Built from c042331

switch-bes-53248/CSHM_log_collection.adoc

@@ -0,0 +1,133 @@
+---
+permalink: switch-bes-53248/CSHM_log_collection.html 
+sidebar: sidebar 
+keywords: log collection feature,collect switch-related log files,SSh key,crypto key generation,BES-53248 Broadcom setup,BES-53248 switches configuration,EFOS 
+summary: '以太网交换机运行状况监控器(CSHM)日志收集功能用于从ONTAP中的集群或存储网络交换机收集日志。' 
+---
+= 以太网交换机运行状况监控日志收集
+:allow-uri-read: 
+:icons: font
+:imagesdir: ../media/
+
+
+[role="lead"]
+以太网交换机运行状况监控器(CSHM)负责确保集群和存储网络交换机的运行状况、并收集交换机日志以进行调试。此操作步骤将引导您完成设置和开始从交换机收集详细的*Support*日志的过程，并开始每小时收集由AutoSupport收集的*定期*数据。
+
+.开始之前
+* 要启用日志收集功能、必须运行ONTAP 9.12.1或更高版本以及EFOS 3.8.0.2或更高版本。
+* 必须为交换机启用交换机运行状况监控。通过确保进行验证 `Is Monitored:` 字段在的输出中设置为*TRUE* `system switch ethernet show` 命令：
+
+
+.步骤
+. 要设置日志收集、请对每个交换机运行以下命令。系统会提示您输入交换机名称、用户名和密码以收集日志。
++
+`s系统交换机以太网日志设置密码`
+
++
+.显示示例
+[%collapsible]
+====
+[listing, subs="+quotes"]
+----
+cluster1::*> *system switch ethernet log setup-password*
+Enter the switch name: *<return>*
+The switch name entered is not recognized.
+Choose from the following list:
+*cs1*
+*cs2*
+
+cluster1::*> *system switch ethernet log setup-password*
+
+Enter the switch name: *cs1*
+Would you like to specify a user other than admin for log collection? {y|n}: *n*
+
+Enter the password: *<enter switch password>*
+Enter the password again: *<enter switch password>*
+
+cluster1::*> *system switch ethernet log setup-password*
+
+Enter the switch name: *cs2*
+Would you like to specify a user other than admin for log collection? {y|n}: *n*
+
+Enter the password: *<enter switch password>*
+Enter the password again: *<enter switch password>*
+----
+====
+. 要开始收集日志、请运行以下命令、将device替换为上一命令中使用的交换机。这将开始两种类型的日志收集：详细的*Support*日志和每小时收集*定期*数据。
++
+`system switch ethernet log modify -device _<switch-name>_ -log-request true`
+
++
+.显示示例
+[%collapsible]
+====
+[listing, subs="+quotes"]
+----
+cluster1::*> *system switch ethernet log modify -device cs1 -log-request true*
+
+Do you want to modify the cluster switch log collection configuration? {y|n}: [n] *y*
+
+Enabling cluster switch log collection.
+
+cluster1::*> *system switch ethernet log modify -device cs2 -log-request true*
+
+Do you want to modify the cluster switch log collection configuration? {y|n}: [n] *y*
+
+Enabling cluster switch log collection.
+----
+====
++
+等待10分钟、然后检查日志收集是否完成：
+
++
+`system switch ethernet log show`
+
++
+
+CAUTION: 如果其中任一命令返回错误或日志收集未完成、请联系NetApp支持部门。
+
+
+
+.故障排除
+如果遇到日志收集功能报告的以下任一错误状态(在的输出中可见) `system switch ethernet log show`)、请尝试相应的调试步骤：
+
+|===
+
+
+| *日志收集错误状态* | *分辨率* 
+
+
+ a| 
+*RSA密钥不存在*
+ a| 
+重新生成ONTAP SSH密钥。请联系NetApp支持部门。
+
+
+
+ a| 
+*交换机密码错误*
+ a| 
+验证凭据、测试SSH连接并重新生成ONTAP SSH密钥。查看交换机文档或联系NetApp支持部门以获取相关说明。
+
+
+
+ a| 
+*对于FIPS*，ECDSA密钥不存在
+ a| 
+如果启用了FIPS模式、则需要在重试之前在交换机上生成ECDSA密钥。
+
+
+
+ a| 
+*已找到已有日志*
+ a| 
+删除交换机上先前的日志收集文件。
+
+
+
+ a| 
+*交换机转储日志错误*
+ a| 
+确保交换机用户具有日志收集权限。请参阅上述前提条件。
+
+|===

switch-bes-53248/CSHM_snmpv3.adoc

@@ -0,0 +1,138 @@
+---
+permalink: switch-bes-53248/CSHM_snmpv3.html 
+sidebar: sidebar 
+keywords: SNMP,SNMPv3,SNMPv3 setup,BES-53248 Broadcom setup,BES-3248 switches configuration,EFOS 
+summary: 'SNMPv3可与以太网交换机运行状况监控器(CSHM)结合使用。' 
+---
+= 配置SNMPv3
+:allow-uri-read: 
+:icons: font
+:imagesdir: ../media/
+
+
+[role="lead"]
+按照此操作步骤配置SNMPv3、此SNMPv3支持以太网交换机运行状况监控(CSHM)。
+
+.关于此任务
+以下命令可在Broadcom BES-53248交换机上配置SNMPv3用户名：
+
+* 对于*无身份验证*：`net add snmp-server username _SNMPv3用户_ auth-none`
+* 对于* MD5/SHA身份验证*：`net add snmp-server username _SNMPv3用户_[auth-md5_auth-sha]_AUTH-password_`
+* 对于采用AES/DES加密的* MD5/SHA身份验证*：`net add snmp-server username _SNMPv3用户_[auth-md5_auth-sha]_AUTH-password_[encrypt-AES_encrypt-des]_PRIV-password_`
+
+
+以下命令会在ONTAP 端配置SNMPv3用户名：`cluster1：：：*> security login create -user-or-group-name _SNMPv3用户_-application snmp -authentication-method USM -remote-switch-ipaddress _address_`
+
+以下命令将使用CSHM建立SNMPv3用户名：
+`cluster1::*> system switch ethernet modify -device _DEVICE_ -snmp-version SNMPv3 -community-or-username _SNMPv3_USER_`
+
+.步骤
+. 在交换机上设置SNMPv3用户以使用身份验证和加密：
++
+`net show snmp status`
+
++
+.显示示例
+[%collapsible]
+====
+[listing, subs="+quotes"]
+----
+(sw1)(Config)# *snmp-server user <username> network-admin auth-md5 <password> priv-aes128 <password>*
+
+(cs1)(Config)# *show snmp user snmp*
+
+ Name Group Name Auth Priv
+ Meth Meth Remote Engine ID
+----------------- ------------------ ---- ------ -------------------------
+<username> network-admin MD5 AES128 8000113d03d8c497710bee
+----
+====
+. 在ONTAP 端设置SNMPv3用户：
++
+`security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212`
+
++
+.显示示例
+[%collapsible]
+====
+[listing, subs="+quotes"]
+----
+cluster1::*> *security login create -user-or-group-name <username> -application snmp -authentication-method usm -remote-switch-ipaddress 10.231.80.212*
+
+Enter the authoritative entity's EngineID [remote EngineID]:
+
+Which authentication protocol do you want to choose (none, md5, sha, sha2-256)
+[none]: *md5*
+
+Enter the authentication protocol password (minimum 8 characters long):
+
+Enter the authentication protocol password again:
+
+Which privacy protocol do you want to choose (none, des, aes128) [none]: *aes128*
+
+Enter privacy protocol password (minimum 8 characters long):
+Enter privacy protocol password again:
+----
+====
+. 将CSHM配置为使用新SNMPv3用户进行监控：
++
+`system switch ethernet show-all -device "sw1" -instance`
+
++
+.显示示例
+[%collapsible]
+====
+[listing, subs="+quotes"]
+----
+cluster1::*> *system switch ethernet show-all -device "sw1 (b8:59:9f:09:7c:22)" -instance*
+
+ Device Name: sw1
+ IP Address: 10.228.136.24
+ SNMP Version: SNMPv2c
+ Is Discovered: true
+DEPRECATED-Community String or SNMPv3 Username: -
+ Community String or SNMPv3 Username: cshm1!
+ Model Number: BES-53248
+ Switch Network: cluster-network
+ Software Version: 3.9.0.2
+ Reason For Not Monitoring: None *<---- should display this if SNMP settings are valid*
+ Source Of Switch Version: CDP/ISDP
+ Is Monitored ?: true
+ Serial Number of the Device: QTFCU3826001C
+ RCF Version: v1.8X2 for Cluster/HA/RDMA
+
+cluster1::*>
+cluster1::*> *system switch ethernet modify -device "sw1" -snmp-version SNMPv3 -community-or-username <username>*
+----
+====
+. 确认要使用新创建的SNMPv3用户查询的序列号与CSHM轮询周期完成后上一步中详述的序列号相同。
++
+`system switch ethernet polling-interval show`
+
++
+.显示示例
+[%collapsible]
+====
+[listing, subs="+quotes"]
+----
+cluster1::*> *system switch ethernet polling-interval show*
+ Polling Interval (in minutes): 5
+
+cluster1::*> *system switch ethernet show-all -device "sw1" -instance*
+ Device Name: sw1
+ IP Address: 10.228.136.24
+ SNMP Version: SNMPv3
+ Is Discovered: true
+DEPRECATED-Community String or SNMPv3 Username: -
+ Community String or SNMPv3 Username: <username>
+ Model Number: BES-53248
+ Switch Network: cluster-network
+ Software Version: 3.9.0.2
+ Reason For Not Monitoring: None *<---- should display this if SNMP settings are valid*
+ Source Of Switch Version: CDP/ISDP
+ Is Monitored ?: true
+ Serial Number of the Device: QTFCU3826001C
+ RCF Version: v1.8X2 for Cluster/HA/RDMA
+----
+====
+