Huawei AR150/200 Series Configuration Manual Download

Page: 1 / 274

Huawei AR150&200 Series Enterprise Routers

V200R002C00

Configuration Guide - Network
Management

Issue

Date

2012-03-30

HUAWEI TECHNOLOGIES CO., LTD.

Summary of Contents for AR150/200 Series

Page 1: ...Huawei AR150 200 Series Enterprise Routers V200R002C00 Configuration Guide Network Management Issue 02 Date 2012 03 30 HUAWEI TECHNOLOGIES CO LTD ...

Page 2: ...be within the purchase scope or the usage scope Unless otherwise specified in the contract all statements information and recommendations in this document are provided AS IS without warranties guarantees or representations of any kind either express or implied The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensu...

Page 3: ...ANGER Indicates a hazard with a high level of risk which if not avoided will result in death or serious injury WARNING Indicates a hazard with a medium or low level of risk which if not avoided could result in minor or moderate injury CAUTION Indicates a potentially hazardous situation which if not avoided could result in equipment damage data loss performance degradation or unexpected results TIP...

Page 4: ...d by vertical bars Several items or no item can be selected 1 n The parameter before the sign can be repeated 1 to n times A line starting with the sign is comments Interface Numbering Conventions Interface numbers used in this manual are examples In device configuration use the existing interface numbers on devices Change History Updates between document versions are cumulative Therefore the late...

Page 5: ... Function 18 1 3 5 Optional Configuring the Trap Function 19 1 3 6 Checking the Configuration 20 1 4 Configuring a Device to Communicate with an NM Station by Running SNMPv3 22 1 4 1 Establishing the Configuration Task 22 1 4 2 Configuring Basic SNMPv3 Functions 23 1 4 3 Optional Controlling the NM Station s Access to the Device 25 1 4 4 Optional Enabling the SNMP Extended Error Code Function 27 1...

Page 6: ... in the LLDPDU 66 3 3 6 Optional Configuring LLDP Timers 67 3 3 7 Optional Enabling the LLDP Trap Function 70 3 3 8 Checking the Configuration 71 3 4 Maintaining LLDP 74 3 4 1 Clearing LLDP Statistics 74 3 4 2 Monitoring LLDP Status 74 3 5 Configuration Examples 74 3 5 1 Example for Configuring LLDP on the Device That Has a Single Neighbor 75 3 5 2 Example for Configuring LLDP on the Device That H...

Page 7: ...ng NTP Authentication in Broadcast Mode 123 5 3 7 Configuring NTP Authentication in Multicast Mode 123 5 3 8 Checking the Configuration 124 5 4 NTP Configuration Examples 125 5 4 1 Example for Configuring NTP Authentication in Unicast Server and Client Mode 125 5 4 2 Example for Configuring NTP Peer Mode 129 5 4 3 Example for Configuring NTP Authentication in Broadcast Mode 131 5 4 4 Example for C...

Page 8: ...e Configuration 162 6 9 Configuring the SNMP Query Test 163 6 9 1 Establishing the Configuration Task 163 6 9 2 Configuring the SNMP Query Test Parameters 163 6 9 3 Checking the Configuration 165 6 10 Configuring the TCP Test 166 6 10 1 Establishing the Configuration Task 166 6 10 2 Configuring the TCP Server 166 6 10 3 Configuring the TCP Client 167 6 10 4 Checking the Configuration 168 6 11 Conf...

Page 9: ...of Saving NQA Test Results Through FTP 193 6 17 4 Optional Configuring the Number of Test Results Saved Through FTP 193 6 17 5 Optional Configuring the Duration of Saving Test Results Through FTP 194 6 17 6 Optional Enabling Alarms to Be Sent to the NM Station After the FTP Transmission Succeeds 194 6 17 7 Starting the Test Instance 195 6 17 8 Checking the Configuration 196 6 18 Configuring a Thre...

Page 10: ...put Statistics 234 7 4 3 Outputting the Statistics 235 7 4 4 Optional Configuring the Inactive Aging Time 235 7 4 5 Optional Configuring the Active Aging Time 236 7 4 6 Enabling NetStream for Multicast Traffic on an Interface 236 7 4 7 Checking the Configuration 236 7 5 Configuring the Aggregation Statistics About IPv4 Traffic 237 7 5 1 Establishing the Configuration Task 238 7 5 2 Configuring the...

Page 11: ...ugh NetStream 251 7 9 Example for Configuring NetStream 251 7 9 1 Example for Collecting the Statistics of IPv4 Unicast Traffic 252 7 9 2 Example for Configuring NetStream of IPv4 Aggregation Traffic 253 7 9 3 Example for Configuring Flexible NetStream Traffic Statistics 256 8 Ping and Tracert 260 8 1 Ping and Tracert Overview 261 8 1 1 Introduction to Ping and Tracert 261 8 2 Configuring Ping and...

Page 12: ... by Running SNMPv2c After SNMPv2c is configured a managed device and an NM station can run SNMPv2c to communicate with each other To ensure normal communication you need to configure both sides This section describes only the configurations on a managed device the agent side For details about configurations on an NM station see the pertaining NM station operation guide 1 4 Configuring a Device to ...

Page 13: ...ons that the NM station can perform and allows devices to send alarms to notify the NM station of device faults An SNMP managed network consists of three components NM station agent and managed device The NM station uses the MIB to identify and manage device objects The operations used for device management include GetRequest GetNextRequest GetResponse GetBulk SetRequest and notification from the ...

Page 14: ...f numbers 1 2 1 1 Such a number string is called an Object Identifier OID A MIB tree is used to describe the hierarchy of data in a MIB that collects the definitions of variables on the managed devices A user can use a standard MIB or define a MIB based on certain standards Using a standard MIB can reduce the costs on proxy deployment and therefore reduce the costs on the entire network management...

Page 15: ... the value of a variable The NM station sends the request to a managed device to adjust the status of an object on the device Trap Reports an event to the NM station NOTE SNMP is used for NM station s monitoring and management of network devices It cannot be used to monitor and manage the operation of the entire network To monitor and manage the operation of an entire network for example to learn ...

Page 16: ...anaged devices This prevents data packets from being intercepted or modified improving data sending security Error code Identifies particular faults An administrator uses error codes to quickly locate and rectify faults The more error codes received the more they help an administrator in device management Trap Sent from managed devices to the NM station These traps allow an administrator to discov...

Page 17: ...irements are not strict or whose security is good for example VPNs but whose services are so busy that traffic congestion may occur SNMPv3 This version is applicable to networks of various scales especially the networks that have strict requirements on security and can be managed only by authorized administrators such as the scenario where data between the NM station and managed devices needs to b...

Page 18: ...nfiguring a device to communicate with an NM station by running SNMPv1 familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment SNMP needs to be deployed in a network to allow the NM station to manage network devices If...

Page 19: ...led By default the SNMP agent function is disabled Running any command with the parameter snmp agent can enable the SNMP agent function so this step is optional Step 3 Run snmp agent sys info version v1 The SNMP version is set By default SNMPv1 SNMPv2c and SNMPv3 are enabled Step 4 Run snmp agent community read write community name The community name is set l read must be configured in the command...

Page 20: ...k Step 7 Optional Run snmp agent sys info contact contact location location The equipment administrator s contact information or location is configured This step is required when the NM station administrator must know equipment administrators contact information and locations when the NM station manages many devices This allows the NM station administrator to contact the equipment administrators q...

Page 21: ...The system view is displayed Step 2 Run acl acl number A basic ACL is created to filter the NM station users that can manage the device Step 3 Run rule rule id deny permit source source ip address source wildcard any A rule is added to the ACL Step 4 Run quit Return to the system view Step 5 Run snmp agent mib view view name include exclude subtree name mask mask A MIB view is created and manageab...

Page 22: ...ress of the NM station is specified if the IP address changes for example the NM station changes its location or IP addresses are reallocated due to network adjustment you need to change the IP address of the NM station in the ACL Otherwise the NM station cannot access the device 1 2 4 Optional Enabling the SNMP Extended Error Code Function This section describes how to enable the extended SNMP er...

Page 23: ... is set The queue length depends on the number of generated trap messages If the router frequently generates trap messages a longer queue length can be set to prevent trap messages from being lost Step 5 Run snmp agent trap life seconds The lifetime of every trap message is set The lifetime of every trap message depends on the number of generated trap messages If the router frequently generates tr...

Page 24: ...ame ViewDefault Acl 2001 Total number is 1 Run the display snmp agent sys info version command You can view the SNMP version running on the agent Huawei display snmp agent sys info version SNMP version running in the system SNMPv1 Run the display acl acl number command You can view the rules in the specified ACL Huawei display acl 2000 Basic ACL 2000 1 rule Acl s step is 5 rule 5 permit source 1 1...

Page 25: ...eed to configure both sides This section describes only the configurations on a managed device the agent side For details about configurations on an NM station see the pertaining NM station operation guide The NM station manages a device in the following manners l Sends requests to the managed device to perform the GetRequest GetNextRequest GetResponse GetBulk or SetRequest operation obtaining dat...

Page 26: ...arm destination host and administrator s contact information and location 2 Optional ACL number IP address of the NM station MIB object 3 Optional Name of the alarm sending module source address of trap messages queue length for trap messages and lifetime of trap messages 1 3 2 Configuring Basic SNMPv2c Functions After basic SNMP functions are configured an NM station can perform basic operations ...

Page 27: ...msname The destination address for the alarms and error codes sent from the device is configured The descriptions of the command parameters are as follows l The default destination UDP port number is 162 In some special cases for example port mirroring is configured to prevent a well known port from being attacked the parameter udp port can be used to specify a non well known UDP port number This ...

Page 28: ...d manageable MIB objects for SNMP based communication between the NM station and managed device to improve communication security Context If a device is managed by multiple NM stations that use the same community name note the following points l If all the NM stations that use the community name need to have rights to access the objects in the Viewdefault view 1 3 6 1 skip the following steps l If...

Page 29: ...ead and write certain data l If some of the NM stations that use the community name need to have rights to access the objects in the Viewdefault view 1 3 6 1 mib view view name does not need to be configured in the command l If all the NM stations that use the community name need to manage specified objects on the device acl acl number does not need to be configured in the command l If some of the...

Page 30: ...fied After the source interface is specified its IP address becomes the source IP address of trap messages Configuring the IP address of the local loopback interface as the source interface is recommended which can ensure device security The source interface specified on the router for trap messages must be consistent with that specified on the NM station otherwise the NM station will not accept t...

Page 31: ...rator s contact information l Run the display snmp agent sys info location command to check the location of the device l Run the display current configuration include trap command to check trap configurations l Run the display snmp agent target host command to check information about the target host l Run the display snmp agent extend error code status command to check whether the SNMP extended er...

Page 32: ...snmp agent sys info contact The contact person for this managed node R D Beijing Huawei Technologies co Ltd Run the display snmp agent sys info location command You can view the location of the device Huawei display snmp agent sys info location The physical location of this node Beijing China Run the display current configuration include trap command You can view trap configurations Huawei display...

Page 33: ...ication see the following configuration procedures 1 4 1 Establishing the Configuration Task Before configuring a device to communicate with an NM station by running SNMPv3 familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable E...

Page 34: ... Context Steps 4 5 and 6 are mandatory for the configuration of basic SNMP functions After the configurations basic SNMP communication can be conducted between the NM station and managed device Procedure Step 1 Run system view The system view is displayed Step 2 Optional Run snmp agent The SNMP agent function is enabled By default the SNMP agent function is disabled Running any command with the pa...

Page 35: ... lower than the security level of the SNMP group to which the user belongs otherwise communication fails If the security level configured for the user is no authentication and no encryption the user has permission to access objects within MIB 2 and has only read property After a user is added to the user group the NM station that uses the name of the user can access the objects in the Viewdefault ...

Page 36: ...both the equipment administrator s contact information and location you must run the command twice to configure them separately End Follow up Procedure If finer device management is required follow directions below to configure the managed device l To allow a specified NM station in an SNMPv3 user group to manage specified objects of the device such as NM station with the specified IP address foll...

Page 37: ...ghts to access the objects in the Viewdefault view 1 3 6 1 l If a few MIB objects on the device or some objects in the current MIB view do not or no longer need to be managed by the NM station exclude needs to be specified in the command to exclude these MIB objects l If a few MIB objects on the device or some objects in the current MIB view need to be managed by the NM station include needs to be...

Page 38: ... l If some of the NM stations that are in the same SNMPv3 user group need to manage specified objects on the device both the MIB view and ACL need to be configured in the command End Follow up Procedure After the access rights are configured especially after the IP address of the NM station is specified if the IP address changes for example the NM station changes its location or IP addresses are r...

Page 39: ...n will not accept the trap messages sent from the router Step 4 Run snmp agent trap queue size size The length of the queue storing trap messages to be sent to the destination host is set The queue length depends on the number of generated trap messages If the router frequently generates trap messages a longer queue length can be set to prevent trap messages from being lost Step 5 Run snmp agent t...

Page 40: ...004C3F Group name testgroup Authentication mode md5 Privacy mode des56 Storage type nonVolatile User status active Total number is 1 Run the display snmp agent sys info version command You can view the SNMP version running on the agent Huawei display snmp agent sys info version SNMP version running in the system SNMPv3 Run the display acl acl number command You can view the rules in the specified ...

Page 41: ... section provides several configuration examples of SNMP The configuration roadmap in the examples will help you understand the configuration procedures Each configuration example provides information about the networking requirements configuration notes and configuration roadmap 1 5 1 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv1 This section provides an examp...

Page 42: ...e the trap function to allow the router to send alarms to NMS2 5 Configure the equipment administrator s contact information on the router 6 Configure NMS2 Data Preparation To complete the configuration you need the following data l SNMP version l Community name l ACL number l IP address of the NM station l Equipment administrator s contact information Procedure Step 1 Configure available routes b...

Page 43: ...ap hostname nms2 address 1 1 1 2 trap paramsname trapnms2 Huawei snmp agent trap queue size 200 Huawei snmp agent trap life 60 Huawei snmp agent trap enable Step 6 Configure the equipment administrator s contact information Huawei snmp agent sys info contact call Operator at 010 12345678 Step 7 Configure NMS2 For details on how to configure NMS2 see the relevant NMS configuration guide Step 8 Veri...

Page 44: ... Oct 11 2010 18 57 59 00 00 Huawei DS 4 DATASYNC_CFGCHANGE OID 1 3 6 1 4 1 2011 5 25 191 3 1 configurations have been changed The current change number is 95 the change loop count is 0 and the maximum number of records is 4095 Check the equipment administrator s contact information Huawei display snmp agent sys info contact The contact person for this managed node call Operator at 010 12345678 End...

Page 45: ...nage the router On the router only the modules that are enabled by default are allowed to send alarms to NMS2 This prevents an excess of unwanted alarms from being sent to NMS2 Equipment administrator s contact information needs to be configured on the router This allows the NMS administrator to contact the equipment administrator quickly if a fault occurs Figure 1 5 Networking diagram for configu...

Page 46: ...01 rule 6 deny source 1 1 1 1 0 0 0 0 Huawei acl basic 2001 quit Configure a MIB view Huawei snmp agent mib view dnsmib include 1 3 6 1 4 1 2011 5 25 194 Configure a community name to allow NMS2 to manage the objects in the MIB view Huawei snmp agent community write adminnms2 mib view dnsmib acl 2001 Step 5 Configure the trap function Huawei snmp agent target host trap paramsname trapnms2 v2c secu...

Page 47: ...nms2 Total number is 1 Parameter list trap target host Parameter name of the target host trapnms2 Message mode of the target host SNMPV2C Trap version of the target host v2c Security name of the target host adminnms2 Total number is 1 When an alarm is generated run the display trapbuffer command to view the details Huawei display trapbuffer Trapping buffer configuration and contents enabled Allowe...

Page 48: ...ple to describe how to configure a device to communicate with an NM station by using SNMPv3 and how to specify the MIB objects that can be managed by the NM station Networking Requirements As shown in Figure 1 6 two NM stations NMS1 and NMS2 and the router are connected across a public network According to the network planning NMS2 can manage DNS MIB object on the router and NMS1 does not manage t...

Page 49: ...router 6 Configure NMS2 Data Preparation To complete the configuration you need the following data l SNMP version l User group name l User name and password l Authentication and encryption algorithms l ACL number l IP address of the NM station l Equipment administrator s contact information Procedure Step 1 Configure available routes between the router and the NM stations Details for the configura...

Page 50: ...snmp agent target host trap paramsname trapnms2 v3 securityname testuser privacy Huawei snmp agent target host trap hostname nms2 address 1 1 1 2 trap paramsname trapnms2 Huawei snmp agent trap queue size 200 Huawei snmp agent trap life 60 Huawei snmp agent trap enable Step 6 Configure the equipment administrator s contact information Huawei snmp agent sys info contact call Operator at 010 1234567...

Page 51: ...ost v3 Security name of the target host testuser Security level of the target host privacy Total number is 1 When an alarm is generated run the display trapbuffer command to view the details Huawei display trapbuffer Trapping buffer configuration and contents enabled Allowed max buffer size 1024 Actual buffer size 256 Channel number 3 Channel name trapbuffer Dropped messages 0 Overwritten messages...

Page 52: ... agent target host trap hostname nms2 address 1 1 1 2 udp port 162 trap paramsname trapnms2 snmp agent target host trap paramsname trapnms2 v3 securityname testuser privacy snmp agent mib view dnsmib include hwDnsMib snmp agent usm user v3 testuser testgroup authentication mode md5 B4B3D731A5006953EDFC9BB83F983497 privacy mode des56 B4B3D731A5006953EDFC9BB83F983497 snmp agent trap enable snmp agen...

Page 53: ...ough RMON 2 3 RMON Configuration Examples This section provides examples for configuring RMON and illustrates the networking requirements configuration roadmap and configuration notes You can better understand the configuration procedures with the help of the configuration flowchart Huawei AR150 200 Series Enterprise Routers Configuration Guide Network Management 2 RMON Configuration Issue 02 2012...

Page 54: ...MIB l Embed a RMON agent into a network device a router for example to enable the device to be of the RMON Probe capability The NM Station uses the basic SNMP commands for exchanging data with the RMON agent and collecting the network management information This process is restricted by device resources and hence the NM Station collects only information on four groups alarm event history and stati...

Page 55: ...sm to limit the generation of alarms If this mechanism is adopted an alarm event is generated when the sampled data in a direction crosses the threshold No more events will be generated until the sampled data in the opposite direction crosses the threshold The AR150 200 does not apply this mechanism because it will not generate the alarms for a long period For the AR150 200 the alarms are re gener...

Page 56: ...us and traffic through RMON 2 2 1 Establishing the Configuration Task Before configuring RMON familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment To monitor network status and collect traffic statistics on a network segment you can confi...

Page 57: ...lated parameters 6 Prialarm table to be used and related parameters 2 2 2 Enabling the RMON Statistics Function on the Interface You need to enable traffic statistics function on the interface where traffic statistics are collected If the traffic statistics function is not enabled on the interface statistics values of in both ethernetStatsTable and HistoryControlTable are 0 Context Do as follows o...

Page 58: ...4 Configuring the HistoryControlTable HistoryControlTable provides the historical data management function With this function you can sample traffic of a certain interface set the maximum number of items to be saved and the sampling interval collect traffic statistics on the specific interface periodically and save the statistics to etherHistoryTable for future use Context As recommended by the RM...

Page 59: ...xceeds the alarm threshold the router generates logs sends traps or generates logs and sends traps Context Do as follows on the router that is monitored The RMON event management module is responsible for adding events to the corresponding rows in the eventTable and defining the methods of processing events l log sending only logs l log trap sending both logs and trap messages to the NM Station l ...

Page 60: ...red for example an inexistent OID is specified the status of alarm recording is undercreation and no alarm is generated Do as follows on the router that is monitored Procedure Step 1 Run system view The system view is displayed Step 2 Run rmon alarm entry number alarm OID sampling time absolute changeratio delta rising threshold threshold value1 event entry1 falling threshold threshold value2 even...

Page 61: ...ratio delta rising threshold threshold value1 event entry1 falling threshold threshold value2 event entry2 entrytype cycle entry period forever owner owner name The prialarmTable is configured End 2 2 8 Checking the Configuration After configuring RMON you can view the traffic statistics collected by RMON Prerequisites The configurations of the RMON are complete Procedure l Run the display rmon al...

Page 62: ...n history command to display the RMON history Huawei display rmon history History control entry 1 owned by Test300 is VALID Samples interface Ethernet1 0 0 ifEntry 402653698 Sampling interval 30 sec with 10 buckets max Last Sampling time 0days 00h 09m 43s Latest sampled values octets 645 packets 7 broadcast packets 7 multicast packets 0 undersize packets 6 oversize packets 0 fragments packets 0 ja...

Page 63: ...ork connected to Ethernet0 0 1 be monitored to obtain real time and history statistics of unicast packets on the network If the number of unicast packets in the VLAN becomes abnormal the Router sends a Trap message to the NMS Figure 2 1 Networking diagram of configuring RMON NM Station PC PC Ethernet 0 0 1 VLAN Router IP Netw ork Configuration Roadmap The configuration roadmap is as follows 1 Exec...

Page 64: ...cs enable Configure the etherStatsTable Router Ethernet0 0 1 rmon statistics 1 owner User01 Verify the configuration You can check the traffic on the subnet Router Ethernet0 0 1 display rmon statistics ethernet 0 0 1 Statistics entry 1 owned by User01 is VALID Interface Ethernet0 0 1 ifEntry 4 Received octets 156 packets 1 broadcast packets 0 multicast packets 1 undersize packets 0 oversize packet...

Page 65: ...er User01 Display the alarms Router display rmon event Event table 1 owned by User01 is VALID Description logevent Will cause log when triggered last triggered at 0days 00h 00m 00s Event table 2 owned by User01 is VALID Description prialarmevent Will cause snmp trap when triggered last triggered at 0days 00h 00m 00s Step 6 Configure the alarmTable for unicast packets Sample the unicast packets eve...

Page 66: ...y 1 buckets 10 interval 30 owner User01 rmon event 1 description logevent log owner User01 rmon event 2 description prialarmevent trap public owner User01 rmon alarm 1 1 3 6 1 2 1 2 2 1 11 4 30 absolute rising threshold 10000 1 falling threshold 100 2 owner User01 return Huawei AR150 200 Series Enterprise Routers Configuration Guide Network Management 2 RMON Configuration Issue 02 2012 03 30 Huawe...

Page 67: ...cribes the usage scenarios of the LLDP feature and TLV types supported by the AR150 200 3 3 Configuring LLDP This section describes how to configure LLDP 3 4 Maintaining LLDP This section describes how to clear LLDP statistics and monitor LLDP status 3 5 Configuration Examples This section provides LLDP configuration examples Huawei AR150 200 Series Enterprise Routers Configuration Guide Network M...

Page 68: ... information about configuration conflicts The Layer 2 discovery protocol precisely discovers the interfaces on each device and obtains connection information between devices In addition it displays the paths between clients switches routers application servers and network servers The Layer 2 information helps you quickly know the device topology detect configuration conflicts between devices and ...

Page 69: ...me system description port description system capability and management address LLDP Agent An LLDP agent manages LLDP operations for an interface The LLDP agent performs the following operations l Maintains information in the LLDP local system MIB l Obtains and sends LLDP local system MIB information to neighbor devices when the status of the local device status changes If the local device status ...

Page 70: ... C2 00 00 0E l SA indicates the bridge MAC address of the neighbor device l LLDP Ethertype indicates the LLDP packet type If a packet contains this field it is an LLDP packet and it is sent to the LLDP module The value of this field is 0x88CC l LLDPDU indicates the LLDP data unit It is the major content of an LLDP packet l FCS indicates the Frame Check Sequence LLDPDU in the LLDP packet contains t...

Page 71: ...tween two routers or the interfaces between a router and a media endpoint ME are directly connected so each interface has only one neighbor As shown in Figure 3 4 RouterA is directly connected to RouterB and ME Each interface on RouterA and RouterB has only one neighbor Figure 3 4 Each interface has only one neighbor Internet Router A RouterB ME NMS Networks Where an Interface Has Multiple Neighbo...

Page 72: ... LLDPDU 10 10 10 2 10 10 10 3 10 10 10 1 Networks Where Link Aggregation Is Configured As shown in Figure 3 6 a link aggregation group is configured between the routers Each interface in the link aggregation group has only one neighbor Figure 3 6 Link aggregation is configured on the network RouterA RouterB Enterprise User Enterprise User Network NMS Eth Trunk Huawei AR150 200 Series Enterprise Ro...

Page 73: ...n System Name TLV Device name l Organizationally Specific TLV defined in 802 1 Type Description Port VLAN TLV VLAN ID of an interface Port protocol VLAN TLV Protocol VLAN ID of an interface VLAN Name TLV VLAN name Protocol identity TLV Protocol types supported by an interface l Organizationally Specific TLV defined in 802 3 Type Description Link Aggregation TLV Whether a port supports link aggrega...

Page 74: ...tended Power via MDI TLV Power capability of the device By default LLDP advertises all types of TLVs except the Location Identification TLV 3 3 Configuring LLDP This section describes how to configure LLDP 3 3 1 Establishing the Configuration Task Applicable Environment The LLDP function on network devices allows the NMS to obtain device topology management addresses device identifications and int...

Page 75: ...face 6 Optional Delay to send neighbor change traps to the NMS 3 3 2 Enabling Global LLDP After LLDP is enabled on the router and its neighbors the router and its neighbors obtain status information of each other by exchanging LLDP packets The NMS obtains Layer 2 connection status from the router for network topology analysis Procedure Step 1 Run system view The system view is displayed Step 2 Run...

Page 76: ... LLDP can exist in the same Eth Trunk l LLDP can be enabled and disabled only on the physical interfaces such as Ethernet interfaces but cannot be used on logical interfaces such as VLANIF interfaces and Eth Trunk Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run undo lldp enable LLDP is dis...

Page 77: ...erfaces Context To enable an interface to send the 802 3 Power via MDI TLV run the lldp tlv enable dot3 tlv power command The 802 3 Power via MDI TLV has the following formats l 802 1ab format TLV type TLV information string length 802 3 OUI MDI power support PSE power pair power class l 802 3at format TLV type TLV information string length 802 3 OUI MDI power support PSE power pair power class ty...

Page 78: ...LV you must disable the other types of LLDP MED TLVs first To disable the MAC PHY Configuration Status TLVs you must disable the LLDP MED Capabilities TLV first l The 802 3 MAC PHY Configuration Status TLVs are advertised automatically after the LLDP MED Capabilities TLV is advertised l If you disable the LLDP MED TLVs and use the all keyword the MAC PHY Configuration Status TLVs are not disabled ...

Page 79: ...wever if the delay is too long the device cannot notify neighbors of its status in time and the NMS cannot discover the network topology changes in real time l A short delay increases the LLDP packet transmission frequency and enables the NMS to discover network topology changes in real time However if the delay is too short the LLDP packets are exchanged frequently and thus the system load is inc...

Page 80: ... topology flapping However if the value is too large the device cannot notify neighbors of its status in time and the NMS cannot discover the network topology changes in real time l A small value of the delay enables the NMS to discover topology change in time However if the value is too small the neighbors update device information too frequently This increases the load on the system and wastes r...

Page 81: ...lldp trap interval interval The delay to send neighbor change traps to the NMS is set The default value is 5 in seconds End 3 3 7 Optional Enabling the LLDP Trap Function To send traps to the NMS when the neighbor information changes you must enable the trap function on the router Context After the trap function is enabled the router sends traps to the NMS in one of the following cases l The LLDP ...

Page 82: ...interface number command to view neighbor information of an interface l Run the display lldp neighbor brief command to view brief information about neighbors l Run the display lldp tlv config command to view the TLV types supported by the interface End Example Run the display lldp local command The following information shows the LLDP status in the system and on the interface LLDP management addre...

Page 83: ...d 0 Remote Neighbors Aged 0 Total Neighbors 2 Port information Interface Ethernet0 0 0 LLDP Enable Status enabled default is disabled Total Neighbors 1 Port ID subtype interfaceName Port ID Ethernet0 0 0 Port description HUAWEI AR Series Interface Port And Protocol VLAN ID PPVID don t supported Port VLAN ID PVID 1 VLAN name of VLAN 1 VLAN1 Protocol identity STP RSTP MSTP LACP EthOAM CFM Auto negot...

Page 84: ...2C00 Copyright C 2000 2011 Huawei Technologies Co Ltd System capabilities supported bridge System capabilities enabled bridge Management address type ipV4 Management address 127 0 0 1 Expired time 104s Port VLAN ID PVID 1 VLAN name of VLAN 1 VLAN1 Protocol identity STP RSTP MSTP LACP GVRP Auto negotiation supported Yes Auto negotiation enabled Yes OperMau speed 100 duplex Full Power port class PD ...

Page 85: ...Procedure l Run the reset lldp statistics interface interface type interface number command to clear LLDP statistics End 3 4 2 Monitoring LLDP Status To view LLDP status run the following display commands Procedure l Run the display lldp local interface interface type interface number command to view LLDP status in the entire system or on an interface l Run the display lldp statistics interface in...

Page 86: ... LLDP management address changes global LLDP is enabled or disabled or the neighbor information changes This ensures that the administrator detects topology changes in time The ME supports the LLDP function Reachable routes exist between the NMS and Routers The SNMP parameters are set on all devices Figure 3 7 Configuring LLDP on the device that has a single neighbor Internet Router A RouterB M E ...

Page 87: ...p enable Step 4 Verify the configuration Check whether the LLDP function is enabled management addresses are configured and the LLDP trap function is enabled l View the configurations on RouterA RouterA display lldp local System information Chassis type macAddress Chassis ID 00e0 11fc 1710 System name RouterA System description Huawei AR200 Huawei Versatile Routing Platform Software V RP R softwar...

Page 88: ...days 5 hours 57 minutes 32 seconds Remote Neighbors Added 15 Remote Neighbors Deleted 13 Remote Neighbors Dropped 0 Remote Neighbors Aged 0 Total Neighbors 2 Port information Interface Ethernet0 0 0 LLDP Enable Status enabled default is disabled Total Neighbors 1 Port ID subtype interfaceName Port ID Ethernet0 0 0 Port description HUAWEI AR Series Ethernet0 0 0 Interface Port And Protocol VLAN ID ...

Page 89: ...erA display lldp neighbor interface ethernet 0 0 0 Ethernet0 0 0 has 1 neighbors Neighbor index 1 Chassis type macAddress Chassis ID 00e0 11fc 1710 Port ID type interfaceName Port ID Ethernet0 0 0 Port description HUAWEI AR Series Ethernet0 0 0 Interface System name RouterB System description Huawei AR200 Huawei Versatile Routing Platform Software V RP R software Version 5 100 AR200 V200R002C00 Co...

Page 90: ...orted Yes Link aggregation enabled No Aggregation port ID 0 Maximum frame Size 9216 MED Device information Device class Network Connectivity HardwareRev AR01SRU3A VER A FirmwareRev 100 SoftwareRev V200R002C00 SerialNum NA Manufacturer name HUAWEI TECH CO LTD Model name NA Asset tracking identifier NA Media policy type Voice Unknown Policy Defined VLAN tagged Yes Media policy VlanID 0 Media policy ...

Page 91: ...figuring LLDP on the Device That Has Multiple Neighbors After LLDP is configured on the network devices the NMS can obtain the network topology The following example describes how to configure LLDP on the devices that have multiple neighbors Networking Requirements As shown in Figure 3 8 RouterA RouterB and RouterC are connected through an unknown network The unknown network is not managed by the ...

Page 92: ...NMP packet LLDPDU packet LLDPDU 10 10 10 2 10 10 10 3 10 10 10 1 Configuration Roadmap The configuration roadmap is as follows 1 Enable global LLDP on RouterA RouterB and RouterC 2 Configure management addresses for RouterA RouterB and RouterC Data Preparation To complete the configuration you need the following data l Management addresses for RouterA RouterB and RouterC Procedure Step 1 Enable gl...

Page 93: ...formation Chassis type macAddress Chassis ID 00e0 11fc 1710 System name RouterA System description Huawei AR200 Huawei Versatile Routing Platform Software V RP R software Version 5 100 AR200 V200R002C00 Copyright C 2000 2011 Huawei Technologies Co Ltd System capabilities supported bridge System capabilities enabled bridge LLDP Up time 2010 11 13 11 40 49 MED system information Device class Network...

Page 94: ...face Ethernet0 0 0 LLDP Enable Status enabled default is disabled Total Neighbors 1 Port ID subtype interfaceName Port ID Ethernet0 0 0 Port description HUAWEI AR Series Ethernet0 0 0 Interface Port And Protocol VLAN ID PPVID don t supported Port VLAN ID PVID 1 VLAN name of VLAN 1 VLAN1 Protocol identity STP RSTP MSTP LACP EthOAM CFM Auto negotiation supported Yes Auto negotiation enabled Yes Oper...

Page 95: ...ID type interfaceName Port ID Ethernet0 0 0 Port description HUAWEI AR Series Ethernet0 0 0 Interface System name RouterB System description Huawei AR200 Huawei Versatile Routing Platform Software V RP R software Version 5 100 AR200 V200R002C00 Copyright C 2000 2011 Huawei Technologies Co Ltd System capabilities supported bridge System capabilities enabled bridge Management address type ipV4 Manag...

Page 96: ...SRU3A VER A FirmwareRev 100 SoftwareRev V200R002C00 SerialNum NA Manufacturer name HUAWEI TECH CO LTD Model name NA Asset tracking identifier NA Media policy type Voice Unknown Policy Defined VLAN tagged Yes Media policy VlanID 0 Media policy L2 priority 6 Media policy Dscp 46 Power Type Unknown PoE PSE power source Unknown Port PSE Priority Unknown Port Available power value 2 l View the configur...

Page 97: ...e Network Where Link Aggregation Is Configured After LLDP is configured on the interfaces of network devices the NMS can obtain the network topology The following example describes how to configure LLDP on the network where link aggregation is configured Networking Requirements As shown in Figure 3 9 RouterA and RouterB need to be connected by an Eth Trunk The NMS needs to obtain the Layer 2 infor...

Page 98: ... following data l Management address 10 10 10 1 for RouterA and management address 10 10 10 2 for RouterB l Number of the Eth Trunk between RouterA and RouterB and numbers of the interfaces added to the Eth Trunk Procedure Step 1 Configure the Eth Trunk between RouterA and RouterB Configure RouterA Huawei system view Huawei sysname RouterA RouterA vlan batch 100 RouterA interface eth trunk 1 Route...

Page 99: ...A Least Active linknumber 1 Max Bandwidth affected linknumber 8 Operate status up Number Of Up Port In Trunk 3 PortName Status Weight Ethernet0 0 0 Up 1 Ethernet0 0 1 Up 1 Ethernet0 0 2 Up 1 View the LLDP configurations RouterA display lldp local System information Chassis type macAddress Chassis ID 00e0 11fc 1710 System name RouterA System description Huawei AR200 Huawei Versatile Routing Platfor...

Page 100: ...e Last Change Time 0 days 5 hours 57 minutes 32 seconds Remote Neighbors Added 15 Remote Neighbors Deleted 13 Remote Neighbors Dropped 0 Remote Neighbors Aged 0 Total Neighbors 2 Port information Interface Ethernet0 0 0 LLDP Enable Status enabled default is disabled Total Neighbors 1 Port ID subtype interfaceName Port ID Ethernet0 0 0 Port description HUAWEI AR Series Ethernet0 0 0 Interface Port ...

Page 101: ... Port PSE Priority Unknown Port Available power value 2 Interface Ethernet0 0 1 LLDP Enable Status enabled default is disabled Total Neighbors 1 Port ID subtype interfaceName Port ID Ethernet0 0 1 Port description HUAWEI AR Series Ethernet0 0 1 Interface Port And Protocol VLAN ID PPVID don t supported Port VLAN ID PVID 1 VLAN name of VLAN 1 VLAN1 Protocol identity STP RSTP MSTP LACP EthOAM CFM Aut...

Page 102: ... 46 Power Type Unknown PoE PSE power source Unknown Port PSE Priority Unknown Port Available power value 2 Interface Ethernet0 0 2 LLDP Enable Status enabled default is disabled Total Neighbors 1 Port ID subtype interfaceName Port ID Ethernet0 0 2 Port description HUAWEI AR Series Ethernet0 0 2 Interface Port And Protocol VLAN ID PPVID don t supported Port VLAN ID PVID 1 VLAN name of VLAN 1 VLAN1 ...

Page 103: ...nID 0 Media policy L2 priority 6 Media policy Dscp 46 Power Type Unknown PoE PSE power source Unknown Port PSE Priority Unknown Port Available power value 2 View the neighbor information of RouterA RouterA display lldp neighbor brief Local Intf Neighbor Dev Neighbor Intf Exptime Eth0 0 0 RouterB Eth0 0 0 115 Eth0 0 1 RouterB Eth0 0 1 115 Eth0 0 2 RouterB Eth0 0 2 115 l View the configurations on R...

Page 104: ...nk 1 return l Configuration file of RouterB sysname RouterB interface Ethernet0 0 8 ip address 10 10 10 2 255 255 255 0 vlan batch 100 lldp enable lldp management address 10 10 10 2 interface Eth Trunk1 port link type trunk port trunk allow pass vlan 100 interface Ethernet0 0 0 eth trunk 1 interface Ethernet0 0 1 eth trunk 1 interface Ethernet0 0 2 eth trunk 1 return Huawei AR150 200 Series Enterp...

Page 105: ...o manage it During connection setup the CPE or ACS needs to be authenticated The connection can be set up only after the CPE or ACS is authenticated After the connection is set up the ACS invokes Remote Procedure Call RPC methods to manage and maintain the CPE 4 3 Configuring CWMP This section describes how to configure CWMP 4 4 Configuration Examples This chapter provides CWMP configuration examp...

Page 106: ...ows the CWMP network model Figure 4 1 CWMP network model IP Network CPE ACS DNS Server DHCP Server A CWMP network model consists of l ACS manages and maintains CPEs on the network l CPE managed by the ACS l DNS server defines that an ACS and a CPE use URL to identify and access each other DNS resolves the URL l DHCP server assigns IP addresses to ACSs and CPEs and sets parameters for CPEs by using...

Page 107: ... an ACS An ACS can initiate a Connect Request to a CPE at any time After the CPE authenticates the request a session can be set up This mode requires that the CPE have successfully set up a connection with the ACS The ACS then stores the IP address of the CPE in its own address list so that the ACS can initiate connections with the CPE SSL Security Socket Layer SSL is a security protocol developed...

Page 108: ...nce and functions Therefore an ACS must be able to identify each type of CPE and monitor the configurations and configuration changes of each CPE CWMP allows network administrators to define monitoring parameters and obtain the CPE status and statistics by using an ACS NOTE The configurations on the ACS are not mentioned here 4 3 Configuring CWMP This section describes how to configure CWMP 4 3 1 ...

Page 109: ...he CWMP function is enabled Procedure Step 1 Run system view The system view is displayed Step 2 Run cwmp The CWMP view is displayed Step 3 Run cwmp enable The CWMP function is enabled End 4 3 3 Configuring CWMP Auto Connection To allow the ACS to manage the CPE set up a connection between the ACS and the CPE Context How a CPE obtains the URL of ACS To set up a connection with an ACS the CPE must ...

Page 110: ...the CPE and the ACS are allowed to initiate connections This avoids the need for a persistent connection to be maintained between each CPE and an ACS The following configuration procedure shows how a CPE initiates a connection with the ACS To set up a connection the CPE sends Inform messages to the ACS You can configure the CPE to automatically send Inform messages to the ACS by setting Inform mes...

Page 111: ...orm messages periodically 1 Run cwmp cpe inform interval enable The CPE is enabled to periodically send Inform messages By default the CPE does not periodically send Inform messages 2 Run cwmp cpe inform interval The interval at which a CPE sends Inform messages is set By default a CPE sends an Inform message every 600 seconds l Sending an Inform message at a specified time 1 Run cwmp cpe inform t...

Page 112: ...he CPE authenticates the ACS After the ACS sends an HTTP packet containing the IP address of the CPE the CPE authenticates the ACS by using the user name and password After being authenticated the ACS can set up a connection with the CPE Maximum number of connection attempts If the CPE fails to set up a connection with the ACS or a connection is torn down unexpectedly the CPE can be configured to ...

Page 113: ... to retry a connection is set By default the maximum number of attempts is 3 Step 7 Run cwmp cpe wait timeout seconds The close wait timer of the CPE is set By default the close wait timer is 30 seconds End 4 3 5 Configuring CWMP SSL CWMP SSL ensures communication security and data integrity between the ACS and CPE Context Security Socket Layer SSL is a security protocol developed by Netscape It u...

Page 114: ...rt path2 ssl policy policy name The CPE is configured to validate the certificate from the ACS NOTE The system time must be correctly set otherwise certificate validation may fail To use a new certificate uninstall the existing certificate first Before configuring a CPE to authenticate the ACS using an SSL policy run the ssl policy policy name type client command to configure the SSL policy on the...

Page 115: ...rmation is set by user ACS username newacsname ACS password newacspsw Connection status connected Time of last successful connection 2010 12 01T20 00 00 4 4 Configuration Examples This chapter provides CWMP configuration examples 4 4 1 Example for Configuring CWMP By using the CWMP function an ACS can manage CPEs Networking Requirements As shown in Figure 4 2 multiple hosts in Enterprise A access ...

Page 116: ...t to the ACS Router cwmp cwmp acs url http www acs com 80 acs Enable the Router to send Inform messages Router cwmp cwmp cpe inform interval enable Set the interval at which the Router sends Inform messages to 1000 seconds Router cwmp cwmp cpe inform interval 1000 Configure the Router to send an Inform message at 2011 01 01 20 00 00 Router cwmp cwmp cpe inform time 2011 01 01T20 00 00 Step 4 Set C...

Page 117: ...e URL of the ACS status of the connection between the CPE and the ACS and time when the last connection is set up Router display cwmp status CWMP is enabled ACS URL http www acs com 80 acs ACS information is set by user ACS username newacsname ACS password newacspsw Connection status connected Time of last successful connection 2010 12 01T20 00 00 End Configuration Files Configuration file of the ...

Page 118: ...ibes how to configure NTP security mechanisms to guarantee reliable clock synchronization on networks demanding high security 5 4 NTP Configuration Examples This section provides examples for configuring NTP and illustrates the networking requirements configuration roadmap and configuration notes You can better understand the configuration procedures with the help of the configuration flowchart Hu...

Page 119: ...art of all the routers in a network requires the clocks of all the routers be consistent l Several systems working together on the same complicate event Systems have to take the same clock for reference to ensure a proper sequence of implementation l Incremental backup between the backup server and clients Clocks on the backup server and clients should be synchronized l User login time Some applic...

Page 120: ...RouterA 10 00 00am NTP Packet received at 10 00 03 RouterA RouterA RouterA RouterB RouterB RouterB Step1 Step2 Step3 Step4 Network RouterB NTP packet NTP packet 11 00 01am 10 00 00am NTP packet 11 00 01am 10 00 00am 11 00 02am Network Network Network The process of synchronizing system clocks is as follows 1 Router A sends an NTP packet to Router B The packet carries the originating timestamp when...

Page 121: ...ode In this mode you need to configure only the client The server needs to be configured with only one NTP primary clock Note that the client can be synchronized to the server but the server cannot be synchronized to the client After the configuration the following actions occur 1 The client sends a synchronization request packet to the server with the mode field being set to 3 The value 3 indicat...

Page 122: ...erver and the client After the configurations the following actions occur l The server periodically sends clock synchronization packets to the configured multicast address By default the multicast address is 224 0 1 1 l The client senses multicast packets from the server l After receiving the first multicast packet to estimate the network delay the client enables a temporary Client Server model fo...

Page 123: ...ing to the operation mode l Client Server mode IP address of the server and the VPN instance that the server belongs to l Peer mode IP address of the symmetric passive end and the VPN instance that it belongs to l Broadcast mode interfaces to send and receive broadcast NTP packets and the maximum sessions set up dynamically on the client l Multicast mode IP address of the multicast group the TTL v...

Page 124: ...er Context Commonly specify the IP address of the NTP server on the client The client and server can then exchange NTP packets using this IP address If the source interface to send NTP packets is specified on the server the IP address of the server configured on the client should be the same otherwise the client cannot process NTP packets sent from the server and clock synchronization fails Proced...

Page 125: ... ipv6 source interface interface type interface number vpn instance vpn instance name The local source interface that sends NTP packets is specified End 5 2 4 Configuring the Peer Mode This part describes how to configure the NTP peer mode In this mode clocks on the two peers synchronize with each other based on the stratum Each side can send the clock synchronization request message to the peer a...

Page 126: ... packets using this IP address If the source interface to send NTP packets is specified on the symmetric active end the IP address of the NTP peer configured on the symmetric passive end should be the same otherwise the passive end cannot process NTP packets sent from the active end and clock synchronization fails End 5 2 5 Configuring the Broadcast Mode This part describes how to configure the NT...

Page 127: ...ult a maximum of 100 NTP sessions can be set up dynamically After the configurations the local router senses the broadcast NTP packets sent from the server and synchronizes the local clock Running the ntp service max dynamic sessions command does not affect the existence of NTP sessions When the number of the sessions reaches or exceeds the maximum the new session cannot be set up further End 5 2 ...

Page 128: ... client ip address The local router is set to be an NTP multicast client Step 2 is optional By default up to 100 NTP sessions can be set up dynamically After the configurations the local router senses the multicast NTP packets sent from the server and synchronizes the local clock Running the ntp service max dynamic sessions command does not affect the existence of NTP sessions When the number of t...

Page 129: ...the display ntp service trace command to view the summary information on each passing NTP server when tracing from the local device to the reference clock source End Example Run the display ntp service status command to view the status of the NTP service Huawei display ntp service status clock status synchronized clock stratum 2 reference clock ID LOCAL 0 nominal frequency 60 0002 Hz actual freque...

Page 130: ...authority and NTP authentication l Access authority Access authority is a type of simple security method provided by the AR150 200 to protect local NTP services The AR150 200 provides four access authority levels When an NTP access request packet reaches the local end it is matched in an order from the minimum access authority to the maximum access authority The first matched authority level takes...

Page 131: ...make the server and client reachable l Configuring ACL rules if the access authority is configured Data Preparation To configure NTP security mechanisms you need the following data No Data 1 ACL rules 2 Shared key and its ID that are used in NTP authentication 3 NTP primary clock and its stratum 4 Interfaces that send and receive NTP packets 5 NTP version 5 3 2 Setting NTP Access Authorities When ...

Page 132: ...the client with the server NTP multicast client NTP broadcast mode Synchronizing the client with the server NTP broadcast client End 5 3 3 Enabling NTP Authentication This part describes how to set NTP Autokey authentication and MD5 authentication on the device Context NTP client synchronizes to authenticated NTP servers to ensure that time service is reliable across the network Authentication pre...

Page 133: ...client Procedure Step 1 Run system view The system view is displayed Step 2 Run ntp service unicast server ip address authentication keyid key id version number source interface interface type interface number vpn instance vpn instance name preference The ID of the authentication key used for the synchronization of the server and client clocks is configured End 5 3 5 Configuring NTP Authentication...

Page 134: ... 2 Run interface interface type interface number The interface to send broadcast NTP packets is configured Step 3 Run quit The system view is displayed Step 4 Run ntp service broadcast server authentication keyid key id version number The ID of the authentication key used by the NTP broadcast server is configured For configuring the broadcast client see Configuring the Broadcast Mode End 5 3 7 Con...

Page 135: ...rvice sessions verbose command to view the status of NTP sessions End Example Run the display ntp service status command to view the status of the NTP service Huawei display ntp service status clock status synchronized clock stratum 2 reference clock ID LOCAL 0 nominal frequency 60 0002 Hz actual frequency 60 0002 Hz clock precision 2 18 clock offset 0 0000 ms root delay 0 00 ms root dispersion 0 ...

Page 136: ...tion cannot be passed Networking Requirements As shown in Figure 5 2 l RouterA functions as a unicast NTP server The clock on it functions as a primary NTP clock with the stratum being 2 l RouterB functions as a unicast NTP client Its clock needs to be synchronized with the clock on RouterA l RouterC and RouterD function as NTP clients of RouterB l Enable NTP authentication NOTE AR150 200 is Route...

Page 137: ...TP authentication configure the authentication key and declare the key to be reliable RouterA ntp service authentication enable RouterA ntp service authentication keyid 42 authentication mode md5 Hello RouterA ntp service reliable authentication keyid 42 Note that authentication keys configured on the server and the client should be the same Step 3 Configure a primary NTP clock on RouterB and enab...

Page 138: ...k on RouterB View the NTP status on RouterC and find that the clock is synchronized The stratum of the clock is 4 one stratum lower than that on RouterB RouterC display ntp service status clock status synchronized clock stratum 4 reference clock ID 10 0 0 1 nominal frequency 60 0002 Hz actual frequency 60 0002 Hz clock precision 2 18 clock offset 3 8128 ms root delay 31 26 ms root dispersion 74 20...

Page 139: ...s 10 0 0 1 255 255 255 0 interface GigabitEthernet2 0 0 ip address 10 0 1 1 255 255 255 0 ospf 1 area 0 0 0 0 network 10 0 1 0 0 0 0 255 network 10 0 0 0 0 0 0 255 ntp service authentication enable ntp service authentication keyid 42 authentication mode md5 ENC 8HX Q Q MAF4 1 ntp service reliable authentication keyid 42 ntp service unicast server 2 2 2 2 authentication keyid 42 return l Configurat...

Page 140: ... That is RouterD functions as the client l RouterE takes RouterD as its symmetric passive end That is RouterE is the symmetric active end Figure 5 3 Networking diagram of the NTP peer mode Router C Router D Router E Eth1 0 0 10 0 1 1 24 Eth1 0 0 10 0 1 2 24 Eth1 0 0 10 0 1 3 24 Configuration Roadmap The configuration roadmap is as follows 1 Configure the clock on RouterC to be the NTP primary cloc...

Page 141: ...n RouterC RouterD display ntp service status clock status synchronized clock stratum 3 reference clock ID 10 0 1 1 nominal frequency 64 0029 Hz actual frequency 64 0029 Hz clock precision 2 7 clock offset 0 0000 ms root delay 62 50 ms root dispersion 0 20 ms peer dispersion 7 81 ms reference time 06 52 33 465 UTC Mar 7 2006 C7B7AC31 773E89A8 Step 3 Configure the unicast NTP peer mode On RouterE co...

Page 142: ...figuration file of RouterE sysname RouterE interface Ethernet1 0 0 ip address 10 0 1 3 255 255 255 0 ntp service unicast peer 10 0 1 2 return 5 4 3 Example for Configuring NTP Authentication in Broadcast Mode On a LAN the device with the most precise clock is specified as the NTP server Clocks on other devices synchronize with the clock on the NTP server Networking Requirements As shown in Figure ...

Page 143: ...es based on Figure 5 4 The detailed procedures are not mentioned here Step 2 Configure an NTP broadcast server and enable NTP authentication on it Set the local clock of RouterA as a primary clock with stratum being 3 RouterA system view RouterA ntp service refclock master 3 Enable NTP authentication RouterA ntp service authentication enable RouterA ntp service authentication keyid 16 authenticati...

Page 144: ... 0 RouterC interface ethernet 1 0 0 RouterC Ethernet1 0 0 ntp service broadcast client RouterC Ethernet1 0 0 quit Step 5 Verify the configuration After the configurations the clock on RouterB and RouterC can be synchronized to the clock on RouterA Check the NTP status on RouterB and you can find that the clock status is synchronized That is clock synchronization completes The stratum of the clock ...

Page 145: ...nt ntp service authentication enable ntp service authentication keyid 16 authentication mode md5 ENC 8HX Q Q MAF4 1 ntp service reliable authentication keyid 16 return 5 4 4 Example for Configuring Multicast Mode In a multicast domain the device with the most precise clock is specified as the NTP server Clocks on other devices synchronize with the clock on the NTP server Networking Requirements As...

Page 146: ... here Step 2 Configure an NTP multicast server Set the local clock on RouterA as an NTP primary clock with stratum 2 RouterA system view RouterA ntp service refclock master 2 Configure RouterA to be an NTP multicast server NTP multicast packets are sent from Eth 1 0 0 RouterA interface ethernet 1 0 0 RouterA Ethernet1 0 0 ntp service multicast server Step 3 Configure RouterB Configure RouterB to b...

Page 147: ...z actual frequency 60 0002 Hz clock precision 2 18 clock offset 0 66 ms root delay 24 47 ms root dispersion 208 39 ms peer dispersion 9 63 ms reference time 17 03 32 022 UTC Apr 25 2005 C61734FD 800303C0 End Configuration Files l Configuration file of RouterA sysname RouterA ntp service refclock master 2 interface Ethernet1 0 0 ip address 10 1 1 1 255 255 255 0 ntp service multicast server return ...

Page 148: ... the FTP download performance 6 5 Configuring the FTP Upload Test This section describes how to configure an FTP upload test to check the FTP upload performance 6 6 Configuring the HTTP Test This section describes how to configure a Hypertext Transfer Protocol HTTP test to check the responding speed of the HTTP service in each phase 6 7 Configuring the DNS Test This section describes how to config...

Page 149: ...he specified service on the network 6 16 Configuring the Trap Function This section describes how to configure the trap function in an NQA test instance After the trap function is configured a trap message is sent to the NMS in case of transmission success or transmission failure 6 17 Configuring Test Results to Be Sent to the FTP Server This section describes how to configure the system to send t...

Page 150: ...on delay of Domain Name System DNS resolution and ratio of error DNS resolution By controlling these indexes network operators provide users with services of various grades and charges users differently NQA is also an effective tool to diagnose and locate faults in a network 6 1 2 Comparisons Between NQA and Ping This part describes the differences between NQA and Ping tests NQA is the extension a...

Page 151: ...CP UDP and Jitter tests however you must configure the NQA server An NQA server processes the test packets received from the clients As shown in Figure 6 2 the NQA server responds to the test request packet received from the client through the monitoring function Figure 6 2 Relationship between the NQA client and the NQA server NQA Client NQA Server IP MPLS Network You can create multiple TCP or U...

Page 152: ... tests immediate timely and delayed Supports several modes of ending tests automatic immediate timely delayed and ending the test when the lifetime of the test expires Supports auto distributing the start time and the test interval when several tests are performed at a time l Supports the auto delay function with which the system resources can be effectively utilized so that tests can be completed...

Page 153: ... ping command but its output is more detailed Pre configuration Tasks Before configuring the ICMP test configure reachable routes between the NQA client and the tested device Data Preparation To configure the ICMP test you need the following data No Data 1 Administrator name and test name of the NQA test 2 Destination IP address 3 Optional Virtual Private Network VPN instance name source interface...

Page 154: ...et header excluded of the Echo Request packet run the datasize size command datasize size equals the s option in the ping command l To configure the time to live TTL value run the ttl number command ttl number equals the h option in the ping command l To configure the type of service ToS field in the IP packet header run the tos value command tos equals the tos option in the ping command l To conf...

Page 155: ...The configurations of the ICMP Test function are complete Context NOTE NQA test results cannot be displayed automatically on a terminal You must run the display nqa results command to view test results By the default the command output contains the records about only the last five test results Procedure Step 1 Run the display nqa results test instance admin name test name command to view the test ...

Page 156: ...obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment To obtain the following information you can create an NQA DHCP test l Time for a client to set up a connection with a DHCP server l Time for a client to obtain its IP address Pre configuration Tasks Before configuring the DHCP test complete the following tasks l Configuring the ...

Page 157: ...nal Run the following commands to configure other parameters for the DHCP test For detailed parameter configurations see the chapter Configuring Universal NQA Test Parameters l To set the timeout period of the NQA test run the timeout time command NOTE For the DHCP test the time taken to wait for the response to the probe packet may reach 10 seconds By default the timeout period is 15 seconds You ...

Page 158: ... By the default the command output contains the records about only the last five tests Procedure Step 1 Run the display nqa results test instance admin name test name command to view the test results on the NQA client End Example Run the display nqa results command If the test is successful the following is displayed l testflag is inactive l The test is finished l Completion success For the DHCP t...

Page 159: ...his can help you complete the configuration task quickly and accurately Applicable Environment In an FTP download test the local device functions as an NQA FTP client intending to download the specified file from an FTP server The test result contains statistics about each FTP phase including the time to set up an FTP control connection and the time to transport the data Pre configuration Tasks Be...

Page 160: ...e FTP Download test For detailed parameter configurations see the chapter Configuring Universal NQA Test Parameters l To configure the source IP address run the source address ipv4 ip address command l To configure the FTP source port number run the source port port number command l To configure the FTP destination port number run the destination port port number command l To configure the NQA tes...

Page 161: ... seconds second hh mm ss lifetime seconds second hh mm ss command The test instance is started at a specified time l To perform the NQA test after a certain delay period run the start delay seconds second hh mm ss end at yyyy mm dd hh mm ss delay seconds second hh mm ss lifetime seconds second hh mm ss command The test instance is started after a certain delay End 6 4 3 Checking the Configuration ...

Page 162: ...o configure an FTP upload test to check the FTP upload performance 6 5 1 Establishing the Configuration Task Before configuring an FTP upload test familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment In an FTP upload test the local device...

Page 163: ...lient Procedure Step 1 Run system view The system view is displayed Step 2 Run nqa test instance admin name test name An NQA test instance is created and the test instance view is displayed Step 3 Run test type ftp The test type is set to FTP Step 4 Run destination address ipv4 ip address The destination IP address is configured Step 5 Optional Perform the following as required to configure other ...

Page 164: ...th can contain these characters l The file name can contain the extension name but cannot contain the extension name only such as txt l To upload the file with a specified size run the ftp filesize size command The client then automatically creates a file name nqa ftp test txt to upload NOTE During the FTP test select a file with a relatively small size If the file is large the test may fail becau...

Page 165: ...results command If the test is successful the following is displayed l CtrlConnTime l DataConnTime l SumTime Huawei display nqa results NQA entry admin ftp testflag is inactive testtype is ftp 1 Test 1 result The test is finished SendProbe 1 ResponseProbe 1 Completion success RTD OverThresholds number 0 MessageBodyOctetsSum 448 Stats errors number 0 Operation timeout number 0 System busy operation...

Page 166: ... client sends the Get or Post packets to an HTTP server to the time the Echo packet sent by the client reaches the HTTP server Pre configuration Tasks Before configuring the HTTP test complete the following tasks l Configuring the HTTP server l Configuring routes between the NQA client and the HTTP server Data Preparation To configure the HTTP test you need the following data No Data 1 Administrat...

Page 167: ...s run the fail percent percent command l To configure the NQA test packet to be sent without searching the routing table run the sendpacket passroute command Step 6 Run http operation get post The HTTP operation type is configured By default the HTTP operation type is Get Step 7 Run http url deststring verstring The web page to be visited and the HTTP version are configured NOTE When information o...

Page 168: ...lts test instance admin name test name command to view the test results on the NQA client End Example Run the display nqa results command If the test is successful the following is displayed l DNSRTT indicates the time when the DNS sends a query request l TCPConnectRTT indicates the time when the TCP connection is established l TransactionRTT and RTT indicates the durations of data transmission an...

Page 169: ...on Tasks Before configuring the DNS test complete the following tasks l Configuring the DNS server l Configuring routes between the NQA client and the DNS server Data Preparation To configure the DNS test you need the following data No Data 1 Administrator name and test name 2 IP address of the DNS server 3 Host name to be resolved 4 Start mode and end mode of the test 6 7 2 Configuring the DNS Te...

Page 170: ...hh mm ss delay seconds second hh mm ss lifetime seconds second hh mm ss command The test instance is started immediately l To perform the NQA test at the specified time run the start at yyyy mm dd hh mm ss end at yyyy mm dd hh mm ss delay seconds second hh mm ss lifetime seconds second hh mm ss command The test instance is started at a specified time l To perform the NQA test after a certain delay...

Page 171: ...erage Completion Time 4 4 4 Sum Square Sum Completion Time 4 16 Last Good Probe Time 2010 06 21 15 40 12 6 Lost packet ratio 0 6 8 Configuring the Traceroute Test This section describes how to configure a traceroute test to check the connectivity to each hop on the network 6 8 1 Establishing the Configuration Task Before configuring a traceroute test familiarize yourself with the applicable enviro...

Page 172: ...ep 4 Run destination address ipv4 ip address The destination address of the traceroute test is configured Step 5 Run the following commands as required For detailed parameter configurations see the chapter Configuring Universal NQA Test Parameters l To configure the maximum hops run tracert hopfailtimes times l To configure the initial TTL and maximum TTL values of a packet run tracert livetime fi...

Page 173: ...t you can view the test result Prerequisites The configurations of the traceroute test are complete Context NOTE NQA test results cannot be displayed automatically on the terminal You need to run the display nqa results command to view test results By the default the command output contains the records about only the last five tests Procedure Step 1 Run the display nqa results test instance admin ...

Page 174: ...he configuration task quickly and accurately Applicable Environment Through the SNMP Query test you can obtain the statistics of the communication between hosts and SNMP agents Pre configuration Tasks Before configuring the SNMP Query test complete the following tasks l Configuring the SNMP agent l Configuring routes between the NQA client and the SNMP agent Data Preparation To configure the SNMP ...

Page 175: ...ee the chapter Configuring Universal NQA Test Parameters l To configure the VPN instance to be tested run the vpn instance vpn instance name command l To configure the source IP address run the source address ipv4 ip address command l To configure the source port number run the source port port number command l To configure the interval for sending test packets run the interval seconds interval co...

Page 176: ... results command to view test results By the default the command output contains the records about only the last five tests Procedure Step 1 Run the display nqa results test instance admin name test name command to view the test results on the NQA client End Example Run the display nqa results command If the test is successful the following is displayed Huawei display nqa results NQA entry admin s...

Page 177: ...ient and the TCP server Data Preparation To configure the TCP test you need the following data No Data 1 Administrator name and test name 2 IP address and port number monitored by the TCP server 3 Optional Destination port numbers of the probe packets sent by the TCP client and source IP addresses source port numbers of test packets interval for sending test packets and percentage of the failed NQ...

Page 178: ...p address The destination IP address is configured Step 5 To configure the destination port number run the destination port port numbercommand Step 6 Optional Perform the following as required to configure other parameters for the TCP test For detailed parameter configurations see the chapter Configuring Universal NQA Test Parameters l To configure the source IP address run the source address ipv4...

Page 179: ...ate tests are as follows l The TCP Public tests do not require the destination port to be configured on the client Connection requests are initiated and sent to the TCP port 7 of the destination address The server should monitor the TCP port 7 l The TCP Private tests require the destination port be specified and the related monitoring services enabled on the server End 6 10 4 Checking the Configur...

Page 180: ...ore configuring a UDP test familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment To obtain the time for the specified port to respond to a UDP connection request you can create a UDP test instance Pre configuration Tasks Before configuring...

Page 181: ...ose configured on the client End 6 11 3 Configuring the UDP Client This part describes how to set UDP test parameters Context Do as follows on the NQA client UDP client Procedure Step 1 Run system view The system view is displayed Step 2 Run nqa test instance admin name test name An NQA test instance is created and the test instance view is displayed Step 3 Run test type udp The test type is set t...

Page 182: ...elay seconds second hh mm ss lifetime seconds second hh mm ss command The test instance is started immediately l To perform the NQA test at the specified time run the start at yyyy mm dd hh mm ss end at yyyy mm dd hh mm ss delay seconds second hh mm ss lifetime seconds second hh mm ss command The test instance is started at a specified time l To perform the NQA test after a certain delay period ru...

Page 183: ...tter test only when both the client and the server are Huawei devices 6 12 1 Establishing the Configuration Task Before configuring a jitter test familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment The jitter time refers to the interval ...

Page 184: ...mbers of the probe packets sent by the UDP client 4 Optional VPN instance name source IP address and port number of the probe packet sent by the UDP client number of probe packets and test packets sent each time interval for sending probe packets and test packets percentage of the failed NQA tests and version number carried in the Jitter packet 5 Start mode and end mode of the test 6 12 2 Configur...

Page 185: ... statistics the network administrator can easily detect network faults and malicious attacks Step 3 Run nqa test instance admin name test name An NQA test instance is created and the test instance view is displayed Step 4 Run test type jitter The test type is set to Jitter Step 5 Run destination address ipv4 ip address The destination IP address is configured Step 6 Run destination port port numbe...

Page 186: ...e fail percent percent command l To send the NQA test packet without searching the routing table run the sendpacket passroute command Step 8 Run start The NQA test is started Select the start mode as required because the start command has several forms l To perform the NQA test immediately run the start now end at yyyy mm dd hh mm ss delay seconds second hh mm ss lifetime seconds second hh mm ss c...

Page 187: ... Max Positive SD 1 Max Positive DS 1 Positive SD Number 15 Positive DS Number 1 Positive SD Sum 15 Positive DS Sum 1 Positive SD Square Sum 15 Positive DS Square Sum 1 Min Negative SD 1 Min Negative DS 1 Max Negative SD 1 Max Negative DS 1 Negative SD Number 15 Negative DS Number 1 Negative SD Sum 15 Negative DS Sum 1 Negative SD Square Sum 15 Negative DS Square Sum 1 Min Delay SD 0 Min Delay DS 0...

Page 188: ...m the following steps on the NQA client Procedure Step 1 Run system view The system view is displayed Step 2 Run nqa test instance admin name test name The NQA test instance view is displayed Step 3 Configure global parameters for the test instance as required l Run agetime hh mm ss The aging time is set for the NQA test instance l Run alarm entry number lost packet ratio jitter average jitter ds ...

Page 189: ...on port number can be configured only for UDP Jitter TCP Trace FTP and HTTP test instances l Run dns server ipv4 ip address The DNS server address is configured for the NQA test instance NOTE The DNS server address can be configured only for DNS and HTTP test instances l Run fail percent percent The failure percentage is set for the NQA test instance NOTE This parameter cannot be configured for Tr...

Page 190: ... for the HTTP test instance l Run http url deststring verstring The relative file path and version are configured for the HTTP test instance NOTE The relative file path and version can be configured only for the HTTP test instance l Run interval milliseconds interval seconds interval The interval for sending packets is set for the NQA test instance NOTE The interval for sending packets can be conf...

Page 191: ...ce test instances l Run send trap all owd ds owd sd probefailure rtd testcomplete testfailure The condition for triggering the trap message is configured l Run source address ipv4 ip address The source IP address is set for the NQA test instance NOTE This parameter cannot be configured for DHCP and DNS test instances l Run source interface interface type interface number The source interface is co...

Page 192: ...l The lifetime is set for the Trace test instance NOTE This parameter can be configured only for Trace test instance l Run vpn instance vpn instance name The VPN instance name is configured for the NQA test instance NOTE This parameter cannot be configured for DNS and DHCP test instance End 6 13 3 Checking the Configuration After setting universal parameters for NQA test instances you can view the...

Page 193: ...plicable Environment If the round trip transmission delay threshold is configured for a NQA test instance the NQA test result will contain the statistics on the test packets that exceed the set threshold This provides the basis for the network manager to analyze the operation status of the specified service Pre configuration Tasks Before configuring the round trip transmission delay threshold comp...

Page 194: ... is configured Step 4 Run destination address ipv4 ip address The destination IP address is configured Step 5 Optional Run destination port port number The destination port number is configured Step 6 Run threshold rtd rtd value The round trip transmission delay threshold is configured Step 7 Run send trap rtd The trap function is enabled End 6 14 3 Checking the Configuration After setting the rou...

Page 195: ...rk manager to analyze the operating status of the specified service on the network 6 15 1 Establishing the Configuration Task Before setting a one way transmission delay threshold familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment In al...

Page 196: ...yed Step 2 Run nqa test instance admin name test name An NQA test instance is created and the NQA instance view is displayed Step 3 Run test type jitter The test type is configured Step 4 Run destination address ipv4 ip address The destination IP address is configured Step 5 Optional Run destination port port number The destination port number is configured Step 6 Run threshold owd sd owd sd value...

Page 197: ...e admin jitter test type jitter destination address ipv4 100 1 1 201 destination port 80 send trap probefailure send trap testfailure send trap testcomplete send trap rtd send trap owd sd send trap owd ds threshold owd sd 2000 threshold owd ds 2000 nqa status normal 6 16 Configuring the Trap Function This section describes how to configure the trap function in an NQA test instance After the trap f...

Page 198: ... exceeds the threshold l For all tests supporting traps if the round trip transmission delay exceeds the threshold and the trap function is enabled trap messages are sent to the NM station with the specified IP address l For all the Jitter tests if the uni directional transmission delay exceeds the threshold and the trap function is enabled trap messages are sent to the NM station with the specifi...

Page 199: ...ss ipv4 ip address The destination IP address is configured Step 5 Optional Run destination port port number The destination port number is configured Step 6 Run send trap testfailure Sending trap messages when tests fail is enabled By default the trap function is disabled Step 7 Run test failtimes times The number of test failures that trigger sending a trap message is configured By default a tra...

Page 200: ...at trigger sending a Trap message is configured By default a trap message is sent for each probe failure Step 7 Run send trap probefailure Sending trap messages when probes fail is enabled By default the trap function is disabled End 6 16 4 Sending Trap Messages When Probes Are Complete Successfully A trap message is sent to the NMS when the NQA test is complete successfully Context Do as follows ...

Page 201: ... Sending Trap Messages When the Transmission Delay Exceeds Thresholds A trap message is sent to the NMS when the test result exceeds the threshold Context Do as follows on the NQA client Procedure Step 1 Run system view The system view is displayed Step 2 Run nqa test instance admin name test name An NQA test instance is created and the test instance view is displayed Step 3 Run test type tcp The ...

Page 202: ... 1024 Actual buffer size 256 Channel number 3 channel name trapbuffer Dropped messages 0 Overwritten messages 0 Current messages 11 May 6 2009 12 54 17 00 00 CBB6 PE3 SINDEX 4 INDEXMAP OID 1 3 6 1 4 1 2011 5 25 110 2 0 1 ShortIFIndexMapTable changed May 6 2009 11 02 37 00 00 CBB6 PE3 SRM_BASE 4 ENTITYREGSUCCESS OID 1 3 6 1 4 1 2011 5 25 129 2 1 18 Physical entity register succeeded EntityPhysicalI...

Page 203: ...ration Tasks Before configuring test results to be sent to the FTP server complete the following tasks l Configuring the FTP server l Configuring a reachable route between the NQA client and the NM station l Configuring a test instance Data Preparation To configure test results to be sent to the FTP server you need the following data No Data 1 IP address of the FTP server 2 User name and password ...

Page 204: ...f Saving NQA Test Results Through FTP The system can send test results to the FTP server only after the FTP server is enabled with the test result saving function Context Do as follows on the NQA client Procedure Step 1 Run system view The system view is displayed Step 2 Run nqa ftp record enable The FTP server is enabled to save test results End 6 17 4 Optional Configuring the Number of Test Resu...

Page 205: ...he test results sent each time Context Do as follows on the NQA client Procedure Step 1 Run system view The system view is displayed Step 2 Run nqa ftp record time time The duration of saving test results to the FTP server through FTP is configured End 6 17 6 Optional Enabling Alarms to Be Sent to the NM Station After the FTP Transmission Succeeds After test results are successfully saved on the F...

Page 206: ... admin name test name command enter the NQA test instance view Step 3 Run test type dhcp dns ftp http icmp jitter snmp tcp trace udp The test type is configured Step 4 Run destination address ipv4 ip address The destination IP address is configured Step 5 Optional Run destination port port number The destination port number is configured Step 6 Run start The NQA test is started Select the start mo...

Page 207: ...sults End Example Run the display nqa ftp record configuration command to check the configuration for saving NQA test results Huawei display nqa ftp record configuration NQA FTP SAVE RECORD CONFIGURATION FUNCTION ENABLE TRAP DISABLE IP ADDRESS 11 1 1 8 VPN INSTANCE USERNAME wang PASSWORD 123 FILENAME icmp ITEM NUM 10010 TIME 2 LAST FINISHED FILENAME icmp20080605 150350 txt 6 18 Configuring a Thres...

Page 208: ...orresponding to the threshold 2 Number of the alarm threshold 3 Upper threshold 4 Lower threshold 6 18 2 Configuring the Event Corresponding to the Alarm Threshold This part describes the actions that the system needs to perform in response to the threshold exceeding such as generating logs generating traps or generating logs and traps Context Do as follows on the NQA client Procedure Step 1 Run s...

Page 209: ...tep 6 Run alarm entry number lost packet ratio jitter average jitter ds average jitter sd average packet loss ds packet loss sd rtt average absolute delta falling threshold threshold value1 event entry1 rising threshold threshold value2 event entry2 description description The alarm number and the threshold are configured NOTE At present only the absolute statistics function rather than the relati...

Page 210: ...started after a certain delay End 6 18 5 Checking the Configuration After the alarm threshold for test results is set you can view the configuration Prerequisites The configurations of the Threshold for the NQA Alarm function are complete Procedure l Run the display nqa event command to check the maximum number of events that can be configured and the number of events that are configured l Run the...

Page 211: ... 10 nqa status normal 6 19 Maintaining NQA This section describes how to maintain an NQA test instance You can restart the test instance and clear the statistics on the test result to maintain a test instance 6 19 1 Restarting NQA Test Instances If a test instance fails you can try to restart the test instance in the next test period Prerequisites To restart an NQA test instance run the following ...

Page 212: ... Examples This section provides examples for configuring NQA and illustrates the networking requirements configuration roadmap and configuration notes You can better understand the configuration procedures with the help of the configuration flowchart 6 20 1 Example for Configuring the ICMP Test This part provides examples for configuring an ICMP test to check the IP network connectivity Networking...

Page 213: ...esttype is icmp 1 Test 1 result The test is finished Send operation times 3 Receive response times 3 Completion success RTD OverThresholds number 0 Attempts number 1 Drop operation number 0 Disconnect operation number 0 Operation timeout number 0 System busy operation number 0 Connection fail number 0 Operation sequence errors number 0 RTT Stats errors number 0 Destination ip address 10 1 1 2 Min ...

Page 214: ... the NQA client 2 Create and perform the DHCP test on Router A to check whether Router A can set up a connection with Router B and obtain an IP address from Router B Data Preparation To complete the configuration you need the following data l IP address of the DHCP server l Source interface l Timeout period Procedure Step 1 Configure the IP address The detailed procedure is not mentioned here Step...

Page 215: ...figuration file of Router A sysname RouterA interface Ethernet1 0 0 ip address dhcp alloc nqa test instance admin dhcp test type dhcp timeout 20 source interface Ethernet1 0 0 return l Configuration file of Router B sysname RouterB ip pool 1 network 10 1 1 0 mask 255 255 255 0 interface Ethernet1 0 0 ip address 10 1 1 2 255 255 255 0 return 6 20 3 Example for Configuring the FTP Download Test This...

Page 216: ...t mentioned here Step 2 Configure Router B as the FTP server RouterB system view RouterB ftp server enable RouterB aaa RouterB aaa local user user1 password cipher hello RouterB aaa local user user1 service type ftp RouterB aaa local user user1 ftp directory flash RouterB aaa quit Step 3 Create an NQA FTP test on Route A RouterA system view RouterA nqa test instance admin ftp RouterA nqa admin ftp...

Page 217: ... ftp test type ftp destination address ipv4 10 1 1 2 source address ipv4 10 1 1 1 ftp filename test txt ftp username user1 ftp password hello return l Configuration file of Router B sysname RouterB FTP server enable interface GigabitEthernet1 0 0 ip address 10 1 1 2 255 255 255 0 aaa local user user1 password cipher 3MQ TZ O3KCQ Q MAF4 1 local user user1 service type ftp local user user1 ftp direc...

Page 218: ... reachable routes between Router A Router B and Router C The detailed procedure is not mentioned here Step 2 Configure Router C as the FTP server RouterC system view RouterC ftp server enable RouterC aaa RouterC aaa local user user1 password cipher hello RouterC aaa local user user1 service type ftp RouterC aaa local user user1 ftp directory flash RouterC aaa quit Step 3 Create an NQA FTP test on ...

Page 219: ...s displayed RouterC dir Directory of flash 0 rw 331 Jul 06 2007 18 34 34 private data txt 1 rw 1024000 Jul 06 2007 18 37 06 nqa ftp test txt 2540 KB total 1536 KB free End Configuration Files l Configuration file of Router A sysname RouterA interface Ethernet1 0 0 ip address 10 1 1 1 255 255 255 0 nqa test instance admin ftp test type ftp destination address ipv4 10 2 1 2 source address ipv4 10 1 ...

Page 220: ...gure 6 7 Networking diagram of the HTTP test Router A Eth1 0 0 10 1 1 1 24 10 2 1 1 24 HTTP Server IP Network Configuration Roadmap The configuration roadmap is as follows 1 Configure Router A as an NQA client 2 Create and perform an HTTP test on Router A to check whether Router A can set up a connection with the HTTP server and to obtain the time of file transferring between Router A and the HTTP...

Page 221: ...mber 0 TcpConnError number 0 System busy operation number 0 DNSRTT Sum Min Max 0 0 0 TCPConnectRTT Sum Min Max 4 1 2 TransactionRTT Sum Min Max 3 1 1 RTT Sum Min Max Avg 7 2 3 2 DNSServerTimeout 0 TCPConnectTimeout 0 TransactionTimeout 0 Lost packet ratio 0 End Configuration Files The configuration file of Router A is as follows sysname RouterA interface Ethernet1 0 0 ip address 10 1 1 1 255 255 2...

Page 222: ...ed The detailed procedure is not mentioned here Step 2 Create an NQA DNS test Router system view RouterA dns resolve RouterA dns server 10 3 1 1 RouterA nqa test instance admin dns RouterA nqa admin dns test type dns RouterA nqa admin dns dns server ipv4 10 3 1 1 RouterA nqa admin dns destination address url server com Step 3 Start the test RouterA nqa admin dns start now Step 4 View the test resu...

Page 223: ...rver ipv4 10 3 1 1 ip route static 10 3 1 0 255 255 255 0 10 1 1 2 ip route static 10 2 1 0 255 255 255 0 10 1 1 2 return 6 20 7 Example for Configuring the Traceroute Test This part provides examples for configuring a traceroute test to check the connectivity between the client and devices along the transmission path Networking Requirements As shown in Figure 6 9 perform the Traceroute test on Ro...

Page 224: ... admin trace testflag is inactive testtype is trace 1 Test 1 result The test is finished Completion success Attempts number 1 Disconnect operation number 0 Operation timeout number 0 System busy operation number 0 Connection fail number 0 Operation sequence errors number 0 RTT Stats errors number 0 Drop operation number 0 Last good path Time 2009 3 28 10 52 39 9 1 Hop 1 Send operation times 3 Rece...

Page 225: ...y Test This part provides examples for configuring a traceroute test to check the SNMP communications between the client and the SNMP agent Networking Requirements As shown in Figure 6 10 RouterA and Router C functions as an SNMP agent It is required to perform an NQA SNMP Query test to obtain the time from when routerA sends an SNMP query packet to when Router A receives an Echo packet NOTE AR150...

Page 226: ... Step 5 Start the test RouterA nqa admin snmp start now Step 6 View the test results RouterA nqa admin snmp display nqa results test instance admin snmp NQA entry admin snmp testflag is inactive testtype is snmp 1 Test 1 result The test is finished Send operation times 3 Receive response times 3 Completion success RTD OverThresholds number 0 Attempts number 0 Drop operation number 0 Disconnect ope...

Page 227: ... 000007DB7F00000100006294 return 6 20 9 Example for Configuring the TCP Test This part provides examples for configuring a TCP test to check the TCP communications between the client and the server Networking Requirements As shown in Figure 6 11 it is required to perform an NQA TCP Private test to obtain the time taken by Router A to set up a TCP connection with Router C NOTE AR150 200 is RouterA ...

Page 228: ...in tcp destination address ipv4 10 2 1 2 RouterA nqa admin tcp destination port 9000 Step 4 Start the test RouterA nqa admin tcp start now Step 5 View the test results RouterA nqa admin tcp display nqa results test instance admin tcp NQA entry admin tcp testflag is inactive testtype is tcp 1 Test 1 result The test is finished Send operation times 3 Receive response times 3 Completion success RTD O...

Page 229: ... 0 255 255 255 0 10 2 1 1 return 6 20 10 Example for Configuring the UDP Test This part provides examples for configuring a UDP test to check the UDP communications between the client and the server Networking Requirements As shown in Figure 6 12 it is required to perform an NQA UDP Public test to obtain the RTT of a UDP packet transmitted between Router A and Router C NOTE AR150 200 is RouterA Fi...

Page 230: ...in udp destination address ipv4 10 2 1 2 RouterA nqa admin udp destination port 6000 Step 4 Start the test RouterA nqa admin udp start now Step 5 View the test results RouterA nqa admin udp display nqa results test instance admin udp NQA entry admin udp testflag is inactive testtype is udp 1 Test 1 result The test is finished Send operation times 3 Receive response times 3 Completion success RTD O...

Page 231: ...tatic 10 1 1 0 255 255 255 0 10 2 1 1 return 6 20 11 Example for Configuring the Jitter Test This part provides examples for configuring a jitter test to measure jitter on the network Networking Requirements As shown in Figure 6 13 it is required to perform an NQA Jitter test to obtain the jitter time of the packet transmitted from Router A to Router C NOTE AR150 200 is RouterA Figure 6 13 Network...

Page 232: ...tep 4 Start the test RouterA nqa admin jitter start now Step 5 View the test results RouterA nqa admin jitter display nqa results test instance admin jitter NQA entry admin jitter testflag is inactive testtype is jitter 1 Test 1 result The test is finished SendProbe 60 ResponseProbe 60 Completion success RTD OverThresholds number 0 OWD OverThresholds SD number 0 OWD OverThresholds DS number 0 Min ...

Page 233: ... test instance admin jitter test type jitter destination address ipv4 10 2 1 2 destination port 9000 ip route static 10 2 1 0 255 255 255 0 10 1 1 2 return l Configuration file of Router B sysname RouterB interface Ethernet1 0 0 ip address 10 1 1 2 255 255 255 0 interface Ethernet2 0 0 ip address 10 2 1 1 255 255 255 0 return l Configuration file of Router C sysname RouterC interface Ethernet1 0 0...

Page 234: ...e NQA client and Router A functions as the NQA server 2 Start the UDP jitter test instance on Router D Data Preparation To complete the configuration you need the following data l IP addresses of Router A and Router D l Code type for simulated VoIP services Procedure Step 1 Configure the NQA server Router A RouterA system view RouterA nqa server udpecho 10 1 1 1 180 Step 2 Configure the NQA client...

Page 235: ...DS Sum 485 Positive SD Square Sum 1317 Positive DS Square Sum 2455 Min Negative SD 1 Min Negative DS 1 Max Negative SD 16 Max Negative DS 26 Negative SD Number 292 Negative DS Number 285 Negative SD Sum 429 Negative DS Sum 486 Negative SD Square Sum 1235 Negative DS Square Sum 2714 Min Delay SD 5 Min Delay DS 4 Avg Delay SD 6 Avg Delay DS 5 Max Delay SD 19 Max Delay DS 18 Delay SD Square Sum 39901...

Page 236: ...est type jitter destination address ipv4 10 1 1 1 destination port 180 jitter codec g711a return Huawei AR150 200 Series Enterprise Routers Configuration Guide Network Management 6 NQA Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 225 ...

Page 237: ...he Aggregation Statistics About IPv4 Traffic This section describes how to configure the statistics about IPv4 aggregation traffic passing an interface 7 6 Configuring the Flexible NetStream Feature This section describes how to configure the Flexible NetStream feature to flexibly create NetStream statistics according to records 7 7 Collecting the Statistics of RPF Traffic By configuring the RPF t...

Page 238: ... IP network communications among different types of services are realized by the transmission of IP packets from one terminal to another Such IP packets constitute a data stream of a particular service on the network Most data streams on the network are ephemeral and bidirectional Based on the destination IP address source IP address destination port number source port number protocol number Type ...

Page 239: ...e specified packets l Fixed time sampling This indicates that one sampling is performed on packets at a certain interval l Random time sampling This indicates that one sampling is randomly performed on packets in the specified period Versions of Original Traffic and Aggregated Traffic The Huawei AR150 200 Series supports three types of output modes original traffic aggregated traffic and Flexible ...

Page 240: ...istics collection familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment You need to configure the NetStream on an interface to collect statistics about inbound and outbound IPv4 unicast packets respectively The stati...

Page 241: ...3 3 Setting the Destination Address of the Statistics This section describes how to send the IPv4 unicast traffic statistics to the NMS for analysis Context You cannot export the NetStream statistics without the pre configured source and destination addresses Procedure Step 1 Run system view The system view is displayed Step 2 Run ip netstream export source ip address The source address for export...

Page 242: ...according to the FIN or RST flag NOTE If multiple aging conditions are configured on the AR150 200 the traffic ages when it meets any condition End 7 3 5 Optional Configuring the Inactive Aging Time The inactive time indicates the interval between the time the last packet arrives and the current time When the inactive time expires the system ages the traffic immediately Procedure Step 1 Run system...

Page 243: ...The interface view is displayed Step 3 Optional Run ip netstream sampler fix packets packet interval fix time time interval random packets packet interval random time time interval inbound outbound The packet sampling ratio is set on the interface By default an interface samples packets at fixed packet intervals and the packet interval is 100 Step 4 Run ip netstream inbound outbound The NetStream ...

Page 244: ... 1380000 Origin egress entries 0 Origin egress packets 0 Origin egress octets 0 Origin total entries 30000 Origin total entries 0 Agility ingress entries 0 Agility ingress packets 0 Agility ingress octets 0 Agility egress entries 0 Agility egress packets 0 Agility egress octets 0 Agility total entries 0 Handle origin entries 0 Handle agility entries 0 Handle As aggre entries 0 Handle ProtPort aggr...

Page 245: ...ng the link layer attributes of the interface l Configuring an IP address for the interface Data Preparation To collect the statistics of the IPv4 multicast original traffic you need the following data No Data 1 Name and number of the interface on which the traffic statistics need to be collected 2 Number of the version in which the traffic collected through NetStream is output 3 IP address and in...

Page 246: ...ation address of the output statistics is configured You can configure at most two destination IP addresses respectively for the active and the standby NSCs End 7 4 4 Optional Configuring the Inactive Aging Time The inactive time indicates the interval between the time the last packet arrives and the current time When the inactive time expires the system ages the traffic immediately Procedure Step...

Page 247: ...c statistics need to be collected Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run ip netstream multicast inbound outbound NetStream is enabled for multicast traffic on an interface By default NetStream is disabled for incoming and outgoing IPv4 multicast traffic NetStream can collect the s...

Page 248: ... Origin egress entries 0 Origin egress packets 0 Origin egress octets 0 Origin total entries 30000 Origin total entries 0 Agility ingress entries 30000 Agility ingress packets 30000 Agility ingress octets 3960000 Agility egress entries 0 Agility egress packets 0 Agility egress octets 0 Agility total entries 30000 Handle origin entries 29035 Handle agility entries 29050 Handle As aggre entries 1 Ha...

Page 249: ...mplete the configuration you need the following data No Data 1 Name and number of the interface on which traffic statistics need to be collected 2 Version number of exported packets of the NetStream traffic statistics 3 IP addresses and port numbers of the NSC 7 5 2 Configuring the Aggregation Function You can aggregate the original IPv4 unicast traffic statistics based on the as as tos protocol p...

Page 250: ...f the exported packets is V8 End 7 5 4 Configuring the Export of Statistics This section describes how to send the aggregated IPv4 unicast traffic statistics to the NMS for analysis Procedure Step 1 Run system view The system view is displayed Step 2 Run ip netstream aggregation as as tos destination prefix destination prefix tos prefix prefix tos protocol port protocol port tos source prefix sour...

Page 251: ...interval between the time the last packet arrives and the current time When the inactive time expires the system ages the traffic immediately Procedure Step 1 Run system view The system view is displayed Step 2 Run ip netstream aggregation timeout inactive inactive interval The inactive aging time of the aggregation traffic is set By default the inactive aging time of the aggregation traffic is 30...

Page 252: ... tos destination prefix tos prefix tos protocol port tos or source prefix tos run the trust dscp command to configure DSCP priority mapping on the interface Step 5 Run ip netstream inbound outbound The NetStream function is enabled on the interface to collect statistics about IPv4 unicast traffic By default NetStream is disabled for IPv4 traffic End 7 5 8 Checking the Configuration After configuri...

Page 253: ...ty total entries 30000 Handle origin entries 29035 Handle agility entries 29050 Handle As aggre entries 1 Handle ProtPort aggre entries 1 Handle SrcPrefix aggre entries 118 Handle DstPrefix aggre entries 1 Handle Prefix aggre entries 118 Handle AsTos aggre entries 1 Handle ProtPortTos aggre entries 1 Handle SrcPreTos aggre entries 118 Handle DstPreTos aggre entries 1 Handle PreTos aggre entries 11...

Page 254: ...created and the record view is displayed Step 3 Run match ipv4 protocol tos source address destination address source port destination port The IPv4 aggregation key words of records are configured Step 4 Run collect counter bytes packets The mode of exporting traffic statistics is configured Step 5 Run collect interface input output The traffic statistics sent to the NSC contain the indexes of the...

Page 255: ...nation addresses Procedure Step 1 Run system view The system view is displayed Step 2 Run ip netstream export source ip address The source address for exporting statistics is configured Step 3 Run ip netstream export host ip address port number The destination IP address of the exported statistics that is the IP address of the NSC is configured You can configure up to 2 destination addresses to im...

Page 256: ... 2 Run ip netstream timeout active active interval The active aging time is set By default the active aging time is 30 minutes End 7 6 7 Enabling Flexible NetStream on Interfaces You can collect the statistics on aggregated IPv4 unicast traffic only of the interface enabled with the NetStream function Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type...

Page 257: ... Run the display ip netstream statistic command to view the NetStream traffic statistics End Example After successful configurations run the display ip netstream all command in the user view to check the configurations Huawei display ip netstream all ip netstream timeout inactive 100 ip netstream export source 100 1 10 10 ip netstream export host 100 1 10 1 100 ip netstream record hwrecord match i...

Page 258: ... collection familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Application Environment After RPF is configured some IPv4 multicast packets are discarded because they fail to pass the detection In this case you can collect the statistics of these discarded pac...

Page 259: ... format is Version 5 with the AS option as peer as The output does not contain the next hop BGP address NOTE Version 5 does not support the output of the next hop of BGP End 7 7 3 Outputting the Statistics This part describes how to send the RPF traffic statistics to the NMS for analysis Context Do as follows on the router on which the statistics of the discarded packets need to be collected Proce...

Page 260: ...By default the inactive aging time of the original traffic is 30s End 7 7 5 Optional Configuring the Active Aging Time The active time indicates the interval from the time the first packet arrives to the current time After the traffic in the cache expires the system ages the traffic in the cache Procedure Step 1 Run system view The system view is displayed Step 2 Run ip netstream timeout active ac...

Page 261: ...ip netstream all command to view the NetStream configuration l Run the display ip netstream statistic command to view the NetStream traffic statistics End Example After successful configurations run the display ip netstream all command in the user view to check the configurations Huawei display ip netstream all ip netstream timeout inactive 100 ip netstream export source 100 1 10 10 ip netstream e...

Page 262: ...s section describes how to clear the NetStream traffic statistics 7 8 1 Resetting the Statistics Collected Through NetStream This part describes how to use the reset ip netstream statistics command to clear the NetStream traffic statistics Note that the cleared information cannot be restored Context CAUTION Statistics cannot be restored after you clear it So confirm the action before you use the c...

Page 263: ...he interfaces on router 2 Enable NetStream for incoming and outgoing traffic on Router B Data Preparation To complete the configuration you need the following data l IP addresses of the interfaces l Destination address source address and destination interface of the output statistics Procedure Step 1 Configure IP addresses for the interfaces on Router A and Router B The configuration details are n...

Page 264: ...bound ip netstream outbound End Configuration Files l Configuration file of Router A sysname RouterA interface Ethernet1 0 0 ip address 10 1 1 1 255 255 255 0 return l Configuration file of Router B sysname RouterB ip netstream export version 9 ip netstream export source 10 2 1 1 ip netstream export host 10 2 1 2 6000 interface Ethernet1 0 0 ip address 10 1 1 2 255 255 255 0 ip netstream inbound i...

Page 265: ...rface IP address Router A Ethernet1 0 0 10 1 1 1 24 Router B Ethernet1 0 0 10 2 1 1 24 Ethernet1 0 1 10 4 1 1 24 Ethernet2 0 0 10 3 1 1 24 Ethernet2 0 1 10 1 1 2 24 Router C Ethernet1 0 0 10 2 1 2 24 Router D Ethernet1 0 0 10 3 1 2 24 Configuration Roadmap The configuration roadmap is as follows 1 Enable NetStream statistics for incoming and outgoing packets and NetStream sampling on Eth 2 0 1 of ...

Page 266: ...terB aggregation as ip netstream export host 10 4 1 2 6000 RouterB aggregation as ip netstream export source 10 4 1 1 RouterB aggregation as enable RouterB aggregation as quit Set the sampling ratio and enable traffic statistics for inbound and outbound traffic RouterB interface ethernet 2 0 1 RouterB Ethernet2 0 1 ip netstream sampler fix packets 100 inbound RouterB Ethernet2 0 1 ip netstream sam...

Page 267: ...rface Ethernet1 0 0 ip address 10 2 1 2 255 255 255 0 return Configuration file of Router D sysname RouterD interface Ethernet1 0 0 ip address 10 3 1 2 255 255 255 0 return 7 9 3 Example for Configuring Flexible NetStream Traffic Statistics To collect statistics on packets based on the protocol type TOS source IP address destination IP address source port number destination port number you can con...

Page 268: ...ress of each interface l Version of the exported packets l Address and port number of the NSC and the source address contained in the packets l Traffic statistics to be sent to the NSC Procedure Step 1 Set the IP addresses for the interfaces of Router A and Router B as shown in Figure 7 4 The configuration procedure is not mentioned here Step 2 Specify the version of the exported packets Set the v...

Page 269: ...tbound traffic on Eth 1 0 0 to 100 RouterB Ethernet1 0 0 ip netstream sampler fix packets 100 inbound RouterB Ethernet1 0 0 ip netstream sampler fix packets 100 outbound Enable the NetStream function for the inbound and outbound traffic on Eth 1 0 0 RouterB Ethernet1 0 0 ip netstream inbound RouterB Ethernet1 0 0 ip netstream outbound RouterB Ethernet1 0 0 quit Step 6 Verify the configuration Afte...

Page 270: ...h ipv4 destination address match ipv4 destination port collect counter packets collect interface input interface Ethernet1 0 0 ip address 10 1 1 2 255 255 255 0 ip netstream inbound ip netstream outbound interface Ethernet2 0 0 ip address 10 2 1 1 255 255 255 0 return Huawei AR150 200 Series Enterprise Routers Configuration Guide Network Management 7 NetStream Configuration Issue 02 2012 03 30 Hua...

Page 271: ...epts of ping and tracert and the support for ping and tracert on the AR150 200 8 2 Configuring Ping and Tracert This part describes how to check the network connectivity through ping and tracert operations Huawei AR150 200 Series Enterprise Routers Configuration Guide Network Management 8 Ping and Tracert Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd ...

Page 272: ...hop The process continues until the packet reaches its destination In this process the source host can record the source address of each ICMP TTL timeout message and obtain the IP packet transmission path 8 2 Configuring Ping and Tracert This part describes how to check the network connectivity through ping and tracert operations 8 2 1 Establishing the Configuration Task Before checking the networ...

Page 273: ...n the timeout period it outputs a Request time out message if receiving a response packet the system outputs bytes of data sequence number TTL and response time of each response packet l Final statistics including the number of sent packets number of received packets percentage of unacknowledged packets to all transmitted packets and the minimum maximum and mean response time NOTE If the destinati...

Page 274: ...nce name w timeout host The preceding command contains only a part of the parameters For the description of the options and parameters of this command refer to the Huawei AR150 200 Series Enterprise Routers Command Reference An example of applying Tracert program to analyze the network is as follows Huawei tracert m 10 35 1 1 48 traceroute to 35 1 1 48 35 1 1 48 max hops 30 packet length 40 press ...

Search results

Summary of Contents for AR150/200 Series

Reviews:

Related manuals for AR150/200 Series

Brands by name

Popular brands

Huawei AR150/200 Series, Configuration Manual

Search results

Summary of Contents for AR150/200 Series

Reviews:

Related manuals for AR150/200 Series

Brands by name

Popular brands