-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9637896
commit f57ea05
Showing
16 changed files
with
637 additions
and
419 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,133 @@ | ||
--- | ||
permalink: switch-bes-53248/CSHM_log_collection.html | ||
sidebar: sidebar | ||
keywords: log collection feature,collect switch-related log files,SSh key,crypto key generation,BES-53248 Broadcom setup,BES-53248 switches configuration,EFOS | ||
summary: '以太网交换机运行状况监控器(CSHM)日志收集功能用于从ONTAP中的集群或存储网络交换机收集日志。' | ||
--- | ||
= 以太网交换机运行状况监控日志收集 | ||
:allow-uri-read: | ||
:icons: font | ||
:imagesdir: ../media/ | ||
|
||
|
||
[role="lead"] | ||
以太网交换机运行状况监控器(CSHM)负责确保集群和存储网络交换机的运行状况、并收集交换机日志以进行调试。此操作步骤将引导您完成设置和开始从交换机收集详细的*Support*日志的过程,并开始每小时收集由AutoSupport收集的*定期*数据。 | ||
|
||
.开始之前 | ||
* 要启用日志收集功能、必须运行ONTAP 9.12.1或更高版本以及EFOS 3.8.0.2或更高版本。 | ||
* 必须为交换机启用交换机运行状况监控。通过确保进行验证 `Is Monitored:` 字段在的输出中设置为*TRUE* `system switch ethernet show` 命令: | ||
|
||
|
||
.步骤 | ||
. 要设置日志收集、请对每个交换机运行以下命令。系统会提示您输入交换机名称、用户名和密码以收集日志。 | ||
+ | ||
`s系统交换机以太网日志设置密码` | ||
|
||
+ | ||
.显示示例 | ||
[%collapsible] | ||
==== | ||
[listing, subs="+quotes"] | ||
---- | ||
cluster1::*> *system switch ethernet log setup-password* | ||
Enter the switch name: *<return>* | ||
The switch name entered is not recognized. | ||
Choose from the following list: | ||
*cs1* | ||
*cs2* | ||
cluster1::*> *system switch ethernet log setup-password* | ||
Enter the switch name: *cs1* | ||
Would you like to specify a user other than admin for log collection? {y|n}: *n* | ||
Enter the password: *<enter switch password>* | ||
Enter the password again: *<enter switch password>* | ||
cluster1::*> *system switch ethernet log setup-password* | ||
Enter the switch name: *cs2* | ||
Would you like to specify a user other than admin for log collection? {y|n}: *n* | ||
Enter the password: *<enter switch password>* | ||
Enter the password again: *<enter switch password>* | ||
---- | ||
==== | ||
. 要开始收集日志、请运行以下命令、将device替换为上一命令中使用的交换机。这将开始两种类型的日志收集:详细的*Support*日志和每小时收集*定期*数据。 | ||
+ | ||
`system switch ethernet log modify -device _<switch-name>_ -log-request true` | ||
|
||
+ | ||
.显示示例 | ||
[%collapsible] | ||
==== | ||
[listing, subs="+quotes"] | ||
---- | ||
cluster1::*> *system switch ethernet log modify -device cs1 -log-request true* | ||
Do you want to modify the cluster switch log collection configuration? {y|n}: [n] *y* | ||
Enabling cluster switch log collection. | ||
cluster1::*> *system switch ethernet log modify -device cs2 -log-request true* | ||
Do you want to modify the cluster switch log collection configuration? {y|n}: [n] *y* | ||
Enabling cluster switch log collection. | ||
---- | ||
==== | ||
+ | ||
等待10分钟、然后检查日志收集是否完成: | ||
|
||
+ | ||
`system switch ethernet log show` | ||
|
||
+ | ||
|
||
CAUTION: 如果其中任一命令返回错误或日志收集未完成、请联系NetApp支持部门。 | ||
|
||
|
||
|
||
.故障排除 | ||
如果遇到日志收集功能报告的以下任一错误状态(在的输出中可见) `system switch ethernet log show`)、请尝试相应的调试步骤: | ||
|
||
|=== | ||
|
||
|
||
| *日志收集错误状态* | *分辨率* | ||
|
||
|
||
a| | ||
*RSA密钥不存在* | ||
a| | ||
重新生成ONTAP SSH密钥。请联系NetApp支持部门。 | ||
|
||
|
||
|
||
a| | ||
*交换机密码错误* | ||
a| | ||
验证凭据、测试SSH连接并重新生成ONTAP SSH密钥。查看交换机文档或联系NetApp支持部门以获取相关说明。 | ||
|
||
|
||
|
||
a| | ||
*对于FIPS*,ECDSA密钥不存在 | ||
a| | ||
如果启用了FIPS模式、则需要在重试之前在交换机上生成ECDSA密钥。 | ||
|
||
|
||
|
||
a| | ||
*已找到已有日志* | ||
a| | ||
删除交换机上先前的日志收集文件。 | ||
|
||
|
||
|
||
a| | ||
*交换机转储日志错误* | ||
a| | ||
确保交换机用户具有日志收集权限。请参阅上述前提条件。 | ||
|
||
|=== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,138 @@ | ||
--- | ||
permalink: switch-bes-53248/CSHM_snmpv3.html | ||
sidebar: sidebar | ||
keywords: SNMP,SNMPv3,SNMPv3 setup,BES-53248 Broadcom setup,BES-3248 switches configuration,EFOS | ||
summary: 'SNMPv3可与以太网交换机运行状况监控器(CSHM)结合使用。' | ||
--- | ||
= 配置SNMPv3 | ||
:allow-uri-read: | ||
:icons: font | ||
:imagesdir: ../media/ | ||
|
||
|
||
[role="lead"] | ||
按照此操作步骤配置SNMPv3、此SNMPv3支持以太网交换机运行状况监控(CSHM)。 | ||
|
||
.关于此任务 | ||
以下命令可在Broadcom BES-53248交换机上配置SNMPv3用户名: | ||
|
||
* 对于*无身份验证*:`net add snmp-server username _SNMPv3用户_ auth-none` | ||
* 对于* MD5/SHA身份验证*:`net add snmp-server username _SNMPv3用户_[auth-md5_auth-sha]_AUTH-password_` | ||
* 对于采用AES/DES加密的* MD5/SHA身份验证*:`net add snmp-server username _SNMPv3用户_[auth-md5_auth-sha]_AUTH-password_[encrypt-AES_encrypt-des]_PRIV-password_` | ||
|
||
|
||
以下命令会在ONTAP 端配置SNMPv3用户名:`cluster1:::*> security login create -user-or-group-name _SNMPv3用户_-application snmp -authentication-method USM -remote-switch-ipaddress _address_` | ||
|
||
以下命令将使用CSHM建立SNMPv3用户名: | ||
`cluster1::*> system switch ethernet modify -device _DEVICE_ -snmp-version SNMPv3 -community-or-username _SNMPv3_USER_` | ||
|
||
.步骤 | ||
. 在交换机上设置SNMPv3用户以使用身份验证和加密: | ||
+ | ||
`net show snmp status` | ||
|
||
+ | ||
.显示示例 | ||
[%collapsible] | ||
==== | ||
[listing, subs="+quotes"] | ||
---- | ||
(sw1)(Config)# *snmp-server user <username> network-admin auth-md5 <password> priv-aes128 <password>* | ||
(cs1)(Config)# *show snmp user snmp* | ||
Name Group Name Auth Priv | ||
Meth Meth Remote Engine ID | ||
----------------- ------------------ ---- ------ ------------------------- | ||
<username> network-admin MD5 AES128 8000113d03d8c497710bee | ||
---- | ||
==== | ||
. 在ONTAP 端设置SNMPv3用户: | ||
+ | ||
`security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212` | ||
|
||
+ | ||
.显示示例 | ||
[%collapsible] | ||
==== | ||
[listing, subs="+quotes"] | ||
---- | ||
cluster1::*> *security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212* | ||
Enter the authoritative entity's EngineID [remote EngineID]: | ||
Which authentication protocol do you want to choose (none, md5, sha, sha2-256) | ||
[none]: *md5* | ||
Enter the authentication protocol password (minimum 8 characters long): | ||
Enter the authentication protocol password again: | ||
Which privacy protocol do you want to choose (none, des, aes128) [none]: *aes128* | ||
Enter privacy protocol password (minimum 8 characters long): | ||
Enter privacy protocol password again: | ||
---- | ||
==== | ||
. 将CSHM配置为使用新SNMPv3用户进行监控: | ||
+ | ||
`system switch ethernet show-all -device "sw1" -instance` | ||
|
||
+ | ||
.显示示例 | ||
[%collapsible] | ||
==== | ||
[listing, subs="+quotes"] | ||
---- | ||
cluster1::*> *system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instance* | ||
Device Name: sw1 | ||
IP Address: 10.228.136.24 | ||
SNMP Version: SNMPv2c | ||
Is Discovered: true | ||
DEPRECATED-Community String or SNMPv3 Username: - | ||
Community String or SNMPv3 Username: cshm1! | ||
Model Number: BES-53248 | ||
Switch Network: cluster-network | ||
Software Version: 3.9.0.2 | ||
Reason For Not Monitoring: None *<---- should display this if SNMP settings are valid* | ||
Source Of Switch Version: CDP/ISDP | ||
Is Monitored ?: true | ||
Serial Number of the Device: QTFCU3826001C | ||
RCF Version: v1.8X2 for Cluster/HA/RDMA | ||
cluster1::*> | ||
cluster1::*> *system switch ethernet modify -device "sw1" -snmp-version SNMPv3 -community-or-username <username>* | ||
---- | ||
==== | ||
. 确认要使用新创建的SNMPv3用户查询的序列号与CSHM轮询周期完成后上一步中详述的序列号相同。 | ||
+ | ||
`system switch ethernet polling-interval show` | ||
|
||
+ | ||
.显示示例 | ||
[%collapsible] | ||
==== | ||
[listing, subs="+quotes"] | ||
---- | ||
cluster1::*> *system switch ethernet polling-interval show* | ||
Polling Interval (in minutes): 5 | ||
cluster1::*> *system switch ethernet show-all -device "sw1" -instance* | ||
Device Name: sw1 | ||
IP Address: 10.228.136.24 | ||
SNMP Version: SNMPv3 | ||
Is Discovered: true | ||
DEPRECATED-Community String or SNMPv3 Username: - | ||
Community String or SNMPv3 Username: <username> | ||
Model Number: BES-53248 | ||
Switch Network: cluster-network | ||
Software Version: 3.9.0.2 | ||
Reason For Not Monitoring: None *<---- should display this if SNMP settings are valid* | ||
Source Of Switch Version: CDP/ISDP | ||
Is Monitored ?: true | ||
Serial Number of the Device: QTFCU3826001C | ||
RCF Version: v1.8X2 for Cluster/HA/RDMA | ||
---- | ||
==== | ||
|
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.