Configuration Guide Abstract This document describes the software features for the HP 5820X & 5800 Series products and guides you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Contents System maintenance and debugging ························································································································· 1 Configuring ping·······························································································································································1 Configuring ping example ······································································································································1 Tracert ················································································································································································3 Configuring tracert ···················································································································································4 System debugging ····························································································································································5 Configuring system debugging·······························································································································6 Configuring ping and tracert example ···························································································································7 Configuring NQA ························································································································································ 9 NQA benefits····························································································································································9 Basic NQA concepts ············································································································································ 11 NQA probe operation procedure ·······················································································································...
Page 4
Configuring HTTP test example···························································································································· 38 Configuring UDP jitter test example ···················································································································· 40 Configuring SNMP test example ························································································································· 43 Configuring TCP test example······························································································································ 44 Configuring UDP echo test example ··················································································································· 45 Configuring voice test example ··························································································································· 47 Configuring DLSw test example··························································································································· 50 Configuring NQA collaboration example··········································································································...
Page 5
Configuring PoE ·························································································································································85 Protocol specification ············································································································································ 86 PoE configuration task list ············································································································································· 86 Enabling PoE ·································································································································································· 87 Enabling PoE for a PoE interface························································································································· 87 Detecting PDs·································································································································································· 88 Enabling the PSE to detect nonstandard PDs ····································································································· 88 Configuring a PD disconnection detection mode ······························································································ 88 Configuring the PoE power···········································································································································...
Page 6
Configuring the RMON alarm function ·····················································································································114 Configuration prerequisites ································································································································114 Configuration procedure ····································································································································114 Displaying and maintaining RMON ··························································································································115 Configuring Ethernet statistics group example··········································································································116 Configuring history group example ···························································································································117 Configuring alarm group example ····························································································································119 Configuring CWMP ················································································································································ 121 CWMP network framework ·······························································································································121 CWMP basic functions ················································································································································122 Automatic configuration file deployment ··········································································································122 CPE system file management ·····························································································································122...
Page 7
Enabling NTDP globally and for specific ports································································································148 Configuring NTDP parameters···························································································································148 Manually collecting topology information ········································································································149 Enabling the cluster function ······························································································································149 Establishing a cluster···········································································································································149 Enabling management VLAN auto-negotiation································································································150 Configuring communication between the management device and the member devices within a cluster151 Configuring cluster management protocol packets ·························································································151 Cluster member management ····························································································································152 Configuring the member devices ·······························································································································153...
Page 8
Layer 3 remote port mirroring configuration task list ······················································································178 Configuration prerequisites ································································································································179 Configuring local mirroring groups···················································································································179 Configuring mirroring ports for a local mirroring group ················································································179 Configuring mirroring CPUs for a local mirroring group················································································180 Configuring the monitor port for a local mirroring group ··············································································180 Displaying and maintaining port mirroring···············································································································181 Configuring port mirroring examples ························································································································181 Configuring local port mirroring example········································································································181...
Page 9
Flow aging approaches······································································································································207 Configuring NetStream flow aging ···················································································································207 Displaying and maintaining NetStream ····················································································································208 Configuring NetStream examples ······························································································································208 Configuring NetStream traditional data export example ···············································································208 Configuring NetStream aggregation data export example ···········································································209 Configuring IPv6 NetStream ·································································································································· 211 IPv6 NetStream basic concepts ··································································································································211 What is an IPv6 flow ··········································································································································211 How IPv6 NetStream works ·······························································································································211 IPv6 NetStream key technologies·······························································································································212...
Page 10
Outputting log information to a Linux log host·································································································246 Outputting log information to the console ········································································································248 Saving security logs into the security log file····································································································249 Support and other resources ·································································································································· 253 Contacting HP ······························································································································································253 Subscription service ············································································································································253 Related information······················································································································································253 Documents····························································································································································253 Websites ······························································································································································253 Conventions ··································································································································································254...
System maintenance and debugging You can use the ping command and the tracert command to verify the current network connectivity, and use the debug command to enable debugging and to diagnose system faults based on the debugging information. Configuring ping The ping command allows you to verify whether a device with a specified address is reachable, and to examine network connectivity.
Page 12
Figure 1 Ping network diagram Configuration procedure # Use the ping command to display whether Device A and Device C can reach each other. <DeviceA> ping 1.1.2.2 PING 1.1.2.2: 56 data bytes, press CTRL_C to break Reply from 1.1.2.2: bytes=56 Sequence=1 ttl=254 time=205 ms Reply from 1.1.2.2: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms...
1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 --- 1.1.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/11/53 ms The principle of ping –r is as shown in...
Enable sending of ICMP timeout packets on the intermediate device (the device between the source • and destination devices). If the intermediate device is an HP device, execute the ip ttl-expires enable command on the device. For more information about this command, see IP performance optimization commands in the Layer 3 - IP Services Command Reference.
Tracert configuration To configure tracert: To do… Use the command… Remarks Enter system view. system-view — tracert [ -a source-ip | -f first-ttl | -m Required. max-ttl | -p port | -q packet-number | - Use either approach. vpn-instance vpn-instance-name | -w The tracert command is Display the routes from timeout ] * host...
Figure 3 The relationship between the protocol and screen output switch Configuring system debugging Output of the debugging information may reduce system efficiency. Administrators usually use the debugging commands to diagnose network failure. After completing the debugging, disable the corresponding debugging function, or use the undo debugging all command to disable all debugging functions.
To do… Use the command… Remarks display debugging [ interface interface-type interface-number ] Optional. Display the enabled [ module-name ] [ | { begin | debugging functions. Available in any view. exclude | include } regular- expression ] NOTE: To display the detailed debugging information on the terminal, configure the debugging, terminal debugging and terminal monitor commands.
Page 18
* * * * * * * * * <DeviceA> The output shows that Device A and Device C cannot reach other, Device A and Device B can reach each other, and an error occurred on the connection between Device B and Device C. Use the debugging ip icmp command to enable ICMP debugging on Device A and Device C to check whether the devices send or receive the specified ICMP packets, or use the display ip routing-table command to display whether Device A and Device C can reach each other.
Configuring NQA NQA can perform various types of tests and collect network performance and service quality parameters such as delay jitter, time for establishing a TCP connection, time for establishing an FTP connection, and file transfer rate. With the NQA test results, you can diagnose and locate network faults, know network performance in time and take proper actions.
Page 20
The track module notifies the state change to the static routing module The static routing module sets the static route as invalid. NOTE: High Availability For more information about the collaboration and the track module, see Configuration Guide Supporting threshold monitoring NQA supports threshold monitoring for performance parameters such as average delay jitter and packet round-trip time.
NOTE: The counting for the average or accumulate threshold type is performed per test, but that for the consecutive type is performed since the test group is started. Triggered actions The following actions may be triggered: none—NQA only records events for terminal display; it does not send trap information to the •...
During an SNMP test, one probe operation means sending one SNMPv1 packet, one SNMPv2C • packet, and one SNMPv3 packet. NQA client and server A device with NQA test groups configured is an NQA client and the NQA client initiates NQA tests. An NQA server makes responses to probe packets destined to the specified destination address and port number.
Enabling the NQA client Configurations on the NQA client only take effect when the NQA client is enabled. To enable the NQA client: To do… Use the command… Remarks Enter system view. system-view — Optional. Enable the NQA client. nqa agent enable Enabled by default.
To do… Use the command… Remarks Configure the size of the data Optional. field in each ICMP echo data-size size 100 bytes by default. request. Optional. Configure the string to be By default, the string is the filled in the data field of each data-fill string hexadecimal number ICMP echo request.
Configuration prerequisites Before you start DHCP tests, configure the DHCP server. If the NQA (DHCP client) and the DHCP server are not in the same network segment, configure a DHCP relay. For the configuration of DHCP server and DHCP relay, see Layer 3 IP Services Configuration Guide.
To do… Use the command… Remarks Required. Specify the IP address of the DNS server as the destination destination ip ip-address By default, no destination IP address of DNS packets. address is configured. Required. Configure the domain name resolve-target domain-name By default, no domain name is that needs to be translated.
To do… Use the command… Remarks Optional. By default, the operation type for Configure the operation type. operation { get | put } the FTP is get, which means obtaining files from the FTP server. Required. Configure a login username. username name By default, no login username is configured.
To do… Use the command… Remarks Configure the IP address of Required. the HTTP server as the destination ip ip-address By default, no destination IP destination address of HTTP address is configured. request packets. Optional. By default, no source IP address is specified.
Page 30
Configuration prerequisites UDP jitter tests require cooperation between the NQA server and the NQA client. Before you start UDP jitter tests, configure UDP listening services on the NQA server. For more information about UDP listening service configuration, see “Configuring the NQA server.”...
To do… Use the command… Remarks Optional. By default, no source IP address is specified. Configure the source IP The source IP address must be the source ip ip-address address for UDP jitter packets. IP address of a local interface. The local interface must be up;...
To do… Use the command… Remarks Optional. By default, no source IP address is specified. Configure the source IP The source IP address must be the source ip ip-address address of SNMP packets. IP address of a local interface. The local interface must be up; otherwise, no probe packets can be sent out.
To do… Use the command… Remarks Optional. By default, no source IP address is specified. Configure the source IP The source IP address must be the source ip ip-address address of TCP probe packets. IP address of a local interface. The local interface must be up;...
To do… Use the command… Remarks Optional. Configure the size of the data data-size size field in each UDP packet. 100 bytes by default. Optional. Configure the string to be By default, the string is the filled in the data field of each data-fill string hexadecimal number UDP packet.
Page 35
configure the advantage factor. When the system calculates the ICPIF value, this advantage factor is subtracted to modify ICPIF and MOS values and both the objective and subjective factors are considered when you evaluate the voice quality. Configuration prerequisites Voice tests require cooperation between the NQA server and the NQA client. Before you start voice tests, configure a UDP listening service on the NQA server.
To do… Use the command… Remarks Optional. By default, the probe packet size depends on the codec type. The Configure the size of the data data-size size default packet size is 172 bytes field in each probe packet. for G.711A-law and G.711 μ-law codec type, and is 32 bytes for G.729 A-law codec type.
To do… Use the command… Remarks Required. Configure the destination destination ip ip-address By default, no destination IP address of probe packets. address is configured. Optional. By default, no source IP address is specified. Configure the source IP The source IP address must be the source ip ip-address address of probe packets.
Configuring threshold monitoring Configuration prerequisites Before you configure threshold monitoring, complete the following tasks: Configure the destination address of the trap message by using the snmp-agent target-host • command. For more information about the snmp-agent target-host command, see “SNMP configuration commands.” •...
To do… Use the command… Remarks • Configure a reaction entry for reaction item-number checked-element { owd-ds monitoring the one-way delay | owd-sd } threshold-value upper-threshold (only supported in UDP jitter lower-threshold and voice tests) • Configure a reaction entry for reaction item-number checked-element icpif monitoring the ICPIF value threshold-value upper-threshold lower-threshold...
To do… Use the command… Remarks Optional. Configure the hold time of statistics hold-time hold-time statistics groups. 120 minutes by default. NOTE: • The NQA statistics collection function is not supported in DHCP tests. • If you use the frequency command to set the frequency between two consecutive tests to 0, only one test is performed, and no statistics group information is collected.
Configuring optional parameters for an NQA test group Optional parameters for an NQA test group are only valid for tests in this test group. Unless otherwise specified, the following optional parameters are applicable to all test types. To configure optional parameters for an NQA test group: To do…...
To do… Use the command… Remarks Optional. Enable the routing table route-option bypass-route Disabled by default. bypass function. Not available for DHCP tests. Scheduling an NQA test group You can schedule an NQA test group by setting the start time and test duration for a test group. A test group performs tests between the scheduled start time and the end time (the start time plus test duration).
Displaying and maintaining NQA To do… Use the command… Remarks display nqa history [ admin-name operation- Display history records of NQA tag ] [ | { begin | exclude | include } test groups regular-expression ] display nqa reaction counters [ admin-name Display the current monitoring operation-tag [ item-number ] ] [ | { begin | results of reaction entries...
Page 44
Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other. # Create an ICMP echo test group and specify 10.2.2.2 as the destination IP address for ICMP echo requests to be sent. <DeviceA> system-view [DeviceA] nqa entry admin test [DeviceA-nqa-admin-test] type icmp-echo [DeviceA-nqa-admin-test-icmp-echo] destination ip 10.2.2.2...
# Display the history of ICMP echo tests. [DeviceA] display nqa history admin test NQA entry (admin admin, tag test) history record(s): Index Response Status Time Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.2 Succeeded...
Last succeeded probe time: 2007-11-22 09:56:03.2 Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 # Display the history of DHCP tests.
# Stop the DNS tests after a period of time. [DeviceA] undo nqa schedule admin test # Display the results of the last DNS test. [DeviceA] display nqa result admin test NQA entry (admin admin, tag test) test results: Destination IP address: 10.2.2.2 Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 62/62/62...
# Specify the IP address of the FTP server 10.2.2.2 as the destination IP address for FTP tests. [DeviceA-nqa-admin-test-ftp] destination ip 10.2.2.2 # Specify 10.1.1.1 as the source IP address for probe packets. [DeviceA-nqa-admin-test-ftp] source ip 10.1.1.1 # Set the FTP username to admin, and password to systemtest. [DeviceA-nqa-admin-test-ftp] username admin [DeviceA-nqa-admin-test-ftp] password systemtest # Configure the device to upload file config.txt to the FTP server for each probe operation.
Page 49
Figure 11 Network diagram for the HTTP tests Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other. # Create an HTTP test group. <DeviceA> system-view [DeviceA] nqa entry admin test [DeviceA-nqa-admin-test] type http # Specify the IP address of the HTTP server 10.2.2.2 as the destination IP address for HTTP tests.
Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: Packet(s) arrived late: 0 # Display the history of HTTP tests. [DeviceA] display nqa history admin test NQA entry (admin admin, tag test) history record(s): Index Response...
Page 51
# Start UDP jitter tests. [DeviceA] nqa schedule admin test start-time now lifetime forever # Stop UDP jitter tests after a period of time. [DeviceA] undo nqa schedule admin test # Display the result of the last UDP jitter test. [DeviceA] display nqa result admin test NQA entry (admin admin, tag test) test results: Destination IP address: 10.2.2.2...
Page 52
Destination IP address: 10.2.2.2 Start time: 2008-05-29 13:56:14.0 Life time: 47 seconds Send operation times: 410 Receive response times: 410 Min/Max/Average round trip time: 1/93/19 Square-Sum of round trip time: 206176 Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0...
Configuring SNMP test example Network requirements As shown in Figure 13, configure NQA SNMP tests to test the time it takes for Device A to send an SNMP query packet to the SNMP agent and receive a response packet. Figure 13 Network diagram for SNMP tests Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other.
Last succeeded probe time: 2007-11-22 10:24:41.1 Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 # Display the history of SNMP tests.
[DeviceA-nqa-admin-test-tcp] destination ip 10.2.2.2 [DeviceA-nqa-admin-test-tcp] destination port 9000 # Enable the saving of history records. [DeviceA-nqa-admin-test-tcp] history-record enable [DeviceA-nqa-admin-test-tcp] quit # Start TCP tests. [DeviceA] nqa schedule admin test start-time now lifetime forever # Stop the TCP tests after a period of time. [DeviceA] undo nqa schedule admin test # Display the results of the last TCP test.
Page 56
Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other. Configure Device B # Enable the NQA server and configure a listening service to listen to IP address 10.2.2.2 and UDP port 8000. <DeviceB> system-view [DeviceB] nqa server enable [DeviceB] nqa server udp-echo 10.2.2.2 8000 Configure Device A...
# Display the history of UDP echo tests. [DeviceA] display nqa history admin test NQA entry (admin admin, tag test) history record(s): Index Response Status Time Succeeded 2007-11-22 10:36:17.9 Configuring voice test example Network requirements As shown in Figure 16, configure NQA voice tests to test the delay jitter of voice packet transmission and voice quality between Device A and Device B.
Page 58
NQA entry (admin admin, tag test) test results: Destination IP address: 10.2.2.2 Send operation times: 1000 Receive response times: 1000 Min/Max/Average round trip time: 31/1328/33 Square-Sum of round trip time: 2844813 Last succeeded probe time: 2008-06-13 09:49:31.1 Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0...
Page 59
Square-Sum of round trip time: 7160528 Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 Voice results:...
Configuring DLSw test example Network requirements As shown in Figure 17, configure NQA DLSw tests to check the response time of the DLSw device. Figure 17 Network diagram for the DLSw tests Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other. # Create a DLSw test group and configure DLSw probe packets to use 10.2.2.2 as the destination IP address.
Packet(s) arrived late: 0 # Display the history of DLSw tests. [DeviceA] display nqa history admin test NQA entry (admin admin, tag test) history record(s): Index Response Status Time Succeeded 2007-11-22 10:40:27.7 Configuring NQA collaboration example Network requirements As shown in Figure 18, configure a static route to Device C on Device A, with Device B as the next hop.
Page 62
[DeviceA-nqa-admin-test-icmp-echo] quit # Configure the test start time and test duration for the test group. [DeviceA] nqa schedule admin test start-time now lifetime forever On Device A, create the track entry. # Create track entry 1 to associate it with Reaction entry 1 of the NQA test group (admin-test). [DeviceA] track 1 nqa entry admin test reaction 1 Verify the configuration.
Page 63
Destination/Mask Proto Cost NextHop Interface 10.2.1.0/24 Direct 0 10.2.1.2 Vlan3 10.2.1.2/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 The output shows that the next hop 10.2.1.1 of the static route is not reachable, and the status of the track entry is negative.
Configuring NTP Defined in RFC 1305, the NTP synchronizes timekeeping among distributed time servers and clients. NTP runs over the UDP, using UDP port 123. The purpose of using NTP is to keep consistent timekeeping among all clock-dependent devices within a network so that the devices can provide diverse applications based on the consistent time.
How NTP works Figure 19 shows the basic workflow of NTP. Device A and Device B are connected over a network. They have their own independent system clocks, which must be automatically synchronized through NTP. For an easy understanding, assume the following conditions: •...
NTP message format NTP uses two types of messages, clock synchronization message and NTP control message. An NTP control message is used in environments where network management is needed. Because it is not a must for clock synchronization, it is not described in this document. NOTE: All NTP messages mentioned in this document refer to NTP clock synchronization messages.
• Root Delay—Roundtrip delay to the primary reference source. • Root Dispersion—Maximum error of the local clock relative to the primary reference source. • Reference Identifier—Identifier of the particular reference source. • Reference Timestamp—Local time at which the local clock was last set or corrected. Originate Timestamp—Local time at which the request departed from the client for the service host.
Page 68
Symmetric peers mode Figure 22 Symmetric peers mode Client Server Network Automatically works in client/server mode and Clock synchronization (Mode3) sends a reply message Performs clock filtering and selection, and synchronizes its local clock to that of the Reply ( Mode 4) optimal reference source In symmetric peers mode, devices that work in symmetric active mode and symmetric passive mode exchange NTP messages with the Mode field 3 (client mode) and 4 (server mode).
Multicast mode Figure 24 Multicast mode In multicast mode, a server periodically sends clock synchronization messages to the user-configured multicast address, or, if no multicast address is configured, to the default NTP multicast address 224.0.1.1, with the Mode field in the messages set to 5 (multicast mode). Clients listen to the multicast messages from servers.
NOTE: • A CE is a device that has an interface directly connecting to the SP. A CE is not “aware of” the presence of the VPN. A PE is a device directly connecting to CEs. In an MPLS network, all events related to VPN processing •...
To configure an NTP client: To do… Use the command… Remarks Enter system view. system-view — ntp-service unicast-server [ vpn- instance vpn-instance-name ] { ip- Required. address | server-name } Specify an NTP server for the [ authentication-keyid keyid | No NTP server is specified by device.
NOTE: • In symmetric mode, use any NTP configuration command in Configuring the operation modes of to enable NTP; otherwise, a symmetric-passive peer will not process NTP messages from a symmetric-active peer. ip-address In the ntp-service unicast-peer command, must be a unicast address, rather than a •...
NOTE: A broadcast server can only synchronize broadcast clients when its clock has been synchronized. Configuring NTP multicast mode The multicast server periodically sends NTP multicast messages to multicast clients, which send replies after receiving the messages and synchronize their local clocks. For devices working in multicast mode, configure both the server and clients.
To specify the source interface for NTP messages: To do… Use the command… Remarks Enter system view. system-view — Required. By default, no source interface is specified for NTP messages, and Specify the source interface ntp-service source-interface the system uses the IP address of for NTP messages.
Configuring access-control rights You can configure the NTP service access-control right to the local device. The following access control rights are available: query—Control query permitted. Permits the peer devices to perform control query to the NTP • service on the local device but does not permit a peer device to synchronize its clock to that of the local device.
Configuration prerequisites The configuration of NTP authentication involves configuration tasks to be implemented on the client and on the server. When configuring NTP authentication: For all synchronization modes, when you enable the NTP authentication feature, configure an • authentication key and specify it as a trusted key. The ntp-service authentication enable command must work together with the ntp-service authentication-keyid command and the ntp-service reliable authentication-keyid command.
NOTE: After you enable the NTP authentication feature for the client, make sure that you configure for the client an authentication key that is the same as on the server and specify that the authentication key is trusted. Otherwise, the client cannot be synchronized to the server. Configuring NTP authentication for a server To do…...
Configuring NTP examples Configuring NTP client/server mode example Network requirements Perform the following configurations to synchronize the time between Switch B and Switch A: As shown in Figure 25, the local clock of Switch A is to be used as a reference source, with the •...
Root dispersion: 1.05 ms Peer dispersion: 7.81 ms Reference time: 14:53:27.371 UTC Sep 19 2005 (C6D94F67.5EF9DB22) The output shows that Switch B has been synchronized to Switch A, and the clock stratum level of Switch B is 3, while that of Switch A is 2. # View the NTP session information of Switch B, which shows that an association has been set up between Switch B and Switch A.
Page 80
Clock status: synchronized Clock stratum: 3 Reference clock ID: 3.0.1.31 Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^18 Clock offset: -21.1982 ms Root delay: 15.00 ms Root dispersion: 775.15 ms Peer dispersion: 34.29 ms Reference time: 15:22:47.083 UTC Sep 19 2005 (C6D95647.153F7CED) The output shows that Switch B has been synchronized to Switch A, and the clock stratum level of Switch B is 3.
Configuring NTP broadcast mode example Network requirements As shown in Figure 27, Switch C functions as the NTP server for multiple devices on a network segment and synchronizes the time among multiple devices. Switch C’s local clock is to be used as a reference source, with the stratum level of 2. •...
# Take Switch A as an example. View the NTP status of Switch A after clock synchronization. [SwitchA-Vlan-interface2] display ntp-service status Clock status: synchronized Clock stratum: 3 Reference clock ID: 3.0.1.31 Nominal frequency: 64.0000 Hz Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms...
Page 83
Figure 28 Network diagram for NTP multicast mode configuration Configuration procedure Set the IP address for each interface as shown in Figure 28. The configuration procedure is omitted. Configuration on Switch C: # Configure Switch C to work in multicast server mode and send multicast messages through VLAN- interface 2.
Page 84
# View the NTP session information of Switch D, which shows that an association has been set up between Switch D and Switch C. [SwitchD-Vlan-interface2] display ntp-service sessions source reference stra reach poll offset delay disper ************************************************************************** [1234] 3.0.1.31 127.127.1.0 -16.0 31.0 16.6...
The output shows that Switch A has been synchronized to Switch C, and the clock stratum level of Switch A is 3, while that of Switch C is 2. # View the NTP session information of Switch A, which shows that an association has been set up between Switch A and Switch C.
Perform the following configuration on Switch A: # Enable NTP authentication. [SwitchA] ntp-service authentication enable # Set an authentication key. [SwitchA] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey # Specify the key as a trusted key. [SwitchA] ntp-service reliable authentication-keyid 42 # View the NTP status of Switch B after clock synchronization.
Page 87
Figure 30 Network diagram for configuration of NTP broadcast mode with authentication Configuration procedure Set the IP address for each interface as shown in Figure 30. The configuration procedure is omitted. Configuration on Switch C: # Configure NTP authentication. [SwitchC] ntp-service authentication enable [SwitchC] ntp-service authentication-keyid 88 authentication-mode md5 123456 [SwitchC] ntp-service reliable authentication-keyid 88 # Specify Switch C as an NTP broadcast server, and specify an authentication key.
Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.30 ms Reference time: 16:01:51.713 UTC Sep 19 2005 (C6D95F6F.B6872B02) The output shows that Switch D has been synchronized to Switch C, and the clock stratum level of Switch D is 4, while that of Switch C is 3.
Page 89
Figure 31 Network diagram for MPLS VPN time synchronization configuration Device Interface IP address Device Interface IP address CE 1 Vlan-int 10 10.1.1.1/24 PE 1 Vlan-int 10 10.1.1.2/24 CE 2 Vlan-int 20 10.2.1.1/24 Vlan-int 30 172.1.1.1/24 CE 3 Vlan-int 50 10.3.1.1/24 Vlan-int 20 10.2.1.2/24...
Configuring IPC IPC is a reliable communication mechanism among different nodes. The following are the basic concepts in IPC. Node An IPC node is an entity supporting IPC; it is an independent processing unit. In actual application, an IPC node corresponds to one CPU. The following guidelines apply: One centralized device only has one CPU, corresponding to one node.
Figure 32 Relationship between a node, link and channel Packet sending modes IPC supports three packet sending modes: unicast, multicast (broadcast is considered as a special multicast), and mixcast, each having a queue. The upper layer application modules can select one as needed.
Displaying and maintaining IPC To do… Use the command… Remarks display ipc node [ | { begin | Display IPC node information exclude | include } regular- expression ] display ipc channel { node node- Display channel information of a id | self-node } [ | { begin | node exclude | include } regular-...
PSE—A PSE supplies power for PDs. A PSE can be built-in (Endpoint) or external (Midspan). A built- in PSE is integrated in a switch, and an external PSE is independent from a switch. HP PSEs are built in. The system uses PSE IDs to identify different PSEs. To display the mapping between a PSE ID and the member ID of a switch, execute the display poe device command.
Protocol specification The protocol specification related to PoE is IEEE 802.3af. PoE configuration task list You can configure a PoE interface by using either of the following methods: At the CLI. • Through configuring the PoE profile and applying the PoE profile to the PoE interface. •...
PD supports power over spare wires), you have to change the order of the lines in the twisted pair cable to supply power to the PD. The HP 5820X&5800 Switch Series only supports the signal mode. •...
To do… Use the command… Remarks Required. Enable PoE for the PoE poe enable interface. Disabled by default. Optional. Configure a description for the By default, no description for the PD connected to the PoE poe pd-description text PD connected to the PoE interface interface.
Configuring the PoE power Configuring the maximum PoE interface power The maximum PoE interface power is the maximum power that the PoE interface can provide to the connected PD. If the power required by the PD is larger than the maximum PoE interface power, the PoE interface will not supply power to the PD.
If the guaranteed remaining PSE power (the maximum PSE power minus the power allocated to the critical PoE interface, regardless of whether PoE is enabled for the PoE interface) is lower than the maximum power of the PoE interface, you will fail to set the priority of the PoE interface to critical. Otherwise, you can succeed in setting the priority to critical, and this PoE interface will preempt the power of other PoE interfaces with a lower priority level.
Configuring PoE interface through PoE profile You can configure a PoE interface either at the CLI or by using a PoE profile and applying the PoE profile to the specified PoE interfaces. To configure a single PoE interface, configure it at the CLI; to configure PoE interfaces in batches, use a PoE profile.
To apply the PoE profile in system view: To do… Use the command… Remarks Enter system view. system-view — apply poe-profile { index index | Apply the PoE profile to one name profile-name } interface Required or multiple PoE interfaces. interface-range To apply the PoE profile in interface view: To do…...
Displaying and maintaining PoE To do… Use the command… Remarks display poe device [ | { begin | exclude Display PSE information | include } regular-expression ] display poe interface [ interface-type Display the power supply state of interface-number ] [ | { begin | exclude | the specified PoE interface include } regular-expression ] display poe interface power [ interface-...
Figure 34 Network diagram for PoE GE1/0/11 GE1/0/1 AP 1 AP 2 Configuration procedure # Enable PoE on GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3, and set their power supply priority to critical. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] poe enable [Sysname-GigabitEthernet1/0/1] poe priority critical [Sysname-GigabitEthernet1/0/1] quit [Sysname] interface gigabitethernet 1/0/2...
Page 105
Solution: In the first case, increase the maximum PSE power, or by reducing the maximum power of the PoE • interface when the guaranteed remaining power of the PSE cannot be modified. • In the second case, remove the priority already configured. Symptom 2: Applying a PoE profile to a PoE interface fails.
Configuring SNMP SNMP offers the communication rules between a management device and the managed devices on the network; it defines a series of messages, methods and syntaxes to implement the access and management from the management device to the managed devices. SNMP has the following characteristics: Automatic network management: SNMP enables network administrators to search and modify •...
• SNMPv3 offers an authentication mechanism that is implemented based on the User-based Security Model (USM). You can set the authentication and privacy functions. The former authenticates the validity of the sending end of the authentication packets, preventing access of unauthorized users; the latter encrypts packets between the NMS and agents, preventing the packets from being intercepted.
Page 108
To configure SNMPv3: To do… Use the command… Remarks Enter system view. system-view — Optional. Disabled by default. You can enable the SNMP agent Enable the SNMP agent. snmp-agent through this command or any command that begins with snmp- agent. Optional.
Page 109
To configure SNMPv1 and SNMPv2c: To do… Use the command… Remarks Enter system view. system-view — Optional. Disabled by default. You can enable the SNMP Enable the SNMP agent. snmp-agent agent with this command or any command that begins with snmp-agent.
Configuring network management-specific interface index Interface index (ifindex) and network management (NM)-specific ifindex are both interface identifications. ifindex is an internal parameter for software implementation of the device, and it uniquely identifies an interface for internal resource allocation and management. NM-specific ifindex is a parameter provided by the device to the NMS.
To switch the format of an NM-specific ifindex: To do… Use the command… Remarks Enter system view. system-view — Optional. Switch the format of an NM- snmp-agent ifmib long-ifindex specific ifindex from 16-bit to By default, an NM-specific ifindex enable 32-bit.
A large number of logs occupy storage space of the device, which impacts the performance of the device. HP recommends that you disable SNMP logging. The total output size for the node and value fields in each log entry is 1024 bytes. If this limit is •...
To do… Use the command… Remarks Enter interface view. interface interface-type interface-number — Enable the trap Optional. function of interface enable snmp trap updown Enabled by default. state changes. CAUTION: To enable an interface to send linkUp/linkDown traps when its state changes, enable the trap •...
To do… Use the command… Remarks Optional. Extend the standard snmp-agent trap if-mib link Standard linkUp/linkDown traps linkUp/linkDown traps extended defined in RFC are used by defined in RFC. default. Optional. Configure the size of the trap snmp-agent trap queue-size size send queue.
Configuring SNMPv1/SNMPv2c example Network requirements • As shown in Figure 38, the NMS connects to the agent through an Ethernet. • The IP address of the NMS is 1.1.1.2/24. The IP address of the agent is 1.1.1.1/24. • The NMS monitors and manages the agent using SNMPv1 or SNMPv2c. The agent reports errors or •...
• Execute the shutdown or undo shutdown command to an idle interface on the agent, and the NMS receives the corresponding trap. Configuring SNMPv3 example Network requirements • As shown in Figure 39, the NMS connects to the agent through an Ethernet. •...
Configuring the SNMP NMS SNMPv3 uses an authentication and privacy security model. On the NMS, the user needs to specify the username and security level, and based on that level, configure the authentication mode, authentication password, privacy mode, and privacy password. In addition, the timeout time and number of retries should also be configured.
Page 118
# Enable the information center to output the system information with the severity level equal to or higher than informational to the console port. <Sysname> system-view [Sysname] info-center source snmp channel console log level informational # Enable SNMP logging on the agent to log the GET and SET operations of the NMS. [Sysname] snmp-agent log get-operation [Sysname] snmp-agent log set-operation The following log information is displayed on the terminal when the NMS performs the Get...
MIB information, alarm, event, history, and statistics, in most cases. The HP device adopts the second way and realizes the RMON agent function. With the RMON agent function, the management device can obtain the traffic that flow among the managed devices on each connected network segments;...
Among the RMON groups defined by RMON specifications (RFC 2819), the device has realized the statistics group, history group, event group, and alarm group supported by the public MIB. Besides, HP also defines and implements the private alarm group, which enhances the functions of the alarm group.
Figure 41 Rising and falling alarm events Private alarm group The private alarm group calculates the values of alarm variables and compares the result with the defined threshold, realizing a more comprehensive alarming function. The system handles the prialarm alarm table entry—as defined by the user—in the following ways: Periodically samples the prialarm alarm variables defined in the prialarm formula.
Page 122
Configuring the RMON Ethernet statistics function. A statistics object of the history group is the variable defined in the history record table, and the • recorded content is a cumulative sum of the variable in each period. For more information, see Configuring the RMON history statistics function.
Configuring the RMON Ethernet statistics function To configure the RMON Ethernet statistics function: To do… Use the command… Remarks Enter system view. system-view — Enter Ethernet interface view. interface interface-type interface-number — Create an entry in the RMON rmon statistics entry-number [ owner text ] Required statistics table.
Configuring the RMON alarm function Configuration prerequisites Before you configure the RMON alarm function, complete the following tasks: To enable the managed devices to send traps to the NMS when the NMS triggers an alarm event, • configure the SNMP agent as described in SNMP configuration in the Network Management and Monitoring Configuration Guide.
Table 3 Restrictions on the configuration of RMON Maximum number of Entry Parameters to be compared entries that can be created Event description (description string), event type (log, trap, Event logtrap or none) and community name (trap-community or log-trapcommunity) Alarm variable (alarm-variable), sampling interval (sampling-interval), sampling type (absolute or delta), rising Alarm threshold (threshold-value1) and falling threshold (threshold-...
Configuring Ethernet statistics group example Network requirements As shown in Figure 42, Agent is connected to a configuration terminal through its console port and to Server through Ethernet cables. Gather performance statistics on received packets on GigabitEthernet 1/0/1 through RMON Ethernet statistics table, and the administrator can view the statistics on packets received on the interface at any time.
Configuring history group example Network requirements As shown in Figure 43, Agent is connected to a configuration terminal through its console port and to Server through Ethernet cables. Gather statistics on received packets on GigabitEthernet 1/0/1 every one minute through RMON history statistics table, and the administrator can view whether data burst happens on the interface in a short time.
Configuring alarm group example Network requirements As shown in Figure 44, Agent is connected to a console terminal through its console port and to an NMS across Ethernet. Do the following: • Connect GigabitEthernet 1/0/1 to the FTP server. Gather statistics on traffic of the server on GigabitEthernet 1/0/1 with the sampling interval being five seconds.
Page 130
# Display the RMON alarm entry configuration. <Sysname> display rmon alarm 1 AlarmEntry 1 owned by null is Valid. Samples type : delta Variable formula : 1.3.6.1.2.1.16.1.1.1.4.1<etherStatsOctets.1> Sampling interval : 5(sec) Rising threshold : 100(linked with event 1) Falling threshold : 50(linked with event 2) When startup enables : risingOrFallingAlarm...
CWMP to remotely configure, manage, and maintain the switches in batches in the data center network. The HP 5800 and 5820X switches support the CWMP protocol. When starting up for the first time to access the network, an HP 5800 and 5820X switch functions as a CPE and automatically downloads the configuration file from the ACS.
ACS—Auto-configuration server. An ACS delivers configurations to CPEs and provides management • services to CPEs. In this document, ACS refers to the server installed with the HP iMC BIMS. DNS server—Domain name system server. An ACS and a CPE use URLs to identify and access each •...
monitor parameters and get the parameter values through an ACS, so as to get the CPE status and statistics information. The status and performance that can be monitored by an ACS include: • Manufacture name (Manufacturer) • ManufacturerOUI • SerialNumber •...
Configuration parameter deployment When a CPE logs in to an ACS, the ACS can automatically apply some configurations to the CPE for it to perform auto configuration. Table 4 lists the auto-configuration parameters supported by the switch. Table 4 Auto-configuration parameters and their functions Auto-configuration parameters Function Updates the local configuration file on the CPE.
Active and standby ACS switchover The following example illustrates how an active and standby ACS switchover is performed. The scenario: There are two ACSs, active and standby in an area. The active ACS needs to restart for system upgrade. To ensure a continuous monitoring of the CPE, all CPEs in the area must connect to the standby ACS. Figure 46 Example of the message interaction during an active and standby ACS switchover The active and standby ACS switchover proceeds as follows: Establish a TCP connection.
CPE, the DHCP server sends the ACS parameters in DHCP Option 43 to the CPE. If the DHCP server is an HP switch that supports DHCP Option 43, you can configure the ACS parameters at the CLI with the command option 43 hex 01length URL username password, where length is a hexadecimal string that indicates the total length of the URL username password •...
Configuring CPEs You can set CWMP parameters at the CLI. NOTE: The HP 5800 and 5820X switches operate as CPEs in a CWMP-enabled network, so the following only describes the configuration on CPEs. Complete these tasks to configure CWMP: Task...
Enabling CWMP CWMP configurations can only take effect after you enable CWMP. To enable CWMP: To do… Use the command… Remarks Enter system view. system-view — Enter CWMP view. cwmp — Optional. Enable CWMP. cwmp enable By default, CWMP is enabled. Configuring the ACS server ACS server information includes ACS URL, username and password.
To do… Use the command… Remarks Optional. You can specify a username without a password that is used in the authentication. If so, the Configure the ACS password cwmp acs password password configuration on the ACS and that for connection to the ACS. on the CPE must be the same.
Configuring the CWMP connection interface A CWMP connection interface is an interface that connects a CPE to the ACS. The CPE sends an Inform message carrying the IP address of the CWMP connection interface, and asks the ACS to establish a connection through this IP address;...
Sending an Inform message at a specific time To do… Use the command… Remarks Enter system view. system-view — Enter CWMP view. cwmp — Required. Configure the CPE to send an By default, the time is null, that is, Inform message at the cwmp cpe inform time time the CPE is not configured to send specified time.
Network requirements A data center has two equipment rooms A and B. Both rooms require a great number of HP 5800 switches. There are ACS, DHCP, and DNS servers on the network. To improve deployment efficiency, use CWMP to deliver different configuration files to the switches in rooms A and B.
Equipment room 5800 switch Serial ID 5800-3 210235AOLNH12000015 5800-4 210235AOLNH12000017 5800-5 210235AOLNH12000020 5800-6 210235AOLNH12000022 The network administrator has created two configuration files sys.a.cfg and sys_b.cfg for the switches in the two rooms. The username and password for accessing the ACS server is vicky and 12345. The URL address is http://acs.database:9090/acs.
Page 144
Figure 49 Add CPE authentication user page Set the username, password, and description, and then click OK. # Add a device group and a device class. In this example, add 5800- 1 to the 5800_A class of the DB_1 group. Click the Resource tab, and select Group Management >...
Page 145
Figure 51 Add device class page After setting the class name, click OK. # Select Add Device from the navigation tree to enter the page for adding a device. Figure 52 Add device page Enter the device information and click OK.
Page 146
Figure 53 Adding device succeeded Repeat the previous steps to add information about 5800-2 and 5800-3 to the ACS server, and the adding operation of switches in equipment room A is completed. # Bind different configuration files to different CPE groups to realize auto-deployment. Select Deployment Guide from the navigation tree.
Page 147
Figure 55 Auto deploy configuration page # Click Select Class and enter the page for selecting device type.
Page 148
Figure 56 Select a device class # Select the 5800_A device class and click OK. After that, the auto deploy configuration page is displayed. Click OK to complete the task. Figure 57 Deploying task succeeded Configuration of the 5800 switches in room B is the same as that of the switches in room A except that you must perform the following configuration: Create device class 5800_B for switches in room B.
Page 149
NOTE: In this example, the DHCP server is an HP switch supporting the Option 43 function. If your DHCP server is not an HP switch supporting the Option 43 function, see the user manual that came with your server. •...
Page 150
Figure 58 Device interaction log page If the deployment is completed, the network administrator needs to deliver the reboot direction to the switch through the ACS server. After the switch reboots, it loads the configuration file delivered from the ACS server and completes the auto-configuration process.
Configuring cluster management With the growth of networks, a great number of access devices are needed at network borders. Management for these devices is very complicated; moreover, each device needs an IP address and wastes IP address resources. Problems can be solved by cluster, which is a group of network devices. Cluster management implements management of large numbers of distributed network devices.
As shown in Figure 59, the device configured with a public IP address and performing the management function is the management device, the other managed devices are member devices, and the device that does not belong to any cluster but can be added to a cluster is a candidate device. The management device and the member devices form the cluster.
Page 153
entry and holdtime in the NDP table are updated; otherwise, only the holdtime of the entry is updated. If no NDP information from the neighbor is received when the holdtime times out, the corresponding entry is removed from the NDP table. NDP runs on the data link layer, and supports different network layer protocols.
Page 154
Figure 61 Management/member device state change After a cluster is created, a candidate device is added to the cluster and becomes a member device, • the management device saves the state information of its member device and identifies it as Active. And the member device also saves its state information and identifies itself as Active.
For a cluster to work normally, you must set the packets from the management VLAN to pass the ports connecting the management device and the member/candidate devices—including the cascade ports— using the following guidelines: If the packets from the management VLAN cannot pass a port, the device connected with the port •...
Page 156
Task Remarks Enabling the cluster function Optional Deleting a member device from a cluster Optional Configuring access between the management device and its member Optional devices Adding a candidate device to a cluster Optional Configuring topology management Optional Configuring interaction for a cluster Optional Configuring advanced cluster functions...
NOTE: HP recommends that you disable NDP on the port which connects with the devices that do not need to join the cluster, preventing the management device from adding the device which needs not to join the cluster and collecting the topology information of this device.
NOTE: HP recommends that you disable NTDP on the port which connects with the devices that do not need to join the cluster, preventing the management device from adding the device which needs not to join the cluster and collecting the topology information of this device.
To do… Use the command… Remarks Configure the port delay to Optional. forward topology-collection ntdp timer port-delay delay-time 20 ms by default. request on other ports. NOTE: The two delay values should be configured on the topology collecting device. A topology-collection request sent by the topology collecting device carries the two delay values, and a device that receives the request forwards the request according to the delays.
You can press Ctrl+C anytime during the adding process to exit the cluster auto-establishment process. However, this only stops adding new devices into the cluster, and devices already added into the cluster are not removed. To manually establish a cluster: To do…...
To configure management VLAN auto-negotiation: To do… Use the command… Remarks Enter system view. system-view — Enter cluster view. cluster — Required. Enable management VLAN management-vlan synchronization auto-negotiation. enable Disabled by default. Configuring communication between the management device and the member devices within a cluster In a cluster, the management device and member devices communicate by sending handshake packets to maintain connection between them.
To configure the destination MAC address of the cluster management protocol packets: To do… Use the command… Remarks Enter system view. system-view — Enter cluster view. cluster — Required. The destination MAC address is 0180-C200-000A by default. Configure the destination The following are the configurable MAC addresses: MAC address for cluster...
To do… Use the command… Remarks Enter cluster view. cluster — Remove a member device delete-member member-number Required from the cluster. [ to-black-list ] Rebooting a member device To do… Use the command… Remarks Enter system view. system-view — Enter cluster view. cluster —...
Configuring access between the management device and its member devices After having successfully configured NDP, NTDP and cluster, configure, manage and monitor the member devices through the management device. You can manage member devices in a cluster through switching from the operation interface of the management device to that of a member device or configure the management device by switching from the operation interface of a member device to that of the management device.
Adding a candidate device to a cluster To do… Use the command… Remarks Enter system view. system-view — Enter cluster view. cluster — Add a candidate device to administrator-address mac- Required the cluster. address name name Configuring advanced cluster functions Configuring topology management The concepts of blacklist and whitelist are used for topology management.
To do… Use the command… Remarks topology accept { all [ save-to Confirm the current topology { ftp-server | local-flash } ] | mac- and save it as the standard Optional address mac-address | member-id topology. member-number } Save the standard topology to topology save-to { ftp-server | the FTP server or the local Optional...
To do… Use the command… Remarks Configure the NM interface of nm-interface vlan-interface Optional. the management device. interface-name CAUTION: To isolate management protocol packets of a cluster from packets outside the cluster, configure the device to prohibit packets from the management VLAN from passing the ports that connect the management device with the devices outside the cluster and configure the NM interface for the management device.
Configuring web user accounts in batches Configuring Web user accounts in batches enables you to configure on the management device the username and password used to log in to the devices —including the management device and member devices—within a cluster through Web and synchronize the configurations to the member devices in the whitelist.
To do… Use the command… Remarks display cluster candidates [ mac- Display the information of address mac-address | verbose ] candidate devices [ | { begin | exclude | include } regular-expression ] display cluster current-topology [ mac-address mac-address [ to- mac-address mac-address ] | Display the current topology member-id member-number [ to-...
Page 170
Configuration procedure Configure the member device Switch A # Enable NDP globally and for port GigabitEthernet 1/0/1. <SwitchA> system-view [SwitchA] ndp enable [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] ndp enable [SwitchA-GigabitEthernet1/0/1] quit # Enable NTDP globally and for port GigabitEthernet 1/0/1. [SwitchA] ntdp enable [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] ntdp enable...
Page 171
[SwitchB] ntdp timer hop-delay 150 # Configure the delay to forward topology-collection request packets on the first port as 15 ms. [SwitchB] ntdp timer port-delay 15 # Configure the interval to collect topology information as 3 minutes. [SwitchB] ntdp timer 3 # Configure the management VLAN of the cluster as VLAN 10.
Page 172
# Add port GigabitEthernet 1/0/1 to VLAN 2, and configure the IP address of VLAN-interface 2. [abc_0.SwitchB] vlan 2 [abc_0.SwitchB-vlan2] port gigabitethernet 1/0/1 [abc_0.SwitchB] quit [abc_0.SwitchB] interface vlan-interface 2 [abc_0.SwitchB-Vlan-interface2] ip address 163.172.55.1 24 [abc_0.SwitchB-Vlan-interface2] quit # Configure VLAN-interface 2 as the network management interface. [abc_0.SwitchB] cluster [abc_0.SwitchB-cluster] nm-interface vlan-interface 2...
Configuring a sampler A sampler provides the packet sampling function. A sampler selects a packet out of sequential packets, and sends it to the service module for processing. The following sampling modes are available: Fixed mode—The first packet is selected out of a number of sequential packets in each sampling. •...
Configuring sampler examples Network requirements As shown in Figure 63, configure IPv4 NetStream on Switch A to collect statistics on coming traffic on GigabitEthernet 1/0/1 and send the result to port 5000 on NSC 12.1 10.2.2/16. Configure fixed sampling in the inbound direction to select the first packet out of 256 packets. Figure 63 Network diagram for using sampler with NetStream Vlan-int1 12.110.2.1/16...
If a packet travels from Port 2 to Port 3, two duplicates of the packet will be received on Port 1. On the HP 5820X&5800 switch series, if incoming traffic is mirrored, the mirrored traffic is sent with •...
Page 176
Figure 64 Local port mirroring implementation As shown in Figure 64, packets of the mirroring port are mirrored to the monitor port for the data monitoring device to analyze. Layer 2 remote port mirroring Layer 2 remote port mirroring is implemented through the cooperation between a remote source mirroring group and a remote destination mirroring group as shown in Figure Figure 65 Layer 2 remote port mirroring implementation...
Page 177
NOTE: • You must make sure that the source device and the destination device can communicate at Layer 2 in the remote probe VLAN. For the mirrored packets to be forwarded to the monitor port, make sure that the same probe VLAN •...
Configuring mirroring ports for the local mirroring group You can configure a list of mirroring ports for a mirroring group at a time in system view, or only assign the current port to it as a mirroring port in interface view. To assign multiple ports to the mirroring group as mirroring ports in interface view, repeat the step.
• HP recommends you only use a monitor port for port mirroring to make sure that the data monitoring device only receives and analyzes the mirrored traffic rather than a mix of mirrored traffic and normally forwarded traffic.
Page 181
The HP 5820X switch series allows you to add a source port to up to two mirroring groups. •...
Configuration prerequisites Before configuring Layer 2 remote port mirroring, make sure that you have created static VLANs for the remote probe VLAN. CAUTION: The remote source mirroring group on the source device and the remote destination mirroring group on the destination device must use the same remote probe VLAN. Configuring a remote source mirroring group (on the source device) To configure a remote source mirroring group, make the following configurations on the source device.
Page 183
NOTE: • A mirroring group can contain multiple mirroring ports. • To make sure that the port mirroring function works properly, do not assign a mirroring port to the remote probe VLAN. Configuring mirroring CPUs for the remote source mirroring group To do…...
A VLAN can only be used by one mirroring group. • HP recommends you use the remote probe VLAN for port mirroring exclusively. • To remove the VLAN configured as a remote probe VLAN, you must remove the remote probe VLAN •...
Page 185
To make sure that the port mirroring function works properly, do not enable STP, MSTP, or RSTP on the monitor port. HP recommends you only use a monitor port for port mirroring. This is to make sure that the data •...
To do… Use the command… Remarks VLAN: For a hybrid port port hybrid vlan vlan-id { tagged | untagged } NOTE: For more information about the port access vlan command, the port trunk permit vlan command, and Layer 2—LAN Switching Command Reference the port hybrid vlan command, see Using the remote probe VLAN to enable local mirroring to support multiple destination ports...
Page 187
If you have already configured a reflector port for a remote source mirroring group, you can no longer configure an egress port for it. A VLAN can only serve as the remote probe VLAN for one remote source mirroring group. HP •...
Configuration prerequisites Before configuring Layer 3 remote port mirroring, create a GRE tunnel that connects the source and destination devices. Configuring local mirroring groups Configure a local mirroring group on the source device and on the destination device separately. To create a local mirroring group (on the source or destination device): To do…...
Configuring mirroring CPUs for a local mirroring group To do… Use the command… Remarks Enter system view. system-view — Required. mirroring-group group-id Configure mirroring CPUs. mirroring-cpu slot slot-number-list By default, no mirroring CPU is { both | inbound | outbound } configured for a mirroring group.
To make sure that the port mirroring function can work properly, do not enable STP, MSTP, or RSTP on the monitor port. HP recommends you only use a monitor port for port mirroring. This is to make sure that the data •...
Configuration procedure Create a local mirroring group. # Create local mirroring group 1. <DeviceA> system-view [DeviceA] mirroring-group 1 local # Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as mirroring ports and port GigabitEthernet 1/0/3 as the monitor port. [DeviceA] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 gigabitethernet 1/0/2 both [DeviceA] mirroring-group 1 monitor-port gigabitethernet 1/0/3 # Disable Spanning Tree Protocol (STP) in the monitor port GigabitEthernet1/0/3.
Page 193
Figure 68 Network diagram for Layer 2 remote port mirroring configuration Configuration procedure Configure Device A (the source device) # Create a remote source mirroring group. <DeviceA> system-view [DeviceA] mirroring-group 1 remote-source # Create VLAN 2 and disable the MAC address learning function for VLAN 2. [DeviceA] vlan 2 [DeviceA-vlan2] mac-address mac-learning disable [DeviceA-vlan2] quit...
[DeviceB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port that permits the packets of VLAN 2 to pass through. [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port link-type trunk [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan 2 [DeviceB-GigabitEthernet1/0/2] quit Configure Device C (the destination device) # Configure GigabitEthernet 1/0/1 as a trunk port that permits the packets of VLAN 2 to pass through.
Page 195
Figure 69 Network diagram for configuring local port mirroring with multiple monitor ports Configuration procedure # Create remote source mirroring group 1. <SwitchA> system-view [SwitchA] mirroring-group 1 remote-source # Configure GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 as mirroring ports of remote source mirroring group 1.
Configuring Layer 3 remote port mirroring example Network requirements On the network shown in Figure Device A connects to the marketing department through GigabitEthernet 1/0/1, and to • GigabitEthernet 1/0/1 of Device B through GigabitEthernet 1/0/2; Device C connects to the server through GigabitEthernet 1/0/2, and to GigabitEthernet 1/0/2 of Device B through GigabitEthernet 1/0/1.
Page 197
[DeviceA-GigabitEthernet1/0/3] port service-loopback group 1 # In tunnel interface view, configure the tunnel to reference service loopback group 1. [DeviceA-GigabitEthernet1/0/3] quit [DeviceA] interface tunnel 0 [DeviceA-Tunnel0] service-loopback-group 1 [DeviceA-Tunnel0] quit # Enable the OSPF protocol. [DeviceA] ospf 1 [DeviceA-ospf-1] area 0 [DeviceA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [DeviceA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [DeviceA-ospf-1-area-0.0.0.0] network 50.1.1.0 0.0.0.255...
Page 198
[DeviceC-GigabitEthernet1/0/3] port service-loopback group 1 # In tunnel interface view, configure the tunnel to reference service loopback group 1. [DeviceC-GigabitEthernet1/0/3] quit [DeviceC] interface tunnel 0 [DeviceC-Tunnel0] service-loopback-group 1 [DeviceC-Tunnel0] quit # Enable the OSPF protocol. [DeviceC] ospf 1 [DeviceC-ospf-1] area 0 [DeviceC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [DeviceC-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [DeviceC-ospf-1-area-0.0.0.0] network 50.1.1.0 0.0.0.255...
Configuring traffic mirroring Traffic mirroring is the action of copying the specified packets to the specified destination for packet analyzing and monitoring. You can configure mirroring traffic to an interface or to the CPU. Mirroring traffic to an interface: copies the matching packets on an interface to a destination •...
Specify the destination mirror-to interface interface-type ports in a traffic behavior. On interface for traffic interface-number an HP 5800 switch, you can mirroring. configure up to four traffic mirroring destination ports in a traffic behavior. On an HP 5820X switch, you can...
To do… Use the command… Remarks Required. Create a policy and enter qos policy policy-name policy view. By default, no policy exists. Required. Associate the class with the classifier tcl-name behavior behavior- traffic behavior in the QoS By default, no traffic behavior name policy.
Apply a QoS policy globally You can apply a QoS policy globally to the inbound or outbound direction of all ports. To apply a QoS policy globally: To do… Use the command… Remarks Enter system view. system-view — qos apply policy policy-name Apply a QoS policy globally.
Page 203
# Enter system view. <Sysname> system-view # Configure basic IPv4 ACL 2000 to match packets with the source IP address 192.168.0.1. [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 192.168.0.1 0 [Sysname-acl-basic-2000] quit # Create class 1 and configure the class to use ACL 2000 for traffic classification. [Sysname] traffic classifier 1 [Sysname-classifier-1] if-match acl 2000 [Sysname-classifier-1] quit...
Configuring NetStream The HP 5820X switch series do not support NetStream. Legacy traffic statistics collection methods, like SNMP and port mirroring, cannot provide precise network management because of inflexible statistical methods or high cost (dedicated servers are required). This calls for a new technology to collect traffic statistics.
• The NSC is usually a program running in Unix or Windows. It parses the packets sent from the NDE, stores the statistics to the database for the NDA. The NSC gathers the data from multiple NDEs, then filters and aggregates the total received data. •...
NetStream data export NetStream traditional data export NetStream collects statistics of each flow and, when the entry timer expires, exports the data of each entry to the NetStream server. Though the data includes statistics of each flow, this method consumes more bandwidth and CPU, and requires large cache size.
Version 9: The most flexible format. It allows users to define templates with different statistics fields. • The template-based feature provides support of different statistics information, such as BGP next hop and MPLS information. Introduction to NetStream sampling and filtering NetStream sampling NetStream sampling basically reflects the network traffic information by collecting statistics on fewer packets.
Page 209
Figure 73 NetStream configuration flow Complete these tasks to configure NetStream: Task Remarks Enabling NetStream Required Configuring NetStream filtering Optional Configuring NetStream sampling Optional Configuring NetStream traditional data export Required Configuring NetStream data export Use at least one approach. Configuring NetStream aggregation data export Configuring attributes of NetStream export data Optional...
Enabling NetStream Enabling NetStream on an interface To do… Use the command… Remarks Enter system view. system-view — Enter Layer 2 Ethernet interface view or Layer 3 interface interface-type interface-number — Ethernet interface view. Required. Enable NetStream on the ip netstream { inbound | outbound } interface.
Page 211
deny to forward packets without performing NetStream processing. • permit to perform NetStream processing. • To configure QoS-based NetStream filtering: To do… Use the command… Remarks Enter system view. system-view — traffic classifier tcl-name [ operator { and | Define a class and enter its view. —...
Configuring NetStream sampling To do… Use the command… Remarks Enter system view. system-view — Enter Layer 2 Ethernet interface view or Layer interface interface-type interface-number — 3 Ethernet interface view. Required. Disable by default. Configure NetStream ip netstream sampler sampler-name You can also execute the sampling.
NetStream interface interface-type interface- source interface. traditional data export. number • HP recommends you connect the network management interface to the NetStream server and configure it as the source interface. Optional. Limit the data export rate. ip netstream export rate rate No limit by default.
If no source interface is configured data export. interface-number in aggregation view, the source interface configured in system view, if any, is used. • HP recommends you connect the network management interface to the NetStream server. Required. Enable the current NetStream enable aggregation configuration.
Page 215
To configure the NetStream export format: To do… Use the command… Remarks Enter system view. system-view — .ip netstream export version 5 Optional. [ origin-as | peer-as ] Configure the version for By default, NetStream traditional data NetStream export export uses version 5; MPLS flow data format, and specify is not exported;...
Figure 74 Recorded AS information varies with different keyword configuration Enable NetStream AS 20 AS 21 AS 22 Include peer-as in the command. AS 23 AS 21 is recorded as the source AS, and AS 23 as the destination AS. Include origin-as in the command.
Configuring NetStream flow aging Flow aging approaches The following types of NetStream flow aging are available: Periodical aging • Forced aging • TCP FIN- and RST-triggered aging (it is automatically triggered when a TCP connection is terminated) • Periodical aging Periodical aging uses the following approaches: inactive flow aging and active flow aging.
To do… Use the command… Remarks Optional. Configure forced aging of the NetStream reset ip netstream statistics This command also entries. clears the cache. Displaying and maintaining NetStream To do… Use the command… Remarks display ip netstream cache [ verbose ] [ slot Display the NetStream entry slot-number ] [ | { begin | exclude | Available in any view...
[SwitchA] interface vlan-interface 2000 [SwitchA-Vlan-interface2000] ip address 12.110.2.1 255.255.0.0 [SwitchA-Vlan-interface2000] quit [SwitchA] ip netstream export source interface vlan 2000 # Configure the destination host for the NetStream data export with the IP address being 12.1 10.2.2 and port number being 5000. [SwitchA] ip netstream export host 12.110.2.2 5000 Configuring NetStream aggregation data export example Network requirements...
Page 220
# Configure the aggregation mode as protocol-port, and in aggregation view configure the destination host for the NetStream protocol-port aggregation data export. [SwitchA] ip netstream aggregation protocol-port [SwitchA-ns-aggregation-protport] enable [SwitchA-ns-aggregation-protport] ip netstream export host 4.1.1.1 3000 [SwitchA-ns-aggregation-protport] quit # Configure the aggregation mode as source-prefix, and in aggregation view configure the destination host for the NetStream source-prefix aggregation data export.
Configuring IPv6 NetStream The HP 5820X switch series do not support IPv6 NetStream. Legacy traffic statistics collection methods, like SNMP and port mirroring, cannot provide precise network management because of inflexible statistical methods or high cost (dedicated servers are required). This calls for a new technology to collect traffic statistics.
• The NDA is a network traffic analysis tool. It collects statistics from the NSC, and performs further process, generates various types of reports for applications of traffic billing, network planning, and attack detection and monitoring. Typically, the NDA features a Web-based system for users to easily obtain, view, and gather the data.
NetStream server. This process is the IPv6 NetStream aggregation data export, which decreases the bandwidth usage compared to traditional data export. Table 7 lists the aggregation modes supported on the HP 5800. Table 7 IPv6 NetStream aggregation modes Aggregation mode Aggregation criteria •...
Disabled by default. NOTE: NetStream can only be enabled on Layer 2 Ethernet interface or Layer 3 Ethernet interface of the HP • 5800. For more information about the ip netstream { inbound | outbound } command, see “NetStream •...
NetStream traditional source interface. number data export. • HP recommends you connect the network management interface to the NetStream server and configure it as the source interface. Optional. Limit the data export rate. ipv6 netstream export rate rate No limit by default.
Page 226
If no source interface is configured aggregation data export. interface-number in aggregation view, the source interface configured in system view, if any, is used. • HP recommends you connect the network management interface to the NetStream server. Enable the current IPv6 Required. NetStream aggregation enable Disabled by default.
Configuring attributes of IPv6 NetStream data export Configuring IPv6 NetStream export format The IPv6 NetStream export format configures to export IPv6 NetStream data in version 9 formats, and the data fields can be expanded to contain more information, such as the following information: Statistics about source AS, destination AS, and peer ASs in version 9 format.
NOTE: The refresh frequency and interval can be both configured, and the template is resent when either of the condition is reached. Displaying and maintaining IPv6 NetStream To do… Use the command… Remarks display ipv6 netstream cache [ verbose ] [ slot Display the IPv6 NetStream slot-number ] [ | { begin | exclude | include } Available in any view...
[SwitchA-vlan2000] quit [SwitchA] interface vlan-interface 2000 [SwitchA-Vlan-interface2000] ip address 12.110.2.1 255.255.0.0 [SwitchA-Vlan-interface2000] quit # Configure the destination IP address and port number for IPv6 NetStream data export as 12.1 10.2.2 and 5000. [SwitchA] ipv6 netstream export host 12.110.2.2 5000 Configuring IPv6 NetStream aggregation data export example Network requirements As shown in Figure...
Page 230
[SwitchA-ns6-aggregation-protport] ipv6 netstream export host 4.1.1.1 3000 [SwitchA-ns6-aggregation-protport] enable [SwitchA-ns6-aggregation-protport] quit # Configure the aggregation mode as source-prefix, and in aggregation view configure the destination host for the IPv6 NetStream source-prefix aggregation data export. [SwitchA] ipv6 netstream aggregation source-prefix [SwitchA-ns6-aggregation-srcpre] ipv6 netstream export host 4.1.1.1 4000 [SwitchA-ns6-aggregation-srcpre] enable [SwitchA-ns6-aggregation-srcpre] quit # Configure the aggregation mode as destination-prefix, and in aggregation view configure the...
Configuring sFlow The Layer 3 Ethernet interface operates in route mode, For more information about the operating mode of the Ethernet interface, see Layer 2—LAN Switching Configuration Guide. sFlow is a traffic monitoring technology mainly used to collect and analyze traffic statistics. As shown in Figure 80, the sFlow system involves an sFlow agent embedded in a device and a remote sFlow collector.
{ ip ip-address | ipv6 for the sFlow agent. save the selected IP address. ipv6-address } • HP recommends configuring an IP address manually for the sFlow agent. • Only one IP address can be specified for the sFlow agent on the switch.
By default, up to 128 bytes of a Set the maximum copied sflow flow max-header length sampled packet can be copied. length of a sampled packet. HP recommends using the default value. Required. Specify the sFlow collector for sflow flow collector collector-id No collector is specified for flow flow sampling.
Configuring sFlow example Network requirements As shown in Figure 81, Host A is connected with Server through Switch (sFlow agent). Enable sFlow (including flow sampling and counter sampling) on GigabitEthernet 1/0/1 to monitor traffic on the port. The Switch sends sFlow packets through GigabitEthernet 1/0/3 to the sFlow collector, which analyzes the sFlow packets and displays results.
Configuring information center Acting as the system information hub, information center classifies and manages system information, offering a powerful support for network administrators and developers in monitoring network performance and diagnosing network problems. The following describes the working process of information center: •...
NOTE: By default, the information center is enabled. An enabled information center affects the system performance in some degree due to information classification and output. Such impact becomes more obvious in the event that there is enormous information waiting for processing. System information types The system information of the information center falls into the following types: •...
Table 9 Information channels and output destinations Information Default Default output destination Description channel channel name number Receives log, trap and debugging console Console information. Receives log, trap and debugging monitor Monitor terminal information, facilitating remote maintenance. Receives log, trap and debugging loghost Log host information and information will be...
%Jun 26 17:08:35:809 2008 Sysname SHELL/4/LOGIN: VTY login from 1.1.1.1 If the output destination is the log host, the system information is in the following formats: HP and UNICOM.
Page 240
UNICOM format • <PRI>timestamp sysname vvmodule/level/serial_number: content NOTE: The closing set of angel brackets < >, the space, the forward slash /, and the colon are all required • in the UNICOM format. The format in the previous part is the original format of system information, so you may see the •...
Page 241
IP address of the device that generates the system information. In other cases (when the system information is sent to a log host in the format of HP, or sent to •...
This field indicates the source of the information, such as the slot number of a board, IRF member ID, IRF member ID and slot number, or the source IP address of the log sender. This field is optional and is only displayed when the system information is sent to a log host in the format of HP. content This field provides the content of the system information.
Outputting system information to the console Outputting system information to the console To do… Use the command… Remarks Enter system view. system-view — Optional. Enable information center. info-center enable Enabled by default. Optional. Name the channel with a info-center channel channel- Table 9 for default channel specified channel number.
Outputting system information to a monitor terminal System information can also be output to a monitor terminal, which is a user terminal that has login connections through the VTY user interface. Outputting system information to a monitor terminal To do… Use the command…...
Set the format of the system Optional. information sent to a log host info-center format unicom HP by default. to UNICOM. Required By default, the system does not output information to a log host. If info-center loghost { ipv6 host-...
Outputting system information to the trap buffer NOTE: The trap buffer only receives the trap information, and discards the log and debugging information even if you have configured to output them to the trap buffer. To do… Use the command… Remarks Enter system view.
To do… Use the command… Remarks Optional. Configure the channel through info-center logbuffer [ channel By default, system information is which system information can { channel-number | channel- output to the log buffer through be output to the log buffer name } | size buffersize ] * channel 4 (logbuffer) and the and specify the buffer size.
To do… Use the command… Remarks Optional. info-center timestamp { debugging Configure the format of the The time stamp format for log, | log | trap } { boot | date | time stamp. trap and debugging information none } is date by default.
Saving system information to a log file With the log file feature enabled, the log information generated by system can be saved to a specified directory with a predefined frequency. This allows you to check the operation history at any time to make sure that the device functions properly.
Saving security logs into the security log file Introduction You can understand the device status, locate and troubleshoot network problems by viewing system information, especially the security logs. Generally, all kinds of system information including security logs is output into one folder, and it is difficult to recognize and check the security logs among all kinds of system information.
Page 251
Table 12 Save security logs into the security log file To do… Use the command… Remarks Enter system view. system-view — Optional. Enable the information center. info-center enable Enabled by default. Enable the saving of the Required. security logs into the security info-center security-logfile enable Disabled by default.
Page 252
To do… Use the command… Remarks Optional. By default, the system automatically saves the security log file at a frequency configured by the info-center Save all contents in the security log file security-logfile save security-logfile frequency buffer into the security log file. command into a directory configured by the info-center security-logfile switch-...
To do… Use the command… Remarks Upload a file on the client to the remote FTP put localfile [ remotefile ] server. Download a file from a remote FTP server and get remotefile [ localfile ] save it. All other operations See Fundamentals supported by the device Configuration Guide.
With this feature applied to a port, when the state of the port changes, the system does not generate port link up/down logging information, and you cannot monitor the port state changes conveniently. HP recommends that you use the default configuration in normal cases. Displaying and maintaining information center To do…...
To do… Use the command… Remarks Reset the trap buffer reset trapbuffer Available in user view Configuring information center examples Outputting log information to a Unix log host Network requirements Send log information to a Unix log host with an IP address of 1.2.0.1/16; •...
Configure the log host The following configurations were performed on Solaris which has similar configurations to the Unix operating systems implemented by other vendors. Step 1: Log in to the log host as a root user. Step 2: Create a subdirectory named Device under directory /var/log/, and create file info.log under the Device directory to save logs of Device.
Page 257
Configuration procedure Before the configuration, make sure that Device and PC are reachable. Configure the device # Enable information center. <Sysname> system-view [Sysname] info-center enable # Specify the host with IP address 1.2.0.1/16 as the log host, use channel loghost to output log information (optional, loghost by default), and use local5 as the logging facility.
Step 4: After log file info.log is created and file /etc/syslog.conf is modified, you must issue the following commands to display the process ID of syslogd, kill the syslogd process, and restart syslogd using the -r option to make the modified configuration take effect. # ps -ae | grep syslogd # kill -9 147 # syslogd -r &...
[Sysname] quit # Enable the display of log information on a terminal. (Optional, this function is enabled by default.) <Sysname> terminal monitor Info: Current terminal monitor is on. <Sysname> terminal logging Info: Current terminal logging is on. After the configuration takes effect, if the specified module generates log information, the information center automatically sends the log information to the console, which then displays the information.
Page 260
Set the authentication mode to scheme for the user logging in to the device, and make sure that • only the local user who has passed the AAA local authentication can view and perform operations on the security log file. Logging in to the device as the security log administrator Set the directory for saving the security log file to Flash:/securitylog/seclog.log.
Page 261
Username:seclog Password: <Sysname> # Display the summary of the security log file. <Sysname> display security-logfile summary Security-log is enabled. Security-log file size quota: 1MB Security-log file directory: flash:/seclog Alarm-threshold: 80% Current usage: 0% Writing frequency: 1 hour 0 min 0 sec The command output indicates that the directory for saving the security log file is flash:/seclog.
Page 262
User(192.168.0.201:(none)):123 331 Give me your password, please Password: 230 Logged in successfully [ftp] put securitylog/seclog.log 227 Entering Passive Mode (192,168,1,2,8,58) 150 "D:\DEBUG\TEMP\seclog.log" file ready to receive in ASCII mode 226 Transfer finished successfully. FTP: 2063 byte(s) sent in 0.210 second(s), 9.00Kbyte(s)/sec. [ftp] quit...
After registering, you will receive email notification of product enhancements, new driver versions, firmware updates, and other product resources. Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 265
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 269
monitor port for remote destination mirroring group, interaction for cluster, 155 IPC, 82 monitor port for the local mirroring group, 169 IPv6 NetStream, 210, 217 monitor port in interface view, 169, 179 IPv6 NetStream aggregation data export, 214, 218 monitor port in system view, 169, 179 IPv6 NetStream data export, 213 MPLS VPN time synchronization in client/server IPv6 NetStream data export attributes, 216...
Page 271
configuring CPE close-wait timer, 130 auto-connection between ACS and CPE (CWMP), configuring CPE username and password, 128 configuring (CWMP), 126 configuring DHCP server, 125 configuring attributes (CWMP), 128 configuring DNS server, 126 configuring close-wait timer (CWMP), 130 configuring maximum number of retry connection attempts, 130 configuring username and password (CWMP), 128 monitoring status and performance (CWMP), 121...
Page 272
DHCP automatic configuration file deployment (CWMP), configuring server (CWMP), 125 configuration parameter deployment (CWMP), 123 configuring test (NQA), 15, 16 destination test configuration (NQA), 35 configuring remote destination mirroring group (on digest (system information), 230 the destination device), 173 disabling creating remote destination mirroring group, 173 interface receiving NTP messages, 64 system information format, 228...
Page 273
local port mirroring configuration, 167, 169 documentation conventions used, 253 port mirroring configuration, 164 website, 252 sFlow configuration, 220, 221, 223 echo test. See UDP echo test sFlow operation, 220 configuring ICMP (NQA), 14 statistics group (RMON), 1 10 ICMP configuration, 33 event UDP configuration (NQA), 45 event group (RMON), 1 10...
Page 274
configuring advanced cluster functions, 154 IPv6 NetStream concept, 210 NetStream aging, 194, 206 globally applying QoS policy (traffic mirroring), 191 NetStream concept, 193 group forced aging (NetStream flow), 206 alarm group (RMON), 1 10 format configuring alarm group (RMON), 1 18 configuring IPv6 NetStream data export format, configuring egress port for remote source mirroring group, 172...
Page 275
configuring network management-specific interface creating remote source mirroring group, 171 index (SNMP), 100 creating test group (NQA), 14 switching format of NM-specific ifindex, 100 Ethernet statistics group (RMON), 1 10 information event group (RMON), 1 10 manually collecting topology information (cluster history group (RMON), 1 10 management), 148, 152 private alarm group (RMON), 1 1 1...
Page 276
creating NQA test group, 14 system information source field, 231 system information sysname field, 230 enabling NQA client, 14 system information timestamp field, 229 NQA collaboration configuration, 51 system information types, 226 NQA configuration, 9, 33 system information vv field, 230 NQA DHCP test configuration, 35 instance NQA DLSw test configuration, 50...
Page 277
remote port mirroring, 165 aggregation data export configuration, 214, 218 configuration, 210, 217 remote port mirroring configuration, 181 data export, 21 1 sFlow configuration, 220, 221, 223 data export attribute configuration, 216 sFlow operation, 220 data export configuration, 213 Layer 3 data export format configuration, 216 configuring local mirroring groups, 178 displaying, 217...
Page 278
configuring access between management device disablng a port from generating linkup/linkdown information, 242 and member devices (cluster management), 153 enabling SNMP logging, 101 configuring communication between management device member devices (cluster information center configuration, 225, 231, 244 management), 150 outputting information (console), 247 configuring member device (cluster management), outputting information (Linux log host), 245 outputting information (UNIX log host), 244...
Page 279
enabling management VLAN auto-negotiation NTP operation, 57 (cluster management), 149 port mirroring configuration, 164 NetStream random (sampler), 162 ACL-based filtering configuration, 199 module aggregation data export, 195 outputting system information to SNMP module, aggregation data export configuration, 202, 208 system information field, 230 configuration, 193, 207 system information output by source, 227 data export, 195...
Page 280
NetStream aggregation data export configuration, CWMP network framework, 120 NQA client and server relationship, 12 NetStream configuration, 193, 207 NTP applications, 54 NetStream traditional data export configuration, network management applying traffic mirroring QoS policy, 190 NQA collaboration configuration, 51 configuring collaboration function (NQA), 27 NQA configuration, 9, 33 configuring DHCP test (NQA), 15 NQA DHCP test configuration, 35...
Page 281
FTP test configuration, 37 IPC channel, 82 IPC link, 82 HTTP test configuration, 38 ICMP echo test configuration, 33 basic concepts, 1 1 probe operation, 12 benefits, 9 scheduling test group, 32 client, 12 server, 12 collaboration configuration, 51 server configuration, 13 collaboration function, 9 SNMP test configuration, 43 configuration, 9, 33...
Page 282
IPC link, 82 configuring MPLS VPN time synchronization in client/server mode, 78 IPC sending modes, 83 configuring MPLS VPN time synchronization in local port mirroring configuration, 167, 169 symmetric peers mode, 80 NetStream filtering, 197 configuring multicast mode, 63, 72 NetStream sampling, 197 configuring optional parameters, 63 port mirroring configuration, 164...
Page 283
configuration, 164, 180 advantages, 85 configuring egress port for remote source mirroring group, 172 applying profile, 91 configuring Layer 3 local mirroring groups, 178 composition, 85 configuring Layer 3 remote, 177 configuring, 85, 93 configuring local mirroring group monitor port, 169 configuring maximum PoE interface power, 89 configuring mirroring CPUs for Layer 3 local configuring PD disconnection detection mode, 88...
Page 284
cluster member management, 151 implementing, 164 Layer 2 remote configuration, 181 configuring access between management device and member devices (cluster management), 153 Layer 2 remote port mirroring, 165 configuring access-control rights (NTP), 65 Layer 3 remote configuration, 185 configuring ACS server (CWMP), 127 Layer 3 remote port mirroring, 166 configuring ACS URL (CWMP), 127 link-mode, 164...
Page 285
configuring mirroring port in interface view, 168 configuring HTTP test (NQA), 18, 38 configuring ICMP echo test (NQA), 33 configuring mirroring port in system view, 168 configuring mirroring ports for Layer 3 local configuring information center, 231, 244 mirroring group, 178 configuring interaction for a cluster, 155 configuring mirroring ports for remote source configuring IPC, 82...
Page 286
configuring remote probe VLAN for remote source configuring NetStream version 9 template refresh rate, 205 mirroring group, 173 configuring network management-specific interface configuring remote source mirroring group (on the source device), 171 index (SNMP), 100 configuring NQA collaboration, 51 configuring RMON alarm function, 1 13 configuring NTDP parameters...
Page 288
NetStream filtering configuration, 199 outputting system information to SNMP module, traffic mirroring configuration, 188, 191 outputting system information to trap buffer, 235 query (NTP access-control right), 65 outputting system information to web interface, 237 random (sampler mode), 162 rebooting member device (cluster management), rebooting member device (cluster management), 152 removing member device (cluster management),...
Page 289
sFlow configuration, 222 configuring Ethernet statistics function, 1 12 configuring Ethernet statistics group, 1 15 sFlow counter configuration, 222 configuring history group, 1 16 saving configuring history statistics function, 1 12 security logs into security log file, 239, 248 configuring statistics function, 1 1 1 system information to log file, 238 displaying, 1 14 saving (NQA history function), 30...
Page 291
enabling display on a monitor terminal, 233 collaboration function (NQA), 9 multiple test types (NQA), 9 format, 228 threshold monitoring (NQA), 10 information center configuration, 225, 231, 244 switching module field, 230 format of NM-specific ifindex (SNMP), 100 output destination, 226 NTP configuration, 54 outputting by source module, 227 port mirroring configuration, 180...
Page 292
NQA ICMP echo test configuration, 33 template IPv6 NetStream version 9, 216 NQA server configuration, 13 NetStream version 9, 205 NQA SNMP test configuration, 43 test and probe (NQA), 1 1 NQA TCP test configuration, 44 test group (NQA), 1 1 NQA UDP echo test configuration, 45 testing NQA UDP jitter test configuration, 40...
Page 293
types NetStream, 195 traffic system information, 226 IPv6 NetStream configuration, 210, 217 IPv6 NetStream flow concept, 210 configuring echo test (NQA), 23 mirroring. See traffic mirroring configuring jitter test (NQA), 19, 20 NetStream configuration, 193, 207 data export formats (NetStream), 196 NetStream filtering, 197 echo test configuration (NQA), 45 NetStream flow concept, 193 IPv6 NetStream version 9 data export format, 212...
Page 294
configuring remote probe VLAN for remote configuration (NQA), 47 destination mirroring group, 174 configuring (NQA), 24, 25 configuring remote probe VLAN for remote source vv (system information), 230 mirroring group, 173 enabling local port mirroring with remote probe configuring web user accounts in batches (cluster VLAN, 175 management), 157 enabling...