter }
Step 4 Run:
destination-address ipv4 ip-address
The number probe failures that trigger sending a Trap message is configured.
By default, a trap message is sent for each probe failure.
----End
304
6 NQA Configuration
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type { jitter | icmpjitter }
Step 4 Run:
destination-address ipv4 ip-address
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
305
6 NQA Configuration
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type { jitter | icmpjitter }
Step 4 Run:
destination-address ipv4 ip-address
Sending trap messages when the transmission delay exceeds the threshold is enabled.
By default, the trap function is disabled.
----End
Prerequisite
The configurations of the Trap function are complete.
Procedure
Step 1 Run the display trapbuffer [ size value ] to view the trap messages sent in an NQA test.
----End
Example
Run the display trapbuffer [ size value ] command. If information about the trap messages is
displayed, it means that the configuration succeeds.
For example:
<Quidway> display trapbuffer size 2
Trapping buffer configuration and contents:enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , channel name : trapbuffer
Dropped messages : 0
Issue 01 (2011-10-26)
306
6 NQA Configuration
Overwritten messages : 0
Current messages : 11
#May 6 2009 12:54:17 CBB6-PE3 SINDEX/4/INDEXMAP:OID
1.3.6.1.4.1.2011.5.25.110.2.0.1 ShortIFIndexMapTable changed.
#May 6 2009 11:02:37 CBB6-PE3 SRM_BASE/4/ENTITYREGSUCCESS: OID
1.3.6.1.4.1.2011.5.25.129.2.1.18 Physical entity register succeeded.
(EntityPhysicalIndex=17367040, BaseTrapSeverity=2, BaseTrapProbableCause=70144,
BaseTrapEventType=5, EntPhysicalContainedIn=1677721
6, EntPhysicalName="SRU slot 9", RelativeResource="", ReasonDescription="MPU9")
Prerequisite
To restart an NQA test instance, run the following command in the NQA instance view.
Context
CAUTION
Restarting an NQA test instance interrupts the running of tests.
Procedure
Step 1 Run the system-view command, enter the system view.
Step 2 Run the nqa test-instance admin-name test-name command, enter the NQA test instance view.
Step 3 Run the restart command in the NQA instance view to restart an NQA test instance.
----End
Prerequisite
NQA statistics cannot be restored after you clear them. So, confirm the action before you use
the command.
Issue 01 (2011-10-26)
307
6 NQA Configuration
Context
NOTE
Procedure
Step 1 Run the system-view command, enter the system view.
Step 2 Run the nqa test-instance admin-name test-name command, enter the NQA test instance view.
Step 3 Run the clear-records command in the NQA view to clear history statistics on NQA tests and
test results.
----End
Prerequisite
When a fault occurs, run the following debugging command in the user view to debug NQA
and locate the fault.
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
Procedure
Step 1 Run the debugging nqa all command in the NQA view to enable NQA debugging.
----End
308
6 NQA Configuration
SwitchA
Ethernet0/0/1
VLANIF10
NQA agent 10.1.1.1/24
Ethernet0/0/1
VLANIF10
10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Perform the NQA ICMP test to check whether the route between the local end (Switch A)
and the specified destination end (Switch B) is reachable and check the RTT of a test packet.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Create a VLAN and add interfaces to the VLAN.
# Configure Switch A.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-Vlan10] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
# Configure Switch B.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan 10
[SwitchB-Vlan10] quit
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchB-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchB-Ethernet0/0/1] quit
Step 2 Configure the VLANIF interface and assign an IP address to the VLANIF interface.
# Configure Switch A.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.1 24
# Configure Switch B.
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 10.1.1.2 24
Step 3 Enable the NQA client and create an NQA ICMP test.
Issue 01 (2011-10-26)
309
6 NQA Configuration
----End
Configuration Files
l
Issue 01 (2011-10-26)
310
6 NQA Configuration
A user with the name user1 and the password hello intends to log in to the FTP server to
download the test.txt file.
Figure 6-4 Networking diagram for configuring the FTP download test
SwitchA
SwitchB
Ethernet0/0/1 Ethernet0/0/1
VLANIF10
VLANIF10
FTP Client 10.1.1.1/24
10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Create and perform the FTP test on Switch A to check whether a connection between
Switch A and the FTP server can be set up and to check the time for downloading a file
from the FTP server.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure the IP addresses of Switch A and Switch B. The configuration details are not
mentioned here.
Step 2 Configure Switch B as the FTP server.
<SwitchB> system-view
[SwitchB] ftp server enable
[SwitchB] aaa
[SwitchB-aaa] local-user user1 password cipher hello
[SwitchB-aaa] local-user user1 service-type ftp
[SwitchB-aaa] local-user user1 ftp-directory flash:
[SwitchB-aaa] quit
Issue 01 (2011-10-26)
311
6 NQA Configuration
test-type ftp
destination-address ipv4 10.1.1.2
source-address ipv4 10.1.1.1
ftp-operation get
ftp-username user1
ftp-password hello
ftp-filename test.txt
----End
Configuration Files
l
Issue 01 (2011-10-26)
312
6 NQA Configuration
enable
user1 password cipher 3MQ*TZ,O3KCQ=^Q`MAF4<1!!
user1 service-type ftp
user1 ftp-directory flash:
SwitchA
Ethernet
0/0/1
SwitchB
Ethernet
Ethernet
0/0/1
0/0/2
VLANIF10 VLANIF10
FTP 10.1.1.1/24 10.1.1.2/24
Client
SwitchC
Ethernet
0/0/2
VLANIF20 VLANIF20
10.2.1.1/24 10.2.1.2/24 FTP
Server
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch A as the NQA client and the FTP client. Create and perform the FTP test
on Switch A to check whether a connection between Switch A and the FTP server can be
set up and to test the time for uploading a file to the FTP server.
2.
A user with the name user1 and the password hello logs in to the FTP server to upload a
file whose size is 10k.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Configure Switch C as the FTP server.
<SwitchC> system-view
[SwitchC] ftp server enable
Issue 01 (2011-10-26)
313
6 NQA Configuration
Step 3 Configure an NQA FTP test on Switch A and create a file of 10K bytes for uploading.
<SwitchA> system-view
[SwitchA] nqa test-instance admin ftp
[SwitchA-nqa-admin-ftp] test-type ftp
[SwitchA-nqa-admin-ftp] destination-address ipv4 10.2.1.2
[SwitchA-nqa-admin-ftp] source-address ipv4 10.1.1.1
[SwitchA-nqa-admin-ftp] ftp-operation put
[SwitchA-nqa-admin-ftp] ftp-username user1
[SwitchA-nqa-admin-ftp] ftp-password hello
[SwitchA-nqa-admin-ftp] ftp-filename nqa-ftp-test.txt
[SwitchA-nqa-admin-ftp] ftp-filesize 10
Attr
-rw-rw-
Size(Byte)
331
10240
Date
Time(LMT)
Feb 06 2009 18:34:34
Feb 06 2009 18:37:06
FileName
private-data.txt
nqa-ftp-test.txt
----End
Configuration Files
l
Issue 01 (2011-10-26)
314
6 NQA Configuration
Issue 01 (2011-10-26)
315
6 NQA Configuration
HTTP Server
10.2.1.1/24
Switch
10.1.1.2/24
Ethernet0/0/1
VLANIF10
10.1.1.1/24
IP
Network
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Create and perform the HTTP test on the Switch to check whether the a connection between
the Switch and the HTTP server can be set up and to check the time for transferring a file
between them.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure reachable routes between Switch and HTTP Server. The configuration details are not
mentioned here.
Step 2 Enable the NQA client and create an NQA HTTP test.
<Quidway> system-view
[Quidway] nqa test-instance admin http
[Quidway-nqa-admin-http] test-type http
[Quidway-nqa-admin-http] destination-address ipv4 10.2.1.1
[Quidway-nqa-admin-http] http-operation get
[Quidway-nqa-admin-http] http-url www.huawei.com
Issue 01 (2011-10-26)
316
6 NQA Configuration
TransactionTimeout: 0
----End
Configuration Files
Configuration file of Switch
#
sysname quidway
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
nqa test-instance admin http
test-type http
destination-address ipv4 10.2.1.1
http-operation get
http-url www.huawei.com
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
Ethernet
0/0/1 10.1.1.2/24
VLANIF100
10.1.1.1/24
IP
Network
DNS Server
10.3.1.1/24
Issue 01 (2011-10-26)
317
6 NQA Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Create and perform the DNS test on the Switch to check whether a connection between the
Switch and the DNS server can be set up and to check the speed of responding to an address
resolution request.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure reachable routes between Switch A and the DNS server, between Switch A and the
host to be accessed, and between the DNS server and the host to be accessed. The configuration
details are not mentioned here.
Step 2 Create an NQA DNS test.
<Quidway> system-view
[Quidway] dns server 10.3.1.1
[Quidway] nqa test-instance admin dns
[Quidway-nqa-admin-dns] test-type dns
[Quidway-nqa-admin-dns] dns-server ipv4 10.3.1.1
[Quidway-nqa-admin-dns] destination-address url server.com
----End
Configuration Files
Configuration file of Switch
#
sysname Quidway
#
dns server 10.3.1.1
Issue 01 (2011-10-26)
318
6 NQA Configuration
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin dns
test-type dns
destination-address url server.com
dns-server ipv4 10.3.1.1
#
ip route-static 10.3.1.0 255.255.255.0 10.1.1.2
#
return
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Create and perform the traceroute test on Switch A to check the statistics on each hop from
Switch A to Switch C.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Issue 01 (2011-10-26)
319
6 NQA Configuration
Step 2 Create an NQA traceroute test on Switch A and set the destination IP address to 10.2.1.2.
<SwitchA> system-view
[SwitchA] nqa test-instance admin trace
[SwitchA-nqa-admin-trace] test-type trace
[SwitchA-nqa-admin-trace] destination-address ipv4 10.2.1.2
----End
Configuration Files
l
Issue 01 (2011-10-26)
320
6 NQA Configuration
#
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface Ethernet0/0/2
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
return
SwitchA
SwitchB
SwitchC
Ethernet
Ethernet
Ethernet
Ethernet
0/0/1
0/0/1
0/0/2
0/0/1
VLANIF110 VLANIF110
VLANIF100 VLANIF100
10.2.1.1/24 10.2.1.2/24
10.1.1.1/24 10.1.1.2/24
SNMP Agent
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Issue 01 (2011-10-26)
321
3.
6 NQA Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Enable SNMP agent on Switch C.
<SwitchC> system-view
[SwitchC] snmp-agent
----End
Configuration Files
l
Issue 01 (2011-10-26)
322
6 NQA Configuration
Issue 01 (2011-10-26)
323
6 NQA Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch A as the NQA client and configure Switch C as the NQA server.
2.
Configure the monitoring port number on the NQA server and create an NQA TCP test on
the NQA client.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Configure the NQA server on Switch C.
# Configure the IP address and port number used to monitor TCP connections on the NQA server.
<SwitchC> system-view
[SwitchC] nqa-server tcpconnect 10.2.1.2 9000
----End
Configuration Files
l
Issue 01 (2011-10-26)
324
6 NQA Configuration
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin tcp
test-type tcp
destination-address ipv4 10.2.1.2
destination-port 9000
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
325
6 NQA Configuration
SwitchA
SwitchB
SwitchC
Ethernet
Ethernet
Ethernet
Ethernet
0/0/2
0/0/1
0/0/1
0/0/1
VLANIF100 VLANIF100
VLANIF110 VLANIF110
10.1.1.1/24 10.1.1.2/24
10.2.1.1/24 10.2.1.2/24
NQA Server
Configuration Roadmap
1.
Configure Switch A as the NQA client and configure Switch C as the NQA server.
2.
Configure the monitoring port number on the NQA server and create an NQA UDP Public
test on the NQA client.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Configure the NQA server on Switch C.
# Configure the IP address and UDP port number monitored by the NQA server.
<SwitchC> system-view
[SwitchC] nqa-server udpecho 10.2.1.2 6000
Issue 01 (2011-10-26)
326
6 NQA Configuration
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 32/109/67
Sum/Square-Sum Completion Time: 203/16749
Last Good Probe Time: 2006-8-5 16:9:21.6
Lost packet ratio: 0 %
----End
Configuration Files
l
Issue 01 (2011-10-26)
327
6 NQA Configuration
For information about clock synchronization, see "NTP" in the Quidway S3700 Series Ethernet Switches
Feature Description - Network Management.
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch C as the NTP client and configure Switch B as the NTP server.
2.
Configure Switch A as the NQA client and configure Switch C as the NQA server.
3.
Configure the service type and port number monitored by the NQA server.
4.
Create and perform the NQA Jitter test on the NQA client.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Configure the NQA server on Switch C.
# Configure the IP address and UDP port number monitored by the NQA server.
<SwitchC> system-view
[SwitchC] nqa-server udpecho 10.2.1.2 9000
Issue 01 (2011-10-26)
328
6 NQA Configuration
----End
Configuration Files
l
Issue 01 (2011-10-26)
329
6 NQA Configuration
#
return
Networking Requirements
As shown in Figure 6-13,
Switch A serves as the NQA client to test the jitter of the network between Switch A and Switch
B.
Figure 6-13 Networking diagram of an ICMP jitter test
Ethernet0/0/1
VLANIF10
10.1.1.1/24
SwitchA
Issue 01 (2011-10-26)
Ethernet0/0/1
VLANIF10
10.1.1.2/24
SwitchB
330
6 NQA Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch A as the NQA client and create an ICMP jitter test instance on Switch
A.
2.
Data Preparation
To complete the configuration, you need the following data:
l
IP address of Switch B
Procedure
Step 1 Configure a reachable route between Switch A and Switch B.
The configuration details are not mentioned here.
Step 2 Configure an NQA test instance for Switch A.
# Enable the NQA client and configure the ICMP jitter test instance.
<RouterA> system-view
[RouterA] nqa test-instance admin icmpjitter
[RouterA-nqa-admin-icmpjitter] test-type icmpjitter
[RouterA-nqa-admin-icmpjitter] destination-address ipv4
10.1.1.2
Issue 01 (2011-10-26)
331
6 NQA Configuration
OWD DS Sum:1
MOS-CQ value: 0
----End
Configuration Files
l
Issue 01 (2011-10-26)
332
6 NQA Configuration
Ethernet0/0/2
VLANIF110
20.1.1.1/24
SwitchA
NM Station
20.1.1.2/24
Ethernet0/0/1
SwitchB
Ethernet0/0/1
VLANIF130 SwitchC
VLANIF120
30.1.1.2/24
10.1.1.1/24
Ethernet0/0/2
Ethernet0/0/1
VLANIF130
VLANIF120
30.1.1.1/24 NQA Server
10.1.1.2/24
NOTE
For the information about clock synchronization, see "NTP" in the Quidway S3700 Series Ethernet
Switches Feature Description - Network Management.
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Configure a Jitter test.
# Configure the IP address and UDP port number monitored by the NQA server on Switch C.
<SwitchC> system-view
[SwitchC] nqa-server udpecho 30.1.1.2 9000
# # Enable the NQA client on Switch A and create an NQA Jitter test on it.
<SwitchA> system-view
[SwitchA] nqa test-instance admin jitter
Issue 01 (2011-10-26)
333
6 NQA Configuration
Issue 01 (2011-10-26)
334
6 NQA Configuration
Overwritten messages : 0
Current messages : 3
#Jul 9 00:28:34 2009 Quidway NQA/4/RTDTHRESHOLD:OID
1.3.6.1.4.1.2011.5.25.111.6.16 NQA entry RTD over threshold. (OwnerIndex=admin,
TestName=jitter)
#Jul 9 00:28:34 2009 Quidway NQA/4/SDTHRESHOLD:OID 1.3.6.1.4.1.2011.5.25.111.6.17
NQA entry OWD-SD over threshold. (OwnerIndex=admin, TestName=jitter)
#Jul 9 00:28:34 2009 Quidway NQA/4/DSTHRESHOLD:OID 1.3.6.1.4.1.2011.5.25.111.6.
18 NQA entry OWD-DS over threshold. (OwnerIndex=admin, TestName=jitter)
# Verify that the NMS can receive the trap message successfully. The displayed information is
not provided here.
----End
Configuration Files
l
Issue 01 (2011-10-26)
335
6 NQA Configuration
Issue 01 (2011-10-26)
336
7 RMON Configuration
RMON Configuration
Issue 01 (2011-10-26)
337
7 RMON Configuration
RMON
RMON is implemented based on the Simple Network Management Protocol (SNMP)
architecture, and is compatible with the existing SNMP framework. There are two concepts
involved in RMON, namely, the Network Management Workstation (NM Station) and the agent.
A RMON agent collects statistics of various traffic in a network, including the number of packets
on a network segment within a period and the number of correct packets sent to a host.
Compared with SNMP, RMON monitors remote network devices more efficiently and actively.
It provides an efficient solution to monitor the running of sub-networks, which reduces the
communication traffic between the NM Station and the agent. Large-sized networks can thus be
managed in a simple and effective manner.
RMON allows multiple monitors. It collects data in the following ways:
l
Embed a RMON agent into a network device (a switch for example) to enable the device
to be of the RMON Probe capability.
The NM Station uses the basic SNMP commands for exchanging data with the RMON
agent and collecting the network management information. This process is restricted by
device resources and hence the NM Station collects only information on four groups (alarm,
event, history, and statistics) and not the complete information on the RMON MIB.
Currently, the S3700 implements the monitoring and statistics collection function only on the
Ethernet interfaces of network devices.
Features of RMON
The S3700 implements RMON by embedding agent modules to network devices to form a
complete system with other modules. The RMON NM Station is completely compatible with
the SNMP NM Station; so, the administrator can handle it properly without additional training.
RMON in the S3700 supports four groups, namely, statistics, history, alarm, and event, as
defined in RFC 2819, and a Performance-MIB defined by Huawei. The following describes each
group.
l
Statistic group
The statistics group collects the basic statistics of each monitored sub-network. The
statistics include date flows on a network segment, distribution of various packets, error
frames, and collisions.
Issue 01 (2011-10-26)
338
7 RMON Configuration
The RMON statistics result is not consistent with the output of the display interface command.
Although data is collected from the bottom layer in both the cases, the RMON information is more
comprehensive.
History group
A history group periodically collects the network state statistics and stores them for future
reference. The history group has the following tables:
historyControlTable: is used to set the control information, such as sampling intervals.
etherHistoryTable: provides network administrators with other history statistics, such
as the traffic on a network segment, error packets, broadcast packets, utilization, and
collisions.
Each entry in the historyControlTable corresponds to a maximum of 10 pieces of history
records in the etherHistoryTable. The previous pieces are overwritten in a circular
manner if the threshold of records in etherHistoryTable is crossed.
Alarm group
An alarm group allows predefining a set of thresholds for alarm variables (any object in
the local MIB). A monitor records logs or sends trap messages to the NM Station when the
sampled data in a certain direction crosses a threshold.
As defined in RFC 2819, the alarm function has a hysteresis mechanism to limit the
generation of alarms. If this mechanism is adopted, an alarm event is generated when the
sampled data in a direction crosses the threshold. No more events will be generated until
the sampled data in the opposite direction crosses the threshold.
The S3700 does not apply this mechanism because it will not generate the alarms for a long
period. For the S3700, the alarms are re-generated if the smapling value turns to the noraml
threshold.
The alarm group contains one table: alarmTable.
Event group
An event group stores all the events generated by the RMON agent in a table. It records
logs or sends trap messages to the NM Station when an event occurs.
The event group implements the output of three events: log, trap, and log-trap. Each event
entry corresponds to a maximum of 10 pieces of logs. The previous logs are overwritten in
a circular manner if the threshold of logs is crossed.
The event group has two tables: eventTable and logTable.
Performance-MIB
The RMON prialarm group is an enhancement of alarmTable defined in RFC 2819.
Compared with the alarmTable, the RMON prialarm group supports the setting of alarm
objects and time spans of alarm entries through expressions.
The RMON Performance-MIB has one table: prialarmTable.
In the S3700, to save system resources, each entry is given a specific time span. The time
span indicates the period for an entry to keep the invalid state. The entry is deleted when
the time span goes down to 0.
Table 7-1 shows the capacity of various tables and the maximum time span of each table.
Issue 01 (2011-10-26)
339
7 RMON Configuration
ethernetStatsTable
100
600
historyControlTable
100
600
alarmTable
60
6000
eventTable
60
600
logTable
600
prialarmTable
50
6000
NOTE
logTable does not have a time span. Each log entry can have a maximum of 10 pieces of logs. The
excessive logs supersede the older ones in a circular manner.
When an interface board or an interface card is removed, the corresponding entries in the
ethernetStatsTable and historyControlTable become invalid. If the time spans of tables are
respectively set to 600s, the entries in the tables are deleted when the time spans go down
to 0.
If an interface is added before its corresponding entries are deleted from the table, these
entries can take effect again.
Applicable Environment
To monitor network status and collect traffic statistics on a network segment, you can configure
RMON.
Enabling the RMON function does not need any special requirement. You can enable it in
advance, or configure it when you suspect that the traffic of the sub-network where interface
resides is abnormal. You can configure RMON depending on actual situations.
It is recommended to configure the statistics table in advance, configure two history control
policies on the interface where the traffic is abnormal, configure the alarm for one or more
suspicious entries, set the high and low thresholds, and view the alarm information.
NOTE
RMON only stores traffic statistics and information or abnormalities but cannot avoid the generation of
these statistics or information. To clear abnormalities, you need to adopt the other management measures.
Issue 01 (2011-10-26)
340
7 RMON Configuration
Pre-configuration Tasks
Before configuring RMON, complete the following tasks:
l
Data Preparation
To configure RMON, you need the following data.
No.
Data
Context
Do as follows on the switch on which traffic statistics should be collected:
Procedure
Step 1 Run:
system-view
341
7 RMON Configuration
Context
Do as follows on the switch on which traffic statistics should be collected:
Procedure
Step 1 Run:
system-view
Context
The history data management supports the setting of sampling, sampling interval, and saving
quantity for the traffic passing through a specified port. RMON periodically collects statistics
of the port and saves them to etherHistoryTable for future reference.
As recommended by the RMON specifications, each monitored interface should be configured
with more than two history control entries. One entry is sampled every 30 seconds while another
entry is sampled every 30 minutes.
The short sampling interval enables a monitor to probe the sudden changes of traffic modes, and
the long sampling interval is applicable if the interface status is relatively stable.
Currently, the S3700 reserves up to 10 pieces of the latest records for each history control entry.
NOTE
To reduce the effect on the performance of the system, the sampling interval of the history table should be
longer than 10 seconds, and the same port should not be configured with too many history control entries
and alarm entries.
Issue 01 (2011-10-26)
342
7 RMON Configuration
Procedure
Step 1 Run:
system-view
} interface-number
Context
Do as follows on the switch that is monitored:
The RMON event management module is responsible for adding events to the corresponding
rows in the eventTable and defining the methods of processing events:
l
Procedure
Step 1 Run:
system-view
343
7 RMON Configuration
Context
The RMON alarm management is responsible for monitoring a specified alarm variable
(identified by OID) at a specified sampling interval. An alarm event occurs when the monitored
variable exceeds the defined threshold. Generally, the event is recorded in the log table, or
RMON sends a trap message to the NM Station.
If the events that correspond to the alarm upper limit and lower limit (event-entry1, evententry2) are not configured in the eventTable, an alarm is not generated even if the alarm condition
is satisfied. At this time, the status of alarm recording is undercreation and not VALID.
If an event corresponding to either the alarm upper limit or the alarm lower limit is configured,
an alarm is triggered once the alarm condition is satisfied. At this time, the status of alarm
recording is VALID. If an incorrect alarm variable is configured (for example, an inexistent OID
is specified), the status of alarm recording is undercreation and no alarm is generated.
Do as follows on the switch that is monitored:
Procedure
Step 1 Run:
system-view
Context
Do as follows on the switch that is monitored.
Procedure
Step 1 Run:
system-view
344
7 RMON Configuration
Step 2 Run:
rmon prialarm entry-number prialarm-formula description-string sampling-interval
{ absolute | changeratio | delta } rising-threshold threshold-value1 event-entry1
falling-threshold threshold-value2 event-entry2 entrytype { cycle entry-period |
forever } [ owner owner-name ]
Prerequisite
The configurations of the RMON are complete.
Procedure
l
Run the display rmon alarm [ entry-number ] command to view the RMON alarm
information.
Run the display rmon event [ entry-number ] command to view the RMON events.
Run the display rmon eventlog [ entry-number ] command to view the RMON event logs.
Run the display rmon history [ ethernet interface-number | gigabitethernet interfacenumber ] command to view the RMON history information.
Run the display rmon prialarm [ entry-number ] command to view the information of the
RMON prialarmTable.
Run the display rmon statistics [ ethernet interface-number | gigabitethernet interfacenumber ] command to view the RMON statistics.
----End
Issue 01 (2011-10-26)
345
7 RMON Configuration
Example
Run the display rmon alarm command. If information about the alarm table is displayed, it
means that the configuration succeeds.
<Quidway> display rmon alarm 1
Alarm table 1 owned by Test300 is VALID.
Samples absolute value
: 1.3.6.1.2.1.16.1.1.1.6.1 <etherStatsBroadcastPkts.1>
Sampling interval
: 30(sec)
Rising threshold
: 500(linked with event 1)
Falling threshold
: 100(linked with event 1)
When startup enables
: risingOrFallingAlarm
Latest value
: 1975
Run the display rmon event command. If information about the event table is displayed, it
means that the configuration succeeds.
<Quidway> display rmon event
Event table 1 owned by Test300 is VALID.
Description: null.
Will cause log when triggered, last triggered at 0days 00h:24m:10s.
Event table 2 owned by Test300 is VALID.
Description: forUseofPrialarm.
Will cause snmp-trap when triggered, last triggered at 0days 00h:26m:10s.
Run the display rmon eventlog command. If information about the event logs is displayed, it
means that the configuration succeeds.
<Quidway> display rmon eventlog
Event table 1 owned by Test300 is VALID.
Generates eventLog 1.1 at 0days 00h:39m:30s.
Description: The 1.3.6.1.2.1.16.1.1.1.6.1 defined in alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
Run the display rmon history command to display the RMON history.
<Quidway> display rmon history
History control entry 1 owned by Test300 is VALID,
Samples interface
: Ethernet0/0/1<ifEntry.402653698>
Sampling interval
: 30(sec) with 10 buckets max.
Last Sampling time
: 0days 00h:09m:43s
Latest sampled values :
octets
:645
, packets
:7
broadcast packets
:7
, multicast packets :0
undersize packets
:6
, oversize packets :0
fragments packets
:0
, jabbers packets
:0
CRC alignment errors :0
, collisions
:0
Dropped packet:
:0
, utilization
:0
Run the display rmon prialarm command. If information about the extended alarm table is
displayed, it means that the configuration succeeds.
<Quidway> display rmon prialarm 1
Prialarm table 1 owned by Test300 is VALID.
Samples delta value
: .1.3.6.1.2.1.16.1.1.1.6.1+.1.3.6.1.2.1.16.1.1.1.7.1
Sampling interval
: 30(sec)
Rising threshold
: 1000(linked with event 2)
Falling threshold
: 0(linked with event 2)
When startup enables
: risingOrFallingAlarm
This entry will exist
: forever.
Latest value
: 16
Run the display rmon statistics command to display the RMON statistics.
<Quidway> display rmon statistics
Statistics entry 1 owned by Test300 is VALID.
Interface : GigabitEthernet<ifEntry.402653698>
Received :
octets
:142915224 , packets
:1749151
broadcast packets
:11603
, multicast packets:756252
undersized packets :0
, oversized packets:0
Issue 01 (2011-10-26)
346
7 RMON Configuration
fragments packets
:0
, jabbers packets :0
CRC alignment errors:0
, collisions
:0
Dropped packet (insufficient resources):1795
Packets received according to length (octets):
64
:150183
, 65-127 :150183
, 128-255 :1383
256-511:3698
, 512-1023:0
, 1024-1518:0
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
When an RMON fault occurs, run the following debugging command in the user view to locate
the fault.
For the description about the debugging commands, refer to the Quidway S3700 Series Ethernet
Switches Debugging Reference.
Perform the configuration in the user view.
Procedure
l
----End
347
7 RMON Configuration
Ethernet
0/0/1
.....
.
IP
Network
PC
Switch
NMS
PC
VLAN
Configuration Roadmap
To send a Trap message to the NMS, you need to use SNMP commands to enable the Trap
function and set a corresponding community name. For details, refer to the chapter SNMP
Configuration.
The configuration roadmap is as follows:
l
Data Preparation
To complete the configuration, you need the following data:
l
Configuration Procedure
1.
Configure reachable routes between the Switch and the NMSs. The configuration procedure
is not mentioned.
2.
# Verify the configuration. You can check the traffic on the subnet.
[Switch-Ethernet0/0/1] display rmon statistics ethernet 0/0/1
Issue 01 (2011-10-26)
348
7 RMON Configuration
3.
# Configure Switch.
# Sample the traffic on the subnet every 30 seconds and save the latest 10 history entries.
[Switch-Ethernet0/0/1] rmon history 1 buckets 10 interval 30 owner User01
# Verify the configuration. Only the last sampling record is displayed through CLI. To
display all the history records, use the special NMS software.
[Switch-Ethernet0/0/1] quit
[Switch] display rmon history ethernet 0/0/1
History control entry 1 owned by User01 is VALID
Samples interface
: Ethernet0/0/1<ifEntry.514>
Sampling interval
: 30(sec) with 10 buckets max
Last Sampling time
: 0days 01h:56m:21s
Latest sampled
values :
octets
:11385
, packets
0
broadcast packets
:0
, multicast packets
9
undersize packets
:0
, oversize packets
0
fragments packets
:0
, jabbers packets
0
CRC alignment errors :0
, collisions
0
Dropped packet:
:0
, utilization
0
History
record:
Record No.1 (Sample time: 1days 07h:37m:
29s)
octets
:11182
, packets
0
broadcast packets
:0
, multicast packets
8
undersize packets
:0
, oversize packets
0
fragments packets
:0
, jabbers packets
0
CRC alignment errors :0
, collisions
0
Dropped packet:
:0
, utilization
4.
:
:
:
:
:
:
:
:
:
:
:
:0
# Set the device to send Trap messages to the NMS for RMON event 2 and set the
community name to public.
[Switch] rmon event 2 description prialarmevent trap public owner User01
Issue 01 (2011-10-26)
349
7 RMON Configuration
5.
6.
7.
is VALID.
1.3.6.1.2.1.2.2.1.12.898<ifInNUcastPkts.898>
30(sec)
1000(linked with event 2)
10(linked with event 1)
risingOrFallingAlarm
Configuration Files
#
sysname Switch
#
snmp-agent
snmp-agent local-engineid 000007DB7F000001000071B6
#
Issue 01 (2011-10-26)
350
7 RMON Configuration
interface Ethernet0/0/1
rmon-statistics enable
rmon statistics 1 owner user01
rmon history 1 buckets 10 interval 30 owner user01
#
rmon event 1 description logevent log owner User01
rmon event 2 description prialarmeven trap public owner User01
rmon alarm 1 1.3.6.1.2.1.16.1.1.1.6.1 30 absolute rising-threshold 10000 2 fallingthreshold 100 1 owner User01
rmon alarm 2 1.3.6.1.2.1.16.1.1.1.7.1 30 absolute rising-threshold 50000 2 fallingthreshold 100 1 owner User01
rmon alarm 3 1.3.6.1.2.1.2.2.1.12.898 30 absolute rising-threshold 1000 2 fallingthreshold 10 1 owner User01
#
return
Issue 01 (2011-10-26)
351