Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Device Configuration-Huawei Switch

Owned by Customer Success & Engineering
Last updated: Feb 06, 2023
8 min read

Overview

This document will help you with the steps to ingest the Huawei Switch with Seceon SIEM to have better visibility of threats happening in your environment.

The configuration roadmap is as follows:

  1. Configure an IP address for each switch interface.

  2. Configure sFlow agent and collector information on the device.

  3. Configure flow sampling on the interface.

  4. Configure counter sampling on the interface.

Configuration Steps

  1. Configure an IP address for the interface of Switch (We have used 10.1.10.1 24 , 10.1.20.1 24, 10.1.30.1 24 interfaces as an example )

    <HUAWEI> system-view [HUAWEI] sysname SwitchA [SwitchA] vlan batch 10 20 30 [SwitchA] interface gigabitethernet 0/0/1 [SwitchA-GigabitEthernet0/0/1] port link-type access [SwitchA-GigabitEthernet0/0/1] port default vlan 10 [SwitchA-GigabitEthernet0/0/1] quit [SwitchA] interface vlanif 10 [SwitchA-Vlanif10] ip address 10.1.10.1 24 [SwitchA-Vlanif10] quit [SwitchA] interface gigabitethernet 0/0/2 [SwitchA-GigabitEthernet0/0/2] port link-type hybrid [SwitchA-GigabitEthernet0/0/2] port hybrid pvid vlan 20 [SwitchA-GigabitEthernet0/0/2] port hybrid untagged vlan 20 [SwitchA-GigabitEthernet0/0/2] quit [SwitchA] interface vlanif 20 [SwitchA-Vlanif20] ip address 10.1.20.1 24 [SwitchA-Vlanif20] quit [SwitchA] interface gigabitethernet 0/0/3 [SwitchA-GigabitEthernet0/0/3] port link-type hybrid [SwitchA-GigabitEthernet0/0/3] port hybrid pvid vlan 30 [SwitchA-GigabitEthernet0/0/3] port hybrid untagged vlan 30 [SwitchA-GigabitEthernet0/0/3] quit [SwitchA] interface vlanif 30 [SwitchA-Vlanif30] ip address 10.1.30.1 24 [SwitchA-Vlanif30] quit

2. Configure sFlow agent and collector information

  • Configure an IP address for the sFlow agent (please provide you Huawei switch IP , we have used 10.1.10.1 as an example )

    [SwitchA] sflow agent ip 10.1.10.1

  • Configure sFlow collector information: ID 2, CCE IP address (here we are using 10.1.10.2 as an example ), and description netserver.

    [SwitchA] sflow collector 2 ip 10.1.10.2 description netserver

3. Configure flow sampling

  • Set the sampling rate

  • Specify collector 2 as the target collector to receive sFlow packets sent by the agent.

4. Configure counter sampling

  • Set the counter sampling interval to 120s.

  • Specify collector 2 as the target collector to receive sFlow packets sent by the agent.

Verification

On the Huawei server

  • After the configuration is complete, run the display sflow command on SwitchA to check the global sFlow configuration.

  • SwitchA configuration file

On Seceon UI

  • Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .

  • LOGS AND FLOWS COLLECTION STATUS .

     

  • Inside SOURCE DEVICE IP, IP will reflect.

 

Reference: https://support.huawei.com/enterprise/en/doc/EDOC1000178174/d73ef0a7/example-for-configuring-sflow

 

Seceon Inc. All rights reserved. https://www.seceon.com