01-04 managing the system of the ggsn9811

7/25/2019 01-04 Managing the System of the GGSN9811

1/28

4Managing the System of the GGSN9811About This Chapter

This part describes how to manage the system of the GGSN9811. The overall management of

the system ofthe GGSN9811 is often used to guarantee the normal running of the

GGSN9811.

4.1 ManagingFiles of the GGSN9811

This part describes how to manage the files of the GGSN9811. The system of the GGSN9811

generates substantial data files during daily running. The data files include the information about

the alarm, performance, and log. The primary purpose of this function is to manage and maintain

the files periodically so that the statistics and analysis are simplified.

4.2 ManagingLogs of the GGSN9811

This part describes how to manage the logs of the GGSN9811. The log management refers to

managing the operation logs and security logs.

4.3 Collecting Information

This part describes how to collect the information of the GGSN9811. The information about the

running of theGGSN9811 must be collected periodically. The unified collection tool is available

on the local maintenance terminal (LMT), which facilitates information collection and improves

maintenance efficiency.

4.4 Managing the Reliability of the GGSN9811

This part describes how to manage the reliability of the GGSN9811. The GGSN9811 is well

designed in terms of reliability, which enables the system and the network to be quick in responseand be restored in the case of device abnormality. In addition, the reliability management can

prolong the mean time between failures (MTBF) and minimize the adverse effect on services.

4.5 Managing the NTP

This part describes how to manage the Network Time Protocol (NTP) that is used to issue precise

time over the network.

4.6 Managing the SNMP

This part describes the principle, configuration, and examples of the Simple Network

Management Protocol (SNMP).

4.7 Managing SSH

HUAWEI GGSN9811 Gateway GPRS Support Node

Operation Guide 4 Managing the System of the GGSN9811

Issue 03 (2008-04-10) Huawei Proprietary and Confidential

Copyright Huawei Technologies Co., Ltd

4-1


2/28

This part describes the principle, functions, operation steps, and commands of the secure shell

(SSH).

4 Managing the System of the GGSN9811


Operation Guide

4-2 Huawei Proprietary and Confidential


Issue 03 (2008-04-10)


3/28

4.1 Managing Files of the GGSN9811

This part describes how to manage the files of the GGSN9811. The system of the GGSN9811

generates substantial data files during daily running. The data files include the information about

the alarm, performance, and log. The primary purpose of this function is to manage and maintain

the files periodically so that the statistics and analysis are simplified.

4.1.1 Introduction to the File System

The file system manages the data files in an effective way, including querying, moving, deleting,

and dumping the data file.

4.1.2 Managing General Files

This part describes how to manage the general files. You can delete, rename, copy, move, and

display the general files of the same GGSN9811. In addition, the files can be uploaded and

downloaded between the File Transfer Protocol (FTP) server and the GGSN9811.

4.1.3 Managing Configuration FilesThis part describes how to manage the configuration files. The configuration parameters of the

GGSN9811 are saved in the configuration files. The configuration files are of two types, that is,

CFGFILE and DATAFILE (including log files, alarm files, and tracing files).

4.1.4 Managing Group Files

This part describes how to manage the group files. The GGSN9811 manages the group files by

complying with the File Transfer Protocol (FTP). The group files can be dumped manually or

automatically.

4.1.5 Managing License Files

This part describes how to manage the license files. The license file can dynamically control the

availability of certain features as well as the maximum available resources.

4.1.6 Managing Paths

This part describes how to manage the paths. You can create or delete the directory. In addition,

you can display or switch over the current work directory.

4.1.1 Introduction to the File System

The file system manages the data files in an effective way, including querying, moving, deleting,

and dumpingthe data file.

The data filesare saved in the hard disk ofthe SRU. To facilitate the file management, the files

are categorized into general files, configuration files, group files, and license files.

General Files

The files thatare managed through the file namesare called general files. The operation on

general files is often used. For example, you can delete the files of which the names are

mml.txt.

Configuration Files

The configurations are saved in the configuration files of the GGSN9811. For the configuration

files, the commands can be executed in terms of file names or file types. The configuration files

are categorized into two types, that is, CFGFILE and DATAFILE. Running the commands interms of the file types can facilitate the management of the M2000.





4-3


4/28

Group Files

The group files contain alarm files, tracing files, performance files, and files of operation logs.

Running the commands on the group files in terms of special type can facilitate the file backup.

License Files

The license file is used to dynamically control the availability of a feature. If the feature is

unavailable in the license file, the relevant commands cannot be executed.

4.1.2 Managing General Files

This part describes how to manage the general files. You can delete, rename, copy, move, and

display the general files of the same GGSN9811. In addition, the files can be uploaded and

downloaded between the File Transfer Protocol (FTP) server and the GGSN9811.

Prerequisite

l The local maintenance terminal (LMT) is started.

l The user logs in to the GGSN9811.

Context

CAUTION

Do not rename, move, or delete the general file at random. The modification to the system file

of the GGSN9811 may result in abnormal running of the GGSN9811.

NOTE

You can use the wildcard to operate on more general files.

For example, if you want to display files of which the suffix is mrf, you can use the wildcard *to display

all the files of which the suffix is mrf. That is, enter *.mrf.

Procedurel Run DLD GENFILEto download the general files from the FTP server to the host.

l Run ULD GENFILEto upload the general files from the host to the FTP server.

l Run LST GENFILEto list all the general files in the current directory.

l Run DEL GENFILEto delete the specified general files.

l Run RNM GENFILEto rename the specified general files.

l Run MOV GENFILEto move the general files to a specified path.

l Run CPY GENFILEto copy the general files to a specified path.

l Run LST CRCto list the checksum of the general files.

----End



Operation Guide



Issue 03 (2008-04-10)


5/28

4.1.3 Managing Configuration Files

This part describes how to manage the configuration files. The configuration parameters of the

GGSN9811 are saved in the configuration files. The configuration files are of two types, that is,

CFGFILE and DATAFILE (including log files, alarm files, and tracing files).

Prerequisite



Procedure

l Run DLD CFGFILEto download the data file and configuration file from the File Transfer

Protocol (FTP) server to hd:/soft/backupof the main control board of the GGSN9811.

l Run ULD CFGFILEto upload the data files and configuration files from hd:/soft/

backupof the main control board of the GGSN9811 to the FTP server.

l Run BKP CFGFILEto back up the configuration files of the GGSN9811.

l Run RTR CFGFILEto restore the configuration files and data files of the GGSN9811.

----End

4.1.4 Managing Group Files

This part describes how to manage the group files. The GGSN9811 manages the group files by

complying with the File Transfer Protocol (FTP). The group files can be dumped manually or

automatically.

Prerequisite



Context

The FTP protocol, belonging to the Transmission Control Protocol/Internet Protocol (TCP/IP),

is used in the application layer. It is used to transmit the file.

The GGSN9811 manages the group files by complying with the FTP protocol. The

GGSN9811, serving as an FTP client, is connected to the specified FTP server to dump the groupfiles to the FTP server.

The alarm files, performance files, tracing file, and operation files can be dumped to the specified

FTP server. Thus, all these files can be backed up.

You can manually or automatically dump the group files of the GGSN9811. Only alarm files,

operation files, and log files can be automatically dumped. Tracing files and performance files

can only be manually dumped.

The management of the group files includes:

l Setting a default FTP server

l Dumping group files manually





4-5


6/28

The default FTP server is the one that is used when the group files are dumped manually or

automatically. You can set the FTP server and the types of the files that need to be automatically

dumped.

If the function of automatically dumping the files is enabled, the alarm.almfiles are

automatically dumped from 00:00 every day. The alarm.almfiles of the last day on the FTPserver are overwritten by the current alarm.almfiles, which guarantees the information

integrity. The OLOG files are automatically dumped from 00:00 every day.

Procedure

Step 1 Run SET FTPSVRto set the FTP server.

NOTE

After the FTP server is set successfully, you can run LST FTPSVRto list the FTP server. Alternatively,

you can run RMV FTPSVRto delete the configuration of the default FTP server.

Step 2 Run BCK GRPFILEto dump a certain type of data files of the master SRU to a specified FTPserver.

NOTE

Before dumping the files, you can run LST GRPFILEto list the information of the specified data files of

the master SRU.

Step 3 Run RMV GRPFILEto delete the specified type of data files of the master SRU.

CAUTION

Before deleting the files, ensure that the files to be deleted are not used or are dumped.

----End

4.1.5 Managing License Files

This part describes how to manage the license files. The license file can dynamically control the

availability of certain features as well as the maximum available resources.

Prerequisite



Procedure

l Run DLD LICENSEto download the license file from the File Transfer Protocol (FTP)

server to the hard disk of the SRU.

l Run ULD LICENSEto upload the license file from the hard disk of the SRU to the FTP

server.

l Run ACT LICENSEto activate the license file downloaded to the hard disk.

l

Run DSP LICENSEto display the current configuration information, including the currentvalue of each control item, of the license file.



Operation Guide



Issue 03 (2008-04-10)


7/28

l Run LST LICENSEto list the information of the license file. The information includes

the name and invalidity of the current license file.

l Run LST ESNto query the electronic serial number (ESN).

NOTE

The ESN is specific to the license file. Obtain the ESN before applying for the license file. The ESN

varies with the configuration of the original signaling point. The ESN changes when the original

signaling point is added, deleted, or modified.

----End

4.1.6 Managing Paths

This part describes how to manage the paths. You can create or delete the directory. In addition,

you can display or switch over the current work directory.

Prerequisite



Context

CAUTION

Do not rename, move, or delete the directory at random. The modification to the directory where

the system file of the GGSN9811 is saved may result in abnormal running of the GGSN9811.

Procedure

l Run CRE DIRto create a directory in a specified path of a specified storage device.

l Run RMV DIRto delete a specified directory in a specified storage device.

l Run SWP DIRto change the current work directory of the GGSN9811.

l Run DSP DIRto display the current work directory.

----End

4.2 Managing Logs of the GGSN9811

This part describes how to manage the logs of the GGSN9811. The log management refers to

managing the operation logs and security logs.

Prerequisite







4-7


8/28

Context

l The operation logs record all the information regarding the operation on the GGSN9811

through the LMT. You can query and dump the operation logs.

l The security logs record all the events regarding login, authentication, and management.

The operation log includes the information such as the operator name, operator ID, IP address

of the computer where the LMT is installed, executed commands, date, time, and results. Each

operation log file is generated every day and saved in hd:/bam/data/olgon the hard disk of the

SRU.

You can query the operation log. A maximum of 64 latest records can be displayed. If the query

records outnumber the threshold, narrow down the querying conditions.

Create a folder of which the name is slgin the directory bam/data. The security log is saved in

hd:/bam/data/slg. Similar to the operation log file, each security log file is generated every day.

The security log file is named after the date. The extension name is slg. For example, the security

log file on Aug 15, 2007 is named 20070815.slg.

The security log is basically the same as that of the operation log in terms of items including but

not limited to the following:

l By default, a maximum of 350 files can be saved in the directory of the security log. This

value can be set in the bam.inifile.

l By default, the size of the security log is 100 MB that can be set in the bam.inifile.

l If the number of the security log files saved in the directory exceeds the threshold, or the

security log files in the directory are oversize, ALM_0083 occurs.

l The security logs between the master and slave SRUs can be backed up in real-time or in

batches.

l The security log file, as part of the data file, can be uploaded, downloaded, backed up, or

recovered.

Procedure

l Querying the operation log

1. Run LST LOGto query the operation log.

NOTE

Only the admin can query the operation logs of other users.

l Querying the security log

1. Run LST SECLOGto query the security log.

----End

4.3 Collecting Information

This part describes how to collect the information of the GGSN9811. The information about the

running of the GGSN9811 must be collected periodically. The unified collection tool is available

on the local maintenance terminal (LMT), which facilitates information collection and improves

maintenance efficiency.



Operation Guide



Issue 03 (2008-04-10)


9/28

Prerequisite

l The LMT is started.


Context

Using the information collection tool can reduce the workload, guarantee the accurate

information, and improve the collection efficiency.

The information collected by using the information collection tool includes the following:

l Files on the hard disk of the SRU

l Information that can be obtained by using the MML command

The information collection tool can help users obtain the information through the File Transfer

Protocol (FTP).

The information collection tool can be connected to the network element (NE) through port

6000. The FTP function of the GGSN9811 is enabled by using the MML command through port

6000. The information collection tool employs the FTP command of Windows system to

download the file on the hard disk of the SRU.

Procedure

Step 1 Click the Maintenancetab in the navigation tree pane of the LMT. Double-click InformationCollectionin Service. The Information Collectionwindow is displayed. Refer to Figure

4-1.





4-9


10/28

Figure 4-1Information Collectionwindow

Step 2 Enter the IP address, user name, and password in the Loginarea.

NOTE

The office to which the information collection tool is connected can be different from the one to which the

LMT is connected.

Step 3 Click Save Asin the Save Patharea to select a path where the collection result is saved.

The collected information is saved in a folder of which the name is in the form of yyyymmdd,

for example, 20070813.

CAUTION

The save path where the collected information is saved cannot have any space or Chinese

character. For example, the collected information cannot be saved in D:\HW LMT.



Operation Guide



Issue 03 (2008-04-10)


11/28

Step 4 Select necessary options in the Filesand Host Informationareas.

NOTE

l Collecting substantial information is likely to incur system errors. Thus, you are recommended to

collect proper amount of information at one time.

l You can click Set Defaultto set the selected options in the Filesand Host Informationareas to be

default ones. Then, click Load Default.

Step 5 Click Executeto collect the information. All the information is collected, Information

collection succeeds!!!is displayed in the blank area of the Information Collection

Toolwindow.

Step 6 Click Exit. Then, the window disappears.

----End

4.4 Managing the Reliability of the GGSN9811This part describes how to manage the reliability of the GGSN9811. The GGSN9811 is well

designed in terms of reliability, which enables the system and the network to be quick in response

and be restored in the case of device abnormality. In addition, the reliability management can

prolong the mean time between failures (MTBF) and minimize the adverse effect on services.

4.4.1 Instruction of Swapping Master and Slave SRUs/SPUs

This part describes the swapping characters between the master and slave boards. The SRUs and

the SPUs of the GGSN9811 work in master/slave mode. When the master board is faulty, the

slave board can take over the services.

4.4.2 Managing the Swapping of Master and Slave SRUs

This part describes how to activate, deactivate the mandatory swapping and perform mandatory

swapping of the SRU.

4.4.3 Managing the Swapping of Master and Slave SPUs

This part describes how to activate, deactivate the mandatory swapping, set the function of

reporting the information about the SPU swapping, and perform mandatory swapping of the

SPU.

4.4.4 Managing the Reliability of the Route

This part describes how to manage the reliability of the route. Managing the reliability of the

route refers to checking the consistency of the routing tables. The reliability management can

prolong the mean time between failures (MTBF).

4.4.1 Instruction of Swapping Master and Slave SRUs/SPUs

This part describes the swapping characters between the master and slave boards. The SRUs and

the SPUs of the GGSN9811 work in master/slave mode. When the master board is faulty, the

slave board can take over the services.

Common terms in master/slave swapping are as follows:

l Swapping: also called handover. In the dual-system, the master and slave boards exchange

their roles. That is, the master board works as the slave board and the slave board works as

the master board.





4-11


12/28

l Backup: During the system running, the information such as configuration information and

user profile on the master board is backed up to the slave board in real time.

l Seamlessness: After the swapping, the data of the new master board may be inconsistent

with that of the hardware and software. The seamless swapping is to eliminate the

inconsistency, which guarantees the normal running of the system.

The characteristics of the swapping between the master and slave SRUs and SPUs are as follows:

l Reliable swapping mechanism: When the master board is faulty, the slave board can take

over the services immediately.

l Correct swapping: When the master board is normal, the slave board cannot take over the

services.

l Seamless swapping: The data can be restored immediately and accurately.

4.4.2 Managing the Swapping of Master and Slave SRUs

This part describes how to activate, deactivate the mandatory swapping and perform mandatoryswapping of the SRU.

Prerequisite



l The master and slave SRUs work at normal level.

Procedure

l Activating or deactivating mandatory swapping

1. Run ACT SRUSWPto activate the mandatory swapping of the main control board

SRU.

2. Run DEA SRUSWPto deactivate the mandatory swapping of the main control board

SRU.

NOTE

The SWP SRUcommand cannot be executed to swap the SRU after the DEA SRUSWP

command is executed.

l Swapping the SRU forcibly

1. Run SWP SRUto perform mandatory swapping of the SRU.

----End

4.4.3 Managing the Swapping of Master and Slave SPUs

This part describes how to activate, deactivate the mandatory swapping, set the function of

reporting the information about the SPU swapping, and perform mandatory swapping of the

SPU.

Prerequisite





Operation Guide



Issue 03 (2008-04-10)


13/28

l The master and slave SPUs work at normal level.

Procedure

l Activating or deactivating mandatory swapping

1. Run ACT SPUSWPto activate the mandatory swapping of the main control board

SPU.

2. Run DEA SPUSWPto deactivate the mandatory swapping of the main control board

SPU.

NOTE

The SWP SPUBDcommand cannot be executed to swap the SPU after the DEA SPUSWP

command is executed.

l Handing over the SPU in a mandatory way

1. Run SWP SPUBDto perform mandatory handover to the SPU.

----End

4.4.4 Managing the Reliability of the Route

This part describes how to manage the reliability of the route. Managing the reliability of the

route refers to checking the consistency of the routing tables. The reliability management can

prolong the mean time between failures (MTBF).

Prerequisite



Context

The GGSN9811 adopts distributed processing structure. The LPU/SPU and the SRU retain the

same duplicate of the forward information base (FIB) table (also called routing table). In general,

the FIB table of the SRU sends entries regularly to the LPU/SPU, and then the LPU/SPU

refreshes the FIB table. This guarantees that the FIB entries of the LPU/SPU are consistent with

those of the SRU. If some FIB entries of the LPU/SPU do not exist in the FIB table of the SRU,

those entries are deleted through aging mechanism.

Checking the consistency of the routing table (also called routing aging) can guarantee that the

FIB table of the LPU/SPU is consistent with that of the SRU. Users can determine when the

route is aged. In addition, this function guarantees that the FIB table and the Address ResolutionProtocol (ARP) table of the LPU/SPU are consistent with the duplicate of the SRU.

Procedure

l Activating aging

1. Run ACT AGINGto activate the aging.

l Deactivating aging

1. Run DEA AGINGto deactivate the aging.

l Querying aging

1. Run LST AGINGto list the information of the aging function.

----End





4-13


14/28

4.5 Managing the NTP

This part describes how to manage the Network Time Protocol (NTP) that is used to issue precise

time over the network.

4.5.1 Introduction to NTP

The Network Time Protocol (NTP) is used to synchronize the time between the network elements

(NEs) and the time server.

4.5.2 Querying Basic Configurations of the NTP

This part describes how to query the status of all Network Time Protocol (NTP) sessions, status

of the NTP service, and the connection between the network element (NE) and the specified

NTP server.

4.5.3 Managing the NTP Server

If the remote Network Time Protocol (NTP) server is set as the local time server and the localdevice serves as a client, only the local client can synchronize with the remote NTP server. The

remote NTP server does not synchronize with the local client.

4.5.1 Introduction to NTP

The Network Time Protocol (NTP) is used to synchronize the time between the network elements

(NEs) and the time server.

The NTP is used to synchronize all the devices with clocks so that the time of all the devices is

basically the same. If the NTP server is not configured, the preciseness of the system time of the

NEs cannot be guaranteed and the distributed applications cannot be conducted.

One NE can be configured with 128 NTP servers. In general, one to three NTP servers are

configured. The NEs can automatically synchronize with the most precise NTP server. If the

identity authentication is selected when you configure the NTP server, the same key No. and the

key value must be configured between the NE and the NTP server. The identity authentication

is used to authenticate the identity and encrypt the data.

4.5.2 Querying Basic Configurations of the NTP

This part describes how to query the status of all Network Time Protocol (NTP) sessions, status

of the NTP service, and the connection between the network element (NE) and the specified

NTP server.

Prerequisite



Procedure

l Run DSP NTPASto query the status of all NTP sessions.

l Run DSP NTPSTATto query the status of the NTP service.

l Run DSP NTPSVRto query whether the specified NTP server is available.

----End



Operation Guide



Issue 03 (2008-04-10)


15/28

4.5.3 Managing the NTP Server

If the remote Network Time Protocol (NTP) server is set as the local time server and the local

device serves as a client, only the local client can synchronize with the remote NTP server. The

remote NTP server does not synchronize with the local client.

Prerequisite



Procedure

l Adding an NTP server

1. Run ADD NTPSVRto add the NTP server.

l Deletingthe NTP server

1. Run RMV NTPSVRto delete the NTP server.

l Modifying the NTP server

1. Run MOD NTPSVRto modify the configured NTP server mode.

NOTE

You can modify the authentication management (including activating the authentication and

setting the key and key value) when the NTP server mode is modified.

l Querying the NTP server

1. Run LST NTPSVRto query the information of the configured NTP server.

----End

4.6 Managing the SNMP

This part describes the principle, configuration, and examples of the Simple Network

Management Protocol (SNMP).

4.6.1 Overview of SNMP

This part describes the principle and functions of the Simple Network Management Protocol

(SNMP).

4.6.2 Configuring SNMP

This part describes the Simple Network Management Protocol (SNMP) configuration and

configuration commands.

4.6.3 SNMP Configuration Examples

This part describes a Simple Network Management Protocol (SNMP) configuration example.

4.6.1 Overview of SNMP

This part describes the principle and functions of the Simple Network Management Protocol

(SNMP).





4-15


16/28

Introduction to SNMP

The purpose of SNMP is to ensure the transmission of management information between any

two nodes so that the network administrator can retrieve network information at any node and

perform modification, troubleshooting, fault diagnosis, volume planning, and reporting.

SNMP adopts a polling mechanism and offers a fundamental function set especially used in

small, fast, and inexpensive applications. SNMP requires only the User Datagram Protocol

(UDP) to exchange data. Therefore, SNMP is used by many products.

Structurally, SNMP can be divided into two parts, network management system (NMS) and

agent.

l NMS is a workstation on which the client program runs.

l Agent is server software running on a network device.

The SNMP work flow is as follows:

l The NMS sends GetRequest, GetNextRequest, Getbulk, or SetRequest packets to the agent.

After receiving the request packets from the NMS, the agent reads or writes management

variables according to the type of the packets and generates Response packets to the NMS.

l If hot/cold start or any abnormality happens to the device, the agent also sends Trap packets

to the NMS, reporting the event.

l All SNMP operations are in read-write mode. That is, the management system is permitted

to read values from the variables (data items) or write values to the variables.

SNMP Versions and MIB Supported

To identify a management variable uniquely in the SNMP packets, SNMP uses a hierarchical

naming convention to differentiate managed objects. The hierarchical structure is like a tree with

its nodes representing managed objects. Refer to Figure 4-2. A managed object can be identified

uniquely by the path from the root to the node.

Figure 4-2MIB tree structure

A

2

6

1

5

21

1

2

1

B

Refer to Figure 4-2. Managed object B can be uniquely determined by a string of digits (1.2.1.1),

which is the object identifier of the managed object. The management information base (MIB)

is used to describe the hierarchical structure of the tree and is a collection of definitions of

standard variables on monitored network devices.

The SNMP agent in the system supports SNMPV3 and is compatible with SNMPV1 and

SNMPV2c. Table 4-1and Table 4-2list the public MIB supported by the system.



Operation Guide



Issue 03 (2008-04-10)


17/28

Table 4-1Public MIB supported by the system

Module Name MIB Content Standard or Specification

Ethernet RFC2665.MIB RFC2665

IEEE8023-LAG-MIB.MIB IEEE 802.3ad

SONET/SDH RFC2558.MIB RFC2558

ATM RFC2515.MIB RFC2515

PPP RFC1471.MIB RFC1471

RFC1473.MIB RFC1473

RIP-2 RFC1724.MIB RFC1724

OSPF RFC1850.MIB RFC1850

IS-IS IS-IS.MIB draft-ietf-isis-wg-mib-07

BGP RFC1657.MIB RFC1657

IFNET interface

module

RFC1573.MIB RFC1573

SNMP protocol stack

and basic NM

functionality module

RFC1213.MIB RFC1213

FRAMEWORK.MIB RFC2271

GENTRAP.MIB RFC1907

USM.MIB RFC2274

MPD.MIB RFC2272

VACM.MIB RFC2275

TARGET.MIB RFC2273

NOTIFICAT.MIB RFC2273

RADIUS RFC2618.MIB RFC2618

RFC2620.MIB RFC2620

VRRP VRRP.MIB RFC2787

Table 4-2Private MIB supported by the system

MIB Content Specification

HUAWEI-GGSN-HEAD-MIB Definition of OID and MIB group of GGSN9811

MIB.

HUAWEI-GGSN-CONF-MIB Definition of configuration group of GGSN9811

MIB





4-17


18/28

MIB Content Specification

HUAWEI-GGSN-PERF-MIB Definition of performance group of GGSN9811 MIB

HUAWEI-GGSN-GENTRAP-MIB Definition of TRAP of GGSN9811 MIB

HUAWEI-GGSN-TRAP-Vars-MIB Definition of TRAP parameters of GGSN9811 MIB

4.6.2 Configuring SNMP

This part describes the Simple Network Management Protocol (SNMP) configuration and

configuration commands.

1. Configuring agent management

l Enabling or disabling SNMP agent service

l Enabling or disabling the corresponding version of SNMP

l Setting the engine ID of a local device

2. Configuring security management

l Setting an SNMP group

l Adding a user to an SNMP group or deleting a user from it

l Setting community name

l Setting view information

3. Configuring trap managementl Enabling or disabling Trap messages

l Enabling BGP Trap messages

l Enabling VRRP Trap messages

l Setting the address of the Trap destination host

l Specifying the source address for sending Trap messages

l Setting the queue size of Trap messages

l Setting the lifetime of Trap messages

4. Configuring performance managementl Adding an object of an SNMP performance measurement task

l Setting the lifetime of an SNMP performance measurement task

5. Configuring system information management

l Setting the maximum size of the SNMP message

l Setting the system information of the SNMP agent

Configuring Agent Management

ACT SAGENTis used to enable the SNMP agent service. By default, the SNMP agent serviceis disabled.



Operation Guide



Issue 03 (2008-04-10)


19/28

Table 4-3Enabling or disabling SNMP agent service

Command Function

ACT SAGENT Enable the SNMP agent service.

CLS SAGENT Disable the SNMP agent service.

SET SSYSVERis used to enable the corresponding version of SNMP. By default, SNMP v3

is enabled.

Table 4-4Enabling or disabling the corresponding version of SNMP

Command Function

SET SSYSVER Enables the corresponding version of SNMP.

RMV SSYSVER Disables the corresponding version of

SNMP.

SET ENGIDis used to set the engine ID of a local device. By default, the engine ID is the

companys enterprise number plus the device information. The device information can be the

IP address, MAC address, or a user-defined hexadecimal numeral string.

NOTE

When the SNMP function of the GGSN9811 is enabled, the engine ID of the local device is generated by

default. If you need to set another engine ID, run SET ENGID. In this case, the companys enterprise

number is generated by default, while the device information can be set by the user.

Table 4-5Setting the engine ID of a local device

Command Function

SET ENGID Sets the engine ID of a local device.

RMV ENGID Restores the default engine ID of a device.

Configuring Security Management

SET SGRPis used to set a new SNMP group, that is, you can map an SNMP user to SNMP

view. RMV SGRPis used to delete a specific SNMP group.

Table 4-6Setting or removing an SNMP group

Command Function

SET SGRP Sets a new SNMP group.

RMV SGRP Removes a specific SNMP group.





4-19


20/28

ADD SUSRis used to add a user to a specified SNMP group.

Table 4-7Adding or removing a user

Command FunctionADD SUSR Adds a new user to a specified SNMP group.

RMV SUSR Removes a user specified by the SNMP

group.

ADD SCOMMis used to set the community name for SNMPV1 and SNMPV2C, corresponding

MIB view and access control list (ACL).

SNMPV1 and SNMPV2c use community names for authentication. The SNMP packets not

matching the authenticated community name of the device are discarded.

Table 4-8Setting or removing a community name

Command Function

ADD SCOMM Sets a community name and its access

authority.

RMV SCOMM Removes the community name.

With ADD SCOMM, you can create different community names, and assign them with read-

only or read-write authority as required. A community with read-only authority can only query

the device information and a community with read-write authority can configure the devices

additionally. By setting community names and access authorities, you can easily classify the

management stations into communities with different authorities. This guarantees safety and

flexibility.

ADD MIBVIEWis used to create and update the view information.

Table 4-9Creating, updating, or removing the view information

Command Function

ADD MIBVIEW Creates or updates the view information.

RMV MIBVIEW Removes the view information.

Configuring Trap Management

ACT SATRAPis used to enable a device to send the Trap message to the NMS.

The Trap message is the non-requested information sent by a managed device to the NMS, whichis used to report emergencies and critical events such as board restart.



Operation Guide



Issue 03 (2008-04-10)


21/28

Table 4-10Enabling or disabling the Trap message

Command Function

ACT SATRAP Enable a device to send the Trap message to

the NMS.

DEA SATRAP Disable a device to send the SNMP Trap

message.

ACT BGPTRAPis used to enable a device to send the BGP Trap message.

ACT BGPTRAPis used together with ADD TRAPIP. ADD TRAPIPis used to specify the

hosts to which the Trap message is sent.

To send the Trap message, you must use at least one ADD TRAPIPcommand.

Table 4-11Enabling the device to send the BGP Trap message

Command Function

ACT BGPTRAP Enables a device to send the BGP Trap

message.

DEA BGPTRAP Disables a device to send the BGP Trap

message.

ADD TRAPIPis used to set the address of the host that receives the SNMP Trap message.

ADD TRAPIPis used together with ACT SATRAP. ACT SATRAPis used to enable the

device to send the Trap message. ADD TRAPIPis used to specify the host to which the Trap

message is sent. To send a Trap message, you must use ACT SATRAPand one ADD

TRAPIP.

Table 4-12Setting or removing the address of the host that receives the SNMP Trap message

Command Function

ADD TRAPIP Sets the address of the host that receives the

SNMP Trap message.

RMV TRAPIP Removes the address of the destination host

that receives the SNMP Trap message.

SET TRAPSRCis used to set the source address from which the Trap message is sent. If you

attempt to trace a specific event through the Trap address, run this command.





4-21


22/28

Table 4-13Setting or removing the source address from which the Trap message is sent

Command Function

SET TRAPSRC Sets the source address from which the Trap

message is sent

RMV TRAPSRC Removes the source address from which the

Trap message is sent

SET TRAPQUESZis used to set the queue size of the Trap message sent to the destination

host.

Table 4-14Setting the queue size of the Trap message

Command Function

SET TRAPQUESZ Sets the queue size of the Trap message sent

to the destination host.

RMV TRAPQUESZ Restores the default queue size of the Trap

message.

SET TRAPLFis used to set the lifetime of the Trap message. The Trap messages exceeding

the lifetime are discarded.

Table 4-15Setting the lifetime of the Trap message

Command Function

SET TRAPLF Sets the lifetime of the Trap message.

RMV TRAPLF Restores the default lifetime of the Trap

message.

Configuring Performance ManagementADD SAOBJis used to set the object of SNMP performance measurement.

Table 4-16Setting the object of SNMP performance measurement

Command Function

ADD SAOBJ Adds an object of SNMP performance

measurement task.

RMV SAOBJ Removes an object of SNMP performance

measurement task.



Operation Guide



Issue 03 (2008-04-10)


23/28

SET SAPERIODis used to set or modify the period information about the SNMP performance

measurement.

Table 4-17Setting period information about the SNMP performance measurement

Command Function

SET SAPERIOD Sets period information about the SNMP

performance measurement.

Configuring System Information Management

SET SSIZEis used to set the maximum size of the SNMP message that the agent can receive

or send.

Table 4-18Setting the maximum size of the SNMP message that the agent can receive or send

Command Function

SET SSIZE Sets the maximum size of the SNMP message

that the agent can receive or send.

RMV SSIZE Restores the default size of the SNMP

message that the agent can receive or send.

SET SSYSINFOis used to set SNMP agent system information, including system maintenanceinformation and physical locations of the device nodes.

System information includes the ID and contact information of relevant administrator and the

physical location of the managed device GGSN9811. In this case, the user can store important

information in the device for query in the case of an emergency.

Table 4-19Setting or removing the information of the SNMP agent system

Command Function

SET SSYSINFO Sets the information of the SNMP agent

system.

RMV SSYSINFO Restores the default information of the SNMP

agent system.

4.6.3 SNMP Configuration Examples

This part describes a Simple Network Management Protocol (SNMP) configuration example.





4-23


24/28

Prerequisite

Refer to Figure 4-3. The network management system (NMS) is connected to the GGSN9811

through the Ethernet. The IP address of the NMS is 129.102.149.23. The IP address of the

Ethernet interface is 129.102.0.1.

Figure 4-3Networking diagram of the SNMP configuration

Ethernet

Ethernet1/0/0:1.0.1.11Ethernet1/0/0:1.0.1.12

DeviceB

Router A

Configuration Procedure

Procedure

Step 1 Enable the SNMP agent service and set the SNMP agent version to SNMPV2.

Enable SNMP agent service (To configure SNMP, you must enable the SNMP agent service

first).

ACT SAGENT:;

Set the SNMP agent version to SNMPV2.

SET SSYSVER: OP=SPECIFIC, VER=V2C;

Step 2 Set community name and access authority.

ADD SCOMM: COMMRT=READ, NAME="public";

ADD SCOMM: COMMRT=WRITE, NAME="private";

Step 3 Set SNMP agent system information, including the ID and contact information of theadministrator, and the location of the device.

SET SSYSINFO: IDX=CONTACT, INFOTXT="Mr.Wang-Tel:3306";

SET SSYSINFO: IDX=LOCATION, INFOTXT="telephone-closet,3rd-floor";

Step 4 Enable to send the NMS (129.102.149.23) Trap message with community name as public.

ACT SATRAP:;

ADD TRAPIP: IP="129.102.149.23", SECN="public", VER=V2C;

Step 5 Set the time range for reporting the performance measurement data to 10:0012:00,measurement period to 15 minutes, and measurement object to APN.

Set the time range for reporting the performance measurement data to 10:0012:00 and

measurement period to M15.

SET SAPERIOD: PERIODTIMENUM=1, ST1=10&00, ET1=12&00, PRD=M15;

Set the object isp.com with its type of APN.

ADD SAOBJ: OBJECTTYPE=APN, OBJECTPARA="isp.com";

----End



Operation Guide



Issue 03 (2008-04-10)


25/28

Postrequisite

NOTE

You need to set the IP address to 129.102.0.1 and community name to PRIVATEon the NMS. Thus, you

can query and operate the device by using the NMS client program. For commands of NMS configuration,

refer to the shipping document.

4.7 Managing SSH

This part describes the principle, functions, operation steps, and commands of the secure shell

(SSH).

4.7.1 Overview of the SSH

This part describes the principle and operation steps of the secure shell (SSH) management.

4.7.2 Starting the SSH Client

This part describes how to start the secure shell (SSH) client before using the SSH function.

4.7.3 Preparations for Sessions

This part describes the preparations for the sessions before the secure shell (SSH) client is

applied.

4.7.4 Activating Sessions

This part describes how to activate the sessions by using the secure shell (SSH) client.

4.7.5 Port Forwarding

This part describes how to transmit and maintain the data in a reliable way. When starting the

local maintenance terminal (LMT), users can log in to the GGSN9811 by using the secure shell

(SSH) client as the proxy server.

4.7.1 Overview of the SSH

This part describes the principle and operation steps of the secure shell (SSH) management.

The SSH is aprotocol stack drafted by the Internet Engineering Task Force (IETF). The purpose

of the SSH isto provide secure remote login and other security network services over the

unsecured network.

The SSH canprovides the GGSN9811 with the secure and reliable remote login mode, secure

file transfer function, and port forwarding function.

The SSH client is installed with independent software installation software. The SSH server isintegrated on the SRU of the GGSN9811. Users can Telnet log in to the GGSN through the SSH

client to maintain the network element (NE). In addition, users can access the GGSN9811 by

using the SSH client as a proxy server when starting the local maintenance terminal (LMT). In

this case, the secure data transmission and maintenance can be realized.

CAUTION

The GGSN9811 can provide the SSH feature only when the corresponding license is purchased.

Figure 4-4shows the principle of the SSH management function.





4-25


26/28

Figure 4-4Principle of the SSH management function

Client

Server

program

SSH server

Listener

port

Server

Plain text

transfer

SSH ciphering

transfer

Port 22

Plain text

transfer

SSH client

Listener

port

Clientprogram

The users can start the following sessions through the SSH client.

l SSH session: It is used for STelnet connection and port forwarding. The SSH client transfers

the data to the NE by encapsulating the data.

l SFTP session: It is used to encrypt the FTP transmission data.

NOTE

l The GGSN supports multiple types of SSH client software. The I3SAFE SSH client software developed

by Huawei is recommended. This document details the SSH by taking the I3SAFE SSH client software

as an example.

l If the related operation description is not available in this document, refer to the online help of the SSH

client software.

4.7.2 Starting the SSH Client

This part describes how to start the secure shell (SSH) client before using the SSH function.

Context

To start the SSH client, perform the following steps:

Procedure

Step 1 Start the SSH connection agent.

Choose Start> Programs> I3SAFE SSH> SSH connection agent. The tray icon is

displayed in the taskbar.

NOTE

The SSH connection agent must be enabled when the SSH client software is applied.

Step 2 Start the SSH client.

Choose Start> Programs> I3SAFE SSH> SSH connection agent.

Step 3 Connect to the network element (NE) according to the help of the SSH client software.

----End



Operation Guide



Issue 03 (2008-04-10)


27/28

4.7.3 Preparations for Sessions

This part describes the preparations for the sessions before the secure shell (SSH) client is

applied.

Context

Perform the following steps:

Procedure

Step 1 Add the SSH user before establishing the SSH connections.

Run ADD SSHUSERon the LMT. The added user name must be consistent with that of the

SSH client.

Step 2 (Optional) Generate the key pair when choosing the key authentication.Generate the public and private key pairs according to the help of the SSH client software.

Step 3 (Optional) Download the public key file to the server.

Run DLD SSHRSAPUBKEYon the GGSN9811 to download the public key file from the SSH

client.

----End

4.7.4 Activating Sessions

This part describes how to activate the sessions by using the secure shell (SSH) client.

Context

For details on the operations, refer to the help of the SSH client. Perform the following operations

on the SSH client:

Procedure

Step 1 Configure the SSH connections.

Step 2 Set the general parameters.

Step 3 Set the public key management mode of the server.

Step 4 Start the session.

----End

Postrequisite

NOTE

When the GGSN9811 sets up the session, the number of connections and that of channels are as follows:

l A maximum of five connections are supported.

l One connection occupies one SFTP channel only.





4-27


28/28

4.7.5 Port Forwarding

This part describes how to transmit and maintain the data in a reliable way. When starting the

local maintenance terminal (LMT), users can log in to the GGSN9811 by using the secure shell

(SSH) client as the proxy server.

Context

To log in to the network element (NE) through the SSH client, perform the following steps:

Procedure

Step 1 Start the SSH client to activate the SSH session.

Step 2 Start the LMT. The User Logindialog box is displayed.

Step 3 Log in to the system with both user name and password as admin if you log in to the system for

the first time.

Step 4 Set the office direction by clicking in the Office Directionbox.

The office direction can be set to the following:

l IP address of the target server in the SSH connection.

The interception relations and mapping in the LMT agent window of the SSH client must be

configured.

l IP address of local computer.

The options in the LMT agent window of the SSH client must not be configured.

Step 5 Set the proxy server.

l If the office direction is set to the IP address of the target server, select the checkbox on the

left side of the proxy server. Then, set the IP address of the local computer to that of the

proxy server.

l If the office direction is set to the IP address of the local computer, the proxy server is not

configured.

Step 6 Set User Typeto Local.

Step 7 Click Login.

----End



Operation Guide

01-04 managing the system of the ggsn9811

Documents