Discovery

2013 NOKIA. All Rights Reserved.
TOS36041_V3.0-SG-R12.0-Ed2 Module 1.3 Edition 1

Section 1 Module 3 Page 1
Page
1- Discovery Overview 7
2 - Prepare the node for the SAM 9
3- Discovery Workflow User Creation 18
4 - Discovery Workflow Mediation Policy 21
5 - Discovery Workflow Router Discovery 25
6 - Verification 29

This page is left blank intentionally

The following workflow outlines the high-level steps necessary to discover the network.
1. Prepare the node for the SAM providing the configuration required for discovery.
2. If SNMPv3 is the management protocol, a user has to be created at the SAM level.
3. Configure a mediation policy - define the interval at which the 5620 SAM polls NEs for SNMP MIB configuration
changes. At this step, the administrator specify the security model.
4. Discover the Network Elements
The different steps are detailed on the next pages.

Prepare the node for the SAM
The first step to enable the 5620 SAM to discover and manage network elements is to provide for the initial
configuration of the devices. Use the following steps to provide the basic configuration
1. Initiate a CLI or SSH session with the appropriate network element
2. Configure the Management IP interface

Follow the procedure shown above to define the Ethernet management IP which is used for remote access to the
network element. This address is defined in the bof (boot options file). Configure the interface, as required.
3. Set persistence on
Persistence is required for management of network devices through the 5620 SAM and is enabled by default. Set
the parameter, as required.

4. Define the location to save the configuration file
Changes to the configuration of the router (interfaces, SNMP, etc) must be saved to ensure that the parameters
are not lost should the element be rebooted. The file location can be either on an ftp server or any of the compact
flashes on the device. There is no specific naming convention for the filename however, it must end with a .cfg
extension. This file will become the default save location each time an admin save is performed.
5. Save the bof

To ensure that changes are not lost should the network element reboot, perform a bof save as indicated above.
6. SNMPv2 : Configure SNMP Security

Deployments are initiated from the SAM to the managed devices through SNMP. By default, SNMP is not
configured on the managed devices. Therefore, network operators or administrators will be required to define the
SNMP parameters. The Community String parameter specifies the name of the community shared between the
network manager and a managed element. This parameter is configurable when the Security Model parameter is
set to SNMP v2c. SNMPv3 requires more extensive configuration. Refer to the managed devices technical practices
for details.

SNMPv3 requires more extensive configuration.
7. Establish the Engine ID of the router via CLI

show system information
....
SNMP Engine ID : 0000197f00000003fa14bfa7
8. The utility file which generates the key is located in the ~/bin directory on the 5620 SAM server and (from Rel.4.0)
the SAM client:
Solaris Server: /opt/5620sam/server/nms/bin/password2key.bash
Solaris/Linux Client: /opt/5620sam/client/nms/bin/password2key.bash
9. Generate the key (UNIX example) using the syntax shown below:
./password2key.bash method password EngineID
Where:
Method MD5 (or SHA). Two of the most common cryptographic hash functions are the
Secure Hash Algorithm (SHA) and Message Digest Algorithm-5 (MD5).
Password Password string
EngineID SNMP Engine ID of the ESS/SR in hexadecimal form
Example
./password2key.bash md5 admin 0000197f00009abfff000000
MD5 key: 1496d686f1616f27af1600768d3fcd38
DES key: 1496d686f1616f27af1600768d3fcd38
AES key: 1496d686f1616f27af1600768d3fcd38

Using the key generated in the previous step. create an SNMPv3 user on the managed device.
config system security

snmp
access group "samgroup" security-model usm security-level privacy read "iso" write "iso" notify "iso
exit
config system security

user snmpv3_username "
access snmp
snmp
authentication md5 <key> privacy des-key <key>
group "samgroup"
exit
exit
where
snmpv3_username is the name being assigned to the SNMPv3 user
Samgroup is the name of the new SNMP user group
The Method is sha or md5, depending on the authentication method used
The SHA or MD5 authentication key is generated in step 6.
The DES privacy key is generated in step 6.
Data Encryption Standard (DES) is a method of message encryption for SNMP version3.

Initial Router Router Configuration (Cont.)
12. Enable SNMP

By default, SNMP is disabled. Enable the protocol and ensure that the appropriate PDU size is set (5620 SAM
requires a PDU size of 9216 bytes).
13. System Address : Configure the System IP address
14. Save the configuration changes

# admin save <Enter>

The node is prepared for SAM.
Check the IP management address (show bof)
Check the Persistence (show bof)
Check the location of the configuration file (show bof)
Check the system address (show router interface)
Check SNMP (config system and info)

Choose the correct answer for the knowledge verification question above.

Your instructor may perform the above mentioned demonstrations using the 5620 SAM GUI.
In addition, your instructor will point out the appropriate lab module containing the above mentioned hands-on lab
exercises, and will indicate the time allowed to perform these hands-on exercises.

To enable device management by the 5620 SAM, you must do the following:
Create an SNMPv3 user using the 5620 SAM NE user configuration manager.
You must specify the following for each user:
Give the user SNMP access.
Enter the same User Name as the user name created configured in the previous step.
On the SNMPv3 tab, select MD5 as the authentication protocol and DES as the privacy protocol.
Type the appropriate ASCII password used to generate the MD5 or SHA authentication key, and DES
privacy key


The following workflow outlines the high-level steps necessary to configure a Mediation Policy.
1. Configure a mediation policy. From the 5620 SAM main menu, select Administration > Mediation
2. Select the Mediation Security tab. Create a new SNMP mediation security policy, or select an existing policy
Configure the General Mediation Parameters
Displayed Name: The Displayed Name parameter specifies a name for the policy
The Security Model parameter specifies which version of SNMP should be used, depending on your
network security requirements
SNMP v1: Version v1 of SNMP is used for authentication. The Community String parameter must
match that of the managed NE.
SNMP v2c (default): Version 2c of SNMP is used for authentication. The Community String
parameter must match that of the managed NE.
SNMP v3 (USM): Version 3 of SNMP is used for authentication. Choose a user by clicking on the
Select button.
3. Configure SNMP
The Community String parameter specifies the name of the community shared between the network
manager and a managed element. This parameter is configurable when the Security Model parameter is
set to SNMP v2c. The default is private.
The User Name parameter specifies a unique name for the site user. This parameter is configurable when
the Security Model parameter is set to SNMP v3 (USM).

4. CLI and FTP parameters:
The Communication Protocol parameter specifies the protocol that is used to connect to the device using the CLI. The
options are: Telnet (default) or SSH2
The File Transfer Type parameter specifies the protocol that is used for file transfers between the managed device and
the 5620 SAM. The options are: FTP (default); Secure ; TFTP


The 5620 SAM discovers NEs using SNMP. During the discovery process, the 5620 SAM scans the network for devices
according to user-specified IP addresses or IP address ranges. When the IP address used to discover a device is the
system IP address, also called the system ID, management is considered in-band. When the IP address used to
discover the device is the management IP address of the device management port, management is considered
out-of-band.
The following workflow outlines the high-level steps necessary to configure a discovery rule.
1. Administration > Discover Manager
2. Create a Discovery Rule.
3. Configure the general attributes
The OLC State parameter specifies the initial state of an NE after the 5620 SAM successfully discovers the
NE.
the Revert OLC State when discovery completes parameter specifies whether the NE changes to either the
In Service mode or the Maintenance mode after the NE has been discovered and fully resynchronized,
depending on the OLC State in the discovery rule.
The Management Protocol parameter specifies the format of the IP addresses that are specified for
discovery purpose.
The Default External EMS parameter specifies the default path for the external application to be launched.
Group Name : a topology group can be chosen

4. Add Rule Elements: Create rule element with IP address, Mask and Usage (The Usage parameter specifies how a
rule is used as a search filter to discover network elements. For example, one rule element may specify that a
subnet be included and therefore discovered, while another rule element may specify that specific IP addresses in
the subnet be excluded and therefore not discovered )
5. Specify the Mediation Security: Specify the mediation policies for read access, write access, and SNMP trap access.
Mediation policies are created or modified using the Mediation form as described before.
6. Add post discovery action: script to configure the NE.


The following lines summarize the steps recommended to verify the Labs network device is discovered and is managed
by the 5620 SAM:
1. Open the Discovery Manager form and click on the Managed State tab button. A list of managed devices opens.
Verify the labs newly discovered network device is on the managed devices list.
Verify the management state of the labs network device displayed in the Site State column.
Managed is the default state. If the device is unmanaged, select the device from the list and click on the
Manage button.
2. Verify the network device configuration has been reconciled with the 5620 SAM database by clicking on the Resync
Status tab button. The status is displayed in the Resync Status column.

4. Move the discovered network device icon into a group on the topology map. All newly discovered network devices
should be listed in the Discovered NEs group. Double-click on the Discovered NEs group icon. The Discovered NEs
window opens with the list of discovered nodes. Select the discovered network node(s) from the list and drag-and-
drop the listing into the appropriate group.
The network node icon will appear in that group.
5. The network devices that have been successfully reconciled appear in the 5620 SAM navigation tree and the
Equipment Manager form.





Discovery

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Discovery

Загружено:

Авторское право:

Доступные форматы

2013 NOKIA. All Rights Reserved.

TOS36041_V3.0-SG-R12.0-Ed2 Module 1.3 Edition 1

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

The different steps are detailed on the next pages.

2013 NOKIA. All Rights Reserved.

1. Initiate a CLI or SSH session with the appropriate network element

2. Configure the Management IP interface

2013 NOKIA. All Rights Reserved.

5. Save the bof

6. SNMPv2 : Configure SNMP Security

2013 NOKIA. All Rights Reserved.

7. Establish the Engine ID of the router via CLI

2013 NOKIA. All Rights Reserved.

config system security

config system security

2013 NOKIA. All Rights Reserved.

12. Enable SNMP

13. System Address : Configure the System IP address

14. Save the configuration changes

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

2013 NOKIA. All Rights Reserved.

Вам также может понравиться