Simple Network Management Protocol (SNMP) is widely used for IP networks’ devices management and monitoring. Not only routers and switches can be managed using SNMP. It can be used with servers, modems, printers, etc. It is application layer protocol and is defined as IETF standard.

How SNMP works?

It operates based on the following components:

• Network Management Station (NMS), sends SNMP requests to query managed devices and receives alarms send by these devices. NMS uses the MIB to identify and manage device objects.
• Agent – process running on the managed device which is responsible for sending alarms to the NMS and processing requests received from NMS.
• Managed device – a networking device on which the Agent process is running.

It is also important to remember, that community string is used in SNMPv2c to identify communication between NMS and Managed device. Community string is a kind of password which is send as a clear-text string. Using community we can restrict access to our managed device.

SNMP configuration example:

To enable SNMP agent on the managed device:

<labnario>system-view 
[labnario]snmp-agent

Let’s check if our SNMP agent is running:

[labnario]display snmp-agent sys-info 
   The contact person for this managed node: 
           R&D Beijing, Huawei Technologies co.,Ltd.

   The physical location of this node: 
           Beijing China

   SNMP version running in the system: 
           SNMPv3

As you see, SNMPv3 agent is enabled by default. The contact person and physical location, both have some default information configured. To run SNMPv2c only, we have to disable SNMPv3:

[Huawei]undo snmp-agent sys-info version v3

Let’s check again:

[Huawei]display snmp-agent sys-info
   The contact person for this managed node: 
           R&D Beijing, Huawei Technologies co.,Ltd.

   The physical location of this node: 
           Beijing China

   SNMP version running in the system: 
           SNMPv2c

To change the equipment administrator’s contact information:

[labnario]snmp-agent sys-info contact Call labnario at 00-11 223344556677
[labnario]snmp-agent sys-info location Warsaw, Poland
[labnario]display snmp-agent sys-info
   The contact person for this managed node: 
           Call labnario at 00-11 223344556677

   The physical location of this node: 
           Warsaw, Poland

   SNMP version running in the system: 
           SNMPv2c

Now we want our agent to be managed by the NMS. To do so, we need to configure community for read only and/or read-write access. First we need to configure access-list, which allows access for our NMS station:

[labnario]acl 2012 
[labnario-acl-basic-2012]
[labnario-acl-basic-2012]rule 10 permit source 150.100.1.1 0.0.0.0

Now we can configure access for NMS host defined in ACL 2012:

[labnario]snmp-agent community read LABNARIO_COMMUNITY_RO acl 2012

If we want our NMS station not only to browse but also modify MIB objects, read-write access rights should be configured:

[labnario]snmp-agent community write LABNARIO_COMMUNITY_RW acl 2012

Now our agent can be pooled by the NMS station. Both read only and read-write access rights are configured. If we do not want some MIB objects to be modified by the NMS, MIB view needs to be defined and applied to the previously configured community string:

[labnario]snmp-agent mib-view excluded LIMITED-VIEW1 1.3.6.1.4.1.2011.6.7
[labnario]snmp-agent community write LABNARIO_COMMUNITY_RW acl 2012 mib-view LIMITED-VIEW1

Now we want to configure our agent to send alarms to the NMS. In this example we use traps, for inform messages just use ‘inform’ parameter instead of ‘trap’.

[labnario]snmp-agent target-host trap address udp-domain 150.100.1.1 params securityname LABNARIO

Parameter ‘securityname’ is the name for the principal on whose behalf SNMP messages will be generated.

Now enable the function of sending traps to NMS. After this function is configured, the device reports abnormal events to the NMS:

[Huawei]snmp-agent trap enable
Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:y

This function has to be configured in both trap and inform modes.

You can also enable traps for specific features:

[Huawei]snmp-agent trap enable feature-name ?
  arp            Enable ARP traps
  bfd            Enable BFD traps
  bgp            Enable BGP traps
  bulkstat       Enable BULKSTAT traps
  configuration  Enable CONFIGURATION traps
  datasync       Enable DATASYNC traps
  dhcp_trap      Enable dhcp_trap
  e-lmi          Enable E-LMI traps
  efm            Enable EFM traps
  eoam-1ag       Enable EOAM-1AG traps
  eoam-y1731     Enable EOAM-Y1731 traps
  etrunk         Enable E-Trunk traps

Final configuration:

[labnario]displ curr | inc snmp
snmp-agent
snmp-agent local-engineid 800007DB03548998AE0B48
snmp-agent community read  LABNARIO_COMMUNITY_RO acl 2012
snmp-agent community write  LABNARIO_COMMUNITY_RW mib-view LIMITED-VIEW1 acl 2012
snmp-agent sys-info contact Call labnario at 00-11 223344556677
snmp-agent sys-info location Warsaw, Poland
snmp-agent sys-info version v2c
undo snmp-agent sys-info version v3
snmp-agent target-host trap address udp-domain 150.100.1.1 source LoopBack0 params securityname LABNARIO v2c
snmp-agent mib-view excluded LIMITED-VIEW1 hwCfgChgNotify
snmp-agent trap source LoopBack0
snmp-agent trap enable

Verification:

[labnario]display snmp-agent community 
   Community name:LABNARIO_COMMUNITY_RO 
       Group name:LABNARIO_COMMUNITY_RO 
       Acl:2012
       Storage-type: nonVolatile 

   Community name:LABNARIO_COMMUNITY_RW 
       Group name:LABNARIO_COMMUNITY_RW 
       Acl:2012
       Storage-type: nonVolatile 

[labnario]displ snmp-agent mib-view viewname LIMITED-VIEW1
   View name:LIMITED-VIEW1 
       MIB Subtree:hwCfgChgNotify 
       Subtree mask:FFF0(Hex) 
       Storage-type: nonVolatile 
       View Type:excluded 
       View status:active 

[labnario]displ snmp-agent target-host 
Target-host NO. 1
-----------------------------------------------------------
  IP-address    : 150.100.1.1
  Source interface : LoopBack0
  VPN instance  : -
  Security name : LABNARIO
  Port          : 162
  Type          : trap
  Version       : v2c
  Level         : No authentication and privacy
  NMS type      : NMS
  With ext-vb   : No
-----------------------------------------------------------

[labnario]displ acl 2012
Basic ACL 2012, 1 rule
ACL's step is 5
 rule 10 permit source 150.100.1.1 0 (0 times matched)

Some time ago I wrote about Huawei Network Simulation Platform eNSP. I have been testing it since it was launched. It is still being developed and new VRP features will be available soon. It looks like it is really useful tool if you want to study Huawei’s datacom technology.

I’ve just found a video guide for eNSP at Huawei’s forum. I hope it will be informative for you.

Anyway, a background music of this guide will have a calming influence on you 🙂

schedule reboot { at time | delay interval }

When can you use this command?

You can always use it 🙂

Seriously telling, you can use it in cases, when there is probability that your work and a new configuration can cause a device to be unavailable. Sometimes it is necessary to change a configuration of a device, which is not accessible by console, but only by remote connection. Specially if you are changing IP addresses or doing some experiments with access methods of the device. Even if you tested everything in your lab and you are sure that everything will go smoothly, it is better to remember about this function. People make mistakes. After you configured schedule reboot function, you are sure that all your mistakes can be repair by reboot of the device, with the restriction that the new configuration is not saved. Of course I am talking about some small or less important devices. For more important or crucial devices it is recommended to use console connection (console server).

Remember to turn this function off when you are sure that everything works properly!

Routing protocols are used to discover routes to a destination. Only one routing protocol at one time determines the optimal route to a destination.

What happens if we have different routes to the same destination learnt by different routing protocols?

When multiple routing information sources coexist on the same router, the router with the highest preference is selected as the optimal route.

Below you can find the default route preferences by each routing protocol (the smaller the value, the higher the preference is):

Of course you can change these default values manually.

But what happens if different routing protocols are configured with the same preference?

Huawei routers define external and internal preferences. Default external preferences are showed in the above table and can be set manually by users, whereas internal preferences are fixed and cannot be changed. For example, two routes, static and OSPF, which have the same route preference 5, set by command, can reach the destination 2.2.2.2/32. According to the internal preferences listed below, route discovered by OSPF will be selected as an optimal route:

#
interface Ethernet0/0/0
undo shutdown
ip address 10.0.0.1 255.255.255.252
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ip route-static 2.2.2.2 255.255.255.255 10.0.0.2 preference 5
#
ospf 1
preference 5
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.0.0 0.0.0.3
[labnario]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
2.2.2.2/32 OSPF 5 1 D 10.0.0.2 Ethernet0/0/0
10.0.0.0/30 Direct 0 0 D 10.0.0.1 Ethernet0/0/0
10.0.0.1/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Huawei, to meet your expectations, recently announced the launch of an enterprise network simulation platform eNSP for ICT practitioners. This information you can find at official Huawei website.

To be honest, I have not tested it yet. If I find time I will do it this week. I have already installed this simulator on my notebook and it looks promising. We can build a network based on AR1200 routers and enterprise switches.

The only think you have to do is to register at Huawei website, download and install the simulator.

I forgot to mention that this simulator is completely for free.

To make it easy for you, below you can find a direct link to the Huawei eNSP:

eNSP

Please feedback your comments if you test it. I would like to know your opinion.

Enjoy!