Sunday , September 23 2018
Home / Tag Archives: SNMP

Tag Archives: SNMP

huawei cheat sheet – information center

I am often asked how to find syslog commands on Huawei devices. As one is familiar with Cisco‘s devices, he is looking for “logging” command in Huawei’s VRP. And this is the main problem. Remember that equivalent of Cisco’s logging is info-center on Huawei.

The information center functions as an information hub. The information center manages most output information. Output information is classified and then effectively filtered. Together with debugging commands and the SNMP module, the information center provides powerful support for the network administrator to monitor the operation of devices and locate faults.

Generally speaking, the information center distributes three types of information with eight severity levels to ten information channels, and then outputs that information in different directions.

Today I decided to create a simple cheat sheet, describing Huawei’s information center:

Read More »

configuring SNMPv3 on Huawei devices

SNMPv1 and SNMPv2c protocols security model uses the community-based pseudo-authentication. That means that a password (called a community string) is sent in a clear text between a network management station and managed devices. Both SNMPv1 and v2c are subject to packet sniffing because they do not implement encryption. Security has been the biggest weakness of the SNMP since the beginning. More about SNMPv2c concepts, operation and configuration you can find at “SNMPv2c configuration on Huawei devices“.

What if we want SNMP to be used over a public network?

SNMPv3 can be implemented. It provides important security features, which are not available in both SNMPv1 and v2c:

  • Confidentiality – encryption of packets to prevent snooping by an unauthorized source
  • Integrity – to ensure that a packet has not been tampered while in transit using optional packet reply protection
  • Authentication – to verify that a packet comes from a valid source.

Read More »

source interfaces for management communication

As you know, configuring management services on Huawei devices, you can add source interface or IP address for transmitting packets. This is an optional configuration. Below you can find configuration syntax for source interfaces in management communication. If you find out that anything else should be added to this list, just let me know.

Info-center source:
[labnario]info-center loghost source ?
  Aux              AUX interface
  Eth-Trunk        Ethernet Trunk interface
  GigabitEthernet  GigabitEthernet interface
  LoopBack         LoopBack interface
  NULL             NULL interface
  Pos              POS interface
Radius server source:
[labnario-radius-test]radius-server source interface ?
  Eth-Trunk        Ethernet Trunk interface
  GigabitEthernet  GigabitEthernet interface
  LoopBack         LoopBack interface
  Pos              POS interface

Read More »

how to solve a problem of hanging alarms in Huawei U2000

Let’s assume that you have U2000 NMS server to monitor Huawei devices. We can manage these devices in 2 ways: outband or inband management. Outband management means that you have a separate DCN network to manage devices. It is commonly used for critical nodes, for example for backbone routers. Unlike to backbone network, it is difficult to implement DCN for mobile backhaul networks, where the number of devices reaches hundreds or even thousands. In such situation inband management is implemented to reduce cost. Then the decision how to send SNMP packets to the NMS server is based on routing protocols. The packets travel through the monitored network and are susceptible to all turbulences, which can appear in the network. This may lead to the fact that some SNMP packets may be lost by the network.

Let’s imagine such case. A link between a router and NMS is “DOWN”. No redundant link is established. The router sends SNMP trap to the NMS server but the server is not available. The SNMP packet is lost. Then the link is going to “UP” state and the router send SNMP trap to U2000. This trap is then dropped by U2000 because there is not related “DOWN” trap, which was lost before.

And what’s next?

U2000 synchronizes alarms with devices every 30 minutes and NMS server receives “DOWN” trap from the router, which was lost earlier. As the clearing trap was dropped, this “DOWN” alarm will not be cleared anymore. Then we have “DOWN” hanging (not cleared) alarm in U2000.

Read More »

SNMPv2c configuration on Huawei devices

Simple Network Management Protocol (SNMP) is widely used for IP networks’ devices management and monitoring. Not only routers and switches can be managed using SNMP. It can be used with servers, modems, printers, etc. It is application layer protocol and is defined as IETF standard.

How SNMP works?

It operates based on the following components:

  • Network Management Station (NMS), sends SNMP requests to query managed devices and receives alarms send by these devices. NMS uses the MIB to identify and manage device objects.
  • Agent – process running on the managed device which is responsible for sending alarms to the NMS and processing requests received from NMS.
  • Managed device – a networking device on which the Agent process is running.

Read More »