Login
- Table of Contents
-
- H3C WX Series Access Controllers Web-Based Configuration Guide(R3308 R2308)-6W107
- 00-Preface
- 01-About the WX Series Access Controllers Web Configuration Guide
- 02-Quick Start
- 03-Web Overview
- 04-Summary
- 05-Device
- 06-Network
- 07-AP Configuration
- 08-Wireless Service
- 09-WLAN Roaming Configuration
- 10-Radio Configuration
- 11-Authentication
- 12-Security
- 13-QoS configuration
- 14-Advanced Settings
- 15-Stateful Failover Configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-Device | 674.20 KB |
Contents
Displaying license information
Registering an enhanced license
Displaying registered enhanced licenses
Device basic information configuration
Configuring Web idle timeout period
Generating the diagnostic information file
System time configuration example
Setting buffer capacity and refresh interval
Initializing the configuration
Displaying interface information and statistics
Interface management configuration example
Introduction to port mirroring
Port mirroring configuration task list
Configuring ports for a mirroring group
Switching the user access level to the management level
Configuring SNMP trap function
Displaying SNMP packet statistics
License management
Configuring licenses
A license controls the maximum number of online APs. You can add a license on a device to increase the maximum number of online APs that the device supports. However, the upper limit of online APs that a device supports is restricted by its specification and varies by device model. For more information, see "Feature matrixes."
Adding a license
|
|
CAUTION: · After adding a license, you must reboot the device to validate the license. · You can also increase the maximum number of online APs by adding an enhanced license. For more information about enhanced license, see "Enhanced license management." |
1. Select Device > License from the navigation tree.
The License page appears.
2. In the Add License area, configure the license information as described in Table 1.
3. Click Add.
|
Item |
Description |
|
License Key |
Enter the license key. |
|
Activation Key |
Enter the activation key for the license. |
Displaying license information
1. Select Device > License from the navigation tree
The page Figure 1 in appears.
2. View the license information in the License area.
Table 2 Field description
|
Field |
Description |
|
default AP number |
Maximum number of APs that the device supports by default. |
|
max AP number |
Upper limit of APs that the device supports. |
|
current AP number |
Maximum number of APs that the device currently supports. |
|
License Key |
License key of the license. |
|
Activation Key |
Activation key of the license. |
|
AP Number |
Number of APs that the license supports. |
Configuring enhanced licenses
Registering an enhanced license
|
|
CAUTION: After registering an enhanced license, you must reboot the device to validate the newly added features. |
You can also increase the number of allowed APs by adding a license. For more information about license, see "License management."
1. Select Device > License from the navigation tree.
2. Click the Enhanced License tab.
The Enhanced License tab page appears.
3. Configure enhanced license information as described in Table 3.
4. Click Add.
|
Item |
Description |
|
Feature Name |
Select the name of the feature to be registered. For example, AP allows you to increase the number of APs. |
|
Serial Number |
Type the serial number of the license. |
Displaying registered enhanced licenses
1. Select Device > License from the navigation tree.
2. Click the Enhanced License tab
The page in Figure 2 appears.
3. View the registered enhanced licenses at the lower part of the page.
Table 4 Field description
|
Filed |
Description |
|
Feature Name |
Name of the feature registered. |
|
Serial Number |
Serial number of the license. |
|
Available Time Left |
Left time of the license. After the time elapses, the license expires. The value Forever means that the license is an official version. |
|
AP Number |
Number of APs that the license supports. |
The device basic information feature provides you the following functions:
· Set the system name of the device. The configured system name will be displayed on the top of the navigation bar.
· Set the idle timeout period for a logged-in user. That is, the system logs an idle user off the Web for security purpose after the configured period.
Configuring system name
1. Select Device > Basic from the navigation tree
The page for configuring the system name appears.
2. Set the system name for the device.
3. Click Apply.
Configuring Web idle timeout period
1. Select Device > Basic from the navigation tree.
2. Click the Web Idle Timeout tab.
The page for configuring Web idle timeout period appears.
Figure 4 Configuring Web idle timeout period
3. Set the Web idle timeout period for a logged-in user.
4. Click Apply.
Software upgrade
A boot file, also known as the system software or device software, is an application file used to boot the device. Software upgrade allows you to obtain a target application file from the local host and set the file as the boot file to be used at the next reboot. In addition, you can select whether to reboot the device to bring the upgrade software into effect.
|
|
CAUTION: · A software upgrade takes some time. Avoid performing any operation on the Web interface during the upgrading procedure. Otherwise, the upgrade operation may be interrupted. · You can keep the original file name or change it to another one (extension name not changed) after you get the target application file from the local host. |
1. Select Device > Device Maintenance from the navigation tree.
The software upgrade configuration page appears.
Figure 5 Software upgrade configuration page
2. Configure the software upgrade parameters as described in Table 5.
3. Click Apply.
|
Item |
Description |
|
File |
Specify the path of the local application file, which must be with an extension .app or .bin. |
|
File Type |
Specify the type of the boot file for the next boot: · Main—Boots the device. · Backup—Boots the device when the main boot file is unavailable. |
|
If a file with the same name already exists, overwrite it without any prompt |
Specify whether to overwrite the file with the same name. If you do not select the option, when a file with the same name exists, the system prompts "The file has existed.", and you cannot upgrade the software. |
|
Reboot after the upgrade is finished. |
Specify whether to reboot the device to make the upgraded software take effect after the application file is uploaded. |
Rebooting the device
|
|
CAUTION: · Before rebooting the device, save the configuration. Otherwise, all unsaved configurations are lost after device reboot. · Re-log in to the Web interface after the device reboots. |
1. Select Device > Device Maintenance from the navigation tree.
2. Click the Reboot tab.
The reboot tab page appears.
Figure 6 Device reboot page
3. Clear the box before "Check whether the current configuration is saved in the next startup configuration file" or keep it selected.
4. Click Apply.
A confirmation dialog box appears.
5. Click OK.
¡ If you select the box before "Check whether the current configuration is saved in the next startup configuration file", the system checks the configuration before rebooting the device. If the check succeeds, the system reboots the device; if the check fails, the system displays a dialog box to inform you that the current configuration and the saved configuration are inconsistent, and does not reboot the device. In this case, you must save the current configuration manually before you can reboot the device.
¡ If you do not select the box, the system reboots the device directly.
Generating the diagnostic information file
Each functional module has its own running information, and generally, you need to view the output information for each module one by one. To receive as much information as possible in one operation during daily maintenance or when system failure occurs, the device supports generating diagnostic information. When you perform the diagnostic information generation operation, the system saves the running statistics of multiple functional modules to a file named default.diag, and then you can locate problems faster by checking this file.
To generate the diagnostic information file:
1. Select Device > Device Maintenance from the navigation tree.
2. Click the Diagnostic Information tab.
The diagnostic information tab page appears.
Figure 7 Diagnostic information
3. Click Create Diagnostic Information File.
The system begins to generate diagnostic information file, and after the file is generated, the page in Figure 8 appears.
Figure 8 The diagnostic information file is created
4. Click Click to Download.
The File Download dialog box appears. You can select to open this file or save this file to the local host.
|
|
NOTE: · The generation of the diagnostic file will take a period of time. During this process, do not perform any operation on the Web page. · To view this file after the diagnostic file is generated successfully, select Device > File Management, or download this file to the local host. For more information, see "File management configuration." |
You need to configure a correct system time so that the device can work with other devices properly. System time allows you to display and set the device system time on the Web interface.
The device supports setting system time through manual configuration and automatic synchronization of NTP server time.
An administrator cannot keep time synchronized among all the devices within a network by changing the system clock on each device, because this is time-consuming task and cannot guarantee clock precision.
Defined in RFC 1305, the Network Time Protocol (NTP) synchronizes timekeeping among distributed time servers and clients.
NTP can keep consistent timekeeping among all clock-dependent devices within the network and ensure a high clock precision so that the devices can provide diverse applications based on consistent time.
Displaying the system time
1. Select Device > System Time from the navigation tree.
The page for configuring system time appears.
2. View the current system time on the top of the page.
Configuring the system time
1. Select Device > System Time from the navigation tree.
The page in Figure 9 appears.
2. Click the System Time Configuration field.
The calendar page appears.
3. Modify the system time either in the System Time Configuration field, or through the calendar page.
You can perform the following operations on the calendar page:
a. Click Today to set the current date on the calendar to the current system date of the local host, and the time keeps unchanged.
b. Set the year, month, date and time, and then click OK.
4. Click Apply in the system time configuration page to save your configuration.
Configuring the network time
1. Select Device > System Time from the navigation tree.
2. Click Net Time.
The network time page appears.
3. Configure system time parameters as described in Table 6.
4. Click Apply.
|
Item |
Description |
|
|
Clock status |
Display the synchronization status of the system clock. |
|
|
Local Reference Source |
Set the IP address of the local clock source to 127.127.1.u, where u ranges from 0 to 3, representing the NTP process ID. · If the IP address of the local clock source is specified, the local clock is used as the reference clock, and thus can provide time for other devices. · If the IP address of the local clock source is not specified, the local clock is not used as the reference clock. |
|
|
Stratum |
Set the stratum level of the local clock. The stratum level of the local clock decides the precision of the local clock. A higher value indicates a lower precision. A stratum 1 clock has the highest precision, and a stratum 16 clock is not synchronized and cannot be used as a reference clock. |
|
|
Source Interface |
Set the source interface for an NTP message. If you do not want the IP address of a certain interface on the local device to become the destination address of response messages, you can specify the source interface for NTP messages, so that the source IP address in the NTP messages is the primary IP address of this interface. If the specified source interface is down, the source IP address of the NTP messages sent is the primary IP address of the outbound interface. |
|
|
Key 1 |
Set NTP authentication key. The NTP authentication feature should be enabled for a system running NTP in a network where there is a high security demand. This feature enhances the network security by means of client-server key authentication, which prohibits a client from synchronizing with a device that has failed authentication. You can set two authentication keys, each of which is composed of a key ID and key string. · ID is the ID of a key. · Key string is a character string for MD5 authentication key. |
|
|
Key 2 |
||
|
External Reference Source |
NTP Server 1/Reference Key ID |
Specify the IP address of an NTP server, and configure the authentication key ID used for the association with the NTP server. The device synchronize its time to the NTP server only if the key provided by the server is the same with the specified key. You can configure two NTP servers. The clients will choose the optimal reference source.
The IP address of an NTP server is a unicast address, and cannot be a broadcast or a multicast address, or the IP address of the local clock source. |
|
NTP Server 2/Reference Key ID |
||
|
TimeZone |
Set the time zone for the system. |
|
System time configuration example
Network requirements
· As shown in Figure 12, the local clock of Switch is set as the reference clock.
· AC operates in client mode, and uses Switch as the NTP server.
· NTP authentication is configured on both AC and Switch.
Configuring the switch
Configure the local clock as the reference clock, with the stratum of 2, configure authentication, with the key ID of 24, and trusted key as aNiceKey. (Details not shown.)
Configuring the AC
To configure Switch as the NTP server of AC:
1. Select Device > System Time from the navigation tree.
2. Click the Net Time tab.
The Net Time tab page appears.
Figure 13 Configuring Switch as the NTP server of AC
3. Enter 24 for the ID of key 1, and aNiceKey for the key string. Enter 1.0.1.12 in the NTP Server 1 box and 24 in the Reference Key ID box.
4. Click Apply.
Verifying the configuration
After the above configuration, the current system time displayed on the System Time page is the same for AC and Switch.
Configuration guidelines
· A device can act as a server to synchronize the clock of other devices only after its clock has been synchronized. If the clock of a server has a stratum level higher than or equal to that of a client's clock, the client will not synchronize its clock to the server's.
· The synchronization process takes a period of time. The clock status may be displayed as unsynchronized after your configuration. In this case, you can refresh the page to view the clock status later on.
· If the system time of the NTP server is ahead of the system time of the device, and the difference between them exceeds the Web idle time specified on the device, all online Web users are logged out because of timeout.
System logs contain a large amount of network and device information, including running status and configuration changes. System logs are an important way for administrators to know network and device status. With system logs, administrators can take corresponding actions against network problems and security problems.
The system sends system logs to the following destinations:
· Console
· Monitor terminal, which is a user terminal that has login connections through the AUX, VTY, or TTY user interface.
· Log buffer
· Loghost
Displaying syslog
The Web interface provides abundant search and sorting functions. You can view syslogs through the Web interface conveniently.
To display syslog:
1. Select Device > Syslog from the navigation tree.
The page for displaying syslog appears.
|
|
TIP: · You can click Reset to clear all system logs saved in the log buffer on the Web interface. · You can click Refresh to manually refresh the page, or you can set the refresh interval on the Log Setup page to enable the system to automatically refresh the page periodically. For more information, see "Setting buffer capacity and refresh interval." |
2. View system logs.
Table 7 Field description
|
Field |
Description |
|
Time/Date |
Display the time/date when system logs are generated. |
|
Source |
Display the module that generates system logs. |
|
Level |
Display the system information levels. The information is classified into eight levels by severity: · Emergency—The system is unusable. · Alert—Action must be taken immediately. · Critical—Critical conditions. · Error—Error conditions. · Warning—Warning conditions. · Notification—Normal but significant condition. · Informational—Informational messages. · Debug—Debug-level messages. |
|
Digest |
Display the brief description of system logs. |
|
Description |
Display the contents of system logs. |
Setting the log host
You can set the loghost on the Web interface to enable the system to output syslogs to the log host. You can specify at most four different log hosts.
To set the log host:
1. Select Device > Syslog from the navigation tree.
2. Click the Loghost tab
The loghost configuration page appears.
3. Configure the log host as described in Table 8.
4. Click Apply.
|
Item |
Description |
|
IPv4/Domain |
Set the IPv4 address, domain, or IPv6 address of the loghost.. |
|
IPv6 |
|
|
Loghost IP/Domain |
Setting buffer capacity and refresh interval
1. Select Device > Syslog from the navigation tree.
2. Click the Log Setup tab.
The syslog configuration page appears.
Figure 16 Syslog configuration page
3. Configure buffer capacity and refresh interval as described in Table 9.
4. Click Apply.
|
Item |
Description |
|
Buffer Capacity |
Set the number of logs that can be stored in the log buffer of the Web interface. |
|
Refresh Interval |
Set the refresh period on the log information displayed on the Web interface. You can select manual refresh or automatic refresh: · Manual—Click Refresh to refresh the Web interface when displaying log information. · Automatic—You can select to refresh the Web interface every 1 minute, 5 minutes, or 10 minutes. |
|
|
NOTE: When backing up a configuration file, back up the configuration file with the extension .xml. Otherwise some configuration information may not be restored in some cases (for example, when the configuration is removed). |
Backing up the configuration
Configuration backup provides the following functions:
· Open and view the configuration file (.cfg file or .xml file) for the next startup
· Back up the configuration file (.cfg file or .xml file) for the next startup to the host of the current user
To back up the configuration:
1. Select Device > Configuration from the navigation tree.
The page for backing up configuration appears.
Figure 17 Backup configuration page
2. Click the upper Backup button.
A file download dialog box appears. You can select to view the .cfg file or to save the file locally.
3. Click the lower Backup button.
A file download dialog box appears. You can select to view the .xml file or to save the file locally.
Restoring the configuration
|
|
CAUTION: The restored configuration file takes effect at the next device reboot. |
Configuration restore provides the following functions:
· Upload the .cfg file on the host of the current user to the device for the next startup
· Upload the .xml file on the host of the current user to the device for the next startup, and delete the previous .xml configuration file that was used for the next startup
To restore the configuration:
1. Select Device > Configuration from the navigation tree.
2. Click the Restore tab.
The page for restoring configuration appears.
Figure 18 Configuration restore page
3. Click the upper Browse button.
The file upload dialog box appears. You can select the .cfg file to be uploaded.
4. Click the lower Browse button in this figure.
The file upload dialog box appears. You can select the .xml file to be uploaded.
5. Click Apply.
Saving the configuration
|
|
CAUTION: · Saving the configuration takes some time. · The system does not support the operation of saving configuration of two or more consecutive users. If such a case occurs, the system prompts the latter users to try later. |
The save configuration module provides the function to save the current configuration to the configuration file (.cfg file or .xml file) to be used at the next startup. You can save the configuration in one of the following ways:
Fast
Click the Save button at the upper right of the auxiliary area, and you can save the configuration to the configuration file.
Figure 19 Saving configuration confirmation
Common
1. Select Device > Configuration from the navigation tree.
2. Click the Save tab.
The page in Figure 19 appears.
3. Click Save Current Settings to save the current configuration to the configuration file.
Initializing the configuration
This operation restores the system to factory defaults, delete the current configuration file, and reboot the device.
To initialize the configuration:
1. Select Device > Configuration from the navigation tree.
2. Click the Initialize tab.
The initialize confirmation page appears.
Figure 20 Initializing the configuration
3. Click Restore Factory-Default Settings to restore the system to factory defaults.
|
|
NOTE: There are many types of storage media such as flash, compact flash (CF), and so on. Different devices support different types of storage device. For more information, see "Feature matrixes." |
The device saves useful files (such as host software, configuration file) into the storage device, and the system provides the file management function for the users to manage those files conveniently and effectively.
Displaying file list
1. Select Device > File Management from the navigation tree.
The file management page appears.
2. Select a disk from the Please select disk list on the top of the page.
3. View the used space, free space and capacity of the disk at the right of the list.
4. View all files saved in this disk (in the format of path + filename), file sizes, and the boot file types (Main or Backup is displayed if the file is an application file, that is, with the extension of .bin or .app).
Downloading a file
1. Select Device > File Management from the navigation tree.
The page in Figure 21 appears.
2. Select a file from the list.
You can select one file at a time.
3. Click Download File.
The File Download dialog box appears. You can select to open the file or to save the file to a specified path.
Uploading a file
|
|
NOTE: Uploading a file takes some time. H3C recommends you not to perform any operation on the Web interface during the upgrading procedure. |
1. Select Device > File Management from the navigation tree.
The page in Figure 21 appears.
2. Select the disk to save the file in the Upload File box.
3. Click Browse to set the path and name of the file.
4. Click Apply.
Removing a file
1. Select Device > File Management from the navigation tree.
The page in Figure 21 appears.
2. Select one or multiple files from the file list,
3. Click Remove File.
|
|
NOTE: You can also remove a file by clicking the |
Specifying the main boot file
1. Select Device > File Management from the navigation tree.
The page in Figure 21 appears.
2. Select the box to the left of an application file (with the extension of .bin or .app).
You can set one file at a time.
3. Click Set as Main Boot File to set the main boot file to be used at the next startup.
Interface management overview
An interface is the point of interaction or communication used for exchanging data between entities. There are two types of interfaces: physical and logical. A physical interface refers to an interface that physically exists as a hardware component. An example is Ethernet interfaces. A logical interface refers to an interface that can implement data switching but does not exist physically. A logical interface must be created manually. An example is VLAN interfaces.
You can use the interface management feature on the Web-based configuration interface to manage the following types of interfaces.
· Layer 2 Ethernet interface—Physical interface operating on the data link layer for forwarding Layer 2 protocol packets.
· Management Ethernet interface—Physical interface operating on the network layer. You can configure IP addresses for a management Ethernet interface. You can log in to the device through a management Ethernet interface to manage the device.
· Loopback interface—A loopback interface is a software-only virtual interface. The physical layer state and link layer protocols of a loopback interface are always up unless the loopback interface is manually shut down. You can enable routing protocols on a loopback interface, and a loopback interface can send and receive routing protocol packets. When you assign an IPv4 address whose mask is not 32-bit, the system automatically changes the mask into a 32-bit mask.
· Null interface—A null interface is a completely software-based logical interface, and is always up. However, you cannot use it to forward data packets or configure an IP address or link layer protocol on it. With a null interface specified as the next hop of a static route to a specific network segment, any packets routed to the network segment are dropped. The null interface provides a simpler way to filter packets than ACL. You can filter uninteresting traffic by transmitting it to a null interface instead of applying an ACL.
· VLAN interface—Virtual Layer 3 interface used for Layer 3 communications between VLANs. A VLAN interface corresponds to a VLAN. You can assign an IP address to a VLAN interface and specify it as the gateway of the corresponding VLAN to forward traffic destined for an IP network segment different from that of the VLAN.
· Virtual template (VT) interface—Template used for configuring virtual access (VA) interfaces.
· Bridge-Aggregation interface (BAGG)—Multiple Layer 2 Ethernet interfaces can be combined to form a Layer 2 aggregation group. The logical interface created for the group is called an aggregate interface.
Displaying interface information and statistics
1. Select Device > Interface from the navigation tree.
The interface management page appears. The page displays the interfaces' names, IP addresses, masks, and status.
Figure 22 Interface management page
2. Click an interface name in the Name column to display the statistics of that interface.
The page for displaying interface statistics appears.
Figure 23 Statistics on an interface
Creating an interface
1. Select Device > Interface from the navigation tree.
The page in Figure 22 appears.
2. Click Add.
The page for creating an interface appears.
Figure 24 Creating an interface
3. Configure the interface as described in Table 10.
4. Click Apply.
|
Item |
Description |
|
Interface Name |
Set the type and number of a logical interface. |
|
VID |
If you are creating a Layer 3 Ethernet subinterface, set the VLANs associated with the subinterface. This parameter is available only for Layer 3 Ethernet subinterfaces.
Currently, this configuration item is not configurable because the device does not support Layer 3 Ethernet subinterfaces. |
|
MTU |
Set the maximum transmit unit (MTU) of the interface. The MTU value affects fragmentation and reassembly of IP packets.
Support for this configuration item depends on the interface type. All Layer 3 interfaces support MTU. |
|
TCP MSS |
Set the maximum segment size (MSS) for IP packets on the interface. The TCP MSS value affects fragmentation and reassembly of IP packets.
Support for this configuration item depends on the interface type. All Layer 3 interfaces support MTU. |
|
IP Config |
Set the way for the interface to obtain an IP address, include: · None—Select this option if you do not want to assign an IP address for the interface. · Static Address—Select the option to manually assign an IP address and mask for the interface. If this option is selected, you must set the IP Address and Mask fields. · DHCP—Select the option for the interface to obtain an IP address through DHCP automatically. · BOOTP—Select the option for the interface to obtain an IP address through BOOTP automatically. · PPP Negotiate—Select the option for the interface to obtain an IP address through PPP negotiation. · Unnumbered—Select this option to borrow the IP address of another interface on the same device for the interface. If this option is selected, you must select the interface whose IP address you want to borrow in the Unnumbered Interfaces list.
Support for the way of obtaining an IP address depends on the interface type. |
|
IP Address/Mask |
After selecting the Static Address option for the IP Config configuration item, you need to set the primary IP address and mask, and secondary IP addresses and masks for the interface.
· The primary and secondary IP addresses cannot be 0.0.0.0. · For a loopback interface, the mask is fixed to 32 bits and is not configurable. · The number of secondary IP addresses supported by the device depends on the device model.. |
|
Secondary IP Address/Mask |
|
|
Unnumbered Interface |
If the Unnumbered option is selected as the way for the interface to obtain an IP address, you must set the interface whose IP address is to be borrowed. |
|
IPv6 Config |
Set the way for the interface to obtain an IPv6 link-local address, include. · None—Select this option if you do not want to assign an IPv6 link-local address to the interface. · Auto—Select this option for the system to automatically assign an IPv6 link-local address to the interface. · Manual—Select this option to manually assign an IPv6 link-local address to the interface. If this option is selected, you must set the IPv6 Link Local Address field. |
|
IPv6 Link Local Address |
If the Manual option is selected as the way for the interface to obtain an IPv6 link-local address, you must set an IPv6 link-local address for the interface. |
Modifying a Layer 2 interface
1. Select Device > Interface from the navigation tree.
The page in Figure 22 appears.
2.
Click the 
icon
corresponding to a Layer 2 interface.
The page for modifying a Layer 2 interface appears.
Figure 25 Modifying a Layer 2 physical interface
3. Modify the information about the Layer 2 physical interface as described in Table 11.
4. Click Apply.
|
Item |
Description |
|
Port State |
Enable or disable the interface. In some cases, modification to the interface parameters does not take effect immediately. You need to shut down and then bring up the interface to make the modification work. |
|
Speed |
Set the transmission rate of the interface. Available options include: · 10—10 Mbps. · 100—100 Mbps. · 1000—1000 Mbps. · Auto—Auto-negotiation. · Auto 10—The auto-negotiation rate of the interface is 10 Mbps. · Auto 100—The auto-negotiation rate of the interface is 100 Mbps. · Auto 1000—The auto-negotiation rate of the interface is 1000 Mbps. · Auto 10 100—The auto-negotiation rate of the interface is 10 Mbps or 100 Mbps. · Auto 10 1000—The auto-negotiation rate of the interface is 10 Mbps or 1000 Mbps. · Auto 100 1000—The auto-negotiation rate of the interface is 100 Mbps or 1000 Mbps. · Auto 10 100 1000—The auto-negotiation rate of the interface is 10 Mbps, 100 Mbps or 1000 Mbps. |
|
Duplex |
Set the duplex mode of the interface. · Auto—Auto-negotiation. · Full—Full duplex. · Half—Half duplex. |
|
Link Type |
Set the link type of the current interface, which can be access, hybrid, or trunk. For more information, see Table 12.
To change the link type of a port from trunk to hybrid or vice versa, you must first set its link type to access. |
|
PVID |
Set the default VLAN ID of the hybrid or trunk port.
The trunk ports at the two ends of a link must have the same PVID. |
|
MDI |
Set the Medium Dependent Interface (MDI) mode for the interface. Two types of Ethernet cables can be used to connect Ethernet devices: crossover cable and straight-through cable. To accommodate these two types of cables, an Ethernet interface on the device can operate in one of the following three MDI modes: · Across mode. · Normal mode. · Auto mode. An Ethernet interface is composed of eight pins. By default, each pin has its particular role. For example, pin 1 and pin 2 are used for transmitting signals; pin 3 and pin 6 are used for receiving signals. You can change the pin roles through setting the MDI mode. · In across mode, the default pin roles are kept, that is, pin 1 and pin 2 for transmitting signals, and pin 3 and pin 6 for receiving signals. · In auto mode, the pin roles are determined through auto negotiation. · In normal mode, pin 1 and pin 2 are used for receiving signals while pin 3 and pin 6 are used for transmitting signals. To enable normal communication, you should connect the local transmit pins to the remote receive pins. Therefore, you should configure the MDI mode depending on the cable types. · Generally, the auto mode is recommended. The other two modes are useful only when the device cannot determine the cable types. · When straight-through cables are used, the local MDI mode must be different from the remote MDI mode. · When crossover cables are used, the local MDI mode must be the same as the remote MDI mode, or the MDI mode of at least one end must be set to auto. |
|
Flow Control |
Enable or disable flow control on the interface. After flow control is enabled on both ends, if there is traffic congestion on the device on the local end, it sends information to notify the peer end to stop sending packets temporarily; upon receiving the information, the peer end stops sending packets; and vice versa. This is used to avoid packet loss.
Flow control can be realized only when it is enabled on both ends. |
|
Jumbo Frame |
Enable or disable the forwarding of jumbo frames. |
|
Max MAC Count |
Set the maximum number of MAC addresses the interface can learn. Available options include: · User Defined—Select this option to set the limit manually. · No Limited—Select this option to set no limit. |
|
Broadcast Suppression |
Set broadcast suppression. You can suppress broadcast traffic by percentage or by PPS as follows: · ratio—Sets the maximum percentage of broadcast traffic to the total transmission capability of an Ethernet interface. When this option is selected, you need to enter a percentage in the box below. · pps—Sets the maximum number of broadcast packets that can be forwarded on an Ethernet interface per second. When this option is selected, you need to enter a number in the box below. |
|
Multicast Suppression |
Set multicast suppression. You can suppress multicast traffic by percentage or by PPS as follows: · ratio—Sets the maximum percentage of multicast traffic to the total transmission capability of an Ethernet interface. When this option is selected, you need to enter a percentage in the box below. · pps—Sets the maximum number of multicast packets that can be forwarded on an Ethernet interface per second. When this option is selected, you need to enter a number in the box below. |
|
Unicast Suppression |
Set unicast suppression. You can suppress unicast traffic by percentage or by PPS as follows: · ratio—Sets the maximum percentage of unicast traffic to the total transmission capability of an Ethernet interface. When this option is selected, you need to enter a percentage in the box below. · pps—Sets the maximum number of unicast packets that can be forwarded on an Ethernet interface per second. When this option is selected, you need to enter a number in the box below. |
Table 12 Link type description
|
Link type |
Description |
|
Access |
An access port can belong to only one VLAN and is usually used to connect a user device. |
|
Hybrid |
A hybrid port can be assigned to multiple VLANs to receive and send packets for them and allows packets of multiple VLANs to pass through untagged. Hybrid ports can be used to connect network devices, as well as user devices. |
|
Trunk |
A trunk port can be assigned to multiple VLANs to receive and send packets for them but allows only packets of the default VLAN to pass through untagged. Trunk ports are usually used to connect network devices. |
Modifying a Layer 3 interface
1. Select Device > Interface from the navigation tree.
The page in Figure 22 appears.
2.
Click the icon
corresponding to a Layer 3 interface.
The page for modifying a Layer 3 interface appears.
Figure 26 Modifying a Layer 3 physical interface
3. Modify the information about the Layer 3 interface.
The configuration items of modifying the Layer 3 interface are similar to those of creating an interface. Table 13 describes configuration items proper to modifying a Layer 3 interface.
4. Click Apply.
|
Item |
Description |
|
Interface Type |
Set the interface type, which can be Electrical port, Optical port, or None. |
|
Interface Status |
Display and set the interface status. · The display of Connected indicates that the current status of the interface is up and connected. You can click Disable to shut down the interface. · The display of Not connected indicates that the current status of the interface is up but not connected. You can click Disable to shut down the interface. · The display of Administratively Down indicates that the interface is shut down by the administrator. You can click Enable to bring up the interface. After you click Enable or Disable, the page displaying interface information appears.
For an interface whose status cannot be changed, the Enable or Disable button is not available. |
|
Working Mode |
Set the interface to work in bridge mode or router mode. |
Interface management configuration example
Network requirements
Create VLAN-interface 100 and specify its IP address as 10.1.1.2.
Configuration procedure
1. Create VLAN 100:
a. Select Network > VLAN from the navigation tree.
The VLAN tab page appears.
b. Click Add.
The page for creating VLANs appears.
c. Enter VLAN ID 100.
d. Click Apply.
2. Create VLAN-interface 100 and assign an IP address for it:
a. Select Device > Interface from the navigation tree.
b. Click Add.
The page for creating an interface appears.
Figure 28 Creating VLAN-interface 100
c. Select Vlan-interface from the Interface Name list, enter the interface ID 100, select the Static Address option in the IP Config area, enter the IP address 10.1.1.2, and select 24 (255.255.255.0) from the Mask list.
d. Click Apply.
|
|
NOTE: · There are two kinds of port mirroring: local port mirroring and remote port mirroring. Unless otherwise specified, port mirroring described in this chapter all refers to local port mirroring. · Support for the port mirroring feature depends on the device model. For more information, see "Feature matrixes." |
Introduction to port mirroring
Port mirroring is to copy the packets passing through one or multiple ports (called mirroring ports) to a port (called the monitor port) on the local device. The monitor port is connected with a monitoring device. By analyzing on the monitoring device the packets mirrored to the monitor port, you can monitor the network and troubleshoot possible network problems.
Figure 29 A port mirroring implementation
Port mirroring is implemented through mirroring groups. The mirroring ports and the monitor port are in the same mirroring group. With port mirroring enabled, the device copies packets passing through the mirroring ports to the monitor port.
Port mirroring configuration task list
Table 14 Port mirroring configuration task list
|
Task |
Remarks |
|
Add a mirroring group |
Required. For more information, see "Adding a mirroring group." You need to select the mirroring group type local in the Type list. |
|
Configure the mirroring ports |
Required. For more information, see "Configuring ports for a mirroring group." During configuration, you need to select the port type Mirror Port. |
|
Configure the monitor port |
Required. For more information, see "Configuring ports for a mirroring group." During configuration, you need to select the port type Monitor Port. |
Adding a mirroring group
1. Select Device > Port Mirroring from the navigation tree.
2. Click the Add tab.
The page for adding a mirroring group appears.
Figure 30 The page for adding a mirroring group
3. Configure the mirroring group as described in Table 15.
4. Click Apply.
|
Item |
Description |
|
Mirroring Group ID |
ID of the mirroring group to be added. |
|
Type |
Specify the type of the mirroring group to be added: Local: Adds a local mirroring group. |
Configuring ports for a mirroring group
1. Select Device > Port Mirroring from the navigation tree.
2. Click the Modify Port tab.
The page for configuring ports for a mirroring group appears.
Figure 31 The page for configuring ports for a mirroring group
3. Configure the port information for the mirroring group as described in Table 16.
4. Click Apply.
The progress bar appears.
5. Click Close after the progress bar prompts that the configuration is complete.
|
Item |
Description |
|
Mirroring Group ID |
ID of the mirroring group to be configured. |
|
Port Type |
Set the types of the ports to be configured: · Monitor Port—Configures the monitor port for the mirroring group. · Mirror Port—Configures mirroring ports for the mirroring group. |
|
Stream Orientation |
Set the direction of the traffic monitored by the monitor port of the mirroring group. This configuration item is available when Mirror Port is selected is the Port Type list. · both—Mirrors both received and sent packets on mirroring ports. · inbound—Mirrors only packets received by mirroring port. · outbound—Mirrors only packets sent by mirroring ports. |
|
interface name |
Select the ports to be configured from the interface name list. |
Configuration examples
Network requirements
As shown in Figure 32, the customer network is as described below:
· Packets from AP access AC through GigabitEthernet 1/0/1.
· Server is connected to GigabitEthernet 1/0/2 of AC.
Configure port mirroring to monitor the bidirectional traffic on GigabitEthernet 1/0/1 of AC on the server.
To satisfy the above requirement through port mirroring, perform the following configuration on AC:
· Configure GigabitEthernet 1/0/1 of AC as a mirroring port.
· Configure GigabitEthernet 1/0/2 of AC as the monitor port.
Adding a mirroring group
1. Select Device > Port Mirroring from the navigation tree.
2. Click Add.
The page for adding a mirroring group appears.
Figure 33 Adding a mirroring group
3. Enter 1 for Mirroring Group ID and select Local in the Type list.
4. Click Apply.
Configuring the mirroring ports
1. Click Modify Port.
The page for configuring a mirroring port appears.
Figure 34 Configuring a mirroring port
2. Select 1 – Local for Mirroring Group ID, select Mirror Port for Port Type, select both for Stream Orientation, and select GigabitEthernet 1/0/1 from the interface name list.
3. Click Apply.
The progress bar appears.
4. Click Close after the progress bar prompts that the configuration is complete.
Configuring the monitor port
1. Click Modify Port tab.
The page for configuring the mirroring port appears.
Figure 35 Configuring the monitor port
2. Select 1 – Local for Mirroring Group ID, select Monitor Port for Port Type, and select GigabitEthernet 1/0/2 from the interface name list.
3. Click Apply.
A progress bar appears.
4. Click Close after the progress bar prompts that the configuration is complete.
Configuration guidelines
When you configure port mirroring, follow these guidelines:
· Depending on the device model, you can assign these types of ports to a mirroring group as mirroring ports: Layer 2 Ethernet, Layer 3 Ethernet, POS, CPOS, serial, and MP-group.
· Depending on the device model, you can configure these types of ports as the monitor port: Layer 2 Ethernet, Layer 3 Ethernet, and tunnel.
· To ensure normal operation of your device, do not enable STP, MSTP, or RSTP on the monitor port.
· On some types of devices, you can configure a member port in link aggregation as the monitor port.
· Other restrictions on the monitor port depend on your device model.
· You can configure multiple mirroring ports but only one monitor port for a mirroring group.
· A port can be assigned to only one mirroring group.
In the user management part, you can perform the following configuration:
· Create a local user, and set the password, access level, and service type for the user.
· Set the super password for switching the current Web user level to the management level.
· Switch the current Web user access level to the management level.
Creating a user
1. Select Device > Users from the navigation tree.
2. Click the Create tab.
The page for creating local users appears.
3. Configure the user information as described in Table 17.
4. Click Apply.
|
Item |
Description |
|
Username |
Set the username for a user. |
|
Access Level |
Set the access level for a user. Users of different levels can perform different operations. Web user levels, from low to high, are visitor, monitor, configure, and management. · Visitor—Users of visitor level can perform the ping and traceroute operations, but they can neither access the device data nor configure the device. · Monitor—Users of this level can only access the device data but cannot configure the device. · Configure—Users of this level can access data on the device and configure the device, but they cannot upgrade the host software, add/delete/modify users, or back up/restore the application file. · Management—Users of this level can perform any operations on the device. |
|
Password |
Set the password for a user. |
|
Confirm Password |
Enter the same password again. Otherwise, the system prompts that the two passwords enter are not consistent when you apply the configuration. |
|
Service Type |
Set the service type, including Web, FTP, and Telnet services. You must select one of them. |
Setting the super password
In this part, users of the management level can specify the password for a lower-level user to switch from the current access level to the management level. If no such a password is configured, the switchover will fail.
To set the super password:
1. Select Device > Users from the navigation tree.
2. Click the Super Password tab.
The super password configuration page appears.
Figure 37 Super password
3. Set the super password as described in Table 18.
4. Click Apply.
|
Item |
Description |
|
Create/Remove |
Set the operation type: · Create—Configure or modify the super password. · Remove—Remove the current super password. |
|
Password |
Set the password for a user to switch to the management level. |
|
Confirm Password |
Enter the same password again. Otherwise, the system prompts that the two passwords enter are not consistent when you apply the configuration. |
Switching the user access level to the management level
This function is provided for a user to switch the current user level to the management level. Note the following:
· Before switching, make sure that the super password is already configured. A user cannot switch to the management level without a super password.
· The access level switchover of a user is valid for the current login only. The access level configured for the user is not changed. When the user re-logs in to the Web interface, the access level of the user is still the original level.
To switch the user access level to the management level:
1. Select Device > Users from the navigation tree.
2. Click the Switch To Management tab.
The access level switching page appears.
Figure 38 Switching to the management level.
3. Enter the super password.
4. Click Login.
SNMP configuration
SNMP overview
Simple Network Management Protocol (SNMP) offers the communication rules between a management device and the managed devices on the network; it defines a series of messages, methods and syntaxes to implement the access and management from the management device to the managed devices. SNMP shields the physical differences between various devices and realizes automatic management of products from different manufacturers.
An SNMP enabled network comprises the network management system (NMS) and agents.
The NMS manages agents by exchanging management information through SNMP. The NMS and managed agents must use the same SNMP version.
SNMP agents support SNMPv1, SNMPv2c, and SNMPv3.
· SNMPv1 uses community name for authentication. Community name defines the relationship between an SNMP NMS and an SNMP agent. SNMP packets with community names that do not pass the authentication on the device are simply discarded. A community name plays a similar role as a key word and can be used to control access from NMS to the agent.
· SNMPv2c uses community name for authentication. Compatible with SNMPv1, it extends the functions of SNMPv1. SNMPv2c provides more operation modes such as GetBulk and InformRequest; it supports more data types such as Counter64; and it provides various error codes, thus being able to distinguish errors in more detail.
· SNMPv3 offers an authentication that is implemented with a User-Based Security Model (USM). You can set the authentication and privacy functions. The former is used to authenticate the validity of the sending end of the authentication packets, preventing access of illegal users; the latter is used to encrypt packets between the NMS and agents, preventing the packets from being intercepted. USM ensures a more secure communication between SNMP NMS and SNMP agent by authentication with privacy.
For more information about SNMP, see H3C WX Series Access Controllers Network Management and Monitoring Configuration Guide.
SNMP configuration task list
SNMPv1 or SNMPv2c configuration task list
Perform the tasks in Table 19 to configure SNMPv1 or SNMPv2c.
Table 19 SNMPv1 or SNMPv2c configuration task list
|
Task |
Remarks |
|
Required. The SNMP agent function is disabled by default.
If SNMP agent is disabled, all SNMP agent-related configurations are removed. |
|
|
Optional. After creating SNMP views, you can specify an SNMP view for an SNMP group to limit the MIB objects that can be accessed by the SNMP group. |
|
|
Required. |
|
|
Optional. Allows you to configure that the agent can send SNMP traps to the NMS, and configure information about the target host of the SNMP traps. By default, an agent is allowed to send SNMP traps to the NMS. |
|
|
Optional. |
SNMPv3 configuration task list
Perform the tasks in Table 20 to configure SNMPv3.
Table 20 SNMPv3 configuration task list
|
Task |
Remarks |
|
Required. The SNMP agent function is disabled by default.
If SNMP agent is disabled, all SNMP agent-related configurations are removed. |
|
|
Optional. After creating SNMP views, you can specify an SNMP view for an SNMP group to limit the MIB objects that can be accessed by the SNMP group. |
|
|
Required. After creating an SNMP group, you can add SNMP users to the group when creating the users. Therefore, you can realize centralized management of users in the group through the management of the group. |
|
|
Required. Before creating an SNMP user, you need to create the SNMP group to which the user belongs. |
|
|
Optional. Allows you to configure that the agent can send SNMP traps to the NMS, and configure information about the target host of the SNMP traps By default, an agent is allowed to send SNMP traps to the NMS. |
|
|
Optional. |
Enabling SNMP
1. Select Device > SNMP from the navigation tree.
The SNMP configuration page appears.
2. Configure SNMP settings on the upper part of the page as described in Table 21.
3. Click Apply.
|
Item |
Description |
|
SNMP |
Specify to enable or disable SNMP. |
|
Local Engine ID |
Configure the local engine ID. The validity of a user after it is created depends on the engine ID of the SNMP agent. If the engine ID when the user is created is not identical to the current engine ID, the user is invalid. |
|
Maximum Packet Size |
Configure the maximum size of an SNMP packet that the agent can receive/send. |
|
Contact |
Set a character string to describe the contact information for system maintenance. If the device is faulty, the maintainer can contact the manufacture factory according to the contact information of the device. |
|
Location |
Set a character string to describe the physical location of the device. |
|
SNMP Version |
Set the SNMP version run by the system. |
Configuring an SNMP view
Creating an SNMP view
1. Select Device > SNMP from the navigation tree.
2. Click the View tab.
The view page appears.
Figure 40 View page
3. Click Add.
The Add View window appears.
Figure 41 Creating an SNMP view (1)
4. Enter the view name.
5. Click Apply.
The page in Figure 42 appears.
Figure 42 Creating an SNMP view (2)
6. Configure the parameters as described in Table 22.
7. Click Add.
8. Repeat steps 6 and 7 to add more rules for the SNMP view.
9. Click Apply.
To cancel the view, click Cancel.
|
Item |
Description |
|
View Name |
Set the SNMP view name. |
|
Rule |
Select to exclude or include the objects in the view range determined by the MIB subtree OID and subtree mask. |
|
MIB Subtree OID |
Set the MIB subtree OID (such as 1.4.5.3.1) or name (such as system). MIB subtree OID identifies the position of a node in the MIB tree, and it can uniquely identify a MIB subtree. |
|
Subtree Mask |
Set the subtree mask. If no subtree mask is specified, the default subtree mask (all Fs) will be used for mask-OID matching. |
Adding rules to an SNMP view
1. Select Device > SNMP from the navigation tree.
2. Click the View tab.
The page in Figure 43 appears.
3.
Click the 
icon of the target view.
The Add rule for the view ViewDefault window appears.
Figure 43 Adding rules to an SNMP view
4. Configure the parameters as described in Table 22.
5. Click Apply.
|
|
NOTE: You can modify the rules of a view in the
page you enter by clicking the |
Configuring an SNMP community
1. Select Device > SNMP from the navigation tree.
2. Click the Community tab.
The community tab page appears.
Figure 44 Configuring an SNMP community
3. Click Add.
The Add SNMP Community page appears.
Figure 45 Creating an SNMP Community
4. Configure SNMP community settings as described in Table 23.
5. Click Apply.
|
Item |
Description |
|
Community Name |
Set the SNMP community name. |
|
Access Right |
Configure SNMP NMS access right. · Read only—The NMS can perform read-only operations to the MIB objects when it uses this community name to access the agent. · Read and write—The NMS can perform both read and write operations to the MIB objects when it uses this community name to access the agent. |
|
View |
Specify the view associated with the community to limit the MIB objects that can be accessed by the NMS. |
|
ACL |
Associate the community with a basic ACL to allow or prohibit the access to the agent from the NMS with the specified source IP address. |
Configuring an SNMP group
1. Select Device > SNMP from the navigation tree.
2. Click the Group tab.
The group tab page appears.
3. Click Add.
The Add SNMP Group page appears.
Figure 47 Creating an SNMP group
4. Configure SNMP group settings as described in Table 24.
5. Click Apply.
|
Item |
Description |
|
Group Name |
Set the SNMP group name. |
|
Security Level |
Select the security level for the SNMP group. The available security levels are: · NoAuth/NoPriv—No authentication no privacy. · Auth/NoPriv—Authentication without privacy. · Auth/Priv—Authentication and privacy. |
|
Read View |
Select the read view of the SNMP group. |
|
Write View |
Select the write view of the SNMP group. If no write view is configured, the NMS cannot perform the write operations to all MIB objects on the device. |
|
Notify View |
Select the notify view of the SNMP group, that is, the view that can send trap messages. If no notify view is configured, the agent does not send traps to the NMS. |
|
ACL |
Associate a basic ACL with the group to restrict the source IP address of SNMP packets, that is, you can configure to allow or prohibit SNMP packets with a specific source IP address, so as to restrict the intercommunication between the NMS and the agent. |
Configuring an SNMP user
1. Select Device > SNMP from the navigation tree.
2. Click the User tab.
The user tab page appears.
3. Click Add.
The Add SNMP User page appears.
Figure 49 Creating an SNMP user
4. Configure SNMP user settings as described in Table 25.
5. Click Apply.
|
Item |
Description |
|
User Name |
Set the SNMP user name. |
|
Security Level |
Select the security level for the SNMP group. The available security levels are: · NoAuth/NoPriv—No authentication no privacy. · Auth/NoPriv—Authentication without privacy. · Auth/Priv—Authentication and privacy. |
|
Group Name |
Select an SNMP group to which the user belongs. · When the security level is NoAuth/NoPriv, you can select an SNMP group with no authentication no privacy. · When the security level is Auth/NoPriv, you can select an SNMP group with no authentication no privacy or authentication without privacy. · When the security level is Auth/Priv, you can select an SNMP group of any security level. |
|
Authentication Mode |
Select an authentication mode (including MD5 and SHA) when the security level is Auth/NoPriv or Auth/Priv. |
|
Authentication Password |
Set the authentication password when the security level is Auth/NoPriv or Auth/Priv. The confirm authentication password must be the same with the authentication password. |
|
Confirm Authentication Password |
|
|
Privacy Mode |
Select a privacy mode (including DES56, AES128, and 3DES) when the security level is Auth/Priv. |
|
Privacy Password |
Set the privacy password when the security level is Auth/Priv. The confirm privacy password must be the same with the privacy password. |
|
Confirm Privacy Password |
|
|
ACL |
Associate a basic ACL with the user to restrict the source IP address of SNMP packets, that is, you can configure to allow or prohibit SNMP packets with a specific source IP address, so as to allow or prohibit the specified NMS to access the agent by using this user name. |
Configuring SNMP trap function
1. Select Device > SNMP from the navigation tree.
2. Click the Trap tab.
The trap configuration page appears.
3. Select the box of Enable SNMP Trap.
4. Click Apply.
5. Click Add.
The page for adding a target host of SNMP traps appears.
Figure 51 Adding a target host of SNMP traps
6. Configure the settings for the target host as described in Table 26.
7. Click Apply.
|
Item |
Description |
|
Destination IP Address |
Set the destination IP address or domain. Select the IP address type: IPv4/Domain or IPv6, and then type the corresponding IP address or domain in the field according to the IP address type. |
|
Security Name |
Set the security name, which can be an SNMPv1 community name, an SNMPv2c community name, or an SNMPv3 user name. |
|
UDP Port |
Set UDP port number.
The default port number is 162, which is the SNMP-specified port used for receiving traps on the NMS. Generally (such as using iMC or MIB Browser as the NMS), you can use the default port number. To change this parameter to another value, you need to make sure that the configuration is the same with that on the NMS. |
|
Security Model |
Select the security model, that is, the SNMP version, which must be the same with that running on the NMS; otherwise, the NMS cannot receive any trap. |
|
Security Level |
Set the authentication and privacy mode for SNMP traps when the security model is selected as v3. The available security levels are: no authentication no privacy, authentication but no privacy, and authentication and privacy. |
Displaying SNMP packet statistics
1. Select Device > SNMP from the navigation tree.
The page for displaying SNMP packet statistics appears.
Figure 52 SNMP packet statistics
SNMP configuration example
Network requirements
The NMS connects to the agent, an AC, through an Ethernet. The IP address of the NMS is 1.1.1.2/24. The IP address of the VLAN interface on the AC is 1.1.1.1/24. Configure SNMP to achieve the following purposes.
· The NMS monitors the agent by using SNMPv3.
· The agent reports errors or faults to the NMS.
Configuring the agent
1. Enable SNMP agent:
a. Select Device > SNMP from the navigation tree.
The page in Figure 54 appears.
b. Select the Enable option.
c. Select the v3 box.
d. Click Apply.
2. Configure an SNMP view:
a. Click the View tab.
b. Click Add.
The page in Figure 55 appears.
d. Enter view1 in the field.
e. Click Apply.
The page in Figure 56 appears.
f. Select the Included radio box, enter the MIB subtree OID interfaces, and click Add.
g. Click Apply.
A configuration progress dialog box appears.
h. Click Close after the configuration process is complete.
Figure 55 Creating an SNMP view (1)
Figure 56 Creating an SNMP view (2)
a. Click the Group tab.
b. Click Add.
The page in Figure 57 appears.
c. Enter group1 in the field of Group Name, select view1 from the Read View box, and select view1 from the Write View box.
d. Click Apply.
Figure 57 Creating an SNMP group
4. Configure an SNMP user:
a. Click the User tab.
b. Click Add.
The page in Figure 58 appears.
c. Enter user1 in the field of User Name and select group1 from the Group Name box.
d. Click Apply.
Figure 58 Creating an SNMP user
5. Enable the agent to send SNMP traps:
a. Click the Trap tab
The page in Figure 59 appears.
b. Select the Enable SNMP Trap box.
c. Click Apply.
Figure 59 Enabling the agent to send SNMP traps
6. Add target hosts of SNMP traps:
a. Click Add on the Trap tab.
The page in Figure 60 appears.
b. Select the destination IP address type as IPv4/Domain, enter the destination address 1.1.1.2, enter the user name user1, and select v3 from the Security Model list.
c. Click Apply.
Figure 60 Adding target hosts of SNMP traps
Configuring the NMS
|
|
CAUTION: The configuration on the NMS must be consistent with that on the agent. Otherwise, you cannot perform corresponding operations. |
SNMPv3 adopts a security mechanism of authentication and privacy. You must configure username and security level. According to the configured security level, you must configure the related authentication mode, authentication password, privacy mode, privacy password, and so on.
You must also configure the aging time and retry times. After these configurations, you can configure the device as needed through the NMS. For more information about NMS configuration, see the manual provided for NMS.
Verifying the configuration
· After the above configuration, an SNMP connection is established between the NMS and the agent. The NMS can get and configure the values of some parameters on the agent through MIB nodes.
· If an idle interface on the agent is shut down or brought up, the NMS receives a trap information sent by the agent.
You can check whether an Ethernet port works normally by performing the Ethernet port loopback test, during which the port cannot forward data packets normally.
Ethernet port loopback test can be an internal loopback test or an external loopback test.
· In an internal loopback test, self loop is established in the switching chip to check whether there is a chip failure related to the functions of the port.
· In an external loopback test, a self-loop header is used on the port. Packets forwarded by the port will be received by itself through the self-loop header. The external loopback test can be used to check whether there is a hardware failure on the port.
Loopback operation
1. Select Device > Loopback from the navigation tree.
The loopback test configuration page appears.
Figure 61 Loopback test configuration page
2. Configure the loopback test parameters as described in Table 27.
|
Item |
Description |
|
|
Testing type |
External |
Set the loopback test type, which can be selected between External and Internal. Support for the test type depends on the device model. |
|
Internal |
||
3. Click Test to start the loopback test.
The Result box displays the test results.
Figure 62 Loopback test result
Configuration guidelines
When you perform a loopback test, follow these guidelines:
· You can perform an internal loopback test but not an external loopback test on a port that is physically down, while you can perform neither test on a port that is manually shut down.
· The system does not allow Rate, Duplex, Cable Type, and Port Status configuration on a port under a loopback test.
· An Ethernet port operates in full duplex mode when the loopback test is performed, and restores its original duplex mode after the loopback test.
