eSight Cannot Receive Device Alarms
Network Topology
Physical Network Topology
Figure 1-1 Network where switch alarms cannot be displayed on eSight
Fault Description
The eSight cannot receive alarms contains folloing scenarios:
l The eSight cannot receive the alarm information from all the devices.
l The eSight cannot receive the alarm information from one specified device.
l The eSight receive the specified alarm information from one specified device.
In other words, the information about the alarm raise or clear has existed in the switch's log, but not displayed on the eSight.
Troubleshooting Location
Troubleshooting Procedure
Step 1 Check if the eSight is started normally and whether the 162 port is occupied.
1. Start eSight to check whether an error is reported.
2. Run the netstat -aon command in the CLI to find the PID of UDP port 162. In this example, the PID of UDP port 162 is 1716.
3. Check the process name of the PID in the Task Manager. If the name is not java, port 162 is being used by another software.
Solution: Uninstall the software that uses port 162.
Step 2 Check whether the operating system firewall is turned on.
Choose Control PanelSystem and SecurityWindows FirewallCustomize Settings.
Solution:
On Customize Settings, select Turn off Windows Firewall (not recommended) and click OK.
Note:You are advised to turn on Windows firewall after troubleshooting is complete. Otherwise, the settings may cause information security risks.
Step 3 Check whether a firewall is deployed between the eSight server and devices.
If a firewall exists, check whether policies on the firewall permit pass of trap messages. The policies are as follows:
l Enabled ports: 162 and 10162
l Supported protocol: UDP
Step 4 Ping the eSight server IP address from a device to check whether the device can communicate with eSight.
Check method and solution:
l If the ping fails, check the network between the device and eSight.
l If the ping succeeds only when the vpn parameter is specified, configure the vpn parameter in the snmp target-host command.
l If the ping succeeds only when the source address is specified, configure the trap source in the snmp-agent trap source command.
Step 5 Check whether alarm masking is enabled on eSight.
1. Check the alarm masking rule on eSight.
On the main menu, choose MonitorFault ManagementAlarm Settings. On the Masking Rule page, check whether an alarm masking rule is set.
2. Check masked alarms on eSight.
On the main menu, choose MonitorFault ManagementMasked Alarms.
Disable the alarm masking rule, and check whether devices can report alarms.
3. Check whether traps of the device are recognized as events and stored in the event list.
On the main menu, choose MonitorFault ManagementEvents.
Step 6 Check the alarm configuration on the device.
Check method:
Run the display cur | inc snmp command on the device in the IP domain.
The following lists the commands on a Huawei AC6605 as an example. (For other models, see the corresponding product documentation.)
For SNMPv1/v2c, run the following commands:
l snmp-agent local-engineid xxx
l snmp-agent sys-info version all
l snmp-agent community read public
l snmp-agent community write private
l snmp-agent mib-view included iso-view iso
l snmp-agent target-host trap address udp-domain xx.xx.xx.xx params securityname public v2c private xxx
Solution:
[SNMPv1/v2c] (All the following commands are mandatory.)
snmp-agent sys-info version v1 v2c
snmp-agent community write private mib-view View_ALL
snmp-agent community read public mib-view View_ALL
snmp-agent mib-view View_ALL include iso
snmp-agent trap source MEth0/0/1
snmp-agent trap enable
snmp-agent target-host trap-hostname xyp address 10.137.241.114 udp-port 162 trap-paramsname xyp
snmp-agent target-host trap-paramsname xyp v2c securityname public
Table 1-1 Parameter description
Parameter | Description |
version | The SNMP version number must be the same as that specified on eSight and the trap version number for the target-host parameter on the device. |
community write | The write community must be the same as that specified on eSight. |
community read | The read community must be the same as that specified on eSight. |
mib-view | This parameter must be configured next to the read and write communities, and it must contain the complete ISO node: snmp-agent mib-view View_ALL include iso. |
address | The address must be the eSight server IP address. If not, the eSight server cannot receive alarms from devices. |
udp-port | This parameter specifies the port used by the eSight server to receive alarms. The value can be 162 or 10162. |
trap source | This parameter specifies the source that sends trap messages. The IP address of the source must be the same as the device IP address added on eSight. |
securityname | The security name must be the same as the read community name. |
snmp-agent sys-info version v3 For SNMPv3, run the following commands:
snmp-agent mib-view View_ALL include iso
snmp-agent group v3 snmpv3usergroup privacy read-view View_ALL write-view View_ALL notify-view View_ALL
snmp-agent usm-user v3 snmpv3user snmpv3usergroup authentication-mode md5 DCD56463205105262F43A56805AF04A0 privacy-mode des56 DCD56463205105262F43A56805AF04A0
snmp-agent target-host trap-hostname eSightServerIP address 10.137.240.91 udp-port 162 trap-paramsname trapv3param
snmp-agent target-host trap-paramsname trapv3param v3 securityname snmpv3user privacy private-netmanager
snmp-agent trap source MEth0/0/1
snmp-agent trap enable
Table 1-2 Parameter description
Parameter | Description |
version | The SNMP version number must be the same as that specified on eSight and the trap version number for the target-host parameter on the device. |
privacy | This parameter specifies whether authentication and encryption are required for communication using SNMPv3. The value Privacy indicates authentication + encryption. The value Authentication indicates authentication + non-encryption. The value must be the same as the encryption mode for trap messages specified in the snmp target-host command. |
read-view/ write-view/ notify-view | The three parameters are mandatory when you define an SNMPv3 group on a device. You can run the snmp-agent mib-view View_ALL include iso command to specify the complete ISO node. If they are not configured, the default read permission is internet, and the device does not have write and alarm reporting permission. |
snmpv3user | The value of this parameter must be the same as the security name specified on eSight and the value of the securityname parameter next to target-host on the device. |
authentication-mode | This parameter specifies an authentication mode. The value must be the same as that specified on eSight. |
privacy-mode | This parameter specifies a privacy mode. The value must be the same as that specified on eSight. |
address | The address must be the eSight server IP address. If not, the eSight server cannot receive alarms from devices. |
udp-port | This parameter specifies the port used by the eSight server to receive alarms. The value can be 162 or 10162. |
trap source | This parameter specifies the source that sends trap messages. The IP address of the source must be the same as the device IP address added on eSight. |
Step 7 Clear the browser cache.
If an alarm is displayed on the alarm list or NE Manager, but unavailable in the current or historical alarm list, check the alarm information in another browser or clear the browser cache.
Common Cause
l The port mapping of the Linux server is incorrect.
l Port 162 of the eSight server is in use.
l The firewall function is enabled on the eSight server.
l Devices are fault, or they cannot communicate with the eSight server.
l Masking rules are created on eSight to mask specified alarms.
l SNMP parameters on devices are incorrect or not proper.
l The device is disabled from sending alarms of a specific type.
