To commission an OmniSwitch for NFM-P management
Before you begin
See the appropriate OmniSwitch documentation for more information about the CLI command syntax and SNMP.
Note: The NFM-P cannot discover an OmniSwitch that is configured with the factory default settings.
Note: You must use a direct console port connection to access an OmniSwitch for the first time. All other management methods such as SNMP, Telnet, FTP, and HTTP, are disabled until you enable them.
Steps
|
|
1 |
Open a console window using a direct console port connection to the OmniSwitch.
|
2 |
Create a Loopback0 interface and assign an IP address to the interface by entering the following:
ip interface Loopback0 address xxx.xxx.xxx.xxx ↵
where
xxx.xxx.xxx.xxx is the IP address of the interface
Note: Loopback0 is the name assigned to an IP interface to identify an address that is used for network management purposes. The Loopback0 interface is not bound to any VLAN, therefore it always remains operationally active.
The Loopback0 interface name is case-sensitive. Ensure that you enter the name exactly as shown.
|
3 |
Enable SNMP sessions on the switch by entering the following:
aaa authentication snmp local ↵
|
4 |
Enable FTP, Telnet, HTTP, or SSH sessions, if required, by entering the following:
aaa authentication ftp local ↵
aaa authentication telnet local ↵
aaa authentication http local ↵
aaa authentication ssh local ↵
|
5 |
Perform one of the following to configure the required version of SNMP on the switch and the NFM-P:
Note: The OmniSwitch default user, admin, does not have SNMP access. Before the NFM-P can discover an OmniSwitch, you must create at least one user on the switch with SNMP access.
-
For SNMP v2c:
-
Configure an SNMP v2 user by entering the following:
user user_name password password no auth ↵
where
user_name is a username that corresponds to an SNMP v2 user who the NFM-P can identify; Nokia recommends that you use the name sam, which is the NFM-P default name
password is a password associated with the username; the password is between 8 and 47 characters
Note:
If you need to use a different SNMPv2 default user name, create an SNMPv2 default user name on the NFM-P. See the procedure to create a default SNMPv2 OmniSwitch user in the NSP System Administrator Guide for information about creating an SNMPv2 default user name.
-
Configure SNMP v2 trap forwarding to the NFM-P by entering the following:
snmp station xxx.xxx.xxx.xxx v2 user_name ↵
where
xxx.xxx.xxx.xxx is the IP address of the NFM-P main server
user_name is the username that you created in
1
Note:
Trap forwarding configuration occurs automatically when the NFM-P discovers a switch and uses the default SNMP v2 user name sam or the user name configured, if any.
-
Configure an SNMP security level that allows the switch to accept all SNMP queries by entering the following:
snmp security no security ↵
-
Configure an SNMP v2 community string by entering the following:
snmp community map community_string user user_name ↵
where
community_string is the name of an SNMP v2 community string that the NFM-P can identify
user_name is the SNMP v2 username created in
1
-
Create a mediation security policy on the NFM-P that uses a community string that matches the string created in
4 . See
To configure device mediation for information about creating a mediation security policy.
-
Create a discovery rule on the NFM-P to discover the switch and reference the policy created in
5 . See
To configure a discovery rule for information about creating a discovery rule.
-
For SNMP v3:
-
Configure an SNMP v3 user on the switch by entering the following:
user user_name password password security_level ↵
where
user_name is a username that matches an SNMP v3 USM username configured on the NFM-P
password is a password associated with the username; the password is between 8 and 47 characters. The password is the plain text ASCII MD5/SHA authentication key and DES privacy key.
security_level is MD5, MD5 + DES, SHA, or SHA + DES
-
Configure SNMP v3 trap forwarding to the NFM-P by entering the following:
snmp station xxx.xxx.xxx.xxx v3 user_name ↵
where
xxx.xxx.xxx.xxx is the IP address of the NFM-P main server
user_name is the username created in
1
Note:
Trap forwarding occurs automatically when the NFM-P discovers a device with a username that matches the SNMP v3 USM username specified in the NFM-P mediation policy.
-
Configure the SNMP v3 switch security option that you need by entering the following:
snmp security security_option ↵
where security_option is one of the security options described in the following table
Option |
Description |
no security |
All SNMP queries are accepted. |
authentication set |
Includes:
-
SNPM v1 and v2 Gets
-
Non-authenticated v3 Gets and Get-Nexts
-
Authenticated v3 Sets, Gets, and Get-Nexts
-
Encrypted v3 Sets, Gets, and Get-Nexts |
authentication all |
Includes:
-
Authenticated v3 Sets, Gets, and Get-Nexts
-
Encrypted v3 Sets, Gets, and Get-Nexts |
privacy set |
Includes:
-
Authenticated v3 Gets and Get-Nexts
-
Encrypted v3 Sets, Gets, and Get-Nexts |
privacy all (default) |
Includes:
|
traps only |
Includes:
|
-
Create an SNMP v3 user on the NFM-P using the NE User Configuration manager. See the section on NE user and device security in the NSP System Administrator Guide for information about NE user configuration.
-
Enable SNMP to give the SNMP v3 user SNMP access.
-
Choose a username that matches the name created on the switch in
1 .
-
Choose the same SNMP v3 authentication protocol, privacy protocol, and password that is configured on the switch.
-
Create an SNMP v3 mediation security policy. See
To configure device mediation for information about configuring a mediation security policy.
-
Create a discovery rule that uses the mediation security policy created in
5 . See
To configure a discovery rule for information about creating discovery rules.
|
6 |
Use an NFM-P client to discover the switch and to verify that the switch configuration allows you to manage the switch.
End of steps |