Configuration Guide - Network Management

Quidway S5700 Series Ethernet Switches
V100R006C01
Configuration Guide - Network
Management
Issue
01
Date
2011-10-26
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2011. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address:
Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://www.huawei.com
Email:
support@huawei.com
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
i
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
About This Document
About This Document
Intended Audience
This document provides the basic concepts, configuration procedures, and configuration
examples in different application scenarios of the Network Management feature supported by
the S5700.
This document describes how to configure the Network Management feature.
This document is intended for:
l
Data configuration engineers
l
Commissioning engineers
l
Network monitoring engineers
l
System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
DANGER
WARNING
CAUTION
Issue 01 (2011-10-26)
Indicates a hazard with a high level of risk, which if not
avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.
TIP
Indicates a tip that may help you solve a problem or save
time.
NOTE
Provides additional information to emphasize or supplement
important points of the main text.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ii
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
About This Document
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italics.
[]
Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... }
Optional items are grouped in braces and separated by
vertical bars. One item is selected.
[ x | y | ... ]
Optional items are grouped in brackets and separated by
vertical bars. One item is selected or no item is selected.
{ x | y | ... }*
Optional items are grouped in braces and separated by
vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]*
Optional items are grouped in brackets and separated by
vertical bars. Several items or no item can be selected.
&<1-n>
The parameter before the & sign can be repeated 1 to n times.
#
A line starting with the # sign is comments.
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Changes in Issue 01 (2011-10-26)
Initial commercial release.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iii
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
Contents
Contents
About This Document.....................................................................................................................ii
1 SNMP Configuration....................................................................................................................1
1.1 Introduction to SNMP........................................................................................................................................2
1.1.1 SNMP Overview........................................................................................................................................2
1.1.2 SNMP Features Supported by the S5700..................................................................................................4
1.2 Configuring a Device to Communicate with an NM Station by Running SNMPv1..........................................7
1.2.1 Establishing the Configuration Task.........................................................................................................7
1.2.2 Configuring Basic SNMPv1 Functions.....................................................................................................8
1.2.3 (Optional) Controlling the NM Station's Access to the Device...............................................................11
1.2.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................12
1.2.5 (Optional) Configuring the Trap Function..............................................................................................13
1.2.6 (Optional) Configuring the Constant Interface Index Feature.................................................................14
1.2.7 Checking the Configuration.....................................................................................................................15
1.3 Configuring a Device to Communicate with an NM Station by Running SNMPv2c......................................15
1.3.1 Establishing the Configuration Task.......................................................................................................16
1.3.2 Configuring Basic SNMPv2c Functions.................................................................................................17
1.3.3 (Optional) Controlling the NM Station's Access to the Device...............................................................19
1.3.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................21
1.3.5 (Optional) Configuring the Trap Function..............................................................................................21
1.3.6 (Optional) Configuring the Constant Interface Index Feature.................................................................24
1.3.7 Checking the Configuration.....................................................................................................................25
1.4 Configuring a Device to Communicate with an NM Station by Running SNMPv3........................................25
1.4.1 Establishing the Configuration Task.......................................................................................................26
1.4.2 Configuring Basic SNMPv3 Functions...................................................................................................27
1.4.3 (Optional) Controlling the NM Station's Access to the Device...............................................................30
1.4.4 (Optional) Enabling the SNMP Extended Error Code Function.............................................................31
1.4.5 (Optional) Configuring the Trap Function..............................................................................................32
1.4.6 (Optional) Configuring the Constant Interface Index Feature.................................................................33
1.4.7 Checking the Configuration.....................................................................................................................34
1.5 SNMP Configuration Examples.......................................................................................................................34
1.5.1 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv1..............35
1.5.2 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv2c............38
1.5.3 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv3..............42
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iv
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
Contents
2 LLDP Configuration...................................................................................................................46
2.1 Introduction to LLDP.......................................................................................................................................47
2.2 LLDP Feature Supported by the S5700............................................................................................................50
2.3 Configuring LLDP............................................................................................................................................53
2.3.1 Establishing the Configuration Task.......................................................................................................53
2.3.2 Enabling Global LLDP............................................................................................................................54
2.3.3 (Optional) Disabling LLDP on an Interface............................................................................................55
2.3.4 (Optional) Configuring an LLDP Management Address........................................................................55
2.3.5 (Optional) Configuring the TLV in the LLDPDU...................................................................................56
2.3.6 (Optional) Configuring LLDP Timers.....................................................................................................58
2.3.7 (Optional) Enabling the LLDP Trap Function........................................................................................60
2.3.8 Checking the Configuration.....................................................................................................................61
2.4 Maintaining LLDP............................................................................................................................................61
2.4.1 Clearing LLDP Statistics.........................................................................................................................62
2.4.2 Monitoring LLDP Status.........................................................................................................................62
2.5 Configuration Examples...................................................................................................................................62
2.5.1 Example for Configuring LLDP on the Device That Has a Single Neighbor.........................................62
2.5.2 Example for Configuring LLDP on the Device That Has Multiple Neighbors.......................................67
2.5.3 Example for Configuring LLDP on the Network Where Link Aggregation Is Configured....................72
3 HGMP Configuration.................................................................................................................79
3.1 Introduction to HGMP......................................................................................................................................80
3.2 HGMP Features Supported by the S5700.........................................................................................................82
3.3 Configuring Basic HGMP Functions...............................................................................................................86
3.3.1 Establishing the Configuration Task.......................................................................................................86
3.3.2 Configuring NDP.....................................................................................................................................86
3.3.3 Configuring NTDP..................................................................................................................................88
3.3.4 Creating a Cluster....................................................................................................................................89
3.3.5 Adding a Member Switch........................................................................................................................92
3.3.6 (Optional) Deleting or Quitting a Cluster................................................................................................93
3.3.7 (Optional) Deleting a Member Switch....................................................................................................94
3.3.8 Checking the Configuration.....................................................................................................................95
3.4 Configuring Advanced HGMP Functions........................................................................................................97
3.4.1 Establishing the Configuration Task.......................................................................................................97
3.4.2 Adjusting Parameters of the Cluster........................................................................................................98
3.4.3 Managing Switches in a Cluster Through HGMP.................................................................................101
3.4.4 Checking the Configuration...................................................................................................................105
3.5 Maintaining HGMP........................................................................................................................................108
3.5.1 Clearing the NDP Statistics...................................................................................................................108
3.5.2 Monitoring the Operation Status of the HGMP Cluster........................................................................108
3.5.3 Debugging HGMP.................................................................................................................................109
3.6 HGMP Configuration Examples....................................................................................................................109
3.6.1 Example for Configuring Basic HGMP Functions for a Cluster...........................................................109
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
v
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
Contents
3.6.2 Example for Configuring the Interconnection of FTP Servers and Devices in and out of the HGMP Cluster
(in NAT Mode)...............................................................................................................................................118
3.6.3 Example for Configuring the Interconnection of FTP Servers and Devices in and out of the HGMP Cluster
(in Non-NAT Mode).......................................................................................................................................128
3.6.4 Example for Configuring Devices in the HGMP Cluster to Access the Outside SNMP Host (in NAT
Mode)..............................................................................................................................................................138
3.6.5 Example for Configuring Devices in the HGMP Cluster to Access the Outside SNMP Host (in non-NAT
Mode)..............................................................................................................................................................147
3.6.6 Example for Configuring the Batch Distribution Function for an HGMP Cluster...............................158
3.6.7 Example for Configuring the Batch Restart Function for an HGMP Cluster.......................................168
3.6.8 Example for Configuring the Incremental Configuration Function for an HGMP Cluster...................178
3.6.9 Example for Configuring the Configuration Synchronization Function for an HGMP Cluster............188
3.6.10 Example for Configuring Security Features for an HGMP Cluster....................................................198
4 NTP Configuration....................................................................................................................209
4.1 Introduction to NTP........................................................................................................................................210
4.2 NTP Supported by the S5700.........................................................................................................................212
4.3 Configuring Basic NTP Functions.................................................................................................................213
4.3.1 Establishing the Configuration Task.....................................................................................................213
4.3.2 Configuring the NTP Primary Clock.....................................................................................................214
4.3.3 Configuring the Unicast Server/Client Mode........................................................................................215
4.3.4 Configuring the Peer Mode...................................................................................................................216
4.3.5 Configuring the Broadcast Mode..........................................................................................................217
4.3.6 Configuring the Multicast Mode...........................................................................................................218
4.3.7 Disabling the Interface From Receiving NTP Packets..........................................................................219
4.3.8 (Optional) Setting the Maximum Number of Dynamic NTP Sessions.................................................220
4.3.9 Checking the Configuration...................................................................................................................220
4.4 Configuring NTP Security Mechanisms.........................................................................................................221
4.4.1 Establishing the Configuration Task.....................................................................................................221
4.4.2 Setting NTP Access Authorities............................................................................................................223
4.4.3 Enabling NTP Authentication...............................................................................................................224
4.4.4 Configuring NTP Authentication in Unicast Server/Client Mode........................................................225
4.4.5 Configuring NTP Authentication in Peer Mode....................................................................................225
4.4.6 Configuring NTP Authentication in Broadcast Mode...........................................................................226
4.4.7 Configuring NTP Authentication in Multicast Mode............................................................................226
4.4.8 Checking the Configuration...................................................................................................................227
4.5 Maintaining NTP............................................................................................................................................228
4.6 Configuration Examples.................................................................................................................................228
4.6.1 Example for Configuring NTP Authentication in Unicast Client/Server Mode....................................228
4.6.2 Example for Configuring the Common NTP Peer Mode......................................................................233
4.6.3 Example for Configuring NTP Authentication in Broadcast Mode......................................................236
4.6.4 Example for Configuring the Common NTP Multicast Mode..............................................................240
5 Ping and Tracert.........................................................................................................................245
5.1 Ping.................................................................................................................................................................246
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
vi
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
Contents
5.2 Tracert.............................................................................................................................................................246
5.3 Performing Ping and Tracert Operations........................................................................................................247
5.3.1 Establishing the Configuration Task.....................................................................................................248
5.3.2 Checking Network Connectivity Through the Ping Operation.............................................................248
5.3.3 Locating Faults on the Network Through the Tracert Operation..........................................................249
5.4 Debugging Ping and Tracert...........................................................................................................................250
5.5 Configuration Examples.................................................................................................................................250
5.5.1 Example for Performing Ping and Tracert Operations..........................................................................250
6 NQA Configuration..................................................................................................................253
6.1 Introduction to NQA.......................................................................................................................................256
6.2 Comparisons Between NQA and Ping...........................................................................................................256
6.3 NQA Server and NQA Clients.......................................................................................................................257
6.4 NQA Supported by the S5700........................................................................................................................257
6.5 Configuring the ICMP Test............................................................................................................................259
6.5.1 Establishing the Configuration Task.....................................................................................................259
6.5.2 Configuring ICMP Test Parameters......................................................................................................260
6.5.3 Checking the Configuration...................................................................................................................261
6.6 Configuring the FTP Download Test.............................................................................................................262
6.6.1 Establishing the Configuration Task.....................................................................................................262
6.6.2 Configuring the FTP Download Test Parameters..................................................................................263
6.6.3 Checking the Configuration...................................................................................................................264
6.7 Configuring the FTP Upload Test..................................................................................................................265
6.7.1 Establishing the Configuration Task.....................................................................................................265
6.7.2 Configuring the FTP Upload Test Parameters......................................................................................266
6.7.3 Checking the Configuration...................................................................................................................268
6.8 Configuring the HTTP Test............................................................................................................................269
6.8.1 Establishing the Configuration Task.....................................................................................................269
6.8.2 Configuring HTTP Test Parameters......................................................................................................270
6.8.3 Checking the Configuration...................................................................................................................271
6.9 Configuring the DNS Test..............................................................................................................................272
6.9.1 Establishing the Configuration Task.....................................................................................................272
6.9.2 Configuring the DNS Test Parameters..................................................................................................273
6.9.3 Checking the Configuration...................................................................................................................274
6.10 Configuring the Traceroute Test...................................................................................................................275
6.10.1 Establishing the Configuration Task...................................................................................................275
6.10.2 Configuring Parameters for a Traceroute Test....................................................................................275
6.10.3 Checking the Configuration.................................................................................................................277
6.11 Configuring the SNMP Query Test..............................................................................................................277
6.11.1 Establishing the Configuration Task...................................................................................................278
6.11.2 Configuring the SNMP Query Test Parameters..................................................................................278
6.11.3 Checking the Configuration.................................................................................................................280
6.12 Configuring the TCP Test.............................................................................................................................280
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
vii
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
Contents
6.12.1 Establishing the Configuration Task...................................................................................................280
6.12.2 Configuring the TCP Server................................................................................................................281
6.12.3 Configuring the TCP Client.................................................................................................................281
6.12.4 Checking the Configuration.................................................................................................................283
6.13 Configuring the UDP Test............................................................................................................................284
6.13.1 Establishing the Configuration Task...................................................................................................284
6.13.2 Configuring the UDP Server...............................................................................................................284
6.13.3 Configuring the UDP Client................................................................................................................285
6.13.4 Checking the Configuration.................................................................................................................286
6.14 Configuring the Jitter Test............................................................................................................................287
6.14.1 Establishing the Configuration Task...................................................................................................287
6.14.2 Configuring the Jitter Server...............................................................................................................288
6.14.3 Configuring the Jitter Client................................................................................................................289
6.14.4 Checking the Configuration.................................................................................................................291
6.15 Configuring the LSP Ping Test.....................................................................................................................292
6.15.1 Establishing the Configuration Task...................................................................................................292
6.15.2 Configuring the LSP Ping Test Parameters for the LDP Tunnel........................................................293
6.15.3 Checking the Configuration.................................................................................................................294
6.16 Configuring the LSP Jitter Test....................................................................................................................295
6.16.1 Establishing the Configuration Task...................................................................................................295
6.16.2 Configuring the LSP Jitter Test Parameters for the LDP Tunnel........................................................296
6.16.3 Checking the Configuration.................................................................................................................297
6.17 Configuring the LSP Trace Test...................................................................................................................299
6.17.1 Establishing the Configuration Task...................................................................................................299
6.17.2 Configuring the LSP Trace Parameters for the LDP Tunnel...............................................................300
6.17.3 Checking the Configuration.................................................................................................................301
6.18 Configuring an ICMP Jitter Test..................................................................................................................302
6.18.1 Establishing the Configuration Task...................................................................................................302
6.18.2 Configuring Parameters for the ICMP Jitter Test................................................................................303
6.18.3 Checking the Configuration.................................................................................................................305
6.19 Configuring the PWE3 Ping Test to Check the One-Hop PW.....................................................................306
6.19.1 Establishing the Configuration Task...................................................................................................306
6.19.2 Configuring Parameters for the PWE3 Ping Test on a One-Hop PW.................................................307
6.19.3 Checking the Configuration.................................................................................................................308
6.20 Configuring the PWE3 Ping Test to Check the Multi-Hop PW...................................................................309
6.20.1 Establishing the Configuration Task...................................................................................................309
6.20.2 Configuring Parameters for the PWE3 Ping Test on a Multi-Hop PW...............................................310
6.20.3 Checking the Configuration.................................................................................................................311
6.21 Configuring the PWE3 Trace Test to Check the One-Hop PW...................................................................313
6.21.1 Establishing the Configuration Task...................................................................................................313
6.21.2 Configuring Parameters for the PWE3 Trace Test on a One-Hop PW...............................................313
6.21.3 Checking the Configuration.................................................................................................................315
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
viii
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
Contents
6.22 Configuring the PWE3 Trace Test to Check the Multi-Hop PW.................................................................316
6.22.1 Establishing the Configuration Task...................................................................................................316
6.22.2 Configuring Parameters for the PWE3 Trace Test on a Multi-Hop PW.............................................317
6.22.3 Checking the Configuration.................................................................................................................318
6.23 Configuring Universal NQA Test Parameters..............................................................................................320
6.23.1 Establishing the Configuration Task...................................................................................................320
6.23.2 Configuring Universal Parameters for the NQA Test Instance...........................................................320
6.23.3 Checking the Configuration.................................................................................................................324
6.24 Configuring Round-Trip Delay Thresholds.................................................................................................325
6.24.1 Establishing the Configuration Task...................................................................................................325
6.24.2 Configuring Round-Trip Delay Thresholds........................................................................................326
6.24.3 Checking the Configuration.................................................................................................................327
6.25 Configuring the Trap Function.....................................................................................................................327
6.25.1 Establishing the Configuration Task...................................................................................................327
6.25.2 Sending Trap Messages When Test Failed..........................................................................................328
6.25.3 Sending Trap Messages When Probes Failed......................................................................................329
6.25.4 Sending Trap Messages When Probes Are Complete.........................................................................330
6.25.5 Sending Trap Messages When the Transmission Delay Exceeds Thresholds....................................331
6.25.6 Checking the Configuration.................................................................................................................332
6.26 Maintaining NQA.........................................................................................................................................332
6.26.1 Restarting NQA Test Instances...........................................................................................................332
6.26.2 Clearing NQA Statistics......................................................................................................................333
6.26.3 Debugging NQA..................................................................................................................................333
6.27 Configuration Examples...............................................................................................................................334
6.27.1 Example for Configuring the ICMP Test............................................................................................334
6.27.2 Example for Configuring the FTP Download Test.............................................................................336
6.27.3 Example for Configuring the FTP Upload Test..................................................................................338
6.27.4 Example for Configuring the HTTP Test............................................................................................341
6.27.5 Example for Configuring the DNS Test..............................................................................................343
6.27.6 Example for Configuring the Traceroute Test.....................................................................................344
6.27.7 Example for Configuring the SNMP Query Test................................................................................347
6.27.8 Example for Configuring the TCP Test...............................................................................................349
6.27.9 Example for Configuring the UDP Test..............................................................................................351
6.27.10 Example for Configuring the Jitter Test............................................................................................353
6.27.11 Example for Configuring the LSP Ping Test for a Common Tunnel................................................356
6.27.12 Example for Configuring the LSP Jitter Test for a Common Tunnel...............................................359
6.27.13 Example for Configuring an ICMP Jitter Test..................................................................................362
6.27.14 Example for Configuring the PWE3 Ping Test on a Single-Hop PW...............................................364
6.27.15 Example for Configuring the PWE3 Ping Test on a Multi-Hop PW................................................369
6.27.16 Example for Configuring the PWE3 Trace Test on a Single-Hop PW.............................................374
6.27.17 Example for Configuring the PWE3 Trace Test on a Multi-Hop PW...............................................379
6.27.18 Example for Configuring the Test of Sending NQA Threshold Traps to the NMS..........................385
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ix
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
Contents
7 RMON Configuration...............................................................................................................390
7.1 Introduction to RMON...................................................................................................................................391
7.2 RMON Suported by the S5700.......................................................................................................................391
7.3 Configuring RMON........................................................................................................................................393
7.3.1 Establishing the Configuration Task.....................................................................................................393
7.3.2 Enabling the RMON Statistics Function on the Interface.....................................................................394
7.3.3 Configuring the ethernetStatsTable.......................................................................................................395
7.3.4 Configuring the HistoryControlTable...................................................................................................395
7.3.5 Configuring the EventTable..................................................................................................................396
7.3.6 Configuring the AlarmTable.................................................................................................................397
7.3.7 Configuring the PrialarmTable..............................................................................................................397
7.3.8 Checking the Configuration...................................................................................................................398
7.4 Maintaining RMON........................................................................................................................................400
7.5 Configuration Examples.................................................................................................................................400
7.5.1 Examples for Configuring RMON........................................................................................................400
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
x
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
1
SNMP Configuration
About This Chapter
The Simple Network Management Protocol (SNMP) is a standard network management protocol
widely used on TCP/IP networks. It uses a central computer (a network management station)
that runs network management software to manage network elements. There are three SNMP
versions, SNMPv1, SNMPv2c, and SNMPv3. Users can choose to configure one or more
versions if needed.
1.1 Introduction to SNMP
SNMP provides a set of standard protocols for the communication between the network
management station (NM station) and devices, allowing the NM station to normally manage
devices and receive alarms reported by the devices.
1.2 Configuring a Device to Communicate with an NM Station by Running SNMPv1
After SNMPv1 is configured, a managed device and an NM station can run SNMPv1 to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
1.3 Configuring a Device to Communicate with an NM Station by Running SNMPv2c
After SNMPv2c is configured, a managed device and an NM station can run SNMPv2c to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
1.4 Configuring a Device to Communicate with an NM Station by Running SNMPv3
After SNMPv3 is configured, a managed device and an NM station can run SNMPv3 to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
1.5 SNMP Configuration Examples
This section provides several configuration examples of SNMP. The configuration roadmap in
the examples will help you understand the configuration procedures. Each configuration
example provides information about the networking requirements, configuration notes, and
configuration roadmap.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
1.1 Introduction to SNMP
SNMP provides a set of standard protocols for the communication between the network
management station (NM station) and devices, allowing the NM station to normally manage
devices and receive alarms reported by the devices.
1.1.1 SNMP Overview
Get and Set operations can be performed on a managed device that runs the SNMP agent to
manage device objects by NM stations These objects are uniquely identified in the Management
Information Base (MIB).
As network services develop, more and more devices are deployed on existing networks. It is
some distance from the devices to the central equipment room where a network administrator
works. Once faults occur on the remote devices, it is impossible for the network administrator
to detect, locate and rectify faults immediately because the faults will not be reported by the
devices. This affects maintenance efficiency and greatly increases maintenance workload.
To solve this problem, equipment vendors have provided network management functions in
some products. The NM station then can query the status of remote devices, and devices can
send alarms to the NM station in the case of particular events.
SNMP operates at the application layer of the IP suite and defines how to transmit management
information between the NM station and devices. SNMP defines several device management
operations that can be performed by the NM station and allows devices to notify the NM station
of device faults by sending alarms.
An SNMP-managed network consists of three components: NM station, agent, and managed
device. The NM station uses the MIB to identify and manage device objects. The operations
used for device management include GetRequest, GetNextRequest, GetResponse, GetBulk,
SetRequest, and notification from the agent to the NM station. The following sections give details
on the components, MIB, and operations.
SNMP Components
Three components are used in SNMP device management:
l
NM station: sends various query packets to query managed devices and receives alarms
from these devices.
l
Agent: is a network-management process on a managed device. An agent has the following
functions:
– Receives and parses query packets sent from the NM station.
– Reads or writes management variables based on the query type, and generates and sends
response packets to the NM station.
– Sends an alarm to the NM station when triggering conditions defined on each protocol
module corresponding to the alarm are met. For example, the system view is displayed
or closed, or the device is restarted.
l
Managed device: is managed by an NM station and generates and reports alarms to the NM
station.
Figure 1-1 shows the relationship between the NM station and agent.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
Figure 1-1 SNMP structure
UDP Port161
Request
Response
Agent
NM Station
UDP Port162
Agent
NM Station
MIB
SNMP uses a hierarchical naming convention to identify managed objects and to distinguish
between managed objects. This hierarchical structure is similar to a tree with the nodes
representing managed objects, Figure 1-2 shows a managed object that can be identified by the
path from the root to the node representing it.
Figure 1-2 Structure of a MIB tree
1
2
1
1
2
1 B
5
A
2
6
As shown in Figure 1-2, object B is uniquely identified by a string of numbers, {1.2.1.1}. Such
a number string is called an Object Identifier (OID). A MIB tree is used to describe the hierarchy
of data in a MIB that collects the definitions of variables on the managed devices.
A user can use a standard MIB or define a MIB based on certain standards. Using a standard
MIB can reduce the costs on proxy deployment and therefore reduce the costs on the entire
network management system.
SNMP Operations
SNMP uses Get and Set operations to replace a complex command set. The operations described
in Figure 1-3 can implement all functions.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
Figure 1-3 Schematic diagram of SNMP operations
get-request
get-response
get-next-request
get-response
NM Station
UDP Port162
set-request
get-response
Agent
UDP Port161
trap
Table 1-1 gives details on the SNMP operations.
Table 1-1 SNMP operations
Operation
Function
GetRequest
Retrieves the value of a variable. The NM station sends the
request to a managed device to obtain the value of an object
on the device.
GetNextRequest
Retrieves the value of the next variable. The NM station
sends the request to a managed device to obtain the status
of the next object on the device.
GetResponse
Responds to GetRequest, GetNextRequest, and
SetRequest operations. It is sent from the managed device
to the NM station.
GetBulk
Is an NMS-to-agent request, equaling continuous GetNext
operations.
SetRequest
Sets the value of a variable. The NM station sends the
request to a managed device to adjust the status of an object
on the device.
Trap
Reports an event to the NM station.
1.1.2 SNMP Features Supported by the S5700
This section compares SNMP versions in terms of their support for features and usage scenarios
to provide a reference for your SNMP version selection during network deployment.
The S5700 supports SNMPv1, SNMPv2c, and SNMPv3. Table 1-2 lists the features supported
by SNMP, and Table 1-3 shows the support of different SNMP versions for the features. Table
1-4 describes the usage scenarios of SNMP versions, which will help you choose a proper version
for the communication between an NM station and managed devices based on the network
operation conditions.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
NOTE
When multiple NM stations using different SNMP versions manage the same device in a network,
SNMPv1, SNMPv2c, and SNMPv3 can all be configured on the device for its communication with all the
NM stations.
Table 1-2 Description of features supported by SNMP
Feature
Description
Access control
This function is used to restrict a user's device
administration rights. It gives specific users
the rights to manage specified objects on
devices and therefore provides fine
management.
Authentication and encryption
Packets transmitted between the NM station
and managed devices are authenticated and
encrypted. This prevents data packets from
being intercepted or modified, improving
data sending security.
Error code
Error codes are used to identify particular
faults. They help an administrator quickly
locate and rectify faults. The larger the variety
of error codes, the more greatly they help an
administrator in device management.
Trap
Traps are sent from managed devices to the
NM station. These traps allow an
administrator to discover device faults
immediately.
The managed devices do not require the
acknowledgement from the NM station after
sending traps.
Inform
Informs are sent from managed devices to the
NM station.
The managed devices require the
acknowledgement from the NM station after
sending informs. If a managed device does
not receive an acknowledgement after
sending an inform, it will resend the inform
to the NM station and generate alarm logs.
Even if the NM station restarts, it can still
synchronize the informs sent during the
restart process.
If the device does not receive an
acknowledgement from the NM station after
sending an inform, it will store the inform in
its memory. In this regard, using informs may
consume lots of system resources.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
Feature
Description
GetBulk
GetBulk allows an administrator to perform
Get-next operation in batches. In a large-scale
network, GetBulk reduces the administrator's
workload and improves management
efficiency.
Table 1-3 Different SNMP versions' support for the features
Feature
SNMPv1
SNMPv2c
SNMPv3
Access control
Community-namebased access control
supported
Community-namebased access control
supported
User or user-groupbased access control
supported
Authentication and
encryption
Not supported
Not supported
Supported, and the
supported
authentication and
encryption modes are
as follows:
Authentication
mode:
l MD5
l SHA
Encryption mode:
DES56
Error code
6 error codes
supported
16 error codes
supported
16 error codes
supported
Trap
Supported
Supported
Supported
Inform
Not supported
Supported
Not supported
GetBulk
Not supported
Supported
Supported
Table 1-4 Usage scenarios of different SNMP versions
Issue 01 (2011-10-26)
Version
Usage Scenario
SNMPv1
This version is applicable to small-scale
networks whose networking is simple and
security requirements are low or whose
security and stability are good, such as
campus networks and small enterprise
networks.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
Version
Usage Scenario
SNMPv2c
This version is applicable to medium and
large-scale networks whose security
requirements are not strict or whose security
is good (for example, VPNs) but whose
services are so busy that traffic congestion
may occur.
Using informs can ensure that the messages
sent from managed devices are received by
the NM station.
SNMPv3
This version is applicable to networks of
various scales, especially the networks that
have strict requirements on security and can
be managed only by authorized
administrators, such as the scenario where
data between the NM station and managed
devices needs to be transmitted over a public
network.
If you plan to build a new network, choose an SNMP version based on your usage scenario. If
you plan to expand or upgrade an existing network, choose an SNMP version to match the SNMP
version running on the NM station to ensure the normal communication between managed
devices and the NM station.
1.2 Configuring a Device to Communicate with an NM
Station by Running SNMPv1
After SNMPv1 is configured, a managed device and an NM station can run SNMPv1 to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
The NM station manages a device in the following manners:
l
Sends requests to the managed device to perform the GetRequest, GetNextRequest,
GetResponse, GetBulk, or SetRequest operation, obtaining data and setting values.
l
Receives alarms from the managed device and locates and rectify device faults based on
the alarm information.
In the following configuration, after basic SNMP functions are configured, the NM station can
manage the device in these manners. For details on how to configure finer management such as
accurate access control or alarm module specification, see the following configuration
procedures.
1.2.1 Establishing the Configuration Task
Before configuring a device to communicate with an NM station by running SNMPv1,
familiarize yourself with the applicable environment, complete the pre-configuration tasks, and
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
obtain the data required for the configuration. This will help you complete the configuration task
quickly and accurately.
Applicable Environment
SNMP needs to be deployed in a network to allow the NM station to manage network devices.
If the network has a few devices and its security is good, such as a campus network or a small
enterprise network, SNMPv1 can be deployed to ensure the normal communication between the
NM station and managed devices.
Pre-configuration Tasks
Before configuring a device to communicate with an NM station by running SNMPv1, complete
the following task:
l
Configuring a routing protocol to ensure that the switch and NM station are routable
Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv1, you need
the following data.
No.
Data
1
SNMP version, SNMP community name, destination address of alarm messages,
administrator's contact information and location, and SNMP packet size
2
(Optional) ACL number, IP address of the NM station, and MIB object
3
(Optional) Name of the alarm-sending module, source address of trap messages,
queue length for trap messages, and lifetime of trap messages
4
(Optional) Number of interfaces indexed by fixed numbers
1.2.2 Configuring Basic SNMPv1 Functions
After basic SNMP functions are configured, an NM station can perform basic operations such
as Get and Set operations on a managed device, and the managed device can send alarms to the
NM station.
Context
Steps 3, 4, and 5 are mandatory for the configuration of basic SNMP functions. After the
configurations are complete, basic SNMP communication can be conducted between the NM
station and managed device.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
The system view is displayed.
Step 2 (Optional) Run:
snmp-agent
The SNMP agent function is enabled.
By default, the SNMP agent function is disabled. Running any command with the parameter
snmp-agent can enable the SNMP agent function, so this step is optional.
Step 3 Run:
snmp-agent sys-info version v1
The SNMP version is set.
By default, SNMPv3 is enabled.
After SNMPv1 is enabled on the managed device, the device supports both SNMPv1 and
SNMPv3. This means that the device can be monitored and managed by NM stations running
SNMPv1 or SNMPv3.
Step 4 Run:
snmp-agent community { read | write } community-name
The community name is set.
After the community name is set, if no MIB view is configured, the NM station that uses the
community name has rights to access objects in the Viewdefault view (1.3.6.1).
l read needs to be configured in the command if the NM station administrator needs the read
permission in a specified view in some cases. For example, a low-level administrator needs
to read certain data.
l write needs to be configured in the command if the NM station administrator needs the read
and write permissions in a specified view in some cases. For example, a high-level
administrator needs to read and write certain data.
Step 5 Choose either of the following commands as needed to configure a destination IP address for
the alarms and error codes sent from the device.
l To configure a destination IPv4 address for the alarms and error codes sent from the device,
run:
snmp-agent target-host trap address udp-domain ip-address [ udp-port portnumber ] [ public-net | vpn-instance vpn-instance-name ] params securityname
security-string [ v1 ] [ private-netmanager | ext-vb ]*
The descriptions of the command parameters are as follows:
l The default destination UDP port number is 162. In some special cases (for example, port
mirroring is configured to prevent a well-known port from being attacked), the parameter
udp-port can be used to specify a non-well-known UDP port number. This ensures normal
communication between the NM station and managed device.
l If the alarms sent from the managed device to the NM station need to be transmitted over a
public network, the parameter public-net needs to be configured. If the alarms sent from the
managed device to the NM station need to be transmitted over a private network, the
parameter vpn-instance vpn-instance-name needs to be used to specify a VPN that will take
over the sending task.
l The parameter securityname identifies the alarm sender, which will help you learn the alarm
source.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
l If the NM station and managed device are both Huawei products, the parameter privatenetmanager can be configured to add more information to alarms, such as the alarm type,
alarm sequence number, and alarm sending time. The information will help you locate and
rectify faults more quickly.
l The ext-vb parameter sets extended bound variables for traps sent to the target host. By
default, the traps sent to the target host do not carry extended bound variables.
Step 6 (Optional) Run:
snmp-agent sys-info { contact contact | location location }
The equipment administrator's contact information or location is configured.
This step is needed if the NM station administrator needs to know equipment administrators'
contact information and locations when the NM station manages many devices. This will allow
the NM station administrator to quickly contact the equipment administrators for fault location
and rectification.
To configure both the equipment administrator's contact information and location, you need to
run the command twice to configure them separately.
Step 7 (Optional) Run:
snmp-agent packet max-size byte-count
The maximum size of an SNMP packet that the device can receive or send is set.
By default, the maximum size of an SNMP packet that the device can receive or send is 12000
bytes.
After the maximum size is set, the device will discard any SNMP packet that is larger than the
set size. The allowable maximum size of an SNMP packet for a device depends on the size of a
packet that the NM station can process; otherwise, the NM station cannot process the SNMP
packets sent from the device.
----End
Follow-up Procedure
After the configurations are complete, basic communication can be conducted between the NM
station and managed device.
l
Access control allows any NM station that uses the community name to monitor and manage
all the objects on the managed device.
l
The managed device sends alarms generated by the modules that are enabled by default to
the NM station.
If finer device management is required, follow directions below to configure a managed device:
l
To allow a specified NM station that uses the community name to manage specified objects
on the device, follow the procedure described in Controlling the NM Station's Access to
the Device.
l
To allow a specified module on the managed device to report alarms to the NM station,
follow the procedure described in Configuring the Trap Function.
l
If the NM station and managed device are both Huawei products, follow the procedure
described in Enabling the SNMP Extended Error Code Function to allow the device to
send more types of error codes. This allows more specific error identification and facilitates
your fault location and rectification.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
l
1 SNMP Configuration
If the functions such as accounting and fault location need to be bound to specified
interfaces to prevent changes in interface indexes during device or interface restart, follow
the procedure described in Configuring the Constant Interface Index Feature.
1.2.3 (Optional) Controlling the NM Station's Access to the Device
This section describes how to specify an NM station and manageable MIB objects for SNMPbased communication between the NM station and managed device to improve communication
security.
Context
If a device is managed by multiple NM stations that use the same community name, note the
following points:
l
If all the NM stations that use the community name need to have rights to access the objects
in the Viewdefault view (1.3.6.1), skip the following steps.
l
If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), skip Step 5.
l
If all the NM stations need to manage specified objects on the device, skip Steps 2, 3, and
4.
l
If some of the NM stations that use the community name need to manage specified objects
on the device, perform all the following steps.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl acl-number
A basic ACL is created to filter the NM station users that can manage the device.
Step 3 Run:
rule [ rule-id ] { deny | permit } source { source-ip-address source-wildcard |
any }
A rule is added to the ACL.
Step 4 Run:
quit
Return to the system view.
Step 5 Run:
snmp-agent mib-view { excluded | included } view-name oid-tree
A MIB view is created, and manageable MIB objects are specified.
By default, an NM station has rights to access the objects in the Viewdefault view (1.3.6.1).
l If a few MIB objects on a device or some objects in the current MIB view do not or no longer
need to be managed by the NM station, excluded needs to be specified in the related command
to exclude these MIB objects.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
l If a few MIB objects on the device or some objects in the current MIB view need to be
managed by the NM station, included needs to be specified in the related command to include
these MIB objects.
Step 6 Run:
snmp-agent community { read | write } { community-name | cipher community-name } [
mib-view view-name | acl acl-number ]*
The NM station's access rights are specified.
l read needs to be configured in the command if the NM station administrator needs the read
permission in the specified view in some cases. For example, a low-level administrator needs
to read certain data. write needs to be configured in the command if the NM station
administrator needs the read and write permissions in the specified view in some cases. For
example, a high-level administrator needs to read and write certain data.
l cipher is used to display the community name in cipher text. It can be configured in the
command to improve security. If the parameter is configured, the administrator needs to
remember the community name. If the community name is forgotten, it cannot be obtained
by querying the device.
l If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), mib-view view-name does not need to be
configured in the command.
l If all the NM stations that use the community name need to manage specified objects on the
device, acl acl-number does not need to be configured in the command.
l If some of the NM stations that use the community name need to manage specified objects
on the device, both mib-view and acl need to be configured in the command.
----End
Follow-up Procedure
After the access rights are configured, especially after the IP address of the NM station is
specified, if the IP address changes (for example, the NM station changes its location, or IP
addresses are reallocated due to network adjustment), you need to change the IP address of the
NM station in the ACL. Otherwise, the NM station cannot access the device.
1.2.4 (Optional) Enabling the SNMP Extended Error Code Function
This section describes how to enable the extended SNMP error code function when both the NM
station and managed device are Huawei products. After this function is enabled, more types of
error codes are provided to help you locate and rectify faults more quickly and accurately.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
snmp-agent extend error-code enable
The SNMP extended error code function is enabled.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
By default, SNMP standard error codes are used. After the extended error code function is
enabled, extended error codes can be sent to the NM station.
----End
1.2.5 (Optional) Configuring the Trap Function
This section describes how to specify the alarms to be sent to the NM station, which will help
you to locate important problems. After relevant parameters are set, the security of alarm sending
can be improved.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
snmp-agent trap enable
Alarm sending is enabled.
NOTE
If the snmp-agent trap enable command is run to enable the trap functions of all modules, or the snmpagent trap enable feature-name command is run to enable three or more trap functions of a module, note
the following points:
l To disable the trap functions of all modules, you need to run the snmp-agent trap disable command.
l To restore the trap functions of all modules to the default status, you need to run the undo snmp-agent
trap enable or undo snmp-agent trap disable command.
l To disable one trap function of a module, you need to run the undo snmp-agent trap enable featurename command.
Step 3 Run:
snmp-agent trap enable feature-name feature-name trap-name trap-name
A trap function of a feature module is enabled. This means that an alarm of a specified feature
can be sent to the NM station.
The undo snmp-agent trap enable feature-name command can be used to disable a trap
function of a module.
Step 4 Run:
snmp-agent trap source interface-type interface-number
The source interface for trap messages is specified.
After the source interface is specified, its IP address becomes the source IP address of trap
messages. Configuring the IP address of the local loopback interface as the source interface is
recommended, which can ensure device security.
The source interface specified on the switch for trap messages must be consistent with that
specified on the NM station; otherwise, the NM station will not accept the trap messages sent
from the switch.
Step 5 Run:
snmp-agent trap queue-size size
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
The length of the queue storing trap messages to be sent to the destination host is set.
The queue length depends on the number of generated trap messages. If the switch frequently
generates trap messages, a longer queue length can be set to prevent trap messages from being
lost.
Step 6 Run:
snmp-agent trap life seconds
The lifetime of every trap message is set.
The lifetime of every trap message depends on the number of generated trap messages. If the
switch frequently generates trap messages, a longer lifetime can be set for every trap message
to prevent trap messages from being lost.
----End
1.2.6 (Optional) Configuring the Constant Interface Index Feature
This section describes how to configure the constant interface index feature. This feature allows
some interface indexes remain unchanged in the case of interface deletion or addition, system
restart, or hardware or software configuration change to meet the need of some functions such
as accounting and fault diagnosis that require fixed interfaces.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ifindex constant
The constant interface index feature is enabled.
After the feature is enabled, the indexes for all the existing interfaces and newly created interfaces
are fixed. If the system needs to restart, the save command must be run to save interface
configurations; otherwise, the interface indexes will change after the system is restarted.
Step 3 Run:
set constant-ifindex max-number number
The maximum number of interfaces indexed by fixed numbers is set.
If interfaces are frequently added or deleted during system operation, the interface index file
stored in the device may have a great size and consume too many system resources. Setting the
maximum number of interfaces indexed by fixed numbers can prevent the interface index file
from exceeding an expected size.
After the maximum number of interfaces indexed by fixed numbers is set, the system will allocate
fixed indexes to interfaces within the specified value range. If the specified value is smaller than
the number of interfaces configured on the device, the system allocates fixed interface indexes
to the interfaces enabled earlier. The interfaces enabled later are not indexed by fixed numbers.
By default, a maximum of 131070 interfaces can be indexed by fixed numbers. If the value is
set to 0, no interfaces will be indexed by fixed numbers.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
14
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
Step 4 Run:
set constant-ifindex subinterface { dense-mode | sparse-mode }
The memory distribution mode for the sub-interface index is set.
When a sub-interface is created, the system generates an index image file for the sub-interface
in the memory in a specified mode. You may use various sub-interface numbering modes, such
as the continuous mode or the discontinuous mode. In real-world situations, one of the following
distribution modes can be used as needed:
l Sparse mode: applies to discontinuous sub-interface numbering.
l Dense mode: applies to continuous sub-interface numbering.
----End
1.2.7 Checking the Configuration
After SNMPv1 functions are configured, you can view the SNMPv1 configurations.
Prerequisite
The configurations of basic SNMPv1 functions are complete.
Procedure
l
Run the display snmp-agent community command to check the configured community
name.
l
Run the display snmp-agent sys-info version command to check the enabled SNMP
version.
l
Run the display acl acl-number command to check the rules in the specified ACL.
l
Run the display snmp-agent mib-view command to check the MIB view.
l
Run the display snmp-agent sys-info contact command to check the equipment
administrator's contact information.
l
Run the display snmp-agent sys-info location command to check the location of the
device.
l
Run the display snmp-agent target-host command to check the information about the
target host.
l
Run the display snmp-agent extend error-code status command to check whether the
SNMP extended error code feature is enabled.
l
Run the display constant-ifindex configuration command to check the constant interface
index function and relevant configuration information.
----End
1.3 Configuring a Device to Communicate with an NM
Station by Running SNMPv2c
After SNMPv2c is configured, a managed device and an NM station can run SNMPv2c to
communicate with each other. To ensure normal communication, you need to configure both
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
15
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
The NM station manages a device in the following manners:
l
Sends requests to the managed device to perform the GetRequest, GetNextRequest,
GetResponse, GetBulk, or SetRequest operation, obtaining data and setting values.
l
Receives alarms from the managed device and locates and rectify device faults based on
the alarm information.
In the following configuration, after basic SNMP functions are configured, the NM station can
manage the device in these manners. For details on how to configure finer management such as
accurate access control or alarm module specification, see the following configuration
procedures.
1.3.1 Establishing the Configuration Task
Before configuring a device to communicate with an NM station by running SNMPv2c,
familiarize yourself with the applicable environment, complete the pre-configuration tasks, and
obtain the data required for the configuration. This will help you complete the configuration task
quickly and accurately.
Applicable Environment
SNMP needs to be deployed in a network to allow the NM station to manage network devices.
If your network is a large scale with many devices and its security requirements are not strict or
its security is good (for example, a VPN network) but services on the network are so busy that
traffic congestion may occur, SNMPv2c can be deployed to ensure communication between the
NM station and managed devices.
Pre-configuration Tasks
Before configuring a device to communicate with an NM station by running SNMPv2c, complete
the following task:
l
Configuring a routing protocol to ensure that the switch and NM station are routable
Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv2c, you
need the following data.
Issue 01 (2011-10-26)
No.
Data
1
SNMP version, SNMP community name, address of the alarm destination host,
administrator's contact information and location, and SNMP packet size
2
(Optional) ACL number, IP address of the NM station, MIB object
3
(Optional) Name of the alarm-sending module, source address of trap messages,
queue length for trap messages, lifetime of trap messages, expiry time of informs,
allowable number of inform retransmissions, allowable maximum number of informs
to be acknowledged, aging time of log messages, and allowable maximum number
of log messages about the trap and inform events in the log buffer
4
(Optional) Number of interfaces indexed by fixed numbers
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
16
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
1.3.2 Configuring Basic SNMPv2c Functions
After basic SNMP functions are configured, an NM station can perform basic operations such
as Get and Set operations on a managed device, and the managed device can send alarms to the
NM station.
Context
Steps 3, 4, and 5 are mandatory for the configuration of basic SNMP functions. After the
configurations, basic SNMP communication can be conducted between the NM station and
managed device.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 (Optional) Run:
snmp-agent
The SNMP agent function is enabled.
By default, the SNMP agent function is disabled. Running any command with the parameter
snmp-agent can enable the SNMP agent function, so this step is optional.
Step 3 Run:
snmp-agent sys-info version v2c
The SNMP version is set.
By default, SNMPv3 is enabled.
After SNMPv2c is enabled on the managed device, the device supports both SNMPv2c and
SNMPv3. This means that the device can be monitored and managed by NM stations running
SNMPv2c and SNMPv3.
Step 4 Run:
snmp-agent community { read | write } community-name
The community name is set.
After the community name is set, if no MIB view is configured, the NM station that uses the
community name has rights to access objects in the Viewdefault view (1.3.6.1).
l read needs to be configured in the command if the NM station administrator needs the read
permission in a specified view in some cases. For example, a low-level administrator needs
to read certain data.
l write needs to be configured in the command if the NM station administrator needs the read
and write permissions in a specified view in some cases. For example, a high-level
administrator needs to read and write certain data.
Step 5 Choose one of the following commands as needed to configure the destination IP address for
the alarms and error codes sent from the device.
l If the network is an IPv4 network, configure the device to send either traps or informs to the
NM station.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
17
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
NOTE
The differences between traps and informs are as follows:
l The traps sent by the managed device do not need to be acknowledged by the NM station.
l The informs sent by the managed device need to be acknowledged by the NM station. If no
acknowledgement message from the NM station is received within a specified time period, the
managed device will resend the inform until the number of retransmissions reaches the maximum.
When the managed device sends an inform, it records the inform in the log. If the NM station and
link between the NM station and managed device recovers from a fault, the NM station can still
learn the inform sent during the fault occurrence and rectification.
In this regard, informs are more reliable than traps, but the device may need to buffer a lot of informs
because of the inform retransmission mechanism and this may consume many memory resources.
If the network is stable, using traps is recommended. If the network is unstable and the device's memory
capacity is sufficient, using informs is recommended.
– To configure a destination IP address for the traps and error codes sent from the device,
run:
snmp-agent target-host trap address udp-domain ip-address [ udp-port portnumber ] [ public-net | vpn-instance vpn-instance-name ] params securityname
security-string [ v2c ] [ private-netmanager | ext-vb ]*
– To configure a destination IP address for the informs and error codes sent from the device,
run:
snmp-agent target-host inform address udp-domain ip-address [ udp-port portnumber ] [ vpn-instance vpn-instance-name ] params securityname securitystring v2c [ ext-vb ]
The descriptions of the command parameters are as follows:
l The default destination UDP port number is 162. In some special cases (for example, port
mirroring is configured to prevent a well-known port from being attacked), the parameter
udp-port can be used to specify a non-well-known UDP port number. This ensures normal
communication between the NM station and managed device.
l If the alarms sent from the managed device to the NM station need to be transmitted over a
public network, the parameter public-net needs to be configured. If the alarms sent from the
managed device to the NM station need to be transmitted over a private network, the
parameter vpn-instance vpn-instance-name needs to be used to specify a VPN that will take
over the sending task.
l The parameter securityname identifies the alarm sender, which will help you learn the alarm
source.
l If the NM station and managed device are both Huawei products, the parameter privatenetmanager can be configured to add more information to alarms, such as the alarm type,
alarm sequence number, and alarm sending time. The information will help you locate and
rectify faults more quickly.
l The ext-vb parameter sets extended bound variables for traps sent to the target host. By
default, the traps sent to the target host do not carry extended bound variables.
NOTE
An IPv6 network supports only traps, not informs.
Step 6 (Optional) Run:
snmp-agent sys-info { contact contact | location location }
The equipment administrator's contact information or location is configured.
This step is needed if the NM station administrator needs to know equipment administrators'
contact information and locations when the NM station manages many devices. This will allow
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
18
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
the NM station administrator to quickly contact the equipment administrators for fault location
and rectification.
To configure both the equipment administrator's contact information and location, you need to
run the command twice to configure them separately.
Step 7 (Optional) Run:
snmp-agent packet max-size byte-count
The maximum size of an SNMP packet that the device can receive or send is set.
By default, the maximum size of an SNMP packet that the device can receive or send is 12000
bytes.
After the maximum size is set, the device will discard any SNMP packet that is larger than the
set size. The allowable maximum size of an SNMP packet for a device depends on the size of a
packet that the NM station can process; otherwise, the NM station cannot process the SNMP
packets sent from the device.
----End
Follow-up Procedure
After the configurations are complete, basic communication can be conducted between the NM
station and managed device.
l
Access control allows any NM station that uses the community name to monitor and manage
all the objects on the managed device.
l
The managed device sends alarms generated by the modules that are open by default to the
NM station.
If finer device management is required, follow directions below to configure the managed
device:
l
To allow a specified NM station that uses the community name to manage specified objects
of the device, follow the procedure described in Controlling the NM Station's Access to
the Device.
l
To allow a specified module on the managed device to report alarms to the NM station,
follow the procedure described in Configuring the Trap FunctionConfiguring the Trap
Function.
l
If the NM station and managed device are both Huawei products, follow the procedure
described in Enabling the SNMP Extended Error Code Function to allow the device to
send more types of error codes. This allows more specific error identification and facilitates
your fault location and rectification.
l
If the functions such as accounting and fault location need to be bound to specified
interfaces to prevent changes in interface indexes during device or interface restart, follow
the procedure described in Configuring the Constant Interface Index Feature.
1.3.3 (Optional) Controlling the NM Station's Access to the Device
This section describes how to specify an NM station and manageable MIB objects for SNMPbased communication between the NM station and managed device to improve communication
security.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
19
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
Context
If a device is managed by multiple NM stations that use the same community name, note the
following points:
l
If all the NM stations that use the community name need to have rights to access the objects
in the Viewdefault view (1.3.6.1), skip the following steps.
l
If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), skip Step 5.
l
If all the NM stations need to manage specified objects on the device, skip Steps 2, 3, and
4.
l
If some of the NM stations that use the community name need to manage specified objects
on the device, perform all the following steps.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl acl-number
A basic ACL is created to filter the NM station users that can manage the device.
Step 3 Run:
rule [ rule-id ] { deny | permit } source { source-ip-address source-wildcard |
any }
A rule is added to the ACL.
Step 4 Run:
quit
Return to the system view.
Step 5 Run:
snmp-agent mib-view { excluded | included } view-name oid-tree
A MIB view is created, and manageable MIB objects are specified.
By default, an NM station has rights to access the objects in the Viewdefault view (1.3.6.1).
l If a few MIB objects on a device or some objects in the current MIB view do not or no longer
need to be managed by the NM station, excluded needs to be specified in the related command
to exclude these MIB objects.
l If a few MIB objects on the device or some objects in the current MIB view need to be
managed by the NM station, included needs to be specified in the related command to include
these MIB objects.
Step 6 Run:
snmp-agent community { read | write } { community-name | cipher community-name } [
mib-view view-name | acl acl-number ]*
The NM station's access rights are specified.
l read needs to be configured in the command if the NM station administrator needs the read
permission in the specified view in some cases. For example, a low-level administrator needs
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
20
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
to read certain data. write needs to be configured in the command if the NM station
administrator needs the read and write permissions in the specified view in some cases. For
example, a high-level administrator needs to read and write certain data.
l cipher is used to display the community name in cipher text. It can be configured in the
command to improve security. If the parameter is configured, the administrator needs to
remember the community name. If the community name is forgotten, it cannot be obtained
by querying the device.
l If some of the NM stations that use the community name need to have rights to access the
objects in the Viewdefault view (1.3.6.1), mib-view view-name does not need to be
configured in the command.
l If all the NM stations that use the community name need to manage specified objects on the
device, acl acl-number does not need to be configured in the command.
l If some of the NM stations that use the community name need to manage specified objects
on the device, both mib-view and acl need to be configured in the command.
----End
Follow-up Procedure
After the access rights are configured, especially after the IP address of the NM station is
specified, if the IP address changes (for example, the NM station changes its location, or IP
addresses are reallocated due to network adjustment), you need to change the IP address of the
NM station in the ACL. Otherwise, the NM station cannot access the device.
1.3.4 (Optional) Enabling the SNMP Extended Error Code Function
This section describes how to enable the extended SNMP error code function when both the NM
station and managed device are Huawei products. After this function is enabled, more types of
error codes are provided to help you locate and rectify faults more quickly and accurately.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
snmp-agent extend error-code enable
The SNMP extended error code function is enabled.
By default, SNMP standard error codes are used. After the extended error code function is
enabled, extended error codes can be sent to the NM station.
----End
1.3.5 (Optional) Configuring the Trap Function
This section describes how to specify the alarms to be sent to the NM station, which will help
you to locate important problems. After relevant parameters are set, the security of alarm sending
can be improved.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
21
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
snmp-agent trap enable
Alarm sending is enabled.
NOTE
If the snmp-agent trap enable command is run to enable the trap functions of all modules, or the snmpagent trap enable feature-name command is run to enable three or more trap functions of a module, note
the following points:
l To disable the trap functions of all modules, you need to run the snmp-agent trap disable command.
l To restore the trap functions of all modules to the default status, you need to run the undo snmp-agent
trap enable or undo snmp-agent trap disable command.
l To disable one trap function of a module, you need to run the undo snmp-agent trap enable featurename command.
Step 3 Run:
snmp-agent trap enable feature-name feature-name trap-name trap-name
A trap function of a feature module is enabled. This means that an alarm of a specified feature
can be sent to the NM station.
The undo snmp-agent trap enable feature-name feature-name trap-name trap-name
command can be used to disable a trap function of a module.
Step 4 Configure trap function parameters based on the trap usage or inform usage selected during the
configuration of basic SNMPv2c functions.
If traps are used, follow the procedure described in Configuring trap parameters; if informs
are used, follow the procedure described in Configuring inform parameters.
Configuring trap parameters:
1.
Run:
snmp-agent trap source interface-type interface-number
The source interface for trap messages is specified.
After the source interface is specified, its IP address becomes the source IP address of trap
messages. Configuring the IP address of the local loopback interface as the source interface
is recommended, which can ensure device security.
The source interface specified on the switch for trap messages must be consistent with that
specified on the NM station; otherwise, the NM station will not accept the trap messages
sent from the switch.
2.
Run:
snmp-agent trap queue-size size
The length of the queue storing trap messages to be sent to the destination host is set.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
22
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
The queue length depends on the number of generated trap messages. If the switch
frequently generates trap messages, a longer queue length can be set to prevent trap
messages from being lost.
3.
Run:
snmp-agent trap life seconds
The lifetime of every trap message is set.
The lifetime of every trap message depends on the number of generated trap messages. If
the switch frequently generates trap messages, a longer lifetime can be set for every trap
message to prevent trap messages from being lost.
Configuring inform parameters:
1.
Run:
snmp-agent inform { timeout seconds | resend-times times | pending number }*
The timeout period for waiting for Inform ACK messages, number of inform
retransmissions, and allowable maximum number of informs to be acknowledged are set.
If the network is unstable, you need to specify the number of inform retransmissions and
allowable maximum number of informs to be acknowledged when you set a timeout period
for waiting for Inform ACK messages. By default, the timeout period for waiting for Inform
ACK messages is 15 seconds; the number of inform retransmissions is 3; the allowable
maximum number of informs waiting to be acknowledged is 39.
Setting the number of inform retransmissions to a value smaller than or equal to 10 is
recommended. Otherwise, device performance will be affected.
2.
Run:
snmp-agent inform { timeout seconds | resend-times times } *address udpdomain ip-address[ vpn-instance vpn-instance-name ] params securityname
security-string
The timeout period for waiting for Inform ACK messages from a specified NM station and
the number of inform retransmissions are set.
If the network is unstable, you need to specify the number of inform retransmissions and
allowable maximum number of informs to be acknowledged when you set a timeout period
for waiting for Inform ACK messages. By default, the timeout period for waiting for Inform
ACK messages is 15 seconds, and the number of inform retransmissions is 3.
Setting the number of inform retransmissions to a value smaller than or equal to 10 is
recommended. Otherwise, device performance will be affected.
3.
Run:
snmp-agent notification-log enable
The alarm logging function is enabled.
If the link between the switch and the NM station fails, the switch will stop sending informs
to the NM station because the NM station is unroutable but the switch will continue logging
informs. If the link recovers, the NM station will learn the informs logged by the switch
during the link failure.
After the alarm logging function is enabled, the system logs only informs, not traps.
By default, the alarm logging function is disabled.
4.
Issue 01 (2011-10-26)
Run:
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
23
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
snmp-agent notification-log { global-ageout ageout | global-limit limit }*
The aging time of alarm logs and maximum number of alarm logs allowed to be stored in
the log buffer are set.
By default, the aging time of alarm logs is 24 hours. If the aging time expires, alarms logs
will be automatically deleted.
By default, the log buffer can store a maximum of 500 alarm logs. If the number of alarm
logs in the log buffer exceeds 500, the device will delete the alarm logs from the earliest
one.
----End
1.3.6 (Optional) Configuring the Constant Interface Index Feature
This section describes how to configure the constant interface index feature. This feature allows
some interface indexes remain unchanged in the case of interface deletion or addition, system
restart, or hardware or software configuration change to meet the need of some functions such
as accounting and fault diagnosis that require fixed interfaces.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ifindex constant
The constant interface index feature is enabled.
After the feature is enabled, the indexes for all the existing interfaces and newly created interfaces
are fixed. If the system needs to restart, the save command must be run to save interface
configurations; otherwise, the interface indexes will change after the system is restarted.
Step 3 Run:
set constant-ifindex max-number number
The maximum number of interfaces indexed by fixed numbers is set.
If interfaces are frequently added or deleted during system operation, the interface index file
stored in the device may have a great size and consume too many system resources. Setting the
maximum number of interfaces indexed by fixed numbers can prevent the interface index file
from exceeding an expected size.
After the maximum number of interfaces indexed by fixed numbers is set, the system will allocate
fixed indexes to interfaces within the specified value range. If the specified value is smaller than
the number of interfaces configured on the device, the system allocates fixed interface indexes
to the interfaces enabled earlier. The interfaces enabled later are not indexed by fixed numbers.
By default, a maximum of 131070 interfaces can be indexed by fixed numbers. If the value is
set to 0, no interfaces will be indexed by fixed numbers.
Step 4 Run:
set constant-ifindex subinterface { dense-mode | sparse-mode }
The memory distribution mode for the sub-interface index is set.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
24
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
When a sub-interface is created, the system generates an index image file for the sub-interface
in the memory in a specified mode. You may use various sub-interface numbering modes, such
as the continuous mode or the discontinuous mode. In real-world situations, one of the following
distribution modes can be used as needed:
l Sparse mode: applies to discontinuous sub-interface numbering.
l Dense mode: applies to continuous sub-interface numbering.
----End
1.3.7 Checking the Configuration
After SNMPv2c functions are configured, you can view the SNMPv2c configurations.
Prerequisite
The configurations of basic SNMPv2c functions are complete.
Procedure
l
Run the display snmp-agent community command to check the configured community
name.
l
Run the display snmp-agent sys-info version command to check the enabled SNMP
version.
l
Run the display acl acl-number command to check the rules in the specified ACL.
l
Run the display snmp-agent mib-view command to check the MIB view.
l
Run the display snmp-agent sys-info contact command to check the equipment
administrator's contact information.
l
Run the display snmp-agent sys-info location command to check the location of the
device.
l
Run the display snmp-agent target-host command to check information about the target
host.
l
Run the display snmp-agent inform [ address udp-domain ip-address [ vpn-instance
vpn-instance-name ] params securityname security-string ] command to check inform
parameters and device statistics with the NM station being specified or not.
l
Run the display snmp-agent notification-log info command to check alarm logs stored
in the log buffer.
l
Run the display snmp-agent extend error-code status command to check whether the
SNMP extended error code feature is enabled.
l
Run the display constant-ifindex configuration command to check the constant interface
index function and relevant configuration information.
----End
1.4 Configuring a Device to Communicate with an NM
Station by Running SNMPv3
After SNMPv3 is configured, a managed device and an NM station can run SNMPv3 to
communicate with each other. To ensure normal communication, you need to configure both
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
25
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
sides. This section describes only the configurations on a managed device (the agent side). For
details about configurations on an NM station, see the pertaining NM station operation guide.
The NM station manages a device in the following manners:
l
Sends requests to the managed device to perform the GetRequest, GetNextRequest,
GetResponse, GetBulk, or SetRequest operation, obtaining data and setting values.
l
Receives alarms from the managed device and locates and rectify device faults based on
the alarm information.
In the following configuration, after basic SNMP functions are configured, the NM station can
manage the device in these manners. For details on how to configure finer management such as
accurate access control or alarm module specification, see the following configuration
procedures.
1.4.1 Establishing the Configuration Task
Before configuring a device to communicate with an NM station by running SNMPv3,
familiarize yourself with the applicable environment, complete the pre-configuration tasks, and
obtain the data required for the configuration. This will help you complete the configuration task
quickly and accurately.
Applicable Environment
SNMP needs to be deployed in a network to allow the NM station to manage network devices.
Assume your network has a strict requirement on security, only authorized administrators can
manage network devices, and the security and accuracy of transmitted network data need to be
ensured. For example, the data between the NM station and managed devices is transmitted over
a public network. In this case, SNMPv3 can be deployed. The authentication and encryption
functions provided by SNMPv3 ensure the security of data sending and normal communication
between the NM station and managed devices.
Pre-configuration Tasks
Before configuring a device to communicate with an NM station by running SNMPv3, complete
the following task:
l
Configuring a routing protocol to ensure that the switch and NM station are routable
Data Preparation
Before configuring a device to communicate with an NM station by running SNMPv3, you need
the following data.
Issue 01 (2011-10-26)
No.
Data
1
SNMP version, user name and user group name, address of the alarm destination host,
administrator's contact information and location, and SNMP packet size
2
(Optional) ACL number, IP address of the NM station, and MIB object
3
(Optional) Name of the alarm-sending module, source address of trap messages,
queue length for trap messages, and lifetime of trap messages
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
26
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
No.
Data
4
(Optional) Number of interfaces indexed by fixed numbers
1 SNMP Configuration
1.4.2 Configuring Basic SNMPv3 Functions
After basic SNMP functions are configured, an NM station can perform basic operations such
as Get and Set operations on a managed device, and the managed device can send alarms to the
NM station.
Context
Steps 4, 5, and 6 are mandatory for the configuration of basic SNMP functions. After the
configurations, basic SNMP communication can be conducted between the NM station and
managed device.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 (Optional) Run:
snmp-agent
The SNMP agent function is enabled.
By default, the SNMP agent function is disabled. Running any command with the parameter
snmp-agent can enable the SNMP agent function, so this step is optional.
Step 3 (Optional) Run:
snmp-agent sys-info version v3
The SNMP version is set.
By default, SNMPv3 is enabled. So, this step is optional.
Step 4 Run:
snmp-agent group v3 group-name [ authentication | privacy ]
An SNMPv3 user group is configured.
If the network or network devices are in an environment lacking security (for example, the
network is vulnerable to attacks), authentication or privacy can be configured in the command
to enable data authentication or encryption.
The available authentication and encryption modes are as follows:
l No authentication and no encryption: authentication and privacy are not configured in the
command. This mode is applicable to secure networks managed by a specified administrator.
l Authentication without encryption: Only authentication is configured in the command. This
mode is applicable to secure networks managed by many administrators who may frequently
perform operations on the same device. In this mode, only the authenticated administrators
can access the managed device.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
27
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
l Authentication and encryption: privacy is configured in the command. This mode is
applicable to insecure networks managed by many administrators who may frequently
perform operations on the same device. In this mode, only the authenticated administrators
can access the managed device, and transmitted data is encrypted to guard against
interception and data leaking.
Step 5 Run:
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha }
password [ privacy-mode des56 password ] ]
A user is added to the SNMPv3 user group.
After a user is added to the user group, the NM station that uses the name of the user can access
the objects in the Viewdefault view (1.3.6.1).
If authentication and encryption have been enabled for the user group, the following
authentication and encryption modes can be configured for the data transmitted on the network.
l Authentication mode
– Message Digest 5 (MD5): generates a 128-bit message digest for an input message of any
length.
– Secure Hash Algorithm (SHA-1): generates a 160-bit message digest for an input message
of less than 264 bits.
MD5 is faster than SHA-1, but is considered less secure.
l Encryption mode
DES uses a 56-bit key to encrypt a 64-bit plain text block.
Step 6 Choose one of the following commands as needed to configure the destination IP address for
the alarms and error codes sent from the device.
l To configure a destination IPv4 address for the alarms and error codes sent from the device,
run:
snmp-agent target-host trap address udp-domain ip-address [ udp-port portnumber ] [ public-net | vpn-instance vpn-instance-name ] params securityname
security-string [ v3 [ authentication | privacy ] ] [ private-netmanager | extvb ]*
The descriptions of the command parameters are as follows:
l The default destination UDP port number is 162. In some special cases (for example, port
mirroring is configured to prevent a well-known port from being attacked), the parameter
udp-port can be used to specify a non-well-known UDP port number. This ensures normal
communication between the NM station and managed device.
l If the alarms sent from the managed device to the NM station need to be transmitted over a
public network, the parameter public-net needs to be configured. If the alarms sent from the
managed device to the NM station need to be transmitted over a private network, the
parameter vpn-instance vpn-instance-name needs to be used to specify a VPN that will take
over the sending task.
l The parameter securityname identifies the alarm sender, which will help you learn the alarm
source.
l If the NM station and managed device are both Huawei products, the parameter privatenetmanager can be configured to add more information to alarms, such as the alarm type,
alarm sequence number, and alarm sending time. The information will help you locate and
rectify faults more quickly.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
28
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
l The ext-vb parameter sets extended bound variables for traps sent to the target host. By
default, the traps sent to the target host do not carry extended bound variables.
Step 7 (Optional) Run:
snmp-agent sys-info { contact contact | location location }
The equipment administrator's contact information or location is configured.
This step is needed if the NM station administrator needs to know equipment administrators'
contact information and locations when the NM station manages many devices. This will allow
the NM station administrator to quickly contact the equipment administrators for fault location
and rectification.
To configure both the equipment administrator's contact information and location, you need to
run the command twice to configure them separately.
Step 8 (Optional) Run:
snmp-agent packet max-size byte-count
The maximum size of an SNMP packet that the device can receive or send is set.
By default, the maximum size of an SNMP packet that the device can receive or send is 12000
bytes.
After the maximum size is set, the device will discard any SNMP packet that is larger than the
set size. The allowable maximum size of an SNMP packet for a device depends on the size of a
packet that the NM station can process; otherwise, the NM station cannot process the SNMP
packets sent from the device.
----End
Follow-up Procedure
After the configurations are complete, basic communication can be conducted between the NM
station and managed device.
l
Access control allows any NM station in the configured SNMPv3 user group to monitor
and manage all the objects on the managed device.
l
The managed device sends alarms generated by the modules that are open by default to the
NM station.
If finer device management is required, follow directions below to configure the managed
device:
l
To allow a specified NM station in an SNMPv3 user group to manage specified objects of
the device, follow the procedure described in Controlling the NM Station's Access to the
Device.
l
To allow a specified module on the managed device to report alarms to the NM station,
follow the procedure described in Configuring the Trap Function.
l
If the NM station and managed device are both Huawei products, follow the procedure
described in Enabling the SNMP Extended Error Code Function to allow the device to
send more types of error codes. This allows more specific error identification and facilitates
your fault location and rectification.
l
If the functions such as accounting and fault location need to be bound to specified
interfaces to prevent changes in interface indexes during device or interface restart, follow
the procedure described in Configuring the Constant Interface Index Feature.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
29
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
1.4.3 (Optional) Controlling the NM Station's Access to the Device
This section describes how to specify an NM station and manageable MIB objects for SNMPv3based communication between the NM station and managed device to improve communication
security.
Context
If a device is managed by multiple NM stations that are in the same SNMPv3 user group, note
the following points:
l
If all the NM stations need to have rights to access the objects in the Viewdefault view
(1.3.6.1), skip the following steps.
l
If some of the NM stations need to have rights to access the objects in the Viewdefault view
(1.3.6.1), skip Step 5.
l
If all the NM stations need to manage specified objects on the device, skip Steps 2, 3, and
4.
l
If some of the NM stations need to manage specified objects on the device, perform all the
following steps.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl acl-number
A basic ACL is created to filter the NM station users that can manage the device.
Step 3 Run:
rule [ rule-id ] { deny | permit } source { source-ip-address source-wildcard |
any }
A rule is added to the ACL.
Step 4 Run:
quit
Return to the system view.
Step 5 Run:
snmp-agent mib-view { excluded | included } view-name oid-tree
A MIB view is created, and manageable MIB objects are specified.
By default, an NM station has rights to access the objects in the Viewdefault view (1.3.6.1).
l If a few MIB objects on the device or some objects in the current MIB view do not or no
longer need to be managed by the NM station, excluded needs to be specified in the command
to exclude these MIB objects.
l If a few MIB objects on the device or some objects in the current MIB view need to be
managed by the NM station, included needs to be specified in the command to include these
MIB objects.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
30
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
Step 6 Run:
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view
| write-view write-view | notify-view notify-view ]* [ acl acl-number ]
The read and write permissions are configured for the user group.
l read-view needs to be configured in the command if the NM station administrator needs the
read permission in the specified view in some cases. For example, a low-level administrator
needs to read certain data. write-view needs to be configured in the command if the NM
station administrator needs the read and write permissions in the specified view in some
cases. For example, a high-level administrator needs to read and write certain data.
l notify-view notify-view needs to be configured in the command if you want to filter out
irrelevant alarms and configure the managed device to send only the alarms of specified MIB
objects to the NM station. If the parameter is configured, only the alarms of the MIB objects
specified by notify-view will be sent to the NM station.
l authentication or privacy can be configured in the command to improve security. If
authentication is configured, only authentication is performed. If privacy is configured,
both authentication and encryption are performed. For details, see the authentication and
encryption selection guide.
l If some NM stations that are in the same SNMPv3 user group need to have rights to access
the objects in the Viewdefault view (1.3.6.1), [ read-view read-view | write-view writeview | notify-view notify-view ] does not need to be configured in the command.
l If all the NM stations that are in the same SNMPv3 user group need to manage specified
objects on the device, acl acl-number does not need to be configured in the command.
l If some of the NM stations that are in the same SNMPv3 user group need to manage specified
objects on the device, both the MIB view and ACL need to be configured in the command.
----End
Follow-up Procedure
After the access rights are configured, especially after the IP address of the NM station is
specified, if the IP address changes (for example, the NM station changes its location, or IP
addresses are reallocated due to network adjustment), you need to change the IP address of the
NM station in the ACL. Otherwise, the NM station cannot access the device.
1.4.4 (Optional) Enabling the SNMP Extended Error Code Function
This section describes how to enable the extended SNMP error code function when both the NM
station and managed device are Huawei products. After this function is enabled, more types of
error codes are provided to help you locate and rectify faults more quickly and accurately.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
snmp-agent extend error-code enable
The SNMP extended error code function is enabled.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
31
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
By default, SNMP standard error codes are used. After the extended error code function is
enabled, extended error codes can be sent to the NM station.
----End
1.4.5 (Optional) Configuring the Trap Function
This section describes how to specify the alarms to be sent to the NM station, which will help
you to locate important problems. After relevant parameters are set, the security of alarm sending
can be improved.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
snmp-agent trap enable
Alarm sending is enabled.
NOTE
If the snmp-agent trap enable command is run to enable the trap functions of all modules, or the snmpagent trap enable feature-name command is run to enable three or more trap functions of a module, note
the following points:
l To disable the trap functions of all modules, you need to run the snmp-agent trap disable command.
l To restore the trap functions of all modules to the default status, you need to run the undo snmp-agent
trap enable or undo snmp-agent trap disable command.
l To disable one trap function of a module, you need to run the undo snmp-agent trap enable featurename command.
Step 3 Run:
snmp-agent trap enable feature-name feature-name trap-name trap-name
A trap function of a feature module is enabled. This means that an alarm of a specified feature
can be sent to the NM station.
The undo snmp-agent trap enable feature-name command can be used to disable a trap
function of a module.
Step 4 Run:
snmp-agent trap source interface-type interface-number
The source interface for trap messages is specified.
After the source interface is specified, its IP address becomes the source IP address of trap
messages. Configuring the IP address of the local loopback interface as the source interface is
recommended, which can ensure device security.
The source interface specified on the switch for trap messages must be consistent with that
specified on the NM station; otherwise, the NM station will not accept the trap messages sent
from the switch.
Step 5 Run:
snmp-agent trap queue-size size
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
32
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
The length of the queue storing trap messages to be sent to the destination host is set.
The queue length depends on the number of generated trap messages. If the switch frequently
generates trap messages, a longer queue length can be set to prevent trap messages from being
lost.
Step 6 Run:
snmp-agent trap life seconds
The lifetime of every trap message is set.
The lifetime of every trap message depends on the number of generated trap messages. If the
switch frequently generates trap messages, a longer lifetime can be set for every trap message
to prevent trap messages from being lost.
----End
1.4.6 (Optional) Configuring the Constant Interface Index Feature
This section describes how to configure the constant interface index feature. This feature allows
some interface indexes remain unchanged in the case of interface deletion or addition, system
restart, or hardware or software configuration change to meet the need of some functions such
as accounting and fault diagnosis that require fixed interfaces.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ifindex constant
The constant interface index feature is enabled.
After the feature is enabled, the indexes for all the existing interfaces and newly created interfaces
are fixed. If the system needs to restart, the save command must be run to save interface
configurations; otherwise, the interface indexes will change after the system is restarted.
Step 3 Run:
set constant-ifindex max-number number
The maximum number of interfaces indexed by fixed numbers is set.
If interfaces are frequently added or deleted during system operation, the interface index file
stored in the device may have a great size and consume too many system resources. Setting the
maximum number of interfaces indexed by fixed numbers can prevent the interface index file
from exceeding an expected size.
After the maximum number of interfaces indexed by fixed numbers is set, the system will allocate
fixed indexes to interfaces within the specified value range. If the specified value is smaller than
the number of interfaces configured on the device, the system allocates fixed interface indexes
to the interfaces enabled earlier. The interfaces enabled later are not indexed by fixed numbers.
By default, a maximum of 131070 interfaces can be indexed by fixed numbers. If the value is
set to 0, no interfaces will be indexed by fixed numbers.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
33
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
Step 4 Run:
set constant-ifindex subinterface { dense-mode | sparse-mode }
The memory distribution mode for the sub-interface index is set.
When a sub-interface is created, the system generates an index image file for the sub-interface
in the memory in a specified mode. You may use various sub-interface numbering modes, such
as the continuous mode or the discontinuous mode. In real-world situations, one of the following
distribution modes can be used as needed:
l Sparse mode: applies to discontinuous sub-interface numbering.
l Dense mode: applies to continuous sub-interface numbering.
----End
1.4.7 Checking the Configuration
After SNMPv3 functions are configured, you can view the SNMPv3 configurations.
Prerequisite
The configurations of basic SNMPv3 functions are complete.
Procedure
l
Run the display snmp-agent usm-user [ engineid engineid | group group-name |
username user-name ]* command to check user information.
l
Run the display snmp-agent sys-info version command to check the enabled SNMP
version.
l
Run the display acl acl-number command to check the rules in the specified ACL.
l
Run the display snmp-agent mib-view command to check the MIB view.
l
Run the display snmp-agent sys-info contact command to check the equipment
administrator's contact information.
l
Run the display snmp-agent sys-info location command to check the location of the
device.
l
Run the display snmp-agent target-host command to check the information about the
target host.
l
Run the display snmp-agent extend error-code status command to check whether the
SNMP extended error code feature is enabled.
l
Run the display constant-ifindex configuration command to check whether the constant
interface index function is enabled and the relevant configuration information.
----End
1.5 SNMP Configuration Examples
This section provides several configuration examples of SNMP. The configuration roadmap in
the examples will help you understand the configuration procedures. Each configuration
example provides information about the networking requirements, configuration notes, and
configuration roadmap.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
34
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
1.5.1 Example for Configuring a Device to Communicate with an
NM Station by Using SNMPv1
This section provides an example to describe how to configure a device to communicate with
an NM station by using SNMPv1 and how to specify the MIB objects that can be managed by
the NM station.
Networking Requirements
As shown in Figure 1-4, two NM stations (NMS1 and NMS2) and the switch are connected
across a public network. According to the network planning, NMS2 can manage every MIB
object except HGMP on the switch, and NMS1 does not manage the switch.
On the switch, only the modules that are enabled by default are allowed to send alarms to NMS2.
This prevents an excess of unwanted alarms from being sent to NMS2. Excessive alarms can
make faults location difficult.
Equipment administrator's contact information needs to be configured on the switch. This allows
the NMS administrator to contact the equipment administrator quickly if a fault occurs.
Figure 1-4 Networking diagram for configuring a device to communicate with an NM station
by using SNMPv1
GE0/0/1
VLANIF100
1.1.2.1/24
NMS1
1.1.1.1/24
IP Network
Switch
NMS2
1.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable the SNMP agent.
2.
Configure the switch to run SNMPv1.
3.
Configure an ACL to allow NMS2 to manage every MIB object except HGMP on the
switch.
4.
Configure the trap function to allow the switch to send alarms to NMS2.
5.
Configure the equipment administrator's contact information on the switch.
6.
Configure NMS2.
Data Preparation
To complete the configuration, you need the following data:
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
35
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
l
SNMP version
l
Community name
l
ACL number
l
IP address of the NM station
l
Equipment administrator's contact information
Procedure
Step 1 Configure available routes between the switch and the NM stations. Details for the configuration
procedure are not provided here.
Step 2 Enable the SNMP agent.
<Quidway> system-view
[Quidway] snmp-agent
Step 3 Configure the switch to run SNMPv1.
[Quidway] snmp-agent sys-info version v1
# Check the configured SNMP version.
[Quidway] display snmp-agent sys-info version
SNMP version running in the system:
SNMPv1 SNMPv3
Step 4 Configure the NM stations' access rights.
# Configure an ACL to allow NMS2 to manage and disallow NMS1 from managing the
switch.
[Quidway] acl 2001
[Quidway-acl-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
[Quidway-acl-basic-2001] rule 6 deny source 1.1.1.1 0.0.0.0
[Quidway-acl-basic-2001] quit
# Configure a MIB view and allow NMS2 to manage every MIB object except HGMP on the
switch.
[Quidway] snmp-agent mib-view excluded allexthgmp 1.3.6.1.4.1.2011.6.7
# Configure a community name to allow NMS2 to manage the objects in the MIB view.
[Quidway] snmp-agent community write adminnms2 mib-view allexthgmp acl 2001
Step 5 Configure the trap function.
[Quidway] snmp-agent
securityname 1.1.3.1
[Quidway] snmp-agent
[Quidway] snmp-agent
[Quidway] snmp-agent
target-host trap address udp-domain 1.1.1.2 params
trap source Loopback0
trap queue-size 200
trap life 60
Step 6 Configure the equipment administrator's contact information.
[Quidway] snmp-agent sys-info contact call Operator at 010-12345678
Step 7 Configure NMS2.
For details on how to configure NMS2, see the relevant NMS configuration guide.
Step 8 Verify the configuration.
After the configurations are complete, run the following commands to verify that the
configurations have taken effect.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
36
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
# Check information about the SNMP community name.
<Quidway> display snmp-agent community
Community name:adminnms2
Group name:adminnms2
Acl:2001
Storage-type: nonVolatile
# Check the configured ACL.
<Quidway> display acl 2001
Basic ACL 2001, 2 rules
Acl's step is 5
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
# Check the MIB view.
<Quidway> display snmp-agent mib-view viewname allexthgmp
View name:allexthgmp
MIB Subtree:hwCluster
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
# Check the target host.
<Quidway> display snmp-agent target-host
Target-host NO. 1
----------------------------------------------------------IP-address
: 1.1.1.2
Source interface : VPN instance
: Security name
: 1.1.3.1
Port
: 162
Type
: trap
Version
: v1
Level
: No authentication and privacy
NMS type
: NMS
-----------------------------------------------------------
# When an alarm is generated, run the display trapbuffer command to view the details.
<Quidway> display trapbuffer
Trapping buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , Channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 98
#Oct 11 2010 18:57:59 RouterA DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011
.5.25.191.3.1 configurations have been changed. The current change number is 95,
the change loop count is 0, and the maximum number of records is 4095.
# Check the equipment administrator's contact information.
<Quidway> display snmp-agent sys-info contact
The contact person for this managed node:
call Operator at 010-12345678
----End
Configuration Files
Configuration file of the switch
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
37
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
#
vlan batch 100
#
acl number 2001
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface LoopBack0
ip address 1.1.3.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
network 1.1.3.1 0.0.0.0
#
snmp-agent
snmp-agent local-engineid 000007DB7FFFFFFF00001AA7
snmp-agent community write adminnms2 mib-view allexthgmp acl 2001
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v1 v3
snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname
1.1.3.1
snmp-agent
snmp-agent
snmp-agent
snmp-agent
#
return
mib-view excluded allexthgmp hwCluster
trap source LoopBack0
trap queue-size 200
trap life 60
1.5.2 Example for Configuring a Device to Communicate with an
NM Station by Using SNMPv2c
This section provides an example to describe how to configure a device to communicate with
an NM station by using SNMPv2c and how to specify the MIB objects that can be managed by
the NM station.
Networking Requirements
As shown in Figure 1-5, two NM stations (NMS1 and NMS2) and the switch are connected
across a public network. According to the network planning, NMS2 can manage every MIB
object except HGMP on the switch, and NMS1 does not manage the switch.
On the switch, only the modules that are enabled by default are allowed to send alarms to NMS2.
This prevents an excess of unwanted alarms from being sent to NMS2. Excessive alarms can
make faults location difficult. Informs need to be used to ensure that alarms are received by
NMS2 because alarms sent by the switch have to travel across the public network to reach NMS2.
Equipment administrator's contact information needs to be configured on the switch. This allows
the NMS administrator to contact the equipment administrator quickly if a fault occurs.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
38
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
Figure 1-5 Networking diagram for configuring a device to communicate with an NM station
by using SNMPv2c
NMS1
1.1.1.1/24
IP Network
GE0/0/1
VLANIF100
1.1.2.1/24
Switch
NMS2
1.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable the SNMP agent.
2.
Configure the switch to run SNMPv2c.
3.
Configure an ACL to allow NMS2 to manage every MIB object except HGMP on the
switch.
4.
Configure the switch to send informs to NMS2 to ensure alarm sending reliability.
5.
Configure the equipment administrator's contact information on the switch.
6.
Configure NMS2.
Data Preparation
To complete the configuration, you need the following data:
l
SNMP version
l
Community name
l
ACL number
l
IP address of the NM station
l
Equipment administrator's contact information
Procedure
Step 1 Configure available routes between the switch and the NM stations. Details for the configuration
procedure are not provided here.
Step 2 Enable the SNMP agent.
<Quidway> system-view
[Quidway] snmp-agent
Step 3 Configure the switch to run SNMPv2c.
[Quidway] snmp-agent sys-info version v2c
# Check the configured SNMP version.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
39
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
[Quidway] display snmp-agent sys-info version
SNMP version running in the system:
SNMPv2c SNMPv3
Step 4 Configure the NM stations' access rights.
# Configure an ACL to allow NMS2 to manage and disallow NMS1 from managing the
switch.
[Quidway] acl 2001
[Quidway-acl-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
[Quidway-acl-basic-2001] rule 6 deny source 1.1.1.1 0.0.0.0
[Quidway-acl-basic-2001] quit
# Configure a MIB view.
[Quidway] snmp-agent mib-view excluded allexthgmp 1.3.6.1.4.1.2011.6.7
# Configure a community name to allow NMS2 to manage the objects in the MIB view.
[Quidway] snmp-agent community write adminnms2 mib-view allexthgmp acl 2001
Step 5 Configure the trap function.
[Quidway] snmp-agent
securityname 1.1.2.1
[Quidway] snmp-agent
[Quidway] snmp-agent
[Quidway] snmp-agent
target-host inform address udp-domain 1.1.1.2 params
v2c
inform timeout 15 resend-times 3 pending 39
notification-log enable
notification-log global-ageout 12
Step 6 Configure the equipment administrator's contact information.
[Quidway] snmp-agent sys-info contact call Operator at 010-12345678
Step 7 Configure NMS2.
For details on how to configure NMS2, see the relevant NMS configuration guide.
Step 8 Verify the configuration.
After the configurations are complete, run the following commands to verify that the
configurations have taken effect.
# Check information about the SNMP community name.
<Quidway> display snmp-agent community
Community name:adminnms2
Group name:adminnms2
Acl:2001
Storage-type: nonVolatile
# Check the configured ACL.
<Quidway> display acl 2001
Basic ACL 2001, 2 rules
Acl's step is 5
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
# Check the MIB view.
<Quidway> display snmp-agent mib-view viewname allexthgmp
View name:allexthgmp
MIB Subtree:hwCluster
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
# Check the target host.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
40
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
<Quidway> display snmp-agent target-host
Target-host NO. 1
----------------------------------------------------------IP-address
: 1.1.1.2
Source interface : VPN instance
: Security name
: 1.1.2.1
Port
: 162
Type
: inform
Version
: v2c
Level
: No authentication and privacy
NMS type
: NMS
-----------------------------------------------------------
# When an alarm is generated, run the display trapbuffer command to view the details.
<Quidway> display trapbuffer
Trapping buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , Channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 98
#Oct 11 2010 18:57:59 RouterA DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011
.5.25.191.3.1 configurations have been changed. The current change number is 95,
the change loop count is 0, and the maximum number of records is 4095.
# Check the equipment administrator's contact information.
<Quidway> display snmp-agent sys-info contact
The contact person for this managed node:
call Operator at 010-12345678
----End
Configuration Files
Configuration file of the switch
#
vlan batch 100
#
acl number 2001
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
#
snmp-agent
snmp-agent local-engineid 000007DB7FFFFFFF00001AA7
snmp-agent community write adminnms2 mib-view allexthgmp acl 2001
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v2c v3
snmp-agent target-host inform address udp-domain 1.1.1.2 params securityname
1.1.2.1 v2c
snmp-agent mib-view excluded allexthgmp hwCluster
snmp-agent inform timeout 15 resend-times 3 pending 39
snmp-agent notification-log enable
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
41
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
snmp-agent notification-log global-ageout 12
#
return
1.5.3 Example for Configuring a Device to Communicate with an
NM Station by Using SNMPv3
This section provides an example to describe how to configure a device to communicate with
an NM station by using SNMPv3 and how to specify the MIB objects that can be managed by
the NM station.
Networking Requirements
As shown in Figure 1-6, two NM stations (NMS1 and NMS2) and the switch are connected
across a public network. According to the network planning, NMS2 can manage every MIB
object except HGMP on the switch, and NMS1 does not manage the switch.
On the switch, only the modules that are enabled by default are allowed to send alarms to NMS2.
This prevents an excess of unwanted alarms from being sent to NMS2. Excessive alarms can
make faults location difficult.
The data transmitted between NMS2 and the switch needs to be encrypted and the NMS
administrator needs to be authenticated because the data has to travel across the public network.
Equipment administrator's contact information needs to be configured on the switch. This allows
the NMS administrator to contact the equipment administrator quickly if a fault occurs.
Figure 1-6 Networking diagram for configuring a device to communicate with an NM station
by using SNMPv3
NMS1
1.1.1.1/24
GE0/0/1
VLANIF100
1.1.2.1/24
IP Network
Switch
NMS2
1.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable the SNMP agent.
2.
Configure the switch to run SNMPv3.
3.
Configure an ACL to allow NMS2 to manage every MIB object except HGMP on the
switch and configure data encryption.
4.
Configure the trap function to allow the switch to send alarms to NMS2.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
42
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
5.
Configure the equipment administrator's contact information on the switch.
6.
Configure NMS2.
Data Preparation
To complete the configuration, you need the following data:
l
SNMP version
l
User group name
l
User name and password
l
Authentication and encryption algorithms
l
ACL number
l
IP address of the NM station
l
Equipment administrator's contact information
Procedure
Step 1 Configure available routes between the switch and the NM stations. Details for the configuration
procedure are not provided here.
Step 2 Enable the SNMP agent.
<Quidway> system-view
[Quidway] snmp-agent
Step 3 Configure the switch to run SNMPv3.
[Quidway] snmp-agent sys-info version v3
# Check the configured SNMP version.
[Quidway] display snmp-agent sys-info version
SNMP version running in the system:
SNMPv3
Step 4 Configure the NM stations' access rights.
# Configure an ACL to allow NMS2 to manage and disallow NMS1 from managing the
switch.
[Quidway] acl 2001
[Quidway-acl-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
[Quidway-acl-basic-2001] rule 6 deny source 1.1.1.1 0.0.0.0
[Quidway-acl-basic-2001] quit
# Configure a MIB view.
[Quidway] snmp-agent mib-view included testview iso
# Configure an SNMPv3 user group and add a user to the group, and configure authentication
for the NMS administrator and encryption for the data transmitted between the switch and NMS2.
[Quidway] snmp-agent usm-user v3 testuser testgroup authentication-mode md5
87654321 privacy-mode des56 87654321
[Quidway] snmp-agent group v3 testgroup privacy write-view testview notify-view
testview acl 2001
Step 5 Configure the trap function.
[Quidway] snmp-agent target-host trap address udp-domain 1.1.1.2 params
securityname testuser
[Quidway] snmp-agent trap source loopback0
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
43
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
[Quidway] snmp-agent trap queue-size 200
[Quidway] snmp-agent trap life 60
Step 6 Configure the equipment administrator's contact information.
[Quidway] snmp-agent sys-info contact call Operator at 010-12345678
Step 7 Configure the NMS2.
For details on how to configure NMS2, see the relevant NMS configuration guide.
Step 8 Verify the configuration.
After the configurations are complete, run the following commands to verify that the
configurations have taken effect.
# Check information about the user group.
<Quidway> display snmp-agent group testgroup
Group name: testgroup
Security model: v3 AuthPriv
Readview: ViewDefault
Writeview: testview
Notifyview: testview
Storage-type: nonVolatile
Acl:2001
# Check information about the user.
<Quidway> display snmp-agent usm-user
User name: testuser
Engine ID: 000007DB7F00000100004C3F active
Group name:testgroup
# Check the configured ACL.
<Quidway> display acl 2001
Basic ACL 2001, 2 rules
Acl's step is 5
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
# Check the MIB view.
<Quidway> display snmp-agent mib-view viewname testview
View name:testview
MIB Subtree:iso
Subtree mask:
Storage-type: nonVolatile
View Type:included
View status:active
# Check the target host.
<Quidway> display snmp-agent target-host
Target-host NO. 1
----------------------------------------------------------IP-address
: 1.1.1.2
Source interface : VPN instance
: Security name
: testuser
Port
: 162
Type
: trap
Version
: v1
Level
: No authentication and privacy
NMS type
: NMS
-----------------------------------------------------------
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
44
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1 SNMP Configuration
# When an alarm is generated, run the display trapbuffer command to view the details.
<Quidway> display trapbuffer
Trapping buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , Channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 98
#Oct 11 2010 18:57:59 RouterA DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011
.5.25.191.3.1 configurations have been changed. The current change number is 95,
the change loop count is 0, and the maximum number of records is 4095.
# Check the equipment administrator's contact information.
<Quidway> display snmp-agent sys-info contact
The contact person for this managed node:
call Operator at 010-12345678
----End
Configuration Files
Configuration file of the switch
#
vlan batch 100
#
acl number 2001
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface LoopBack0
ip address 1.1.3.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
network 1.1.3.1 0.0.0.0
#
snmp-agent
snmp-agent local-engineid 000007DB7FFFFFFF000004A7
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v3
snmp-agent group v3 testgroup privacy write-view testview notify-view testview
acl 2001
snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname
testuser
snmp-agent mib-view included testview iso
snmp-agent usm-user v3 testuser testgroup authentication-mode md5 N'!2Z
[^HZ0T&P'@XIM=F#Q!! privacy-mode des56 N'!2Z[^HZ0T&P'@XIM=F#Q!!
snmp-agent trap source LoopBack0
snmp-agent trap queue-size 200
snmp-agent trap life 60
#
return
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
45
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
2
LLDP Configuration
About This Chapter
This chapter describes the LLDP concept, configuration procedures, and configuration
examples.
2.1 Introduction to LLDP
The Link Layer Discovery Protocol (LLDP) is a Layer 2 discovery protocol defined in the IEEE
802.1ab standard.
2.2 LLDP Feature Supported by the S5700
This section describes the usage scenarios of the LLDP feature and TLV types supported by the
S5700.
2.3 Configuring LLDP
This section describes how to configure LLDP.
2.4 Maintaining LLDP
This section describes how to clear LLDP statistics and monitor LLDP status.
2.5 Configuration Examples
This section provides LLDP configuration examples.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
46
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
2.1 Introduction to LLDP
The Link Layer Discovery Protocol (LLDP) is a Layer 2 discovery protocol defined in the IEEE
802.1ab standard.
Background
Currently, the Ethernet technology is widely used in the network. Compared with small-scale
networks, large-scale networks require that the network management system (NMS) have more
functions and higher processing capability. For example, the NMS needs to obtain the topology
of connected devices and configuration conflicts between devices.
Currently, many NMSs use the automated discovery function to trace the topology changes.
However, most of them at best analyze the Layer 3 network topology and group devices into
different IP subnets. These NMSs provide only the data concerning the basic events such as
adding or deleting of devices, but do not determine the connected interfaces between devices or
obtain information about configuration conflicts.
The Layer 2 discovery protocol precisely discovers the interfaces on each device and obtains
connection information between devices. In addition, it displays the paths between clients,
switches, routers, application servers, and network servers. The Layer 2 information helps you
quickly know the device topology, detect configuration conflicts between devices, and locate
network faults.
The LLDP protocol is a Layer 2 discovery protocol defined in the IEEE 802.1ab standard.
LLDP working mechanism
Figure 2-1 LLDP diagram
Organizationally
defined local device
LLDP MIB extension
(Optional)
Organizationally
defined remote device
LLDP MIB extension
(Optional)
PTOPO MIB
(Optional)
Entity MIB
(Optional)
LLDP local system MIB
LLDP remote system MIB
Interface MIB
(Optional)
LLDP agent
LLDP frames
(
Local device information
Issue 01 (2011-10-26)
Other MIBs
(Optional)
)
LLDP/LSAP
Remote device information
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
47
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
LLDP is implemented by the MIB.
l
The LLDP module updates the LLDP local system MIB and its own extended MIB
(Organizationally defined local device LLDP MIB extension in the figure) by interacting
with the PTOPO MIB, Entity MIB, Interface MIB, and Other MIBs.
l
The LLDP module sends the LLDP packets carrying its own information to the peer device
through the interface connected to the peer device.
l
The LLDP module receives the LLDP packets from the peer device, and then updates the
LLDP remote system MIB stored on the local device.
By using the MIB, the device obtains the neighbor information, including the remote interface
connected to the local device and the bridge MAC address of the peer device.
MIB
Management information bases (MIBs) are classified into LLDP Local System MIBs and the
LLDP Remote System MIBs.
l
LLDP Local System MIB: stores information about the local device, including the device
ID, port ID, system name, system description, port description, system capability, and
management address.
l
LLDP Remote System MIB: stores information about neighbor devices, including the
device ID, port ID, system name, system description, port description, system capability,
and management address.
LLDP Agent
An LLDP agent manages LLDP operations for an interface.
The LLDP agent performs the following operations:
l
Maintains information in the LLDP local system MIB.
l
Obtains and sends LLDP local system MIB information to neighbor devices when the status
of the local device status changes. If the local device status keeps unchanged, the LLDP
agent also obtains and sends LLDP local system MIB information to neighbor devices at
intervals.
l
Identifies and processes received LLDP packets.
l
Maintains information in the LLDP remote system MIB.
l
Sends LLDP traps to the NMS when information in the LLDP local system MIB or the
LLDP remote system MIB changes.
LLDP Management Address
The LLDP management address (short for management address) is used by the NMS to identify
the S5700 and implement network management. A management address identifies a device. It
makes the network topology clear and facilitates network management. The management
address is carried in the Management Address Type-Length-Value (TLV) field of an LLDP
packet to be transmitted to neighbor devices.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
48
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
LLDP Trap
When information in the LLDP local system MIB or the LLDP remote system MIB changes,
the device sends traps to the NMS, requesting the NMS to update the topology. The information
changes include:
l
Change of global LLDP status
l
Change of local management address
l
Change of neighbor information, excluding the change of neighbor management address
The LLDP trap function is applied to all interfaces.
LLDP Packet
Figure 2-2 shows the LLDP packet format.
Figure 2-2 LLDP packet format
l
DA: indicates the destination address of the LLDP packet. It is the multicast address 01-80C2-00-00-0E.
l
SA: indicates the bridge MAC address of the neighbor device.
l
LLDP Ethertype: indicates the LLDP packet type. If a packet contains this field, it is an
LLDP packet and it is sent to the LLDP module. The value of this field is 0x88CC.
l
LLDPDU: indicates the LLDP data unit. It is the major content of an LLDP packet.
l
FCS: indicates the Frame Check Sequence.
LLDPDU in the LLDP packet contains the Layer 2 information discovered by the device, so it
is the most important part in the LLDP packet.
Figure 2-3 shows the LLDPDU structure.
Figure 2-3 LLDPDU structure
The basic unit in the LLDPDU is TLV.
l
T: information type
l
L: information length
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
49
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
l
2 LLDP Configuration
V: content value
The LLDPDU carries different types of TLVs to meet the LLDP interaction requirements. The
device sends or receives the local and remote information by using these TLVs.
The LLDPDU starts with Chassis ID TLV, Port ID TLV, and Time to Live TLV, and ends with
End of LLDPDU TLV; therefore, these four TLVs are mandatory for an LLDPDU. The other
TLVs are optional. The device can add and remove the optional TLVs.
2.2 LLDP Feature Supported by the S5700
This section describes the usage scenarios of the LLDP feature and TLV types supported by the
S5700.
Usage Scenario
The LLDP feature of the S5700 is applicable to three types of networks.
The network where an interface has only one neighbor
The interfaces between two switches or the interfaces between a switch and a media endpoint
(ME) are directly connected, so each interface has only one neighbor. As shown in Figure
2-4, SwitchA is directly connected to SwitchB and ME. Each interface on SwitchA and
SwitchB has only one neighbor.
Figure 2-4 Each interface has only one neighbor
Internet
NMS
Switch A
Switch B
ME
The network where an interface has multiple neighbors
The interfaces between two switches are connected through an unknown network, so each
interface has multiple neighbors. As shown in Figure 2-5, SwitchA, SwitchB, and SwitchC are
connected through an unknown network. The devices on the unknown network may not have
the LLDP function or not be managed by the network management system (NMS); however,
they must have the ability to transparently transmit LLDP packets. On this network, each
interface of SwitchA, SwitchB, and SwitchC has multiple neighbors.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
50
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
Figure 2-5 Each interface has multiple neighbors
SNMP
SNMP
NMS
SwitchD
SwitchF
LL LLDPDU
D
PD
U
SwitchE
10.10.10.1
LLDPDU
LL
D
PD
U
LL
D
PD
10.10.10.2
SwitchA
SwitchB
U
10.10.10.3
SwitchC
LLDP interface
SNMP packet
NMS: Network Management System
LLDPDU packet
The network where link aggregation is configured
As shown in Figure 2-6, a link aggregation group is configured between the switches. Each
interface in the link aggregation group has only one neighbor.
Figure 2-6 Link aggregation is configured on the network
Network
Enterprise
User
Issue 01 (2011-10-26)
NMS
Eth-Trunk
SwitchA
SwitchB
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Enterprise
User
51
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
TLV Types Supported by the S5700
Besides the mandatory TLVs Chassis ID TLV, Port ID TLV, Time to Live TLV, and End of
LDPDU, the S5700 supports the following optional TLVs.
l
Basic TLV
Type
Description
Management Address TLV
Management IP address
Port Description TLV
Interface description
System Capabilities TLV
Capacities of the local device, including:
l other: other capability
l repeater
l bridge
l wlanAccessPoint: wireless access point
l router
l telephone: wireless device
l docsisCableDevice: management
station
l stationOnly: station
l
l
Issue 01 (2011-10-26)
System Description TLV
Device description
System Name TLV
Device name
Organizationally Specific TLV defined in 802.1
Type
Description
Port VLAN TLV
VLAN ID of an interface
Port protocol VLAN TLV
Protocol VLAN ID of an interface
VLAN Name TLV
VLAN name
Protocol identity TLV
Protocol types supported by an interface
Organizationally Specific TLV defined in 802.3
Type
Description
Link Aggregation TLV
Whether a port supports link aggregation
and is enabled with link aggregation
MAC/PHY Configuration/Status TLV
Rate and duplex status of a port, whether
auto-negotiation is supported, and whether
auto-negotiation is enabled
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
52
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
l
2 LLDP Configuration
Type
Description
Maximum Frame Size TLV
Maximum frame length supported by a
port, namely, the maximum transmission
unit (MTU)
Power Via MDI TLV
Power capability of a port, for example,
whether the port supports PoE and whether
the port is a powering device or powered
device
LLDP-MED TLV
Type
Description
LLDP-MED Capabilities TLV
MED type of a device and the type of an
LLDP MED TLV that can be encapsulated
in an LLDPDU
Inventory TLV
Manufacturer of the device
Location Identification TLV
Location identification, which identifies
the location of the local device
Network Policy TLV
VLAN ID, Layer 2 priority, and DSCP of
a voice VLAN
Extended Power-via-MDI TLV
Power capability of the device
By default, LLDP advertises all types of TLVs except the Location Identification TLV.
2.3 Configuring LLDP
This section describes how to configure LLDP.
2.3.1 Establishing the Configuration Task
Applicable Environment
The LLDP function on network devices allows the NMS to obtain device capabilities, device
topology, management addresses, device identifications, and interface identifications.
Pre-configuration Tasks
Before configuring LLDP, complete the following tasks:
l
Configuring a reachable route between the switch and the NMS and setting the SNMP
parameters
l
Configuring an LLDP management address
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
53
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
NOTE
The LLDP management address contained in an LLDP packet is used to identify a device. Therefore, the
management address of a device must be unique and easy to manage, for example, the IP address of the
management port. The IP address to be set as the management address must already exist on the device.
That is, this IP address must be configured before 2.3.4 (Optional) Configuring an LLDP Management
Address.
Data Preparation
To configure LLDP, you need the following data.
No.
Data
1
IP address to be set as the LLDP management address
2
(Optional) Interval for sending LLDP packets
3
(Optional) Delay to send LLDP packets
4
(Optional) Hold time multiplier of device information stored on neighbors
5
(Optional) Delay to re-enable the LLDP function on an interface
6
(Optional) Delay to send neighbor change traps to the NMS
2.3.2 Enabling Global LLDP
After LLDP is enabled on the switch and its neighbors, the switch and its neighbors obtain status
information of each other by exchanging LLDP packets. The NMS obtains Layer 2 connection
status from the switch for network topology analysis.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
lldp enable
LLDP is enabled globally.
Step 3 Run:
interface interface-type interface-number
The interface view is displayed.
Step 4 Run:
bpdu enable
The interface is enabled to forward LLDP BPDUs.
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
54
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
2.3.3 (Optional) Disabling LLDP on an Interface
After global LLDP is enabled, all the interfaces on the device are enabled with LLDP. To disable
LLDP on some interfaces, run the undo lldp enable command on these interfaces.
Prerequisite
LLDP has been enabled globally.
Context
LLDP can be enabled in the system view and the interface view:
l
After LLDP is enabled in the system view, all interfaces are enabled with LLDP.
l
After LLDP is disabled in the system view, all LLDP settings are restored to the default
settings except the setting of LLDP trap. Therefore, LLDP is also disabled on all interfaces.
l
An interface can send and receive LLDP packets only after LLDP is enabled in both the
system view and the interface view.
l
After LLDP is disabled globally, the commands for enabling and disabling LLDP on an
interface do not take effect.
l
If LLDP needs to be disabled on some interfaces, enable LLDP globally first, and then run
the undo lldp enable command on these interfaces. To re-enable LLDP on these interfaces,
run the lldp enable command in the views of these interfaces.
NOTE
l On an Eth-Trunk, LLDP can only be enabled on member interfaces. The interfaces enabled with LLDP
and not enabled with LLDP can exist in the same Eth-Trunk.
l LLDP can be enabled and disabled only on the physical interfaces such as Ethernet, GE, and XGE
interfaces. Before enabling or disabling LLDP on an interface, ensure that LLDP has been enabled
globally.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
undo lldp enable
LLDP is disabled on the interface.
----End
2.3.4 (Optional) Configuring an LLDP Management Address
The LLDP management address uniquely identifies a device on the NMS.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
55
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
Prerequisite
LLDP has been enabled globally.
Context
If the configured management address is invalid or no management address is configured, the
system sets an IP address in the address list as the management address. The system selects the
IP address in the following priority order: loopback interface address, console port address, and
then VLANIF interface address. Among the IP addresses of the same type, the system selects
the smallest one. If the system does not find a management address, the bridge MAC address is
used as the management address.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
lldp management-address ip-address
The LLDP management address is configured.
The value of ip-address must be a valid unicast IP address existing on the device. Using the IP
address of the console port as the LLDP management address is recommended.
----End
2.3.5 (Optional) Configuring the TLV in the LLDPDU
The LLDPDUs contain different types of TLVs. The devices send and receive device
information by using these TLVs. The TLVs that can be encapsulated in an LLDP packet include
basic TLVs, organizationally specific TLVs, and TLVs related to media endpoint discovery
(MED).
Prerequisite
l
LLDP has been enabled globally.
l
LLDP has been enabled on the interfaces.
Context
To enable an interface to send the 802.3 Power via MDI TLV, run the lldp tlv-enable dot3-tlv
power command. The 802.3 Power via MDI TLV has the following formats:
l
802.1ab format: [TLV type | TLV information string length | 802.3 OUI | MDI power
support | PSE power pair | power class]
l
802.3at format: [TLV type | TLV information string length | 802.3 OUI | MDI power support
| PSE power pair | power class | type/source/priority | PD requested power value | PSE
allocated power value]
Based on 802.1ab, 802.3at extends three fields: type/source/priority, PD requested power value,
and PSE allocated power value.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
56
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
lldp tlv-enable { basic-tlv { all | management-address | port-description | systemcapability | system-description | system-name } | dot1-tlv { all | port-vlan-id |
protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] | protocol-identity } | dot3tlv { all | link-aggregation | mac-physic | max-frame-size | power } | med-tlv
{ all | capability | inventory | location-id { civic-address device-type countrycode { ca-type ca-value }&<1-10> | elin-address Tel-Number } | network-policy |
power-over-ethernet } }
The TLVs supported by the interface are specified.
By default, LLDP advertises all types of TLVs except the Location Identification TLV.
NOTE
l When the supported TLVs on the device are basic TLVs, TLVs in the IEEE 802.1 format, and TLVs
in the IEEE 802.3 format, the lldp tlv-enable command with the all parameter advertises all TLVs.
When the supported TLVs on the device are LLDP-MED TLVs, the lldp tlv-enable command with
the all parameter advertises all TLVs except Location Identification TLV.
If the all parameter is not specified, only one type of TLV can be sent. To send multiple types of TLVs,
run the command multiple times.
l You can specify the other types of LLDP-MED TLVs only after specifying the LLDP-MED
Capabilities TLV.
To disable the LLDP-MED Capabilities TLV, you must disable the other types of LLDP-MED TLVs
first.
To disable the MAC/PHY Configuration/Status TLVs, you must disable the LLDP-MED Capabilities
TLV first.
l The 802.3 MAC/PHY Configuration/Status TLVs are advertised automatically after the LLDP-MED
Capabilities TLV is advertised.
l If you disable the LLDP-MED TLVs and use the all keyword, the MAC/PHY Configuration/Status
TLVs are not disabled automatically.
Step 4 Run:
lldp dot3-tlv power {802.1ab | 802.3at }
The standard with which the 802.3 Power via MDI TLV sent by the interface complies is set.
By default, the 802.3 Power via MDI TLV conforms to 802.1 ab.
NOTE
Before selecting a format of the 802.3 Power via MDI TLV, you must know the TLV format supported by
the peer device. The TLV format on the local device must be also supported by the peer device.
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
57
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
2.3.6 (Optional) Configuring LLDP Timers
The LLDP timers include interval for sending LLDP packets, delay to send LLDP packets, hold
time multiplier of device information stored on neighbors, delay to re-enable LLDP on an
interface, and delay to send neighbor change traps to the NMS.
Prerequisite
LLDP has been enabled globally.
Context
Interval for sending LLDP packets and delay to send LLDP packets
When the LLDP status of the device keeps unchanged and the device does not discover new
neighbors, the interface module sends LLDP packets to the neighbors at a certain interval. After
the LLDP transmission interval is set on the device, the LLDP enabled interfaces send LLDP
packets to neighbors at this interval. The interfaces may send LLDP packets at different time
points. The LLDP transmission interval should be set properly and adjusted according to network
loads.
l
A long interval reduces the LLDP packet interaction frequency, and thus saves system
resource. However, if the interval is too long, the device cannot notify neighbors of its
status in time, and the NMS cannot discover the network topology changes in real time.
l
A short interval increases the LLDP packet transmission frequency and enables the NMS
to discover network topology changes in real time. However, if the interval is too short, the
LLDP packets are exchanged frequently, and thus the system load is increased and
resources are saved.
There is a delay before the interface module sends an LLDP packet to the neighbor when the
device status changes frequently. After the LLDP transmission delay is set on the device, the
LLDP enabled interfaces send LLDP packets to neighbors after a delay (the delay is the same
as or longer than the delay you specified). The interfaces may send LLDP packets at different
time points. If the device status changes frequently, extend the delay to prevent the device from
frequently sending traps to the NMS. A delay suppresses the network topology flapping. The
LLDP transmission delay should be set properly and adjusted according to network loads.
l
A long delay reduces the LLDP packet interaction frequency, and thus saves system
resource. However, if the delay is too long, the device cannot notify neighbors of its status
in time, and the NMS cannot discover the network topology changes in real time.
l
A short delay increases the LLDP packet transmission frequency and enables the NMS to
discover network topology changes in real time. However, if the delay is too short, the
LLDP packets are exchanged frequently, and thus the system load is increased and
resources are saved.
You should consider the value of delay when adjusting the value of interval because it is restricted
by the value of delay.
l
The value of interval ranges from 5 to 32768.
l
The value of interval must be equal to or greater than four times the value of delay.
Therefore, if you want to set interval to be smaller than four times the value of delay, first
reduce the delay value to be equal to or smaller than a quarter of the new interval value,
and then reduce the interval value.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
58
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
NOTE
If the interval value is smaller than four times the delay value, the system displays an error message when
you run the undo lldp message-transmission delay command. To run the undo lldp messagetransmission delay command in this case, increase the interval value to at least four times the delay value
first.
Hold time multiplier of device information on neighbors
The hold time multiplier is the Time to Live (TTL) of the packets sent by the local device. You
can specify the storage time of device information on the neighbors. After receiving the LLDP
packets, the neighbors update the aging time of the device information from the sender according
to the TTL.
The storage time calculation formula is: TTL = Min (65535, (interval x hold)).
l
TTL is the device information storage time. It is the smaller value between 65535 and
(interval x hold).
l
interval is the interval at which the device sends LLDP packets to neighbors. This parameter
is set by lldp message-transmission interval.
l
hold is the hold time multiplier of device information on neighbors.
After the LLDP function is disabled on the device, its neighbors wait until the TTL of the device
information expires, and then delete the device information. This prevents network topology
flapping. The hold time multiplier of device information on neighbors must be set to a proper
value.
l
A great value of the hold time multiplier prevents network topology flapping. However, if
the value is too large, the device cannot notify neighbors of its status in time, and the NMS
cannot discover the network topology changes in real time.
l
A small value of the hold time multiplier enables the NMS to discover topology change in
time. However, if the value is too small, the neighbors update device information too
frequently. This increases the load on the system and wastes resources.
l
The default value is recommended.
Delay to re-enable LLDP on an interface
There is a delay before LLDP is re-enabled on an interface. The delay suppresses the topology
flapping of the neighbors caused by the frequent LLDP status changes. The delay to re-enable
the LLDP function on an interface must be set properly.
l
A great value of the delay prevents network topology flapping. However, if the value is too
large, the device cannot notify neighbors of its status in time, and the NMS cannot discover
the network topology changes in real time.
l
A small value of the delay enables the NMS to discover topology change in time. However,
if the value is too small, the neighbors update device information too frequently. This
increases the load on the system and wastes resources.
l
The default value is recommended.
Delay to send neighbor change traps to the NMS
There is a delay before the device sends LLDP traps to the NMS. When the neighbor information
changes frequently, extend the delay to prevent the device from sending traps to the NMS too
frequently. This command suppresses the topology flapping. After the delay is set on the device,
the LLDP enabled interfaces send LLDP traps to neighbors after a delay (the delay is the same
as or longer than the delay you specified). The interfaces may send LLDP packets at different
time points.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
59
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
The delay is applied to only the following traps: traps for adding neighbors, traps for deleting
neighbors, neighbor aging traps, and traps for discarding neighbor packets
(LLDP_1.0.8802.1.1.2.0.0.1 lldpRemTablesChange).
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
lldp message-transmission interval interval
The interval for sending LLDP packets is set.
By default, the interval for sending LLDP packets is 30 seconds.
Step 3 Run:
lldp message-transmission delay delay
The delay to send LLDP packets is set.
By default, the delay to send LLDP packets is 2 seconds.
Step 4 Run:
lldp message-transmission hold-multiplier hold
The hold time multiplier of device information stored on neighbors is set.
The default value is 4.
NOTE
l You can extend the storage time of device information on the neighbors by increasing the value of
hold.
l The value of hold ranges from 2 to 10; however, when the value of (hold x interval) is greater than
65535, the hold value is invalid.
Step 5 Run:
lldp restart-delay delay
The delay to re-enable LLDP on an interface is set.
The default value is 2, in seconds.
If LLDP is disabled on an interface, the system re-enables LLDP for the interface after a delay.
Step 6 Run:
lldp trap-interval interval
The delay to send neighbor change traps to the NMS is set.
The default value is 5, in seconds.
----End
2.3.7 (Optional) Enabling the LLDP Trap Function
To send traps to the NMS when the neighbor information changes, you need to enable the LLDP
trap function on the switch.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
60
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
Context
After the LLDP trap function is enabled, the switch sends traps to the NMS in one of the following
cases:
l
The LLDP function is enabled or disabled globally. The traps are
LLDP_1.3.6.1.4.1.2011.5.25.134.2.1 hwLldpEnabled and
LLDP_1.3.6.1.4.1.2011.5.25.134.2.2 hwLldpDisabled.
l
The local management address changes. The trap is LLDP_1.3.6.1.4.1.2011.5.25.134.2.5
hwLldpLocManIPAddrChange.
l
Neighbor information changes. The trap is LLDP_1.0.8802.1.1.2.0.0.1
lldpRemTablesChange. A trap is not generated if the management address of a neighbor
changes.
The LLDP trap function is applied to all interfaces. The LLDP trap function can take effect no
matter whether the LLDP function is enabled globally. If the network topology is unstable,
disable the LLDP function to prevent frequent trap sending.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
snmp-agent trap enable feature-name lldptrap
The LLDP trap function is enabled.
By default, the LLDP trap function is disabled on the S5700.
----End
2.3.8 Checking the Configuration
Prerequisite
All configurations are complete.
Procedure
l
Run the display lldp local [ interface interface-type interface-number ] command to view
local LLDP status.
l
Run the display lldp neighbor [ interface interface-type interface-number ] command to
view neighbor information of an interface.
l
Run the display lldp neighbor brief command to view brief information about neighbors.
l
Run the display lldp tlv-config command to view the TLV types supported by the interface.
----End
2.4 Maintaining LLDP
This section describes how to clear LLDP statistics and monitor LLDP status.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
61
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
2.4.1 Clearing LLDP Statistics
To clear LLDP statistics, run the following reset command in the user view.
Procedure
l
Run the reset lldp statistics [ interface interface-type interface-number ] command to
clear LLDP statistics.
----End
2.4.2 Monitoring LLDP Status
To view LLDP status, run the following display commands.
Procedure
l
Run the display lldp local [ interface interface-type interface-number ] command to view
LLDP status in the entire system or on an interface.
l
Run the display lldp statistics [ interface interface-type interface-number ] command to
view statistics about packets sent and received on an interface.
l
Run the display lldp neighbor [ interface interface-type interface-number ] command to
view neighbor information of an interface.
----End
2.5 Configuration Examples
This section provides LLDP configuration examples.
2.5.1 Example for Configuring LLDP on the Device That Has a
Single Neighbor
After LLDP is configured on the network devices, the NMS can obtain the network topology.
The following example describes how to configure LLDP on the devices that have a single
neighbor.
Networking Requirements
As shown in Figure 2-7, SwitchA is directly connected to SwitchB and media endpoint (ME).
The NMS needs to obtain Layer 2 information about SwitchA, SwitchB, and ME. By using the
Layer 2 information, a network administrator can know the detailed network topology
information and configuration conflicts. These requirements can be met by configuring LLDP
on SwitchA and SwitchB.
In addition, the administrator requires that SwitchA and SwitchB send LLDP traps to the NMS
when the LLDP management address changes, global LLDP is enabled or disabled, or the
neighbor information changes. This ensures that the administrator detects topology changes in
time.
The ME supports the LLDP function. Reachable routes exist between the NMS and Switches.
The SNMP parameters are set on all devices.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
62
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
Figure 2-7 Configuring LLDP on the device that has a single neighbor
Internet
NMS
10.10.10.1
GE0/0/1
Switch A
GE0/0/2
GE0/0/1
10.10.10.2
Switch B
ME
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable global LLDP on SwitchA and SwitchB.
2.
Enable SwitchA and SwitchB to process LLDP BPDUs.
3.
Configure management addresses for SwitchA and SwitchB.
4.
Enable the LLDP trap function on SwitchA and SwitchB.
Data Preparation
To complete the configuration, you need the following data:
l
Management address 10.10.10.1 for SwitchA and management address 10.10.10.2 for
SwitchB
Procedure
Step 1 Enable global LLDP on SwitchA and SwitchB.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] lldp enable
# Configure SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] lldp enable
Step 2 Enable SwitchA and SwitchB to process LLDP BPDUs.
# Configure SwitchA.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
63
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] bpdu enable
# Configure SwitchB.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] bpdu enable
Step 3 Configure management addresses for SwitchA and SwitchB.
# Configure SwitchA.
[SwitchA] lldp management-address 10.10.10.1
# Configure SwitchB.
[SwitchB] lldp management-address 10.10.10.2
Step 4 Enable the LLDP trap function on SwitchA and SwitchB.
# Configure SwitchA.
[SwitchA] snmp-agent trap enable feature-name lldptrap
# Configure SwitchB.
[SwitchB] snmp-agent trap enable feature-name lldptrap
Step 5 Verify the configuration.
# Check whether the LLDP function is enabled, management addresses are configured, and the
LLDP trap function is enabled.
l View the configurations on SwitchA.
[SwitchA] display lldp local
System
information
Chassis
type
:macAddress
Chassis ID
:00e0fc33-0011
System name
:SwitchA
System description :Quidway
Huawei Versatile Routing Platform
Software
VRP (R) Software, Version 5.70 (S5700 V200R006C00)
Copyright (c) 2003-2010 Huawei Technologies Co.,
Ltd
System capabilities
supported
:bridge
System capabilities
enabled
:bridge
LLDP Up time
:2009/2/13
18:31:37
MED system information
Device class
:Network Connectivity
(MED inventory information of master board)
HardwareRev
:VER B
FirmwareRev
:NC
SoftwareRev
:Version 5.70 V200R006C00
SerialNum
:NA
Manufacturer name :NA
Model name
:NA
Asset tracking identifier :NA
System configuration
LLDP Status
Issue 01 (2011-10-26)
:enabled
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
(default is disabled)
64
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
LLDP Message Tx Interval
LLDP Message Tx Hold Multiplier
LLDP Refresh Delay
LLDP Tx Delay
LLDP Notification Interval
LLDP Notification Enable
Management Address
:30
:4
:2
:2
:5
:enabled
:IP: 10.10.10.1
(default
(default
(default
(default
(default
(default
is
is
is
is
is
is
30s)
4)
2s)
2s)
5s)
disabled)
Remote Table Statistics:
Remote Table Last Change Time
:0 days, 0 hours, 0 minutes, 0 seconds
Remote Neighbors Added
:0
Remote Neighbors Deleted
:0
Remote Neighbors Dropped
:0
Remote Neighbors Aged
:0
Total Neighbors
Port information:
:1
Port information:
Interface GigabitEthernet0/0/1:
LLDP Enable Status
:enabled
Total Neighbors
:1
Port ID subtype
Port ID
Port description
(default is disabled)
:interfaceName
:GigabitEthernet0/0/1
:HUAWEI, Quidway Series, GigabitEthernet0/0/1 Interface
Port And Protocol vlan ID(PPVID) don't supported
Port VLAN ID(PVID) :1
VLAN name of VLAN 1: VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM CFM
Auto-negotiation supported
:Yes
Auto-negotiation enabled
:Yes
OperMau
:speed(1000)/duplex(Full)
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
PSE pairs control ability:No
Power pairs
:Unknown
Port power classification:Unknown
Link aggregation supported:Yes
Link aggregation enabled :No
Aggregation port ID
:0
Maximum frame Size
:1600
MED port information
Media policy type
:Unknown
Unknown Policy
:Yes
VLAN tagged
:No
Media policy VlanID
Media policy L2 priority
Media policy Dscp
:0
:0
:0
Power Type
:Unknown
PoE PSE power source
:Unknown
Port PSE Priority
:Unknown
Port Available power value:0
# View the neighbor information of SwitchA.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
65
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
<SwitchA> display lldp neighbor interface gigabitethernet 0/0/1
GigabitEthernet0/0/1 has 1 neighbors:
Neighbor index : 1
Chassis type
:macAddress
Chassis ID
:00e0-fc33-0011
Port ID type
:interfaceName
Port ID
:GigabitEthernet0/0/1
Port description
:HUAWEI, Quidway Series, GigabitEthernet0/0/1 Interface
System name
:SwitchB
System description :Quidway
Huawei Versatile Routing Platform Software
VRP (R) Software, Version 5.70 (S5700 V200R006C00)
Copyright (c) 2003-2010 Huawei Technologies Co., Ltd
System capabilities supported
:bridge
System capabilities enabled
:bridge
Management address type :ipV4
Management address
: 10.10.10.2
Expired time
:118s
Port VLAN ID(PVID) :1
VLAN name of VLAN 1: VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM CFM
Auto-negotiation supported
:Yes
Auto-negotiation enabled
:Yes
OperMau
:speed(1000)/duplex(Full)
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
PSE pairs control ability:No
Power pairs
:Unknown
Port power classification:Unknown
Link aggregation supported:Yes
Link aggregation enabled :No
Aggregation port ID
:0
Maximum frame Size
:1600
MED Device information
Device class
:Network Connectivity
HardwareRev
:LE01MCUA VER.A
FirmwareRev
:NC
SoftwareRev
:Version 5.70 V200R006C00
SerialNum
:NA
Manufacturer name :HUAWEI TECH CO., LTD
Model name
:NA
Asset tracking identifier :NA
Media policy type
:Unknown
Unknown Policy
:Yes
VLAN tagged
:No
Media policy VlanID
:0
Media policy L2 priority :0
Media policy Dscp
:0
Power Type
:Unknown
PoE PSE power source
:Unknown
Port PSE Priority
:Unknown
Port Available power value:0
l View the configurations on SwitchB.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
66
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
Similar to information about SwitchA.
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
lldp enable
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
bpdu enable
#
lldp management-address 10.10.10.1
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
lldp enable
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
bpdu enable
#
lldp management-address 10.10.10.2
#
return
2.5.2 Example for Configuring LLDP on the Device That Has
Multiple Neighbors
After LLDP is configured on the network devices, the NMS can obtain the network topology.
The following example describes how to configure LLDP on the devices that have multiple
neighbors.
Networking Requirements
As shown in Figure 2-8, SwitchA, SwitchB, and SwitchC are connected through an unknown
network. The unknown network is not managed by the NMS, but can transparently transmit
LLDP packets. The NMS needs to obtain Layer 2 information about SwitchA, SwitchB, and
SwitchC. By using the Layer 2 information, a network administrator can know the detailed
network topology information and configuration conflicts. These requirements can be met by
configuring LLDP on SwitchA, SwitchB, and SwitchC.
The NMS has reachable routes to SwitchA, SwitchB, and SwitchC and SNMP parameters are
set on all devices.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
67
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
Figure 2-8 Configuring LLDP on the device that has multiple neighbors
SNMP
SNMP
NMS
LL LLDPDU
D
PD
U
SwitchE
10.10.10.1
LLDPDU
LL
D
PD
U
SwitchD
SwitchF
LL
D
PD
U
10.10.10.2
SwitchA
SwitchB
10.10.10.3
SwitchC
LLDP interface
SNMP packet
NMS: Network Management System
LLDPDU packet
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable global LLDP on SwitchA, SwitchB, and SwitchC.
2.
Enable SwitchA, SwitchB, and SwitchC to process LLDP BPDUs.
3.
Configure management addresses for SwitchA, SwitchB, and SwitchC.
Data Preparation
To complete the configuration, you need the following data:
l
Management addresses for SwitchA, SwitchB, and SwitchC
Procedure
Step 1 Enable global LLDP on SwitchA, SwitchB, and SwitchC.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] lldp enable
# Configure SwitchB.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
68
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
Same as the configurations on SwitchA.
# Configure SwitchC.
Same as the configurations on SwitchA.
Step 2 Enable SwitchA, SwitchB, and SwitchC to process LLDP BPDUs.
# Configure SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-interface GigabitEthernet0/0/1] bpdu enable
# Configure SwitchB.
Same as the configurations on SwitchA.
# Configure SwitchC.
Same as the configurations on SwitchA.
Step 3 Configure management addresses for SwitchA, SwitchB, and SwitchC.
# Configure SwitchA.
[SwitchA] lldp management-address 10.10.10.1
# Configure SwitchB.
[SwitchB] lldp management-address 10.10.10.2
# Configure SwitchC.
[SwitchC] lldp management-address 10.10.10.3
Step 4 Verify the configuration.
# Check whether LLDP function is enabled and management addresses are configured.
l View the configurations on SwitchA.
# View the neighbor information of SwitchA.
<SwitchA> display lldp neighbor interface gigabitethernet 0/0/1
GigabitEthernet0/0/1 has 2 neighbors:
Neighbor index : 1
Chassis type
:macAddress
Chassis ID
:00e0-fc33-0012
Port ID type
:interfaceName
Port ID
:GigabitEthernet0/0/1
Port description
:HUAWEI, Quidway Series, GigabitEthernet0/0/1 Interface
System name
:SwitchB
System description :Quidway
Huawei Versatile Routing Platform Software
VRP (R) Software, Version 5.70 (S5700 )
Copyright (c) 2003-2010 Huawei Technologies Co., Ltd
System capabilities supported
:bridge
System capabilities enabled
:bridge
Management address type :ipV4
Management address
: 10.10.10.2
Expired time
:118s
Port VLAN ID(PVID) :1
VLAN name of VLAN 1: VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM CFM
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
69
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
Auto-negotiation supported
:Yes
Auto-negotiation enabled
:Yes
OperMau
:speed(1000)/duplex(Full)
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
PSE pairs control ability:No
Power pairs
:Unknown
Port power classification:Unknown
Link aggregation supported:Yes
Link aggregation enabled :No
Aggregation port ID
:0
Maximum frame Size
:1600
MED Device information
Device class
:Network Connectivity
HardwareRev
:VER B
FirmwareRev
:NC
SoftwareRev
:Version 5.70 V200R006C00
SerialNum
:NA
Manufacturer name :HUAWEI TECH CO., LTD
Model name
:NA
Asset tracking identifier :NA
Media policy type
:Unknown
Unknown Policy
:Undefined
VLAN tagged
:No
Media policy VlanID
:0
Media policy L2 priority :0
Media policy Dscp
:0
Power Type
:Unknown
PoE PSE power source
:Unknown
Port PSE Priority
:Unknown
Port Available power value:0
Neighbor index : 2
Chassis type
:macAddress
Chassis ID
:00e0-fc33-0013
Port ID type
:interfaceName
Port ID
:GigabitEthernet0/0/1
Port description
:HUAWEI, Quidway Series, GigabitEthernet0/0/1 Interface
System name
:SwitchC
System description :Quidway
Huawei Versatile Routing Platform Software
VRP (R) Software, Version 5.70 (S5700 )
Copyright (c) 2003-2010 Huawei Technologies Co., Ltd
System capabilities supported
:bridge
System capabilities enabled
:bridge
Management address type :ipV4
Management address
: 10.10.10.3
Expired time
:118s
Port VLAN ID(PVID) :1
VLAN name of VLAN 1: VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM CFM
Auto-negotiation supported
:Yes
Auto-negotiation enabled
:Yes
OperMau
:speed(1000)/duplex(Full)
Power port class
PSE power supported
Issue 01 (2011-10-26)
:PD
:No
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
70
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
PSE power enabled
:No
PSE pairs control ability:No
Power pairs
:Unknown
Port power classification:Unknown
Link aggregation supported:Yes
Link aggregation enabled :No
Aggregation port ID
:0
Maximum frame Size
:1600
MED Device information
Device class
:Network Connectivity
HardwareRev
:VER B
FirmwareRev
:NC
SoftwareRev
:Version 5.70 V200R006C00
SerialNum
:NA
Manufacturer name :HUAWEI TECH CO., LTD
Model name
:NA
Asset tracking identifier :NA
Media policy type
:Unknown
Unknown Policy
:Undefined
VLAN tagged
:No
Media policy VlanID
:0
Media policy L2 priority :0
Media policy Dscp
:0
Power Type
:Unknown
PoE PSE power source
:Unknown
Port PSE Priority
:Unknown
Port Available power value:0
l View the configurations on SwitchB.
Same as information about SwitchA.
l View the configurations on SwitchC.
Same as information about SwitchA.
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
#
lldp enable
#
lldp management-address 10.10.10.1
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
bpdu enable
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
#
lldp enable
#
lldp management-address 10.10.10.2
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
71
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
bpdu enable
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
#
lldp enable
#
lldp management-address 10.10.10.3
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
bpdu enable
#
return
2.5.3 Example for Configuring LLDP on the Network Where Link
Aggregation Is Configured
After LLDP is configured on the interfaces of network devices, the NMS can obtain the network
topology. The following example describes how to configure LLDP on the network where link
aggregation is configured.
Networking Requirements
As shown in Figure 2-9, SwitchA and SwitchB need to be connected by an Eth-Trunk. The
NMS needs to obtain the Layer 2 information between the Switches. By using the Layer 2
information, a network administrator can know the detailed topology information and
configuration errors on the devices outside the unknown network. These requirements can be
met by configuring LLDP on SwitchA and SwitchB.
The NMS has reachable routes to SwitchA and SwitchB and SNMP parameters are set on all
devices.
Figure 2-9 Configuring LLDP on the network where link aggregation is configured
GE1/0/3 GE1/0/2
10.10.10.1
GE2/0/2
GE2/0/3
10.10.10.2
GE1/0/1 Eth-Trunk1 GE2/0/1
SwitchA
SwitchB
Configuration Roadmap
The configuration roadmap is as follows:
1.
Add the physical interfaces of SwitchA and SwitchB to the Eth-Trunk.
2.
Enable global LLDP on SwitchA and SwitchB.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
72
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3.
Enable SwitchA and SwitchB to process LLDP BPDUs.
4.
Configure management addresses for SwitchA and SwitchB.
2 LLDP Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Management address 10.10.10.1 for SwitchA and management address 10.10.10.2 for
SwitchB
l
Number of the Eth-Trunk between SwitchA and SwitchB, and numbers of the interfaces
added to the Eth-Trunk
Procedure
Step 1 Configure the Eth-Trunk between SwitchA and SwitchB.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 100
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] trunkport gigabitethernet 0/0/1
[SwitchA-Eth-Trunk1] trunkport gigabitethernet 0/0/2
[SwitchA-Eth-Trunk1] trunkport gigabitethernet 0/0/3
[SwitchA-Eth-Trunk1] port link-type trunk
[SwitchA-Eth-Trunk1] port trunk allow-pass vlan 100
[SwitchA-Eth-Trunk1] quit
# Configure SwitchB.
Same as the configurations on SwitchA.
Step 2 Enable global LLDP on SwitchA and SwitchB.
# Configure SwitchA.
[SwitchA] lldp enable
# Configure SwitchB.
Same as the configurations on SwitchA.
Step 3 Enable SwitchA and SwitchB to process LLDP BPDUs.
# Configure SwitchA.
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] bpdu enable
[SwitchA-Eth-Trunk1] quit
# Configure SwitchB.
Same as the configurations on SwitchA.
Step 4 Configure management addresses for SwitchA and SwitchB.
# Configure SwitchA.
[SwitchA] lldp management-address 10.10.10.1
# Configure SwitchB.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
73
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
[SwitchB] lldp management-address 10.10.10.2
Step 5 Verify the configuration.
l View the configurations on SwitchA.
# Check whether the physical interfaces are added to Eth-Trunk1.
[SwitchA] display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: NORMAL
Hash arithmetic: According to SIP-XORDIP
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber:
8
Operate status: up
Number Of Up Port In Trunk:
3
------------------------------------------------------------------------------PortName
Status
Weight
GigabitEthernet0/0/1
Up
1
GigabitEthernet0/0/2
Up
1
GigabitEthernet0/0/3
Up
1
# View the LLDP configurations.
[SwitchA] display lldp local
System
information
Chassis
type
:macAddress
Chassis ID
:00e0fc33-0011
System name
:SwitchA
System description :Quidway
Huawei Versatile Routing Platform
Software
VRP (R) Software, Version 5.70 (S5700 V200R006C00)
Copyright (c) 2003-2010 Huawei Technologies Co.,
Ltd
System capabilities
supported
:bridge
System capabilities
enabled
:bridge
LLDP Up time
:2010/2/13
18:31:37
MED system information
Device class
:Network Connectivity
(MED inventory information of master board)
HardwareRev
:VER B
FirmwareRev
:NA
SoftwareRev
:Version 5.70 V200R006C00
SerialNum
:NA
Manufacturer name :HUAWEI TECH CO.,LTD
Model name
:NA
Asset tracking identifier :NA
Issue 01 (2011-10-26)
System configuration
LLDP Status
LLDP Message Tx Interval
LLDP Message Tx Hold Multiplier
LLDP Refresh Delay
LLDP Tx Delay
LLDP Notification Interval
LLDP Notification Enable
Management Address
:enabled
:30
:4
:2
:2
:5
:enabled
:IP: 10.10.10.1
Remote Table Statistics:
Remote Table Last Change Time
:0 days, 15 hours, 1 minutes, 21 seconds
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
(default
(default
(default
(default
(default
(default
(default
is
is
is
is
is
is
is
disabled)
30s)
4)
2s)
2s)
5s)
disabled)
74
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
Remote Neighbors Added
:1
Remote Neighbors Deleted
:0
Remote Neighbors Dropped
:0
Remote Neighbors Aged
:0
Total Neighbors
:2
Port information:
Interface GigabitEthernet0/0/1:
LLDP Enable Status
:enabled
Total Neighbors
:1
Port ID subtype
Port ID
Port description
(default is disabled)
:interfaceName
:GigabitEthernet0/0/1
:HUAWEI, Quidway Series, GigabitEthernet0/0/1 Interface
Port And Protocol vlan ID(PPVID) don't supported
Port VLAN ID(PVID) :1
VLAN Name of VLAN 1: VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM CFM
Auto-negotiation supported
:Yes
Auto-negotiation enabled
:Yes
OperMau
:speed(1000)/duplex(Full)
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
PSE pairs control ability:No
Power pairs
:Unknown
Port power classification:Unknown
Link aggregation supported:Yes
Link aggregation enabled :No
Aggregation port ID
:1
Maximum frame Size
:1600
MED port information
Media policy type
:Unknown
Unknown Policy
:Yes
VLAN tagged
:No
Media policy VlanID
Media policy L2 priority
Media policy Dscp
:0
:0
:0
Power Type
:Unknown
PoE PSE power source
:Unknown
Port PSE Priority
:Unknown
Port Available power value:0
Interface GigabitEthernet0/0/2:
LLDP Enable Status
:enabled
Total Neighbors
:1
Port ID subtype
Port ID
Port description
(default is disabled)
:interfaceName
:GigabitEthernet0/0/2
:HUAWEI, Quidway Series, GigabitEthernet0/0/2 Interface
Port And Protocol vlan ID(PPVID) don't supported
Port VLAN ID(PVID) :1
VLAN Name of VLAN 1: VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM CFM
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
75
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
Auto-negotiation supported
:Yes
Auto-negotiation enabled
:Yes
OperMau
:speed(1000)/duplex(Full)
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
PSE pairs control ability:No
Power pairs
:Unknown
Port power classification:Unknown
Link aggregation supported:Yes
Link aggregation enabled :Yes
Aggregation port ID
:1
Maximum frame Size
:1600
MED port information
Media policy type
:Unknown
Unknown Policy
:Yes
VLAN tagged
:No
Media policy VlanID
Media policy L2 priority
Media policy Dscp
:0
:0
:0
Power Type
:Unknown
PoE PSE power source
:Unknown
Port PSE Priority
:Unknown
Port Available power value:0
Interface GigabitEthernet0/0/3:
LLDP Enable Status
:enabled
Total Neighbors
:1
Port ID subtype
Port ID
Port description
(default is disabled)
:interfaceName
:GigabitEthernet0/0/3
:HUAWEI, Quidway Series, GigabitEthernet0/0/3 Interface
Port And Protocol vlan ID(PPVID) don't supported
Port VLAN ID(PVID) :1
VLAN Name of VLAN 1: VLAN1
Protocol identity
:STP RSTP/MSTP LACP EthOAM CFM
Auto-negotiation supported
:Yes
Auto-negotiation enabled
:Yes
OperMau
:speed(1000)/duplex(Full)
Power port class
:PD
PSE power supported
:No
PSE power enabled
:No
PSE pairs control ability:No
Power pairs
:Unknown
Port power classification:Unknown
Link aggregation supported:Yes
Link aggregation enabled :Yes
Aggregation port ID
:1
Maximum frame Size
:1600
MED port information
Media policy type
:Unknown
Unknown Policy
:Yes
VLAN tagged
:No
Media policy VlanID
Media policy L2 priority
Media policy Dscp
Power Type
Issue 01 (2011-10-26)
:0
:0
:0
:Unknown
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
76
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
PoE PSE power source
:Unknown
Port PSE Priority
:Unknown
Port Available power value:0
# View the neighbor information of SwitchA.
[SwitchA] display lldp neighbor brief
Local Intf
Neighbor Dev
Neighbor Intf
Exptime
GE0/0/1
SwitchB
GE0/0/1
GE0/0/2
SwitchB
GE0/0/2
GE0/0/3
SwitchB
GE0/0/3
115
115
115
l View the configurations on SwitchB.
Same as information about SwitchA.
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
interface MEth0/0/1
ip address 10.10.10.1 255.255.255.0
#
lldp enable
#
interface Eth-Trunk1
port link-type
trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
lldp management-address 10.10.10.1
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
interface MEth0/0/1
ip address 10.10.10.2 255.255.255.0
#
vlan batch 100
#
lldp enable
#
interface Eth-Trunk1
port link-type
trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
77
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2 LLDP Configuration
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
lldp management-address 10.10.10.2
#
return
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
78
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
3
HGMP Configuration
About This Chapter
By running the Huawei Group Management Protocol (HGMP), you can appoint a switch as the
administrator switch to create a cluster and add a large number of Ethernet switches to the cluster.
The administrator is used to perform unified management and configuration over these switches,
which simplifies maintenance and engineering.
3.1 Introduction to HGMP
This part describes the reason for introducing HGMP and the typical networking of HGMP.
3.2 HGMP Features Supported by the S5700
This part describes the HGMP features supported by the S5700.
3.3 Configuring Basic HGMP Functions
This section describes how to configure basic HGMP functions to create or manage a cluster.
3.4 Configuring Advanced HGMP Functions
This section describes how to configure advanced HGMP functions to simplify the management
and maintenance of a basic cluster.
3.5 Maintaining HGMP
This section describes how to clear the statistics on NDP, and monitor the operation status of
the HGMP cluster.
3.6 HGMP Configuration Examples
This section provides several configuration examples of HGMP.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
79
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
3.1 Introduction to HGMP
This part describes the reason for introducing HGMP and the typical networking of HGMP.
Currently, the Ethernet technology is widely used on both metropolitan area networks (MANs)
and enterprise networks. With the expansion of networks, a large number of access devices are
deployed at the edge of the networks. In this situation, you have to maintain and manage a great
number of devices individually and assign IP addresses for them one by one. This leads to the
waste of IP addresses.
The Huawei Group Management Protocol (HGMP) is developed to manage a group of Ethernet
switches. By running HGMP, you can appoint a switch as the administrator in a cluster to perform
integrated management and configurations over other switches added to the cluster. This
simplifies maintenance and engineering. In addition, all the switches in a cluster share one public
IP address to communicate with outside devices, which saves IP addresses.
Figure 3-1, and Figure 3-2 show the networking diagram of a cluster.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
80
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Figure 3-1 Networking diagram of a cluster (tree)
FTP
Server
IDC
Server
IP/MPLS
core
I n te rnnet
Router
Cluster1
Administrator
Member1
Member2
Member4
Member3
DSLAM
Host
Administrator: administrator switch
Issue 01 (2011-10-26)
Member: member switch
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
81
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Figure 3-2 Networking diagram of a cluster (RRPP)
FTP
Server
IDC
Server
IP/MPLS
core
I n te rnnet
Router
Cluster1
Administrator
Member1
Member3
Member2
Member4
DSLAM
Host
Administrator: administrator switch
Member: member switch
3.2 HGMP Features Supported by the S5700
This part describes the HGMP features supported by the S5700.
NDP
In HGMP, Neighbor Discovery Protocol (NDP) packets are used to collect information about
the directly connected neighbors, including the device model, software version, hardware
version, connection interface, member number, private IP address used for communication
within a cluster, and hardware platform.
NOTE
Any device that supports HGMP does not forward NDP packets.
An NDP table is created to store information about neighbors.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
82
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
After receiving an NDP packet from the neighbor, the device compares the contents of the packet
with those of a corresponding entry in the NDP table and updates the entry.
NTDP
In HGMP, Network Topology Discovery Protocol (NTDP) packets are used to collect
information about topologies. According to the neighbor information in the NDP table, the
device sends and forwards requests for topology collection, and then collects entries in the NDP
table of each device in a certain network segment.
After receiving an NTDP topology request packet, the device sends an NTDP response packet
immediately. At the same time, the device forwards the received NTDP packet to other interfaces
according to NTDP forwarding rules.
Roles in a Cluster
HGMP defines four roles in a cluster: administrator switch, member switch, candidate switch,
and standby switch.
NOTE
Currently, the S5700 cannot function as a standby switch.
l
An administrator switch is the management device in a cluster. To ensure the
communication between devices in and out of the cluster, you need to assign a public IP
address to the administrator switch.
l
A member switches is the member device in a cluster. The member switch is managed by
the administrator switch that acts as an agent. Therefore, the public IP address is not required
for a member switch.
l
A candidate switch is a device that has the cluster function but does not join any cluster.
l
A standby switch is the backup administrator switch in a cluster. When the administrator
switch fails, the standby switch automatically serves as the administrator switch.
You can determine the role of a switch in a cluster. Each of the four roles, however, can be
changed according to certain rules.
Basic Cluster Management
The basic cluster management includes the following items:
l
Establishment of a cluster management domain
l
Addition and deletion of a member
l
Status transition of a member
l
Communication in the cluster
l
Switchover between the administrator switch and the candidate switch
l
Display of the topology
l
Modification of the cluster management configuration
l
Automatic configuration of SNMP
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
83
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
NAT
In HGMP, member switches in a cluster can communicate with devices in the public network
through Network Address Transmission (NAT). Whether to use NAT for the communication
can be controlled through commands.
l
The administrator switch is the management device in a cluster. To ensure the
communication between devices in and out of the cluster, you need to assign a public IP
address to the administrator switch.
l
To ensure that devices in and out of the cluster can communicate through NAT, you need
to enable NAT of specified protocols on the administrator switch.
l
NAT rules used by a cluster are automatically configured by the administrator switch. When
member switches access devices out of the cluster, they can automatically obtain the
interface mapped through NAT; when devices out of the cluster access member switches,
they need to calculate the number of the port of specified services on member switches.
Batch Distribution
HGMP can perform batch distribution over all the member switches under its management.
Objects to be distributed in batches include: the system software, configuration files, patch files.
l
The batch distribution command can be performed only on the administrator switch.
l
The administrator switch can be configured with the plug-and-play IP address, user name,
and password. If no IP address, user name, or password are specified in the command, the
plug-and-play IP address, user name, and password are adopted. If neither kinds of IP
address, user name, and password are configured, the command cannot be performed.
l
Member switches download specified files from the FTP server and then set them as the
default files for the next startup.
l
To avoid congestion, you can set the maximum number of member switches that
concurrently download files from the FTP server.
Batch Restart
HGMP can perform batch restart over a specified group of member switches.
l
During the process of batch restart, member switches do not save the current configuration.
l
After receiving the batch restart command, member switches wait 1 second to guarantee
the pervasion of control packets throughout the cluster.
Incremental Configuration
In a cluster, some member switches may have the same configurations, such as creating a VLAN
and enabling a feature. The incremental configuration function is used to remotely control the
selected member switches in batches. With this mode, you only need to configure a control
command list on the administrator switch. Then, you can deliver the control command list to
member switches at a time and query the control command output on each member switch. The
member selection mode can be all, device type-based, member switch ID-based, or IP addressbased.
l
Incremental configuration can be performed only on the administrator switch.
l
Incremental configuration is applied to the scenario of configuring member switches in
batches and is performed once on selected switches.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
84
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
l
After incremental configuration is performed, a result list is returned to report the command
output on each member switch. If an error occurs during the command execution, the faulty
command can be located according to the sequence number.
l
Latter execution results of the incremental configuration overwrite previous ones and only
the last result is saved.
l
You can edit a configuration command list in the incremental configuration view. The
command execution is closely related to specific views and its sequence is the same as that
on a device.
Configuration Synchronization
After a cluster is created and configured with basic functions, you can save the configuration
files of the cluster members to a specified FTP server through the configuration synchronization
command.
l
To perform configuration synchronization, you need to specify an FTP server in advance.
Security Features
After a cluster is created and configured with basic functions, you can close the network edge
of the cluster as required and then the topology of the cluster becomes stable. When plug and
play is enabled and the PAF is used to control devices configured with HGMP functions to
automatically enable NDP and NTDP on Layer 2 interfaces, a great number of Layer 2 interfaces
are automatically enabled with NDP and NTDP on member switches. NDP and NTDP, however,
are not required on interfaces unrelated to the cluster. Therefore, you need to disable NDP or
NTDP on unrelated interfaces. As a result, less packets are transmitted and the topology of the
cluster is stable.
l
On the administrator switch, disable NDP or NDTP on unrelated interfaces in the cluster.
l
After you disable NDP on unrelated interfaces in the cluster, NDP packets of the interfaces
are not sent to the administrator switch.
l
After you disable NTDP on unrelated interfaces in the cluster, NTDP packets of the
interfaces are not sent to the administrator switch.
l
When the topology of the cluster becomes stable, the unrelated interfaces in the cluster are
defined as interfaces that have not NDP neighbors.
Plug and Play
Before a device joins a cluster, you need to configure the device manually. When a great number
of devices need to be added to a cluster, you can use plug and play to simplify the process. You
can use the PAF to control the performance of basic configuration on devices. Then, connect
devices to the cluster devices physically. After that, the devices can be added to the cluster
automatically.
l
Plug and play uses the PAF to control the performance of basic configuration on devices.
l
Plug and play needs to be enabled on the administrator switch.
l
The interfaces connecting the administrator switch and the member switches need to be
added to a control VLAN in trunk mode.
l
The interval for collecting NTDP packets needs to be set on the administrator switch.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
85
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
3.3 Configuring Basic HGMP Functions
This section describes how to configure basic HGMP functions to create or manage a cluster.
3.3.1 Establishing the Configuration Task
Before configuring basic HGMP functions, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.
Applicable Environment
When you need to create or manage a cluster, you can configure the cluster with basic HGMP
functions.
Pre-configuration Tasks
Before configuring basic HGMP functions, complete the following tasks:
l
Ensuring that the device is correctly powered on and operates normally
l
Configuring basic attributes of interfaces on the device
Data Preparation
To configure basic HGMP functions, you need the following data.
No.
Data
1
Range of private IP addresses used in the cluster
2
Cluster name
3
Medium access control (MAC) address of the member switch
4
(Optional) Aging time of NDP packets and interval for sending NDP packets
5
(Optional) Range of topology collection, hop delay and interface delay in forwarding
NTDP topology request packets, interval for topology collection
6
(Optional) ID of the management VLAN, aging time of NDP packets, interval for
sending handshake packets, address of the SNMP host, and IP addresses of the FTP
server and the SFTP server
3.3.2 Configuring NDP
This part describes how to configure the Neighbor Discovery Protocol (NDP) to collect
information about directly connected neighbors.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
86
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Procedure
l
Enabling NDP in the system view
Do as follows on the administrator switch and member switches:
1.
Run:
system-view
The system view is displayed.
2.
Run:
ndp enable
By default, NDP is enabled in the system view.
l
Enabling NDP on an interface
Do as follows on the administrator switch and member switches:
1.
Run:
system-view
The system view is displayed.
2.
Run the following command as required:
– Run:
ndp enable interface { interface-type interface-number [ to interfacetype interface-number ] }&<1-10>
NDP on an interface is enabled in the system view.
– Run:
interface interface-type interface-number
The interface view is displayed.
Run:
ndp enable
NDP is enabled on the interface.
l
(Optional) Setting the aging time of NDP packets
Do as follows on the administrator switch and member switches:
1.
Run:
system-view
The system view is displayed.
2.
Run:
ndp timer aging aging-time
The aging time of NDP packets is set.
By default, the aging time of NDP packets is set to 180 seconds. The aging time of
NDP packets must be longer than the interval for sending NDP packets.
l
(Optional) Setting the interval for sending NDP packets
Do as follows on the administrator switch and member switches:
1.
Run:
system-view
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
87
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
The system view is displayed.
2.
Run:
ndp timer hello interval
The interval for sending NDP packets is set.
By default, the interval for sending NDP packets is set to 60 seconds. The interval for
sending NDP packets must be shorter than the aging time of NDP packets.
----End
3.3.3 Configuring NTDP
This section describes how to configure the Network Topology Discovery Protocol (NTDP) to
collect information about network topologies.
Procedure
l
Enabling NTDP in the system view
1.
Run:
system-view
The system view is displayed.
2.
Run:
ntdp enable
NTDP is enabled in the system view.
By default, NTDP is enabled in the system view.
l
Enabling NTDP on an interface
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface interface-type interface-number
The interface view is displayed.
3.
Run:
ntdp enable
NTDP is enabled on the interface.
l
(Optional) Configuring the range of topology collection
1.
Run:
system-view
The system view is displayed.
2.
Run:
ntdp hop max-hop-value
The range of topology collection is configured.
By default, the value is 3 hops. The greater the value is, the more memory is occupied.
l
Issue 01 (2011-10-26)
(Optional) Setting the delay in forwarding NTDP packets
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
88
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1.
3 HGMP Configuration
Run:
system-view
The system view is displayed.
2.
Run:
ntdp timer hop-delay hop-delay-time
The hop delay in forwarding NTDP packets is set.
3.
Run:
ntdp timer port-delay port-delay-time
The interface delay in forwarding NTDP packets is set.
By default, the hop delay is 200 ms and the interface delay is 20 ms.
l
(Optional) Setting the interval for collecting topology information
1.
Run:
system-view
The system view is displayed.
2.
Run:
ntdp timer interval
The interval for collecting topology information is set.
By default, the interval for collecting topology information is set to 0 minutes, that is,
topology information is not collected regularly.
l
(Optional) Enabling topology collection
1.
Run the following command in the user view:
ntdp explore
Topology collection is enabled.
You can run this command to collect topology information at any time.
----End
3.3.4 Creating a Cluster
To perform unified management over switches, you must first create a cluster and add switches
to be managed to the cluster.
Procedure
l
Configuring a management VLAN
Do as follows on the administrator switch and member switches:
1.
Run:
system-view
The system view is displayed.
2.
Run:
vlan vlan-id
A VLAN is created and the VLAN view is displayed.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
89
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
By default, the ID of the management VLAN on the device is 1, which should be
created manually.
– If you do not need to change the default ID of the management VLAN, you can
skip Step 6 and Step 7. The VLAN ID in Step 2 is 1.
– If you need to change the ID of the management VLAN, VLAN IDs in Step 2,
Step 4, and Step 7 must be the same.
3.
Run:
quit
The VLAN view is quit.
4.
Run:
interface vlanif vlan-id
A VLANIF interface is created and the VLANIF interface view is displayed.
5.
Run:
quit
The VLANIF interface view is quit.
6.
Run:
cluster
The cluster view is displayed.
7.
Run:
mngvlanid vlan-id
A management VLAN is configured.
If you change the ID of the management VLAN or delete the management VLAN and
its corresponding VLANIF interface on the administrator switch, the cluster is
automatically deleted.
If you change the ID of the management VLAN or delete the management VLAN and
its corresponding VLANIF interface on a member switch, the member switch
automatically quits the cluster.
l
Enabling the cluster function
Do as follows on the administrator switch and member switches:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster enable
The cluster function is enabled.
By default, the cluster function is not enabled on the device.
l
Creating a cluster
A cluster can be created manually or automatically on the S5700.
NOTE
If the administrator switch is rebooted after the HGMP cluster is created, member switches need to
be re-added into the cluster. In such a situation, numbering of these member switches may be changed.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
90
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Creating a cluster manually
These steps need to be configured only on the administrator switch or on the switch which
will be the administrator in a created HGMP cluster.
In this mode, you need to manually add member switches to the cluster.
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
Run:
ip-pool administrator-ip-address { mask-length | mask }
The range of private IP addresses used in a cluster is set.
This command can be run only before the cluster is set up. If the cluster is set up, you
are not allowed to change the range of private IP addresses used in the cluster.
NOTE
The private IP addresses used by a cluster cannot be the same as any IP address on the device.
4.
Run:
build cluster-name
Names of the administrator switch and the cluster are configured and the cluster is
created.
This command can only be run on the administrator switch and the switch that does
not join any cluster.
Creating a cluster automatically
These steps need to be configured only on the administrator switch or on the switch which
will be the administrator in a created HGMP cluster.
In this mode, the administrator switch prompts you whether to add all the existing candidate
switches to the cluster.
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
Run:
ip-pool administrator-ip-address { mask-length | mask }
The range of private IP addresses used in a cluster is set.
This command can be run only before the cluster is set up. If the cluster is set up, you
are not allowed to change the range of private IP addresses used in the cluster.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
91
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
NOTE
The private IP addresses used by a cluster cannot be the same as any IP address on the device.
4.
Run:
auto-build [ recover ]
A cluster is created automatically.
The auto-build command can also be used to add member switches automatically.
For configuration details, see Adding a Member Switch.
----End
3.3.5 Adding a Member Switch
To perform unified management over a switch that is not a member of a cluster, you must first
add the switch to the cluster.
Context
After a cluster is set up, you can add a member switch to the cluster either manually or
automatically.
Procedure
l
Adding a member switch manually
In this mode, you must manually specify the MAC address of the member switch.
Do as follows only on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
Run:
add-member [ member-number ] mac-address mac-address [ password password]
A member switch is added.
l
Adding a member switch automatically
In this mode, the administrator switch prompts you whether to add all the existing candidate
switches to the cluster. If the authentication mode is used to add member switches, the
administrator switch quits the action of adding a member switch.
Do as follows only on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
92
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
The cluster view is displayed.
3.
Run:
auto-build [ recover ]
A member switch is added automatically.
The auto-build command can also be used to create a cluster automatically. For
configuration details, see Creating a Cluster.
recover indicates that all member switches, including the member switches missing
on the administrator switch should re-join the HGMP cluster.
NOTE
If the administrator switch of HGMP cluster A considers that switch N does not belong to
cluster A but switch N considers that it belongs to cluster A, switch N is called the missing
member switch on the administrator switch.
----End
3.3.6 (Optional) Deleting or Quitting a Cluster
Context
If you do not need to use a cluster to manage a switch, you can delete the switch or configure
the switch to quit the cluster.
Procedure
l
Deleting a cluster
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run
cluster
The cluster view is displayed.
3.
Run:
undo build
A cluster is deleted.
After the command is run on an administrator switch, except the mngvlanid and ippool commands, configurations of the administrator switch in the HGMP cluster view
are deleted; all member switches automatically quit the cluster.
l
Disabling a cluster
Do as follows on the administrator switch or a member switch:
1.
Run:
system-view
The system view is displayed.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
93
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2.
3 HGMP Configuration
Run:
undo cluster enable
The administrator switch or member switch disable the cluster function.
– After the command is run on an administrator switch, except the mngvlanid
command, configurations of the HGMP cluster in the HGMP cluster view are
deleted; all member switches automatically quit the cluster.
– After the command is run on a member switch, the member switch automatically
quits the cluster, without affecting the administrator switch and other member
switches.
l
Quitting a cluster
Do as follows on a member switch:
1.
Run:
system-view
The system view is displayed.
2.
Run
cluster
The cluster view is displayed.
3.
Run:
undo administrator-address
The member switch quits a specified cluster.
NOTE
When you run the undo administrator-address command on member switches, the member
switch temporarily exits from the cluster, whereas the administrator switch does not delete the
member switch. To delete a member switch from the HGMP cluster, run the delete-member
command.
----End
3.3.7 (Optional) Deleting a Member Switch
If you do not need to use a cluster to manage a switch in a management domain, you can delete
the switch from the cluster.
Context
If you do not need a cluster to manage a switch, you can delete the member switch from the
cluster.
Do as follows only on the administrator switch:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
94
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
cluster
The cluster view is displayed.
Step 3 Run:
delete-member member-number
A member switch is deleted from the cluster.
----End
3.3.8 Checking the Configuration
After configuring basic HGMP functions, you can view the configuration.
Prerequisite
The configurations of the Basic HGMP are complete.
Procedure
l
Run the display ndp to check the NDP configuration in the system view.
l
Run the display ndp interface { interface-type interface-number [ to interface-type
interface-number ] }&<1-10> to check the neighbor information detected through NDP on
a specified interface.
l
Run the display ntdp to check the global NTDP settings.
l
Run the display ntdp device-list [ verbose ] to check the device information collected
through NTDP.
l
Run the display cluster to check the status and statistics of cluster.
l
Run the display cluster candidates [ mac-address mac-address | verbose ] to check
information about candidate switches.
l
Run the display cluster members [ member-number | verbose ] to check information about
member switches.
----End
Example
If the NDP neighbor can be normally established, you can run the display ndp command to
check information about the MAC addresses of all the neighboring stations and the number of
the interface on the neighboring station that is connected to the local interface.
<Quidway> display ndp
Neighbor discovery protocol is enabled.
Neighbor Discovery Protocol Ver: 1, Hello Timer: 60(s), Aging Timer: 180(s)
Interface: GigabitEthernet0/0/1
Status: Disabled, Packets Sent: 0, Packets Received: 0, Packets Error: 0
Interface: GigabitEthernet0/0/2
Status: Enabled, Packets Sent: 114, Packets Received: 108, Packets Error: 0
Neighbor 1: Aging Time: 174(s)
MAC Address : 0018-8203-39d8
Port Name
: GigabitEthernet0/0/1
Software Version: VRP 5.70 V100R006C00
Device Name : S5700
Port Duplex : FULL
Product Ver : S5700
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
95
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
If the NDP neighbor is normally established, you can run the display ndp interface command
to check information about the MAC address of the neighboring station and the number of the
interface on the neighboring station that is connected to the local interface.
<Quidway> display ndp interface gigabitethernet 0/0/1
Interface: GigabitEthernet0/0/1
Status: Enabled, Packets Sent: 116, Packets Received: 110, Packets Error: 0
Neighbor 1: Aging Time: 174(s)
MAC Address : 0018-8203-39d8
Port Name
: GigabitEthernet0/0/1
Software Version: VRP 5.70 V100R006C00
Device Name : S5700
Port Duplex : FULL
Product Ver : S5700
If the NTDP neighbor is normally established, you can run the display ntdp command to check
the NTDP settings.
<Quidway> display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:462ms
If device information is successfully collected through NTDP, you can run the display ntdp
device-list [ verbose ] command to view information lists of all the devices.
<Quidway> display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
0001-0001-0001 0
S5700
If the cluster is established successfully, you can run the display cluster command to view
information about the HGMP cluster to which the device belongs, such as the cluster name and
ID of the management VLAN.
<HUAWEI_0.Quidway> display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.1.1.1/24
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 2 member(s) in the cluster, and 0 of them are down.
If the cluster is established successfully, you can run the display cluster candidates command
to view information about candidate switches, such as the MAC address and device type.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
96
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
<HUAWEI_0.Quidway> display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
If the cluster is established successfully, you can run the display cluster members command
to view information about member switches, such as the MAC address and device type. Member
switches are in the Up state.
<HUAWEI_0.Quidway> display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S5700
00e0-fcb8-d6b6 Admin HUAWEI_0.Administrator-1
1
S5700
0018-8267-7f7d Up
HUAWEI_1.Member-1
2
S5700
00e0-0003-0003 Up
HUAWEI_2.Member-2
3.4 Configuring Advanced HGMP Functions
This section describes how to configure advanced HGMP functions to simplify the management
and maintenance of a basic cluster.
3.4.1 Establishing the Configuration Task
Before configuring advanced HGMP functions, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.
Applicable Environment
To optimize the performance parameters of the established cluster, you can configure advanced
HGMP functions to facilitate the management and maintenance of the HGMP cluster and better
manage member switches in the cluster.
Pre-configuration Tasks
Before configuring advanced HGMP functions, complete the following tasks:
l
Ensuring that the device is correctly powered on and operates normally
l
Configuring basic attributes of interfaces on the device
l
Configuring Basic HGMP Functions
Data Preparation
To configure advanced HGMP functions, you need the following data.
Issue 01 (2011-10-26)
No.
Data
1
Interval for sending handshake packets
2
Aging time of the device status
3
Aging time of member switches
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
97
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
No.
Data
4
Multicast MAC address of the cluster
5
IP addresses of the public FTP server, SFTP server, log host, SNMP host used in the
cluster
6
Default information about the FTP server that is configured for the cluster, including
the IP address, user name, and password
3.4.2 Adjusting Parameters of the Cluster
To better manage switches in a cluster, you can adjust HGMP parameters as required. Adjustable
parameters include the interval for sending Handshake packets, holdtime of the configuration,
whether to enable candidate switches to automatically join a cluster, aging time of member
switches, multicast address of the cluster, mode of adding management interfaces of the cluster
to a VLAN, and public server and host of the cluster.
Procedure
l
Configure the interval for sending handshake packets.
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
Run:
timer interval
The interval for sending handshake packets is set.
By default, the interval for sending handshake packets is 10 seconds. This interval
must be equal to or less than one third of the holdtime of the device status.
l
Configure the holdtime of the status for the member switch.
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
Run:
holdtime hold-time
The holdtime of the status of the member switch is set.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
98
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
By default, the holdtime is 60 seconds. The holdtime must be at least three times the
interval for sending handshake packets.
l
Enable candidate switches to automatically join a cluster.
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
Run:
cluster-autojoin
Candidate switches are enabled to automatically join the cluster.
l
Set the aging time of the Disconnecting state for member switches.
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
Run:
cluster-discagingtime disconnect-aging-time
The aging time of member switches is set.
By default, no aging time is set. It indicates that the Disconnecting state of member
switches is not aged.
l
Configure a multicast MAC address for the cluster.
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
Run:
cluster-multimac mac-address
A multicast MAC address is configured for the cluster.
By default, the multicast MAC address of the cluster is 01-80-C2-00-00-0A. For
details of the range of the multicast MAC addresses, refer to the Command
Reference.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
99
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Before setting up a cluster, you need to assign a multicast MAC address to the cluster
or use the default multicast MAC address. To enhance the network security or if the
default multicast MAC address is already used by other services on the network, you
can reassign a multicast MAC address to the cluster within the permitted range. Once
the cluster is set up, you cannot change the multicast MAC address of the cluster. In
addition, you need to assign the same multicast MAC address to all the devices in the
cluster.
l
Configure the mode for interfaces in the cluster to join a VLAN.
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
Run:
port-tagged vlan
Communication interfaces in the cluster are added to the management VLAN in trunk
mode.
l
Configure public servers and hosts.
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
Run:
ftp-server ip-address
A public FTP server is configured for the cluster.
NOTE
The member switches in a cluster can communicate with the FTP server in either of the
following modes:
l Non-NAT: There must be reachable routes between member switches and FTP server.
l NAT: The cluster-ftp-nat enable command must be run in the cluster view to enable the
FTP NAT function on the administrator switch. The NAT rules are automatically generated
on the administrator switch, and the member switches obtain the NAT mapped ports.
The FTP NAT function on the administrator switch is disabled by default. That is, the member
switches communicate with the FTP server in non-NAT mode.
After the FTP server for the cluster is configured successfully, you can run the cluster-ftp
command so that the member switches can access the FTP server.
4.
Run:
sftp-server ip-address
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
100
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
A public SFTP server is configured for the cluster.
5.
Run:
snmp-host ip-address
A public SNMP host is configured for the cluster.
NOTE
The member switches in a cluster can communicate with the SNMP server in either of the
following modes:
l Non-NAT: There must be reachable routes between member switches and SNMP server.
l NAT: The cluster-snmp-nat enable command must be run in the cluster view to enable
the SNMP NAT function on the administrator switch. The NAT rules are automatically
generated on the administrator switch, and the member switches obtain the NAT mapped
ports.
The SNMP NAT function on the administrator switch is enabled by default. That is, the member
switches communicate with the SNMP server in NAT mode.
6.
Run:
logging-host ip-address
A public log host is configured for the cluster.
Member switches can access the servers and hosts that are configured through Steps
3 to 6 by accessing the administrator switch.
Steps 3 to 6 are optional and are not listed in sequence.
By default, no public server and host is configured for a cluster.
----End
3.4.3 Managing Switches in a Cluster Through HGMP
You can use commands to configure the following features for member switches of an HGMP
cluster in batches: batch distribution, batch restart, incremental configuration, configuration
synchronization, and security features.
Procedure
l
Configuring the batch distribution function
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
(Optional) Run:
cluster-plug-play ip ftp-ip-address username user-name password password
[ path-separator pathseparator ]
The default information for logging in to the FTP server is configured.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
101
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
After the configuration, the configured information is used by default during the
process of batch distribution.
4.
(Optional) Run:
cluster-member ftp-timeout time
The timeout period for member switches to download the configuration file, the
version file or the patch files through FTP is configured.
5.
Run:
cluster-member [ group-by { device-type device-type | ip {ip-address [ to
ip-address ] } &<1-10> | member-number { member-number [ to membernumber ] } &<1-10> } ] get { configuration-file | system-software | patch
| paf | license } file-name [ ip ftp-ip-address user-name user-name
password password ] [ path-separator pathseparator ]
The batch distribution function is performed.
– During the process of batch distribution, the group-by command can be used to
specify member switch groups according to different selection modes.
– If Step 3 is not performed, you must enter the IP address, user name, and password
when using this command.
– If Step 3 is performed, the IP address, user name, and password configured in Step
3 are used by default.
– IP addresses used in batch distribution are private IP addresses used in the cluster.
l
Configuring the batch restart function
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
(Optional) Run:
cluster-member reboot-timeout time
The timeout period for member switches to reboot is configured.
4.
Run:
cluster-member reboot [ group-by { device-type device-type | ip {ipaddress [ to ip-address ] } &<1-10> | member-number { member-number [ to
member-number ] } &<1-10> } ]
The batch restart function is performed.
The current configuration of the device is not saved during the process of batch restart.
l
Configuring the plug-and-play function
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
102
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
2.
3 HGMP Configuration
Run:
cluster
The cluster view is displayed.
3.
(Optional) Run:
cluster-plug-play ip ftp-ip-address username user-name password password
[ path-separator pathseparator ]
The default information for logging in to the FTP server is configured.
4.
Run:
cluster-plug-play enable
The plug-and-play function is enabled.
– To configure the management VLAN for the interface of the administrator switch,
you should run the port trunk allow-pass vlan command rather than the port
default vlan command if the cluster-plug-play enable command needs to be used.
This interface is directly connected to the candidate switch.
– Step 3 is used in the scenario of replacing devices. The new device automatically
downloads the configuration files of the old device. Prerequisites for the operation
is that configuration files of the old device exist on the FTP server and the physical
topologies and types of the new device and old device are the same.
l
Configuring Communication Between Huawei Devices and Non-Huawei Devices
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
Run:
cluster-packet-extend enable
Communication Between Huawei Devices and Non-Huawei Devices is enabled.
– To configure the management VLAN for the interface of the administrator switch,
you should run the port trunk allow-pass vlan command rather than the port
default vlan command if the cluster-packet-extend enable command needs to
be used. This interface is directly connected to the candidate switch.
l
Configuring the incremental configuration function
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
103
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3.
3 HGMP Configuration
Run:
increment
The incremental configuration view is displayed.
4.
Run:
increment-command [ command-number command-number ] command-text commandtext
The command list is edited.
5.
Run:
increment-run [ group-by { device-type device-type | ip { ip-address [ to
ip-address ] } &<1-10> | member-number { member-number [ to membernumber ] } &<1-10> } ]
The result whether commands in the command list are sent to the specified member
switch is displayed.
– Only the last execution result of the incremental configuration is saved.
– The member selection mode can be device type-based, member switch ID-based,
IP address-based, or all.
– If you use the ID of an existing command during the process of editing the
command list, the command will be overwritten.
– To delete the existed incremental configuration command, run the undo
increment-command { command-number command-number | all } command.
– To check the list of incremental configuration commands that is currently edited,
run the display increment-command command.
l
Synchronizing configuration files
Do as follows on the administrator switch:
1.
Run:
system-view
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
Run:
increment-config synchronization [ group-by { device-type device-type |
ip {ip-address [ to ip-address ] } &<1-10> | member-number { membernumber [ to member-number ] } &<1-10> } ]
The result whether configuration files of the specified member switch are
synchronized to the FTP server is displayed.
– The member selection mode can be device type-based, member switch ID-based,
IP address-based, or all.
– This command is valid only after the cluster is enabled.
l
Configuring security features
Do as follows on the administrator switch:
1.
Run:
system-view
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
104
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
The system view is displayed.
2.
Run:
cluster
The cluster view is displayed.
3.
Run:
cluster-member unrelated-port [ group-by { device-type device-type | ip
{ip-address [ to ip-address ] } &<1-10> | member-number { member-number
[ to member-number ] } &<1-10> } ] { ndp | ntdp }
NDP or NTDP is disabled on unrelated interfaces.
– Only the last command execution result is saved.
– The member selection mode can be device type-based, member switch ID-based,
IP address-based, or all.
– This command can be performed only after the cluster is enabled.
----End
3.4.4 Checking the Configuration
After configuring advanced HGMP functions, you can view the configuration.
Prerequisite
The configurations of the Advanced HGMP are complete.
Procedure
l
Run the display cluster-increment-result to check the delivery of incremental
configuration.
l
Run the display cluster-license to check the cluster license.
l
Run the display cluster-topology-info to check the cluster topology.
l
Run the display increment-command to check the incremental configuration command.
l
Run the display increment-synchronization-result to check whether configuration files
of member switches are synchronized to the FTP server.
l
Run the display member-getfile-state to check whether member switches successfully
obtain configuration files, version files, or patch files.
l
Run the display member-interface-state { ndp | ntdp } to check the status of NDP or
NTDP on unrelated interfaces of member switches.
l
Run the display member-reboot-state to check whether member switches are restarted
successfully.
l
Run the display member-save-state to check whether member switches successfully save
the current configurations to the FTP server
l
Run the display synchronization-result to check whether member switches successfully
synchronize configuration files to the FTP server.
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
105
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Example
If the incremental configuration command is successfully delivered to member switches, run the
display cluster-increment-result command, and you can view that success is displayed.
<HUAWEI_0.Quidway> display cluster-increment-result
The result of member switches executing increment commands:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
Result
CommandId
-----------------------------------------------------------------------------2
S5700
0003-0003-0003 10.0.0.3
success
3
S5700
0004-0004-0004 10.0.0.4
success
-
Run the display cluster-license command, and you can check the contents of the cluster license,
including the number of member switches that can be managed by the administrator switch and
maximum layers that member switches can concatenate.
<Quidway> display cluster-license
The max numbers and hops of manage member switch:
------------------------------------------------------------Max numbers of manage member switch: 255
Max hops of manage member switch
: 16
Run the display cluster-topology-info command, and you can view the cluster topology,
including the topology of normal links, candidate links, and faulty links.
<Quidway> display cluster-topology-info
<-->:normal device
<++>:candidate device
<??>:lost device
------------------------------------------------------------------------Total topology node number is 5.
[HUAWEI_0.Administrator: Root-00e0-ad14-c600]
|-(GigabitEthernet0/0/1)<-->(GigabitEthernet0/0/1)[HUAWEI_3.Member-3: 00e0da1c-4c00]
| |-(GigabitEthernet0/0/2)<-->(GigabitEthernet0/0/1)[HUAWEI_2.Member-2:
00e0-875b-8f00]
| | |-(GigabitEthernet0/0/2)<-->(GigabitEthernet0/0/1)[HUAWEI_1.Member-1:
00e0-0f68-6f00]
|-(GigabitEthernet0/0/2)<-->(GigabitEthernet0/0/1)[HUAWEI_4.Member-4:
00e0-9f7e-0b00]
Run the display increment-command command, and you can check the incremental
configuration of the cluster, including the number and contents of the incremental configuration.
<Quidway> display increment-command
The content of increment commands:
-----------------------------------------------------------------------------SN
Content
-----------------------------------------------------------------------------10
vlan batch 10 to 20
20
ip route-static 2.0.0.0 8 10.0.0.1
If the configuration files of member switches are successfully synchronized with the FTP server,
run the display increment-synchronization-result command, and you can view that success
is displayed.
<Quidway> display increment-synchronization-result
The result of member switches' synchronization:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------1
S5700
0002-0002-0002 10.0.0.2
success
2
S5700
0003-0003-0003 10.0.0.3
success
3
S5700
0004-0004-0004 10.0.0.4
success
If member switches successfully obtain configuration files, PAF files, or patch files, run the
display member-getfile-state command, and you can view that success is displayed.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
106
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
<Quidway> display member-getfile-state
The status of member switches getting file:
-----------------------------------------------------------------------SN
Device
MacAddress
IPAddress
Result
-----------------------------------------------------------------------2
S5700
0002-0002-0002
10.0.0.2
success
3
S5700
0003-0003-0003
10.0.0.3
success
Interfaces running NDP and NTDP are not required on member switches. If NDP and NTDP
are disabled successfully, run the display member-interface-state command, and you can view
that success is displayed.
<HUAWEI_0.Quidway> display member-interface-state ndp
The result of member switches executed disable member interface command:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------3
S5700
0004-0004-0004
10.0.0.4
success
2
S5700
0003-0003-0003
10.0.0.3
success
1
S5700
0002-0002-0002
10.0.0.2
success
[HUAWEI_0.Quidway-cluster] display member-interface-state ntdp
The result of member switches executed disable member interface command:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------3
S5700
0004-0004-0004
10.0.0.4
success
2
S5700
0003-0003-0003
10.0.0.3
success
1
S5700
0002-0002-0002
10.0.0.2
success
If member switches are successfully restarted, run the display member-reboot-state command,
and you can view that success is displayed.
<Quidway> display member-reboot-state
The result of member switches rebooting:
-----------------------------------------------------------------------SN
Device
MacAddress
IPAddress
Result
-----------------------------------------------------------------------1
S5700
0002-0002-0002
10.0.0.2
success
2
S5700
0003-0003-0003
10.0.0.3
success
------------------------------------------------------------------------
If the current configurations are successfully saved on member switches, run the display
member-save-state command, and you can view that success is displayed.
<Quidway> display member-save-state
The result of member switches saving:
-----------------------------------------------------------------------SN
Device
MacAddress
IPAddress
Result
-----------------------------------------------------------------------1
S5700
0002-0002-0002
10.0.0.2
success
2
S5700
0003-0003-0003
10.0.0.3
success
------------------------------------------------------------------------
If member switches successfully synchronize configuration files to the FTP server, run the
display synchronization-result command, and you can view that success is displayed.
<Quidway> display synchronization-result
The result of member switches' synchronization:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------1
S5700
0002-0002-0002 10.0.0.2
success
2
S5700
0003-0003-0003 10.0.0.3
success
3
S5700
0004-0004-0004 10.0.0.4
success
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
107
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
3.5 Maintaining HGMP
This section describes how to clear the statistics on NDP, and monitor the operation status of
the HGMP cluster.
3.5.1 Clearing the NDP Statistics
This part describes how to use the reset ndp statistics command to clear the statistics on NDP.
Context
CAUTION
Once statistics are cleared, they cannot be restored. Confirm the action before you use the
command.
Procedure
Step 1 Run the reset ndp statistics [ interface { interface-type interface-number [ to interface-type
interface-number ] } &<1-10> ] command in the user view to clear the NDP statistics.
----End
3.5.2 Monitoring the Operation Status of the HGMP Cluster
This part describes how to use the display commands to monitor the operating status of the
HGMP cluster.
Context
In routine maintenance, you can run the following commands in any view to display the operation
stauts of HGMP.
Procedure
l
Run the display ndp to check the NDP configuration in the system view.
l
Run the display ntdp to check the global NTDP configuration.
l
Run the display cluster to check information about the HGMP cluster to which the device
belongs.
l
Run the display ntdp device-list [ verbose ] to check information about the HGMP cluster
to which the device belongs.
l
Run the display cluster-topology-info to check the cluster topology information.
l
Run the display cluster candidates [ mac-address mac-address | verbose ] to check
information about candidate switches.
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
108
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
3.5.3 Debugging HGMP
When a fault occurs on NDP, NTDP, or a cluster, you can run the debugging command in the
user view to debug NDP, NTDP, or the cluster, view debugging information, locate the fault,
and analyze the cause.
Context
CAUTION
Debugging affects the performance of the system. After the debugging, run the undo debugging
all command to timely disable it.
When a fault occurs on NDP, NTDP, or a cluster, run the debugging command in the user view
to debug NDP, NTDP or the cluster, and you can view debugging information, locate the fault,
and then analyze the cause.
For more information about the debugging command, refer to the Debugging Reference.
Procedure
l
Run the debugging ndp packet [ interface { interface-type interface-number [ to
interface-type interface-number ] } &<1-10> ] command to enable NDP debugging.
l
Run the debugging ntdp { all | data | error | message | packet [ verbose ] } to enable
NTDP debugging.
l
Run the debugging cluster { all | event | handshake | member | mrc | nat | packet |
state } command or debugging cluster { packet | handshake | mrc } [verbose ] command
to enable cluster debugging.
----End
3.6 HGMP Configuration Examples
This section provides several configuration examples of HGMP.
3.6.1 Example for Configuring Basic HGMP Functions for a Cluster
Networking Requirements
As shown in Figure 3-3, a carrier sets up a Layer 2 network through Layer 2 devices. Too many
Layer 2 devices are hard to be maintained and managed on the site. In addition, to save public
IP addresses, you cannot assign a public IP address to each device.
To effectively manage the Layer 2 network, you can create a cluster for the Layer 2 network
and manage the cluster through HGMP.
In this example, Administrator-1 is nearest to the network administrator and is therefore
appointed as the administrator switch.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
109
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
NOTE
For convenience, only four devices in the Layer 2 network are described.
Figure 3-3 Networking diagram of configuring basic HGMP functions for a cluster
test1
SwitchA
SwitchB
GE0/0/1
VLANIF110
10.1.1.1/24
GE0/0/1
VLANIF110
10.1.1.2/24
SwitchC
GE0/0/2
GE0/0/1
VLANIF120 VLANIF120
10.2.1.1/24 10.2.1.2/24
test2
Device
MAC address
Device
MAC address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a management VLAN on all devices. Enable NDP and NTDP to ensure that each
device can detect the topology structure of the network through NTDP.
2.
Choose the administrator switch, and then create a cluster named HUAWEI on the
administrator switch.
3.
Add all the devices that support HGMP in the Layer 2 network to the cluster.
4.
Assign an IP address to VLANIF 10 to facilitate the communication between member
switches in the cluster and devices out of the cluster.
5.
Configure public servers and hosts for the cluster.
Data Preparation
To complete the configuration, you need the following data:
l
Management VLAN ID of the cluster, that is 10
l
IP address of VLANIF 10, that is 1.0.0.1/8
l
Address pool of the cluster, that is 10.0.0.0/8
l
IP address of the administrator in the cluster, that is 10.0.0.1/8
l
MAC addresses of devices, as shown in Figure 3-3
l
IP addresses of servers and hosts, as shown in Figure 3-3
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
110
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
0/0/3
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 1.
<Quidway> system-view
[Quidway] sysname Member-1
[Member-1] vlan 10
[Member-1-vlan10] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] quit
[Member-1] interface vlanif 10
[Member-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 2.
<Quidway> system-view
[Quidway] sysname Member-2
[Member-2] vlan 10
[Member-2-vlan10] quit
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] port link-type trunk
[Member-2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-2-GigabitEthernet0/0/1] quit
[Member-2] interface vlanif 10
[Member-2-Vlanif10] quit
# Configure member switch 3.
<Quidway> system-view
[Quidway] sysname Member-3
[Member-3] vlan 10
[Member-3-vlan10] quit
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] port link-type trunk
[Member-3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-3-GigabitEthernet0/0/1] quit
[Member-3] interface vlanif 10
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
111
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Member-3-Vlanif10] quit
Step 2 Configure NDP.
# On switches, enable NDP in the system view and on an interface.
# Configure the administrator switch.
[Administrator-1] ndp enable
[Administrator-1] interface gigabitethernet 0/0/1
[Administrator-1-GigabitEthernet0/0/1] ndp enable
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet 0/0/2
[Administrator-1-GigabitEthernet0/0/2] ndp enable
[Administrator-1-GigabitEthernet0/0/2] quit
# Configure member switch 1.
[Member-1] ndp enable
[Member-1] interface gigabitethernet 0/0/1
[Member-1-GigabitEthernet0/0/1] ndp enable
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet 0/0/2
[Member-1-GigabitEthernet0/0/2] ndp enable
[Member-1-GigabitEthernet0/0/2] quit
# Configure member switch 2.
[Member-2] ndp enable
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ndp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ndp enable
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ndp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface gigabitethernet 0/0/1 gigabitethernet 0/0/2
Interface: GigabitEthernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Product Ver : S5700
Interface: GigabitEthernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Port Duplex : FULL
Product Ver : S5700
Step 3 Configure NTDP.
# On devices, enable NTDP in the system view and on the interface and configure the interval
and range for NTDP to collect topologies to 10 minutes and 3 hops respectively.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
112
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
# Configure the administrator switch.
[Administrator-1] ntdp enable
[Administrator-1] ntdp timer 10
[Administrator-1] ntdp hop 3
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] ntdp
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] ntdp
[Administrator-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 1.
[Member-1] ntdp enable
[Member-1] ntdp timer 10
[Member-1] ntdp hop 3
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] ntdp
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] ntdp
[Member-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 2.
[Member-2] ntdp enable
[Member-2] ntdp timer 10
[Member-2] ntdp hop 3
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ntdp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ntdp enable
[Member-3] ntdp timer 10
[Member-3] ntdp hop 3
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ntdp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
# Configure member switch 1.
[Member-1] cluster enable
[Member-1] cluster
[Member-1-cluster] mngvlanid 10
[Member-1-cluster] quit
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
113
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
# Configure member switch 2.
[Member-2] cluster enable
[Member-2] cluster
[Member-2-cluster] mngvlanid 10
[Member-2-cluster] quit
# Configure member switch 3.
[Member-3] cluster enable
[Member-3] cluster
[Member-3-cluster] mngvlanid 10
[Member-3-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
0001-0001-0001 0
S5700
Step 5 Create a cluster.
NOTE
Following steps can be performed only on the administrator switch.
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
# Create a cluster named HUAWEI on the administrator switch.
[Administrator-1-cluster] build HUAWEI
[HUAWEI_0.Administrator-1-cluster]
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
114
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
Step 6 Add member switches.
NOTE
l Following steps can be performed only on the administrator switch.
l Take the mode of automatically adding member switches as an example. To add member switches
manually, see Adding a Member Switch.
# Add all candidate switches to the cluster.
[HUAWEI_0.Administrator-1-cluster] auto-build
Collecting candidate list, please wait...
Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
Warning: Add all to cluster?(Y/N) y
Info: Cluster auto-build is complete.
Added 3 member(s) into the cluster successfully.
DeviceType
S5700
S5700
S5700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S5700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S5700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S5700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S5700
0004-0004-0004 Up
HUAWEI_3.Member-3
Step 7 Assign an IP address to VLANIF 10.
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
115
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Input bandwidth utilization : -Output bandwidth utilization : --
Step 8 Configure a static route on the administrator switch.
# This operation is to ensure that a reachable route exists between switches in the cluster and
servers or hosts.
[HUAWEI_0.Administrator-1] ip route-static 0.0.0.0 0 1.0.0.2
NOTE
You can also run a routing protocol.
Step 9 Configure public servers and hosts of the cluster.
# Configure an FTP server.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] cluster-ftp-nat enable
[HUAWEI_0.Administrator-1-cluster] ftp-server 2.0.0.1
# Configure a SFTP server.
[HUAWEI_0.Administrator-1-cluster] sftp-server 2.0.0.2
# Configure a Simple Network Management Protocol (SNMP) host.
[HUAWEI_0.Administrator-1-cluster] snmp-host 3.0.0.1
# Configure a log host.
[HUAWEI_0.Administrator-1-cluster] logging-host 4.0.0.1
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
----End
Configuration Files
l
Configuration file of Administrator-1.
#
sysname Administrator-1
#
vlan batch 10
#
cluster enable
ntdp enable
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
116
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp server 2.0.0.2
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
l
Configuration file of Member-1.
#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
l
Issue 01 (2011-10-26)
Configuration file of Member-2.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
117
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
#
sysname Member-2
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
l
Configuration file of Member-3.
#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
3.6.2 Example for Configuring the Interconnection of FTP Servers
and Devices in and out of the HGMP Cluster (in NAT Mode)
Networking Requirements
As shown in Figure 3-4, all the Layer 2 switches belong to the same cluster. Administrator-1 is
the administrator switch of the cluster and other switches are member switches. The member ID
of Member-1 is 1, the member ID of Member-2 is 2 and the member ID of Member-3 is 3.
To upload files to Member-1, Member-2, and Member-3 or download files from them, you can
set up an FTP connection between the devices out of the cluster and member switches in NAT
or non-NAT mode.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
118
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
NOTE
In this configuration example where the NAT mode is adopted, Member-3 accesses the FTP server
(2.0.0.1/8) out of the cluster and devices out of the cluster access the FTP server (Member-2) in the cluster.
Figure 3-4 Networking diagram of configuring the interconnection of FTP servers and devices
in and out of the HGMP cluster (in NAT Mode)
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
GE0/0/1
1.0.0.2/8
Log station
4.0.0.1/8
GE0/0/3
GE0/0/1
GE0/0/1
GE0/0/2
Administrator-1
10.0.0.1/8
Member-1
GE0/0/2
GE0/0/1
......
Member-2
GE0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster and configure basic HGMP functions for the cluster according to the steps
described in the section "Example for Configuring Basic HGMP Functions for a
Cluster."
2.
For the situation that Member-3 accesses the FTP server (2.0.0.1/8) out of the cluster:
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
119
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
l Run the cluster-ftp command on the member switch to set up a connection with the
public FTP server of the cluster.
3.
For the situation that a device out of the cluster accesses the FTP server (Member-2):
l Calculate the port number reserved on the administrator switch for the FTP protocol of
a certain member switch in the cluster.
l Run the FTP client program on the PC and create an FTP connection with the member
switch.
Data Preparation
To complete the configuration, you need the following data:
l
Management VLAN ID of the cluster, that is 10
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the FTP server
l
Address pool of the cluster, that is 10.0.0.0/8
l
IP address of the administrator switch used in the cluster, that is 10.0.0.1/8
l
Member-2 serving as the FTP server in the cluster with the member ID being 2
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
0/0/3
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 1.
<Quidway> system-view
[Quidway] sysname Member-1
[Member-1] vlan 10
[Member-1-vlan10] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] port
Issue 01 (2011-10-26)
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
120
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Member-1-GigabitEthernet0/0/2] quit
[Member-1] interface vlanif 10
[Member-1-Vlanif10] quit
# Configure member switch 2.
<Quidway> system-view
[Quidway] sysname Member-2
[Member-2] vlan 10
[Member-2-vlan10] quit
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] port link-type trunk
[Member-2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-2-GigabitEthernet0/0/1] quit
[Member-2] interface vlanif 10
[Member-2-Vlanif10] quit
# Configure member switch 3.
<Quidway> system-view
[Quidway] sysname Member-3
[Member-3] vlan 10
[Member-3-vlan10] quit
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] port link-type trunk
[Member-3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-3-GigabitEthernet0/0/1] quit
[Member-3] interface vlanif 10
[Member-3-Vlanif10] quit
Step 2 Configure NDP.
# On switches, enable NDP in the system view and on an interface.
# Configure the administrator switch.
[Administrator-1] ndp enable
[Administrator-1] interface gigabitethernet 0/0/1
[Administrator-1-GigabitEthernet0/0/1] ndp enable
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet 0/0/2
[Administrator-1-GigabitEthernet0/0/2] ndp enable
[Administrator-1-GigabitEthernet0/0/2] quit
# Configure member switch 1.
[Member-1] ndp enable
[Member-1] interface gigabitethernet 0/0/1
[Member-1-GigabitEthernet0/0/1] ndp enable
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet 0/0/2
[Member-1-GigabitEthernet0/0/2] ndp enable
[Member-1-GigabitEthernet0/0/2] quit
# Configure member switch 2.
[Member-2] ndp enable
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ndp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ndp enable
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ndp enable
[Member-3-GigabitEthernet0/0/1] quit
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
121
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface gigabitethernet 0/0/1 gigabitethernet 0/0/2
Interface: GigabitEthernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Product Ver : S5700
Interface: GigabitEthernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Port Duplex : FULL
Product Ver : S5700
Step 3 Configure NTDP.
# On devices, enable NTDP in the system view and on the interface and configure the interval
and range for NTDP to collect topologies to 10 minutes and 3 hops respectively.
# Configure the administrator switch.
[Administrator-1] ntdp enable
[Administrator-1] ntdp timer 10
[Administrator-1] ntdp hop 3
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] ntdp
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] ntdp
[Administrator-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 1.
[Member-1] ntdp enable
[Member-1] ntdp timer 10
[Member-1] ntdp hop 3
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] ntdp
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] ntdp
[Member-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 2.
[Member-2] ntdp enable
[Member-2] ntdp timer 10
[Member-2] ntdp hop 3
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ntdp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ntdp enable
[Member-3] ntdp timer 10
[Member-3] ntdp hop 3
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ntdp enable
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
122
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
# Configure member switch 1.
[Member-1] cluster enable
[Member-1] cluster
[Member-1-cluster] mngvlanid 10
[Member-1-cluster] quit
# Configure member switch 2.
[Member-2] cluster enable
[Member-2] cluster
[Member-2-cluster] mngvlanid 10
[Member-2-cluster] quit
# Configure member switch 3.
[Member-3] cluster enable
[Member-3] cluster
[Member-3-cluster] mngvlanid 10
[Member-3-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
0001-0001-0001 0
S5700
Step 5 Create a cluster.
NOTE
Following steps can be performed only on the administrator switch.
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
123
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
# Create a cluster named HUAWEI on the administrator switch.
[Administrator-1-cluster] build HUAWEI
[HUAWEI_0.Administrator-1-cluster]
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
Step 6 Add member switches.
NOTE
l Following steps can be performed only on the administrator switch.
l Take the mode of automatically adding member switches as an example. To add member switches
manually, see Adding a Member Switch.
# Add all candidate switches to the cluster.
[HUAWEI_0.Administrator-1-cluster] auto-build
Collecting candidate list, please wait...
Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
Warning: Add all to cluster?(Y/N) y
Info: Cluster auto-build is complete.
Added 3 member(s) into the cluster successfully.
DeviceType
S5700
S5700
S5700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
124
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
-----------------------------------------------------------------------------0
S5700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S5700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S5700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S5700
0004-0004-0004 Up
HUAWEI_3.Member-3
Step 7 Assign an IP address to VLANIF 10.
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
Step 8 Configure a static route on the administrator switch.
# This operation is to ensure that a reachable route exists between switches in the cluster and
servers or hosts.
[HUAWEI_0.Administrator-1] ip route-static 0.0.0.0 0 1.0.0.2
NOTE
You can also run a routing protocol.
Step 9 Configure public servers and hosts of the cluster.
# Configure an FTP server.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] cluster-ftp-nat enable
[HUAWEI_0.Administrator-1-cluster] ftp-server 2.0.0.1
# Configure a SFTP server.
[HUAWEI_0.Administrator-1-cluster] sftp-server 2.0.0.2
# Configure a Simple Network Management Protocol (SNMP) host.
[HUAWEI_0.Administrator-1-cluster] snmp-host 3.0.0.1
# Configure a log host.
[HUAWEI_0.Administrator-1-cluster] logging-host 4.0.0.1
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
125
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
Step 10 Verify the configuration.
l Member switches access the FTP server in NAT mode.
<HUAWEI_3.Member-3> cluster-ftp
Trying 10.0.0.1 ...
Press CTRL+K to abort
Connected to 10.0.0.1.
220 FTP service ready.
User(10.0.0.1:(none)):hgmp
331 Password required for hgmp.
Enter password:
230 User logged in.
[ftp]
l A device out of the cluster accesses the FTP server in the cluster in NAT mode.
# Configure an FTP server on Member-2. The configuration details see Configuration Files,
and are not mentioned here.
# Calculate the port number reserved for the FTP protocol of a member switch in the cluster.
The member ID of Member-2 is 2. Using the formula for computing port numbers reserved
for a cluster ( Interface number reserved for a cluster = Base interface number + Member
number*2) , you can obtain that the reserved port number, which is used by Member-2 to
enable the FTP server, is 53248 + 2*2 = 53252.
# Run the FTP client program on the PC and set up an FTP connection with Member-2 in
NAT mode.
NOTE
A device out of the cluster accesses the FTP server in the cluster in NAT mode. IP address of the FTP
server is that of the management VLANIF interface on the administrator switch. The FTP server uses
a port number reserved in the cluster instead of the commonly-used 21.
ftp> open 1.0.0.1 53252
Connected to 1.0.0.1.
220 FTP service ready.
User (1.0.0.1:(none)): hgmp
331 Password required for hgmp.
Password:
230 User logged in.
ftp>
----End
Configuration Files
l
Configuration file of Administrator-1.
#
sysname Administrator-1
#
vlan batch 10
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
126
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp-server 2.0.0.2
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
l
Configuration file of Member-1.
#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
127
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
return
l
Configuration file of Member-2.
#
sysname Member-2
#
FTP server enable
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
l
Configuration file of Member-3.
#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
3.6.3 Example for Configuring the Interconnection of FTP Servers
and Devices in and out of the HGMP Cluster (in Non-NAT Mode)
Networking Requirements
As shown in Figure 3-5, all the Layer 2 switches belong to the same cluster. Administrator-1 is
the administrator switch of the cluster and other switches are member switches. The member ID
of Member-2 is 2 and the member ID of Member-3 is 3.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
128
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
To upload files to Member-1, Member-2, and Member-3 or download files from them, you can
set up an FTP connection between devices out of the cluster and member switches in NAT or
non-NAT mode.
NOTE
In this configuration example where the Non-NAT mode is adopted, Member-3 accesses the FTP server
(2.0.0.1/8) out of the cluster and devices out of the cluster access the FTP server (Member-2) in the cluster.
Figure 3-5 Networking diagram of configuring the interconnection of FTP servers and devices
in and out of the HGMP cluster (in non-NAT mode)
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
GE0/0/1
1.0.0.2/8
Log station
4.0.0.1/8
GE0/0/3
GE0/0/1
GE0/0/1
GE0/0/2
Administrator-1
10.0.0.1/8
Member-1
GE0/0/2
GE0/0/1
......
Member-2
GE0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
129
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
1.
Create a cluster and configure basic HGMP functions for the cluster according to the steps
described in the section Example for Configuring Basic HGMP Functions for a
Cluster.
2.
Disable FTP NAT on the administrator switch (The function is disabled by default.)
NOTE
Related configurations of cluster NAT must be performed on the administrator switch.
3.
Configure routes on the administrator switch and member switches to ensure that reachable
routes exist between the FTP server and member switches.
4.
For the situation that Member-3 accesses the FTP server (2.0.0.1/8) out of the cluster:
l Run the ftp command on the member switch to set up a connection with the public FTP
server of the cluster.
5.
For the situation that the device out of the cluster accesses the FTP server (Member-2):
l Run the FTP client program on the PC and create an FTP connection with the member
switch.
Context
To complete the configuration, you need the following data:
l
Management VLAN ID of the cluster, that is 10
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the FTP server
l
Address pool of the cluster, that is 10.0.0.0/8
l
IP address of the administrator switch used in the cluster, that is 10.0.0.1/8
l
Member ID serving as the FTP server in the cluster with the member ID being 2
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
0/0/3
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 1.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
130
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
<Quidway> system-view
[Quidway] sysname Member-1
[Member-1] vlan 10
[Member-1-vlan10] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] quit
[Member-1] interface vlanif 10
[Member-1-Vlanif10] quit
3 HGMP Configuration
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 2.
<Quidway> system-view
[Quidway] sysname Member-2
[Member-2] vlan 10
[Member-2-vlan10] quit
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] port link-type trunk
[Member-2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-2-GigabitEthernet0/0/1] quit
[Member-2] interface vlanif 10
[Member-2-Vlanif10] quit
# Configure member switch 3.
<Quidway> system-view
[Quidway] sysname Member-3
[Member-3] vlan 10
[Member-3-vlan10] quit
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] port link-type trunk
[Member-3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-3-GigabitEthernet0/0/1] quit
[Member-3] interface vlanif 10
[Member-3-Vlanif10] quit
Step 2 Configure NDP.
# On switches, enable NDP in the system view and on an interface.
# Configure the administrator switch.
[Administrator-1] ndp enable
[Administrator-1] interface gigabitethernet 0/0/1
[Administrator-1-GigabitEthernet0/0/1] ndp enable
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet 0/0/2
[Administrator-1-GigabitEthernet0/0/2] ndp enable
[Administrator-1-GigabitEthernet0/0/2] quit
# Configure member switch 1.
[Member-1] ndp enable
[Member-1] interface gigabitethernet 0/0/1
[Member-1-GigabitEthernet0/0/1] ndp enable
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet 0/0/2
[Member-1-GigabitEthernet0/0/2] ndp enable
[Member-1-GigabitEthernet0/0/2] quit
# Configure member switch 2.
[Member-2] ndp enable
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ndp enable
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
131
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ndp enable
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ndp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface gigabitethernet 0/0/1 gigabitethernet 0/0/2
Interface: GigabitEthernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Product Ver : S5700
Interface: GigabitEthernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Port Duplex : FULL
Product Ver : S5700
Step 3 Configure NTDP.
# On devices, enable NTDP in the system view and on the interface and configure the interval
and range for NTDP to collect topologies to 10 minutes and 3 hops respectively.
# Configure the administrator switch.
[Administrator-1] ntdp enable
[Administrator-1] ntdp timer 10
[Administrator-1] ntdp hop 3
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] ntdp
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] ntdp
[Administrator-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 1.
[Member-1] ntdp enable
[Member-1] ntdp timer 10
[Member-1] ntdp hop 3
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] ntdp
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] ntdp
[Member-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 2.
[Member-2] ntdp enable
[Member-2] ntdp timer 10
[Member-2] ntdp hop 3
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ntdp enable
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
132
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ntdp enable
[Member-3] ntdp timer 10
[Member-3] ntdp hop 3
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ntdp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
# Configure member switch 1.
[Member-1] cluster enable
[Member-1] cluster
[Member-1-cluster] mngvlanid 10
[Member-1-cluster] quit
# Configure member switch 2.
[Member-2] cluster enable
[Member-2] cluster
[Member-2-cluster] mngvlanid 10
[Member-2-cluster] quit
# Configure member switch 3.
[Member-3] cluster enable
[Member-3] cluster
[Member-3-cluster] mngvlanid 10
[Member-3-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
133
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
0002-0002-0002
0001-0001-0001
1
0
3 HGMP Configuration
S5700
S5700
Step 5 Create a cluster.
NOTE
Following steps can be performed only on the administrator switch.
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
# Create a cluster named HUAWEI on the administrator switch.
[Administrator-1-cluster] build HUAWEI
[HUAWEI_0.Administrator-1-cluster]
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
Step 6 Add member switches.
NOTE
l Following steps can be performed only on the administrator switch.
l Take the mode of automatically adding member switches as an example. To add member switches
manually, see Adding a Member Switch.
# Add all candidate switches to the cluster.
[HUAWEI_0.Administrator-1-cluster] auto-build
Collecting candidate list, please wait...
Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
Warning: Add all to cluster?(Y/N) y
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
DeviceType
S5700
S5700
S5700
134
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Info: Cluster auto-build is complete.
Added 3 member(s) into the cluster successfully.
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S5700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S5700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S5700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S5700
0004-0004-0004 Up
HUAWEI_3.Member-3
Step 7 Assign an IP address to VLANIF 10.
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
Step 8 Configure a static route on the administrator switch.
# This operation is to ensure that a reachable route exists between switches in the cluster and
servers or hosts.
[HUAWEI_0.Administrator-1] ip route-static 0.0.0.0 0 1.0.0.2
NOTE
You can also run a routing protocol.
Step 9 Configure routes for the member switches and ensure that reachable routes exist between
member switches and the FTP server.
# Configure member switch 1.
[HUAWEI_1.Member-1] ip route-static 2.0.0.0 8 10.0.0.1
# Configure member switch 2.
[HUAWEI_2.Member-2] ip route-static 2.0.0.0 8 10.0.0.1
# Configure member switch 3.
[HUAWEI_3.Member-3] ip route-static 2.0.0.0 8 10.0.0.1
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
135
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
NOTE
Multiple member switches can be configured simultaneously through incremental configuration. For
configuration details, see Example for Configuring the Incremental Configuration Function for an
HGMP Cluster.
Step 10 Verify the configuration.
l Member switches access the FTP server in non-NAT mode.
< HUAWEI_3.Member-3> ftp 2.0.0.1
Trying 2.0.0.1 ...
Press CTRL+K to abort
Connected to 2.0.0.1.
220 FTP service ready.
User(2.0.0.1:(none)):hgmp
331 Password required for hgmp.
Enter password:
230 User logged in.
[ftp]
l Devices out of the cluster access the FTP server in the cluster in non-NAT mode.
# Configure an FTP server on the corresponding member switch (Member-2). The
configuration details see Configuration Files, and are not mentioned here.
# Run the FTP client program on the PC and set up an FTP connection with Member-2 in
non-NAT mode.
NOTE
Devices out of the cluster access the FTP server in the cluster in non-NAT mode. The IP address of
the FTP server is that of the management VLANIF interface on the member switch. The FTP server
uses a port number reserved in the cluster instead of the commonly-used 21.
ftp> open 10.0.0.2
Connected to 10.0.0.2
220 FTP service ready.
User (10.0.0.2:(none)): hgmp
331 Password required for hgmp.
Password:
230 User logged in.
ftp>
----End
Configuration Files
l
Configuration file of Administrator-1.
#
sysname Administrator-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
136
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
l
Configuration file of Member-1.
#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
ip route-static 2.0.0.0 255.0.0.0 10.0.0.1
#
return
l
Configuration file of Member-2.
#
sysname Member-2
#
FTP server enable
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
137
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
administrator-address 0001-0001-0001 name HUAWEI
#
mngvlanid 10
ip route-static 2.0.0.0 255.0.0.0 10.0.0.1
#
return
l
Configuration file of Member-3.
#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
administrator-address 0001-0001-0001 name HUAWEI
#
mngvlanid 10
ip route-static 2.0.0.0 255.0.0.0 10.0.0.1
#
return
3.6.4 Example for Configuring Devices in the HGMP Cluster to
Access the Outside SNMP Host (in NAT Mode)
Networking Requirements
As shown in Figure 3-6, all the Layer 2 switches belong to the same cluster. Administrator-1 is
the administrator switch of the cluster and other switches are member switches. The member ID
of Member-2 is 2 and the member ID of Member-3 is 3.
When Member-1, Member-2, and Member-3 are required to send packets to the SNMP host, a
connection can be set up between the SNMP host out of the cluster and member switches in
NAT or non-NAT mode.
NOTE
In this configuration example where the NAT mode is adopted, Member-3 accesses the outside SNMP host
(3.0.0.1/8).
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
138
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Figure 3-6 Networking diagram of configuring devices in the HGMP cluster to access the
outside SNMP host (in NAT mode)
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
GE0/0/1
1.0.0.2/8
Log station
4.0.0.1/8
GE0/0/3
GE0/0/1
GE0/0/1
GE0/0/2
Administrator-1
10.0.0.1/8
Member-1
GE0/0/1
......
GE0/0/2
Member-2
GE0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster and configure basic HGMP functions for the cluster according to the steps
described in Example for Configuring Basic HGMP Functions for a Cluster.
2.
Enable SNMP NAT on the administrator switch (The function is enabled by default.)
NOTE
Related configurations of cluster NAT must be performed on the administrator switch.
3.
Assign an IP address to the SNMP host.
Data Preparation
To complete the configuration, you need the following data:
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
139
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
l
Management VLAN ID of the cluster, that is 10
l
IP address of the SNMP host, that is 3.0.0.1/8
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the SNMP host
l
Address pool of the cluster, that is 10.0.0.0/8
l
IP address of the administrator switch used in the cluster, that is 10.0.0.1/8
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
0/0/3
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 1.
<Quidway> system-view
[Quidway] sysname Member-1
[Member-1] vlan 10
[Member-1-vlan10] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] quit
[Member-1] interface vlanif 10
[Member-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 2.
<Quidway> system-view
[Quidway] sysname Member-2
[Member-2] vlan 10
[Member-2-vlan10] quit
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] port link-type trunk
[Member-2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-2-GigabitEthernet0/0/1] quit
[Member-2] interface vlanif 10
[Member-2-Vlanif10] quit
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
140
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
# Configure member switch 3.
<Quidway> system-view
[Quidway] sysname Member-3
[Member-3] vlan 10
[Member-3-vlan10] quit
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] port link-type trunk
[Member-3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-3-GigabitEthernet0/0/1] quit
[Member-3] interface vlanif 10
[Member-3-Vlanif10] quit
Step 2 Configure NDP.
# On switches, enable NDP in the system view and on an interface.
# Configure the administrator switch.
[Administrator-1] ndp enable
[Administrator-1] interface gigabitethernet 0/0/1
[Administrator-1-GigabitEthernet0/0/1] ndp enable
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet 0/0/2
[Administrator-1-GigabitEthernet0/0/2] ndp enable
[Administrator-1-GigabitEthernet0/0/2] quit
# Configure member switch 1.
[Member-1] ndp enable
[Member-1] interface gigabitethernet 0/0/1
[Member-1-GigabitEthernet0/0/1] ndp enable
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet 0/0/2
[Member-1-GigabitEthernet0/0/2] ndp enable
[Member-1-GigabitEthernet0/0/2] quit
# Configure member switch 2.
[Member-2] ndp enable
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ndp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ndp enable
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ndp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface gigabitethernet 0/0/1 gigabitethernet 0/0/2
Interface: GigabitEthernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Product Ver : S5700
Interface: GigabitEthernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
141
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Port Duplex : FULL
Product Ver : S5700
Step 3 Configure NTDP.
# On devices, enable NTDP in the system view and on the interface and configure the interval
and range for NTDP to collect topologies to 10 minutes and 3 hops respectively.
# Configure the administrator switch.
[Administrator-1] ntdp enable
[Administrator-1] ntdp timer 10
[Administrator-1] ntdp hop 3
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] ntdp
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] ntdp
[Administrator-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 1.
[Member-1] ntdp enable
[Member-1] ntdp timer 10
[Member-1] ntdp hop 3
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] ntdp
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] ntdp
[Member-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 2.
[Member-2] ntdp enable
[Member-2] ntdp timer 10
[Member-2] ntdp hop 3
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ntdp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ntdp enable
[Member-3] ntdp timer 10
[Member-3] ntdp hop 3
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ntdp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
142
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
# Configure member switch 1.
[Member-1] cluster enable
[Member-1] cluster
[Member-1-cluster] mngvlanid 10
[Member-1-cluster] quit
# Configure member switch 2.
[Member-2] cluster enable
[Member-2] cluster
[Member-2-cluster] mngvlanid 10
[Member-2-cluster] quit
# Configure member switch 3.
[Member-3] cluster enable
[Member-3] cluster
[Member-3-cluster] mngvlanid 10
[Member-3-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
0001-0001-0001 0
S5700
Step 5 Create a cluster.
NOTE
Following steps can be performed only on the administrator switch.
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
# Create a cluster named HUAWEI on the administrator switch.
[Administrator-1-cluster] build HUAWEI
[HUAWEI_0.Administrator-1-cluster]
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
143
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
Step 6 Add member switches.
NOTE
l Following steps can be performed only on the administrator switch.
l Take the mode of automatically adding member switches as an example. To add member switches
manually, see Adding a Member Switch.
# Add all candidate switches to the cluster.
[HUAWEI_0.Administrator-1-cluster] auto-build
Collecting candidate list, please wait...
Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
Warning: Add all to cluster?(Y/N) y
Info: Cluster auto-build is complete.
Added 3 member(s) into the cluster successfully.
DeviceType
S5700
S5700
S5700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S5700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S5700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S5700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S5700
0004-0004-0004 Up
HUAWEI_3.Member-3
Step 7 Assign an IP address to VLANIF 10.
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
144
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
Step 8 Configure a static route on the administrator switch.
# This operation is to ensure that a reachable route exists between switches in the cluster and
servers or hosts.
[HUAWEI_0.Administrator-1] ip route-static 0.0.0.0 0 1.0.0.2
NOTE
You can also run a routing protocol.
Step 9 Configure public servers and hosts of the cluster.
# Configure an FTP server.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] cluster-ftp-nat enable
[HUAWEI_0.Administrator-1-cluster] ftp-server 2.0.0.1
# Configure a SFTP server.
[HUAWEI_0.Administrator-1-cluster] sftp-server 2.0.0.2
# Configure a Simple Network Management Protocol (SNMP) host.
[HUAWEI_0.Administrator-1-cluster] snmp-host 3.0.0.1
# Configure a log host.
[HUAWEI_0.Administrator-1-cluster] logging-host 4.0.0.1
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
145
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Configuration Files
l
Configuration file of Administrator-1.
#
sysname Administrator-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp-server 2.0.0.2
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
l
Configuration file of Member-1.
#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
146
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
l
Configuration file of Member-2.
#
sysname Member-2
#
FTP server enable
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
l
Configuration file of Member-3.
#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
3.6.5 Example for Configuring Devices in the HGMP Cluster to
Access the Outside SNMP Host (in non-NAT Mode)
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
147
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Networking Requirements
As shown in Figure 3-7, all the Layer 2 switches belong to the same cluster. Administrator-1 is
the administrator switch of the cluster and other switches are member switches. The member ID
of Member-2 is 2 and the member ID of Member-3 is 3.
When Member-1, Member-2, and Member-3 are required to send packets to the SNMP host out
of the cluster, a connection can be set up between the SNMP host and member switches in NAT
or non-NAT mode.
NOTE
In this configuration example where the non-NAT mode is adopted, Member-3 accesses the SNMP host
(3.0.0.1/8).
Figure 3-7 Networking diagram of configuring devices in the HGMP cluster to access the
outside SNMP host (in non-NAT mode)
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
GE0/0/1
1.0.0.2/8
Log station
4.0.0.1/8
GE0/0/3
GE0/0/1
GE0/0/1
GE0/0/2
Administrator-1
10.0.0.1/8
Member-1
GE0/0/2
GE0/0/1
......
Member-2
GE0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
148
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster and configure basic HGMP functions for the cluster according to the steps
described in Example for Configuring Basic HGMP Functions for a Cluster.
2.
Disable SNMP NAT on the administrator switch (The function is enabled by default.)
NOTE
Related configurations of cluster NAT must be performed on the administrator switch.
3.
Configure routes on the administrator switch and member switches respectively to ensure
that reachable routes exist between SNMP host and member switches.
4.
Assign an IP address to the SNMP host.
Data Preparation
To complete the configuration, you need the following data:
l
Management VLAN ID of the cluster, that is 10
l
IP address of the SNMP host, that is 3.0.0.1/8
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the SNMP host
l
Address pool of the cluster, that is 10.0.0.0/8
l
IP address of the administrator switch used in the cluster, that is 10.0.0.1/8
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
0/0/3
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 1.
<Quidway> system-view
[Quidway] sysname Member-1
[Member-1] vlan 10
[Member-1-vlan10] quit
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
149
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] quit
[Member-1] interface vlanif 10
[Member-1-Vlanif10] quit
3 HGMP Configuration
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 2.
<Quidway> system-view
[Quidway] sysname Member-2
[Member-2] vlan 10
[Member-2-vlan10] quit
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] port link-type trunk
[Member-2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-2-GigabitEthernet0/0/1] quit
[Member-2] interface vlanif 10
[Member-2-Vlanif10] quit
# Configure member switch 3.
<Quidway> system-view
[Quidway] sysname Member-3
[Member-3] vlan 10
[Member-3-vlan10] quit
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] port link-type trunk
[Member-3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-3-GigabitEthernet0/0/1] quit
[Member-3] interface vlanif 10
[Member-3-Vlanif10] quit
Step 2 Configure NDP.
# On switches, enable NDP in the system view and on an interface.
# Configure the administrator switch.
[Administrator-1] ndp enable
[Administrator-1] interface gigabitethernet 0/0/1
[Administrator-1-GigabitEthernet0/0/1] ndp enable
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet 0/0/2
[Administrator-1-GigabitEthernet0/0/2] ndp enable
[Administrator-1-GigabitEthernet0/0/2] quit
# Configure member switch 1.
[Member-1] ndp enable
[Member-1] interface gigabitethernet 0/0/1
[Member-1-GigabitEthernet0/0/1] ndp enable
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet 0/0/2
[Member-1-GigabitEthernet0/0/2] ndp enable
[Member-1-GigabitEthernet0/0/2] quit
# Configure member switch 2.
[Member-2] ndp enable
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ndp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
150
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Member-3] ndp enable
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ndp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface gigabitethernet 0/0/1 gigabitethernet 0/0/2
Interface: GigabitEthernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Product Ver : S5700
Interface: GigabitEthernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Port Duplex : FULL
Product Ver : S5700
Step 3 Configure NTDP.
# On devices, enable NTDP in the system view and on the interface and configure the interval
and range for NTDP to collect topologies to 10 minutes and 3 hops respectively.
# Configure the administrator switch.
[Administrator-1] ntdp enable
[Administrator-1] ntdp timer 10
[Administrator-1] ntdp hop 3
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] ntdp
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] ntdp
[Administrator-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 1.
[Member-1] ntdp enable
[Member-1] ntdp timer 10
[Member-1] ntdp hop 3
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] ntdp
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] ntdp
[Member-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 2.
[Member-2] ntdp enable
[Member-2] ntdp timer 10
[Member-2] ntdp hop 3
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ntdp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
151
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Member-3] ntdp enable
[Member-3] ntdp timer 10
[Member-3] ntdp hop 3
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ntdp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
# Configure member switch 1.
[Member-1] cluster enable
[Member-1] cluster
[Member-1-cluster] mngvlanid 10
[Member-1-cluster] quit
# Configure member switch 2.
[Member-2] cluster enable
[Member-2] cluster
[Member-2-cluster] mngvlanid 10
[Member-2-cluster] quit
# Configure member switch 3.
[Member-3] cluster enable
[Member-3] cluster
[Member-3-cluster] mngvlanid 10
[Member-3-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
0001-0001-0001 0
S5700
Step 5 Create a cluster.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
152
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
NOTE
Following steps can be performed only on the administrator switch.
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
# Create a cluster named HUAWEI on the administrator switch.
[Administrator-1-cluster] build HUAWEI
[HUAWEI_0.Administrator-1-cluster]
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
Step 6 Add member switches.
NOTE
l Following steps can be performed only on the administrator switch.
l Take the mode of automatically adding member switches as an example. To add member switches
manually, see Adding a Member Switch.
# Add all candidate switches to the cluster.
[HUAWEI_0.Administrator-1-cluster] auto-build
Collecting candidate list, please wait...
Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
Warning: Add all to cluster?(Y/N) y
Info: Cluster auto-build is complete.
Added 3 member(s) into the cluster successfully.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
DeviceType
S5700
S5700
S5700
153
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S5700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S5700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S5700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S5700
0004-0004-0004 Up
HUAWEI_3.Member-3
Step 7 Assign an IP address to VLANIF 10.
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
Step 8 Configure a static route on the administrator switch.
# This operation is to ensure that a reachable route exists between switches in the cluster and
servers or hosts.
[HUAWEI_0.Administrator-1] ip route-static 0.0.0.0 0 1.0.0.2
NOTE
You can also run a routing protocol.
Step 9 Configure public servers and hosts of the cluster.
# Configure an FTP server.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] cluster-ftp-nat enable
[HUAWEI_0.Administrator-1-cluster] ftp-server 2.0.0.1
# Configure a SFTP server.
[HUAWEI_0.Administrator-1-cluster] sftp-server 2.0.0.2
# Configure a Simple Network Management Protocol (SNMP) host.
[HUAWEI_0.Administrator-1-cluster] snmp-host 3.0.0.1
# Configure a log host.
[HUAWEI_0.Administrator-1-cluster] logging-host 4.0.0.1
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
154
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
Step 10 Disable SNMP NAT on the administrator switch.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] undo cluster-snmp-nat enable
Step 11 Configure the routes of member switches to ensure that reachable routes exist between member
switches and the SNMP host.
# Configure member switch 1.
[HUAWEI_1.Member-1] ip route-static 3.0.0.0 8 10.0.0.1
# Configure member switch 2.
[HUAWEI_2.Member-2] ip route-static 3.0.0.0 8 10.0.0.1
# Configure member switch 3.
[HUAWEI_3.Member-3] ip route-static 3.0.0.0 8 10.0.0.1
NOTE
Multiple member switches can be configured simultaneously through incremental configuration. For
configuration details, see Example for Configuring the Incremental Configuration Function for an
HGMP Cluster.
Step 12 Configure the SNMP agent function on member switches.
# Configure member switch 1.
[HUAWEI_1.Member-1] snmp-agent target-host trap address udp-domain 3.0.0.1 params
securityname cluster
# Configure member switch 2.
[HUAWEI_2.Member-2] snmp-agent target-host trap address udp-domain 3.0.0.1 params
securityname cluster
# Configure member switch 3.
[HUAWEI_3.Member-3] snmp-agent target-host trap address udp-domain 3.0.0.1 params
securityname cluster
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
155
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
NOTE
Multiple member switches can be configured simultaneously through incremental configuration. For
configuration details, see Example for Configuring the Incremental Configuration Function for an
HGMP Cluster.
----End
Configuration Files
l
Configuration file of Administrator-1.
#
sysname Administrator-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
undo cluster-snmp-nat enable
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp-server 2.0.0.2
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
l
Configuration file of Member-1.
#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
156
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
ip route-static 3.0.0.0 255.0.0.0 10.0.0.1
#
snmp-agent
snmp-agent target-host trap address udp-domain 3.0.0.1 params securityname
cluster
#
return
l
Configuration file of Member-2.
#
sysname Member-2
#
FTP server enable
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
ip route-static 3.0.0.0 255.0.0.0 10.0.0.1
#
snmp-agent
snmp-agent target-host trap address udp-domain 3.0.0.1 params securityname
cluster
#
return
l
Configuration file of Member-3.
#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
157
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
ip route-static 3.0.0.0 255.0.0.0 10.0.0.1
#
snmp-agent
snmp-agent target-host trap address udp-domain 3.0.0.1 params securityname
cluster
#
return
3.6.6 Example for Configuring the Batch Distribution Function for
an HGMP Cluster
Networking Requirements
As shown in Figure 3-8, all the Layer 2 switches belong to the same cluster. Administrator-1 is
the administrator switch of the cluster and other switches are member switches. The member ID
of Member-2 is 2 and the member ID of Member-3 is 3.
Member-2 and Member-3 are required to download configuration files in batches from the FTP
server.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
158
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Figure 3-8 Networking diagram of configuring the batch distribution function for an HGMP
cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
GE0/0/1
1.0.0.2/8
Log station
4.0.0.1/8
GE0/0/3
GE0/0/1
GE0/0/1
GE0/0/2
Administrator-1
10.0.0.1/8
Member-1
GE0/0/2
GE0/0/1
......
Member-2
GE0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster according to the steps described in 3.6.1 Example for Configuring Basic
HGMP Functions for a Cluster.
2.
3.6.1 Example for Configuring Basic HGMP Functions for a Cluster
NOTE
l Configure the interconnection of FTP servers and devices in and out of the HGMP cluster in
NAT or non-NAT mode. The following takes the configuration in NAT mode as an example.
l If the system software, patch files, or configuration files, batch distribution can be distributed in
batches without accessing the FTP server out of the cluster, you can skip this step.
3.
Issue 01 (2011-10-26)
Configure batch distribution on the administrator switch.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
159
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Management VLAN ID of the cluster, that is 10
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the FTP server
l
Address pool of the cluster, that is 10.0.0.0/8
l
IP address of the administrator switch used in the cluster, that is 10.0.0.1/8
l
Member ID of Member-2 being 2 and member ID of Member-3 being 3
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
0/0/3
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 1.
<Quidway> system-view
[Quidway] sysname Member-1
[Member-1] vlan 10
[Member-1-vlan10] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] quit
[Member-1] interface vlanif 10
[Member-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 2.
<Quidway> system-view
[Quidway] sysname Member-2
[Member-2] vlan 10
[Member-2-vlan10] quit
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] port link-type trunk
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
160
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Member-2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-2-GigabitEthernet0/0/1] quit
[Member-2] interface vlanif 10
[Member-2-Vlanif10] quit
# Configure member switch 3.
<Quidway> system-view
[Quidway] sysname Member-3
[Member-3] vlan 10
[Member-3-vlan10] quit
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] port link-type trunk
[Member-3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-3-GigabitEthernet0/0/1] quit
[Member-3] interface vlanif 10
[Member-3-Vlanif10] quit
Step 2 Configure NDP.
# On switches, enable NDP in the system view and on an interface.
# Configure the administrator switch.
[Administrator-1] ndp enable
[Administrator-1] interface gigabitethernet 0/0/1
[Administrator-1-GigabitEthernet0/0/1] ndp enable
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet 0/0/2
[Administrator-1-GigabitEthernet0/0/2] ndp enable
[Administrator-1-GigabitEthernet0/0/2] quit
# Configure member switch 1.
[Member-1] ndp enable
[Member-1] interface gigabitethernet 0/0/1
[Member-1-GigabitEthernet0/0/1] ndp enable
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet 0/0/2
[Member-1-GigabitEthernet0/0/2] ndp enable
[Member-1-GigabitEthernet0/0/2] quit
# Configure member switch 2.
[Member-2] ndp enable
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ndp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ndp enable
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ndp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface gigabitethernet 0/0/1 gigabitethernet 0/0/2
Interface: GigabitEthernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
161
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Product Ver : S5700
Interface: GigabitEthernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Port Duplex : FULL
Product Ver : S5700
Step 3 Configure NTDP.
# On devices, enable NTDP in the system view and on the interface and configure the interval
and range for NTDP to collect topologies to 10 minutes and 3 hops respectively.
# Configure the administrator switch.
[Administrator-1] ntdp enable
[Administrator-1] ntdp timer 10
[Administrator-1] ntdp hop 3
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] ntdp
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] ntdp
[Administrator-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 1.
[Member-1] ntdp enable
[Member-1] ntdp timer 10
[Member-1] ntdp hop 3
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] ntdp
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] ntdp
[Member-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 2.
[Member-2] ntdp enable
[Member-2] ntdp timer 10
[Member-2] ntdp hop 3
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ntdp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ntdp enable
[Member-3] ntdp timer 10
[Member-3] ntdp hop 3
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ntdp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
162
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
# Configure member switch 1.
[Member-1] cluster enable
[Member-1] cluster
[Member-1-cluster] mngvlanid 10
[Member-1-cluster] quit
# Configure member switch 2.
[Member-2] cluster enable
[Member-2] cluster
[Member-2-cluster] mngvlanid 10
[Member-2-cluster] quit
# Configure member switch 3.
[Member-3] cluster enable
[Member-3] cluster
[Member-3-cluster] mngvlanid 10
[Member-3-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
0001-0001-0001 0
S5700
Step 5 Create a cluster.
NOTE
Following steps can be performed only on the administrator switch.
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
# Create a cluster named HUAWEI on the administrator switch.
[Administrator-1-cluster] build HUAWEI
[HUAWEI_0.Administrator-1-cluster]
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
163
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
Step 6 Add member switches.
NOTE
l Following steps can be performed only on the administrator switch.
l Take the mode of automatically adding member switches as an example. To add member switches
manually, see Adding a Member Switch.
# Add all candidate switches to the cluster.
[HUAWEI_0.Administrator-1-cluster] auto-build
Collecting candidate list, please wait...
Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
Warning: Add all to cluster?(Y/N) y
Info: Cluster auto-build is complete.
Added 3 member(s) into the cluster successfully.
DeviceType
S5700
S5700
S5700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S5700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S5700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S5700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S5700
0004-0004-0004 Up
HUAWEI_3.Member-3
Step 7 Assign an IP address to VLANIF 10.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
164
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
Step 8 Configure a static route on the administrator switch.
# This operation is to ensure that a reachable route exists between switches in the cluster and
servers or hosts.
[HUAWEI_0.Administrator-1] ip route-static 0.0.0.0 0 1.0.0.2
NOTE
You can also run a routing protocol.
Step 9 Configure public servers and hosts of the cluster.
# Configure an FTP server.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] cluster-ftp-nat enable
[HUAWEI_0.Administrator-1-cluster] ftp-server 2.0.0.1
# Configure a SFTP server.
[HUAWEI_0.Administrator-1-cluster] sftp-server 2.0.0.2
# Configure a Simple Network Management Protocol (SNMP) host.
[HUAWEI_0.Administrator-1-cluster] snmp-host 3.0.0.1
# Configure a log host.
[HUAWEI_0.Administrator-1-cluster] logging-host 4.0.0.1
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
165
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
Step 10 Distribute configuration files in batches.
# Run the batch distribution command on the administrator switch. Member switches download
configuration files from the FTP server (2.0.0.1) in NAT mode and automatically set them as
the default configuration files for the next startup.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] cluster-plug-play ip 2.0.0.1 username user1
password 123
[HUAWEI_0.Administrator-1-cluster] cluster-member group-by member-number 2 to 3
get configuration-file vrpcfg-hgmp.zip
Step 11 Verify the configuration.
# Run the display member-getfile-stat command on the administrator switch to check whether
member switches successfully obtain the configuration files, system software, and patch files,
and you can view that success is displayed.
[HUAWEI_0.Administrator-1] display member-getfile-stat
The status of member switchs getting file:
-----------------------------------------------------------------------SN
Device
MacAddress
IPAddress
Result
-----------------------------------------------------------------------2
S5700
0003-0003-0003
10.0.0.3
success
3
S5700
0004-0004-0004
10.0.0.4
success
# Run the dir command on member switches and you can find that member switches successfully
download the specified configuration files. Take Member-2 as an example.
<HUAWEI_2.Member-2> dir *.zip
Directory of flash:/
Idx Attr Size(Byte) Date
Time
0
-rw1,491 Sep 03 2008 17:43:52
1
-rw752 Aug 05 2008 15:04:36
506,880 KB total (35,920 KB free)
FileName
vrpcfg.zip
vrpcfg-hgmp.zip
# Run the display startup command on member switches and you can find that names of the
configuration files for the next startup of the member switch is changed. Take Member-2 as an
example.
<HUAWEI_2.Member-2> display startup
MainBoard:
Configured startup system software:
Startup system software:
Next startup system software:
Startup saved-configuration file:
Next startup saved-configuration file:
Startup paf file:
Next startup paf file:
Startup license file:
Next startup license file:
Startup patch package:
Next startup patch package:
flash:/S5700.cc
flash:/S5700.cc
flash:/S5700.cc
flash:/vrpcfg.zip
flash:/vrpcfg-hgmp.zip
NULL
NULL
NULL
NULL
NULL
NULL
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
166
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Configuration Files
l
Configuration file of Administrator-1.
#
sysname Administrator-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp-server 2.0.0.2
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
l
Configuration file of Member-1.
#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
167
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
l
Configuration file of Member-2.
#
sysname Member-2
#
FTP server enable
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
l
Configuration file of Member-3.
#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
3.6.7 Example for Configuring the Batch Restart Function for an
HGMP Cluster
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
168
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Networking Requirements
As shown in Figure 3-9, all the Layer 2 switches belong to the same cluster. Administrator-1 is
the administrator switch of the cluster and other switches are member switches. The member ID
of Member-2 is 2 and the member ID of Member-3 is 3.
Member switches Member-2 and Member-3 are required to be restarted.
Figure 3-9 Networking diagram of configuring the batch restart function for an HGMP cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
GE0/0/1
1.0.0.2/8
Log station
4.0.0.1/8
GE0/0/3
GE0/0/1
GE0/0/1
GE0/0/2
Administrator-1
10.0.0.1/8
Member-1
GE0/0/2
GE0/0/1
......
Member-2
GE0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster according to the steps described in 3.6.1 Example for Configuring Basic
HGMP Functions for a Cluster.
2.
Configure batch restart on the administrator switch.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
169
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Management VLAN ID of the cluster, that is 10
l
IP address of VLANIF 10, that is 1.0.0.1/8
l
Address pool of the cluster, that is 10.0.0.0/8
l
IP address of the administrator switch used in the cluster, that is 10.0.0.1/8
l
Member ID of Member-2 being 2 and the member ID of Member-3 being 3
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
0/0/3
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 1.
<Quidway> system-view
[Quidway] sysname Member-1
[Member-1] vlan 10
[Member-1-vlan10] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] quit
[Member-1] interface vlanif 10
[Member-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 2.
<Quidway> system-view
[Quidway] sysname Member-2
[Member-2] vlan 10
[Member-2-vlan10] quit
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] port link-type trunk
[Member-2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
170
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Member-2-GigabitEthernet0/0/1] quit
[Member-2] interface vlanif 10
[Member-2-Vlanif10] quit
# Configure member switch 3.
<Quidway> system-view
[Quidway] sysname Member-3
[Member-3] vlan 10
[Member-3-vlan10] quit
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] port link-type trunk
[Member-3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-3-GigabitEthernet0/0/1] quit
[Member-3] interface vlanif 10
[Member-3-Vlanif10] quit
Step 2 Configure NDP.
# On switches, enable NDP in the system view and on an interface.
# Configure the administrator switch.
[Administrator-1] ndp enable
[Administrator-1] interface gigabitethernet 0/0/1
[Administrator-1-GigabitEthernet0/0/1] ndp enable
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet 0/0/2
[Administrator-1-GigabitEthernet0/0/2] ndp enable
[Administrator-1-GigabitEthernet0/0/2] quit
# Configure member switch 1.
[Member-1] ndp enable
[Member-1] interface gigabitethernet 0/0/1
[Member-1-GigabitEthernet0/0/1] ndp enable
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet 0/0/2
[Member-1-GigabitEthernet0/0/2] ndp enable
[Member-1-GigabitEthernet0/0/2] quit
# Configure member switch 2.
[Member-2] ndp enable
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ndp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ndp enable
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ndp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface gigabitethernet 0/0/1 gigabitethernet 0/0/2
Interface: GigabitEthernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Product Ver : S5700
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
171
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Interface: GigabitEthernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Port Duplex : FULL
Product Ver : S5700
Step 3 Configure NTDP.
# On devices, enable NTDP in the system view and on the interface and configure the interval
and range for NTDP to collect topologies to 10 minutes and 3 hops respectively.
# Configure the administrator switch.
[Administrator-1] ntdp enable
[Administrator-1] ntdp timer 10
[Administrator-1] ntdp hop 3
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] ntdp
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] ntdp
[Administrator-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 1.
[Member-1] ntdp enable
[Member-1] ntdp timer 10
[Member-1] ntdp hop 3
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] ntdp
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] ntdp
[Member-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 2.
[Member-2] ntdp enable
[Member-2] ntdp timer 10
[Member-2] ntdp hop 3
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ntdp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ntdp enable
[Member-3] ntdp timer 10
[Member-3] ntdp hop 3
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ntdp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:0 ms
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
172
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
# Configure member switch 1.
[Member-1] cluster enable
[Member-1] cluster
[Member-1-cluster] mngvlanid 10
[Member-1-cluster] quit
# Configure member switch 2.
[Member-2] cluster enable
[Member-2] cluster
[Member-2-cluster] mngvlanid 10
[Member-2-cluster] quit
# Configure member switch 3.
[Member-3] cluster enable
[Member-3] cluster
[Member-3-cluster] mngvlanid 10
[Member-3-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
0001-0001-0001 0
S5700
Step 5 Create a cluster.
NOTE
Following steps can be performed only on the administrator switch.
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
# Create a cluster named HUAWEI on the administrator switch.
[Administrator-1-cluster] build HUAWEI
[HUAWEI_0.Administrator-1-cluster]
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
173
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
Step 6 Add member switches.
NOTE
l Following steps can be performed only on the administrator switch.
l Take the mode of automatically adding member switches as an example. To add member switches
manually, see Adding a Member Switch.
# Add all candidate switches to the cluster.
[HUAWEI_0.Administrator-1-cluster] auto-build
Collecting candidate list, please wait...
Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
Warning: Add all to cluster?(Y/N) y
Info: Cluster auto-build is complete.
Added 3 member(s) into the cluster successfully.
DeviceType
S5700
S5700
S5700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S5700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S5700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S5700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S5700
0004-0004-0004 Up
HUAWEI_3.Member-3
Step 7 Assign an IP address to VLANIF 10.
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
174
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
Step 8 Configure a static route on the administrator switch.
# This operation is to ensure that a reachable route exists between switches in the cluster and
servers or hosts.
[HUAWEI_0.Administrator-1] ip route-static 0.0.0.0 0 1.0.0.2
NOTE
You can also run a routing protocol.
Step 9 Configure public servers and hosts of the cluster.
# Configure an FTP server.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] cluster-ftp-nat enable
[HUAWEI_0.Administrator-1-cluster] ftp-server 2.0.0.1
# Configure a SFTP server.
[HUAWEI_0.Administrator-1-cluster] sftp-server 2.0.0.2
# Configure a Simple Network Management Protocol (SNMP) host.
[HUAWEI_0.Administrator-1-cluster] snmp-host 3.0.0.1
# Configure a log host.
[HUAWEI_0.Administrator-1-cluster] logging-host 4.0.0.1
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
175
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Step 10 Restart member switches in batches.
# Run the cluster-member reboot group-by member-number 2 to 3 command on the
administrator switch to restart Member-2 and Member-3.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] cluster-member reboot group-by member-number 2
to 3
Info: This command will take members reboot.
Are you sure?[Y/N]y
Step 11 Verify the configuration.
Run the display member-reboot-stat command on administrator switch to check the restart
status of the member switches, and you can view that success is displayed, which indicates that
the specified member switches are restarted successfully.
[HUAWEI_2.Member-2] display member-reboot-stat
The result of member switchs rebooting:
-----------------------------------------------------------------------SN
Device
MacAddress
IPAddress
Result
-----------------------------------------------------------------------1
S5700
0003-0003-0003
10.0.0.3
success
2
S5700
0004-0004-0004
10.0.0.4
success
----End
Configuration Files
l
Configuration file of Administrator-1.
#
sysname Administrator-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp server 2.0.0.2
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
176
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
l
Configuration file of Member-1.
#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
l
Configuration file of Member-2.
#
sysname Member-2
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
l
Configuration file of Member-3.
#
sysname Member-3
#
vlan batch 10
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
177
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
3.6.8 Example for Configuring the Incremental Configuration
Function for an HGMP Cluster
Networking Requirements
As shown in Figure 3-10, all the Layer 2 switches belong to the same cluster. Administrator-1
is the administrator switch of the cluster and other switches are member switches. The member
ID of Member-2 is 2 and the member ID of Member-3 is 3.
To configure VLAN 100 to VLAN 200 on Member-2 and Member-3 and a static route with its
next hop address being the administrator switch, you can use the incremental configuration
function of the HGMP cluster.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
178
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Figure 3-10 Networking diagram of configuring the incremental configuration function for an
HGMP cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
GE0/0/1
1.0.0.2/8
Log station
4.0.0.1/8
GE0/0/3
GE0/0/1
GE0/0/1
GE0/0/2
Administrator-1
10.0.0.1/8
Member-1
GE0/0/2
GE0/0/1
......
Member-2
GE0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster according to the steps described in 3.6.1 Example for Configuring Basic
HGMP Functions for a Cluster.
2.
Edit the list of incremental configurations command on the administrator switch.
3.
Deliver the list of incremental configuration commands to the specified member switch.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 01 (2011-10-26)
Management VLAN ID of the cluster, that is 10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
179
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
l
IP address of VLANIF 10, that is 1.0.0.1/8
l
Address pool of the cluster, that is 10.0.0.0/8
l
IP address of the administrator switch used in the cluster, that is 10.0.0.1/8
l
Member ID of Member-2 being 2 and the member ID of Member-3 being 3
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
0/0/3
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 1.
<Quidway> system-view
[Quidway] sysname Member-1
[Member-1] vlan 10
[Member-1-vlan10] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] quit
[Member-1] interface vlanif 10
[Member-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 2.
<Quidway> system-view
[Quidway] sysname Member-2
[Member-2] vlan 10
[Member-2-vlan10] quit
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] port link-type trunk
[Member-2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-2-GigabitEthernet0/0/1] quit
[Member-2] interface vlanif 10
[Member-2-Vlanif10] quit
# Configure member switch 3.
<Quidway> system-view
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
180
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Quidway] sysname Member-3
[Member-3] vlan 10
[Member-3-vlan10] quit
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] port link-type trunk
[Member-3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-3-GigabitEthernet0/0/1] quit
[Member-3] interface vlanif 10
[Member-3-Vlanif10] quit
Step 2 Configure NDP.
# On switches, enable NDP in the system view and on an interface.
# Configure the administrator switch.
[Administrator-1] ndp enable
[Administrator-1] interface gigabitethernet 0/0/1
[Administrator-1-GigabitEthernet0/0/1] ndp enable
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet 0/0/2
[Administrator-1-GigabitEthernet0/0/2] ndp enable
[Administrator-1-GigabitEthernet0/0/2] quit
# Configure member switch 1.
[Member-1] ndp enable
[Member-1] interface gigabitethernet 0/0/1
[Member-1-GigabitEthernet0/0/1] ndp enable
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet 0/0/2
[Member-1-GigabitEthernet0/0/2] ndp enable
[Member-1-GigabitEthernet0/0/2] quit
# Configure member switch 2.
[Member-2] ndp enable
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ndp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ndp enable
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ndp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface gigabitethernet 0/0/1 gigabitethernet 0/0/2
Interface: GigabitEthernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Product Ver : S5700
Interface: GigabitEthernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
181
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Port Duplex : FULL
Product Ver : S5700
Step 3 Configure NTDP.
# On devices, enable NTDP in the system view and on the interface and configure the interval
and range for NTDP to collect topologies to 10 minutes and 3 hops respectively.
# Configure the administrator switch.
[Administrator-1] ntdp enable
[Administrator-1] ntdp timer 10
[Administrator-1] ntdp hop 3
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] ntdp
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] ntdp
[Administrator-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 1.
[Member-1] ntdp enable
[Member-1] ntdp timer 10
[Member-1] ntdp hop 3
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] ntdp
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] ntdp
[Member-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 2.
[Member-2] ntdp enable
[Member-2] ntdp timer 10
[Member-2] ntdp hop 3
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ntdp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ntdp enable
[Member-3] ntdp timer 10
[Member-3] ntdp hop 3
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ntdp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
182
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Administrator-1-cluster] quit
# Configure member switch 1.
[Member-1] cluster enable
[Member-1] cluster
[Member-1-cluster] mngvlanid 10
[Member-1-cluster] quit
# Configure member switch 2.
[Member-2] cluster enable
[Member-2] cluster
[Member-2-cluster] mngvlanid 10
[Member-2-cluster] quit
# Configure member switch 3.
[Member-3] cluster enable
[Member-3] cluster
[Member-3-cluster] mngvlanid 10
[Member-3-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
0001-0001-0001 0
S5700
Step 5 Create a cluster.
NOTE
Following steps can be performed only on the administrator switch.
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
# Create a cluster named HUAWEI on the administrator switch.
[Administrator-1-cluster] build HUAWEI
[HUAWEI_0.Administrator-1-cluster]
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
183
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
Step 6 Add member switches.
NOTE
l Following steps can be performed only on the administrator switch.
l Take the mode of automatically adding member switches as an example. To add member switches
manually, see Adding a Member Switch.
# Add all candidate switches to the cluster.
[HUAWEI_0.Administrator-1-cluster] auto-build
Collecting candidate list, please wait...
Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
Warning: Add all to cluster?(Y/N) y
Info: Cluster auto-build is complete.
Added 3 member(s) into the cluster successfully.
DeviceType
S5700
S5700
S5700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S5700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S5700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S5700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S5700
0004-0004-0004 Up
HUAWEI_3.Member-3
Step 7 Assign an IP address to VLANIF 10.
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
184
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
Step 8 Configure a static route on the administrator switch.
# This operation is to ensure that a reachable route exists between switches in the cluster and
servers or hosts.
[HUAWEI_0.Administrator-1] ip route-static 0.0.0.0 0 1.0.0.2
NOTE
You can also run a routing protocol.
Step 9 Configure public servers and hosts of the cluster.
# Configure an FTP server.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] cluster-ftp-nat enable
[HUAWEI_0.Administrator-1-cluster] ftp-server 2.0.0.1
# Configure a SFTP server.
[HUAWEI_0.Administrator-1-cluster] sftp-server 2.0.0.2
# Configure a Simple Network Management Protocol (SNMP) host.
[HUAWEI_0.Administrator-1-cluster] snmp-host 3.0.0.1
# Configure a log host.
[HUAWEI_0.Administrator-1-cluster] logging-host 4.0.0.1
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
Step 10 Edit the list of incremental configuration commands on the administrator switch.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] increment
[HUAWEI_0.Administrator-1-cluster-increment] increment-command command-number 10
command-text vlan batch 100 to 200
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
185
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[HUAWEI_0.Administrator-1-cluster-increment] increment-command command-number 20
command-text ip route-static 2.0.0.0 8 10.0.0.1
After the previous configuration, run the display increment-command command on the
administrator switch to check the list of incremental configuration commands.
[HUAWEI_0.Administrator-1] display increment-command
The content of increment commands:
-----------------------------------------------------------------------------SN
Content
-----------------------------------------------------------------------------10
vlan batch 100 to 200
20
ip route-static 2.0.0.0 8 10.0.0.1
Step 11 Deliver the list of incremental configurations command to the specified member switch.
[HUAWEI_0.Administrator-1-cluster-increment] increment-run group-by member-number
2 to 3
Step 12 Verify the configuration.
Run the display cluster-increment-result command on administrator switch to check whether
the list of incremental configuration commands is delivered to the specified member switch, and
you can view that success is displayed.
[HUAWEI_0.Administrator-1] display cluster-increment-result
The result of member switch executing increment commands:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
Result
CommandId
-----------------------------------------------------------------------------2
S5700
0003-0003-0003 10.0.0.3
success
3
S5700
0004-0004-0004 10.0.0.4
success
-
----End
Configuration Files
l
Configuration file of Administrator-1.
#
sysname Administrator-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
186
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp server 2.0.0.2
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
l
Configuration file of Member-1.
#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
l
Configuration file of Member-2.
#
sysname Member-2
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
187
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
#
return
l
Configuration file of Member-3.
#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
3.6.9 Example for Configuring the Configuration Synchronization
Function for an HGMP Cluster
Networking Requirements
As shown in Figure 3-11, all the Layer 2 switches belong to the same cluster. Administrator-1
is the administrator switch of the cluster and other switches are member switches. The member
ID of Member-2 is 2 and the member ID of Member-3 is 3.
To synchronize the configuration files of all member switches to the FTP server as required, you
can configure the configuration synchronization function for the HGMP cluster.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
188
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Figure 3-11 Networking diagram of configuring the configuration synchronization function for
an HGMP cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
GE0/0/1
1.0.0.2/8
Log station
4.0.0.1/8
GE0/0/3
GE0/0/1
GE0/0/1
GE0/0/2
Administrator-1
10.0.0.1/8
Member-1
GE0/0/2
GE0/0/1
......
Member-2
GE0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster according to the steps described in 3.6.1 Example for Configuring Basic
HGMP Functions for a Cluster.
2.
3.6.2 Example for Configuring the Interconnection of FTP Servers and Devices in and
out of the HGMP Cluster (in NAT Mode)
NOTE
l Configure the interconnection of FTP servers and devices in and out of the HGMP cluster in
NAT or non-NAT mode. The following takes the configuration in NAT mode as an example.
l If it is not required to synchronize the configuration files of the HGMP cluster by accessing the
FTP server out of the cluster, you can skip this step.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
189
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3.
3 HGMP Configuration
Run the configuration synchronization command on the administrator switch.
Data Preparation
To complete the configuration, you need the following data:
l
Management VLAN ID of the cluster, that is 10
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the FTP server
l
Address pool of the cluster, that is 10.0.0.0/8
l
IP address of the administrator switch used in the cluster, that is 10.0.0.1/8
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
0/0/3
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 1.
<Quidway> system-view
[Quidway] sysname Member-1
[Member-1] vlan 10
[Member-1-vlan10] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] quit
[Member-1] interface vlanif 10
[Member-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 2.
<Quidway> system-view
[Quidway] sysname Member-2
[Member-2] vlan 10
[Member-2-vlan10] quit
[Member-2] interface gigabitethernet 0/0/1
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
190
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Member-2-GigabitEthernet0/0/1] port link-type trunk
[Member-2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-2-GigabitEthernet0/0/1] quit
[Member-2] interface vlanif 10
[Member-2-Vlanif10] quit
# Configure member switch 3.
<Quidway> system-view
[Quidway] sysname Member-3
[Member-3] vlan 10
[Member-3-vlan10] quit
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] port link-type trunk
[Member-3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-3-GigabitEthernet0/0/1] quit
[Member-3] interface vlanif 10
[Member-3-Vlanif10] quit
Step 2 Configure NDP.
# On switches, enable NDP in the system view and on an interface.
# Configure the administrator switch.
[Administrator-1] ndp enable
[Administrator-1] interface gigabitethernet 0/0/1
[Administrator-1-GigabitEthernet0/0/1] ndp enable
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet 0/0/2
[Administrator-1-GigabitEthernet0/0/2] ndp enable
[Administrator-1-GigabitEthernet0/0/2] quit
# Configure member switch 1.
[Member-1] ndp enable
[Member-1] interface gigabitethernet 0/0/1
[Member-1-GigabitEthernet0/0/1] ndp enable
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet 0/0/2
[Member-1-GigabitEthernet0/0/2] ndp enable
[Member-1-GigabitEthernet0/0/2] quit
# Configure member switch 2.
[Member-2] ndp enable
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ndp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ndp enable
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ndp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface gigabitethernet 0/0/1 gigabitethernet 0/0/2
Interface: GigabitEthernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
191
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Port Duplex : FULL
Product Ver : S5700
Interface: GigabitEthernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Port Duplex : FULL
Product Ver : S5700
Step 3 Configure NTDP.
# On devices, enable NTDP in the system view and on the interface and configure the interval
and range for NTDP to collect topologies to 10 minutes and 3 hops respectively.
# Configure the administrator switch.
[Administrator-1] ntdp enable
[Administrator-1] ntdp timer 10
[Administrator-1] ntdp hop 3
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] ntdp
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] ntdp
[Administrator-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 1.
[Member-1] ntdp enable
[Member-1] ntdp timer 10
[Member-1] ntdp hop 3
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] ntdp
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] ntdp
[Member-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 2.
[Member-2] ntdp enable
[Member-2] ntdp timer 10
[Member-2] ntdp hop 3
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ntdp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ntdp enable
[Member-3] ntdp timer 10
[Member-3] ntdp hop 3
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ntdp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
192
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
[Administrator-1-cluster] quit
# Configure member switch 1.
[Member-1] cluster enable
[Member-1] cluster
[Member-1-cluster] mngvlanid 10
[Member-1-cluster] quit
# Configure member switch 2.
[Member-2] cluster enable
[Member-2] cluster
[Member-2-cluster] mngvlanid 10
[Member-2-cluster] quit
# Configure member switch 3.
[Member-3] cluster enable
[Member-3] cluster
[Member-3-cluster] mngvlanid 10
[Member-3-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
0001-0001-0001 0
S5700
Step 5 Create a cluster.
NOTE
Following steps can be performed only on the administrator switch.
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
# Create a cluster named HUAWEI on the administrator switch.
[Administrator-1-cluster] build HUAWEI
[HUAWEI_0.Administrator-1-cluster]
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
193
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
Step 6 Add member switches.
NOTE
l Following steps can be performed only on the administrator switch.
l Take the mode of automatically adding member switches as an example. To add member switches
manually, see Adding a Member Switch.
# Add all candidate switches to the cluster.
[HUAWEI_0.Administrator-1-cluster] auto-build
Collecting candidate list, please wait...
Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
Warning: Add all to cluster?(Y/N) y
Info: Cluster auto-build is complete.
Added 3 member(s) into the cluster successfully.
DeviceType
S5700
S5700
S5700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S5700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S5700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S5700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S5700
0004-0004-0004 Up
HUAWEI_3.Member-3
Step 7 Assign an IP address to VLANIF 10.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
194
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
Step 8 Configure a static route on the administrator switch.
# This operation is to ensure that a reachable route exists between switches in the cluster and
servers or hosts.
[HUAWEI_0.Administrator-1] ip route-static 0.0.0.0 0 1.0.0.2
NOTE
You can also run a routing protocol.
Step 9 Configure public servers and hosts of the cluster.
# Configure an FTP server.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] cluster-ftp-nat enable
[HUAWEI_0.Administrator-1-cluster] ftp-server 2.0.0.1
# Configure a SFTP server.
[HUAWEI_0.Administrator-1-cluster] sftp-server 2.0.0.2
# Configure a Simple Network Management Protocol (SNMP) host.
[HUAWEI_0.Administrator-1-cluster] snmp-host 3.0.0.1
# Configure a log host.
[HUAWEI_0.Administrator-1-cluster] logging-host 4.0.0.1
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
195
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
Step 10 Synchronize configuration files.
# Run the configuration synchronization command on the administrator switch, and then member
switches synchronize configuration files to the FTP server (2.0.0.1) in NAT mode.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] cluster-plug-play ip 2.0.0.1 username hgmp
password hgmp
[HUAWEI_0.Administrator-1-cluster] increment-config synchronization
Step 11 Verify the configuration.
After the previous configuration, run the display increment-synchronization-result command
on administrator switch to check whether configuration files are synchronized to the FTP server,
and you can view that success is displayed.
[HUAWEi_0.Administrator-1] display increment-synchronization-result
The result of member switchs' synchronization:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------1
S5700
0002-0002-0002 10.0.0.2
success
2
S5700
0003-0003-0003 10.0.0.3
success
3
S5700
0004-0004-0004 10.0.0.4
success
On the FTP server, you can view that the names of configuration files are the MAC address of
member switches, which indicates that configuration synchronization is successful.
----End
Configuration Files
l
Configuration file of Administrator-1.
#
sysname Administrator-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
196
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
build HUAWEI
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp-server 2.0.0.2
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
l
Configuration file of Member-1.
#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
l
Configuration file of Member-2.
#
sysname Member-2
#
FTP server enable
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
197
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
l
Configuration file of Member-3.
#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 5
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
3.6.10 Example for Configuring Security Features for an HGMP
Cluster
Networking Requirements
As shown in Figure 3-12, all the Layer 2 switches belong to the same cluster. Administrator-1
is the administrator switch of the cluster and other switches are member switches. The member
ID of Member-2 is 2 and the member ID of Member-3 is 3.
Disable NDP and NTDP on the interfaces of all the member switches that do not need NDP or
NTDP. To perform the action and improve the security of the cluster, you can configure security
features for the HGMP cluster.
NOTE
After NDP or NTDP is disabled on unrelated interfaces of member switches, if the new candidate switches
are connected to these unrelated interfaces, they cannot join the cluster until NDP or NTDP is enabled.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
198
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Figure 3-12 Networking diagram of configuring security features for an HGMP cluster
FTP Server
2.0.0.1/8
NM station
3.0.0.1/8
IP/MPLS
core
SFTP Server
2.0.0.2/8
GE0/0/1
1.0.0.2/8
Log station
4.0.0.1/8
GE0/0/3
GE0/0/1
GE0/0/1
GE0/0/2
Administrator-1
10.0.0.1/8
Member-1
GE0/0/2
GE0/0/1
......
Member-2
GE0/0/1
Member-3
10.0.0.4/8
Cluster
Device
MAC Address
Device
MAC Address
Administrator-1
0001-0001-0001
Member-1
0002-0002-0002
Member-2
0003-0003-0003
Member-3
0004-0004-0004
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a cluster according to the steps described in 3.6.1 Example for Configuring Basic
HGMP Functions for a Cluster.
2.
On the administrator switch, disable NDP and NTDP on unrelated interfaces of member
switches.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 01 (2011-10-26)
Management VLAN ID of the cluster, that is 10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
199
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
l
IP address of VLANIF 10 that is 1.0.0.1/8 and a reachable route between VLANIF 10 and
the FTP server
l
Address pool of the cluster, that is 10.0.0.0/8
l
IP address of the administrator switch used in the cluster, that is 10.0.0.1/8
Procedure
Step 1 Configure a management VLAN.
# Create VLAN 10 on the device and add interfaces of the administrator switch and member
switches to VLAN 10.
# Configure the administrator switch.
<Quidway> system-view
[Quidway] sysname Administrator-1
[Administrator-1] vlan 10
[Administrator-1-vlan10] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] port
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] port
[Administrator-1-GigabitEthernet0/0/2] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] port
[Administrator-1-GigabitEthernet0/0/3] quit
[Administrator-1] interface vlanif 10
[Administrator-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
0/0/3
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 1.
<Quidway> system-view
[Quidway] sysname Member-1
[Member-1] vlan 10
[Member-1-vlan10] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] port
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] port
[Member-1-GigabitEthernet0/0/2] quit
[Member-1] interface vlanif 10
[Member-1-Vlanif10] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 10
# Configure member switch 2.
<Quidway> system-view
[Quidway] sysname Member-2
[Member-2] vlan 10
[Member-2-vlan10] quit
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] port link-type trunk
[Member-2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-2-GigabitEthernet0/0/1] quit
[Member-2] interface vlanif 10
[Member-2-Vlanif10] quit
# Configure member switch 3.
<Quidway> system-view
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
200
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Quidway] sysname Member-3
[Member-3] vlan 10
[Member-3-vlan10] quit
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] port link-type trunk
[Member-3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Member-3-GigabitEthernet0/0/1] quit
[Member-3] interface vlanif 10
[Member-3-Vlanif10] quit
Step 2 Configure NDP.
# On switches, enable NDP in the system view and on an interface.
# Configure the administrator switch.
[Administrator-1] ndp enable
[Administrator-1] interface gigabitethernet 0/0/1
[Administrator-1-GigabitEthernet0/0/1] ndp enable
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet 0/0/2
[Administrator-1-GigabitEthernet0/0/2] ndp enable
[Administrator-1-GigabitEthernet0/0/2] quit
# Configure member switch 1.
[Member-1] ndp enable
[Member-1] interface gigabitethernet 0/0/1
[Member-1-GigabitEthernet0/0/1] ndp enable
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet 0/0/2
[Member-1-GigabitEthernet0/0/2] ndp enable
[Member-1-GigabitEthernet0/0/2] quit
# Configure member switch 2.
[Member-2] ndp enable
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ndp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ndp enable
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ndp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, you can find that NDP on the administrator is in the Enable
state, the host name of the neighboring node is Device Name, and the name of the interface
connecting the neighboring node and the local interface is Port Name.
[Administrator-1] display ndp interface gigabitethernet 0/0/1 gigabitethernet 0/0/2
Interface: GigabitEthernet0/0/1
Status: Enabled, Packets Sent: 0, Packets Received: 11, Packets Error: 0
Neighbor 1: Aging Time: 2(s)
MAC Address : 0002-0002-0002
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-1
Port Duplex : FULL
Product Ver : S5700
Interface: GigabitEthernet0/0/2
Status: Enabled, Packets Sent: 6, Packets Received: 16, Packets Error: 0
Neighbor 1: Aging Time: 5(s)
MAC Address : 0003-0003-0003
Port Name
: GigabitEthernet0/0/1
Software Version: Version 5.70 V200R006C00
Device Name : Member-2
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
201
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
Port Duplex : FULL
Product Ver : S5700
Step 3 Configure NTDP.
# On devices, enable NTDP in the system view and on the interface and configure the interval
and range for NTDP to collect topologies to 10 minutes and 3 hops respectively.
# Configure the administrator switch.
[Administrator-1] ntdp enable
[Administrator-1] ntdp timer 10
[Administrator-1] ntdp hop 3
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/1] ntdp
[Administrator-1-GigabitEthernet0/0/1] quit
[Administrator-1] interface gigabitethernet
[Administrator-1-GigabitEthernet0/0/2] ntdp
[Administrator-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 1.
[Member-1] ntdp enable
[Member-1] ntdp timer 10
[Member-1] ntdp hop 3
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/1] ntdp
[Member-1-GigabitEthernet0/0/1] quit
[Member-1] interface gigabitethernet
[Member-1-GigabitEthernet0/0/2] ntdp
[Member-1-GigabitEthernet0/0/2] quit
0/0/1
enable
0/0/2
enable
# Configure member switch 2.
[Member-2] ntdp enable
[Member-2] ntdp timer 10
[Member-2] ntdp hop 3
[Member-2] interface gigabitethernet 0/0/1
[Member-2-GigabitEthernet0/0/1] ntdp enable
[Member-2-GigabitEthernet0/0/1] quit
# Configure member switch 3.
[Member-3] ntdp enable
[Member-3] ntdp timer 10
[Member-3] ntdp hop 3
[Member-3] interface gigabitethernet 0/0/1
[Member-3-GigabitEthernet0/0/1] ntdp enable
[Member-3-GigabitEthernet0/0/1] quit
After the previous configuration, globally check the NTDP configuration on the administrator
switch. You can find that the interval and range for NTDP to collect topologies is 10 minutes
and 3 hops respectively.
[Administrator-1] display ntdp
Network topology discovery protocol is enabled
Hops
: 3
Timer
: 10 min
Hop Delay : 200 ms
Port Delay: 20 ms
Total time for last collection:0 ms
Step 4 Enable the cluster function and set the management VLAN.
# Configure the administrator switch.
[Administrator-1] cluster enable
[Administrator-1] cluster
[Administrator-1-cluster] mngvlanid 10
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
202
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[Administrator-1-cluster] quit
# Configure member switch 1.
[Member-1] cluster enable
[Member-1] cluster
[Member-1-cluster] mngvlanid 10
[Member-1-cluster] quit
# Configure member switch 2.
[Member-2] cluster enable
[Member-2] cluster
[Member-2-cluster] mngvlanid 10
[Member-2-cluster] quit
# Configure member switch 3.
[Member-3] cluster enable
[Member-3] cluster
[Member-3-cluster] mngvlanid 10
[Member-3-cluster] quit
After the topology collection function is enabled manually on the administrator switch, check
the device information collected through NTDP and you can find the MAC address and types
of related devices.
<Administrator-1> ntdp explore
<Administrator-1> system-view
[Administrator-1] display ntdp device-list
The device-list of NTDP:
-----------------------------------------------------------------------------MAC
HOP IP
PLATFORM
-----------------------------------------------------------------------------0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
0001-0001-0001 0
S5700
Step 5 Create a cluster.
NOTE
Following steps can be performed only on the administrator switch.
# On the administrator switch, set the range of IP addresses that can be assigned to the cluster
to 10.0.0.0/8, in which the IP address assigned to the administrator switch is 10.0.0.1/8.
[Administrator-1] cluster
[Administrator-1-cluster] ip-pool 10.0.0.1 8
# Create a cluster named HUAWEI on the administrator switch.
[Administrator-1-cluster] build HUAWEI
[HUAWEI_0.Administrator-1-cluster]
After the previous configuration, check information about the cluster to which the device
belongs. You can find that the device name is changed, the cluster name is HUAWEI, and the
management VLAN ID is 10.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
203
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
IP pool:10.0.0.1/8
No logging host configured
No SNMP host configured
No FTP server configured
No SFTP server configured
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : disabled
There are 1 member(s) in the cluster, and 0 of them are down.
On the administrator switch, check information about candidate switches, you can find all the
candidate switches and their types.
[HUAWEI_0.Administrator-1-cluster] display cluster candidates
MAC
HOP IP
PLATFORM
0004-0004-0004 2
S5700
0003-0003-0003 1
S5700
0002-0002-0002 1
S5700
Step 6 Add member switches.
NOTE
l Following steps can be performed only on the administrator switch.
l Take the mode of automatically adding member switches as an example. To add member switches
manually, see Adding a Member Switch.
# Add all candidate switches to the cluster.
[HUAWEI_0.Administrator-1-cluster] auto-build
Collecting candidate list, please wait...
Candidate list:
Name
Hop
MAC Address
Member-1
1
0002-0002-0002
Member-2
1
0003-0003-0003
Member-3
2
0004-0004-0004
Warning: Add all to cluster?(Y/N) y
Info: Cluster auto-build is complete.
Added 3 member(s) into the cluster successfully.
DeviceType
S5700
S5700
S5700
After the previous configuration, check information about the administrator switch and member
switches in the cluster on the administrator switch. You can find that all the member switches
are added to the cluster and in the Up state.
[HUAWEI_0.Administrator-1-cluster] display cluster members
The list of cluster member:
-----------------------------------------------------------------------------SN
Device Type
MAC Address
Status Device Name
-----------------------------------------------------------------------------0
S5700
0001-0001-0001 Admin HUAWEI_0.Administrator-1
1
S5700
0002-0002-0002 Up
HUAWEI_1.Member-1
2
S5700
0003-0003-0003 Up
HUAWEI_2.Member-2
3
S5700
0004-0004-0004 Up
HUAWEI_3.Member-3
Step 7 Assign an IP address to VLANIF 10.
# To ensure the normal communication between member switches in the cluster and devices out
of the cluster, assign an IP address to VLANIF 10 on the administrator switch.
# Assign an IP address to VLANIF 10.
[HUAWEI_0.Administrator-1] interface vlanif 10
[HUAWEI_0.Administrator-1-Vlanif10] ip address 1.0.0.1 8
[HUAWEI_0.Administrator-1-Vlanif10] quit
After the previous configuration, you can find that the interface on the administrator switch is
in the Up state.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
204
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
[HUAWEI_0.Administrator-1] display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The MTU is 1500
Internet Address is 1.0.0.1/8
Internet Address is 10.0.0.1/8 Cluster
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0001-0001-0001
Input bandwidth utilization : -Output bandwidth utilization : --
Step 8 Configure a static route on the administrator switch.
# This operation is to ensure that a reachable route exists between switches in the cluster and
servers or hosts.
[HUAWEI_0.Administrator-1] ip route-static 0.0.0.0 0 1.0.0.2
NOTE
You can also run a routing protocol.
Step 9 Configure public servers and hosts of the cluster.
# Configure an FTP server.
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] cluster-ftp-nat enable
[HUAWEI_0.Administrator-1-cluster] ftp-server 2.0.0.1
# Configure a SFTP server.
[HUAWEI_0.Administrator-1-cluster] sftp-server 2.0.0.2
# Configure a Simple Network Management Protocol (SNMP) host.
[HUAWEI_0.Administrator-1-cluster] snmp-host 3.0.0.1
# Configure a log host.
[HUAWEI_0.Administrator-1-cluster] logging-host 4.0.0.1
After the previous configuration, check information about the cluster to which the administrator
switch belongs. You can find that the public log host, SNMP host, FTP server, and SFTP server
are configured successfully.
[HUAWEI_0.Administrator-1-cluster] display cluster
Cluster name:"HUAWEI"
Role:Administrator switch
management vlan id
: 10
Cluster multicast MAC address : 0180-c200-000a(default)
Cluster auto-join
: disabled
Handshake timer:10 sec
Handshake hold-time:60 sec
IP pool:10.0.0.1/8
Logging host:4.0.0.1
SNMP host:3.0.0.1
FTP server:2.0.0.1
SFTP server:2.0.0.2
cluster-member ftp-timeout: 300 sec(default)
Cluster SNMP NAT capability : enabled
Cluster FTP NAT capability : enabled
There are 4 member(s) in the cluster, and 0 of them are down.
Step 10 Disable NDP and NTDP.
# Disable NDP and NTDP on interfaces of all the member switches that do not need NDP and
NTDP.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
205
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
# Disable NDP on the unrelated interfaces of member switches
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] undo cluster-member unrelated-port ndp
# Disable NTDP on the unrelated interfaces of member switches
[HUAWEI_0.Administrator-1] cluster
[HUAWEI_0.Administrator-1-cluster] undo cluster-member unrelated-port ntdp
Step 11 Verify the configuration.
After the previous configuration, run the display member-interface-state command on
administrator switch to check whether NDP or NTDP is disabled on unrelated interfaces of the
member switches, and you can view that success is displayed.
[HUAWEI_0.Administrator-1] display member-interface-state ndp
The result of member switches executed disable member interface command:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------3
S5700
0004-0004-0004
10.0.0.4
success
2
S5700
0003-0003-0003
10.0.0.3
success
1
S5700
0002-0002-0002
10.0.0.2
success
[HUAWEI_0.Administrator-1] display member-interface-state ntdp
The result of member switches executed disable member interface command:
-----------------------------------------------------------------------------SN
Device
MacAddress
IpAddress
result
-----------------------------------------------------------------------------3
S5700
0004-0004-0004
10.0.0.4
success
2
S5700
0003-0003-0003
10.0.0.3
success
1
S5700
0002-0002-0002
10.0.0.2
success
----End
Configuration Files
l
Configuration file of Administrator-1.
#
sysname Administrator-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
ip address 1.0.0.1 255.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
cluster
mngvlanid 10
ip-pool 10.0.0.1 255.0.0.0
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
206
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3 HGMP Configuration
build HUAWEI
cluster-ftp-nat enable
ftp-server 2.0.0.1
sftp server 2.0.0.2
logging-host 4.0.0.1
snmp-host 3.0.0.1
#
ip route-static 0.0.0.0 0.0.0.0 1.0.0.2
#
return
l
Configuration file of Member-1.
#
sysname Member-1
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
l
Configuration file of Member-2.
#
sysname Member-2
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
207
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
l
3 HGMP Configuration
Configuration file of Member-3.
#
sysname Member-3
#
vlan batch 10
#
cluster enable
ntdp enable
ntdp hop 3
ntdp timer 10
ndp enable
#
interface Vlanif10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
ntdp enable
ndp enable
#
cluster
mngvlanid 10
administrator-address 0001-0001-0001 name HUAWEI
#
return
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
208
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
4
NTP Configuration
About This Chapter
This chapter describes how to configure Network Time Protocol (NTP) to make clocks of the
devices on the network identical.
4.1 Introduction to NTP
This part describes the application and working principles of NTP.
4.2 NTP Supported by the S5700
This part describes NTP operating modes supported by the S5700.
4.3 Configuring Basic NTP Functions
This section describes how to configure basic NTP functions, including the NTP operating
modes.
4.4 Configuring NTP Security Mechanisms
This section describes how to configure NTP security mechanisms to guarantee reliable clock
synchronization on networks demanding high security.
4.5 Maintaining NTP
This section describes how to debug NTP through the debugging command in case of an NTP
operation fault.
4.6 Configuration Examples
This section provides several configuration examples of NTP.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
209
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
4.1 Introduction to NTP
This part describes the application and working principles of NTP.
NTP(Network Time Protocol) aims to synchronizing clocks of all devices in a network. It keeps
all the clocks of these devices consistent, and enables devices to implement various applications
based on the uniform time.
Any local system that runs NTP can be time synchronized by other clock sources, and also
functions as a clock source to synchronize other clocks. In addition, mutual synchronization can
be performed by exchanging NTP packets.
NTP packets are encapsulated in UDP packets for transmission and the port used by the NTP
protocol is 123.
NTP Application
NTP is applied to the following situations where all the clocks of hosts or switchs in a network
need to be consistent:
l
Network management: Analysis on logs or debugging information collected from different
switchs should be performed based on time.
l
Charging system: requires the clocks of all devices to be consistent.
l
Completing certain functions: For example, timing restart of all the switchs in a network
requires the clocks of all the switchs be consistent.
l
Several systems working together on the same complicate event: Systems have to take the
same clock for reference to ensure a proper sequence of implementation.
l
Incremental backup between the backup server and clients: Clocks on the backup server
and clients should be synchronized.
When all the devices on a network need to be synchronized, it is almost impossible for an
administrator to manually change the system clock by executing command lines. This is because
the work load is heavy and clock accuracy cannot be ensured. NTP can quickly synchronize the
clocks of network devices and ensure their precision.
NTP has the following advantages:
l
Defining clock accuracy by means of stratum to synchronize the time of network devices
in a short time
l
Supporting access control and MD5 authentication
l
Transmitting packets in unicast, multicast, or broadcast mode
Principles of NTP
Figure 4-1 shows the principles of NTP. Switch A and Switch B are connected through a WAN.
They both have their own system clocks. NTP implements automatic synchronization of their
clocks.
Suppose:
l
Issue 01 (2011-10-26)
Before the system clocks of Switch A and Switch B are synchronized, the clock of Switch
A is set to 10:00:00 am and the clock of Switch B is set to 11:00:00 am.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
210
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
l
Switch B functions as an NTP time server. That is, Switch A synchronizes its clock with
that of Switch B.
l
One-way transmission of data packets between Switch A and Switch B takes one second.
l
Processing of data packets on the Switch A or theSwitch B takes one second.
Figure 4-1 NTP basic principle diagram
NTP packet 10:00:00am
Step 1:
Network
SwitchA
SwitchB
NTP packet 10:00:00am
Step 2:
11:00:01am
Network
SwitchA
SwitchB
NTP packet 10:00:00am 11:00:01am 11:00:02am
Step 3:
Network
SwitchA
SwitchB
NTP packet received at
10:00:03
Step 4:
Network
SwitchA
SwitchB
The process of synchronizing system clocks is as follows:
1.
Switch A sends an NTP packet to Switch B. The packet carries the originating timestamp
when it leaves Switch A, which is 10:00:00 am (T1).
2.
When the NTP packet reaches Switch B, Switch B adds its receiving timestamp to the NTP
packet, which is 11: 00:01 am (T2).
3.
When the NTP packet leaves Switch B, Switch B adds its transmitting timestamp to the
NTP packet, which is 11:00:02 am (T3).
4.
When Switch A receives the response packet, it adds a new receiving timestamp to it, which
is 10:00:03 am (T4).
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
211
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
Switch A uses the received information to calculate the following two important values:
l Delay for the NTP message cycle: Delay = (T4 - T1) - (T3 - T2).
l Offset of Switch A relative to Switch B: Offset = ((T2 - T1) + (T3 - T4))/2.
According to the delay and the offset, Switch A sets its own clock again to synchronize
with the clock of Switch B.
The preceding example is only a simple description of the NTP operating principle. As
described in RFC 1305, NTP uses a complex algorithm to ensure the precision of clock
synchronization.
The server and client are two relative concepts. The device that provides standard time is
referred to as a time server, and the device that enjoys the time service is referred to as a
client.
4.2 NTP Supported by the S5700
This part describes NTP operating modes supported by the S5700.
The switch supports the following NTP working modes
l
Unicast Server/Client Mode
l
Peer Mode
l
Broadcast Mode
l
Multicast Mode
Unicast Server/Client Mode
In this mode, you need to configure only the client. The server needs to be configured with only
one NTP primary clock.
Note that the client can be synchronized to the server but the server cannot be synchronized to
the client.
After the configuration:
1.
The client sends a synchronization request packet to the server, with the mode field being
set to 3. The value 3 indicates the client mode.
2.
Upon receiving the request packet, the server automatically works in the server mode and
sends a response packet with the mode field being set to 4. The value 4 indicates the server
mode.
3.
After receiving the response packet, the client performs clock filtering and selection, and
finally, is synchronized with the optimal server.
Peer Mode
In this mode, you need to configure NTP only on the symmetric active end. The symmetric active
end and symmetric passive end can be synchronized with each other.
Note that the clock with a lower stratum is synchronized to the one with a higher stratum.
After the configurations:
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
212
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
l
The symmetric active end sends a synchronization request packet to the symmetric passive
end with the mode field being set to 1. The value 1 indicates the symmetric active mode.
l
Upon receiving the request packet, the symmetric passive end automatically works in
symmetric passive mode and sends a response packet with the mode field being set to 2.
The value 2 indicates the symmetric passive mode.
Broadcast Mode
In this mode, you need to configure both the server and the client.
After the configurations:
l
The server periodically sends clock synchronization packets to the broadcast address
255.255.255.255.
l
The client senses broadcast packets from the server.
l
After receiving the first broadcast packet, to estimate the network delay, the client enables
a temporary server/client model for exchanging messages with the remote server.
l
The client then works in broadcast client mode, and continues to sense the incoming
broadcast packets to synchronize the local clock.
Multicast Mode
In this mode, you need to configure both the server and the client.
After the configurations:
l
The server periodically sends clock synchronization packets to the multicast address
224.0.1.1.
l
The client senses multicast packets from the server.
l
After receiving the first multicast packet, to estimate the network delay, the client enables
a temporary server/client model for exchanging messages with the remote server.
l
The client works in multicast client mode, and continues to sense the incoming multicast
packets to synchronize the local clock.
4.3 Configuring Basic NTP Functions
This section describes how to configure basic NTP functions, including the NTP operating
modes.
4.3.1 Establishing the Configuration Task
Before configuring basic NTP functions, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
Applicable Environment
NTP has the following operation modes:
l
Issue 01 (2011-10-26)
Server/client mode
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
213
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
l
Peer mode
l
Broadcast mode
l
Multicast mode
4 NTP Configuration
In actual applications, a proper operation mode needs to be selected according to the networking
topology to meet various clock synchronization requirements.
For the unicast server/client mode and the peer mode, all the NTP packets sent locally can have
the same interface IP address as the source IP address.
Pre-configuration Tasks
Before configuring basic functions of NTP, you need to complete the following tasks:
l
Configuring the link layer protocol for the interface
l
Configuring an IP address and a routing protocol for the interface to ensure that NTP packets
can reach destinations
Data Preparation
To configure basic functions of NTP, you need the following data.
No.
Data
1
Primary NTP clock and its stratum
2
Interfaces to send and receive NTP packets
3
NTP version
4
Preparing the data according to the operation mode
l Server/client mode: IP address of the server and the VPN instance that the server
belongs to
l Peer mode: IP address of the symmetric passive end and the VPN instance that it
belongs to
l Broadcast mode: interfaces to send and receive broadcast NTP packets and the
maximum sessions set up dynamically on the client
l Multicast mode: IP address of the multicast group, the TTL value of the multicast
packets, the interfaces to send and receive the multicast packets, and the maximum
number of the session dynamically set up on the client
5
Interface disabled from receiving NTP packets
4.3.2 Configuring the NTP Primary Clock
The stratum configured for the master clock on the server must be lower than the stratum
configured for the clock on the client. Otherwise, the clock on the client cannot synchronize with
the master clock on the server.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
214
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
Context
If you want to configure a switch to provide a primary NTP clock, do as follows on the switch
functioning as the NTP server.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ntp-service refclock-master [ ip-address ] [ stratum ]
A primary NTP server is displayed.
ip-address is the IP address of the local reference clock. Its value is 127.127.t.u. Here, "t" ranges
from 0 to 37. Currently, "t" can be only 1, indicating the local reference clock. "u" indicates the
NTP process number, ranging from 0 to 3.
When no IP address is specified, the local clock whose IP address is 127.127.1.0 functions as
the primary NTP clock by default, with the stratum being 8.
----End
4.3.3 Configuring the Unicast Server/Client Mode
In C/S mode, the clock on the client synchronizes with the master clock on the server.
Context
Commonly, specify the IP address of the NTP server on the client. The client and server can
then exchange NTP packets using this IP address.
If the source interface to send NTP packets is specified on the server, the IP address of the server
configured on the client should be the same; otherwise, the client cannot process NTP packets
sent from the server and clock synchronization fails.
Procedure
l
Configuring the NTP Client
Do as follows on the switch functioning as a client:
1.
Run:
system-view
The system view is displayed.
2.
(Optional) Run:
ntp-service source-interface vlanif vlan-id
The local source interface that receives the NTP packet is configured.
3.
Run:
ntp-service unicast-server ip-address [ version number | authenticationkeyid key-id | source-interface interface-type interface-number |
preference ] *
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
215
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
The IP address of the NTP server is configured.
Step 2 is optional. If source-interface is specified in Step 3, use it preferentially.
ip-address is the IP address of the NTP server. It can be the IP address of the host
rather than a broadcast address, a multicast address, or the IP address of the reference
clock.
NOTE
When the unicast NTP server is specified, the local switch functions as the client automatically.
The server needs to be configured with only a primary clock.
l
(Optional) Configuring the Source Interface for the NTP Server to Send NTP Packets
Do as follows on the switch working as a client:
1.
Run:
system-view
The system view is displayed.
2.
Run:
ntp-service source-interface vlanif vlan-id
The local source interface that sends NTP packets is specified.
Commonly, specify the IP address of the NTP server on the client. The client and
server can then exchange NTP packets using this IP address
If the source interface to send NTP packets is specified on the server, the IP address
of the server configured on the client should be the same; otherwise, the client cannot
process NTP packets sent from the server and clock synchronization fails.
----End
4.3.4 Configuring the Peer Mode
This part describes how to configure the NTP peer mode. In this mode, clocks on the two peers
synchronize with each other. Each side can send the clock synchronization request message to
the peer and reply the clock synchronization request message from the peer.
Procedure
l
Configuring the NTP Symmetric Active End
1.
Run:
system-view
The system view is displayed.
2.
(Optional) Run:
ntp-service source-interface vlanif vlan-id
The local source interface that sends NTP packets is specified.
3.
Run:
ntp-service unicast-peer ip-address [ version number | authenticationkeyid key-id | source-interface interface-type interface-number |
preference ] *
The NTP peer is configured.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
216
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
Step 2 is optional. If source-interface is specified in both Step 2 and Step 3, use the
source interface specified in Step 3 preferentially.
ip-address is the IP address of the NTP peer. It can be the IP address of a host address
rather than a broadcast address, a multicast address, or the IP address of the reference
clock.
NOTE
After the NTP peer is specified, the local switch runs in symmetric active mode. The symmetric
passive end need not be configured.
l
(Optional) Configuring the Source Interface of the NTP Symmetric Passive End
1.
Run:
system-view
The system view is displayed.
2.
Run:
ntp-service source-interface vlanif vlan-id
The local source interface that sends NTP packets is specified.
Commonly, specify the IP address of the NTP server on the client. The client and
server can then exchange NTP packets using this IP address
If the source interface to send NTP packets is specified on the symmetric active end,
the IP address of the NTP peer configured on the symmetric passive end should be
the same; otherwise, the passive end cannot process NTP packets sent from the active
end and clock synchronization fails.
----End
4.3.5 Configuring the Broadcast Mode
This part describes how to configure the NTP broadcast mode on the LAN to synchronize clocks
on the LAN.
Procedure
l
Configuring an NTP Broadcast Server
Do as follows on the switch functioning as an NTP broadcast server:
1.
Run:
system-view
The system view is displayed.
2.
Run:
vlan vlan-id
A VLAN is created and the VLAN view is displayed.
3.
Run:
interface vlanif vlan-id
The interface that sends NTP broadcast packets is specified.
4.
Run:
ntp-service broadcast-server [ authentication-keyid key-id | version
number ]*
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
217
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
The local switch is set as an NTP broadcast server.
After the configurations, the local switch periodically sends the clock synchronization
packets to the broadcast address 255.255.255.255.
NOTE
Broadcast mode can be used only in the same LAN.
l
Configuring an NTP Broadcast Client
Do as follows on the switch functioning as an NTP broadcast client:
1.
Run:
system-view
The system view is displayed.
2.
(Optional) Run:
ntp-service max-dynamic-sessions number
The number of local sessions allowed to be set up dynamically is set.
3.
Run:
vlan vlan-id
A VLAN is created and the VLAN view is displayed.
4.
Run:
interface vlanif vlan-id
The interface that receives NTP broadcast packets is specified.
5.
Run:
ntp-service broadcast-client
The local switch is configured as an NTP broadcast client.
Step 2 is optional. By default, a maximum of 100 NTP sessions can be set up
dynamically.
After the configurations, the local switch senses the broadcast NTP packets sent from
the server and synchronizes the local clock.
Running the ntp-service max-dynamic-sessions command does not affect the
existence of NTP sessions. When the number of the sessions reaches or exceeds the
maximum, the new session cannot be set up further.
----End
4.3.6 Configuring the Multicast Mode
This part describes how to configure the NTP multicast mode to synchronize clocks in a multicast
domain.
Procedure
l
Configuring an NTP Multicast Server
Do as follows on the switch functioning as an NTP multicast server:
1.
Run:
system-view
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
218
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
The system view is displayed.
2.
Run:
vlan vlan-id
A VLAN is created and the VLAN view is displayed.
3.
Run:
interface vlanif vlan-id
The interface that sends NTP multicast packets is specified.
4.
Run:
ntp-service multicast-server [ ip-address ] [ authentication-keyid key-id
| ttl ttl-number | version number ] *
The local switch is set to be an NTP multicast server.
After the configurations, the local switch periodically sends clock synchronization
packets to the multicast address 224.0.1.1.
l
Configuring an NTP Multicast Client
Do as follows on the switch functioning as an NTP multicast client:
1.
Run:
system-view
The system view is displayed.
2.
(Optional) Run:
ntp-service max-dynamic-sessions number
The number of local sessions allowed to be set up dynamically is set.
3.
Run:
vlan vlan-id
A VLAN is created and the VLAN view is displayed.
4.
Run:
interface vlanif vlan-id
The interface that receives NTP multicast packets is specified.
5.
Run:
ntp-service multicast-client [ ip-address ]
The local switch is set to be an NTP multicast client.
Step 2 is optional. By default, up to 100 NTP sessions can be set up dynamically.
After the configurations, the local switch senses the multicast NTP packets sent from
the server and synchronizes the local clock.
Running the ntp-service max-dynamic-sessions command does not affect the
existence of NTP sessions. When the number of the sessions reaches or exceeds the
maximum, the new session cannot be set up further.
----End
4.3.7 Disabling the Interface From Receiving NTP Packets
To prevent a host on the LAN from synchronizing the clock on the specified server, you can
disable the specified interface on the host from receiving NTP packets.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
219
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
Context
Do as follows on the switch that needs to be disabled from receiving NTP packets.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
A VLAN is created and the VLAN view is displayed.
Step 3 Run:
interface vlanif vlan-id
The interface that receives NTP packets is specified.
Step 4 Run:
ntp-service in-interface disable
The interface on the switch is disabled from receiving NTP packets.
----End
4.3.8 (Optional) Setting the Maximum Number of Dynamic NTP
Sessions
Context
Do as follows on the S5700 that functions as a client.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ntp-service max-dynamic-sessions number
The maximum number of dynamic NTP sessions is set.
----End
4.3.9 Checking the Configuration
After basic NTP functions are configured, you can view the configuration.
Prerequisite
The configurations of the Basic NTP Functions are complete.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
220
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
Procedure
l
Run the display ntp-service status command to view the status of the NTP service.
l
Run the display ntp-service sessions [ verbose ] command to view the status of NTP
sessions.
l
Run the display ntp-service trace command to view the summary information on each
passing NTP server when tracing from the local device to the reference clock source.
----End
Example
Run the display ntp-service status command to view the status of the NTP service.
<Quidway> display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 10.00 ms
reference time: 15:51:36.259 UTC Apr 25 2010(C6179088.426490A3)
Run the display ntp-service sessions [ verbose ] command to view the status of NTP sessions.
<Quidway> display ntp-service sessions
source
reference
stra reach poll now offset delay
disper
********************************************************************************
[12345]127.127.1.0
LOCAL(0)
7
1
64
2
0.0
15.6
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured,
6 vpn-instance
Run the display ntp-service trace command to view the summary information on each passing
NTP server when tracing from the local device to the reference clock source.
<Quidway> display ntp-service trace
server 127.0.0.1,stratum 5, offset 0.024099,
server 171.1.1.2,stratum 4, offset 0.028786,
server 201.1.1.2,stratum 3, offset 0.035199,
server 200.1.7.1,stratum 2, offset 0.039855,
refid 127.127.1.0
synch
synch
synch
synch
distance
distance
distance
distance
0.06337
0.04575
0.03075
0.01096
4.4 Configuring NTP Security Mechanisms
This section describes how to configure NTP security mechanisms to guarantee reliable clock
synchronization on networks demanding high security.
4.4.1 Establishing the Configuration Task
Before configuring NTP security mechanisms , familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
221
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
Applicable Environment
NTP supports two security mechanisms: access authority and NTP authentication.
l
Access authority
Access authority is a type of simple security method provided by the S5700 to protect local
NTP services.
The S5700 provides four access authority levels. When an NTP access request packet
reaches the local end, it is matched in an order from the minimum access authority to the
maximum access authority. The first matched authority level takes effect. The matching
order is as follows:
– peer: indicates the minimum access authority. The remote end can send the request of
the local time and the control query to the local end. The local clock can also be
synchronized with that of the remote server.
– server: indicates the remote end can perform the time request and control query to the
local end but the local clock cannot be synchronized with that of the remote end.
– synchronization: indicates that the remote end can perform only the time request to the
local end.
– query: indicates the maximum access authority. The remote end can perform only the
control query to the local end.
l
NTP authentication
NTP authentication is required in some networks with high security demands.
The configuration of NTP authentication involves configuring NTP authentication on both
the client and the server.
During the configuration of NTP authentication, pay attention to the following rules:
– Configure NTP authentication on both the client and the server; otherwise, the
authentication does not take effect.
– If NTP authentication is enabled, a reliable key needs to be configured at the same time.
– The authentication key configured on the server and that on the client should be
consistent.
– In NTP peer mode, the symmetric active end equals the client, and the symmetric passive
end equals the server.
Pre-configuration Tasks
Before configuring NTP security mechanisms, complete the following tasks:
l
Configuring the link layer protocol on the interface
l
Configuring the network layer address and routing protocol to make the server and client
reachable
l
Configuring ACL rules if the access authority is configured
Data Preparation
To configure NTP security mechanisms, you need the following data.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
222
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
No.
Data
1
ACL rules
2
Shared key and its ID that are used in NTP authentication
3
NTP primary clock and its stratum
4
Interfaces that send and receive NTP packets
5
NTP version
6
Preparing the following data according to the NTP operation mode:
l Server/client mode: IP address of the server and the VPN instance the server
belongs to
l Peer mode: IP address of the symmetric passive end and the VPN instance it
belongs to
l Broadcast mode: interfaces to send and receive broadcast NTP packets and the
maximum number of the sessions set up dynamically on the client
l Multicast mode: IP address of the multicast group and the TTL values of the
multicast packets
4.4.2 Setting NTP Access Authorities
When receiving an access request packet, the NTP server matches the request packet with the
access authority in descending order (from peer, server, synchronization to query). The first
matched authority takes effect.
Context
Do as follows on the switch.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ntp-service access { peer | query | server | synchronization } acl-number
Access authority for the NTP service on the local switch is configured.
You can configure the ntp-service access command depending on the actual situations.
Table 4-1 shows the detailed NTP access authorities.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
223
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
Table 4-1 Description of the NTP access authorities
NTP Operation Mode
Limited NTP Query
Supported Devices
Unicast NTP server/client
mode
Synchronizing the client with
the server
Client
Unicast NTP server/client
mode
Clock synchronization
request from the client
Server
NTP peer mode
Clock synchronization with
each other
Symmetric active end
NTP peer mode
Clock synchronization
request from the active end
Symmetric passive end
NTP multicast mode
Synchronizing the client with
the server
NTP multicast client
NTP broadcast mode
Synchronizing the client with
the server
NTP broadcast client
----End
4.4.3 Enabling NTP Authentication
This part describes how to set NTP Autokey authentication on the device.
Context
NTP client synchronizes to authenticated NTP servers to ensure that time service is reliable
across the network. Authentication prevents the modification of NTP message data from
malicious network attacks.
Do as follows on the switch.
Procedure
l
Configuring NTP MD5 autentication
NOTE
l Configure the same authentication key on the server and client and affirm that the key is reliable;
otherwise, NTP authentication fails.
l Enable NTP authentication before performing actual authentication.
1.
Run:
system-view
The system view is displayed.
2.
Run:
ntp-service authentication enable
NTP authentication is enabled.
3.
Run:
ntp-service authentication-keyid key-id authentication-mode md5 password
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
224
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
The NTP authentication key is configured.
4.
Run:
ntp-service reliable authentication-keyid key-id
The authentication key is declared to be reliable.
----End
4.4.4 Configuring NTP Authentication in Unicast Server/Client
Mode
By configuring the authentication key ID used in the synchronization with the specific NTP
server on the NTP client, you can apply NTP authentication in C/S mode.
Context
Do as follows on the switch that functions as an NTP unicast client.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ntp-service unicast-server ip-address [ [ authentication-keyid key-id ] |
[ version number ] | [ source-interface interface-type interface-number ]
[ preference ] ]*
|
The ID of the authentication key used for the synchronization of the server and client clocks is
configured.
----End
4.4.5 Configuring NTP Authentication in Peer Mode
By configuring the authentication key ID used in the synchronization with the peer on the local
end, you can apply NTP authentication in peer mode.
Context
Do as follows on the switch that functions as the symmetric active end.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ntp-service unicast-peer ip-address [ version number | authentication-keyid key-id
| source-interface interface-type interface-number | preference ] *
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
225
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
The ID of the authentication key used for the synchronization of the clocks on the NAT peer is
configured.
----End
4.4.6 Configuring NTP Authentication in Broadcast Mode
By configuring the authentication key ID used in the synchronization with the NTP broadcast
server on the local switch, you can apply NTP authentication in broadcast mode.
Context
Do as follows on the switch that functions as an NTP broadcast server.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
A VLAN is created and the VLAN view is displayed.
Step 3 Run:
interface vlanif vlan-id
The interface that receives NTP broadcast packets is specified.
Step 4 Run:
ntp-service broadcast-server [ authentication-keyid key-id | version number ] *
The ID of the authentication key used by the NTP broadcast server is configured.
For configuring the broadcast client, see Configuring the Broadcast Mode.
----End
4.4.7 Configuring NTP Authentication in Multicast Mode
By configuring the authentication key ID used in the synchronization with the NTP multicast
server on the local switch, you can apply NTP authentication in multicast mode.
Context
Do as follows on the switch that functions as an NTP multicast server.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
226
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
vlan vlan-id
A VLAN is created and the VLAN view is displayed.
Step 3 Run:
interface vlanif vlan-id
The interface to send multicast NTP packets is specified.
Step 4 Run:
ntp-service multicast-server [ authentication-keyid key-id | version number ]*
The ID of the authentication key used by the NTP multicast server is configured.
For configuring the multicast client, see Configuring the Broadcast Mode.
----End
4.4.8 Checking the Configuration
After NTP security mechanisms are configured, you can view the configuration.
Prerequisite
The configurations of the NTP Security Mechanisms are complete.
Procedure
l
Run the display ntp-service status command to view the status of the NTP service.
l
Run the display ntp-service sessions [ verbose ] command to view the status of NTP
sessions.
----End
Example
Run the display ntp-service status command to view the status of the NTP service.
<Quidway> display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 10.00 ms
reference time: 15:51:36.259 UTC Apr 25 2010(C6179088.426490A3)
Run the display ntp-service sessions [ verbose ] command to view the status of NTP sessions.
<Quidway> display ntp-service sessions
source
reference
stra reach poll now offset delay
disper
********************************************************************************
[12345]127.127.1.0
LOCAL(0)
7
1
64
2
0.0
15.6
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured,
6 vpn-instance
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
227
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
4.5 Maintaining NTP
This section describes how to debug NTP through the debugging command in case of an NTP
operation fault.
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
Run the following debugging commands in the user view to debug NTP and locate the fault.
For the description about the debugging commands, refer to the Quidway S5700 Series Ethernet
Switches Command Reference.
Procedure
Step 1 Run the debugging ntp-service { access | adjustment | all | authentication | event | filter |
packet | parameter | refclock | selection | synchronization | validity } to enable NTP
debugging.
----End
4.6 Configuration Examples
This section provides several configuration examples of NTP.
4.6.1 Example for Configuring NTP Authentication in Unicast
Client/Server Mode
Networking Requirements
Figure 4-2 shows the diagram of NTP.
l
Switch A functions as a unicast NTP server. The clock of Switch A is the master clock with
the stratum being 2.
l
Switch B functions as a unicast NTP client. Its clock needs to be synchronized with the
clock of Switch A.
l
Switch C and Switch D function as NTP clients of Switch B.
l
NTP authentication needs to be enabled.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
228
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
Figure 4-2 Networking diagram for configuring the unicast client/server mode
VLANIF111
10.0.0.2/24
VLANIF100
2.2.2.2/24
SwitchA
IP
Network
VLANIF110
VLANIF111
SwitchC
VLANIF111
10.0.0.1/24
1.0.1.11/24
10.0.0.3/24
SwitchB
SwitchD
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch A as an NTP server and configure the master clock on Switch A.
2.
Configure Switch B as an NTP client. Switch B synchronizes its clock with the clock of
Switch A.
3.
Configure Switch C and Switch D to synchronize their clocks with the clock of Switch B.
4.
Configure NTP authentication on Switch A, Switch B, Switch C, and Switch D.
NOTE
When configuring NTP authentication in unicast client/server mode, pay attention to the following
points:
l You must enable NTP authentication on the client before specifying the IP address of the NTP
server and authentication key to be sent to the server; otherwise, NTP authentication is not
performed before clock synchronization.
l To implement authentication successfully, configure both the server and the client.
Data Preparation
To complete the configuration, you need the following data:
l
IP address of the reference clock
l
Stratum count of the NTP master clock
l
Key ID
l
Password
Procedure
Step 1 Configure the IP addresses of the Switches and ensure that the routes between them are reachable.
Configure the IP addresses according to Figure 4-2 so that Switch A, Switch B, Switch C and
Switch D are routable.
The configuration procedure is not mentioned.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
229
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
Step 2 Configure a master NTP clock on Switch A and enable NTP authentication.
# On Switch A, set the clock as a master NTP clock with stratum being 2.
<SwitchA> system-view
[SwitchA] ntp-service refclock-master 2
# Enable NTP authentication on Switch A, configure the authentication key, and declare the key
to be reliable.
[SwitchA] ntp-service authentication enable
[SwitchA] ntp-service authentication-keyid 42 authentication-mode md5 Hello
[SwitchA] ntp-service reliable authentication-keyid 42
The authentication keys configured on the server and the client must be the same.
Step 3 Configure Switch B as the NTP server and enable the NTP authentication.
# Enable NTP authentication on Switch B, configure the authentication key, and declare the key
to be reliable.
<SwitchB>
[SwitchB]
[SwitchB]
[SwitchB]
system-view
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 Hello
ntp-service reliable authentication-keyid 42
# # Configure Switch A to be the NTP server of Switch B and use the authentication key.
[SwitchB] ntp-service unicast-server 2.2.2.2 authentication-keyid 42
Step 4 Specify the NTP server for Switch C.
# Configure Switch B as the NTP server of Switch C.
<SwitchC>
[SwitchC]
[SwitchC]
[SwitchC]
[SwitchC]
system-view
ntp-service
ntp-service
ntp-service
ntp-service
authentication enable
authentication-keyid 42 authentication-mode md5 Hello
reliable authentication-keyid 42
unicast-server 10.0.0.1 authentication-keyid 42
Step 5 Specify the NTP server for Switch D.
# Configure Switch B as the NTP server of Switch D.
<SwitchD>
[SwitchD]
[SwitchD]
[SwitchD]
[SwitchD]
system-view
ntp-service
ntp-service
ntp-service
ntp-service
authentication enable
authentication-keyid 42 authentication-mode md5 Hello
reliable authentication-keyid 42
unicast-server 10.0.0.1 authentication-keyid 42
Step 6 Verify the configuration.
After the configurations, Switch B can synchronize its clock with the clock of Switch A.
Check the NTP status of Switch B, and you can view that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch B is 3, one
stratum lower than the clock stratum of Switch A.
[SwitchB] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 2.2.2.2
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
230
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Mar 2 2006(C7B15BCC.D5604189)
After the configurations, Switch C can synchronize its clock with the clock of Switch B.
Check the NTP status of Switch C, and you can view that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch C is 4, one
stratum lower than the clock stratum of Switch B.
[SwitchC] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.0.1
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Mar 2 2006(C7B15BCC.D5604189)
Check the NTP status of Switch D, and you can see that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch C is 4, one
stratum lower than the clock stratum of Switch B.
[SwitchD] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.0.1
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Mar 2 2006(C7B15BCC.D5604189)
Check the NTP status of Switch A.
[SwitchA] display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 26.50 ms
peer dispersion: 10.00 ms
reference time: 12:01:48.377 UTC Mar 2 2006(C7B15D2C.60A15981)
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 2.2.2.2 255.255.255.0
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
231
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 2.2.2.0 0.0.0.255
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 42
ntp-service refclock-master 2
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 110 111
#
interface Vlanif110
ip address 1.0.1.11 255.255.255.0
#
interface Vlanif111
ip address 10.0.0.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 111
port hybrid untagged vlan 111
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 110
port hybrid untagged vlan 110
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
network 10.0.0.0 0.0.0.255
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 42
ntp-service unicast-server 2.2.2.2 authentication-keyid 42
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 111
#
interface Vlanif111
ip address 10.0.0.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 111
port hybrid untagged vlan 111
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 42
ntp-service unicast-server 10.0.0.1 authentication-keyid 42
#
return
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
232
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
l
4 NTP Configuration
Configuration file of Switch D
#
sysname SwitchD
#
vlan batch 111
#
interface Vlanif111
ip address 10.0.0.3 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 111
port hybrid untagged vlan 111
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 42
ntp-service unicast-server 10.0.0.1 authentication-keyid 42
#
return
4.6.2 Example for Configuring the Common NTP Peer Mode
Networking Requirements
As shown in Figure 4-3, three Switches reside on the LAN.
l
The clock of Switch C is the master clock and the clock stratum is 2.
l
Switch C is the NTP server of Switch D. That is, Switch D is the client.
l
Switch D is the passive peer of Switch E. That is, Switch E is the active end.
Figure 4-3 Networking diagram for configuring the NTP peer mode
SwitchC
GE0/0/1
3.0.1.31/24
GE0/0/1
3.0.1.33/24
SwitchE
GE0/0/1
3.0.1.32/24
SwitchD
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the clock on Switch C as the master clock. The clock on Switch D should be
synchronized to the clock on Switch C.
2.
Configure Switch E and Switch D as the NTP peers so that Switch E should send clock
synchronization requests to Switch D.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
233
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3.
4 NTP Configuration
The clocks on Switch C, Switch D and Switch E can be synchronized.
Data Preparation
To complete the configuration, you need the following data:
l
IP address of Switch C
l
IP address of Switch D
l
Stratum count of the NTP master clock
Procedure
Step 1 Configure IP addresses for Switch C, Switch D, and Switch E.
Configure an IP address for each interface according to Figure 4-3. After configurations, the
three Switches can ping each other.
The configuration procedure is not mentioned.
Step 2 Configure the unicast NTP client/server mode.
# On Switch C, set the clock as a master NTP clock with stratum being 2.
<SwitchC> system-view
[SwitchC] ntp-service refclock-master 2
# Configure Switch C as the NTP server of Switch D.
<SwitchD> system-view
[SwitchD] ntp-service unicast-server 3.0.1.31
After the configurations, the clock of Switch D is synchronized with the clock of Switch C.
Check the NTP status of Switch D, and you can see that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch D is 3, one
stratum lower than the clock stratum of Switch C.
[SwitchD] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 3.0.1.31
nominal frequency: 64.0029 Hz
actual frequency: 64.0029 Hz
clock precision: 2^7
clock offset: 0.0000 ms
root delay: 62.50 ms
root dispersion: 0.20 ms
peer dispersion: 7.81 ms
reference time: 06:52:33.465 UTC Mar 7 2006(C7B7AC31.773E89A8)
Step 3 Configure the unicast NTP peer mode.
# Configure Switch D as the passive peer of Switch E.
<SwitchE> system-view
[SwitchE] ntp-service unicast-peer 3.0.1.32
No master clock is configured on Switch E, so the clock on Switch E should be synchronized
to the clock on Switch D.
Step 4 Verify the configuration.
View the status of Switch E after clock synchronization.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
234
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
Check the NTP status of Switch E, and you can see that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch E is 4, one
stratum lower than the clock stratum of Switch D.
[SwitchE] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 3.0.1.32
nominal frequency: 64.0029 Hz
actual frequency: 64.0029 Hz
clock precision: 2^7
clock offset: 0.0000 ms
root delay: 124.98 ms
root dispersion: 0.15 ms
peer dispersion: 10.96 ms
reference time: 06:55:50.784 UTC Mar 7 2006(C7B7ACF6.C8D002E2)
----End
Configuration Files
l
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 100
#
interface Vlanif100
ip address 3.0.1.31 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ntp-service refclock-master 2
#
return
l
Configuration file of Switch D
#
sysname SwitchD
#
vlan batch 100
#
interface Vlanif100
ip address 3.0.1.32 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ntp-service unicast-server 3.0.1.31
#
return
l
Configuration file of Switch E
#
sysname SwitchE
#
vlan batch 100
#
interface Vlanif100
ip address 3.0.1.33 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
235
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
port hybrid untagged vlan 100
#
ntp-service unicast-peer 3.0.1.32
#
return
4.6.3 Example for Configuring NTP Authentication in Broadcast
Mode
Networking Requirements
As shown in Figure 4-4,
l
Switch C and Switch D are on the same network segment; Switch A is on another network
segment; Switch F connects the two network segments.
l
As the NTP broadcast server, Switch C uses the local clock as the NTP master clock, which
is a stratum-3 clock. Switch C sends broadcast packets through VLANIF10, namely,
GigabitEthernet0/0/1.
l
Switch D uses VLANIF10, namely, GigabitEthernet0/0/1, to listen to the broadcast packets.
l
Switch A uses VLANIF20, namely, GigabitEthernet0/0/1, to listen to the broadcast packets.
l
NTP authentication needs to be enabled.
Figure 4-4 Networking diagram for configuring the NTP broadcast mode
GE0/0/1
VLANIF10
3.0.1.31/24
GE0/0/1
GE0/0/1
GE0/0/2
VLANIF10
VLANIF20 VLANIF20
SwitchA 1.0.1.11/24 1.0.1.2/24SwitchF3.0.1.2/24
SwitchC
GE0/0/1
VLANIF10
3.0.1.32/24
SwitchD
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch C as the NTP broadcast server.
2.
Configure Switch A and Switch D as the NTP broadcast clients.
3.
Configure NTP authentication on Switch A, Switch C, and Switch D.
Data Preparation
To complete the configuration, you need the following data:
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
236
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
l
IP address of each interface
l
IDs of VLANs to which the interfaces belong
l
Stratum count of the NTP master clock
l
Authentication key and key ID
Procedure
Step 1 Configure the IP addresses of the Switches.
Configure the IP address of each interface according to Figure 4-4.
# Configure the IP address of the VLANIF interface on Switch C.
<SwitchC> system-view
[SwitchC] vlan 10
[SwitchC-Vlan10] quit
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchC-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10]ip address 3.0.1.31 24
[SwitchC-Vlanif10]quit
# Configure the IP address of the VLANIF interface on Switch D.
<SwitchD> system-view
[SwitchD] vlan 10
[SwitchD-Vlan10] quit
[SwitchD] interface gigabitethernet 0/0/1
[SwitchD-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchD-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchD-GigabitEthernet0/0/1] quit
[SwitchD] interface vlanif 10
[SwitchD-Vlanif10] ip address 3.0.1.32 24
[SwitchD-Vlanif10] quit
# Configure the IP address of the VLANIF interface on Switch F.
<SwitchF> system-view
[SwitchF] vlan 10
[SwitchF-Vlan10] quit
[SwitchF] interface gigabitethernet 0/0/2
[SwitchF-GigabitEthernet0/0/2] port hybrid
[SwitchF-GigabitEthernet0/0/2] port hybrid
[SwitchF-GigabitEthernet0/0/2] quit
[SwitchF] interface vlanif 10
[SwitchF-Vlanif10] ip address 3.0.1.2 24
[SwitchF-Vlanif10] quit
[SwitchF] vlan 20
[SwitchF-Vlan20] quit
[SwitchF] interface gigabitethernet 0/0/1
[SwitchF-GigabitEthernet0/0/1] port hybrid
[SwitchF-GigabitEthernet0/0/1] port hybrid
[SwitchF-GigabitEthernet0/0/1] quit
[SwitchF] interface vlanif 20
[SwitchF-vlanif20] ip address 1.0.1.2 24
[SwitchF-vlanif20] quit
pvid vlan 10
untagged vlan 10
pvid vlan 20
untagged vlan 20
# Configure the IP address of the VLANIF interface on Switch A.
<SwitchA> system-view
[SwitchA] vlan 20
[SwitchA-Vlan20] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 20
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
237
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 20
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 20
[SwitchA-vlanif20] ip address 1.0.1.11 24
[SwitchA-vlanif20] quit
Step 2 Configure the routes between them are reachable.The configuration procedure is not mentioned.
Step 3 Configure the NTP broadcast server and enable NTP authentication.
# Configure the clock of Switch C as the NTP master clock with the stratum being 3.
<SwitchC> system-view
[SwitchC] ntp-service refclock-master 3
# Enable NTP authentication.
[SwitchC] ntp-service authentication enable
[SwitchC] ntp-service authentication-keyid 16 authentication-mode md5 Hello
[SwitchC] ntp-service reliable authentication-keyid 16
# Configure Switch C as an NTP broadcast server. Broadcast packets are encrypted by using the
authentication key ID 16 and then sent through VLANIF10.
[SwitchC] interface vlanif 10
[SwitchC-vlanif10] ntp-service broadcast-server authentication-keyid 16
[SwitchC-vlanif10] quit
Step 4 Configure Switch D, which resides on the same network segment with the server.
# Enable NTP authentication.
<SwitchD>
[SwitchD]
[SwitchD]
[SwitchD]
system-view
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode md5 Hello
ntp-service reliable authentication-keyid 16
# Configure Switch D as the NTP broadcast client and configure Switch D to listen to NTP
broadcast packets through VLANIF10.
[SwitchD]interface vlanif 10
[SwitchD-vlanif10] ntp-service broadcast-client
[SwitchD-vlanif10] quit
After the configurations, the clock of Switch D is synchronized with the clock of Switch C.
Step 5 Configure Switch A, which resides on different network segment from the server.
# Enable NTP authentication.
[SwitchA] ntp-service authentication enable
[SwitchA] ntp-service authentication-keyid 16 authentication-mode md5 Hello
[SwitchA] ntp-service reliable authentication-keyid 16
# Configure Switch A as the NTP broadcast client and configure Switch A to listen to NTP
broadcast packets through VLANIF20.
[SwitchA]interface vlanif 20
[SwitchA-vlanif20] ntp-service broadcast-client
[SwitchA-vlanif20] quit
Step 6 Verify the configuration.
After the configurations, the clock on Switch D can be synchronized to the clock on Switch C,
but the clock on Switch A cannot be synchronized
because Switch A and Switch C are on different network segments and Switch A cannot receive
the broadcast packets sent from Switch C.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
238
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
Check the NTP status of Switch D, and you can see that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch D is 4, one
stratum lower than the clock stratum of Switch C.
[SwitchD] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 3.0.1.31
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.42 ms
peer dispersion: 0.00 ms
reference time: 12:17:21.773 UTC Mar 7 2006(C7B7F851.C5EAF25B)
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 20
#
interface Vlanif20
ip address 1.0.1.11 255.255.255.0
ntp-service broadcast-client
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
#
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 16
#
return
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 10
#
interface Vlanif10
ip address 3.0.1.31 255.255.255.0
ntp-service broadcast-server authentication-keyid 16
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 16
ntp-service refclock-master 3
#
return
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
239
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
l
4 NTP Configuration
Configuration file of Switch D
#
sysname SwitchD
#
vlan batch 10
#
interface Vlanif10
ip address 3.0.1.32 255.255.255.0
ntp-service broadcast-client
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 16
#
return
l
Configuration file of Switch F
#
sysname SwitchF
#
vlan batch 10 20
#
interface Vlanif10
ip address 3.0.1.2 255.255.255.0
#
interface Vlanif20
ip address 1.0.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
network 3.0.1.0 0.0.0.255
#
return
4.6.4 Example for Configuring the Common NTP Multicast Mode
Networking Requirements
As shown in Figure 4-5,
l
Switch C and Switch D are on the same network segment; Switch A is on another network
segment; Switch F connects the two network segments.
l
As the NTP multicast server, Switch C uses the local clock as the NTP master clock, which
is a stratum-2 clock. Switch C sends multicast packets through VLANIF 10, namely,
GigabitEthernet0/0/1.
l
Switch D uses VLANIF 10, namely, GigabitEthernet0/0/1, to listen to the multicast packets.
l
Switch A uses VLANIF 20, namely, GigabitEthernet0/0/1, to listen to the multicast packets.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
240
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
Figure 4-5 Networking diagram for configuring the NTP multicast mode
GE0/0/1
VLANIF10
3.0.1.31/24
GE0/0/1
GE0/0/1
GE0/0/2
VLANIF10
VLANIF20 VLANIF20
SwitchA 1.0.1.11/24 1.0.1.2/24SwitchF3.0.1.2/24
SwitchC
GE0/0/1
VLANIF10
3.0.1.32/24
SwitchD
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch C as the NTP multicast server.
2.
Configure Switch A and Switch D as the NTP multicast clients.
Data Preparation
To complete the configuration, you need the following data:
l
IP address of each interface
l
Stratum count of the NTP master clock
Procedure
Step 1 Configure the IP addresses of the Switches.
Configure the IP address of each interface according to Figure 4-5.
# Configure the IP address of the VLANIF interface on Switch C.
<SwitchC> system-view
[SwitchC] vlan 10
[SwitchC-Vlan10] quit
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchC-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10]ip address 3.0.1.31 24
[SwitchC-Vlanif10]quit
# Configure the IP address of the VLANIF interface on Switch D.
<SwitchD> system-view
[SwitchD] vlan 10
[SwitchD-Vlan10] quit
[SwitchD] interface gigabitethernet 0/0/1
[SwitchD-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchD-GigabitEthernet0/0/1] port hybrid untagged vlan 10
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
241
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
[SwitchD-GigabitEthernet0/0/1] quit
[SwitchD] interface vlanif 10
[SwitchD-Vlanif10] ip address 3.0.1.32 24
[SwitchD-Vlanif10] quit
# Configure the IP address of the VLANIF interface on Switch F.
<SwitchF> system-view
[SwitchF] vlan 10
[SwitchF-Vlan10] quit
[SwitchF] interface gigabitethernet 0/0/2
[SwitchF-GigabitEthernet0/0/2] port hybrid
[SwitchF-GigabitEthernet0/0/2] port hybrid
[SwitchF-GigabitEthernet0/0/2] quit
[SwitchF] interface vlanif 10
[SwitchF-Vlanif10] ip address 3.0.1.2 24
[SwitchF-Vlanif10] quit
[SwitchF] vlan 20
[SwitchF-Vlan20] quit
[SwitchF] interface gigabitethernet 0/0/1
[SwitchF-GigabitEthernet0/0/1] port hybrid
[SwitchF-GigabitEthernet0/0/1] port hybrid
[SwitchF-GigabitEthernet0/0/1] quit
[SwitchF] interface vlanif 20
[SwitchF-vlanif20] ip address 1.0.1.2 24
[SwitchF-vlanif20] quit
pvid vlan 10
untagged vlan 10
pvid vlan 20
untagged vlan 20
# Configure the IP address of the VLANIF interface on Switch A.
<SwitchA> system-view
[SwitchA] vlan 20
[SwitchA-Vlan20] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 20
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 20
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 20
[SwitchA-vlanif20] ip address 1.0.1.11 24
[SwitchA-vlanif20] quit
Step 2 Configure the routes between them are reachable.The configuration procedure is not mentioned.
Step 3 Configure the NTP multicast server.
# Configure the clock of Switch C as the NTP master clock with the stratum being 2.
<SwitchC> system-view
[SwitchC] ntp-service refclock-master 2
# Configure Switch C as the NTP multicast client and configure Switch C to sense NTP multicast
packets through VLANIF10.
[SwitchC] interface vlanif 10
[SwitchC-vlanif10] ntp-service multicast-server
[SwitchC-vlanif10] quit
Step 4 Configure Switch D, which resides on the same network segment with the server.
# Configure Switch D as the NTP multicast client and configure Switch D to sense NTP multicast
packets through VLANIF10.
<SwitchD> system-view
[SwitchD] interface vlanif 10
[SwitchD-vlanif10] ntp-service multicast-client
[SwitchD-vlanif10] quit
Step 5 Configure Switch A, which resides on different network segment from the server.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
242
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
# Configure Switch A as the NTP multicast client and configure Switch A to sense NTP multicast
packets through VLANIF20.
<SwitchA> system-view
[SwitchA] interface vlanif 20
[SwitchA-vlanif20] ntp-service multicast-client
[SwitchA-vlanif20] quit
Step 6 Verify the configuration.
After the configurations, the clock on Switch D can be synchronized to the clock on Switch C,
but the clock on Switch A cannot be synchronized
because Switch A and Switch C are on different network segments and Switch A cannot receive
the multicast packets sent from Switch C.
Check the NTP status of Switch D, and you can see that the status of the clock is synchronized.
This means that the synchronization is complete. The stratum of the clock of Switch D is 3, one
stratum lower than the clock stratum of Switch C.
[SwitchD] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 3.0.1.31
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.66 ms
root delay: 24.47 ms
root dispersion: 208.39 ms
peer dispersion: 9.63 ms
reference time: 17:03:32.022 UTC Apr 25 2005(C61734FD.800303C0)
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 20
#
interface Vlanif20
ip address 1.0.1.11 255.255.255.0
ntp-service multicast-client
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 10
#
ntp-service refclock-master 2
#
interface Vlanif10
ip address 3.0.1.31 255.255.255.0
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
243
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
ntp-service multicast-server
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
l
Configuration file of Switch D
#
sysname SwitchD
#
vlan batch 10
#
interface Vlanif10
ip address 3.0.1.32 255.255.255.0
ntp-service multicast-client
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
Return
Configuration file of Switch F
#
sysname SwitchF
#
vlan batch 10 20
#
interface Vlanif10
ip address 3.0.1.2 255.255.255.0
#
interface Vlanif20
ip address 1.0.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
network 3.0.1.0 0.0.0.255
#
return
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
244
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
5 Ping and Tracert
5
Ping and Tracert
About This Chapter
This chapter describes basic concepts and applications of the ping and tracert commands.
5.1 Ping
The ping command is used to check network connectivity and host reachability. The word "ping"
is derived from the sonar operation, indicating a pulse of sound.
5.2 Tracert
Tracert, also called Trace Route, is used to check the IP addresses and the number of gateways
between the source and the destination. Tracert is helpful in testing network reachability and
locating the fault on the network.
5.3 Performing Ping and Tracert Operations
This section describes the execution of the ping and tracert commands.
5.4 Debugging Ping and Tracert
This section describes how to locate faults through ICMP messages.
5.5 Configuration Examples
This section provides a configuration example of ping and tracert operations.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
245
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
5 Ping and Tracert
5.1 Ping
The ping command is used to check network connectivity and host reachability. The word "ping"
is derived from the sonar operation, indicating a pulse of sound.
Figure 5-1 shows the ping process.After you run the ping command, an Internet Control
Message Protocol (ICMP) Echo Request message is sent to the destination. The destination then
returns an ICMP Echo Reply message immediately when receiving the ICMP Echo Request
message.
Figure 5-1 Principle of the ping operation
Source
Destination
ICMP Echo Request message
ICMP Echo Reply message
Ping tests IP reachability and status of the link between the source and the destination by checking
whether the destination sends back an ICMP Echo Reply message and measuring the interval
between sending the ICMP Echo Request message and receiving the ICMP Echo Reply message.
Figure 5-2 Format of ICMP Echo Request and Echo Reply messages
0
7
Type
15
23
Checksum
Code
31
Sequence number
Identifier
Data
Figure 5-2 shows the format of ICMP Echo Request and Echo Reply messages. The length of
the Data field is a variable. You can specify the length of the Data field in the ping command.
5.2 Tracert
Tracert, also called Trace Route, is used to check the IP addresses and the number of gateways
between the source and the destination. Tracert is helpful in testing network reachability and
locating the fault on the network.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
246
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
5 Ping and Tracert
The S5700 implements tracert based on ICMP. Tracert records the gateways that the ICMP
message passes along the path between a source host and a destination. In this manner, you can
check network connectivity and locate the fault.
Figure 5-3 Principle of the tracert operation
Switch
Step 1
Step 2
Step 3
TTL=1
Router-A
Router-B
Log Host
TTL=2
TTL=3
UDP datagram
ICMP Time Exceeded message
ICMP Destination Unreachable message
Take the networking in Figure 5-3 as an example to show tracert implementation on the
S5700. On the S5700, run the tracert command. The destination IP address is the IP address of
the log host and other parameters adopt the default values.
1.
The S5700 sends a UDP datagram to the log host, with the TTL value being 1 and the
destination UDP port number being 33434.
2.
After receiving the UDP datagram from the S5700, Router-A finds that the destination IP
address carried in the datagram is not its own address. Then, Router-A reduces the TTL
value by 1. Finding that the TTL value reaches 0, Router-A sends an ICMP Time Exceeded
message to the S5700.
3.
After receiving the ICMP Time Exceeded message, the S5700 increases the TTL value and
the UDP port number in the UDP datagram by 1 respectively and then sends out the UDP
datagram again.
4.
Perform Step 2 and Step 3, the log host receives the UDP datagram from the S5700.
5.
After receiving the UDP datagram from the S5700, the log host finds that the destination
is itself. It begins to process the datagram. The log host tries to find the upper layer protocol
corresponding to the destination UDP port number carried in the datagram. In most cases,
the UDP ports whose number is greater than 30000 are not used by any protocols. Therefore,
the log host sends an ICMP Destination Unreachable message to the S5700 to notify the
source that the destination port is unreachable.
6.
After receiving the ICMP Destination Unreachable message from the log host, the S5700
knows that the UDP datagram has reached the destination and thus stops running the tracert
program.
In the preceding steps, the tracert program on the source records the IP addresses of the gateways
between the source and the destination through the ICMP Time Exceeded message mentioned
in Step 3.
5.3 Performing Ping and Tracert Operations
This section describes the execution of the ping and tracert commands.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
247
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
5 Ping and Tracert
5.3.1 Establishing the Configuration Task
Application Environment
The Customer Edge (CE) connected to the S5700 cannot access the Internet. You need to run
the ping and tracert commands to check network connectivity.
Pre-configuration Tasks
Before performing ping and tracert operations, complete the following tasks:
l
Checking the physical connections between the CE and the S5700
l
Correctly configuring an IP address for the CE device
Data Preparation
To perform ping and tracert operations, you need the following data.
No.
Data
1
IP address of the CE device
2
IP address of the gateway
5.3.2 Checking Network Connectivity Through the Ping Operation
Context
Do as follows on the S5700:
Procedure
Step 1 Run:
ping [ ip ] [ -a source-ip-address | -c count | -d | -f | -h ttl-value | -i
interface-type interface-number | -m time | -n | -p pattern | -q | -r | -s
packetsize | -t timeout | -tos tos-value | -v ] * host
Network connectivity is tested.
Only some of the parameters are specified in the preceding ping command. For details on more
parameters, refer to the Quidway S5700 Series Ethernet Switches Command Reference.
The output of the ping command is as follows:
l Response to each ICMP Echo Request message: If no Echo Reply message is received within
a certain period, a message of "Request time out" is displayed in the output. Otherwise, the
bytes of the data, the sequence number of the message, the TTL value carried in the Reply
message are displayed.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
248
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
5 Ping and Tracert
l Statistics: total number of sent and received messages, percentage of message loss, and
minimum value, average value, and maximum value of the response time.
<Quidway> ping 202.38.160.244
PING 202.38.160.244 : 56 data bytes, press CTRL_C
Reply from 202.38.160.244 : bytes=56 sequence=1
Reply from 202.38.160.244 : bytes=56 sequence=2
Reply from 202.38.160.244 : bytes=56 sequence=3
Reply from 202.38.160.244 : bytes=56 sequence=4
Reply from 202.38.160.244 : bytes=56 sequence=5
--202.38.160.244 ping statistics-5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/2/3 ms
to break
ttl=255 time
ttl=255 time
ttl=255 time
ttl=255 time
ttl=255 time
=
=
=
=
=
1ms
2ms
1ms
3ms
2ms
----End
5.3.3 Locating Faults on the Network Through the Tracert Operation
Context
Do as follows on the S5700:
Procedure
Step 1 Run:
tracert [ -a source-ip-address | -f first-ttl | -m max-ttl | -p port | -q nqueries
| -w timeout ]* host
The tracert operation is performed to locate the fault on the network.
Only some of the parameters are specified in the preceding tracert command. For details on
more parameters, refer to the Quidway S5700 Series Ethernet Switches Command Reference.
The output of the tracert command displays a list of gateways traversed between the source and
the destination hosts.
<Quidway> tracert 18.26.0.115
traceroute to 18.26.0.115 (18.26.0.115), max hops: 30 ,packet length: 40
1 128.3.112.1 (128.3.112.1) 0 ms 0 ms 0 ms
2 128.32.216.1 (128.32.216.1) 19 ms 19 ms 19 ms
3 128.32.216.1 (128.32.216.1) 39 ms 19 ms 19 ms
4 128.32.136.23 (128.32.136.23) 19 ms 39 ms 39 ms
5 128.32.168.22) (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 18.26.0.115 (18.26.0.115) 339 ms 279 ms 279 ms
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
249
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
5 Ping and Tracert
5.4 Debugging Ping and Tracert
This section describes how to locate faults through ICMP messages.
Context
CAUTION
Debugging affects the performance of the system. After debugging, run the undo debugging
all command to disable it immediately.
If you run the ping or the tracert command on the two S5700s but the ping or tracert operation
fails, you can run the following command respectively on each S5700 to further locate the fault
after confirming that the physical link between the two S5700s is normal.
Procedure
Step 1 Run the debugging ip icmp command to enable ICMP packet debugging.
Through this command, you can check the transmission of ICMP messages during the running
of the ping or the tracert command and thus locate which device fails.
----End
5.5 Configuration Examples
This section provides a configuration example of ping and tracert operations.
5.5.1 Example for Performing Ping and Tracert Operations
Networking Requirements
As shown in Figure 5-4, after configuring Switch A, you check the link between Switch A and
the log host. If Switch A and the log host are disconnected, you cannot know which device fails
because there are other network devices between Switch A and the log host. To locate on which
link segment the fault occurs, you can perform ping and tracert operations.
Figure 5-4 Networking diagram of ping and tracert operations
1.1.1.2/8
2.1.1.2/8
SwitchA
Router
1.1.1.1/8
2.1.1.1/8
SwitchB
LAN switch
PC
Issue 01 (2011-10-26)
3.1.1.1/8
3.1.1.2/8
Log host
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
250
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
5 Ping and Tracert
Configuration Roadmap
The configuration roadmap is as follows:
1.
Run the ping command on Switch A to check the connectivity between Switch A and the
log host.
2.
Run the tracert command to locate the fault after you find that the link is faulty.
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of the interfaces on Switch B (In this example, IP addresses of the interfaces
are 1.1.1.2/8 and 2.1.1.1/8.)
l
IP addresses of the interfaces on Router (In this example, IP addresses of the interfaces are
2.1.1.2/8 and 3.1.1.1/8.)
l
IP address of the log host (In this example, the IP address of the log host is 3.1.1.2/8.)
Procedure
Step 1 Run the ping command.
# Run the ping command on Switch A to check the connectivity between Switch A and the log
host.
<Quidway> ping 3.1.1.2
PING 3.1.1.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 3.1.1.2 ping statistics --5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
The display on Switch A shows that the log host is unreachable, which indicates that a fault
occurs on some link segment between Switch A and the log host.
Step 2 Run the tracert command.
# Run the tracert command on Switch A to locate which link segment fails.
<Quidway> tracert 3.1.1.2
traceroute to 3.1.1.2(3.1.1.2), max hops: 30 ,packet length: 40
1 1.1.1.2
4 ms 5 ms 5 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
...
The preceding display shows that the ICMP Echo Request message passes Switch B but does
not reach Router. It indicates that the link between Switch B and Router fails. After the link
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
251
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
5 Ping and Tracert
between Switch B and Router is recovered, you can repeat Step 1 and Step 2 to ensure that Switch
A and the log host can communicate properly.
----End
Configuration Files
None.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
252
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
6
NQA Configuration
About This Chapter
This chapter describes how to configure the Network Quality Analysis (NQA) to monitor the
network operating status and collect network operation indexes in real time.
6.1 Introduction to NQA
This section helps you understand the background and functions of Network Quality Analysis
(NQA).
6.2 Comparisons Between NQA and Ping
This part describes the differences between NQA and Ping tests.
6.3 NQA Server and NQA Clients
This part describes the relationships between NQA client, NQA server, and NQA test instance.
6.4 NQA Supported by the S5700
This part describes NQA test types and scheduling modes supported by the S5700.
6.5 Configuring the ICMP Test
This section describes how to configure an Internet Control Message Protocol (ICMP) test to
check the IP network connectivity.
6.6 Configuring the FTP Download Test
This section describes how to configure a File Transfer Protocol (FTP) download test to check
the FTP download performance.
6.7 Configuring the FTP Upload Test
This section describes how to configure an FTP upload test to check the FTP upload performance.
6.8 Configuring the HTTP Test
This section describes how to configure a Hypertext Transfer Protocol (HTTP) test to check the
responding speed of the HTTP service in each phase.
6.9 Configuring the DNS Test
This section describes how to configure a Domain Name System (DNS) test to check the DNS
resolution speed.
6.10 Configuring the Traceroute Test
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
253
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
This section describes how to configure a traceroute test to check the connectivity to each hop
on the network.
6.11 Configuring the SNMP Query Test
This section describes how to configure a Simple Network Management Protocol (SNMP) query
test to check the communications between the host and SNMP agent.
6.12 Configuring the TCP Test
This section describes how to configure a Transmission Control Protocol (TCP) test to check
the responding speed of a TCP port.
6.13 Configuring the UDP Test
This section describes how to configure a User Datagram Protocol (UDP) test to check the
responding speed of a UDP port.
6.14 Configuring the Jitter Test
This section describes how to configure a jitter test to check jitter on the network. You can
perform a jitter test only when both the client and the server are Huawei devices.
6.15 Configuring the LSP Ping Test
This section describes how to configure a Label Switched Path (LSP) ping test to check the
operating status of the LSP.
6.16 Configuring the LSP Jitter Test
This section describes how to configure an LSP jitter test to measure jitter in the LSP during the
packet transmission.
6.17 Configuring the LSP Trace Test
This section describes how to configure an LSP trace test to check the connectivity between
Label Switching Routers (LSRs) along the LSP.
6.18 Configuring an ICMP Jitter Test
This section describes how to configure an ICMP jitter test to measure jitter on IP networks.
6.19 Configuring the PWE3 Ping Test to Check the One-Hop PW
This section describes how to configure a PWE3 ping test to check the connectivity of a singlehop pseudo-wire (PW).
6.20 Configuring the PWE3 Ping Test to Check the Multi-Hop PW
This section describes how to configure a PWE3 ping test to check the connectivity of a multihop PW.
6.21 Configuring the PWE3 Trace Test to Check the One-Hop PW
This section describes how to configure a PWE3 trace test to check the communications between
devices along a PW.
6.22 Configuring the PWE3 Trace Test to Check the Multi-Hop PW
This section describes how to configure a PWE3 trace test to check the communications between
devices on a PW.
6.23 Configuring Universal NQA Test Parameters
This section describes how to set and use universal parameters for NQA test instances.
6.24 Configuring Round-Trip Delay Thresholds
This section describes how to set a round-trip delay transmission threshold in an NQA test
instance.
6.25 Configuring the Trap Function
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
254
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
This section describes how to configure the trap function in an NQA test instance. After the trap
function is configured, a trap message is sent to the NMS in case of transmission success or
transmission failure.
6.26 Maintaining NQA
This section describes how to maintain an NQA test instance. You can restart the test instance,
clear the statistics on the test result,to maintain a test instance.
6.27 Configuration Examples
This section provides several configuration examples of NQA.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
255
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
6.1 Introduction to NQA
This section helps you understand the background and functions of Network Quality Analysis
(NQA).
As the value-added services on networks are developed, users and carriers demand higher
Quality of Service (QoS). To ensure users with the committed bandwidth, network operators
should collect the statistics of latency, jitter, and packet loss of the device. This helps them
analyze network performance in time.
NQA on the S5700 meets the preceding requirements.
NQA measures the performance of each protocol running on the network and helps network
operators collect network operation statistics, such as the total HTTP delay, TCP connection
delay, file transfer rate, FTP connection delay, Domain Name System (DNS) resolution delay,
and DNS resolution error ratio. By collecting these statistics, network operators provide users
with network services of various grades.
NQA is an efficient tool for diagnosing and locating faults on a network.
6.2 Comparisons Between NQA and Ping
This part describes the differences between NQA and Ping tests.
NQA is the extension and enhancement of Ping.
By sending an Internet Control Message Protocol (ICMP) Echo-Request packet from the local
and expecting an ICMP Echo-Reply packet from the specified destination, the Ping program can
test the round-trip time (RTT) of an ICMP packet. In addition to testing the RRT of an ICMP
packet between the local and the desination, NQA can detect whether network services, such as
TCP, UDP, FTP, HTTP and the Simple Network Management Protocol (SNMP), are enabled
and test the response time of each service.
Figure 6-1 Diagram of the NQA test
Server
IP/MPLS
Network
NQA Client
In NQA, the RTT of each packet or timeout period of the packet is not displayed on the terminal
in real time, unlike the Ping program. Test results are displayed only when you run the display
nqa results command after a test is complete.
You can also configure the Network Management System (NM Station) to control each NQA
operation parameter and enable NQA tests.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
256
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
6.3 NQA Server and NQA Clients
This part describes the relationships between NQA client, NQA server, and NQA test instance.
NQA test instance and NQA Client
NQA can be used to test many items. You must create a test instance for each item and each of
these test instances is a type of NQA test.
You need to create NQA test instances on NQA clients. Each test instance has an administrator
name and an operation tag as unique identification.
In the test view, configure the related test parameters. Note that a part of parameters applies to
only certain test types whereas others apply to all the test types.
NQA Server
In most types of tests, you need to configure only the NQA clients. In TCP, UDP, and Jitter tests,
however, you must configure the NQA server.
An NQA server processes the test packets received from the clients. As shown in Figure 6-2,
the NQA server responds to the test request packet received from the client through the
monitoring function.
Figure 6-2 Relationship between the NQA client and the NQA server
IP/MPLS
Network
NQA Server
NQA Client
You can create multiple TCP or UDP monitoring services on an NQA server. Each monitoring
service corresponds to a specific destination address and a port number. The destination address
and port number can be repeatedly specified.
Performing NQA Tests
After being configured with the destination address and the port number, the NQA server can
respond to test request packets. The IP address and port number specified in the monitoring
service must be consistent with those configured on the clients.
After creating a test group and configuring the related parameters, you must enable the NQA
test by using the start command and the display nqa results command to view test results.
6.4 NQA Supported by the S5700
This part describes NQA test types and scheduling modes supported by the S5700.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
257
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Features Provided by NQA
l
Cooperates with the NM Station:
– The NM Station can completely manage all NQA functions.
– Supports the NQA MIB.
– Supports the Disman-traceroute-MIB.
– Supports the Disman-NSLookUp-MIB.
– Supports the Disman-ping-MIB.
l
Jitter tests support the continuous sending of 3000 packets and support voice traffic
simulation.
l
Supports statistics collection at the millisecond level.
l
Supports hot backup:
This function implements the synchronization of the configurations of NQA tests between
the master control board and the slave board. Therefore, after the master/slave switchover,
NQA tests can be performed normally.
l
Jitter tests support the continuous sending of 3000 packets and support voice traffic
simulation.
l
Supports 2000 tests.
l
Supports statistics collection at the millisecond level.
l
Supports hot backup:
This function implements the synchronization of the configurations of NQA tests between
the master control board and the slave board. Therefore, after the master/slave switchover,
NQA tests can be performed normally.
l
Supports test task scheduling:
Implements the scheduling of test tasks to decrease the concurrent tasks on the device.
Supports the configuration of different start time and end time for a single test:
– Supports three modes of starting tests: immediate, timely, and delayed.
– Supports several modes of ending tests: automatic, immediate, timely, delayed, and
ending the test when the lifetime of the test expires.
Supports auto distributing the start time and the test interval when several tests are
performed at a time.
l
Supports the auto-delay function, with which the system resources can be effectively
utilized so that tests can be completed within a specified period.
l
Supports the collection of the uni-directional delay statistics and bi-directional delay
statistics. In addition, you can set a threshold and enable collecting statistics about the
packets in the test results that exceed the threshold.
l
Supports the collection of statistics on packet loss in one direction.
l
Supports test task scheduling:
Implements the scheduling of test tasks to decrease the concurrent tasks on the device.
Supports the configuration of different start time and end time for a single test:
– Supports three modes of starting tests: immediate, timely, and delayed.
– Supports several modes of ending tests: automatic, immediate, timely, delayed, and
ending the test when the lifetime of the test expires.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
258
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Supports auto distributing the start time and the test interval when several tests are
performed at a time.
l
Supports the auto-delay function, with which the system resources can be effectively
utilized so that tests can be completed within a specified period.
l
Supports the collection of the uni-directional delay statistics and bi-directional delay
statistics. In addition, you can set a threshold and enable collecting statistics about the
packets in the test results that exceed the threshold.
l
Supports the collection of statistics on packet loss in one direction.
l
Supports the flexible alarm mechanism. That is, the upper and lower thresholds are set to
monitor the feature of the tested objects according to their OIDs. When the test result
exceeds the threshold, alarms are triggered based on the preset events.
6.5 Configuring the ICMP Test
This section describes how to configure an Internet Control Message Protocol (ICMP) test to
check the IP network connectivity.
6.5.1 Establishing the Configuration Task
Before configuring an ICMP test, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.
Applicable Environment
An ICMP test has a similar function with the ping command, but its output is more detailed.
Pre-configuration Tasks
Before configuring the ICMP test, configure reachable routes between the NQA client and the
tested device.
Data Preparation
To configure the ICMP test, you need the following data.
Issue 01 (2011-10-26)
No.
Data
1
Administrator name and test name of the NQA test
2
Destination IP address
3
(Optional) Virtual Private Network (VPN) instance name, source interface that sends
test packets, source IP address, size of the Echo-Request packets, TTL value, ToS,
padding character, interval for sending test packets, and percentage of the failed NQA
test
4
Start mode and end mode
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
259
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
6.5.2 Configuring ICMP Test Parameters
This part describes how to set ICMP test parameters.
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type icmp
The test type is set to ICMP.
Step 4 Run:
destination-address ipv4 ip-address
The destination IP address is configured.
Step 5 (Optional) Perform the following as required to configure other ICMP test parameters ( For
detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
NOTE
Only S5700EI and S5700HI support the vpn-instance command.
l To configure the source interface that sends test packets, run the source-interface interfacetype interface-number command.
l To configure the source IP address, run the source-address ipv4 ip-address command.
source-address ipv4 ip-address equals the "-a" option in the ping command.
l To configure the size (packet header excluded) of the Echo-Request packet, run the
datasize size command.
datasize size equals the "-s" option in the ping command.
l To configure the time-to-live (TTL) value, run the ttl number command.
ttl number equals the "-h" option in the ping command.
l To configure the type of service (ToS) field in the IP packet header, run the tos value
command.
tos equals the "-tos" option in the ping command.
l To configure padding characters, run the datafill fillstring command.
datafill equals the "-p" option in the ping command.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
260
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
l To configure the interval for sending the test packets, run the interval seconds interval
command.
interval seconds equals the "-m" option in the ping command.
l To configure the percentage of the failed NQA test, run the fail-percent percent command.
l To configure the NQA test packets to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
start
The NQA test is started.
Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End
6.5.3 Checking the Configuration
After configuring the ICMP test, you can view the test result.
Prerequisite
The configurations of the ICMP Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five test results.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
261
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Example
Run the display nqa results command. If the following is displayed, it means that the test is
successful.
l
"testFlag is inactive"
l
"The test is finished"
l
"Completion:success"
For the ICMP test, you can also view the minimum time, maximum time, and RTT(Round Trip
Time ).
<Quidway> display nqa results
NQA entry(admin, test) :testflag is inactive ,testtype is icmp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.112.58.3
Min/Max/Average Completion Time: 2/5/3
Sum/Square-Sum Completion Time: 9/33
Last Good Probe Time: 2010-06-21 15:33:09.2
Lost packet ratio: 0 %
6.6 Configuring the FTP Download Test
This section describes how to configure a File Transfer Protocol (FTP) download test to check
the FTP download performance.
6.6.1 Establishing the Configuration Task
Before configuring an FTP download test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
Applicable Environment
In an FTP download test, the local device functions as an NQA FTP client, intending to download
the specified file from an FTP server.
The test result contains statistics about each FTP phase, including the time to set up an FTP
control connection and the time to transport the data.
Pre-configuration Tasks
Before configuring the FTP download test, complete the following tasks:
l
Configuring the FTP user name and password and the login directory
l
Configuring routes between the NQA FTP client and the FTP server
Data Preparation
To configure the FTP download test, you need the following data.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
262
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
No.
Data
1
Administrator name and test name
2
IP address of the FTP server
3
(Optional) Source IP address of the FTP operation and VPN instance name and source
and destination port numbers of the FTP operation
4
FTP user name and password
5
Name of the file to be downloaded
6
Start mode and end mode of the test
6.6.2 Configuring the FTP Download Test Parameters
This part describes how to set parameters for the FTP download test.
Context
Do as follows on the NQA client (FTP client):
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type ftp
The test type is set to FTP.
Step 4 Run:
destination-address ipv4 ip-address
The destination IP address is configured.
Step 5 (Optional) Perform the following as required to configure other parameters of the FTP Download
test ( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
NOTE
Only S5700EI and S5700HI support the vpn-instance command.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
263
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
l To configure the FTP source port number, run the source-port port-numbercommand.
l To configure the FTP destination port number, run the destination-port port-number
command.
l To configure the NQA test packet to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
ftp-operation get
The FTP operation type is set to Get.
By default, the FTP operation type is Get.
Step 7 Run:
ftp-username name
The FTP user name is configured.
Step 8 Run:
ftp-password password
The FTP password used during the login is configured.
Step 9 Run:
ftp-filename file-name
The name of the file to be downloaded is configured.
NOTE
During the FTP test, select a file with a relatively small size for the test. If the file is large, the test may fail
because of timeout.
Step 10 Run:
start
The NQA test is started.
Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End
6.6.3 Checking the Configuration
After configuring the FTP download test, you can view the test result.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
264
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Prerequisite
The configurations of the FTP Download Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
l
"CtrlConnTime"
l
"DataConnTime"
l
"SumTime"
<Quidway> display nqa results
NQA entry(admin, ftp) :testflag is inactive ,testtype is ftp
1 . Test 1 result
The test is finished
SendProbe:1
ResponseProbe:1
Completion :success
RTD OverThresholds number: 0
MessageBodyOctetsSum: 448
Stats errors number: 0
Operation timeout number: 0
System busy operation number:0
Drop operation number:0
Disconnect operation number: 0
CtrlConnTime Min/Max/Average: 438/438/438
DataConnTime Min/Max/Average: 218/218/218
SumTime Min/Max/Average: 656/656/656
Average RTT:380
Lost packet ratio: 0 %
6.7 Configuring the FTP Upload Test
This section describes how to configure an FTP upload test to check the FTP upload performance.
6.7.1 Establishing the Configuration Task
Before configuring an FTP upload test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
Applicable Environment
In an FTP upload test, the local device functions as an FTP client, intending to upload the
specified file to an FTP server.
The test result contains the statistics about each FTP phase, including the time to set up an FTP
control connection and the time to transport the data.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
265
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
In an FTP upload test, you can specify the file to be uploaded or the bytes to be uploaded. If
certain bytes are specified, the FTP client then automatically generates the test files for
uploading.
Pre-configuration Tasks
Before configuring the FTP upload test, complete the following tasks:
l
Configuring the FTP user name and password and the login directory
l
Configuring routes between the NQA client and the FTP server
Data Preparation
To configure the FTP upload test, you need the following data.
No.
Data
1
Administrator name and test name
2
IP address of the FTP server
3
FTP user name and password
4
(Optional) Source IP address of the FTP operation and VPN instance name and source
and destination port numbers of the FTP operation
5
Name or size of the uploaded file
6
Start mode and end mode of the test
6.7.2 Configuring the FTP Upload Test Parameters
This part describes how to set parameters for the FTP upload test.
Context
Do as follows on the NQA client (FTP client):
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type ftp
The test type is set to FTP.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
266
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Step 4 Run:
destination-address ipv4 ip-address
The destination IP address is configured.
Step 5 (Optional) Perform the following as required to configure other parameters for the FTP upload
test ( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
NOTE
Only S5700EI and S5700HI support the vpn-instance command.
l To configure the source port, run the source-port port-numbercommand.
l To configure the destination port, run the destination-port port-number command.
l To configure the NQA test packet to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
ftp-operation put
The FTP operation type is set to Put.
By default, the FTP operation type is Get.
Step 7 Run:
ftp-username name
The FTP user name is configured.
Step 8 Run:
ftp-password password
The FTP password used during the login is configured.
Step 9 Perform the following as required to upload the file.
l To upload the file with a specified name, run the ftp-filename file-name command.
NOTE
l If no file path is specified, the system searches for the file in the current path. If the specified file
name does not exist, a file is created according to the specified file name, and the size of the file is
set to 1 MB.
l The file name cannot contain characters such as ~, *, /, \, ', ", but the file path can contain these
characters.
l The file name can contain the extension name but cannot contain the extension name only, such
as .txt.
l To upload the file with a specified size, run the ftp-filesize size command. The client then
automatically creates a file name "nqa-ftp-test.txt" to upload.
NOTE
During the FTP test, select a file with a relatively small size. If the file is large, the test may fail because
of timeout.
Step 10 Run:
start
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
267
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
The NQA test is started.
Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End
6.7.3 Checking the Configuration
After configuring the FTP upload test, you can view the test result.
Prerequisite
The configurations of the FTP Upload Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results command to view the test results on the NQA client.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
l
"CtrlConnTime"
l
"DataConnTime"
l
"SumTime"
<Quidway> display nqa results
NQA entry(admin, ftp) :testflag is inactive ,testtype is ftp
1 . Test 1 result
The test is finished
SendProbe:1
ResponseProbe:1
Completion :success
RTD OverThresholds number: 0
MessageBodyOctetsSum: 448
Stats errors number: 0
Operation timeout number: 0
System busy operation number:0
Drop operation number:0
Disconnect operation number: 0
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
268
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
CtrlConnTime Min/Max/Average: 438/438/438
DataConnTime Min/Max/Average: 218/218/218
SumTime Min/Max/Average: 656/656/656
Average RTT:380
Lost packet ratio: 0 %
6.8 Configuring the HTTP Test
This section describes how to configure a Hypertext Transfer Protocol (HTTP) test to check the
responding speed of the HTTP service in each phase.
6.8.1 Establishing the Configuration Task
Before configuring an HTTP test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
Applicable Environment
Through the NQA HTTP test, you can obtain the responding speed in three phases:
l
Time of DNS resolution: It is a period from the time the client sends the DNS packet to the
resolver for resolving the name of the HTTP server to an IP address to the time the DNS
resolution packets containing the IP address is returned.
l
Time to set up a TCP connection: It is the time taken by the client to set up a TCP connection
with an HTTP server through three-way handshake.
l
Transaction time: It is a period from the time the client sends the Get or Post packets to an
HTTP server to the time the Echo packet sent by the client reaches the HTTP server.
Pre-configuration Tasks
Before configuring the HTTP test, complete the following tasks:
l
Configuring the HTTP server
l
Configuring routes between the NQA client and the HTTP server
Data Preparation
To configure the HTTP test, you need the following data.
No.
Data
1
Administrator name and test name
2
Name of the HTTP server
3
l (Optional) Source address, Source port number
l (Optional) Destination port number
l (Optional) Fail percent
Issue 01 (2011-10-26)
4
HTTP operation type
5
Web page to be visited and the HTTP version
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
269
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
No.
Data
6
Start mode and end mode of the test
6 NQA Configuration
6.8.2 Configuring HTTP Test Parameters
This part describes how to set HTTP test parameters.
Context
Do as follows on the NQA client (HTTP client):
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test is created and the view is displayed.
Step 3 Run:
test-type http
The test type is set to HTTP.
Step 4 Run:
destination-address ipv4 ip-address
The destination IP address is configured.
Step 5 (Optional) Perform the following as required to configure other parameters for the HTTP test
( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
NOTE
Only S5700EI and S5700HI support the vpn-instance command.
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port, run the source-port port-numbercommand.
l To configure the destination port, run the destination-port port-number command.
l To configure the percentage of the failed NQA HTTP tests, run the fail-percent percent
command.
l To configure the NQA test packet to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
http-operation { get | post }
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
270
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
The HTTP operation type is configured.
By default, the HTTP operation type is Get.
Step 7 Run:
http-url deststring [ verstring ]
The web page to be visited and the HTTP version are configured.
NOTE
When information on the HTTP version is not configured, by default, HTTP1.0 is supported. HTTP1.1 can
be supported through your configurations.
Step 8 Run:
start
The NQA test is started.
Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End
6.8.3 Checking the Configuration
After configuring the HTTP test, you can view the test result.
Prerequisite
The configurations of the HTTP Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
271
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Example
Run the display nqa results command. If the test is successful, the following is displayed.
l
"DNSRTT"
l
"TCPConnectRTT"
l
"TransactionRTT and RTT"
<Quidway> display nqa results
NQA entry(admin, http) :testflag is inactive ,testtype is http
1 . Test 1 result
The test is finished
SendProbe:3
ResponseProbe:3
Completion:success
RTD OverThresholdsnumber: 0
MessageBodyOctetsSum: 411
TargetAddress: 100.2.1.200
DNSQueryError number: 0
HTTPError number: 0
TcpConnError number : 0
System busy operation number:0
DNSRTT Sum/Min/Max:0/0/0
TCPConnectRTT Sum/Min/Max: 6/1/4
TransactionRTT Sum/Min/Max: 3/1/1
RTT Sum/Min/Max/Avg: 7/1/5/2
DNSServerTimeout:0 TCPConnectTimeout:0 TransactionTimeout: 0
Lost packet ratio:0%
6.9 Configuring the DNS Test
This section describes how to configure a Domain Name System (DNS) test to check the DNS
resolution speed.
6.9.1 Establishing the Configuration Task
Before configuring a DNS test, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.
Applicable Environment
The DNS test is performed to obtain the speed at which the specified domain name is resolved
to an IP address.
Pre-configuration Tasks
Before configuring the DNS test, complete the following tasks:
l
Configuring the DNS server
l
Configuring routes between the NQA client and the DNS server
Data Preparation
To configure the DNS test, you need the following data.
Issue 01 (2011-10-26)
No.
Data
1
Administrator name and test name
2
IP address of the DNS server
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
272
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
No.
Data
3
Host name to be resolved
4
Start mode and end mode of the test
6 NQA Configuration
6.9.2 Configuring the DNS Test Parameters
This part describes how to set DNS test parameters.
Context
Do as follows on the NQA client (DNS client):
Procedure
Step 1 Run
system-view
The system view is displayed.
Step 2 Run:
dns resolve
Enable dynamic DNS resolution. By default, the function is disabled.
Step 3 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 4 Run:
test-type dns
The test type is set to DNS.
Step 5 Run:
dns-server ipv4 ip-address
The IPv4 address of the DNS server is configured.
Step 6 Run:
destination-address url urlstring
The name of the destination host is configured.
NOTE
For detailed parameter configurations, see the chapter Configuring Universal NQA Test Parameters
Step 7 Run:
start
The NQA test is started.
Select the start mode as required because the start command has several forms.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
273
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End
6.9.3 Checking the Configuration
After configuring the DNS test, you can view the test result.
Prerequisite
The configurations of the DNS Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Quidway> display nqa results
NQA entry(t, t) :testflag is inactive ,testtype is dns
1 . Test 1 result
The test is finished
Send operation times: 1
Receive response times: 1
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.82.55.191
Min/Max/Average Completion Time: 4/4/4
Sum/Square-Sum Completion Time: 4/16
Last Good Probe Time: 2010-06-21 15:40:12.6
Lost packet ratio: 0 %
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
274
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
6.10 Configuring the Traceroute Test
This section describes how to configure a traceroute test to check the connectivity to each hop
on the network.
6.10.1 Establishing the Configuration Task
Before configuring a traceroute test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the data required for the configuration. This
will help you complete the configuration task quickly and accurately.
Applicable Environment
An NQA Traceroute test can provide functions similar to those provided by the tracert
command, but outputs more detailed information.
Pre-configuration Tasks
Before configuring a traceroute test, configure reachable routes between the NQA client and the
device to be tested.
Data Preparation
To configure a traceroute test, you need the following data.
No.
Data
1
Administrator and name of an NQA test instance
2
Destination IP address
3
(Optional) VPN instance name, maximum hops, initial TTL and maximum TTL value
of the packet, and source IP address and destination port of the packet
4
Start and end modes of a test
6.10.2 Configuring Parameters for a Traceroute Test
This part describes how to configure parameters for a traceroute test.
Context
Do as follows on the NQA client:
Procedure
Step 1 Run
system-view
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
275
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type trace
A traceroute test is created.
Step 4 Run:
destination-address ipv4 ip-address
The destination address of the traceroute test is configured.
Step 5 Run the following commands as required ( For detailed parameter configurations, see the chapter
Configuring Universal NQA Test Parameters ):
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
NOTE
Only S5700EI and S5700HI support the vpn-instance command.
l To configure the maximum hops, run:
tracert-hopfailtimes times
l To configure the initial TTL and maximum TTL values of a packet, run:
tracert-livetime first-ttl first-ttl max-ttl max-ttl
l To configure the source IP address, run:
source-address ipv4 ip-address
l To configure the destination port number, run:
destination-port port-number
l To configure a NQA test packets to be sent without searching the routing table, run:
sendpacket passroute
Step 6 Run:
start
An NQA test is started.
Select the start mode as required because the start command has several forms.
l To start the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ] hh:mm:ss |
delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started immediately.
l To start the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss [ end
{ at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds
second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To start the NQA test after a certain delay, run the start delay { seconds second |
hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
276
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
The test instance is started after a certain delay.
----End
6.10.3 Checking the Configuration
After configuring a traceroute test, you can view the test result.
Prerequisite
The configurations of the traceroute test are complete.
Context
NOTE
NQA test results cannot be displayed automatically on the terminal. You need to run the display nqa
results command to view test results. By the default, the command output contains the records about only
the last five tests.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Example
Run the display nqa results command. If the statistics about each hop are displayed, it means
that the traceroute test is successful.
<Quidway> display nqa results
NQA entry(t, t) :testflag is inactive ,testtype is trace
1 . Test 1 result
The test is finished
Completion:success
Attempts number:1
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Drop operation number:0
Last good path Time:2010-06-21 15:41:01.7
1 . Hop 1
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 1/2/1
Sum/Square-Sum Completion Time: 4/6
RTD OverThresholds number: 0
Last Good Probe Time: 2010-06-21 15:41:01.7
Destination ip address:10.112.58.3
Lost packet ratio: 0 %
6.11 Configuring the SNMP Query Test
This section describes how to configure a Simple Network Management Protocol (SNMP) query
test to check the communications between the host and SNMP agent.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
277
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
6.11.1 Establishing the Configuration Task
Before configuring an SNMP query test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
Applicable Environment
Through the SNMP Query test, you can obtain the statistics of the communication between hosts
and SNMP agents.
Pre-configuration Tasks
Before configuring the SNMP Query test, complete the following tasks:
l
Configuring the SNMP agent
l
Configuring routes between the NQA client and the SNMP agent
Data Preparation
To configure the SNMP query test, you need the following data.
No.
Data
1
Administrator name and test name
2
IP address of the SNMP agent
3
(Optional) Source IP addresses and source port numbers of test packets, interval for
sending test packets, and percentage of the failed NQA tests
4
Start mode and end mode of the test
6.11.2 Configuring the SNMP Query Test Parameters
This part describes how to set SNMP query test parameters.
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
278
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Step 3 Run:
test-type snmp
The test type is set to SNMP Query.
Step 4 Run:
destination-address ipv4 ip-address
The destination IP address, that is, the IP address of the SNMP agent, is configured.
NOTE
The SNMP function must be enabled on the destination host; otherwise, the destination host fails to receive
Echo packets.
Step 5 (Optional) Perform the following as required to configure other parameters for the SNMP test
( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
NOTE
Only S5700EI and S5700HI support the vpn-instance command.
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port number, run the source-port port-numbercommand.
l To configure the interval for sending test packets, run the interval seconds interval
command.
l To configure the percentage of the failed NQA tests, run the fail-percent percent command.
l To configure the NQA test packets to be sent without searching the routing table, run the
sendpacket passroute command.
Step 6 Run:
start
The NQA test is started.
Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
279
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
6.11.3 Checking the Configuration
After configuring the SNMP query test, you can view the test result.
Prerequisite
The configurations of the SNMP Query Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Quidway> display nqa results
NQA entry(admin, snmp) :testflag is inactive ,testtype is snmp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:0
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 63/172/109
Sum/Square-Sum Completion Time: 329/42389
Last Good Probe Time: 2006-8-5 15:33:49.1
Lost packet ratio: 0 %
6.12 Configuring the TCP Test
This section describes how to configure a Transmission Control Protocol (TCP) test to check
the responding speed of a TCP port.
6.12.1 Establishing the Configuration Task
Before configuring a TCP test, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.
Applicable Environment
To obtain the time for the specified port to respond to a TCP connection request, you can create
an NQA TCP test instance.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
280
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Pre-configuration Tasks
Before configuring the TCP test, configure reachable routes between the NQA client and the
TCP server.
Data Preparation
To configure the TCP test, you need the following data.
No.
Data
1
Administrator name and test name
2
IP address and port number monitored by the TCP server
3
(Optional) Destination port numbers of the probe packets sent by the TCP client and
source IP addresses , source port numbers of test packets, interval for sending test
packets, and percentage of the failed NQA tests
4
Start mode and end mode of the test
6.12.2 Configuring the TCP Server
The IP address and number of the port monitored by the server must be identical with those
configured on the client.
Context
Do as follows on the NQA server (TCP server):
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa-server tcpconnect [ vpn-instance vpn-instance-name ] ip-address port-number
The TCP monitoring service is configured.
NOTE
Note that the IP address and port number monitored by the server should be consistent with those configured
on the client.
Only S5700EI and S5700HI support vpn-instance vpn-instance-name.
----End
6.12.3 Configuring the TCP Client
This part describes how to set TCP test parameters.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
281
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Context
Do as follows on the NQA client (TCP client):
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type tcp
The test type is set to TCP.
Step 4 Run:
destination-address ipv4 ip-address
The destination IP address is configured.
Step 5 To configure the destination port number, run the destination-port port-numbercommand.
Step 6 (Optional) Perform the following as required to configure other parameters for the TCP test ( For
detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
NOTE
Only S5700EI and S5700HI support the vpn-instance command.
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port number, run the source-port port-numbercommand.
l To configure the interval for sending test packets, run the interval seconds interval
command.
l To configure the percentage of the failed NQA tests, run the fail-percent percentcommand.
l To configure the NQA test packets to be sent without searching the routing table, run the
sendpacket passroute command.
Step 7 Run:
start
The NQA test is started.
Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
282
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
The differences between the TCP Public tests and the TCP Private tests are as follows:
l The TCP Public tests do not require the destination port to be configured on the client.
Connection requests are initiated and sent to the TCP port 7 of the destination address. The
server should monitor the TCP port 7.
l The TCP Private tests require the destination port be specified and the related monitoring
services enabled on the server.
----End
6.12.4 Checking the Configuration
After configuring the TCP test, you can view the test result.
Prerequisite
The configurations of the TCP Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
l
Run the display nqa results [ test-instance admin-name test-name ] command to view the
test results on the NQA client.
l
Run the display nqa-server command to view the information about the NQA server.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Quidway> display nqa results
NQA entry(admin, tcp) :testflag is inactive ,testtype is tcp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:0
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 31/62/51
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
283
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Sum/Square-Sum Completion Time: 155/8649
Last Good Probe Time: 2006-8-5 15:55:15.3
Lost packet ratio: 0 %
Run the display nqa-server command,the status of the NQA server is displayed.
<Quidway> display nqa-server
NQA Server Max: 100
NQA Concurrent TCP Server : 1
NQA Server Num: 1
NQA Concurrent UDP Server: 0
nqa-server tcpconnect 10.112.58.3 2000 ACTIVE
6.13 Configuring the UDP Test
This section describes how to configure a User Datagram Protocol (UDP) test to check the
responding speed of a UDP port.
6.13.1 Establishing the Configuration Task
Before configuring a UDP test, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.
Applicable Environment
To obtain the time for the specified port to respond to a UDP connection request, you can create
a UDP test instance.
Pre-configuration Tasks
Before configuring the UDP test, configure reachable routes between the NQA client and the
UDP server.
Data Preparation
To configure the UDP test, you need the following data.
No.
Data
1
Administrator name and test name
2
IP address and port of the UDP server
3
Destination IP addresss and the port of the probe packets sent by the UDP client
4
(Optional) Source IP addresses and source port numbers of test packets, interval for
sending test packets, and percentage of the failed NQA tests
5
Start mode and end mode of the test
6.13.2 Configuring the UDP Server
The IP address and number of the port monitored by the server must be identical with those
configured on the client.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
284
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Context
Do as follows on the NQA server (UDP server):
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa-server udpecho [ vpn-instance vpn-instance-name ] ip-address port-number
The UDP monitoring service is configured.
Note that the IP address and port number monitored by the server should be consistent with those
configured on the client.
NOTE
Only S5700EI and S5700HI support the vpn-instance vpn-instance-name.
----End
6.13.3 Configuring the UDP Client
This part describes how to set UDP test parameters.
Context
Do as follows on the NQA client (UDP client):
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type udp
The test type is set to UDP.
Step 4 Run:
destination-address ipv4 ip-address
The destination IP address is configured.
Step 5 Run:
destination-port port-number
The destination port number is configured.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
285
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Step 6 (Optional) Perform the following as required to configure other parameters for the UDP test
( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
NOTE
Only S5700EI and S5700HI support the vpn-instance command.
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port number, run the source-port port-numbercommand.
l To configure the interval for sending test packets, run the interval seconds interval
command.
l To configure the percentage of the failed NQA tests, run the fail-percent percent command.
l To configure the NQA test packets to be sent without searching the routing table, run the
sendpacket passroute command.
Step 7 Run:
start
The NQA test is started.
Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End
6.13.4 Checking the Configuration
After configuring the UDP test, you can view the test result.
Prerequisite
The configurations of the UDP Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
286
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Procedure
l
Run the display nqa results [ test-instance admin-name test-name ] command to view the
test results on the NQA client.
l
Run the display nqa-server command to view the information about the NQA server.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Quidway> display nqa results
NQA entry(admin, udp) :testflag is inactive ,testtype is udp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 32/109/67
Sum/Square-Sum Completion Time: 203/16749
Last Good Probe Time: 2006-8-5 16:9:21.6
Lost packet ratio: 0 %
Run the display nqa-server command. If the status of the NQA server is displayed, it means
that the configuration succeeds.
<Quidway> display nqa-server
NQA Server Max: 100
NQA Concurrent TCP Server : 0
NQA Server Num: 1
NQA Concurrent UDP Server: 1
nqa-server udpecho 10.112.58.3 3000 ACTIVE
6.14 Configuring the Jitter Test
This section describes how to configure a jitter test to check jitter on the network. You can
perform a jitter test only when both the client and the server are Huawei devices.
6.14.1 Establishing the Configuration Task
Before configuring a jitter test, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.
Applicable Environment
The jitter time refers to the interval for sending two adjacent packets minus the interval for
receiving the two packets.
The process of a Jitter test is as follows:
1.
The source sends a packet to the destination at a specified interval.
2.
After receiving the packet, the destination adds a timestamp to the packet and returns them
to the source.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
287
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
3.
6 NQA Configuration
After receiving the returned packets, the source subtracts the interval for the source to send
two adjacent packets from the interval for the destination to receive the two packets and
then obtains the jitter time.
The maximum, minimum, and average jitter time calculated based on the information received
on the source can clearly show the network status.
In a Jitter test, you can set the number of packets to be sent consecutively. Through this setting,
certain traffic can be simulated within a certain period. For example, if you set 3000 UDP packets
to be sent at an interval of 20 milliseconds. Then, in one minute, G.711 traffic is simulated.
NOTE
To improve the test accuracy, you can configure the Network Time Protocol (NTP) on both the client and
the server.
Pre-configuration Tasks
Before configuring the Jitter test, configure reachable routes between the NQA client and the
NQA server.
Data Preparation
To configure the Jitter test, you need the following data.
No.
Data
1
Administrator name and test name
2
IP address and the port number monitored by the UDP server
3
Destination IP addresses and port numbers of the probe packets sent by the UDP
client
4
(Optional) VPN instance name, source IP address and port number of the probe packet
sent by the UDP client, number of probe packets and test packets sent each time,
interval for sending probe packets and test packets, percentage of the failed NQA
tests, and version number carried in the Jitter packet
5
Start mode and end mode of the test
6.14.2 Configuring the Jitter Server
The IP address and number of the port monitored by the server must be identical with those
configured on the client.
Context
Do as follows on the NQA server (Jitter server):
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
288
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
The system view is displayed.
Step 2 Run:
nqa-server udpecho [ vpn-instance vpn-instance-name ] ip-address port-number
The UDP monitoring service is configured.
Note that the IP address and port number monitored by the Jitter server should be consistent
with those configured on the client.
NOTE
Only S5700EI and S5700HI support the vpn-instance vpn-instance-name.
----End
6.14.3 Configuring the Jitter Client
This part describes how to configure the client of the jitter test.
Context
NOTE
The system supports the collection of the statistics about the maximum uni-directional transmission delay.
Do as follows on the NQA client (Jitter client):
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 (Optional) To configure the version number of Jitter packets, run the nqa-jitter tag-version
version-number command in the system view.
If Version 2 is adopted, after collecting the packet loss across a uni-directional link is enabled,
you can find the packet loss across the link from the source to the destination (or from the
destination to the source or from an unknown direction). According to these statistics, the
network administrator can easily detect network faults and malicious attacks.
Step 3 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 4 Run:
test-type jitter
The test type is set to Jitter.
Step 5 Run:
destination-address ipv4 ip-address
The destination IP address is configured.
Step 6 Run:
destination-port port-number
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
289
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
The destination port number is configured.
Step 7 (Optional) Perform the following as required to configure other parameters for the Jitter test
( For detailed parameter configurations, see the chapter Configuring Universal NQA Test
Parameters ):
l To configure the VPN instance to be tested, run the vpn-instance vpn-instance-name
command.
NOTE
Only S5700EI and S5700HI support the vpn-instance command.
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the source port number, run the source-port port-numbercommand.
l To configure the probe times in the NQA test, run the probe-count number command.
l To configure the number of test packets sent each time, run the jitter-packetnum number
command.
The Jitter test is used to collect statistics and perform analysis of the transmission delay
variation of the UDP packets. The system sends multiple test packets for each test to make
the statistics more accurate. The more test packets are sent, the more accurate the statistics
and analysis are. This process, however, is time consuming.
NOTE
The number of the Jitter tests depends on the probe-count command. The number of test packets sent
during each test depends on the jitter-packetnum command. During the actual configuration, the
product of the number of test times and the number of the test packets must be less than 3000.
l To configure the interval for sending test packets, run the interval { milliseconds interval |
seconds interval } command.
The shorter the interval for sending the Jitter test packets is, the faster the test is completed.
If the interval, however, is set to a very small value, the jitter statistics result may have a
greater error.
l To configure the percentage of the failed NQA tests, run the fail-percent percent command.
l To send the NQA test packet without searching the routing table, run the sendpacket
passroute command.
Step 8 Run:
start
The NQA test is started.
Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
290
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
The test instance is started after a certain delay.
----End
6.14.4 Checking the Configuration
After configuring the jitter test, you can view the test result.
Prerequisite
The configurations of the Jitter Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
l
Run the display nqa results [ test-instance admin-name test-name ] command to view the
test results on the NQA client.
l
Run the display nqa-server command to view the information about the NQA server.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
<Quidway> display nqa results test-instance admin jitter
NQA entry(admin, jitter) :testflag is inactive ,testtype is jitter
1 . Test 1 result
The test is finished
SendProbe:60
ResponseProbe:60
Completion:success
RTD OverThresholds number:0
Min/Max/Avg/Sum RTT:1/1/1/60
RTT Square Sum:60
NumOfRTT:60
Drop operation number:60
Operation sequence errors number:0
RTT Stats errors number:0
System busy operation number:0
Operation timeout number:0
Min Positive SD:1
Min Positive DS:1
Max Positive SD:1
Max Positive DS:1
Positive SD Number:15
Positive DS Number:1
Positive SD Sum:15
Positive DS Sum:1
Positive SD Square Sum:15
Positive DS Square Sum:1
Min Negative SD:1
Min Negative DS:1
Max Negative SD:1
Max Negative DS:1
Negative SD Number:15
Negative DS Number:1
Negative SD Sum:15
Negative DS Sum:1
Negative SD Square Sum:15
Negative DS Square Sum:1
Min Delay SD:0
Min Delay DS:0
Avg Delay SD:27
Avg Delay DS:1
Max Delay SD:1
Max Delay DS:1
Packet Loss SD:0
Packet Loss DS:0
Packet Loss Unknown:0
jitter out value:0.0312500
jitter in value:0.0020833
NumberOfOWD:60
OWD SD Sum:27
OWD DS Sum:1
TimeStamp unit: ms
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
291
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
6.15 Configuring the LSP Ping Test
This section describes how to configure a Label Switched Path (LSP) ping test to check the
operating status of the LSP.
6.15.1 Establishing the Configuration Task
Before configuring an LSP ping test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
Applicable Environment
The NQA LSP Ping test can be used to test the reachability of the following types of Label
Switched Paths (LSPs) and collect statistics about Link State Advertisement (LSA).
l
LSP tunnels
After the test parameters are configured and the test is started,
1.
NQA creates an MPLS Echo-Request packet and adds the address 127/8 to the IP header
as the destination IP address. The packet is forwarded along the specified LSP in the MPLS
network.
2.
The egress monitors port 3503 that sends Echo packets.
3.
The ingress collects the test results based on the received Echo packets.
Pre-configuration Tasks
Before configuring the LSP Ping test, you need the following configuration:
l
LSP tunnel
Data Preparation
To configure the LSP Ping test, you need the following data.
Issue 01 (2011-10-26)
No.
Data
1
Administrator name and test name
2
For the LSP tunnel: destination IP address and mask of the LSP Ping test
3
(Optional) Parameters of the LSP Ping test, including the response mode of the Echo
packet, packet size, TTL, LSP EXP value, padding character, timeout period of the
packet, probe times, test interval, and percentage of the failed NQA tests
4
Start mode and end mode of the test
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
292
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
6.15.2 Configuring the LSP Ping Test Parameters for the LDP
Tunnel
Before performing an LDP LSP ping test, you need set parameters for the LSP ping test.
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type lspping
The test type is set to LSP Ping.
Step 4 Run:
lsp-type ipv4
The tunnel type is set to be the LSP tunnel.
Step 5 Run:
destination-address ipv4 ip-address { lsp-masklen masklen | lsp-loopback loopbackaddress }*
The destination IP address to be tested is configured.
Step 6 (Optional) Perform the following as required to configure other parameters for the LSP Ping
test:
l To configure the response mode of the Echo packet, run the lsp-replymode { no-reply |
udp | udp-via-vpls | udp-router-alert | level-control-channel } command.
NOTE
In a uni-directional LSP Ping test, if the lsp-replymode no-reply command is configured, the test
result displays that the test fails regardless of whether the test, actually, is successful or fails. If the test
is successful, the test result also displays the number of the timeout packets. If the test fails, the test
result displays the number of the discarded packets.
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the packet size, run the datasize size command.
NOTE
The sum of datasize and the size of the packet header should be less than the MTU of the interface;
otherwise, the test may fail.
l To configure the maximum TTL value of the packet, run the ttl number command.
l To configure the LSP EXP value, run the lsp-exp exp command.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
293
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
l To configure the padding character of the packet, run the datafill fillstring command.
l To configure the interval for sending test packets, run the interval seconds interval
command.
l To configure the percentage of the failed NQA tests, run the fail-percent percent command.
Step 7 Run:
start
The NQA test is started.
Select the start mode as required because the startcommand has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End
6.15.3 Checking the Configuration
After configuring the LSP ping test, you can view the test result.
Prerequisite
The configurations of the LSP Ping Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
l
Run the display nqa results command to view the test results on the NQA client.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
l
Statistics about errors
– Number of unroutable connections
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
294
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
– Number of wrong sequence numbers
– Timeout times of the test packets
l
History statistics of each test packet
– Timestamp added when each test packet is sent
– Timestamp added when each test packet is received
– Packets status displayed on the NQA client
l
Statistics of results of each test
– Number of successful tests
– Sum of the response time of all tests
– RTT square sum(high 32 bit and low 32 bit)
– Minimum RTT and maximum RTT of the packet
– Destination IP address and the type of the destination IP address
– Number of the Echo packets and the sent packets
– Time when the last packet is received
<Quidway> display nqa results
NQA entry(admin, test) :testflag is inactive ,testtype is lspping
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:100.1.1.200
Min/Max/Average Completion Time: 4/5/4
Sum/Square-Sum Completion Time: 13/57
Last Good Probe Time: 2007-11-19 19:46:28.8
Lost packet ratio: 0 %
6.16 Configuring the LSP Jitter Test
This section describes how to configure an LSP jitter test to measure jitter in the LSP during the
packet transmission.
6.16.1 Establishing the Configuration Task
Before configuring an LSP jitter test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
Applicable Environment
The NQA LSP Jitter test is performed to check the reachability of static LSP and LDP LSP.
After receiving a packet from the source, the destination calculates the maximum, minimum,
and average jitter time of the packet transmitted from the source to the destination. This clearly
reflects the status of the MPLS network.
NOTE
LSP Jitter tests do not support load balancing.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
295
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Pre-configuration Tasks
Before configuring the LSP Jitter test, configure an LSP tunnel.
Data Preparation
To configure the LSP Jitter test, you need the following data.
No.
Data
1
Administrator name and test name
2
For the LSP tunnel: destination IP address and mask of the LSP Ping test
3
(Optional) Parameters of the LSP Jitter test, including the response mode of the Echo
packet, packet size, TTL, LSP EXP value, padding character, timeout period of the
packet, probe times, and test interval
4
Start mode and end mode of the test
6.16.2 Configuring the LSP Jitter Test Parameters for the LDP
Tunnel
This part describes how to set parameters for an LDP LSP jitter test.
Context
Do as follows on the ingress of an LSP tunnel:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type lspjitter
The test type is set to LSP Jitter.
Step 4 Run:
lsp-type ipv4
The tunnel type is set to be the LSP tunnel.
Step 5 Run:
destination-address ipv4 ip-address { lsp-masklen masklen | lsp-loopback loopbackaddress }*
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
296
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
The destination IP address of the LSP Jitter test is configured.
Step 6 (Optional) Perform the following as required to configure other parameters for the LSP Jitter
test:
l To configure the response mode of the Echo packet, run the lsp-replymode { no-reply |
udp | udp-via-vpls | udp-router-alert | level-control-channel } command.
NOTE
In a uni-directional LSP Ping test, if the lsp-replymode no-reply command is configured, the test
result displays that the test fails regardless of whether the test, actually, is successful or fails. If the test
is successful, the test result also displays the number of the timeout packets. If the test fails, the test
result displays the number of the discarded packets.
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the packet size, run the datasize size command.
l To configure the maximum TTL value of the packet, run the ttl number command.
l To configure the LSP EXP value, run the lsp-exp exp command.
l To configure the padding character of the packet, run the datafill fillstring command.
l To configure the interval for sending the test packets, run the interval seconds interval
command.
NOTE
The minimum interval for sending test packets is one second and the maximum interval is 60 seconds.
l To configure the percentage of the failed NQA tests, run thefail-percent percent command.
Step 7 Run:
start
The NQA test is started.
Select the start mode as required because the startcommand has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End
6.16.3 Checking the Configuration
After configuring the LSP jitter test, you can view the test result.
Prerequisite
The configurations of the LSP Test function are complete.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
297
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results command to view the test results on the NQA client.
----End
Example
For the LSP Jitter test, run the display nqa results command. If the test is successful, the
following is displayed.
l
Statistics about errors
– Number of unroutable connections
– Number of wrong sequence numbers
– Timeout times of the test packets
l
History statistics of each test packet
– Timestamp added when each test packet is sent
– Timestamp added when each test packet is received
– Packets status displayed on the NQA client
l
Statistics of results of each test
– Number of successful tests
– Sum of the response time of all tests
– RTT square sum
– Minimum RTT and maximum RTT of the packet
– Destination IP address and the type of the destination IP address
– Number of the Echo packets and the sent packets
– Time when the last packet is received
<Quidway> display nqa results
NQA entry(admin, lspjitter) :testflag is inactive ,testtype is lspjitter
1 . Test 1 result
The test is finished
SendProbe:60
ResponseProbe:60
Completion:success
RTD OverThresholds number:0
Min/Max/Avg/Sum RTT:1/24/3/156
RTT Square Sum:928
NumOfRTT:60
Drop operation number:0
Operation sequence errors number:0
RTT Stats errors number:0
System busy operation number:0
Operation timeout number:0
Min Positive SD:1
Max Positive SD:22
Positive SD Number:12
Positive SD Sum:33
Positive SD Square Sum:495
Min Negative SD:1
Max Negative SD:22
Negative SD Number:12
Negative SD Sum:34
Negative SD Square Sum:498
Packet Loss Unknown:0
Average of Jitter SD:2
jitter out value:0.8977973
Packet Loss Ratio: 0%
TimeStamp unit: ms
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
298
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
6.17 Configuring the LSP Trace Test
This section describes how to configure an LSP trace test to check the connectivity between
Label Switching Routers (LSRs) along the LSP.
6.17.1 Establishing the Configuration Task
Before configuring an LSP traceroute test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
Applicable Environment
The NQA LSP Traceroute test can be used to test the tunnel nodes of the following types of
LSPs and collect statistics about LSA.
l
LSP tunnels
After the test parameters are configured and the test is started,
l
NQA creates the UDP MPLS Echo-Request packet, adds the address 127/8 to the IP header
as the destination IP address, and searches the related LSP.
Echo Request packets should contain Downstream Mapping Tag, Length, Value (TLV)
that carries the information about the downstream node of the current LSP node, such as
the IP address of the next hop and the outgoing label.
For the MPLS TE tunnel, you can specify a tunnel interface for sending the MPLS EchoRequest packet so that the related Constraint-based Routed Label Switched Path (CR-LSP)
can be obtained.
l
The TTL value of the first Traceroute Echo-Request packet is 1. The packet is forwarded
along with the specified LSP in the MPLS network. An MPLS Echo-Reply packet is
returned if the TTL value times out.
l
The sender continues to send Echo-Request packets with the gradually increased TTL
value. When all Label Switching Routers (LSRs) along the LSP return Echo packets, the
Traceroute process is completed.
l
The sender collects the test results based on the received Echo packets.
Pre-configuration Tasks
Before configuring the LSP Traceroute test, you need the following configuration:
l
LSP tunnel
Data Preparation
To configure the LSP Traceroute test, you need the following data.
Issue 01 (2011-10-26)
No.
Data
1
Administrator name and test name
2
For the LSP tunnel: destination IP address and mask of the LSP Jitter test
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
299
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
No.
Data
3
(Optional) Parameters of the LSP Traceroute test, including the response mode of the
Echo packet, LSP EXP value, maximum hops, probes times, TTL value, and timeout
period of the packets
4
Start mode and end mode of the test
6.17.2 Configuring the LSP Trace Parameters for the LDP Tunnel
This part describes how to set parameters for an LDP LSP Trace test.
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type lsptrace
The test type is set to LSP Trace.
Step 4 Run:
lsp-type ipv4
The tunnel type is set to be the LSP tunnel.
Step 5 Run:
destination-address ipv4 ip-address { lsp-masklen masklen | lsp-loopback loopbackaddress }*
The destination IP address to be tested is configured.
Step 6 (Optional) Perform the following as required to configure other parameters for the LSP Trace
test:
l To configure the response mode of the Echo packet, run the lsp-replymode { no-reply |
udp | udp-via-vpls | udp-router-alert | level-control-channel } command.
NOTE
In a uni-directional LSP Trace test, if the lsp-replymode no-reply command is configured, the test
result displays that the test fails regardless of whether the test is successful or fails. If the test is
successful, the test result also displays the number of the timeout packets. If the test fails, the test result
displays the number of the discarded packets.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
300
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
l To configure the source IP address, run the source-address ipv4 ip-address command.
l To configure the LSP EXP value, run the lsp-exp exp command.
l To configure after how many hops the test is considered failed, run the tracerthopfailtimes timescommand.
l To configure the initial and the maximum TTL values of the packet, run the tracertlivetime first-ttl first-ttl max-ttl max-ttl command.
Step 7 Run:
start
The NQA test is started.
Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } ] command.
The test instance is started after a certain delay.
----End
6.17.3 Checking the Configuration
After configuring the LSP traceroute test, you can view the test result.
Prerequisite
The configurations of the LSP Traceroute Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
l
Run the display nqa results command to view the test results on the NQA client.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
301
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
l
6 NQA Configuration
Statistics about errors
– Number of unroutable connections
– Number of wrong sequence numbers
– Timeout times of the test packets
l
History statistics of each test packet
– Timestamp added when each test packet is sent
– Timestamp added when each test packet is received
– Packets status displayed on the NQA client
l
Statistics of results of each test
– Number of successful tests
– Sum of the response time of all tests
– RTT square sum
– Minimum RTT and maximum RTT of the packet
– Destination IP address and the type of the destination IP address
– Number of the Echo packets and the sent packets
– Time when the last packet is received
<Quidway> display nqa results
NQA entry(admin, lsptrace) :testflag is inactive ,testtype is lsptrace
1 . Test 1 result
The test is finished
Completion:success
Attempts number:1
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Drop operation number:0
Last good path Time:2009-4-24 11:22:21.2
1 . Hop 1
Send operation times: 3
Receive response times:
3
Min/Max/Average Completion Time: 50/60/56
Sum/Square-Sum Completion Time: 170/9700
RTD OverThresholds number: 0
Last Good Probe Time: 2009-4-24 11:22:20.8
Destination ip address:30.1.1.2
Lost packet ratio: 0 %
2 . Hop 2
Send operation times: 3
Receive response times:
3
Min/Max/Average Completion Time: 80/110/93
Sum/Square-Sum Completion Time: 280/26600
RTD OverThresholds number: 0
Last Good Probe Time: 2009-4-24 11:22:21.2
Destination ip address:3.3.3.3
Lost packet ratio: 0 %
6.18 Configuring an ICMP Jitter Test
This section describes how to configure an ICMP jitter test to measure jitter on IP networks.
NOTE
Only S5700HI and S5706 support ICMP Jitter.
6.18.1 Establishing the Configuration Task
Before configuring an ICMP jitter test, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
302
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Applicable Environment
Jitter time refers to the interval for receiving two consecutive packets minus the interval for
sending these two packets.
The process of the ICMP jitter test is as follows:
l
The source sends packets to the destination at a set interval.
l
After receiving a packet, the destination adds a timestamp to the packet and sends it back
to the source.
l
After receiving the returned packets, the source obtains the jitter time by subtracting the
interval for sending the packets from the interval for receiving the packets.
The maximum, minimum, and average jitter time and the maximum unidirectional delay of the
packets from the source to the destination and from the destination to the source are calculated
according to the information received on the source. Based on these data, the network status is
clearly presented.
In the jitter test, you can set the number of packets to be sent consecutively in each test instance.
Through this setting, the actual traffic of a kind of packet during a time period can be simulated.
If the server is a non-Huawei device, you can test the jitter of the network by configuring an
ICMP jitter test instance.
Pre-configuration Tasks
Before configuring an ICMP jitter test, configure a reachable route between the NQA client and
the server.
Data Preparation
To configure a jitter test, you need the following data.
No.
Data
1
Administrator of the NQA test instance and name of the test instance
2
Destination IP address
3
(Optional) Name of a VPN instance, source IP address ,number of test probes sent
each time, number of test packets sent each time, interval for sending test packets,
ratio of the failed NQA tests, and version number of jitter packets
4
Start mode and end mode
6.18.2 Configuring Parameters for the ICMP Jitter Test
This part describes how to set ICMP jitter test parameters.
Context
Do as follows on the NQA client:
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
303
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type icmpjitter
The type of the test instance is configured as ICMP jitter.
Step 4 Run:
destination-address ipv4 ip-address
The destination IP address is configured.
Step 5 (Optional) Run the following commands to configure other parameters for the jitter test:
l Run:
icmp-jitter-mode { icmp-echo | icmp-timestamp }
The mode of the ICMP jitter test is configured.
l Run:
vpn-instance vpn-instance-name
The VPN instance to be tested is configured.
NOTE
Only the S5700HI and S5706LI support this parameter.
l Run:
probe-count number
The number of test probes to be sent each time is set.
l Run:
jitter-packetnum number
The number of test packets to be sent during each test is set.
NOTE
The probe-count command is used to configure the number of times for the jitter test and the jitterpacketnum command is used to configure the number of test packets to be sent during each test. In
actual configuration, the product of the number of times for the jitter test multiplied by the number of
test packets must be less than 3000.
l Run:
interval { milliseconds interval }
The interval for sending test packets is set.
The shorter the interval is, the sooner the test is complete. However, delays arise from sending
and receiving test packets on the processor. Therefore, if the interval for sending test packets
is set to a small value, a relatively greater error may occur in the statistics of the jitter test.
l Run:
fail-percent percent
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
304
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
The percentage of the failed NQA tests is set.
Step 6 Run:
start
The NQA test is started.
Select the start mode as required because the startcommand has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
The test instance is started after a certain delay.
----End
6.18.3 Checking the Configuration
After configuring the ICMP jitter test, you can view the test result.
Prerequisite
The configurations of the ICMP Jitter Test function are complete.
NOTE
NQA test results cannot be displayed automatically on the terminal. You should run the display nqa
results command to check the test results.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to check results
on the NQA client.
----End
Example
If the ICMP jitter test succeeds, you can view the following information by running the display
nqa results command.
<Quidway> display nqa results test-instance admin icmpjitter
NQA entry(admin, icmpjitter) :testflag is inactive ,testtype is icmpjitter
1 . Test 1 result
The test is finished
SendProbe:60
ResponseProbe:60
Completion :success
RTD OverThresholds number:0
OWD OverThresholds SD number:0
OWD OverThresholds DS number:0
Min/Max/Avg/Sum RTT:1/144/12/709
RTT Square Sum:61007
NumOfRTT:60
Drop operation number:0
Operation sequence errors number:0
RTT Stats errors number:0
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
305
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
System busy operation number:0
Min Positive SD:1
Max Positive SD:138
Positive SD Number:7
Positive SD Sum:152
Positive SD Square Sum :19116
Min Negative SD:1
Max Negative SD:21
Negative SD Number:14
Negative SD Sum:152
Negative SD Square Sum :2796
Min Delay SD:1
Max Delay SD:72
Delay SD Square Sum:15111
Packet Loss SD:0
Packet Loss Unknown:0
Average of Jitter SD:14
jitter out value:4.7604818
NumberOfOWD:60
OWD SD Sum:339
ICPIF value: 0
TimeStamp unit: ms
6 NQA Configuration
Operation timeout number:0
Min Positive DS:1
Max Positive DS:3
Positive DS Number:19
Positive DS Sum:21
Positive DS Square Sum :27
Min Negative DS:1
Max Negative DS:4
Negative DS Number:19
Negative DS Sum:22
Negative DS Square Sum :34
Min Delay DS:0
Max Delay DS:71
Delay DS Square Sum:14728
Packet Loss DS:0
Average of Jitter:5
Average of Jitter DS:1
jitter in value:0.5399519
Packet Loss Ratio: 0%
OWD DS Sum:310
MOS-CQ value: 0
6.19 Configuring the PWE3 Ping Test to Check the One-Hop
PW
This section describes how to configure a PWE3 ping test to check the connectivity of a singlehop pseudo-wire (PW).
6.19.1 Establishing the Configuration Task
Before configuring a PWE3 ping test for a single-hop PW, familiarize yourself with the
applicable environment, complete the pre-configuration tasks, and obtain the required data. This
can help you complete the configuration task quickly and accurately.
Applicable Environment
To check the connectivity of the one-hop pseudo wire (PW) using LDP as the signaling protocol,
you can perform the PWE3 Ping test on the one-hop PW.
Pre-configuration Tasks
Before configuring the PWE3 Ping test on a one-hop PW, you must correctly configure the
dynamic one-hop PW.
Data Preparation
To configure the PWE3 Ping test on a one-hop PW, you need the following data.
Issue 01 (2011-10-26)
No.
Data
1
ID of the PW
2
Type of the PW
3
Type and number of the interface connected with the CE
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
306
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
No.
Data
4
Destination IP address and ID of the L2VC
5
(Optional) Response mode of the Echo-Request packets, LSP EXP, maximum hops,
number of probes, TTL value, and timeout period of the packets
6
Start mode and end mode of the test
6.19.2 Configuring Parameters for the PWE3 Ping Test on a OneHop PW
This part describes how to set PWE3 ping test parameters for a single-hop PW.
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type pwe3ping
The test type is set to PWE3 Ping.
Step 4 (Optional) Run:
vc-type ldp
The method of setting up a PW is configured.
Step 5 (Optional) Run:
local-pw-type { local-pw-type | ip-interworking }
The type of the local PW is configured. By default, the type is Ethernet.
Step 6 (Optional) Run:
label-type { control-word | label-alert | normal }
The type of the PW label is configured.
Step 7 Run:
local-pw-id local-pw-id
The ID of the local end of the PW is configured.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
307
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Step 8 (Optional) Run the following commands to configure other parameters for the PWE3 Ping test:
l To configure the response mode of the Echo packet, run the lsp-replymode { no-reply |
udp | udp-via-vpls | udp-router-alert | level-control-channel } command.
l To configure the LSP EXP value, run the lsp-exp exp command.
Step 9 Run:
start
The NQA test is started.
Select the start mode as required because the startcommand has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } ] command.
The test instance is started after a certain delay.
----End
6.19.3 Checking the Configuration
After performing the PWE3 ping test for a single-hop PW, you can view the test result.
Prerequisite
The configurations of the PWE3 Ping Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results command to view the test results on the NQA client.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
l
Issue 01 (2011-10-26)
Statistics about errors
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
308
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
– Number of unroutable connections
– Number of wrong sequence numbers
– Timeout times of the test packets
l
History statistics of each test packet
– Timestamp added when each test packet is sent
– Timestamp added when each test packet is received
– Packets status displayed on the NQA client
l
Statistics of results of each test
– Number of successful tests
– Sum of the response time of all tests
– RTT square sum
– Minimum RTT and maximum RTT of the packet
– Destination IP address and the type of the destination IP address
– Number of the Echo packets and the sent packets
– Time when the last packet is received
<Quidway> display nqa results
NQA entry(admin, pwe3ping) :testflag is inactive ,testtype is pwe3ping
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:3.14.2.14
Min/Max/Average Completion Time: 6/6/6
Sum/Square-Sum Completion Time: 18/108
Last Good Probe Time: 2009-2-27 9:0:42.3
Lost packet ratio: 0 %
6.20 Configuring the PWE3 Ping Test to Check the MultiHop PW
This section describes how to configure a PWE3 ping test to check the connectivity of a multihop PW.
6.20.1 Establishing the Configuration Task
Before configuring a PWE3 ping test for a multi-hop PW, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.
Applicable Environment
To check the connectivity of the multi-hop PW using LDP as the signaling protocol, you can
perform the PWE3 Ping test on the multi-hop PW.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
309
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Pre-configuration Tasks
Before configuring the PWE3 Ping test on a multi-hop PW, you must correctly configure the
dynamic multi-hop PW or the static multi-hop PW.
Data Preparation
To configure the PWE3 Ping test on a multi-hop PW, you need the following data.
No.
Data
1
ID of the local end of the PW
2
ID or IP address of the remote end of the PW
3
Type of the PW
4
(Optional) Response mode of the Echo packets, LSP EXP, maximum hops, number
of probes, TTL value, and timeout period of the packets
5
Type and number of the interface connected with the CE
6
Start mode and end mode of the test
6.20.2 Configuring Parameters for the PWE3 Ping Test on a MultiHop PW
This part describes how to set PWE3 ping test parameters for a multi-hop PW.
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type pwe3ping
The test type is set to PWE3 Ping.
Step 4 (Optional) Run:
vc-type ldp
The method of setting up a PW is configured.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
310
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Step 5 (Optional) Run:
local-pw-type { local-pw-type | ip-interworking }
The type of the local PW is configured. By default, the type is Ethernet.
Step 6 (Optional) Run:
label-type { control-word | label-alert }
The type of the PW label is configured.
NOTE
l When label-type is set to control-word, run the remote-pw-id remote-pw-id command to configure
the ID of the remote end of the PW.
l When label-type is set to label-alert, run the destination-address ipv4 ip-address { lsp-masklen
mask-length | lsp-loopback loopback-address }* command to configure the destination IP address to
the tested.
Step 7 Run:
local-pw-id local-pw-id
The ID of the local end of the PW is configured.
Step 8 (Optional) Run the following commands to configure other parameters for the PWE3 Ping test.
l To configure the response mode of the Echo packet, run the lsp-replymode { no-reply |
udp | udp-via-vpls | udp-router-alert | level-control-channel } command.
l To configure the LSP EXP value, run the lsp-exp exp command.
Step 9 Run:
start
The NQA test is started.
Select the start mode as required because the startcommand has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } ] command.
The test instance is started after a certain delay.
----End
6.20.3 Checking the Configuration
After performing the PWE3 ping test for a multi-hop PW, you can view the test result.
Prerequisite
The configurations of the PWE3 Ping Test function are complete.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
311
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results command to view the test results on the NQA client.
----End
Example
Run the display nqa results command. If the test is successful, the following is displayed.
l
Statistics about errors
– Number of unroutable connections
– Number of wrong sequence numbers
– Timeout times of the test packets
l
History statistics of each test packet
– Timestamp added when each test packet is sent
– Timestamp added when each test packet is received
– Packets status displayed on the NQA client
l
Statistics of results of each test
– Number of successful tests
– Sum of the response time of all tests
– RTT square sum
– Minimum RTT and maximum RTT of the packet
– Destination IP address and the type of the destination IP address
– Number of the Echo packets and the sent packets
– Time when the last packet is received
<Quidway> display nqa results
NQA entry(admin, pwe3ping) :testflag is inactive ,testtype is pwe3ping
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:8.1.1.2
Min/Max/Average Completion Time: 4/6/5
Sum/Square-Sum Completion Time: 16/88
Last Good Probe Time: 2009-2-28 11:2:46.8
Lost packet ratio: 0 %
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
312
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
6.21 Configuring the PWE3 Trace Test to Check the OneHop PW
This section describes how to configure a PWE3 trace test to check the communications between
devices along a PW.
6.21.1 Establishing the Configuration Task
Before configuring a PWE3 trace test for a single-hop PW, familiarize yourself with the
applicable environment, complete the pre-configuration tasks, and obtain the required data. This
can help you complete the configuration task quickly and accurately.
Applicable Environment
To trace a one-hop PW using LDP as the signaling protocol, you can perform the PWE3 Trace
test on the one-hop PW.
Pre-configuration Tasks
Before configuring the PWE3 Trace test on a one-hop PW, you must correctly configure the
dynamic one-hop PW.
Data Preparation
To configure the PWE3 Trace test on a one-hop PW, you need the following data.
No.
Data
1
ID of the PW
2
Type of the PW
3
Type and number of the interface connected with the CE
4
Destination IP address and ID of the L2VC
5
(Optional) Response mode of the Echo packets, LSP EXP, maximum hops, number
of probes, TTL value, and timeout period of the packets
6
Start mode and end mode of the test
6.21.2 Configuring Parameters for the PWE3 Trace Test on a OneHop PW
This part describes how to set PWE3 trace test parameters for a single-hop PW.
Context
Do as follows on the NQA client:
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
313
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type pwe3trace
The test type is set to PWE3 Trace.
Step 4 (Optional) Run:
vc-type ldp
The method of setting up a PW is configured.
Step 5 (Optional) Run:
local-pw-type { local-pw-type | ip-interworking }
The type of the local PW is configured. By default, the type is Ethernet.
Step 6 (Optional) Run:
label-type { control-word | label-alert | normal }
The type of the PW label is configured.
Step 7 Run:
local-pw-id local-pw-id
The ID of the local end of the PW is configured.
Step 8 (Optional) Run the following commands to configure other parameters for the PWE3 Trace test:
l To configure the response mode of the Echo packet, run the lsp-replymode { no-reply |
udp | udp-via-vpls | udp-router-alert | level-control-channel } command.
l To configure the LSP EXP value, run the lsp-exp exp command.
l To configure maximum hops of the PWE3 Trace test, run the tracert-hopfailtimes
timescommand.
l To configure the initial TTL value and maximum TTL value of the packet, run the tracertlivetime first-ttl first-ttl max-ttl max-ttl command.
Step 9 Run:
start
The NQA test is started.
Select the start mode as required because the startcommand has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } ]
command.
The test instance is started immediately.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
314
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } ] command.
The test instance is started after a certain delay.
----End
6.21.3 Checking the Configuration
After performing the PWE3 trace test for a single-hop PW, you can view the test result.
Prerequisite
The configurations of the PWE3 Trace Test function are complete.
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results command to view the test results on the NQA client.
----End
Example
Run the display nqa results command. If the PWE3 Trace test on the one-hop PW is successful,
the following information is displayed.
l
Statistics about errors
– Number of unroutable connections
– Number of wrong sequence numbers
– Timeout times of the test packets
l
History statistics of each test packet
– Timestamp added when each test packet is sent
– Timestamp added when each test packet is received
– Packets status displayed on the NQA client
l
Statistics of results of each test
– Number of successful tests
– Sum of the response time of all tests
– RTT square sum
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
315
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
– Minimum RTT and maximum RTT of the packet
– Destination IP address and the type of the destination IP address
– Number of the Echo packets and the sent packets
– Time when the last packet is received
<Quidway> display nqa results
NQA entry(test, pwe3trace) :testflag is inactive ,testtype is pwe3trace
1 . Test 1 result
The test is finished
Completion:success
Attempts number:1
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Drop operation number:0
Last good path Time:2009-2-28 0:42:37.5
1 . Hop 1
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 8/10/9
Sum/Square-Sum Completion Time: 28/264
RTD OverThresholds number: 0
Last Good Probe Time: 2009-2-28 0:42:37.5
Destination ip address:3.14.2.14
Lost packet ratio: 0 %
6.22 Configuring the PWE3 Trace Test to Check the MultiHop PW
This section describes how to configure a PWE3 trace test to check the communications between
devices on a PW.
6.22.1 Establishing the Configuration Task
Before configuring a PWE3 trace test for a multi-hop PW, familiarize yourself with the
applicable environment, complete the pre-configuration tasks, and obtain the required data. This
can help you complete the configuration task quickly and accurately.
Applicable Environment
To trace the multi-hop PW using LDP as the signaling protocol, you can perform the PWE3
Trace test on the multi-hop PW.
Pre-configuration Tasks
Before configuring the PWE3 Trace test on a multi-hop PW, you must correctly configure the
dynamic multi-hop PW or the static multi-hop PW.
Data Preparation
To configure the PWE3 Trace test on a multi-hop PW, you need the following data.
Issue 01 (2011-10-26)
No.
Data
1
ID of the local end of the PW
2
ID or IP address of the remote end of the PW
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
316
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
No.
Data
3
Type of the PW
4
(Optional) Response mode of the Echo packets, LSP EXP, maximum hops, number
of probes, TTL value, and timeout period of the packets
5
Type and number of the interface connected with the CE
6
Start mode and end mode of the test
6.22.2 Configuring Parameters for the PWE3 Trace Test on a MultiHop PW
This part describes how to set a PWE3 trace test parameters for a multi-hop PW.
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type pwe3trace
The test type is set to PWE3 Trace.
Step 4 (Optional) Run:
vc-type ldp
The method of setting up a PW is configured.
Step 5 (Optional) Run:
local-pw-type { local-pw-type | ip-interworking }
The type of the local PW is configured. By default, the type is Ethernet.
Step 6 (Optional) Run:
label-type { control-word | label-alert | normal}
The type of the PW label is configured.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
317
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
NOTE
l When label-type is set to control-word, run the remote-pw-id remote-pw-id command to configure
the ID of the remote end of the PW.
l When label-type is set to label-alert, run the destination-address ipv4 ip-address { lsp-masklen
mask-length | lsp-loopback loopback-address }* command to configure the destination IP address of
the PWE3 Trace test.
l When label-type is set to normal, run the destination-address ipv4 ip-address { lsp-masklen masklength | lsp-loopback loopback-address }* command to configure the destination IP address of the
PWE3 Trace test.
Step 7 Run:
local-pw-id local-pw-id
The ID of the local end of the PW is configured.
Step 8 (Optional) Run the following commands to configure other parameters for the PWE3 Trace test:
l To configure the response mode of the Echo packet, run the lsp-replymode { no-reply |
udp | udp-via-vpls | udp-router-alert | level-control-channel } command.
l To configure the LSP EXP value, run the lsp-exp exp command.
l To configure maximum hops of the PWE3 Trace test, run the tracert-hopfailtimes
timescommand.
l To configure the initial TTL value and maximum TTL value of the packet, run the tracertlivetime first-ttl first-ttl max-ttl max-ttl command.
Step 9 Run:
start
The NQA test is started.
Select the start mode as required because the start command has several forms.
l To perform the NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } ]
command.
The test instance is started immediately.
l To perform the NQA test at the specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss
[ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime
{ seconds second | hh:mm:ss } ] command.
The test instance is started at a specified time.
l To perform the NQA test after a certain delay period, run the start delay { seconds second
| hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } ] command.
The test instance is started after a certain delay.
----End
6.22.3 Checking the Configuration
After performing the PWE3 trace test for a multi-hop PW, you can view the test result.
Prerequisite
The configurations of the PWE3 Trace Test function are complete.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
318
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Context
NOTE
NQA test results cannot be displayed automatically on a terminal. You must run the display nqa results
command to view test results. By the default, the command output contains the records about only the last
five tests.
Procedure
Step 1 Run the display nqa results [ test-instance admin-name test-name ] command to view the test
results on the NQA client.
----End
Example
Run the display nqa results command. If the PWE3 Trace test on the multi-hop PW is
successful, the following information is displayed.
l
Statistics about errors
– Number of unroutable connections
– Number of wrong sequence numbers
– Timeout times of the test packets
l
History statistics of each test packet
– Timestamp added when each test packet is sent
– Timestamp added when each test packet is received
– Packets status displayed on the NQA client
l
Statistics of results of each test
– Number of successful tests
– Sum of the response time of all tests
– RTT square sum
– Minimum RTT and maximum RTT of the packet
– Destination IP address and the type of the destination IP address
– Number of the Echo packets and the sent packets
– Time when the last packet is received
<Quidway> display nqa results
NQA entry(admin, pwe3trace) :testflag is inactive ,testtype is pwe3trace
1 . Test 1 result
The test is finished
Completion:success
Attempts number:1
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Drop operation number:0
Last good path Time:2009-2-28 10:58:35.5
1 . Hop 1
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 4/10/7
Sum/Square-Sum Completion Time: 23/197
RTD OverThresholds number: 0
Last Good Probe Time: 2009-2-28 10:58:35.4
Destination ip address:3.14.99.3
Lost packet ratio: 0 %
2 . Hop 2
Send operation times: 3
Receive response times: 3
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
319
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Min/Max/Average Completion Time: 7/9/8
Sum/Square-Sum Completion Time: 24/194
RTD OverThresholds number: 0
Last Good Probe Time: 2009-2-28 10:58:35.5
Destination ip address:12.14.21.12
Lost packet ratio: 0 %
6.23 Configuring Universal NQA Test Parameters
This section describes how to set and use universal parameters for NQA test instances.
6.23.1 Establishing the Configuration Task
Before setting universal parameters for NQA test instances, familiarize yourself with the
applicable environment, complete the pre-configuration tasks, and obtain the required data. This
can help you complete the configuration task quickly and accurately.
Applicable Environment
NQA supports not only the configuration of the parameters for various types of tests, but also
the configuration of universal options of a test group.
Commonly, the default configurations of the universal parameters are adopted.
Pre-configuration Tasks
Before configuring universal NQA parameters, create NQA tests correctly.
6.23.2 Configuring Universal Parameters for the NQA Test Instance
This part describes the application of each parameter in the NQA test instance.
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
The NQA test instance view is displayed.
Step 3 Perform the following as required to configure universal parameters:
l Run:
agetime hh:mm:ss
The aging time is set for the NQA test instance.
l Run:
datafill fillstring
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
320
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
The fill string is set for the NQA test instance.
NOTE
This parameter cannot be configured for SNMP, TCP, FTP, HTTP, and DNS test instances.
You can configure padding characters for only UDP, ICMP, Jitter and Trace tests.
l Run:
datasize size
The packet size is set for the NQA test instance.
NOTE
This parameter cannot be configured for SNMP, TCP, FTP, HTTP, and DNS test instances.
l Run:
description string
The description is configured for the NQA test instance.
l Run:
destination-address ipv4 ip-address
The destination IP address is set for the NQA test instance.
l Run:
destination-address url urlstring
The destination URL address is set for the NQA test instance.
NOTE
The destination URL address can be configured for DNS and HTTP test instances.
l Run:
destination-port port-number
The destination port number is set for the NQA test instance.
NOTE
The destination port number can be configured only for UDP, Jitter, TCP, Trace, FTP, and HTTP test
instances.
l Run:
dns-server ipv4 ip-address
The DNS server address is configured for the NQA test instance.
NOTE
The DNS server address can be configured only for DNS and HTTP test instances.
l Run:
fail-percent percent
The failure percentage is set for the NQA test instance.
NOTE
This parameter cannot be configured for Trace, FTP, and DNS test instances.
l Run:
frequency interval
The test period is set for the NQA test instance.
l Run:
ftp-filename file-name
The file name and file path are configured for the FTP test instance.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
321
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
NOTE
The file name and file path can be configured only for the FTP test instance.
l Run:
ftp-filesize size
The size of the file is set for the FTP test instance.
NOTE
The size of the file can be configured only for the FTP test instance.
l Run:
ftp-operation { get | put }
The operation type is configured for the FTP test instance.
NOTE
The operation type can be configured only for the FTP test instance.
l Run:
ftp-password password
The user password is set for the FTP test instance.
NOTE
The user password can be configured only for the FTP test instance.
l Run:
ftp-username name
The user name is set for the FTP test instance.
NOTE
The user name can be configured only for the FTP test instance.
l Run:
http-operation { get | post }
The test type is set for the HTTP test instance.
NOTE
The operation type can be configured only for the HTTP test instance.
l Run:
http-url deststring [ verstring ]
The relative file path and version are configured for the HTTP test instance.
NOTE
The relative file path and version can be configured only for the HTTP test instance.
l Run:
interval { milliseconds
interval | seconds interval }
The interval for sending packets is set for the NQA test instance.
NOTE
The interval for sending packets can be configured only for the ICMP, UDP, SNMP, Jitter, and TCP
test instances.
l Run:
jitter-packetnum number
The number of test packets is set for the NQA test instance.
l Run:
probe-count number
The number of probes for one time is set.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
322
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
NOTE
This parameter cannot be configured for FTP and DNS test instances.
l Run:
probe-failtimes times
The number of permitted maximum probe failures, that is, the threshold to trigger the trap
message, is set for the NQA test instance.
l Run:
records history number
The maximum number of history records is set for the NQA test instance.
l Run:
records result number
The maximum number of result records is set for the NQA test instance.
l Run:
sendpacket passroute
The NQA test is configured to send packets without searching for the routing table.
NOTE
This parameter cannot be configured for DNS test instance.
l Run:
set-df
Packet fragmentation is prohibited.
NOTE
This function can be configured only for the Trace test instances.
l Run:
send-trap { all | { owd-ds | owd-sd | probefailure | rtd | testcomplete |
testfailure } * }
The condition for triggering the trap message is configured.
l Run:
source-address ipv4 ip-address
The source IP address is set for the NQA test instance.
l Run:
source-interface interface-type interface-number
The source interface is configured for the NQA test instance.
NOTE
The source interface can be configured for ICMPtest instances.
l Run:
source-port port-number
The source port number is set for the NQA test instance.
NOTE
This parameter can be configured for UDP, SNMP, TCP, FTP, and HTTP test instances.
l Run:
test-failtimes times
The trap threshold for continuous probe failures is set for the NQA test instance.
l Run:
timeout time
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
323
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
The timeout period is set for the NQA test instance.
l Run:
ttl number
The TTL value in the NQA test packet is set.
NOTE
This parameter cannot be configured for DNS and Trace test instances.
l Run:
tos value
Type of Service (TOS) is set for the test packet.
NOTE
This parameter cannot be configured for DNS and Trace test instances.
l Run:
tracert-hopfailtimes times
The hop fail times are set for the Trace test instance.
NOTE
This parameter can be configured only for Trace test instance.
l Run:
tracert-livetime first-ttl first-ttl max-ttl max-ttl
The lifetime is set for the Trace test instance.
NOTE
This parameter can be configured only for Trace test instance.
l Run:
vpn-instance vpn-instance-name
The VPN instance name is configured for the NQA test instance.
NOTE
This parameter cannot be configured for DNS test instance.
l Run:
vpn-instance vpn-instance-name
The VPN instance name is configured for the NQA test instance.
NOTE
This parameter cannot be configured for DNS, and DHCP test instance.
----End
6.23.3 Checking the Configuration
After setting universal parameters for NQA test instances, you can view the test result.
Prerequisite
The configurations of the Universal NQA Test Parameters function are complete.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
324
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Procedure
Step 1 Run the display nqa-agent [admin-name test-name ] [ verbose ] to view the status of the test
instance configured on the NQA client.
----End
Example
<Quidway> display nqa-agent
nqa test-instance a a
test-type pwe3trace
local-pw-id 1
vc-type bgp
nqa status : normal
nqa test-instance a b
test-type icmpjitter
destination-address ipv4 100.1.1.201
source-address ipv4 100.1.1.200
hardware-based enable
ttl 100
tos 100
timeout 20
nqa status : normal
6.24 Configuring Round-Trip Delay Thresholds
This section describes how to set a round-trip delay transmission threshold in an NQA test
instance.
6.24.1 Establishing the Configuration Task
Before setting a round-trip transmission delay threshold, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.
Applicable Environment
If the round-trip transmission delay threshold is configured for a NQA test instance, the NQA
test result will contain the statistics on the test packets that exceed the set threshold. This provides
the basis for the network manager to analyze the operation status of the specified service.
Pre-configuration Tasks
Before configuring the round-trip transmission delay threshold, complete the following tasks:
l
Running the device normally
l
Creating NQA test instances and configuring related parameters correctly
Data Preparation
To configure the round-trip transmission delay threshold, you need the following data.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
325
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
No.
Data
1
Administrator name and test name
2
Round-trip transmission delay threshold
6 NQA Configuration
6.24.2 Configuring Round-Trip Delay Thresholds
This part describes how to set a round-trip transmission delay threshold. When the transmission
duration exceeds the threshold, a trap message is sent to the Network Management System
(NMS).
Context
Do as follows on the switch to perform the NQA test:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the NQA instance view is displayed.
Step 3 Run:
test-type test-type
The test type is configured.
Step 4 Run:
destination-address ipv4 ip-address
The destination IP address is configured.
Step 5 (Optional)Run:
destination-port port-number
The destination port number is configured.
Step 6 Run:
threshold rtd rtd-value
The round-trip transmission delay threshold is configured.
Step 7 Run:
send-trap rtd
The trap function is enabled.
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
326
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
6.24.3 Checking the Configuration
After setting the round-trip transmission delay threshold, you can view the configuration.
Prerequisite
The configurations of the Round-Trip Delay Thresholds Test function are complete.
Procedure
Step 1 Run the display nqa-agent [ admin-name test-name ] [ verbose ] to view the status of the test
instance configured on the NQA client.
----End
Example
Run the display nqa-agent verbose command. If the test is successful, the following is
displayed. For example:
<Quidway> display nqa-agent verbose
nqa test-instance admin jitter
test-type jitter
destination-address ipv4 100.1.1.201
destination-port 80
threshold rtd 2000
send-trap rtd
nqa status : normal
6.25 Configuring the Trap Function
This section describes how to configure the trap function in an NQA test instance. After the trap
function is configured, a trap message is sent to the NMS in case of transmission success or
transmission failure.
6.25.1 Establishing the Configuration Task
Before configuring the trap function, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
Applicable Environment
Trap messages are generated regardless of whether the NQA test is successful or fails. You can
control whether to send trap messages to the NM station by enabling or disabling the trap
function.
NQA supports three types of trap messages as defined in the DISMAN-PING-MIB.
l
Trap message sent when an NQA probe fails
It aims at checking whether the probe Echo packets are received.
If the number of packets that have no responses reaches the upper limit, trap messages are
sent to a specified NM station.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
327
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
l
6 NQA Configuration
Trap message sent when an NQA test fails
It aims at checking whether the test fails.
If the number of the times that a test fails exceeds the limit, trap messages are sent to a
specified NM station.
l
Trap message sent when an NQA test is successful
It aims at checking whether the test is successful.
If Echo packets are received during an NQA test, trap messages are sent to a specified NM
station.
NQA also supports the sending of trap messages to the NM station when the uni-directional
transmission delay or the round-trip transmission delay exceeds the threshold.
l
For all tests supporting traps, if the round-trip transmission delay exceeds the threshold and
the trap function is enabled, trap messages are sent to the NM station with the specified IP
address.
l
For all the Jitter tests, if the uni-directional transmission delay exceeds the threshold and
the trap function is enabled, trap messages are sent to the NM station with the specified IP
address.
Trap messages carry information such as destination IP address, operation status, destination IP
address of the test packet, minimum RTT, maximum RTT and total RTT, number of sent probe
packets, number of received packets, RTT square sum, and time of the last successful probe.
Pre-configuration Tasks
Before configuring the trap function, complete the following tasks:
l
Configuring routes between the NQA client and the NM station
l
Creating an NQA test and configuring related parameters correctly
Data Preparation
To configure the trap function, you need the following data.
No.
Data
1
Administrator name and test name
2
NQA events that trigger the trap function
3
l (Optional) Number of test failures that trigger sending a trap message
l (Optional) Number of probe failures that trigger sending a trap message
6.25.2 Sending Trap Messages When Test Failed
A trap message is sent to the NMS when the transmission of NQA test packets fails.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
328
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type { jitter | icmpjitter }
The test type is configured.
NOTE
Only S5700HI and S5706 support ICMP Jitter.
Step 4 Run:
destination-address ipv4 ip-address
The destination IP address is configured.
Step 5 (Optional)Run:
destination-port port-number
The destination port number is configured.
Step 6 Run:
send-trap testfailure
Sending trap messages when tests fail is enabled.
By default, the trap function is disabled.
Step 7 Run:
test-failtimes times
The number of test failures that trigger sending a trap message is configured.
By default, a trap message is sent for each test failure.
----End
6.25.3 Sending Trap Messages When Probes Failed
A trap message is sent to the NMS when the NQA test fails.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type { jitter | icmpjitter }
The test type is configured.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
329
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
NOTE
Only S5700HI and S5706 support ICMP Jitter.
Step 4 Run:
destination-address ipv4 ip-address
The destination IP address is configured.
Step 5 (Optional)Run:
destination-port port-number
The destination port number is configured.
Step 6 Run:
send-trap probefailure
Sending trap messages when probes fail is enabled.
By default, the trap function is disabled.
Step 7 Run:
probe-failtimes times
The number probe failures that trigger sending a Trap message is configured.
By default, a trap message is sent for each probe failure.
----End
6.25.4 Sending Trap Messages When Probes Are Complete
A trap message is sent to the NMS when the NQA test is complete.
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type { jitter | icmpjitter }
The test type is configured.
NOTE
Only S5700HI and S5706 support ICMP Jitter.
Step 4 Run:
destination-address ipv4 ip-address
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
330
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
The destination IP address is configured.
Step 5 (Optional)Run:
destination-port port-number
The destination port number is configured.
Step 6 Run:
send-trap testcomplete
Sending trap messages when tests are completed is enabled.
By default, the trap function is disabled.
----End
6.25.5 Sending Trap Messages When the Transmission Delay
Exceeds Thresholds
A trap message is sent to the NMS when the test result exceeds the threshold.
Context
Do as follows on the NQA client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created and the test instance view is displayed.
Step 3 Run:
test-type { jitter | icmpjitter }
The test type is configured.
NOTE
Only S5700HI and S5706 support ICMP Jitter.
Step 4 Run:
destination-address ipv4 ip-address
The destination IP address is configured.
Step 5 (Optional)Run:
destination-port port-number
The destination port number is configured.
Step 6 Run:
send-trap rtd
Sending trap messages when the transmission delay exceeds the threshold is enabled.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
331
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
By default, the trap function is disabled.
----End
6.25.6 Checking the Configuration
After the trap function is enabled in an NQA test instance, you can view trap messages in the
trap buffer.
Prerequisite
The configurations of the Trap function are complete.
Procedure
Step 1 Run the display trapbuffer [ size value ] to view the trap messages sent in an NQA test.
----End
Example
Run the display trapbuffer [ size value ] command. If information about the trap messages is
displayed, it means that the configuration succeeds.
For example:
<Quidway> display trapbuffer size 2
Trapping buffer configuration and contents:enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 11
#May 6 2009 12:54:17 CBB6-PE3 SINDEX/4/INDEXMAP:OID
1.3.6.1.4.1.2011.5.25.110.2.0.1 ShortIFIndexMapTable changed.
#May 6 2009 11:02:37 CBB6-PE3 SRM_BASE/4/ENTITYREGSUCCESS: OID
1.3.6.1.4.1.2011.5.25.129.2.1.18 Physical entity register succeeded.
(EntityPhysicalIndex=17367040, BaseTrapSeverity=2, BaseTrapProbableCause=70144,
BaseTrapEventType=5, EntPhysicalContainedIn=1677721
6, EntPhysicalName="SRU slot 9", RelativeResource="", ReasonDescription="MPU9")
6.26 Maintaining NQA
This section describes how to maintain an NQA test instance. You can restart the test instance,
clear the statistics on the test result,to maintain a test instance.
6.26.1 Restarting NQA Test Instances
If a test instance fails, you can try to restart the test instance in the next test period.
Prerequisite
To restart an NQA test instance, run the following command in the NQA instance view.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
332
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Context
CAUTION
Restarting an NQA test instance interrupts the running of tests.
Procedure
Step 1 Run the system-view command, enter the system view.
Step 2 Run the nqa test-instance admin-name test-name command, enter the NQA test instance view.
Step 3 Run the restart command in the NQA instance view to restart an NQA test instance.
----End
6.26.2 Clearing NQA Statistics
When the statistics on the current test instance are saved to the FTP server, you can clear test
results on the device.
Prerequisite
NQA statistics cannot be restored after you clear them. So, confirm the action before you use
the command.
Context
NOTE
Statistics about the test being performed cannot be cleared.
Procedure
Step 1 Run the system-view command, enter the system view.
Step 2 Run the nqa test-instance admin-name test-name command, enter the NQA test instance view.
Step 3 Run the clear-records command in the NQA view to clear history statistics on NQA tests and
test results.
----End
6.26.3 Debugging NQA
This part describes how to debug test instances.
Prerequisite
When a fault occurs, run the following debugging command in the user view to debug NQA
and locate the fault.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
333
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
Procedure
Step 1 Run the debugging nqa all command in the NQA view to enable NQA debugging.
----End
6.27 Configuration Examples
This section provides several configuration examples of NQA.
6.27.1 Example for Configuring the ICMP Test
Networking Requirements
As shown in Figure 6-3, Switch A and Switch B must be connected at Layer 3 through the
VLANIF interface.
Switch A functions as the NQA client to check whether Switch B is reachable.
Figure 6-3 Networking diagram for configuring the ICMP test
SwitchB
SwitchA
GE0/0/1
VLANIF10
NQA agent 10.1.1.1/24
GE0/0/1
VLANIF10
10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Perform the NQA ICMP test to check whether the route between the local end (Switch A)
and the specified destination end (Switch B) is reachable and check the RTT of a test packet.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 01 (2011-10-26)
Host address of Switch B
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
334
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Procedure
Step 1 Create a VLAN and add interfaces to the VLAN.
# Configure Switch A.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-Vlan10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
# Configure Switch B.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan 10
[SwitchB-Vlan10] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchB-GigabitEthernet0/0/1] quit
Step 2 Configure the VLANIF interface and assign an IP address to the VLANIF interface.
# Configure Switch A.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.1 24
# Configure Switch B.
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 10.1.1.2 24
Step 3 Enable the NQA client and create an NQA ICMP test.
[SwitchA] nqa test-instance admin icmp
[SwitchA-nqa-admin-icmp] test-type icmp
[SwitchA-nqa-admin-icmp] destination-address ipv4 10.1.1.2
Step 4 Perform the test immediately.
[SwitchA-nqa-admin-icmp] start now
Step 5 Verify the test result.
[SwitchA-nqa-admin-icmp] display nqa results test-instance admin icmp
NQA entry(admin, icmp) :testflag is inactive ,testtype is icmp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.1.1.2
Min/Max/Average Completion Time: 1/30/17
Sum/Square-Sum Completion Time: 51/1301
Last Good Probe Time: 2010-06-09 19:27:48.1
Lost packet ratio: 0 %
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
335
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
nqa test-instance admin icmp
test-type icmp
destination-address ipv4 10.1.1.2
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
6.27.2 Example for Configuring the FTP Download Test
Networking Requirements
As shown in Figure 6-4:
l
Switch B functions as the FTP server.
l
A user with the name user1 and the password hello intends to log in to the FTP server to
download the test.txt file.
Figure 6-4 Networking diagram for configuring the FTP download test
SwitchA
GE0/0/1
VLANIF10
FTP Client 10.1.1.1/24
SwitchB
GE0/0/1
VLANIF10
10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
336
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
1.
Configure Switch A as the NQA client.
2.
Create and perform the FTP test on Switch A to check whether a connection between
Switch A and the FTP server can be set up and to check the time for downloading a file
from the FTP server.
Data Preparation
To complete the configuration, you need the following data:
l
IP address of the FTP server
l
Source IP address for the test
l
FTP user name and password
l
Operation file of the FTP test
Procedure
Step 1 Configure the IP addresses of Switch A and Switch B. The configuration details are not
mentioned here.
Step 2 Configure Switch B as the FTP server.
<SwitchB> system-view
[SwitchB] ftp server enable
[SwitchB] aaa
[SwitchB-aaa] local-user user1 password cipher hello
[SwitchB-aaa] local-user user1 service-type ftp
[SwitchB-aaa] local-user user1 ftp-directory flash:
[SwitchB-aaa] quit
Step 3 Configure an NQA FTP test on Switch A.
<SwitchA> system-view
[SwitchA] nqa test-instance admin ftp
[SwitchA-nqa-admin-ftp] test-type ftp
[SwitchA-nqa-admin-ftp] destination-address ipv4 10.1.1.2
[SwitchA-nqa-admin-ftp] source-address ipv4 10.1.1.1
[SwitchA-nqa-admin-ftp] ftp-operation get
[SwitchA-nqa-admin-ftp] ftp-username user1
[SwitchA-nqa-admin-ftp] ftp-password hello
[SwitchA-nqa-admin-ftp] ftp-filename test.txt
Step 4 Perform the test.
[SwitchA-nqa-admin-ftp] start now
Step 5 Verify the test result.
[SwitchA-nqa-admin-ftp] display nqa results test-instance admin ftp
NQA entry(admin, ftp) :testflag is inactive ,testtype is ftp
1 . Test 1 result
The test is finished
SendProbe:1
ResponseProbe:1
Completion :success
RTD OverThresholds number: 0
MessageBodyOctetsSum: 448
Stats errors number: 0
Operation timeout number: 0
System busy operation number:0
Drop operation number:0
Disconnect operation number: 0
CtrlConnTime Min/Max/Average: 438/438/438
DataConnTime Min/Max/Average: 218/218/218
SumTime Min/Max/Average: 656/656/656
Average RTT:656
Lost packet ratio:0 %
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
337
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
nqa test-instance admin ftp
test-type ftp
destination-address ipv4 10.1.1.2
source-address ipv4 10.1.1.1
ftp-username user1
ftp-password hello
ftp-filename test.txt
ftp-operation get
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
FTP server enable
#
aaa
local-user user1 password cipher 3MQ*TZ,O3KCQ=^Q`MAF4<1!!
local-user user1 service-type ftp
local-user user1 ftp-directory flash:
#
return
6.27.3 Example for Configuring the FTP Upload Test
Networking Requirements
As shown in Figure 6-5:
You are required to test the speed of uploading a file from Switch C to the FTP server.
Figure 6-5 Networking diagram for configuring the FTP upload test
SwitchA
GE0/0/1
SwitchB
GE0/0/1
GE0/0/2
VLANIF10 VLANIF10
FTP 10.1.1.1/24 10.1.1.2/24
Client
Issue 01 (2011-10-26)
SwitchC
GE0/0/1
VLANIF20 VLANIF20
10.2.1.1/24 10.2.1.2/24 FTP
Server
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
338
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch A as the NQA client and the FTP client. Create and perform the FTP test
on Switch A to check whether a connection between Switch A and the FTP server can be
set up and to test the time for uploading a file to the FTP server.
2.
A user with the name user1 and the password hello logs in to the FTP server to upload a
file whose size is 10k.
Data Preparation
To complete the configuration, you need the following data:
l
IP address of the FTP server
l
Source IP address for the test
l
FTP user name and password
l
Size of the uploaded file
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Configure Switch C as the FTP server.
<SwitchC> system-view
[SwitchC] ftp server enable
[SwitchC] aaa
[SwitchC-aaa] local-user user1 password cipher hello
[SwitchC-aaa] local-user user1 service-type ftp
[SwitchC-aaa] local-user user1 ftp-directory flash:
[SwitchC-aaa] quit
Step 3 Configure an NQA FTP test on Switch A and create a file of 10K bytes for uploading.
<SwitchA> system-view
[SwitchA] nqa test-instance admin ftp
[SwitchA-nqa-admin-ftp] test-type ftp
[SwitchA-nqa-admin-ftp] destination-address ipv4 10.2.1.2
[SwitchA-nqa-admin-ftp] source-address ipv4 10.1.1.1
[SwitchA-nqa-admin-ftp] ftp-operation put
[SwitchA-nqa-admin-ftp] ftp-username user1
[SwitchA-nqa-admin-ftp] ftp-password hello
[SwitchA-nqa-admin-ftp] ftp-filename nqa-ftp-test.txt
[SwitchA-nqa-admin-ftp] ftp-filesize 10
Step 4 Perform the test.
[SwitchA-nqa-admin-ftp] start now
Step 5 Verify the test result.
# Verify the NQA test result on Switch A.
[SwitchA-nqa-admin-ftp] display nqa results test-instance admin ftp
NQA entry(admin, ftp) :testflag is inactive ,testtype is ftp
1 . Test 1 result
The test is finished
SendProbe:1
ResponseProb:1
Completion :success
RTD OverThresholds number: 0
MessageBodyOctetsSum: 10240
Stats errors number: 0
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
339
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Operation timeout number: 0
System busy operation number:0
Drop operation number:0
Disconnect operation number: 0
CtrlConnTime Min/Max/Average: 657/657/657
DataConnTime Min/Max/Average: 500/500/500
SumTime Min/Max/Average: 1157/1157/1157
Average RTT:1157
Lost packet ratio:0 %
# On Switch C, you can see that a file named nqa-ftp-test.txt is added.
<SwitchC> dir
Directory of flash:
Idx
0
1
Attr
-rw-rw-
Size(Byte)
331
10240
Date
Time(LMT)
Feb 06 2009 18:34:34
Feb 06 2009 18:37:06
FileName
private-data.txt
nqa-ftp-test.txt
2540 KB total (1536 KB free)
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
nqa test-instance admin ftp
test-type ftp
destination-address ipv4 10.2.1.2
source-address ipv4 10.1.1.1
ftp-filesize 10
ftp-username user1
ftp-password hello
ftp-filename nqa-ftp-test.txt
ftp-operation put
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 10 20
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
340
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
port hybrid untagged vlan 20
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
FTP server enable
#
vlan batch 20
#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
aaa
local-user user1 password cipher 3MQ*TZ,O3KCQ=^Q`MAF4<1!!
local-user user1 service-type ftp
local-user user1 ftp-directory flash:
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return
6.27.4 Example for Configuring the HTTP Test
Networking Requirements
As shown in Figure 6-6, Switch is connected to the HTTP server through a WAN.
Figure 6-6 Networking diagram for configuring the HTTP test
HTTP Server
10.2.1.1/24
Switch
10.1.1.2/24
GE0/0/1
VLANIF10
10.1.1.1/24
IP
Network
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the Switch as the NQA client.
2.
Create and perform the HTTP test on the Switch to check whether the a connection between
the Switch and the HTTP server can be set up and to check the time for transferring a file
between them.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
341
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Host address of the HTTP server
l
HTTP operation type
Procedure
Step 1 Configure reachable routes between Switch and HTTP Server. The configuration details are not
mentioned here.
Step 2 Enable the NQA client and create an NQA HTTP test.
<Quidway> system-view
[Quidway] nqa test-instance admin http
[Quidway-nqa-admin-http] test-type http
[Quidway-nqa-admin-http] destination-address ipv4 10.2.1.1
[Quidway-nqa-admin-http] http-operation get
[Quidway-nqa-admin-http] http-url www.huawei.com
Step 3 Perform the test.
[Quidway-nqa-admin-http] start now
Step 4 Verify the test result.
[Quidway-nqa-admin-http] display nqa results test-instance admin http
NQA entry(admin, http) :testflag is inactive ,testtype is http
1 . Test 1 result
The test is finished
SendProbe:3
ResponseProbe:3
Completions: success
RTD OverThresholdsnumber: 0
MessageBodyOctetsSum: 0
TargetAddress: 10.2.1.1
DNSQueryError number: 0
HTTPError number: 0
TcpConnError number : 3
System busy operation number:0
DNSRTT Sum/Min/Max:0/0/0
TCPConnectRTT Sum/Min/Max: 0/0/0
TransactionRTT Sum/Min/Max: 11/3/4
RTT Sum/Min/Max/Avg: 18/5/7/6
DNSServerTimeout:0 TCPConnectTimeout:0 TransactionTimeout: 0
Lost packet ratio:0%
----End
Configuration Files
Configuration file of Switch
#
sysname quidway
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
nqa test-instance admin http
test-type http
destination-address ipv4 10.2.1.1
http-operation get
http-url www.huawei.com
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
342
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
#
return
6.27.5 Example for Configuring the DNS Test
Networking Requirements
As shown in Figure 6-7, Switch functions as the DNS client to access the host whose IP address
is 10.2.1.1/24 through a domain named server.com.
Figure 6-7 Networking diagram for configuring the DNS test
server.com
10.2.1.1/24
Switch
GE0/0/1 10.1.1.2/24
VLANIF100
10.1.1.1/24
IP
Network
DNS Server
10.3.1.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the Switch as the NQA client.
2.
Create and perform the DNS test on the Switch to check whether a connection between the
Switch and the DNS server can be set up and to check the speed of responding to an address
resolution request.
Data Preparation
To complete the configuration, you need the following data:
l
IP address of the DNS server
l
Name of the host to be accessed
Procedure
Step 1 Configure reachable routes between Switch A and the DNS server, between Switch A and the
host to be accessed, and between the DNS server and the host to be accessed. The configuration
details are not mentioned here.
Step 2 Create an NQA DNS test.
<Quidway> system-view
[Quidway] dns server 10.3.1.1
[Quidway] nqa test-instance admin dns
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
343
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
[Quidway-nqa-admin-dns] test-type dns
[Quidway-nqa-admin-dns] dns-server ipv4 10.3.1.1
[Quidway-nqa-admin-dns] destination-address url server.com
Step 3 Perform the test.
[Quidway-nqa-admin-dns] start now
Step 4 Verify the test result.
[Quidway] display nqa results test-instance admin dns
NQA entry(admin, dns) :testflag is inactive ,testtype is dns
1 . Test 1 result
The test is finished
Send operation times: 1
Receive response times: 1
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:
10.3.1.1
Min/Max/Average Completion Time: 1/1/1
Sum/Square-Sum Completion Time: 1/1
Last Good Probe Time: 2009-2-3 10:52:5.7
Lost packet ratio: 0 %
----End
Configuration Files
Configuration file of Switch
#
sysname Quidway
#
dns server 10.3.1.1
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin dns
test-type dns
destination-address url server.com
dns-server ipv4 10.3.1.1
#
ip route-static 10.3.1.0 255.255.255.0 10.1.1.2
#
return
6.27.6 Example for Configuring the Traceroute Test
Networking Requirements
As shown in Figure 6-8:
The traceroute test is used to check the IP address of the VLANIF 110 interface of Switch C on
Switch A.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
344
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Figure 6-8 Networking diagram for configuring the traceroute test
SwitchA
GE0/0/1
SwitchB
GE0/0/1
GE0/0/2
VLANIF100 VLANIF100
10.1.1.1/24 10.1.1.2/24
SwitchC
GE0/0/1
VLANIF110 VLANIF110
10.2.1.1/24 10.2.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch A as the NQA client.
2.
Create and perform the traceroute test on Switch A to check the statistics on each hop from
Switch A to Switch C.
Data Preparation
To complete the configuration, you need the following data:
l
Destination address for the traceroute test
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Create an NQA traceroute test on Switch A and set the destination IP address to 10.2.1.2.
<SwitchA> system-view
[SwitchA] nqa test-instance admin trace
[SwitchA-nqa-admin-trace] test-type trace
[SwitchA-nqa-admin-trace] destination-address ipv4 10.2.1.2
Step 3 Perform the test.
[SwitchA-nqa-admin-trace] start now
Step 4 Verify the test result.
# Verify the NQA test result on Switch A.
[SwitchA-nqa-admin-trace] display nqa results test-instance admin trace
NQA entry(admin, trace) :testflag is inactive ,testtype is trace
1 . Test 1 result
The test is finished
Completion:success
Attempts number:1
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Drop operation number:0
Last good path Time:2006-8-5 14:38:58.5
1 . Hop 1
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 46/47/41
Sum/Square-Sum Completion Time: 125/5349
RTD OverThresholds number: 0
Last Good Probe Time: 2006-8-5 14:38:58.3
Destination ip address:10.1.1.2
Lost packet ratio: 0 %
2 . Hop 2
Send operation times: 3
Receive response times: 3
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
345
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Min/Max/Average Completion Time: 31/79/62
Sum/Square-Sum Completion Time: 188/13286
RTD OverThresholds number: 0
Last Good Probe Time: 2006-8-5 14:38:58.5
Destination ip address:10.2.1.2
Lost packet ratio: 0 %
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin trace
test-type trace
destination-address ipv4 10.2.1.2
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
346
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
#
return
6.27.7 Example for Configuring the SNMP Query Test
Networking Requirements
As shown in Figure 6-9, SNMP agent is enabled on Switch C. The NQA SNMP query test is
used to measure the time from sending an SNMP query packet to receiving an Echo packet.
Figure 6-9 Networking diagram for configuring the SNMP query test
SwitchB
SwitchA
GE0/0/1
GE0/0/1
VLANIF100 VLANIF100
10.1.1.1/24 10.1.1.2/24
GE0/0/2
SwitchC
GE0/0/1
VLANIF110 VLANIF110
10.2.1.1/24 10.2.1.2/24
SNMP Agent
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch A as the NQA client.
2.
Create and perform the SNMP query test on Switch A.
3.
Enable SNMP agent on Switch C.
Data Preparation
To complete the configuration, you need the following data:
l
Host address of the SNMP agent
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Enable SNMP agent on Switch C.
<SwitchC> system-view
[SwitchC] snmp-agent
Step 3 Create an SNMP query test on Switch A.
<SwitchA> system-view
[SwitchA] nqa test-instance admin snmp
[SwitchA-nqa-admin-snmp] test-type snmp
[SwitchA-nqa-admin-snmp] destination-address ipv4 10.2.1.2
Step 4 Perform the test.
[SwitchA-nqa-admin-snmp] start now
Step 5 Verify the test result.
[SwitchA-nqa-admin-snmp] display nqa results test-instance admin snmp
NQA entry(admin, snmp) :testflag is inactive ,testtype is snmp
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
347
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 63/172/109
Sum/Square-Sum Completion Time: 329/42389
Last Good Probe Time: 2006-8-5 15:33:49.1
Lost packet ratio: 0 %
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin snmp
test-type snmp
destination-address ipv4 10.2.1.2
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
348
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
snmp-agent
snmp-agent local-engineid 000007DB7F00000100006294
snmp-agent sys-info version v3
#
return
6.27.8 Example for Configuring the TCP Test
Networking Requirements
As shown in Figure 6-10, the NQA TCP Private test is used to obtain the time for setting up a
TCP connection between Switch A and Switch B.
Figure 6-10 Networking diagram for configuring the TCP test
SwitchB
SwitchA
GE0/0/1
GE0/0/1
VLANIF100 VLANIF100
10.1.1.1/24 10.1.1.2/24
SwitchC
GE0/0/2
GE0/0/1
VLANIF110 VLANIF110
10.2.1.1/24 10.2.1.2/24
NQA Server
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch A as the NQA client and configure Switch C as the NQA server.
2.
Configure the monitoring port number on the NQA server and create an NQA TCP test on
the NQA client.
Data Preparation
To complete the configuration, you need the following data:
l
Host address of the server
l
Port number used to monitor the TCP service on the server
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Configure the NQA server on Switch C.
# Configure the IP address and port number used to monitor TCP connections on the NQA server.
<SwitchC> system-view
[SwitchC] nqa-server tcpconnect 10.2.1.2 9000
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
349
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Step 3 # Configure Switch A.
# Enable the NQA client and create a TCP Private test.
<SwitchA> system-view
[SwitchA] nqa test-instance admin tcp
[SwitchA-nqa-admin-tcp] test-type tcp
[SwitchA-nqa-admin-tcp] destination-address ipv4 10.2.1.2
[SwitchA-nqa-admin-tcp] destination-port 9000
Step 4 Perform the test.
[SwitchA-nqa-admin-tcp] start now
Step 5 Verify the test result.
[SwitchA-nqa-admin-tcp] display nqa results test-instance admin tcp
NQA entry(admin, tcp) :testFlag is inactive ,testtype is tcp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 46/63/52
Sum/Square-Sum Completion Time: 156/8294
Last Good Probe Time: 2006-8-5 15:53:17.8
Lost packet ratio: 0 %
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin tcp
test-type tcp
destination-address ipv4 10.2.1.2
destination-port 9000
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
350
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
nqa-server tcpconnect 10.2.1.2 9000
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return
6.27.9 Example for Configuring the UDP Test
Networking Requirements
As shown in Figure 6-11, the NQA UDP Public test is used to obtain RTT of a UDP packet
transmitted between Switch A and Switch C.
Figure 6-11 Networking diagram for configuring the UDP test
SwitchA
SwitchB
GE0/0/1
GE0/0/1
VLANIF100 VLANIF100
10.1.1.1/24 10.1.1.2/24
SwitchC
GE0/0/2
GE0/0/1
VLANIF110 VLANIF110
10.2.1.1/24 10.2.1.2/24
NQA Server
Configuration Roadmap
1.
Configure Switch A as the NQA client and configure Switch C as the NQA server.
2.
Configure the monitoring port number on the NQA server and create an NQA UDP Public
test on the NQA client.
Data Preparation
To complete the configuration, you need the following data:
l
Host address of the server
l
Port number used to monitor the UDP service on the server
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
351
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Configure the NQA server on Switch C.
# Configure the IP address and UDP port number monitored by the NQA server.
<SwitchC> system-view
[SwitchC] nqa-server udpecho 10.2.1.2 6000
Step 3 # Configure Switch A.
# Enable the NQA client and create a UDP Public test.
<SwitchA> system-view
[SwitchA] nqa test-instance admin udp
[SwitchA-nqa-admin-udp] test-type udp
[SwitchA-nqa-admin-udp] destination-address ipv4 10.2.1.2
[SwitchA-nqa-admin-udp] destination-port 6000
Step 4 Perform the test.
[SwitchA-nqa-admin-udp] start now
Step 5 Verify the test result.
[SwitchA-nqa-admin-udp] display nqa results test-instance admin udp
NQA entry(admin, udp) :testflag is inactive ,testtype is udp
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Destination ip address:10.2.1.2
Min/Max/Average Completion Time: 32/109/67
Sum/Square-Sum Completion Time: 203/16749
Last Good Probe Time: 2006-8-5 16:9:21.6
Lost packet ratio: 0 %
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin udp
test-type udp
destination-address ipv4 10.2.1.2
destination-port 6000
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
352
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
l
6 NQA Configuration
Configuration file of Switch B
#
sysname SwitchB
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
nqa-server udpecho 10.2.1.2 6000
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return
6.27.10 Example for Configuring the Jitter Test
Networking Requirements
As shown in Figure 6-12, the NQA Jitter test needs to be used to obtain the jitter time of
transmitting a packet from Switch A to Switch C. Switch A and Switch C synchronize the clock
from Switch B so that the test precision is improved.
NOTE
For information about clock synchronization, see "NTP" in the Quidway S5700 Series Ethernet Switches
Feature Description - Network Management.
Figure 6-12 Networking diagram for configuring the Jitter test
SwitchA
GE0/0/1
VLANIF100
10.1.1.1/24
Issue 01 (2011-10-26)
SwitchB
GE0/0/1
VLANIF100
10.1.1.2/24
SwitchC
GE0/0/2
GE0/0/1
VLANIF110 VLANIF110
10.2.1.1/24 10.2.1.2/24 NQA Server
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
353
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch C as the NTP client and configure Switch B as the NTP server.
2.
Configure Switch A as the NQA client and configure Switch C as the NQA server.
3.
Configure the service type and port number monitored by the NQA server.
4.
Create and perform the NQA Jitter test on the NQA client.
Data Preparation
To complete the configuration, you need the following data:
l
Host address of the server
l
Port number used to monitor the UDP service on the server
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Configure the NQA server on Switch C.
# Configure the IP address and UDP port number monitored by the NQA server.
<SwitchC> system-view
[SwitchC] nqa-server udpecho 10.2.1.2 9000
Step 3 # Configure Switch A.
# Enable the NQA client and create an NQA Jitter test.
<SwitchA> system-view
[SwitchA] nqa test-instance admin jitter
[SwitchA-nqa-admin-jitter] test-type jitter
[SwitchA-nqa-admin-jitter] destination-address ipv4 10.2.1.2
[SwitchA-nqa-admin-jitter] destination-port 9000
Step 4 Perform the test.
[SwitchA-nqa-admin-jitter] start now
Step 5 Verify the test result.
[SwitchA-nqa-admin-jitter] display nqa results test-instance admin jitter
NQA entry(admin, jitter) :testflag is inactive ,testtype is jitter
1 . Test 1 result
The test is finished
SendProbe:60
ResponseProbe:60
Completion:success
RTD OverThresholds number:0
Min/Max/Avg/Sum RTT:1/98/8/461
RTT Square Sum:23037
NumOfRTT:60
Drop operation number:0
Operation sequence errors number:0
RTT Stats errors number:0
System busy operation number:0
Operation timeout number:0
Min Positive SD:1
Min Positive DS:1
Max Positive SD:96
Max Positive DS:8
Positive SD Number:15
Positive DS Number:8
Positive SD Sum:172
Positive DS Sum:18
Positive SD Square Sum :9868
Positive DS Square Sum :86
Min Negative SD:1
Min Negative DS:1
Max Negative SD:20
Max Negative DS:10
Negative SD Number:18
Negative DS Number:8
Negative SD Sum:163
Negative DS Sum:28
Negative SD Square Sum :2519
Negative DS Square Sum :194
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
354
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
Min Delay SD:0
Avg Delay SD:3
Max Delay SD:49
Packet Loss SD:0
Packet Loss Unknown:0
jitter in value:0.6602845
OWD SD Sum:206
TimeStamp unit: ms
6 NQA Configuration
Min Delay DS:0
Avg Delay DS:3
Max Delay DS:48
Packet Loss DS:0
jitter out value:5.1291060
NumberOfOWD:60
OWD DS Sum:195
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin jitter
test-type jitter
destination-address ipv4 10.2.1.2
destination-port 9000
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
355
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
port hybrid untagged vlan 110
#
nqa-server udpecho 10.2.1.2 9000
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return
6.27.11 Example for Configuring the LSP Ping Test for a Common
Tunnel
Networking Requirements
As shown in Figure 6-13:
l
The OSPF protocol runs on Switch A, Switch B, and Switch C. The three Switches learn
the 32-bit host routes on their loopback interfaces.
l
MPLS and MPLS LDP are enabled on Switch A, Switch B, and Switch C.
l
MPLS and MPLS LDP are enabled on VLANIF interfaces connected to Switch A,
Switch B, and Switch C to trigger the establishment of an LDP LSP.
The NQA LSP Ping test needs to be performed to check the connectivity of the LSP between
Switch A and Switch C.
Figure 6-13 Networking diagram for configuring the LSP Ping test
area 0
Loopback1
1.1.1.9/32
Loopback1
2.2.2.9/32
Loopback1
3.3.3.9/32
GE0/0/1
GE0/0/2
GE0/0/2
GE0/0/1
VLANIF110
VLANIF110
VLANIF100 VLANIF100
10.2.1.1/24 10.2.1.2/24
SwitchA 10.1.1.1/24 10.1.1.2/24
SwitchC
SwitchB
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch A as the NQA client.
2.
Configure Switch C as the NQA server.
3.
Create an LSP Ping test on Switch A.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
356
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Host address and mask of the NQA server
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Configure LDP on Switch A, Switch B, and Switch C. (The detailed procedure is not mentioned
here.)
For the configuration of LDP, refer to the Quidway S5700 Series Ethernet Switches
Configuration Guide - MPLS.
Step 3 # Configure Switch A.
# Enable the NQA client and create an LSP Ping test for a common tunnel.
<SwitchA> system-view
[SwitchA] nqa test-instance
[SwitchA-nqa-admin-lspping]
[SwitchA-nqa-admin-lspping]
[SwitchA-nqa-admin-lspping]
admin lspping
test-type lspping
lsp-type ipv4
destination-address ipv4 3.3.3.9 lsp-masklen 32
Step 4 Perform the test.
[SwitchA-nqa-admin-lspping] start now
Step 5 Verify the test result.
[SwitchA-nqa-admin-lspping] display nqa results test-instance admin lspping
NQA entry(admin, lspping) :testFlag is inactive ,testtype is lspping
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Min Positive Jitter: 0
Min Negative Jitter: 0
Max Positive Jitter: 0
Max Negative Jitter: 0
Positive Jitter Num: 0
Negative Jitter Num: 0
Positive Jitter Sum: 0
Negative Jitter Sum: 0
Positive Jitter Square Sum: 0
Negative Jitter Square Sum: 0
Packet Loss: 0
Packet Loss Ratio: 0
Destination ip address:3.3.3.9
Min/Max/Average Completion Time: 1/1/1
Sum/Square-Sum Completion Time: 3/3
Last Good Probe Time: 2009-2-1 15:32:56.1
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 100
#
mpls lsr-id 1.1.1.9
mpls
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
357
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
mpls ldp
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
nqa test-instance admin lspping
test-type lspping
destination-address ipv4 3.3.3.9 lsp-masklen 32
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 100 110
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 110
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
358
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.255
#
return
6.27.12 Example for Configuring the LSP Jitter Test for a Common
Tunnel
Networking Requirements
As shown in Figure 6-14:
l
The OSPF protocol runs on Switch A, Switch B, and Switch C. The three Switches learn
the 32-bit host routes on their loopback interfaces.
l
MPLS and MPLS LDP are enabled on Switch A, Switch B, and Switch C.
l
MPLS and MPLS LDP are enabled on VLANIF interfaces connected to Switch A,
Switch B, and Switch C to trigger the establishment of an LDP LSP.
The NQA LSP Ping test is used to check the connectivity of the LSP between Switch A and
Switch C.
Figure 6-14 Networking diagram for configuring the LSP Jitter test
area 0
Loopback1
1.1.1.9/32
Loopback1
2.2.2.9/32
GE0/0/1
GE0/0/1
VLANIF100 VLANIF100
SwitchA 10.1.1.1/24 10.1.1.2/24
Issue 01 (2011-10-26)
Loopback1
3.3.3.9/32
GE0/0/2
GE0/0/1
VLANIF110 VLANIF110
10.2.1.1/24 10.2.1.2/24
SwitchC
SwitchB
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
359
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure Switch A as the NQA client.
2.
Configure Switch C as the NQA server.
Create an LSP Jitter test on Switch A.
Data Preparation
To complete the configuration, you need the following data:
l
Host address and mask of the NQA server
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Configure LDP on Switch A, Switch B, and Switch C. (The detailed procedure is not mentioned
here.)
For the configuration of LDP, refer to the Quidway S5700 Series Ethernet Switches
Configuration Guide - MPLS.
Step 3 Configure Switch A as the NQA client.
# Enable the NQA client and configure the LDP LSP Ping test.
<SwitchA> system-view
[SwitchA] nqa test-instance admin lspjitter
[SwitchA-nqa-admin-lspjitter] test-type lspjitter
[SwitchA-nqa-admin-lspjitter] lsp-type ipv4
[SwitchA-nqa-admin-lspjitter] destination-address ipv4 3.3.3.9 lsp-masklen 32 lsploopback 127.0.0.1
Step 4 Perform the test.
[SwitchA-nqa-admin-lspjitter] start now
Step 5 Verify the test result.
[SwitchA-nqa-admin-lspjitter] display nqa results test-instance admin lspjitter
SendProbe:60
ResponseProbe:60
Completion :success
RTD OverThresholds number:0
Min/Max/Avg/Sum RTT:1/1/1/60
RTT Square Sum:60
NumOfRTT:60
Drop operation number:0
Operation sequence errors number:0
RTT Stats errors number:0
System busy operation number:0
Operation timeout number:0
Min Positive SD:0
Max Positive SD:0
Positive SD Number:0
Positive SD Sum:0
Positive SD Square Sum :0
Min Negative SD:0
Max Negative SD:1
Negative SD Number:1
Negative SD Sum:1
Negative SD Square Sum :1
Packet Loss Unknown:0
Average of Jitter SD:1
jitter out value:0.0162967
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
360
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 100
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
nqa test-instance admin lspjitter
test-type lspjitter
destination-address ipv4 3.3.3.9 lsp-masklen 32 lsp-loopback 127.0.0.1
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 100
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
361
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 100
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.255
#
return
6.27.13 Example for Configuring an ICMP Jitter Test
This part provides examples for configuring an ICMP jitter test to measure jitter on the network.
A server is not required in an ICMP jitter test and the peer device in the test instance can be nonHuawei devices.
Networking Requirements
As shown in Figure 6-15,
Switch A serves as the NQA client to test the jitter of the network between Switch A and Switch
B.
Figure 6-15 Networking diagram of an ICMP jitter test
GE0/0/1
VLANIF10
10.1.1.1/24
SwitchA
GE0/0/1
VLANIF10
10.1.1.2/24
SwitchB
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
362
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
1.
Configure Switch A as the NQA client and create an ICMP jitter test instance on Switch
A.
2.
Configure Switch B as the NQA server.
Data Preparation
To complete the configuration, you need the following data:
l
IP address of Switch B
Procedure
Step 1 Configure a reachable route between Switch A and Switch B.
The configuration details are not mentioned here.
Step 2 Configure an NQA test instance for Switch A.
# Enable the NQA client and configure the ICMP jitter test instance.
<RouterA> system-view
[RouterA] nqa test-instance admin icmpjitter
[RouterA-nqa-admin-icmpjitter] test-type icmpjitter
[RouterA-nqa-admin-icmpjitter] destination-address ipv4
10.1.1.2
Step 3 Start the test.
[RouterA-nqa-admin-icmpjitter] start now
Step 4 Check test results.
[RouterA-nqa-admin-icmpjitter] display nqa results test-instance admin icmpjitter
NQA entry(admin, icmpjitter) :testflag is inactive ,testtype is icmpjitter
1 . Test 1 result
The test is finished
SendProbe:60
ResponseProbe:60
Completion :success
RTD OverThresholds number:0
OWD OverThresholds SD number:0
OWD OverThresholds DS number:0
Min/Max/Avg/Sum RTT:1/3/1/65
RTT Square Sum:77
NumOfRTT:60
Drop operation number:0
Operation sequence errors number:0
RTT Stats errors number:0
System busy operation number:0
Operation timeout number:0
Min Positive SD:1
Min Positive DS:1
Max Positive SD:3
Max Positive DS:1
Positive SD Number:18
Positive DS Number:15
Positive SD Sum:22
Positive DS Sum:15
Positive SD Square Sum :32
Positive DS Square Sum :15
Min Negative SD:1
Min Negative DS:1
Max Negative SD:2
Max Negative DS:1
Negative SD Number:21
Negative DS Number:14
Negative SD Sum:22
Negative DS Sum:14
Negative SD Square Sum :24
Negative DS Square Sum :14
Min Delay SD:0
Min Delay DS:0
Max Delay SD:1
Max Delay DS:1
Delay SD Square Sum:4
Delay DS Square Sum:1
Packet Loss SD:0
Packet Loss DS:0
Packet Loss Unknown:0
Average of Jitter:1
Average of Jitter SD:1
Average of Jitter DS:1
jitter out value:0.5599658
jitter in value:0.3574005
NumberOfOWD:60
Packet Loss Ratio: 0%
OWD SD Sum:4
OWD DS Sum:1
ICPIF value: 0
MOS-CQ value: 0
TimeStamp unit: ms
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
363
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
nqa test-instance admin icmpjitter
test-type icmpjitter
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
6.27.14 Example for Configuring the PWE3 Ping Test on a SingleHop PW
Networking Requirements
As shown in Figure 6-16, CE-A and CE-B are connected to PE-A and PE-B respectively. PEA and PE-B are connected through the MPLS backbone network. A dynamic PW needs to be
set up between PE-A and PE-B through the LSP tunnel.
The PWE3 Ping function of the single-hop PW needs to be performed to test the connectivity
of the PW between PE-A and PE-B.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
364
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Figure 6-16 Networking diagram for configuring the PWE3 Ping test on the single-hop PW
MPLS Backbone
Loopback0
Loopback0
Loopback0
192.4.4.4/32
192.2.2.2/32
192.3.3.3/32
GE2/0/0
GE2/0/0
VLANIF120
VLANIF130
GE2/0/0 10.2.2.2/24
10.1.1.1/24 GE1/0/0
GE1/0/0 VLANIF120
VLANIF130 GE1/0/0
PE-A
PE-B
VLANIF110 10.1.1.2/24 P 10.2.2.1/24 VLANIF140
PW
GE1/0/0
VLANIF110
100.1.1.1/24
CE-A
GE1/0/0
VLANIF140
100.1.1.2/24
CE-B
Configuration Roadmap
The configuration roadmap is as follows:
1.
Run the IGP protocol on the backbone network to make the routes between Switches on
the backbone network reachable.
2.
Configure the basic MPLS functions on the backbone network and set up an LSP tunnel.
Set up the MPLS LDP peer relation between the two PE devices on the two ends of the
PW.
3.
Create an MPLS L2VC connection between the two PE devices.
4.
Configure a PWE3 Ping test on the single-hop PW on PE-A.
Data Preparation
To complete the configuration, you need the following data:
l
L2VC IDs of the two ends of the PW, which must be the same
l
MPLS LSR-IDs of the PE and P devices
l
IP address of the remote peer
Procedure
Step 1 Configure a dynamic single-hop PW.
Configure a dynamic single-hop PW on the MPLS backbone network.
For the detailed configuration procedure, see "PWE3 Configuration" in the Quidway S5700
Series Ethernet Switches Configuration Guide - VPN.
Step 2 Configure a PWE3 Ping test of the single-hop PW.
# Configure PE-A.
<PE-A> system-view
[PE-A] nqa test-instance test pwe3ping
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
365
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
[PE-A-nqa-test-pwe3ping]
[PE-A-nqa-test-pwe3ping]
[PE-A-nqa-test-pwe3ping]
[PE-A-nqa-test-pwe3ping]
6 NQA Configuration
test-type pwe3ping
local-pw-id 100
local-pw-type vlan
label-type control-word
Step 3 Perform the test.
[PE-A-nqa-test-pwe3ping] start now
Step 4 Verify the test result.
After running the display nqa results command on the PE device, you can see that the test is
successful.
[PE-A-nqa-test-pwe3ping] display nqa results
NQA entry(test, pwe3ping) :testflag is inactive ,testtype is pwe3ping
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Min Positive Jitter: 0
Min Negative Jitter: 0
Max Positive Jitter: 0
Max Negative Jitter: 0
Positive Jitter Num: 0
Negative Jitter Num: 0
Positive Jitter Sum: 0
Negative Jitter Sum: 0
Positive Jitter Square Sum: 0
Negative Jitter Square Sum: 0
Packet Loss: 0
Packet Loss Ratio: 0
Destination ip address:10.2.2.2
Min/Max/Average Completion Time: 60/110/86
Sum/Square-Sum Completion Time: 260/23800
Average Single-Way Completion Time: 30
Last Good Probe Time: 2008-9-29 14:35:43.2
----End
Configuration Files
l
Configuration file of CE-A
#
sysname CE-A
#
vlan batch 110
#
interface Vlanif110
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
return
l
Configuration file of PE-A
#
sysname PE-A
#
mpls lsr-id 192.2.2.2
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 192.3.3.3
remote-ip 192.3.3.3
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
366
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
vlan batch 110 120
#
interface Vlanif110
mpls l2vc 192.3.3.3 100
#
interface Vlanif120
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 120
port hybrid untagged vlan 120
#
#
interface LoopBack0
ip address 192.2.2.2 0.0.0.0
#
nqa test-instance test pwe3ping
test-type pwe3ping
local-pw-id 100
local-pw-type vlan
#
ospf 1
area 0.0.0.0
network 192.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
l
Configuration file of P
#
sysname P
#
mpls lsr-id 192.4.4.4
mpls
#
mpls ldp
#
vlan batch 120 130
#
interface Vlanif120
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif130
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 120
port hybrid untagged vlan 120
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 130
port hybrid untagged vlan 130
#
interface LoopBack0
ip address 192.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.4.4.4 0.0.0.0
network 10.1.1.0 0.0.0.255
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
367
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
network 10.2.2.0 0.0.0.255
#
return
l
Configuration file of PE-B
#
sysname PE-B
#
mpls lsr-id 192.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 192.2.2.2
remote-ip 192.2.2.2
#
vlan batch 130 140
#
interface Vlanif130
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif140
mpls l2vc 192.2.2.2 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 140
port hybrid untagged vlan 140
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 130
port hybrid untagged vlan 130
#
#
interface LoopBack0
ip address 192.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.3.3.3 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
l
Configuration file of CE-B
#
sysname CE-B
#
vlan batch 140
#
interface Vlanif140
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 140
port hybrid untagged vlan 140
#
return
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
368
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
6.27.15 Example for Configuring the PWE3 Ping Test on a MultiHop PW
Networking Requirements
As shown in Figure 6-17, CE-A and CE-B are connected to U-PE1 and U-PE2 respectively
through PPP. U-PE1 and U-PE2 are connected through the MPLS backbone network. The LSP
needs to be used and S-PE is set as the switching node to set up a dynamic multi-hop PW between
U-PE1 and U-PE2.
The PWE3 Ping function of the multi-hop PW needs to be performed to test the connectivity of
the PW between U-PE1 and U-PE2.
Figure 6-17 Networking diagram for configuring the PWE3 Ping test on a multi-hop PW
Loopback0
2.2.2.9/32
P1
GE0/0/1
VLANIF120
10.1.1.2/24
Loopback0
Loopback0
3.3.3.9/32
4.4.4.9/32
GE0/0/1
GE0/0/1
P2
S-PE VLANIF140
VLANIF130
20.1.1.2/24
30.1.1.2/24
GE0/0/2
VLANIF130
20.1.1.1/24
100
PW
Loopback0
1.1.1.9/32
GE0/0/2
VLANIF140
30.1.1.1/24
Loopback0
5.5.5.9/32
PW
200
GE0/0/2
VLANIF120
10.1.1.1/24
GE0/0/1
U-PE1 VLANIF110
GE0/0/2
VLANIF150
40.1.1.1/24
GE0/0/1
VLANIF150
40.1.1.2/24
GE0/0/2
VLANIF160
GE0/0/1
VLANIF110
100.1.1.1/24
CE-A
U-PE2
GE0/0/1
VLANIF160
100.1.1.2/24
CE-B
Configuration Roadmap
The configuration roadmap is as follows:
1.
Run the IGP protocol on the backbone network to make the routes between Switches on
the backbone network reachable.
2.
Configure the basic MPLS functions on the backbone network and set up an LSP tunnel.
Set up MPLS LDP peer relations between U-PE1 and S-PE, and between U-PE2 and SPE.
3.
Create an MPLS L2VC connection between the two U-PEs.
4.
Create a switching PW on the switching node S-PE.
5.
Configure a PWE3 Ping test on the multi-hop PW on U-PE1.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
369
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Data Preparation
To complete the configuration, you need the following data:
l
L2VC IDs on U-PE1 and U-PE2, which must be different
l
MPLS LSR-IDs of U-PE1, S-PE, and U-PE2
l
IP address of the remote peer
l
Encapsulation type of the switching PW
l
Name and parameters of the PW template on U-PE devices
Procedure
Step 1 Configure a dynamic multi-hop PW.
Configure a dynamic multi-hop PW on the MPLS backbone network.
For the detailed configuration procedure, see "PWE3 Configuration" in the Quidway S5700
Series Ethernet Switches Configuration Guide - VPN.
Step 2 Configure a PWE3 Ping test on a multi-hop PW.
# Configure U-PE1.
<U-PE1> system-view
[U-PE1] nqa test-instance
[U-PE1-nqa-test-pwe3ping]
[U-PE1-nqa-test-pwe3ping]
[U-PE1-nqa-test-pwe3ping]
[U-PE1-nqa-test-pwe3ping]
[U-PE1-nqa-test-pwe3ping]
test pwe3ping
test-type pwe3ping
local-pw-id 100
local-pw-type ppp
label-type control-word
remote-pw-id 200
Step 3 Perform the test.
[U-PE1-nqa-test-pwe3ping] start now
Step 4 Verify the test result.
After running the display nqa results command on the PE device, you can see that the test is
successful.
[U-PE1-nqa-test-pwe3ping] display nqa results
NQA entry(test, pwe3ping) :testFlag is inactive ,testtype is pwe3ping
1 . Test 1 result
The test is finished
Send operation times: 3
Receive response times: 3
Completion:success
OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Min Positive Jitter: 0
Min Negative Jitter: 0
Max Positive Jitter: 0
Max Negative Jitter: 0
Positive Jitter Num: 0
Negative Jitter Num: 0
Positive Jitter Sum: 0
Negative Jitter Sum: 0
Positive Jitter Square Sum: 0
Negative Jitter Square Sum: 0
Packet Loss: 0
Packet Loss Ratio: 0
Destination ip address:40.1.1.2
Min/Max/Average Completion Time: 60/110/86
Sum/Square-Sum Completion Time: 260/23800
Average Single-Way Completion Time: 30
Last Good Probe Time: 2008-9-29 14:38:48.2
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
370
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Configuration Files
l
Configuration file of CE-A
#
sysname CE-A
#
vlan batch 110
#
interface Vlanif110
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
return
l
Configuration file of U-PE1
#
sysname U-PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
vlan batch 110 120
#
interface Vlanif110
mpls l2vc 3.3.3.9 100
#
interface Vlanif120
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 120
port hybrid untagged vlan 120
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
nqa test-instance test pwe3ping
test-type pwe3ping
local-pw-id 100
local-pw-type ppp
remote-pw-id 200
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
l
Configuration file of P1
#
sysname P1
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
371
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
vlan batch 120 130
#
interface Vlanif120
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif130
ip address 20.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 120
port hybrid untagged vlan 120
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 130
port hybrid untagged vlan 130
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
return
l
Configuration file of S-PE
#
sysname S-PE
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls switch-l2vc 5.5.5.9 200 between 1.1.1.9 100
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
mpls ldp remote-peer 5.5.5.9
remote-ip 5.5.5.9
#
vlan batch 130 140
#
interface Vlanif130
ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif140
ip address 30.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 130
port hybrid untagged vlan 130
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
372
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 140
port hybrid untagged vlan 140
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return
l
Configuration file of P2
#
sysname P2
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
vlan batch 140 150
#
interface Vlanif140
ip address 30.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif150
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 140
port hybrid untagged vlan 140
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 150
port hybrid untagged vlan 140
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.2.9 0.0.0.0
network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#
l
Configuration file of U-PE2
#
sysname U-PE2
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
vlan batch 150 160
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
373
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
#
interface Vlanif150
ip address 40.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif160
mpls l2vc 3.3.3.9 200
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 150
port hybrid untagged vlan 150
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 160
port hybrid untagged vlan 150
#
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 40.1.1.0 0.0.0.255
#
return
l
Configuration file of CE-B
#
sysname CE-B
#
vlan batch 160
#
interface Vlanif160
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 160
port hybrid untagged vlan 160
#
return
6.27.16 Example for Configuring the PWE3 Trace Test on a SingleHop PW
Networking Requirements
As shown in Figure 6-18, CE-A and CE-B are respectively connected to PE-A and PE-B through
VLAN. PE-A and PE-B are connected through the MPLS backbone network. A dynamic PW
needs to be set up between PE-A and PE-B through the LSP tunnel.
The PWE3 Trace function of the single-hop PW needs to be performed to test the connectivity
of the PW between PE-A and PE-B.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
374
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
Figure 6-18 Networking diagram for configuring the PWE3 Trace test on a single-hop PW
MPLS Backbone
Loopback0
Loopback0
Loopback0
192.4.4.4/32
192.3.3.3/32
192.2.2.2/32
GE0/0/2
GE0/0/2
GE0/0/2 VLANIF130
VLANIF120 GE0/0/1
10.1.1.1/24 VLANIF120
VLANIF130 10.2.2.2/24
GE0/0/1
10.2.2.1/24 GE0/0/1
PE-A VLANIF110
P
VLANIF140
PE-B
10.1.1.2/24
PW
GE0/0/1
VLANIF10
CE-A 100.1.1.1/24
GE0/0/1
VLANIF140
100.1.1.2/24 CE-B
Configuration Roadmap
The configuration roadmap is as follows:
1.
Run the IGP protocol on the backbone network to make the routes between Switches on
the backbone network reachable.
2.
Configure the basic MPLS functions on the backbone network and set up an LSP tunnel.
Set up the MPLS LDP peer relation between the two PE devices on the two ends of the
PW.
3.
Create an MPLS L2VC connection between the two PE devices.
4.
Configure a PWE3 Trace test on a single-hop PW on PE-A.
Data Preparation
To complete the configuration, you need the following data:
l
L2VC IDs of the two ends of the PW, which must be the same
l
MPLS LSR-IDs of the PE and P devices
l
IP address of the remote peer
Procedure
Step 1 Configure a dynamic single-hop PW.
Configure a dynamic single-hop PW on the MPLS backbone network.
For the detailed configuration procedure, see "PWE3 Configuration" in the Quidway S5700
Series Ethernet Switches Configuration Guide - VPN.
Step 2 Configure a PWE3 Trace test of the single-hop PW.
# Configure PE-A.
<PE-A> system-view
[PE-A] nqa test-instance test pwe3trace
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
375
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
[PE-A -nqa-test-pwe3trace] test-type pwe3trace
[PE-A -nqa-test-pwe3trace] local-pw-type vlan
[PE-A -nqa-test-pwe3trace] local-pw-id 100
Step 3 Perform the test.
[PE-A -nqa-test-pwe3trace] start now
Step 4 Verify the test result.
Run the display nqa history command on the PE device, and you can see that the status is
successful.
[PE-A-nqa-test-pwe3trace] display nqa history
NQA entry(test, pwe3trace)
history:
Index T/H/P
Response Status
Address
1
1/1/1
4 success
10.1.1.2
2
1/1/2
5 success
10.1.1.2
3
1/1/3
3 success
10.1.1.2
4
1/2/1
6 success
3.3.3.9
5
1/2/2
6 success
3.3.3.9
6
1/2/3
6 success
3.3.3.9
Time
2006-9-30
2006-9-30
2006-9-30
2006-9-30
2006-9-30
2006-9-30
9:33:3.301
9:33:3.307
9:33:3.311
9:33:3.318
9:33:3.324
9:33:3.331
After running the display nqa results command on the PE device, you can see that the test is
successful.
[PE-A-nqa-test- pwe3trace] display nqa results
NQA entry(test, pwe3trace) :testflag is inactive ,testtype is pwe3trace
1 . Test 1 result
The test is finished
Completion:success
Attempts number:1
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Drop operation number:0
Last good path Time:2006-9-24 11:22:21.2
1 . Hop 1
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 1050/1090/1053
Sum/Square-Sum Completion Time: 3160/3331000
RTD OverThresholds number: 0
Last Good Probe Time: 2006-9-24 11:22:17.2
Destination ip address:10.1.1.2
2 . Hop 2
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 1050/1490/1323
Sum/Square-Sum Completion Time: 3970/5367500
RTD OverThresholds number: 0
Last Good Probe Time: 2006-8-24 11:22:21.2
Destination ip address:10.2.2.2
----End
Configuration Files
l
Configuration file of CE-A
#
sysname CE-A
#
vlan batch 110
#
interface Vlanif110
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
376
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
#
return
l
Configuration file of PE-A
#
sysname PE-A
#
mpls lsr-id 192.2.2.2
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 192.3.3.3
remote-ip 192.3.3.3
#
vlan batch 110 120
#
interface Vlanif110
mpls l2vc 192.3.3.3 100
#
interface Vlanif120
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 120
port hybrid untagged vlan 120
#
interface LoopBack0
ip address 192.2.2.2 0.0.0.0
#
nqa test-instance test pwe3trace
test-type pwe3trace
local-pw-type vlan
local-pw-id 100
#
ospf 1
area 0.0.0.0
network 192.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
l
Configuration file of P
#
sysname P
#
mpls lsr-id 192.4.4.4
mpls
#
mpls ldp
#
vlan batch 120 130
#
interface Vlanif120
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif130
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
377
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 120
port hybrid untagged vlan 120
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 130
port hybrid untagged vlan 130
#
interface LoopBack0
ip address 192.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.4.4.4 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
l
Configuration file of PE-B
#
sysname PE-B
#
mpls lsr-id 192.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 192.2.2.2
remote-ip 192.2.2.2
#
vlan batch 130 140
#
interface Vlanif130
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif140
mpls l2vc 192.2.2.2 100
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 140
port hybrid untagged vlan 140
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 130
port hybrid untagged vlan 130
#
interface LoopBack0
ip address 192.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.3.3.3 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
l
Configuration file of CE-B
#
sysname CE-B
#
vlan batch 140
#
interface Vlanif140
ip address 100.1.1.2 255.255.255.0
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
378
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 140
port hybrid untagged vlan 140
#
return
6.27.17 Example for Configuring the PWE3 Trace Test on a MultiHop PW
Networking Requirements
As shown in Figure 6-19, CE-A and CE-B are respectively connected to U-PE1 and U-PE2
through PPP. U-PE1 and U-PE2 are connected through the MPLS backbone network. The LSP
needs to be used and S-PE is set as the switching node to set up a dynamic multi-hop PW between
U-PE1 and U-PE2.
The PWE3 Trace function of the multi-hop PW needs to be performed to test the connectivity
of the PW between U-PE1 and U-PE2.
Figure 6-19 Networking diagram for configuring the PWE3 Trace test on a multi-hop PW
Loopback0
2.2.2.9/32
GE0/0/1
VLANIF130
20.1.1.2/24
P1
GE0/0/1
VLANIF120
10.1.1.2/24
GE0/0/2
VLANIF130
20.1.1.1/24
Loopback0
1.1.1.9/32
Loopback0
4.4.4.9/32
Loopback0
3.3.3.9/32
PW
100
GE0/0/2
VLANIF120
10.1.1.1/24
GE0/0/1
U-PE1
VLANIF110
GE0/0/1
VLANIF110
100.1.1.1/24
GE0/0/1
S-PE VLANIF140
P2
30.1.1.2/24
GE0/0/2
VLANIF14
0
30.1.1.1/24
PW
200
GE0/0/2
VLANIF150
40.1.1.1/24
Loopback0
5.5.5.9/32
GE0/0/1
VLANIF150
40.1.1.2/24
GE0/0/2
VLANIF16
0
CE-A
U-PE2
GE0/0/1
VLANIF160
100.1.1.2/24
CE-B
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 01 (2011-10-26)
Run the IGP protocol on the backbone network to make the routes between Switches on
the backbone network reachable.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
379
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
2.
Configure the basic MPLS functions on the backbone network and set up an LSP tunnel.
Set up MPLS LDP peer relations between U-PE1 and S-PE, and between U-PE2 and SPE.
3.
Create an MPLS L2VC connection between the two U-PEs.
4.
Create a switching PW on the switching node S-PE.
5.
Configure a PWE3 Trace test on the multi-hop PW on U-PE1.
Data Preparation
To complete the configuration, you need the following data:
l
L2VC IDs on U-PE1 and U-PE2, which must be different
l
MPLS LSR-IDs of U-PE1, S-PE, and U-PE2
l
IP address of the remote peer
l
Encapsulation type of the switching PW
l
Name and parameters of the PW template on U-PE devices
Procedure
Step 1 Configure a dynamic multi-hop PW.
Configure a dynamic multi-hop PW on the MPLS backbone network.
For the detailed configuration procedure, see "PWE3 Configuration" in the Quidway S5700
Series Ethernet Switches Configuration Guide - VPN.
Step 2 Configure a PWE3 Trace test of the multi-hop PW.
# Configure U-PE1.
<U-PE1> system-view
[U-PE1] nqa test-instance test pwe3trace
[U-PE1-nqa-test-pwe3trace] test-type pwe3trace
[U-PE1-nqa-test-pwe3trace] local-pw-id 100
[U-PE1-nqa-test-pwe3trace] local-pw-type ppp
[U-PE1-nqa-test-pwe3trace] label-type control-word
[U-PE1-nqa-test-pwe3trace] remote-pw-id 200
Step 3 Perform the test.
[U-PE1-nqa-test-pwe3trace] start now
Step 4 Verify the test result.
After running the display nqa history command on the PE device, you can see that the status
is successful.
[U-PE1-nqa-test-pwe3trace] display nqa history
NQA entry(test, pwe3trace)
history:
Index T/H/P
Response Status
Address
1
1/1/1
4 success
10.1.1.2
2
1/1/2
5 success
10.1.1.2
3
1/1/3
3 success
10.1.1.2
4
1/2/1
6 success
20.1.1.2
5
1/2/2
6 success
20.1.1.2
6
1/2/3
6 success
20.1.1.2
7
1/3/1
6 success
30.1.1.2
8
1/3/2
6 success
30.1.1.2
9
1/3/3
6 success
30.1.1.2
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Time
2006-9-30
2006-9-30
2006-9-30
2006-9-30
2006-9-30
2006-9-30
2006-9-30
2006-9-30
2006-9-30
9:33:3.301
9:33:3.307
9:33:3.311
9:33:3.318
9:33:3.324
9:33:3.331
9:33:3.318
9:33:3.324
9:33:3.331
380
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
10
11
12
1/4/1
1/4/2
1/4/3
6 NQA Configuration
6 success
6 success
6 success
5.5.5.9
5.5.5.9
5.5.5.9
2006-9-30 9:33:3.318
2006-9-30 9:33:3.324
2006-9-30 9:33:3.331
Running the display nqa results command on the PE device, you can see that the test is
successful.
[U-PE1-nqa-test-pwe3trace] display nqa results
NQA entry(test, pwe3trace) :testflag is inactive ,testtype is pwe3trace
1 . Test 1 result
The test is finished
Completion:success
Attempts number:1
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Stats errors number:0
Drop operation number:0
Last good path Time:2006-9-24 11:22:21.2
1 . Hop 1
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 1050/1090/1053
Sum/Square-Sum Completion Time: 3160/3331000
RTD OverThresholds number: 0
Last Good Probe Time: 2006-9-24 11:22:17.2
Destination ip address:10.1.1.2
2 . Hop 2
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 1050/1490/1323
Sum/Square-Sum Completion Time: 3970/5367500
RTD OverThresholds number: 0
Last Good Probe Time: 2006-8-24 11:22:21.2
Destination ip address:20.1.1.2
3 . Hop 3
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 1050/1490/1323
Sum/Square-Sum Completion Time: 3970/5367500
RTD OverThresholds number: 0
Last Good Probe Time: 2006-8-24 11:22:21.2
Destination ip address:30.1.1.2
4 . Hop 4
Send operation times: 3
Receive response times: 3
Min/Max/Average Completion Time: 1050/1490/1323
Sum/Square-Sum Completion Time: 3970/5367500
RTD OverThresholds number: 0
Last Good Probe Time: 2006-8-24 11:22:21.2
Destination ip address:5.5.5.9
----End
Configuration Files
l
Configuration file of CE-A
#
sysname CE-A
#
vlan batch 110
#
interface Vlanif110
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
return
l
Configuration file of U-PE1
#
sysname U-PE1
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
381
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
vlan batch 110 120
#
interface Vlanif110
mpls l2vc 3.3.3.9 100
#
interface Vlanif120
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 120
port hybrid untagged vlan 120
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
nqa test-instance test pwe3trace
test-type pwe3trace
local-pw-id 100
local-pw-type ppp
label-type control-word
remote-pw-id 200
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
l
Configuration file of P1
#
sysname P1
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
vlan batch 120 130
#
interface Vlanif120
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif130
ip address 20.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 120
port hybrid untagged vlan 120
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
382
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
interface GigabitEthernet0/0/2
port hybrid pvid vlan 130
port hybrid untagged vlan 130
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
return
l
Configuration file of S-PE
#
sysname S-PE
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls switch-l2vc 5.5.5.9 200 between 1.1.1.9 100 encapsulation ppp
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
mpls ldp remote-peer 5.5.5.9
remote-ip 5.5.5.9
#
vlan batch 130 140
#
interface Vlanif130
ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif140
ip address 30.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 130
port hybrid untagged vlan 130
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 140
port hybrid untagged vlan 140
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return
l
Configuration file of P2
#
sysname P2
#
mpls lsr-id 4.4.4.9
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
383
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
mpls
#
mpls ldp
#
vlan batch 140 150
#
interface Vlanif140
ip address 30.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif150
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 140
port hybrid untagged vlan 140
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 150
port hybrid untagged vlan 150
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.2.9 0.0.0.0
network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#
l
Configuration file of U-PE2
#
sysname U-PE2
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
vlan batch 150 160
#
interface Vlanif150
ip address 40.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif160
mpls l2vc 3.3.3.9 200
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 150
port hybrid untagged vlan 150
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 160
port hybrid untagged vlan 160
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
#
ospf 1
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
384
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 40.1.1.0 0.0.0.255
#
return
l
Configuration file of CE-B
#
sysname CE-B
#
vlan batch 160
#
interface Vlanif160
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 160
port hybrid untagged vlan 160
#
return
6.27.18 Example for Configuring the Test of Sending NQA
Threshold Traps to the NMS
Networking Requirements
As shown in Figure 6-20, the trap threshold are configured and the function of sending trap
messages is enabled when a Jitter test is configured. After the Jitter test is complete, Switch A
sends a trap message to the NMS when the interval for transmitting the test packet from
Switch A to Switch C or from Switch C to Switch A exceeds the configured unidirectional
transmission threshold, or when the RTT of the test packet exceeds the configured bidirectional
transmission threshold. Network administrators can view the cause of a trap in the trap message
received by the NMS.
Figure 6-20 Network diagram for configuring the NQA threshold
GE0/0/2
VLANIF110
20.1.1.1/24
NM Station
20.1.1.2/24
GE0/0/1
VLANIF130 SwitchC
30.1.1.2/24
GE0/0/2
VLANIF130
30.1.1.1/24 NQA Server
SwitchB
GE0/0/1 GE0/0/1
SwitchA VLANIF120 VLANIF120
10.1.1.1/24 10.1.1.2/24
NOTE
For the information about clock synchronization, see "NTP" in the Quidway S5700 Series Ethernet
Switches Feature Description - Network Management.
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
385
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
1.
Configure a Jitter test.
2.
Configure the NQA thresholds.
3.
Enable the function of sending trap messages.
4.
Configure the function of sending trap messages to the NMS.
6 NQA Configuration
Data Preparation
To complete the configuration, you need the following data:
l
IP address and port number of the server-side host.
l
Type of the monitored service and monitoring port number
l
RTD threshold and OWD threshold
l
IP address of the NMS
Procedure
Step 1 Configure reachable routes between Switch A and Switch B, between Switch A and Switch C,
and between Switch B and Switch C. The configuration details are not mentioned here.
Step 2 Configure a Jitter test.
# Configure the IP address and UDP port number monitored by the NQA server on Switch C.
<SwitchC> system-view
[SwitchC] nqa-server udpecho 30.1.1.2 9000
# # Enable the NQA client on Switch A and create an NQA Jitter test on it.
<SwitchA> system-view
[SwitchA] nqa test-instance admin jitter
[SwitchA-nqa-admin-jitter] test-type jitter
[SwitchA-nqa-admin-jitter] destination-address ipv4 30.1.1.2
[SwitchA-nqa-admin-jitter] destination-port 9000
Step 3 Configure the NQA thresholds.
# Configure the RTD threshold on Switch A.
[SwitchA-nqa-admin-jitter] threshold rtd 20
Step 4 Enable the function of sending trap messages.
[SwitchA-nqa-admin-jitter] send-trap rtd
[SwitchA-nqa-admin-jitter] quit
Step 5 Configure the function of sending trap messages to the NMS.
[SwitchA] snmp-agent trap enable
[SwitchA] snmp-agent sys-info version v2c
[SwitchA] snmp-agent target-host trap address udp-domain 20.1.1.2 params
securityname public v2c
Step 6 Perform the test.
[SwitchA] nqa test-instance admin jitter
[SwitchA-nqa-admin-jitter] start now
[SwitchA-nqa-admin-jitter] quit
[SwitchA] quit
Step 7 Verify the configuration.
# Verify the NQA test result of each Switch.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
386
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
<SwitchA> display nqa results
NQA entry(test, jitter) :testflag is inactive ,testtype is jitter
1 . Test 1 result
The test is finished
Send operation times:3000
Receive response times:3000
Completion :success
RTD RTD OverThresholds number:25
Min/Max/Avg/Sum RTT:1/26/1/3143
RTT Square Sum:5665
NumOfRTT:3000
Drop operation number:0
Operation sequence errors number:0
RTT Stats errors number:0
System busy operation number:0
Operation timeout number:0
Min Positive SD:1
Min Positive DS:0
Max Positive SD:27
Max Positive DS:0
Positive SD Number:1890
Positive DS Number:0
Positive SD Sum:2128
Positive DS Sum:0
Positive SD Square Sum :4864
Positive DS Square Sum :0
Min Negative SD:1
Min Negative DS:1
Max Negative SD:16
Max Negative DS:2
Negative SD Number:38
Negative DS Number:1936
Negative SD Sum:129
Negative DS Sum:1998
Negative SD Square Sum :1445
Negative DS Square Sum :2122
Min Delay SD:0
Min Delay DS:0
Avg Delay SD:0
Avg Delay DS:0
Max Delay SD:13
Max Delay DS:12
Packet Loss SD:0
Packet Loss DS:0
Packet Loss Unknown:0
Average of Jitter:1
Packet Loss Unknown:0
jitter out value:0.7489559
jitter in value:0.6627117
NumberOfOWD:0
OWD SD Sum:81
OWD DS Sum:62
TimeStamp unit: ms
# Verify that a trap message is generated in the trap buffer.
<Quidway> display trapbuffer
Trapping buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , Channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 3
#Jul 9 00:28:34 2009 Quidway NQA/4/RTDTHRESHOLD:OID
1.3.6.1.4.1.2011.5.25.111.6.16 NQA entry RTD over threshold. (OwnerIndex=admin,
TestName=jitter)
#Jul 9 00:28:34 2009 Quidway NQA/4/SDTHRESHOLD:OID 1.3.6.1.4.1.2011.5.25.111.6.17
NQA entry OWD-SD over threshold. (OwnerIndex=admin, TestName=jitter)
#Jul 9 00:28:34 2009 Quidway NQA/4/DSTHRESHOLD:OID 1.3.6.1.4.1.2011.5.25.111.6.
18 NQA entry OWD-DS over threshold. (OwnerIndex=admin, TestName=jitter)
# Verify that the NMS can receive the trap message successfully. The displayed information is
not provided here.
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 110 120
#
interface Vlanif110
ip address 20.1.1.1 255.255.255.0
#
interface Vlanif120
ip address 10.1.1.1 255.255.255.0
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
387
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
interface GigabitEthernet0/0/1
port hybrid pvid vlan 120
port hybrid untagged vlan 120
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.0
#
nqa test-instance test jitter
test-type jitter
destination-address ipv4 30.1.1.2
destination-port 9000
threshold rtd 20
send-trap rtd
#
snmp-agent
snmp-agent local-engineid 000007DB7F00000100007B29
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 20.1.1.2 params securityname
public v2c
snmp-agent trap enable
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 120 130
#
interface Vlanif120
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif130
ip address 30.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 120
port hybrid untagged vlan 120
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 130
port hybrid untagged vlan 130
#
ospf 1
area 0.0.0.1
network 10.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 130
#
interface Vlanif130
ip address 30.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 130
port hybrid untagged vlan 130
#
nqa-server udpecho 30.1.1.2 9000
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
388
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
6 NQA Configuration
ospf 1
area 0.0.0.1
network 30.1.1.0 0.0.0.255
#
return
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
389
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
7
RMON Configuration
About This Chapter
This chapter describes how to monitor the Ethernet interface through Remote Network
Monitoring (RMON).
7.1 Introduction to RMON
This part describes working principles of RMON.
7.2 RMON Suported by the S5700
This part describes the support for RMON on the S5700.
7.3 Configuring RMON
This section describes how to monitor the network status and traffic through RMON.
7.4 Maintaining RMON
When an RMON operation fault occurs, you can run the debuggingcommand in the user view
to locate the fault and analyze its cause.
7.5 Configuration Examples
This section provides several configuration examples of RMON and RMON2.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
390
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
7.1 Introduction to RMON
This part describes working principles of RMON.
RMON
RMON is implemented based on the Simple Network Management Protocol (SNMP)
architecture, and is compatible with the existing SNMP framework. There are two concepts
involved in RMON, namely, the Network Management Workstation (NM Station) and the agent.
A RMON agent collects statistics of various traffic in a network, including the number of packets
on a network segment within a period and the number of correct packets sent to a host.
Compared with SNMP, RMON monitors remote network devices more efficiently and actively.
It provides an efficient solution to monitor the running of sub-networks, which reduces the
communication traffic between the NM Station and the agent. Large-sized networks can thus be
managed in a simple and effective manner.
RMON allows multiple monitors. It collects data in the following ways:
l
Use a dedicated RMON Probe.
The NM Station obtains management information directly from the RMON Probe and
controls network resources. This ensures that the NM Station can obtain overall information
on the RMON MIB.
l
Embed a RMON agent into a network device (a switch for example) to enable the device
to be of the RMON Probe capability.
The NM Station uses the basic SNMP commands for exchanging data with the RMON
agent and collecting the network management information. This process is restricted by
device resources and hence the NM Station collects only information on four groups (alarm,
event, history, and statistics) and not the complete information on the RMON MIB.
Currently, the S5700 implements the monitoring and statistics collection function only on the
Ethernet interfaces of network devices.
7.2 RMON Suported by the S5700
This part describes the support for RMON on the S5700.
Features of RMON
The S5700 implements RMON by embedding agent modules to network devices to form a
complete system with other modules. The RMON NM Station is completely compatible with
the SNMP NM Station; so, the administrator can handle it properly without additional training.
RMON in the S5700 supports four groups, namely, statistics, history, alarm, and event, as
defined in RFC 2819, and a Performance-MIB defined by Huawei. The following describes each
group.
l
Statistic group
The statistics group collects the basic statistics of each monitored sub-network. The
statistics include date flows on a network segment, distribution of various packets, error
frames, and collisions.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
391
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
The statistics group has one table: ethernetStatsTable.
NOTE
The RMON statistics result is not consistent with the output of the display interface command.
Although data is collected from the bottom layer in both the cases, the RMON information is more
comprehensive.
l
History group
A history group periodically collects the network state statistics and stores them for future
reference. The history group has the following tables:
– historyControlTable: is used to set the control information, such as sampling intervals.
– etherHistoryTable: provides network administrators with other history statistics, such
as the traffic on a network segment, error packets, broadcast packets, utilization, and
collisions.
Each entry in the historyControlTable corresponds to a maximum of 10 pieces of history
records in the etherHistoryTable. The previous pieces are overwritten in a circular
manner if the threshold of records in etherHistoryTable is crossed.
l
Alarm group
An alarm group allows predefining a set of thresholds for alarm variables (any object in
the local MIB). A monitor records logs or sends trap messages to the NM Station when the
sampled data in a certain direction crosses a threshold.
As defined in RFC 2819, the alarm function has a hysteresis mechanism to limit the
generation of alarms. If this mechanism is adopted, an alarm event is generated when the
sampled data in a direction crosses the threshold. No more events will be generated until
the sampled data in the opposite direction crosses the threshold.
The S5700 does not apply this mechanism because it will not generate the alarms for a long
period. For the S5700, the alarms are re-generated if the smapling value turns to the noraml
threshold.
The alarm group contains one table: alarmTable.
l
Event group
An event group stores all the events generated by the RMON agent in a table. It records
logs or sends trap messages to the NM Station when an event occurs.
The event group implements the output of three events: log, trap, and log-trap. Each event
entry corresponds to a maximum of 10 pieces of logs. The previous logs are overwritten in
a circular manner if the threshold of logs is crossed.
The event group has two tables: eventTable and logTable.
l
Performance-MIB
The RMON prialarm group is an enhancement of alarmTable defined in RFC 2819.
Compared with the alarmTable, the RMON prialarm group supports the setting of alarm
objects and time spans of alarm entries through expressions.
The RMON Performance-MIB has one table: prialarmTable.
In the S5700, to save system resources, each entry is given a specific time span. The time
span indicates the period for an entry to keep the invalid state. The entry is deleted when
the time span goes down to 0.
Table 7-1 shows the capacity of various tables and the maximum time span of each table.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
392
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
Table 7-1 Time span of each table
Table
Entry Capacity (Byte)
Maximum Time Span(s)
ethernetStatsTable
100
600
historyControlTable
100
600
alarmTable
60
6000
eventTable
60
600
logTable
600
-
prialarmTable
50
6000
NOTE
logTable does not have a time span. Each log entry can have a maximum of 10 pieces of logs. The
excessive logs supersede the older ones in a circular manner.
When an interface board or an interface card is removed, the corresponding entries in the
ethernetStatsTable and historyControlTable become invalid. If the time spans of tables are
respectively set to 600s, the entries in the tables are deleted when the time spans go down
to 0.
If an interface is added before its corresponding entries are deleted from the table, these
entries can take effect again.
7.3 Configuring RMON
This section describes how to monitor the network status and traffic through RMON.
7.3.1 Establishing the Configuration Task
Before configuring RMON, familiarize yourself with the applicable environment, complete the
pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.
Applicable Environment
To monitor network status and collect traffic statistics on a network segment, you can configure
RMON.
Enabling the RMON function does not need any special requirement. You can enable it in
advance, or configure it when you suspect that the traffic of the sub-network where interface
resides is abnormal. You can configure RMON depending on actual situations.
It is recommended to configure the statistics table in advance, configure two history control
policies on the interface where the traffic is abnormal, configure the alarm for one or more
suspicious entries, set the high and low thresholds, and view the alarm information.
NOTE
RMON only stores traffic statistics and information or abnormalities but cannot avoid the generation of
these statistics or information. To clear abnormalities, you need to adopt the other management measures.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
393
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
Pre-configuration Tasks
Before configuring RMON, complete the following tasks:
l
Configuring parameters for Ethernet interfaces
l
Configuring basic SNMP functions
Data Preparation
To configure RMON, you need the following data.
No.
Data
1
Interface on which the statistics function is enabled
2
Statistics table to be used and related parameters
3
HistoryControl table to be used and related parameters
4
Event table to be used and related parameters
5
Alarm table to be used and related parameters
6
Prialarm table to be used and related parameters
7.3.2 Enabling the RMON Statistics Function on the Interface
You need to enable traffic statistics function on the interface where traffic statistics are collected.
If the traffic statistics function is not enabled on the interface, statistics values of in both
ethernetStatsTable and HistoryControlTable are 0.
Context
Do as follows on the switch on which traffic statistics should be collected:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { gigabitethernet | xgigabitethernet } interface-number
The interface view is displayed.
Step 3 Run:
rmon-statistics enable
The RMON statistics function is enabled on the interface.
If the statistics function is not enabled on the interface, the statistics value in ethernetStatsTable
and historyControlTable of RMON is 0.
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
394
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
7.3.3 Configuring the ethernetStatsTable
EthernetStatsTable records traffic information that RMON collects on interfaces.
Context
Do as follows on the switch on which traffic statistics should be collected:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { gigabitethernet | xgigabitethernet } interface-number
The interface view is displayed.
Step 3 Run:
rmon statistics entry-number [ owner owner-name ]
The ethernetStatsTable is configured.
To monitor the statistics of an interface on a device, a network administrator needs to create a
table entry for this interface and specify the interface OID, entry index, and entry state. The
network administrator can then read the corresponding entry to obtain the latest statistics.
----End
7.3.4 Configuring the HistoryControlTable
HistoryControlTable provides the historical data management function. With this function, you
can sample traffic of a certain interface, set the maximum number of items to be saved and the
sampling interval, collect traffic statistics on the specific interface periodically, and save the
statistics to etherHistoryTable for future use.
Context
The history data management supports the setting of sampling, sampling interval, and saving
quantity for the traffic passing through a specified port. RMON periodically collects statistics
of the port and saves them to etherHistoryTable for future reference.
As recommended by the RMON specifications, each monitored interface should be configured
with more than two history control entries. One entry is sampled every 30 seconds while another
entry is sampled every 30 minutes.
The short sampling interval enables a monitor to probe the sudden changes of traffic modes, and
the long sampling interval is applicable if the interface status is relatively stable.
Currently, the S5700 reserves up to 10 pieces of the latest records for each history control entry.
NOTE
To reduce the effect on the performance of the system, the sampling interval of the history table should be
longer than 10 seconds, and the same port should not be configured with too many history control entries
and alarm entries.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
395
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
Do as follows on the switch on which traffic statistics should be collected:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface {
| gigabitethernet | xgigabitethernet } interface-number
The interface view is displayed.
Step 3 Run:
rmon history entry-number buckets number interval sampling-interval [ owner ownername ]
The historyControlTable is configured.
----End
7.3.5 Configuring the EventTable
After EventTable is configured, when the number of events exceeds the alarm threshold, the
router generates logs, sends traps, or generates logs and sends traps.
Context
Do as follows on the switch that is monitored:
The RMON event management module is responsible for adding events to the corresponding
rows in the eventTable and defining the methods of processing events:
l
log: sending only logs
l
log-trap: sending both logs and trap messages to the NM Station
l
none: marking that no event occurs
l
trap: sending trap messages to the NM Station
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rmon event entry-number [ description string ] { log | trap object | log-trap
object | none } [ owner owner-name ]
The eventTable is configured.
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
396
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
7.3.6 Configuring the AlarmTable
The RMON alarm management function monitors a specified trap variable identified by its OID
at a specified sampling interval. When the monitored variable exceeds the defined threshold, an
alarm is generated.
Context
The RMON alarm management is responsible for monitoring a specified alarm variable
(identified by OID) at a specified sampling interval. An alarm event occurs when the monitored
variable exceeds the defined threshold. Generally, the event is recorded in the log table, or
RMON sends a trap message to the NM Station.
If the events that correspond to the alarm upper limit and lower limit (event-entry1, evententry2) are not configured in the eventTable, an alarm is not generated even if the alarm condition
is satisfied. At this time, the status of alarm recording is undercreation and not VALID.
If an event corresponding to either the alarm upper limit or the alarm lower limit is configured,
an alarm is triggered once the alarm condition is satisfied. At this time, the status of alarm
recording is VALID. If an incorrect alarm variable is configured (for example, an inexistent OID
is specified), the status of alarm recording is undercreation and no alarm is generated.
Do as follows on the switch that is monitored:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rmon alarm entry-number alarm-OID sampling-time { absolute | changeratio | delta }
rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2
event-entry2 [ owner owner-name ]
The alarmTable is configured.
----End
7.3.7 Configuring the PrialarmTable
Compared with AlarmTable, PrialarmTable is enhanced with the function of setting the trap
object through an expression.
Context
Do as follows on the switch that is monitored.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
397
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
Step 2 Run:
rmon prialarm entry-number prialarm-formula description-string sampling-interval
{ absolute | changeratio | delta } rising-threshold threshold-value1 event-entry1
falling-threshold threshold-value2 event-entry2 entrytype { cycle entry-period |
forever } [ owner owner-name ]
The prialarmTable is configured.
Based on the alarmTable in RFC 2819, the RMON prialarm management is enhanced with two
functions: setting the alarm object in the form of expressions and limiting the time to live (TTL)
value of a prialarm entry.
Compared with the alarmTable, the prialarmTable has several additional entries:
l Expression of alarm variables. It can be an arithmetic expression composed of the OIDs of
alarm variables, +, -, *, / or brackets.
l Description of the prialarm entry in a character string.
l Prialarm state period, in seconds. It must be larger than the sampling interval.
l Two prialarm state types: Forever or Cycle. If Cycle is set, an alarm does not occur and the
entry is deleted after the specified prialarm state period.
If the events that correspond to the alarm upper limit and lower limit (event-entry1, evententry2) are not configured in the eventTable, an alarm does not occur even if the alarm conditions
are satisfied. (The alarm record is in the undercreation state rather than in the VALID state.)
If either the alarm upper limit event or the alarm lower limit event is configured, the alarm is
triggered once the conditions for an alarm are satisfied. (The alarm record is in the VALID state.)
----End
7.3.8 Checking the Configuration
After configuring RMON, you can view the traffic statistics collected by RMON.
Prerequisite
The configurations of the RMON are complete.
Procedure
l
Run the display rmon alarm [ entry-number ] command to view the RMON alarm
information.
l
Run the display rmon event [ entry-number ] command to view the RMON events.
l
Run the display rmon eventlog [ entry-number ] command to view the RMON event logs.
l
Run the display rmon history [ gigabitethernet interface-number | xgigabitethernet
interface-number ] command to view the RMON history information.
l
Run the display rmon prialarm [ entry-number ] command to view the information of the
RMON prialarmTable.
l
Run the display rmon statistics [ gigabitethernet interface-number | xgigabitethernet
interface-number ] command to view the RMON statistics.
----End
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
398
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
Example
Run the display rmon alarm command. If information about the alarm table is displayed, it
means that the configuration succeeds.
<Quidway> display rmon alarm 1
Alarm table 1 owned by Test300 is VALID.
Samples absolute value
: 1.3.6.1.2.1.16.1.1.1.6.1 <etherStatsBroadcastPkts.1>
Sampling interval
: 30(sec)
Rising threshold
: 500(linked with event 1)
Falling threshold
: 100(linked with event 1)
When startup enables
: risingOrFallingAlarm
Latest value
: 1975
Run the display rmon event command. If information about the event table is displayed, it
means that the configuration succeeds.
<Quidway> display rmon event
Event table 1 owned by Test300 is VALID.
Description: null.
Will cause log when triggered, last triggered at 0days 00h:24m:10s.
Event table 2 owned by Test300 is VALID.
Description: forUseofPrialarm.
Will cause snmp-trap when triggered, last triggered at 0days 00h:26m:10s.
Run the display rmon eventlog command. If information about the event logs is displayed, it
means that the configuration succeeds.
<Quidway> display rmon eventlog
Event table 1 owned by Test300 is VALID.
Generates eventLog 1.1 at 0days 00h:39m:30s.
Description: The 1.3.6.1.2.1.16.1.1.1.6.1 defined in alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
Run the display rmon history command to display the RMON history.
<Quidway> display rmon history
History control entry 1 owned by Test300 is VALID,
Samples interface
: GigabitEthernet0/0/1<ifEntry.402653698>
Sampling interval
: 30(sec) with 10 buckets max.
Last Sampling time
: 0days 00h:09m:43s
Latest sampled values :
octets
:645
, packets
:7
broadcast packets
:7
, multicast packets :0
undersize packets
:6
, oversize packets :0
fragments packets
:0
, jabbers packets
:0
CRC alignment errors :0
, collisions
:0
Dropped packet:
:0
, utilization
:0
Run the display rmon prialarm command. If information about the extended alarm table is
displayed, it means that the configuration succeeds.
<Quidway> display rmon prialarm 1
Prialarm table 1 owned by Test300 is VALID.
Samples delta value
: .1.3.6.1.2.1.16.1.1.1.6.1+.1.3.6.1.2.1.16.1.1.1.7.1
Sampling interval
: 30(sec)
Rising threshold
: 1000(linked with event 2)
Falling threshold
: 0(linked with event 2)
When startup enables
: risingOrFallingAlarm
This entry will exist
: forever.
Latest value
: 16
Run the display rmon statistics command to display the RMON statistics.
<Quidway> display rmon statistics
Statistics entry 1 owned by Test300 is VALID.
Interface : Ethernet<ifEntry.402653698>
Received :
octets
:142915224 , packets
:1749151
broadcast packets
:11603
, multicast packets:756252
undersized packets :0
, oversized packets:0
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
399
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
fragments packets
:0
, jabbers packets :0
CRC alignment errors:0
, collisions
:0
Dropped packet (insufficient resources):1795
Packets received according to length (octets):
64
:150183
, 65-127 :150183
, 128-255 :1383
256-511:3698
, 512-1023:0
, 1024-1518:0
7.4 Maintaining RMON
When an RMON operation fault occurs, you can run the debuggingcommand in the user view
to locate the fault and analyze its cause.
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
When an RMON fault occurs, run the following debugging command in the user view to locate
the fault.
For the description about the debugging commands, refer to the Quidway S5700 Series Ethernet
Switches Debugging Reference.
Perform the configuration in the user view.
Procedure
l
Run the debugging rmon to enable RMON debugging.
----End
7.5 Configuration Examples
This section provides several configuration examples of RMON and RMON2.
7.5.1 Examples for Configuring RMON
Networking Requirements
GigabitEthernet0/0/1 on the Switch belongs to a VLAN.
As shown in Figure 7-1, it is required that the network connected to GigabitEthernet0/0/1 be
monitored to obtain real-time and history statistics of broadcast, multicast, and unknown unicast
packets on the network.
If the number of broadcast, multicast, and unknown unicast packets in the VLAN becomes
abnormal, the Switch sends a Trap message to the NMS.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
400
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
Figure 7-1 Networking diagram of configuring RMON
Configuration Roadmap
To send a Trap message to the NMS, you need to use SNMP commands to enable the Trap
function and set a corresponding community name. For details, refer to the chapter SNMP
Configuration.
The configuration roadmap is as follows:
l
Enable the statistics function.
l
Configure the etherStatsTable.
l
Configure the historyControlTable.
l
Configure the eventTable.
l
Configure the alarmTable.
Data Preparation
To complete the configuration, you need the following data:
l
Interval for sampling data
l
Threshold for triggering alarms
l
Community name for communicating with the NMS
Configuration Procedure
1.
Configure reachable routes between the Switch and the NMSs. The configuration procedure
is not mentioned.
2.
Enable the statistics function.
# Enable the RMON statistics function on the interface.
<Switch> system-view
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] rmon-statistics enable
# Configure the etherStatsTable.
[Switch-GigabitEthernet0/0/1] rmon statistics 1 owner User01
# Verify the configuration. You can check the traffic on the subnet.
[Switch-GigabitEthernet0/0/1] display rmon statistics GigabitEthernet0/0/1
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
401
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
Statistics entry 1 owned by User01 is VALID.Received :
Interface : GigabitEthernet0/0/1<ifEntry.514>
octets
:156
, packets
:1
broadcast packets
:0
, multicast packets:1
undersized packets :0
, oversized packets:0
fragments packets
:0
, jabbers packets :0
CRC alignment errors:0
, collisions
:0
Dropped packet (insufficient resources):0
Packets received according to length (octets):
64
:0
, 65-127 :0
, 128-255 :1
256-511:0
, 512-1023:0
, 1024-1518:0
3.
# Configure Switch.
# Sample the traffic on the subnet every 30 seconds and save the latest 10 history entries.
[Switch-GigabitEthernet0/0/1] rmon history 1 buckets 10 interval 30 owner
User01
# Verify the configuration. Only the last sampling record is displayed through CLI. To
display all the history records, use the special NMS software.
[Switch-GigabitEthernet0/0/1] quit
[Switch] display rmon history GigabitEthernet0/0/1
History control entry 1 owned by User01 is VALID
Samples interface
: GigabitEthernet0/0/1<ifEntry.514>
Sampling interval
: 30(sec) with 10 buckets max
Last Sampling time
: 0days 01h:56m:21s
Latest sampled
values :
octets
:11385
, packets
:
0
broadcast packets
:0
, multicast packets :
9
undersize packets
:0
, oversize packets :
0
fragments packets
:0
, jabbers packets
:
0
CRC alignment errors :0
, collisions
:
0
Dropped packet:
:0
, utilization
:
0
History
record:
Record No.1 (Sample time: 1days 07h:37m:
29s)
octets
:11182
, packets
:
0
broadcast packets
:0
, multicast packets :
8
undersize packets
:0
, oversize packets :
0
fragments packets
:0
, jabbers packets
:
0
CRC alignment errors :0
, collisions
:
0
Dropped packet:
:0
, utilization
:0
4.
Configure the eventTable.
# Set the device to record logs for RMON event 1.
[Switch] rmon event 1 description logevent log owner User01
# Set the device to send Trap messages to the NMS for RMON event 2 and set the
community name to public.
[Switch] rmon event 2 description prialarmevent trap public owner User01
# Display the alarms.
[Switch] display rmon event
Event table 1 owned by User01 is VALID.
Description: logevent.
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
402
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
Will cause log when triggered, last triggered at 0days 00h:00m:00s.
Event table 2 owned by User01 is VALID.
Description: prialarmevent.
Will cause snmp-trap when triggered, last triggered at 0days 00h:00m:00s.
5.
Configure the alarmTable for broadcast packets.
# Sample the broadcast packets every 30 seconds. Trigger event 1 when 10000 or more
broadcast packets are received. Trigger event 2 when 100 broadcast or less broadcast
packets are received.
[Switch] rmon alarm 1 1.3.6.1.2.1.16.1.1.1.6.1 30 absolute rising-threshold
10000 2 falling-threshold 100 1 owner User01
# Display the alarms.
[Switch] display rmon alarm 1
Alarm table 1 owned by User01 is VALID.
Samples absolute value : 1.3.6.1.2.1.16.1.1.1.6.1<etherStatsBroadcastPkts.
1>
Sampling interval
: 30(sec)
Rising threshold
: 10000(linked with event 2)
Falling threshold
: 100(linked with event 1)
When startup enables
: risingOrFallingAlarm
Latest value
: 0
6.
Configure the alarmTable for multicast packets.
# Sample the multicast packets every 30 seconds. Trigger event 1 when 50000 or more
multicast packets are received. Trigger event 2 when 100 or less multicast packets are
received.
[Switch] rmon alarm 2 1.3.6.1.2.1.16.1.1.1.7.1 30 absolute rising-threshold
50000 2 falling-threshold 100 1 owner User01
# Display the alarms.
[Switch] display rmon alarm 2
Alarm table 2 owned by User01 is VALID.
Samples absolute value : 1.3.6.1.2.1.16.1.1.1.7.1<etherStatsMulticastPkts.
1>
Sampling interval
: 30(sec)
Rising threshold
: 50000(linked with event 2)
Falling threshold
: 100(linked with event 1)
When startup enables
: risingOrFallingAlarm
Latest value
: 0
7.
Configure the alarmTable for unknown unicast packets.
# Sample the unicast packets every 30 seconds. Trigger event 1 when 1000 or more unicast
packets are received. Trigger event 2 when 10 or less unicast packets are received.
[Switch] rmon alarm 3 1.3.6.1.2.1.2.2.1.12.898 30 absolute rising-threshold
1000 2 falling-threshold 10 1 owner User01
# Display the alarms.
[Switch] display rmon alarm 3
Alarm table 3 owned by User01
Samples
absolute value :
Sampling interval
:
Rising threshold
:
Falling threshold
:
When startup enables
:
Latest value
: 0
is VALID.
1.3.6.1.2.1.2.2.1.12.898<ifInNUcastPkts.898>
30(sec)
1000(linked with event 2)
10(linked with event 1)
risingOrFallingAlarm
Configuration Files
#
sysname Switch
#
snmp-agent
snmp-agent local-engineid 000007DB7F000001000071B6
#
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
403
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
7 RMON Configuration
interface GigabitEthernet0/0/1
rmon-statistics enable
rmon statistics 1 owner user01
rmon history 1 buckets 10 interval 30 owner user01
#
rmon event 1 description logevent log owner User01
rmon event 2 description prialarmeven trap public owner User01
rmon alarm 1 1.3.6.1.2.1.16.1.1.1.6.1 30 absolute rising-threshold 10000 2 fallingthreshold 100 1 owner User01
rmon alarm 2 1.3.6.1.2.1.16.1.1.1.7.1 30 absolute rising-threshold 50000 2 fallingthreshold 100 1 owner User01
rmon alarm 3 1.3.6.1.2.1.2.2.1.12.898 30 absolute rising-threshold 1000 2 fallingthreshold 10 1 owner User01
#
return
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
404
Download PDF