To commission an OmniSwitch for NFM-P management

Before you begin

See the appropriate OmniSwitch documentation for more information about the CLI command syntax and SNMP.

Note: The NFM-P cannot discover an OmniSwitch that is configured with the factory default settings.

Note: You must use a direct console port connection to access an OmniSwitch for the first time. All other management methods such as SNMP, Telnet, FTP, and HTTP, are disabled until you enable them.

Steps
 

Open a console window using a direct console port connection to the OmniSwitch.


Create a Loopback0 interface and assign an IP address to the interface by entering the following:

ip interface Loopback0 address xxx.xxx.xxx.xxx

where

xxx.xxx.xxx.xxx is the IP address of the interface

Note: Loopback0 is the name assigned to an IP interface to identify an address that is used for network management purposes. The Loopback0 interface is not bound to any VLAN, therefore it always remains operationally active.

The Loopback0 interface name is case-sensitive. Ensure that you enter the name exactly as shown.


Enable SNMP sessions on the switch by entering the following:

aaa authentication snmp local ↵


Enable FTP, Telnet, HTTP, or SSH sessions, if required, by entering the following:

aaa authentication ftp local ↵

aaa authentication telnet local ↵

aaa authentication http local ↵

aaa authentication ssh local ↵


Perform one of the following to configure the required version of SNMP on the switch and the NFM-P:

Note: The OmniSwitch default user, admin, does not have SNMP access. Before the NFM-P can discover an OmniSwitch, you must create at least one user on the switch with SNMP access.

  1. For SNMP v2c:

    1. Configure an SNMP v2 user by entering the following:

      user user_name password password no auth ↵

      where

      user_name is a username that corresponds to an SNMP v2 user who the NFM-P can identify; Nokia recommends that you use the name sam, which is the NFM-P default name

      password is a password associated with the username; the password is between 8 and 47 characters

      Note:

      If you need to use a different SNMPv2 default user name, create an SNMPv2 default user name on the NFM-P. See the procedure to create a default SNMPv2 OmniSwitch user in the NSP System Administrator Guide for information about creating an SNMPv2 default user name.

    2. Configure SNMP v2 trap forwarding to the NFM-P by entering the following:

      snmp station xxx.xxx.xxx.xxx v2 user_name

      where

      xxx.xxx.xxx.xxx is the IP address of the NFM-P main server

      user_name is the username that you created in 1

      Note:

      Trap forwarding configuration occurs automatically when the NFM-P discovers a switch and uses the default SNMP v2 user name sam or the user name configured, if any.

    3. Configure an SNMP security level that allows the switch to accept all SNMP queries by entering the following:

      snmp security no security ↵

    4. Configure an SNMP v2 community string by entering the following:

      snmp community map community_string user user_name

      where

      community_string is the name of an SNMP v2 community string that the NFM-P can identify

      user_name is the SNMP v2 username created in 1

    5. Create a mediation security policy on the NFM-P that uses a community string that matches the string created in 4 . See To configure device mediation for information about creating a mediation security policy.

    6. Create a discovery rule on the NFM-P to discover the switch and reference the policy created in 5 . See To configure a discovery rule for information about creating a discovery rule.

  2. For SNMP v3:

    1. Configure an SNMP v3 user on the switch by entering the following:

      user user_name password password security_level

      where

      user_name is a username that matches an SNMP v3 USM username configured on the NFM-P

      password is a password associated with the username; the password is between 8 and 47 characters. The password is the plain text ASCII MD5/SHA authentication key and DES privacy key.

      security_level is MD5, MD5 + DES, SHA, or SHA + DES

    2. Configure SNMP v3 trap forwarding to the NFM-P by entering the following:

      snmp station xxx.xxx.xxx.xxx v3 user_name

      where

      xxx.xxx.xxx.xxx is the IP address of the NFM-P main server

      user_name is the username created in 1

      Note:

      Trap forwarding occurs automatically when the NFM-P discovers a device with a username that matches the SNMP v3 USM username specified in the NFM-P mediation policy.

    3. Configure the SNMP v3 switch security option that you need by entering the following:

      snmp security security_option

      where security_option is one of the security options described in the following table

      Option

      Description

      no security

      All SNMP queries are accepted.

      authentication set

      Includes:

      • SNPM v1 and v2 Gets

      • Non-authenticated v3 Gets and Get-Nexts

      • Authenticated v3 Sets, Gets, and Get-Nexts

      • Encrypted v3 Sets, Gets, and Get-Nexts

      authentication all

      Includes:

      • Authenticated v3 Sets, Gets, and Get-Nexts

      • Encrypted v3 Sets, Gets, and Get-Nexts

      privacy set

      Includes:

      • Authenticated v3 Gets and Get-Nexts

      • Encrypted v3 Sets, Gets, and Get-Nexts

      privacy all (default)

      Includes:

      • Encrypted v3 Sets, Gets, and Get-Nexts

      traps only

      Includes:

      • All SNMP requests are rejected

    4. Create an SNMP v3 user on the NFM-P using the NE User Configuration manager. See the section on NE user and device security in the NSP System Administrator Guide for information about NE user configuration.

      • Enable SNMP to give the SNMP v3 user SNMP access.

      • Choose a username that matches the name created on the switch in 1 .

      • Choose the same SNMP v3 authentication protocol, privacy protocol, and password that is configured on the switch.

    5. Create an SNMP v3 mediation security policy. See To configure device mediation for information about configuring a mediation security policy.

      • Choose the SNMP v3 (USM) security model option.

      • Choose a username that matches the name created on the switch in 1 .

    6. Create a discovery rule that uses the mediation security policy created in 5 . See To configure a discovery rule for information about creating discovery rules.


Use an NFM-P client to discover the switch and to verify that the switch configuration allows you to manage the switch.

End of steps