Page 1: Configuration Guide
Configuration Guide Abstract This document describes the software features for the HP 5820X & 5800 Series products and guides you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Page 3: Table Of Contents
Contents System maintenance and debugging ························································································································· 1 Configuring ping·······························································································································································1 Configuring ping example ······································································································································1 Tracert ················································································································································································3 Configuring tracert ···················································································································································4 System debugging ····························································································································································5 Configuring system debugging·······························································································································6 Configuring ping and tracert example ···························································································································7 Configuring NQA ························································································································································ 9 NQA benefits····························································································································································9 Basic NQA concepts ············································································································································ 11 NQA probe operation procedure ·······················································································································...
Page 4 Configuring HTTP test example···························································································································· 38 Configuring UDP jitter test example ···················································································································· 40 Configuring SNMP test example ························································································································· 43 Configuring TCP test example······························································································································ 44 Configuring UDP echo test example ··················································································································· 45 Configuring voice test example ··························································································································· 47 Configuring DLSw test example··························································································································· 50 Configuring NQA collaboration example··········································································································...
Page 5 Configuring PoE ·························································································································································85 Protocol specification ············································································································································ 86 PoE configuration task list ············································································································································· 86 Enabling PoE ·································································································································································· 87 Enabling PoE for a PoE interface························································································································· 87 Detecting PDs·································································································································································· 88 Enabling the PSE to detect nonstandard PDs ····································································································· 88 Configuring a PD disconnection detection mode ······························································································ 88 Configuring the PoE power···········································································································································...
Page 6 Configuring the RMON alarm function ·····················································································································114 Configuration prerequisites ································································································································114 Configuration procedure ····································································································································114 Displaying and maintaining RMON ··························································································································115 Configuring Ethernet statistics group example··········································································································116 Configuring history group example ···························································································································117 Configuring alarm group example ····························································································································119 Configuring CWMP ················································································································································ 121 CWMP network framework ·······························································································································121 CWMP basic functions ················································································································································122 Automatic configuration file deployment ··········································································································122 CPE system file management ·····························································································································122...
Page 7 Enabling NTDP globally and for specific ports································································································148 Configuring NTDP parameters···························································································································148 Manually collecting topology information ········································································································149 Enabling the cluster function ······························································································································149 Establishing a cluster···········································································································································149 Enabling management VLAN auto-negotiation································································································150 Configuring communication between the management device and the member devices within a cluster151 Configuring cluster management protocol packets ·························································································151 Cluster member management ····························································································································152 Configuring the member devices ·······························································································································153...
Page 8 Layer 3 remote port mirroring configuration task list ······················································································178 Configuration prerequisites ································································································································179 Configuring local mirroring groups···················································································································179 Configuring mirroring ports for a local mirroring group ················································································179 Configuring mirroring CPUs for a local mirroring group················································································180 Configuring the monitor port for a local mirroring group ··············································································180 Displaying and maintaining port mirroring···············································································································181 Configuring port mirroring examples ························································································································181 Configuring local port mirroring example········································································································181...
Page 9 Flow aging approaches······································································································································207 Configuring NetStream flow aging ···················································································································207 Displaying and maintaining NetStream ····················································································································208 Configuring NetStream examples ······························································································································208 Configuring NetStream traditional data export example ···············································································208 Configuring NetStream aggregation data export example ···········································································209 Configuring IPv6 NetStream ·································································································································· 211 IPv6 NetStream basic concepts ··································································································································211 What is an IPv6 flow ··········································································································································211 How IPv6 NetStream works ·······························································································································211 IPv6 NetStream key technologies·······························································································································212...
Page 10 Outputting log information to a Linux log host·································································································246 Outputting log information to the console ········································································································248 Saving security logs into the security log file····································································································249 Support and other resources ·································································································································· 253 Contacting HP ······························································································································································253 Subscription service ············································································································································253 Related information······················································································································································253 Documents····························································································································································253 Websites ······························································································································································253 Conventions ··································································································································································254...
Page 11: System Maintenance And Debugging
System maintenance and debugging You can use the ping command and the tracert command to verify the current network connectivity, and use the debug command to enable debugging and to diagnose system faults based on the debugging information. Configuring ping The ping command allows you to verify whether a device with a specified address is reachable, and to examine network connectivity.
Page 12 Figure 1 Ping network diagram Configuration procedure # Use the ping command to display whether Device A and Device C can reach each other. <DeviceA> ping 1.1.2.2 PING 1.1.2.2: 56 data bytes, press CTRL_C to break Reply from 1.1.2.2: bytes=56 Sequence=1 ttl=254 time=205 ms Reply from 1.1.2.2: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms...
Page 13: Tracert
1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 --- 1.1.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/11/53 ms The principle of ping –r is as shown in...
Page 14: Configuring Tracert
Enable sending of ICMP timeout packets on the intermediate device (the device between the source • and destination devices). If the intermediate device is an HP device, execute the ip ttl-expires enable command on the device. For more information about this command, see IP performance optimization commands in the Layer 3 - IP Services Command Reference.
Page 15: System Debugging
Tracert configuration To configure tracert: To do… Use the command… Remarks Enter system view. system-view — tracert [ -a source-ip | -f first-ttl | -m Required. max-ttl | -p port | -q packet-number | - Use either approach. vpn-instance vpn-instance-name | -w The tracert command is Display the routes from timeout ] * host...
Page 16: Configuring System Debugging
Figure 3 The relationship between the protocol and screen output switch Configuring system debugging Output of the debugging information may reduce system efficiency. Administrators usually use the debugging commands to diagnose network failure. After completing the debugging, disable the corresponding debugging function, or use the undo debugging all command to disable all debugging functions.
Page 17: Configuring Ping And Tracert Example
To do… Use the command… Remarks display debugging [ interface interface-type interface-number ] Optional. Display the enabled [ module-name ] [ | { begin | debugging functions. Available in any view. exclude | include } regular- expression ] NOTE: To display the detailed debugging information on the terminal, configure the debugging, terminal debugging and terminal monitor commands.
Page 18 * * * * * * * * * <DeviceA> The output shows that Device A and Device C cannot reach other, Device A and Device B can reach each other, and an error occurred on the connection between Device B and Device C. Use the debugging ip icmp command to enable ICMP debugging on Device A and Device C to check whether the devices send or receive the specified ICMP packets, or use the display ip routing-table command to display whether Device A and Device C can reach each other.
Page 19: Configuring Nqa
Configuring NQA NQA can perform various types of tests and collect network performance and service quality parameters such as delay jitter, time for establishing a TCP connection, time for establishing an FTP connection, and file transfer rate. With the NQA test results, you can diagnose and locate network faults, know network performance in time and take proper actions.
Page 20 The track module notifies the state change to the static routing module The static routing module sets the static route as invalid. NOTE: High Availability For more information about the collaboration and the track module, see Configuration Guide Supporting threshold monitoring NQA supports threshold monitoring for performance parameters such as average delay jitter and packet round-trip time.
Page 21: Basic Nqa Concepts
NOTE: The counting for the average or accumulate threshold type is performed per test, but that for the consecutive type is performed since the test group is started. Triggered actions The following actions may be triggered: none—NQA only records events for terminal display; it does not send trap information to the •...
Page 22: Nqa Probe Operation Procedure
During an SNMP test, one probe operation means sending one SNMPv1 packet, one SNMPv2C • packet, and one SNMPv3 packet. NQA client and server A device with NQA test groups configured is an NQA client and the NQA client initiates NQA tests. An NQA server makes responses to probe packets destined to the specified destination address and port number.
Page 23: Configuring The Nqa Server
Task Remarks Configuring ICMP echo tests Configuring DHCP tests Configuring DNS tests Configuring FTP tests Configuring HTTP tests Required Configuring an NQA test group Configuring UDP jitter tests Use any of the approaches Configuring SNMP tests Configuring TCP tests Configuring UDP echo tests Configuring voice tests Configuring DLSw tests Configuring the collaboration function...
Page 24: Enabling The Nqa Client
Enabling the NQA client Configurations on the NQA client only take effect when the NQA client is enabled. To enable the NQA client: To do… Use the command… Remarks Enter system view. system-view — Optional. Enable the NQA client. nqa agent enable Enabled by default.
Page 25: Configuring Dhcp Tests
To do… Use the command… Remarks Configure the size of the data Optional. field in each ICMP echo data-size size 100 bytes by default. request. Optional. Configure the string to be By default, the string is the filled in the data field of each data-fill string hexadecimal number ICMP echo request.
Page 26: Configuring Dns Tests
Configuration prerequisites Before you start DHCP tests, configure the DHCP server. If the NQA (DHCP client) and the DHCP server are not in the same network segment, configure a DHCP relay. For the configuration of DHCP server and DHCP relay, see Layer 3 IP Services Configuration Guide.
Page 27: Configuring Ftp Tests
To do… Use the command… Remarks Required. Specify the IP address of the DNS server as the destination destination ip ip-address By default, no destination IP address of DNS packets. address is configured. Required. Configure the domain name resolve-target domain-name By default, no domain name is that needs to be translated.
Page 28: Configuring Http Tests
To do… Use the command… Remarks Optional. By default, the operation type for Configure the operation type. operation { get | put } the FTP is get, which means obtaining files from the FTP server. Required. Configure a login username. username name By default, no login username is configured.
Page 29: Configuring Udp Jitter Tests
To do… Use the command… Remarks Configure the IP address of Required. the HTTP server as the destination ip ip-address By default, no destination IP destination address of HTTP address is configured. request packets. Optional. By default, no source IP address is specified.
Page 30 Configuration prerequisites UDP jitter tests require cooperation between the NQA server and the NQA client. Before you start UDP jitter tests, configure UDP listening services on the NQA server. For more information about UDP listening service configuration, see “Configuring the NQA server.”...
Page 31: Configuring Snmp Tests
To do… Use the command… Remarks Optional. By default, no source IP address is specified. Configure the source IP The source IP address must be the source ip ip-address address for UDP jitter packets. IP address of a local interface. The local interface must be up;...
Page 32: Configuring Tcp Tests
To do… Use the command… Remarks Optional. By default, no source IP address is specified. Configure the source IP The source IP address must be the source ip ip-address address of SNMP packets. IP address of a local interface. The local interface must be up; otherwise, no probe packets can be sent out.
Page 33: Configuring Udp Echo Tests
To do… Use the command… Remarks Optional. By default, no source IP address is specified. Configure the source IP The source IP address must be the source ip ip-address address of TCP probe packets. IP address of a local interface. The local interface must be up;...
Page 34: Configuring Voice Tests
To do… Use the command… Remarks Optional. Configure the size of the data data-size size field in each UDP packet. 100 bytes by default. Optional. Configure the string to be By default, the string is the filled in the data field of each data-fill string hexadecimal number UDP packet.
Page 35 configure the advantage factor. When the system calculates the ICPIF value, this advantage factor is subtracted to modify ICPIF and MOS values and both the objective and subjective factors are considered when you evaluate the voice quality. Configuration prerequisites Voice tests require cooperation between the NQA server and the NQA client. Before you start voice tests, configure a UDP listening service on the NQA server.
Page 36: Configuring Dlsw Tests
To do… Use the command… Remarks Optional. By default, the probe packet size depends on the codec type. The Configure the size of the data data-size size default packet size is 172 bytes field in each probe packet. for G.711A-law and G.711 μ-law codec type, and is 32 bytes for G.729 A-law codec type.
Page 37: Configuring The Collaboration Function
To do… Use the command… Remarks Required. Configure the destination destination ip ip-address By default, no destination IP address of probe packets. address is configured. Optional. By default, no source IP address is specified. Configure the source IP The source IP address must be the source ip ip-address address of probe packets.
Page 38: Configuring Threshold Monitoring
Configuring threshold monitoring Configuration prerequisites Before you configure threshold monitoring, complete the following tasks: Configure the destination address of the trap message by using the snmp-agent target-host • command. For more information about the snmp-agent target-host command, see “SNMP configuration commands.” •...
Page 39: Configuring The Nqa Statistics Collection Function
To do… Use the command… Remarks • Configure a reaction entry for reaction item-number checked-element { owd-ds monitoring the one-way delay | owd-sd } threshold-value upper-threshold (only supported in UDP jitter lower-threshold and voice tests) • Configure a reaction entry for reaction item-number checked-element icpif monitoring the ICPIF value threshold-value upper-threshold lower-threshold...
Page 40: Configuring The History Records Saving Function
To do… Use the command… Remarks Optional. Configure the hold time of statistics hold-time hold-time statistics groups. 120 minutes by default. NOTE: • The NQA statistics collection function is not supported in DHCP tests. • If you use the frequency command to set the frequency between two consecutive tests to 0, only one test is performed, and no statistics group information is collected.
Page 41: Configuring Optional Parameters For An Nqa Test Group
Configuring optional parameters for an NQA test group Optional parameters for an NQA test group are only valid for tests in this test group. Unless otherwise specified, the following optional parameters are applicable to all test types. To configure optional parameters for an NQA test group: To do…...
Page 42: Scheduling An Nqa Test Group
To do… Use the command… Remarks Optional. Enable the routing table route-option bypass-route Disabled by default. bypass function. Not available for DHCP tests. Scheduling an NQA test group You can schedule an NQA test group by setting the start time and test duration for a test group. A test group performs tests between the scheduled start time and the end time (the start time plus test duration).
Page 43: Displaying And Maintaining Nqa
Displaying and maintaining NQA To do… Use the command… Remarks display nqa history [ admin-name operation- Display history records of NQA tag ] [ | { begin | exclude | include } test groups regular-expression ] display nqa reaction counters [ admin-name Display the current monitoring operation-tag [ item-number ] ] [ | { begin | results of reaction entries...
Page 44 Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other. # Create an ICMP echo test group and specify 10.2.2.2 as the destination IP address for ICMP echo requests to be sent. <DeviceA> system-view [DeviceA] nqa entry admin test [DeviceA-nqa-admin-test] type icmp-echo [DeviceA-nqa-admin-test-icmp-echo] destination ip 10.2.2.2...
Page 45: Configuring Dhcp Test Example
# Display the history of ICMP echo tests. [DeviceA] display nqa history admin test NQA entry (admin admin, tag test) history record(s): Index Response Status Time Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.2 Succeeded...
Page 46: Configuring Dns Test Example
Last succeeded probe time: 2007-11-22 09:56:03.2 Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 # Display the history of DHCP tests.
Page 47: Configuring Ftp Test Example
# Stop the DNS tests after a period of time. [DeviceA] undo nqa schedule admin test # Display the results of the last DNS test. [DeviceA] display nqa result admin test NQA entry (admin admin, tag test) test results: Destination IP address: 10.2.2.2 Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 62/62/62...
Page 48: Configuring Http Test Example
# Specify the IP address of the FTP server 10.2.2.2 as the destination IP address for FTP tests. [DeviceA-nqa-admin-test-ftp] destination ip 10.2.2.2 # Specify 10.1.1.1 as the source IP address for probe packets. [DeviceA-nqa-admin-test-ftp] source ip 10.1.1.1 # Set the FTP username to admin, and password to systemtest. [DeviceA-nqa-admin-test-ftp] username admin [DeviceA-nqa-admin-test-ftp] password systemtest # Configure the device to upload file config.txt to the FTP server for each probe operation.
Page 49 Figure 11 Network diagram for the HTTP tests Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other. # Create an HTTP test group. <DeviceA> system-view [DeviceA] nqa entry admin test [DeviceA-nqa-admin-test] type http # Specify the IP address of the HTTP server 10.2.2.2 as the destination IP address for HTTP tests.
Page 50: Configuring Udp Jitter Test Example
Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: Packet(s) arrived late: 0 # Display the history of HTTP tests. [DeviceA] display nqa history admin test NQA entry (admin admin, tag test) history record(s): Index Response...
Page 51 # Start UDP jitter tests. [DeviceA] nqa schedule admin test start-time now lifetime forever # Stop UDP jitter tests after a period of time. [DeviceA] undo nqa schedule admin test # Display the result of the last UDP jitter test. [DeviceA] display nqa result admin test NQA entry (admin admin, tag test) test results: Destination IP address: 10.2.2.2...
Page 52 Destination IP address: 10.2.2.2 Start time: 2008-05-29 13:56:14.0 Life time: 47 seconds Send operation times: 410 Receive response times: 410 Min/Max/Average round trip time: 1/93/19 Square-Sum of round trip time: 206176 Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0...
Page 53: Configuring Snmp Test Example
Configuring SNMP test example Network requirements As shown in Figure 13, configure NQA SNMP tests to test the time it takes for Device A to send an SNMP query packet to the SNMP agent and receive a response packet. Figure 13 Network diagram for SNMP tests Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other.
Page 54: Configuring Tcp Test Example
Last succeeded probe time: 2007-11-22 10:24:41.1 Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 # Display the history of SNMP tests.
Page 55: Configuring Udp Echo Test Example
[DeviceA-nqa-admin-test-tcp] destination ip 10.2.2.2 [DeviceA-nqa-admin-test-tcp] destination port 9000 # Enable the saving of history records. [DeviceA-nqa-admin-test-tcp] history-record enable [DeviceA-nqa-admin-test-tcp] quit # Start TCP tests. [DeviceA] nqa schedule admin test start-time now lifetime forever # Stop the TCP tests after a period of time. [DeviceA] undo nqa schedule admin test # Display the results of the last TCP test.
Page 56 Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other. Configure Device B # Enable the NQA server and configure a listening service to listen to IP address 10.2.2.2 and UDP port 8000. <DeviceB> system-view [DeviceB] nqa server enable [DeviceB] nqa server udp-echo 10.2.2.2 8000 Configure Device A...
Page 57: Configuring Voice Test Example
# Display the history of UDP echo tests. [DeviceA] display nqa history admin test NQA entry (admin admin, tag test) history record(s): Index Response Status Time Succeeded 2007-11-22 10:36:17.9 Configuring voice test example Network requirements As shown in Figure 16, configure NQA voice tests to test the delay jitter of voice packet transmission and voice quality between Device A and Device B.
Page 58 NQA entry (admin admin, tag test) test results: Destination IP address: 10.2.2.2 Send operation times: 1000 Receive response times: 1000 Min/Max/Average round trip time: 31/1328/33 Square-Sum of round trip time: 2844813 Last succeeded probe time: 2008-06-13 09:49:31.1 Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0...
Page 59 Square-Sum of round trip time: 7160528 Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 Voice results:...
Page 60: Configuring Dlsw Test Example
Configuring DLSw test example Network requirements As shown in Figure 17, configure NQA DLSw tests to check the response time of the DLSw device. Figure 17 Network diagram for the DLSw tests Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other. # Create a DLSw test group and configure DLSw probe packets to use 10.2.2.2 as the destination IP address.
Page 61: Configuring Nqa Collaboration Example
Packet(s) arrived late: 0 # Display the history of DLSw tests. [DeviceA] display nqa history admin test NQA entry (admin admin, tag test) history record(s): Index Response Status Time Succeeded 2007-11-22 10:40:27.7 Configuring NQA collaboration example Network requirements As shown in Figure 18, configure a static route to Device C on Device A, with Device B as the next hop.
Page 62 [DeviceA-nqa-admin-test-icmp-echo] quit # Configure the test start time and test duration for the test group. [DeviceA] nqa schedule admin test start-time now lifetime forever On Device A, create the track entry. # Create track entry 1 to associate it with Reaction entry 1 of the NQA test group (admin-test). [DeviceA] track 1 nqa entry admin test reaction 1 Verify the configuration.
Page 63 Destination/Mask Proto Cost NextHop Interface 10.2.1.0/24 Direct 0 10.2.1.2 Vlan3 10.2.1.2/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 The output shows that the next hop 10.2.1.1 of the static route is not reachable, and the status of the track entry is negative.
Page 64: Configuring Ntp
Configuring NTP Defined in RFC 1305, the NTP synchronizes timekeeping among distributed time servers and clients. NTP runs over the UDP, using UDP port 123. The purpose of using NTP is to keep consistent timekeeping among all clock-dependent devices within a network so that the devices can provide diverse applications based on the consistent time.
Page 65: How Ntp Works
How NTP works Figure 19 shows the basic workflow of NTP. Device A and Device B are connected over a network. They have their own independent system clocks, which must be automatically synchronized through NTP. For an easy understanding, assume the following conditions: •...
Page 66: Ntp Message Format
NTP message format NTP uses two types of messages, clock synchronization message and NTP control message. An NTP control message is used in environments where network management is needed. Because it is not a must for clock synchronization, it is not described in this document. NOTE: All NTP messages mentioned in this document refer to NTP clock synchronization messages.
Page 67: Ntp Operation Modes
• Root Delay—Roundtrip delay to the primary reference source. • Root Dispersion—Maximum error of the local clock relative to the primary reference source. • Reference Identifier—Identifier of the particular reference source. • Reference Timestamp—Local time at which the local clock was last set or corrected. Originate Timestamp—Local time at which the request departed from the client for the service host.
Page 68 Symmetric peers mode Figure 22 Symmetric peers mode Client Server Network Automatically works in client/server mode and Clock synchronization (Mode3) sends a reply message Performs clock filtering and selection, and synchronizes its local clock to that of the Reply ( Mode 4) optimal reference source In symmetric peers mode, devices that work in symmetric active mode and symmetric passive mode exchange NTP messages with the Mode field 3 (client mode) and 4 (server mode).
Page 69: Multiple Instances Of Ntp
Multicast mode Figure 24 Multicast mode In multicast mode, a server periodically sends clock synchronization messages to the user-configured multicast address, or, if no multicast address is configured, to the default NTP multicast address 224.0.1.1, with the Mode field in the messages set to 5 (multicast mode). Clients listen to the multicast messages from servers.
Page 70: Ntp Configuration Task List
NOTE: • A CE is a device that has an interface directly connecting to the SP. A CE is not “aware of” the presence of the VPN. A PE is a device directly connecting to CEs. In an MPLS network, all events related to VPN processing •...
Page 71: Configuring The Ntp Symmetric Peers Mode
To configure an NTP client: To do… Use the command… Remarks Enter system view. system-view — ntp-service unicast-server [ vpn- instance vpn-instance-name ] { ip- Required. address | server-name } Specify an NTP server for the [ authentication-keyid keyid | No NTP server is specified by device.
Page 72: Configuring Ntp Broadcast Mode
NOTE: • In symmetric mode, use any NTP configuration command in Configuring the operation modes of to enable NTP; otherwise, a symmetric-passive peer will not process NTP messages from a symmetric-active peer. ip-address In the ntp-service unicast-peer command, must be a unicast address, rather than a •...
Page 73: Configuring Ntp Multicast Mode
NOTE: A broadcast server can only synchronize broadcast clients when its clock has been synchronized. Configuring NTP multicast mode The multicast server periodically sends NTP multicast messages to multicast clients, which send replies after receiving the messages and synchronize their local clocks. For devices working in multicast mode, configure both the server and clients.
Page 74: Disabling An Interface From Receiving Ntp Messages
To specify the source interface for NTP messages: To do… Use the command… Remarks Enter system view. system-view — Required. By default, no source interface is specified for NTP messages, and Specify the source interface ntp-service source-interface the system uses the IP address of for NTP messages.
Page 75: Configuring Access-Control Rights
Configuring access-control rights You can configure the NTP service access-control right to the local device. The following access control rights are available: query—Control query permitted. Permits the peer devices to perform control query to the NTP • service on the local device but does not permit a peer device to synchronize its clock to that of the local device.
Page 76: Configuration Prerequisites
Configuration prerequisites The configuration of NTP authentication involves configuration tasks to be implemented on the client and on the server. When configuring NTP authentication: For all synchronization modes, when you enable the NTP authentication feature, configure an • authentication key and specify it as a trusted key. The ntp-service authentication enable command must work together with the ntp-service authentication-keyid command and the ntp-service reliable authentication-keyid command.
Page 77: Displaying And Maintaining Ntp
NOTE: After you enable the NTP authentication feature for the client, make sure that you configure for the client an authentication key that is the same as on the server and specify that the authentication key is trusted. Otherwise, the client cannot be synchronized to the server. Configuring NTP authentication for a server To do…...
Page 78: Configuring Ntp Examples
Configuring NTP examples Configuring NTP client/server mode example Network requirements Perform the following configurations to synchronize the time between Switch B and Switch A: As shown in Figure 25, the local clock of Switch A is to be used as a reference source, with the •...
Page 79: Configuring The Ntp Symmetric Mode Example
Root dispersion: 1.05 ms Peer dispersion: 7.81 ms Reference time: 14:53:27.371 UTC Sep 19 2005 (C6D94F67.5EF9DB22) The output shows that Switch B has been synchronized to Switch A, and the clock stratum level of Switch B is 3, while that of Switch A is 2. # View the NTP session information of Switch B, which shows that an association has been set up between Switch B and Switch A.
Page 80 Clock status: synchronized Clock stratum: 3 Reference clock ID: 3.0.1.31 Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^18 Clock offset: -21.1982 ms Root delay: 15.00 ms Root dispersion: 775.15 ms Peer dispersion: 34.29 ms Reference time: 15:22:47.083 UTC Sep 19 2005 (C6D95647.153F7CED) The output shows that Switch B has been synchronized to Switch A, and the clock stratum level of Switch B is 3.
Page 81: Configuring Ntp Broadcast Mode Example
Configuring NTP broadcast mode example Network requirements As shown in Figure 27, Switch C functions as the NTP server for multiple devices on a network segment and synchronizes the time among multiple devices. Switch C’s local clock is to be used as a reference source, with the stratum level of 2. •...
Page 82: Configuring Ntp Multicast Mode Example
# Take Switch A as an example. View the NTP status of Switch A after clock synchronization. [SwitchA-Vlan-interface2] display ntp-service status Clock status: synchronized Clock stratum: 3 Reference clock ID: 3.0.1.31 Nominal frequency: 64.0000 Hz Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms...
Page 83 Figure 28 Network diagram for NTP multicast mode configuration Configuration procedure Set the IP address for each interface as shown in Figure 28. The configuration procedure is omitted. Configuration on Switch C: # Configure Switch C to work in multicast server mode and send multicast messages through VLAN- interface 2.
Page 84 # View the NTP session information of Switch D, which shows that an association has been set up between Switch D and Switch C. [SwitchD-Vlan-interface2] display ntp-service sessions source reference stra reach poll offset delay disper ************************************************************************** [1234] 3.0.1.31 127.127.1.0 -16.0 31.0 16.6...
Page 85: Configuring Ntp Client/Server Mode With Authentication Example
The output shows that Switch A has been synchronized to Switch C, and the clock stratum level of Switch A is 3, while that of Switch C is 2. # View the NTP session information of Switch A, which shows that an association has been set up between Switch A and Switch C.
Page 86: Configuring Ntp Broadcast Mode With Authentication Example
Perform the following configuration on Switch A: # Enable NTP authentication. [SwitchA] ntp-service authentication enable # Set an authentication key. [SwitchA] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey # Specify the key as a trusted key. [SwitchA] ntp-service reliable authentication-keyid 42 # View the NTP status of Switch B after clock synchronization.
Page 87 Figure 30 Network diagram for configuration of NTP broadcast mode with authentication Configuration procedure Set the IP address for each interface as shown in Figure 30. The configuration procedure is omitted. Configuration on Switch C: # Configure NTP authentication. [SwitchC] ntp-service authentication enable [SwitchC] ntp-service authentication-keyid 88 authentication-mode md5 123456 [SwitchC] ntp-service reliable authentication-keyid 88 # Specify Switch C as an NTP broadcast server, and specify an authentication key.
Page 88: Configuring Mpls Vpn Time Synchronization In Client/Server Mode Example
Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.30 ms Reference time: 16:01:51.713 UTC Sep 19 2005 (C6D95F6F.B6872B02) The output shows that Switch D has been synchronized to Switch C, and the clock stratum level of Switch D is 4, while that of Switch C is 3.
Page 89 Figure 31 Network diagram for MPLS VPN time synchronization configuration Device Interface IP address Device Interface IP address CE 1 Vlan-int 10 10.1.1.1/24 PE 1 Vlan-int 10 10.1.1.2/24 CE 2 Vlan-int 20 10.2.1.1/24 Vlan-int 30 172.1.1.1/24 CE 3 Vlan-int 50 10.3.1.1/24 Vlan-int 20 10.2.1.2/24...
Page 90: Configuring Mpls Vpn Time Synchronization In Symmetric Peers Mode Example
Clock offset: 0.0000 ms Root delay: 47.00 ms Root dispersion: 0.18 ms Peer dispersion: 34.29 ms Reference time: 02:36:23.119 UTC Jan 1 2001(BDFA6BA7.1E76C8B4) [CE3] display ntp-service sessions source reference stra reach poll now offset delay disper ************************************************************************** [12345]10.1.1.1 LOCL 47.0 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured Total associations : [CE3]...
Page 91 [PE2] display ntp-service sessions source reference stra reach poll now offset delay disper ************************************************************************** [12345]10.1.1.2 LOCL -12.0 32.0 15.6 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured Total associations : [PE2] display ntp-service trace server 127.0.0.1,stratum 2, offset -0.012000, synch distance 0.02448 server 10.1.1.2,stratum 1, offset 0.003500, synch distance 0.00781 refid 127.127.1.0...
Page 92: Configuring Ipc
Configuring IPC IPC is a reliable communication mechanism among different nodes. The following are the basic concepts in IPC. Node An IPC node is an entity supporting IPC; it is an independent processing unit. In actual application, an IPC node corresponds to one CPU. The following guidelines apply: One centralized device only has one CPU, corresponding to one node.
Page 93: Enabling Ipc Performance Statistics
Figure 32 Relationship between a node, link and channel Packet sending modes IPC supports three packet sending modes: unicast, multicast (broadcast is considered as a special multicast), and mixcast, each having a queue. The upper layer application modules can select one as needed.
Page 94: Displaying And Maintaining Ipc
Displaying and maintaining IPC To do… Use the command… Remarks display ipc node [ | { begin | Display IPC node information exclude | include } regular- expression ] display ipc channel { node node- Display channel information of a id | self-node } [ | { begin | node exclude | include } regular-...
Page 95: Configuring Poe
PSE—A PSE supplies power for PDs. A PSE can be built-in (Endpoint) or external (Midspan). A built- in PSE is integrated in a switch, and an external PSE is independent from a switch. HP PSEs are built in. The system uses PSE IDs to identify different PSEs. To display the mapping between a PSE ID and the member ID of a switch, execute the display poe device command.
Page 96: Protocol Specification
Protocol specification The protocol specification related to PoE is IEEE 802.3af. PoE configuration task list You can configure a PoE interface by using either of the following methods: At the CLI. • Through configuring the PoE profile and applying the PoE profile to the PoE interface. •...
Page 97: Enabling Poe
PD supports power over spare wires), you have to change the order of the lines in the twisted pair cable to supply power to the PD. The HP 5820X&5800 Switch Series only supports the signal mode. •...
Page 98: Detecting Pds
To do… Use the command… Remarks Required. Enable PoE for the PoE poe enable interface. Disabled by default. Optional. Configure a description for the By default, no description for the PD connected to the PoE poe pd-description text PD connected to the PoE interface interface.
Page 99: Configuring The Poe Power
Configuring the PoE power Configuring the maximum PoE interface power The maximum PoE interface power is the maximum power that the PoE interface can provide to the connected PD. If the power required by the PD is larger than the maximum PoE interface power, the PoE interface will not supply power to the PD.
Page 100: Configuring The Poe Monitoring Function
If the guaranteed remaining PSE power (the maximum PSE power minus the power allocated to the critical PoE interface, regardless of whether PoE is enabled for the PoE interface) is lower than the maximum power of the PoE interface, you will fail to set the priority of the PoE interface to critical. Otherwise, you can succeed in setting the priority to critical, and this PoE interface will preempt the power of other PoE interfaces with a lower priority level.
Page 101: Configuring Poe Interface Through Poe Profile
Configuring PoE interface through PoE profile You can configure a PoE interface either at the CLI or by using a PoE profile and applying the PoE profile to the specified PoE interfaces. To configure a single PoE interface, configure it at the CLI; to configure PoE interfaces in batches, use a PoE profile.
Page 102: Upgrading Pse Processing Software In Service
To apply the PoE profile in system view: To do… Use the command… Remarks Enter system view. system-view — apply poe-profile { index index | Apply the PoE profile to one name profile-name } interface Required or multiple PoE interfaces. interface-range To apply the PoE profile in interface view: To do…...
Page 103: Displaying And Maintaining Poe
Displaying and maintaining PoE To do… Use the command… Remarks display poe device [ | { begin | exclude Display PSE information | include } regular-expression ] display poe interface [ interface-type Display the power supply state of interface-number ] [ | { begin | exclude | the specified PoE interface include } regular-expression ] display poe interface power [ interface-...
Page 104: Troubleshooting Poe
Figure 34 Network diagram for PoE GE1/0/11 GE1/0/1 AP 1 AP 2 Configuration procedure # Enable PoE on GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3, and set their power supply priority to critical. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] poe enable [Sysname-GigabitEthernet1/0/1] poe priority critical [Sysname-GigabitEthernet1/0/1] quit [Sysname] interface gigabitethernet 1/0/2...
Page 105 Solution: In the first case, increase the maximum PSE power, or by reducing the maximum power of the PoE • interface when the guaranteed remaining power of the PSE cannot be modified. • In the second case, remove the priority already configured. Symptom 2: Applying a PoE profile to a PoE interface fails.
Page 106: Configuring Snmp
Configuring SNMP SNMP offers the communication rules between a management device and the managed devices on the network; it defines a series of messages, methods and syntaxes to implement the access and management from the management device to the managed devices. SNMP has the following characteristics: Automatic network management: SNMP enables network administrators to search and modify •...
Page 107: Mib Overview
• SNMPv3 offers an authentication mechanism that is implemented based on the User-based Security Model (USM). You can set the authentication and privacy functions. The former authenticates the validity of the sending end of the authentication packets, preventing access of unauthorized users; the latter encrypts packets between the NMS and agents, preventing the packets from being intercepted.
Page 108 To configure SNMPv3: To do… Use the command… Remarks Enter system view. system-view — Optional. Disabled by default. You can enable the SNMP agent Enable the SNMP agent. snmp-agent through this command or any command that begins with snmp- agent. Optional.
Page 109 To configure SNMPv1 and SNMPv2c: To do… Use the command… Remarks Enter system view. system-view — Optional. Disabled by default. You can enable the SNMP Enable the SNMP agent. snmp-agent agent with this command or any command that begins with snmp-agent.
Page 110: Configuring Network Management-Specific Interface Index
Configuring network management-specific interface index Interface index (ifindex) and network management (NM)-specific ifindex are both interface identifications. ifindex is an internal parameter for software implementation of the device, and it uniquely identifies an interface for internal resource allocation and management. NM-specific ifindex is a parameter provided by the device to the NMS.
Page 111: Configuring Snmp Logging
To switch the format of an NM-specific ifindex: To do… Use the command… Remarks Enter system view. system-view — Optional. Switch the format of an NM- snmp-agent ifmib long-ifindex specific ifindex from 16-bit to By default, an NM-specific ifindex enable 32-bit.
Page 112: Configuring Snmp Trap
A large number of logs occupy storage space of the device, which impacts the performance of the device. HP recommends that you disable SNMP logging. The total output size for the node and value fields in each log entry is 1024 bytes. If this limit is •...
Page 113: Configuring Trap Parameters
To do… Use the command… Remarks Enter interface view. interface interface-type interface-number — Enable the trap Optional. function of interface enable snmp trap updown Enabled by default. state changes. CAUTION: To enable an interface to send linkUp/linkDown traps when its state changes, enable the trap •...
Page 114: Displaying And Maintaining Snmp
To do… Use the command… Remarks Optional. Extend the standard snmp-agent trap if-mib link Standard linkUp/linkDown traps linkUp/linkDown traps extended defined in RFC are used by defined in RFC. default. Optional. Configure the size of the trap snmp-agent trap queue-size size send queue.
Page 115: Configuring Snmpv1/Snmpv2C Example
Configuring SNMPv1/SNMPv2c example Network requirements • As shown in Figure 38, the NMS connects to the agent through an Ethernet. • The IP address of the NMS is 1.1.1.2/24. The IP address of the agent is 1.1.1.1/24. • The NMS monitors and manages the agent using SNMPv1 or SNMPv2c. The agent reports errors or •...
Page 116: Configuring Snmpv3 Example
• Execute the shutdown or undo shutdown command to an idle interface on the agent, and the NMS receives the corresponding trap. Configuring SNMPv3 example Network requirements • As shown in Figure 39, the NMS connects to the agent through an Ethernet. •...
Page 117: Configuring Snmp Logging Example
Configuring the SNMP NMS SNMPv3 uses an authentication and privacy security model. On the NMS, the user needs to specify the username and security level, and based on that level, configure the authentication mode, authentication password, privacy mode, and privacy password. In addition, the timeout time and number of retries should also be configured.
Page 118 # Enable the information center to output the system information with the severity level equal to or higher than informational to the console port. <Sysname> system-view [Sysname] info-center source snmp channel console log level informational # Enable SNMP logging on the agent to log the GET and SET operations of the NMS. [Sysname] snmp-agent log get-operation [Sysname] snmp-agent log set-operation The following log information is displayed on the terminal when the NMS performs the Get...
Page 119: Configuring Rmon
MIB information, alarm, event, history, and statistics, in most cases. The HP device adopts the second way and realizes the RMON agent function. With the RMON agent function, the management device can obtain the traffic that flow among the managed devices on each connected network segments;...
Page 120: Rmon Groups
Among the RMON groups defined by RMON specifications (RFC 2819), the device has realized the statistics group, history group, event group, and alarm group supported by the public MIB. Besides, HP also defines and implements the private alarm group, which enhances the functions of the alarm group.
Page 121: Configuring The Rmon Statistics Function
Figure 41 Rising and falling alarm events Private alarm group The private alarm group calculates the values of alarm variables and compares the result with the defined threshold, realizing a more comprehensive alarming function. The system handles the prialarm alarm table entry—as defined by the user—in the following ways: Periodically samples the prialarm alarm variables defined in the prialarm formula.
Page 122 Configuring the RMON Ethernet statistics function. A statistics object of the history group is the variable defined in the history record table, and the • recorded content is a cumulative sum of the variable in each period. For more information, see Configuring the RMON history statistics function.
Page 123: Configuring The Rmon Ethernet Statistics Function
Configuring the RMON Ethernet statistics function To configure the RMON Ethernet statistics function: To do… Use the command… Remarks Enter system view. system-view — Enter Ethernet interface view. interface interface-type interface-number — Create an entry in the RMON rmon statistics entry-number [ owner text ] Required statistics table.
Page 124: Configuring The Rmon Alarm Function
Configuring the RMON alarm function Configuration prerequisites Before you configure the RMON alarm function, complete the following tasks: To enable the managed devices to send traps to the NMS when the NMS triggers an alarm event, • configure the SNMP agent as described in SNMP configuration in the Network Management and Monitoring Configuration Guide.
Page 125: Displaying And Maintaining Rmon
Table 3 Restrictions on the configuration of RMON Maximum number of Entry Parameters to be compared entries that can be created Event description (description string), event type (log, trap, Event logtrap or none) and community name (trap-community or log-trapcommunity) Alarm variable (alarm-variable), sampling interval (sampling-interval), sampling type (absolute or delta), rising Alarm threshold (threshold-value1) and falling threshold (threshold-...
Page 126: Configuring Ethernet Statistics Group Example
Configuring Ethernet statistics group example Network requirements As shown in Figure 42, Agent is connected to a configuration terminal through its console port and to Server through Ethernet cables. Gather performance statistics on received packets on GigabitEthernet 1/0/1 through RMON Ethernet statistics table, and the administrator can view the statistics on packets received on the interface at any time.
Page 127: Configuring History Group Example
Configuring history group example Network requirements As shown in Figure 43, Agent is connected to a configuration terminal through its console port and to Server through Ethernet cables. Gather statistics on received packets on GigabitEthernet 1/0/1 every one minute through RMON history statistics table, and the administrator can view whether data burst happens on the interface in a short time.
Page 128 Sampled values of record 3 : dropevents , octets : 830 packets , broadcast packets multicast packets : 6 , CRC alignment errors : 0 undersize packets : 0 , oversize packets fragments , jabbers collisions , utilization Sampled values of record 4 : dropevents , octets : 933...
Page 129: Configuring Alarm Group Example
Configuring alarm group example Network requirements As shown in Figure 44, Agent is connected to a console terminal through its console port and to an NMS across Ethernet. Do the following: • Connect GigabitEthernet 1/0/1 to the FTP server. Gather statistics on traffic of the server on GigabitEthernet 1/0/1 with the sampling interval being five seconds.
Page 130 # Display the RMON alarm entry configuration. <Sysname> display rmon alarm 1 AlarmEntry 1 owned by null is Valid. Samples type : delta Variable formula : 1.3.6.1.2.1.16.1.1.1.4.1<etherStatsOctets.1> Sampling interval : 5(sec) Rising threshold : 100(linked with event 1) Falling threshold : 50(linked with event 2) When startup enables : risingOrFallingAlarm...
Page 131: Configuring Cwmp
CWMP to remotely configure, manage, and maintain the switches in batches in the data center network. The HP 5800 and 5820X switches support the CWMP protocol. When starting up for the first time to access the network, an HP 5800 and 5820X switch functions as a CPE and automatically downloads the configuration file from the ACS.
Page 132: Cwmp Basic Functions
ACS—Auto-configuration server. An ACS delivers configurations to CPEs and provides management • services to CPEs. In this document, ACS refers to the server installed with the HP iMC BIMS. DNS server—Domain name system server. An ACS and a CPE use URLs to identify and access each •...
Page 133: Cwmp Mechanism
monitor parameters and get the parameter values through an ACS, so as to get the CPE status and statistics information. The status and performance that can be monitored by an ACS include: • Manufacture name (Manufacturer) • ManufacturerOUI • SerialNumber •...
Page 134: Configuration Parameter Deployment
Configuration parameter deployment When a CPE logs in to an ACS, the ACS can automatically apply some configurations to the CPE for it to perform auto configuration. Table 4 lists the auto-configuration parameters supported by the switch. Table 4 Auto-configuration parameters and their functions Auto-configuration parameters Function Updates the local configuration file on the CPE.
Page 135: Active And Standby Acs Switchover
Active and standby ACS switchover The following example illustrates how an active and standby ACS switchover is performed. The scenario: There are two ACSs, active and standby in an area. The active ACS needs to restart for system upgrade. To ensure a continuous monitoring of the CPE, all CPEs in the area must connect to the standby ACS. Figure 46 Example of the message interaction during an active and standby ACS switchover The active and standby ACS switchover proceeds as follows: Establish a TCP connection.
Page 136: Cwmp Configuration Tasks
CPE, the DHCP server sends the ACS parameters in DHCP Option 43 to the CPE. If the DHCP server is an HP switch that supports DHCP Option 43, you can configure the ACS parameters at the CLI with the command option 43 hex 01length URL username password, where length is a hexadecimal string that indicates the total length of the URL username password •...
Page 137: Configuring The Dns Server
Configuring CPEs You can set CWMP parameters at the CLI. NOTE: The HP 5800 and 5820X switches operate as CPEs in a CWMP-enabled network, so the following only describes the configuration on CPEs. Complete these tasks to configure CWMP: Task...
Page 138: Enabling Cwmp
Enabling CWMP CWMP configurations can only take effect after you enable CWMP. To enable CWMP: To do… Use the command… Remarks Enter system view. system-view — Enter CWMP view. cwmp — Optional. Enable CWMP. cwmp enable By default, CWMP is enabled. Configuring the ACS server ACS server information includes ACS URL, username and password.
Page 139: Configuring Cpe Attributes
To do… Use the command… Remarks Optional. You can specify a username without a password that is used in the authentication. If so, the Configure the ACS password cwmp acs password password configuration on the ACS and that for connection to the ACS. on the CPE must be the same.
Page 140: Configuring The Cwmp Connection Interface
Configuring the CWMP connection interface A CWMP connection interface is an interface that connects a CPE to the ACS. The CPE sends an Inform message carrying the IP address of the CWMP connection interface, and asks the ACS to establish a connection through this IP address;...
Page 141: Configuring The Maximum Number Of Attempts Made To Retry A Connection
Sending an Inform message at a specific time To do… Use the command… Remarks Enter system view. system-view — Enter CWMP view. cwmp — Required. Configure the CPE to send an By default, the time is null, that is, Inform message at the cwmp cpe inform time time the CPE is not configured to send specified time.
Page 142: Displaying And Maintaining Cwmp
Network requirements A data center has two equipment rooms A and B. Both rooms require a great number of HP 5800 switches. There are ACS, DHCP, and DNS servers on the network. To improve deployment efficiency, use CWMP to deliver different configuration files to the switches in rooms A and B.
Page 143: Configuration Procedure
Equipment room 5800 switch Serial ID 5800-3 210235AOLNH12000015 5800-4 210235AOLNH12000017 5800-5 210235AOLNH12000020 5800-6 210235AOLNH12000022 The network administrator has created two configuration files sys.a.cfg and sys_b.cfg for the switches in the two rooms. The username and password for accessing the ACS server is vicky and 12345. The URL address is http://acs.database:9090/acs.
Page 144 Figure 49 Add CPE authentication user page Set the username, password, and description, and then click OK. # Add a device group and a device class. In this example, add 5800- 1 to the 5800_A class of the DB_1 group. Click the Resource tab, and select Group Management >...
Page 145 Figure 51 Add device class page After setting the class name, click OK. # Select Add Device from the navigation tree to enter the page for adding a device. Figure 52 Add device page Enter the device information and click OK.
Page 146 Figure 53 Adding device succeeded Repeat the previous steps to add information about 5800-2 and 5800-3 to the ACS server, and the adding operation of switches in equipment room A is completed. # Bind different configuration files to different CPE groups to realize auto-deployment. Select Deployment Guide from the navigation tree.
Page 147 Figure 55 Auto deploy configuration page # Click Select Class and enter the page for selecting device type.
Page 148 Figure 56 Select a device class # Select the 5800_A device class and click OK. After that, the auto deploy configuration page is displayed. Click OK to complete the task. Figure 57 Deploying task succeeded Configuration of the 5800 switches in room B is the same as that of the switches in room A except that you must perform the following configuration: Create device class 5800_B for switches in room B.
Page 149 NOTE: In this example, the DHCP server is an HP switch supporting the Option 43 function. If your DHCP server is not an HP switch supporting the Option 43 function, see the user manual that came with your server. •...
Page 150 Figure 58 Device interaction log page If the deployment is completed, the network administrator needs to deliver the reboot direction to the switch through the ACS server. After the switch reboots, it loads the configuration file delivered from the ACS server and completes the auto-configuration process.
Page 151: Configuring Cluster Management
Configuring cluster management With the growth of networks, a great number of access devices are needed at network borders. Management for these devices is very complicated; moreover, each device needs an IP address and wastes IP address resources. Problems can be solved by cluster, which is a group of network devices. Cluster management implements management of large numbers of distributed network devices.
Page 152: How A Cluster Works
As shown in Figure 59, the device configured with a public IP address and performing the management function is the management device, the other managed devices are member devices, and the device that does not belong to any cluster but can be added to a cluster is a candidate device. The management device and the member devices form the cluster.
Page 153 entry and holdtime in the NDP table are updated; otherwise, only the holdtime of the entry is updated. If no NDP information from the neighbor is received when the holdtime times out, the corresponding entry is removed from the NDP table. NDP runs on the data link layer, and supports different network layer protocols.
Page 154 Figure 61 Management/member device state change After a cluster is created, a candidate device is added to the cluster and becomes a member device, • the management device saves the state information of its member device and identifies it as Active. And the member device also saves its state information and identifies itself as Active.
Page 155: Cluster Configuration Task List
For a cluster to work normally, you must set the packets from the management VLAN to pass the ports connecting the management device and the member/candidate devices—including the cascade ports— using the following guidelines: If the packets from the management VLAN cannot pass a port, the device connected with the port •...
Page 156 Task Remarks Enabling the cluster function Optional Deleting a member device from a cluster Optional Configuring access between the management device and its member Optional devices Adding a candidate device to a cluster Optional Configuring topology management Optional Configuring interaction for a cluster Optional Configuring advanced cluster functions...
Page 157: Configuring The Management Device
NOTE: HP recommends that you disable NDP on the port which connects with the devices that do not need to join the cluster, preventing the management device from adding the device which needs not to join the cluster and collecting the topology information of this device.
Page 158: Enabling Ntdp Globally And For Specific Ports
NOTE: HP recommends that you disable NTDP on the port which connects with the devices that do not need to join the cluster, preventing the management device from adding the device which needs not to join the cluster and collecting the topology information of this device.
Page 159: Manually Collecting Topology Information
To do… Use the command… Remarks Configure the port delay to Optional. forward topology-collection ntdp timer port-delay delay-time 20 ms by default. request on other ports. NOTE: The two delay values should be configured on the topology collecting device. A topology-collection request sent by the topology collecting device carries the two delay values, and a device that receives the request forwards the request according to the delays.
Page 160: Enabling Management Vlan Auto-Negotiation
You can press Ctrl+C anytime during the adding process to exit the cluster auto-establishment process. However, this only stops adding new devices into the cluster, and devices already added into the cluster are not removed. To manually establish a cluster: To do…...
Page 161: Configuring Cluster Management Protocol Packets
To configure management VLAN auto-negotiation: To do… Use the command… Remarks Enter system view. system-view — Enter cluster view. cluster — Required. Enable management VLAN management-vlan synchronization auto-negotiation. enable Disabled by default. Configuring communication between the management device and the member devices within a cluster In a cluster, the management device and member devices communicate by sending handshake packets to maintain connection between them.
Page 162: Cluster Member Management
To configure the destination MAC address of the cluster management protocol packets: To do… Use the command… Remarks Enter system view. system-view — Enter cluster view. cluster — Required. The destination MAC address is 0180-C200-000A by default. Configure the destination The following are the configurable MAC addresses: MAC address for cluster...
Page 163: Configuring The Member Devices
To do… Use the command… Remarks Enter cluster view. cluster — Remove a member device delete-member member-number Required from the cluster. [ to-black-list ] Rebooting a member device To do… Use the command… Remarks Enter system view. system-view — Enter cluster view. cluster —...
Page 164: Configuring Access Between The Management Device And Its Member Devices
Configuring access between the management device and its member devices After having successfully configured NDP, NTDP and cluster, configure, manage and monitor the member devices through the management device. You can manage member devices in a cluster through switching from the operation interface of the management device to that of a member device or configure the management device by switching from the operation interface of a member device to that of the management device.
Page 165: Adding A Candidate Device To A Cluster
Adding a candidate device to a cluster To do… Use the command… Remarks Enter system view. system-view — Enter cluster view. cluster — Add a candidate device to administrator-address mac- Required the cluster. address name name Configuring advanced cluster functions Configuring topology management The concepts of blacklist and whitelist are used for topology management.
Page 166: Configuring Interaction For A Cluster
To do… Use the command… Remarks topology accept { all [ save-to Confirm the current topology { ftp-server | local-flash } ] | mac- and save it as the standard Optional address mac-address | member-id topology. member-number } Save the standard topology to topology save-to { ftp-server | the FTP server or the local Optional...
Page 167: Snmp Configuration Synchronization Function
To do… Use the command… Remarks Configure the NM interface of nm-interface vlan-interface Optional. the management device. interface-name CAUTION: To isolate management protocol packets of a cluster from packets outside the cluster, configure the device to prohibit packets from the management VLAN from passing the ports that connect the management device with the devices outside the cluster and configure the NM interface for the management device.
Page 168: Configuring Web User Accounts In Batches
Configuring web user accounts in batches Configuring Web user accounts in batches enables you to configure on the management device the username and password used to log in to the devices —including the management device and member devices—within a cluster through Web and synchronize the configurations to the member devices in the whitelist.
Page 169: Configuring Cluster Management Example
To do… Use the command… Remarks display cluster candidates [ mac- Display the information of address mac-address | verbose ] candidate devices [ | { begin | exclude | include } regular-expression ] display cluster current-topology [ mac-address mac-address [ to- mac-address mac-address ] | Display the current topology member-id member-number [ to-...
Page 170 Configuration procedure Configure the member device Switch A # Enable NDP globally and for port GigabitEthernet 1/0/1. <SwitchA> system-view [SwitchA] ndp enable [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] ndp enable [SwitchA-GigabitEthernet1/0/1] quit # Enable NTDP globally and for port GigabitEthernet 1/0/1. [SwitchA] ntdp enable [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] ntdp enable...
Page 171 [SwitchB] ntdp timer hop-delay 150 # Configure the delay to forward topology-collection request packets on the first port as 15 ms. [SwitchB] ntdp timer port-delay 15 # Configure the interval to collect topology information as 3 minutes. [SwitchB] ntdp timer 3 # Configure the management VLAN of the cluster as VLAN 10.
Page 172 # Add port GigabitEthernet 1/0/1 to VLAN 2, and configure the IP address of VLAN-interface 2. [abc_0.SwitchB] vlan 2 [abc_0.SwitchB-vlan2] port gigabitethernet 1/0/1 [abc_0.SwitchB] quit [abc_0.SwitchB] interface vlan-interface 2 [abc_0.SwitchB-Vlan-interface2] ip address 163.172.55.1 24 [abc_0.SwitchB-Vlan-interface2] quit # Configure VLAN-interface 2 as the network management interface. [abc_0.SwitchB] cluster [abc_0.SwitchB-cluster] nm-interface vlan-interface 2...
Page 173: Configuring A Sampler
Configuring a sampler A sampler provides the packet sampling function. A sampler selects a packet out of sequential packets, and sends it to the service module for processing. The following sampling modes are available: Fixed mode—The first packet is selected out of a number of sequential packets in each sampling. •...
Page 174: Configuring Sampler Examples
Configuring sampler examples Network requirements As shown in Figure 63, configure IPv4 NetStream on Switch A to collect statistics on coming traffic on GigabitEthernet 1/0/1 and send the result to port 5000 on NSC 12.1 10.2.2/16. Configure fixed sampling in the inbound direction to select the first packet out of 256 packets. Figure 63 Network diagram for using sampler with NetStream Vlan-int1 12.110.2.1/16...
Page 175: Configuring Port Mirroring
If a packet travels from Port 2 to Port 3, two duplicates of the packet will be received on Port 1. On the HP 5820X&5800 switch series, if incoming traffic is mirrored, the mirrored traffic is sent with •...
Page 176 Figure 64 Local port mirroring implementation As shown in Figure 64, packets of the mirroring port are mirrored to the monitor port for the data monitoring device to analyze. Layer 2 remote port mirroring Layer 2 remote port mirroring is implemented through the cooperation between a remote source mirroring group and a remote destination mirroring group as shown in Figure Figure 65 Layer 2 remote port mirroring implementation...
Page 177 NOTE: • You must make sure that the source device and the destination device can communicate at Layer 2 in the remote probe VLAN. For the mirrored packets to be forwarded to the monitor port, make sure that the same probe VLAN •...
Page 178: Configuring Local Port Mirroring
The HP 5820X switch series allows you to add a source port to up to two mirroring groups. •...
Page 179: Configuring Mirroring Ports For The Local Mirroring Group
Configuring mirroring ports for the local mirroring group You can configure a list of mirroring ports for a mirroring group at a time in system view, or only assign the current port to it as a mirroring port in interface view. To assign multiple ports to the mirroring group as mirroring ports in interface view, repeat the step.
Page 180: Configuring The Monitor Port For The Local Mirroring Group
• HP recommends you only use a monitor port for port mirroring to make sure that the data monitoring device only receives and analyzes the mirrored traffic rather than a mix of mirrored traffic and normally forwarded traffic.
Page 181 The HP 5820X switch series allows you to add a source port to up to two mirroring groups. •...
Page 182: Configuration Prerequisites
Configuration prerequisites Before configuring Layer 2 remote port mirroring, make sure that you have created static VLANs for the remote probe VLAN. CAUTION: The remote source mirroring group on the source device and the remote destination mirroring group on the destination device must use the same remote probe VLAN. Configuring a remote source mirroring group (on the source device) To configure a remote source mirroring group, make the following configurations on the source device.
Page 183 NOTE: • A mirroring group can contain multiple mirroring ports. • To make sure that the port mirroring function works properly, do not assign a mirroring port to the remote probe VLAN. Configuring mirroring CPUs for the remote source mirroring group To do…...
Page 184: Configuring A Remote Destination Mirroring Group (On The Destination Device)
A VLAN can only be used by one mirroring group. • HP recommends you use the remote probe VLAN for port mirroring exclusively. • To remove the VLAN configured as a remote probe VLAN, you must remove the remote probe VLAN •...
Page 185 To make sure that the port mirroring function works properly, do not enable STP, MSTP, or RSTP on the monitor port. HP recommends you only use a monitor port for port mirroring. This is to make sure that the data •...
Page 186: Using The Remote Probe Vlan To Enable Local Mirroring To Support Multiple Destination Ports
To do… Use the command… Remarks VLAN: For a hybrid port port hybrid vlan vlan-id { tagged | untagged } NOTE: For more information about the port access vlan command, the port trunk permit vlan command, and Layer 2—LAN Switching Command Reference the port hybrid vlan command, see Using the remote probe VLAN to enable local mirroring to support multiple destination ports...
Page 187 If you have already configured a reflector port for a remote source mirroring group, you can no longer configure an egress port for it. A VLAN can only serve as the remote probe VLAN for one remote source mirroring group. HP •...
Page 188: Configuring Layer 3 Remote Port Mirroring
The HP 5820X switch series allows you to add a source port to up to two mirroring groups. •...
Page 189: Configuration Prerequisites
Configuration prerequisites Before configuring Layer 3 remote port mirroring, create a GRE tunnel that connects the source and destination devices. Configuring local mirroring groups Configure a local mirroring group on the source device and on the destination device separately. To create a local mirroring group (on the source or destination device): To do…...
Page 190: Configuring Mirroring Cpus For A Local Mirroring Group
Configuring mirroring CPUs for a local mirroring group To do… Use the command… Remarks Enter system view. system-view — Required. mirroring-group group-id Configure mirroring CPUs. mirroring-cpu slot slot-number-list By default, no mirroring CPU is { both | inbound | outbound } configured for a mirroring group.
Page 191: Displaying And Maintaining Port Mirroring
To make sure that the port mirroring function can work properly, do not enable STP, MSTP, or RSTP on the monitor port. HP recommends you only use a monitor port for port mirroring. This is to make sure that the data •...
Page 192: Configuring Layer 2 Remote Port Mirroring Example
Configuration procedure Create a local mirroring group. # Create local mirroring group 1. <DeviceA> system-view [DeviceA] mirroring-group 1 local # Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as mirroring ports and port GigabitEthernet 1/0/3 as the monitor port. [DeviceA] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 gigabitethernet 1/0/2 both [DeviceA] mirroring-group 1 monitor-port gigabitethernet 1/0/3 # Disable Spanning Tree Protocol (STP) in the monitor port GigabitEthernet1/0/3.
Page 193 Figure 68 Network diagram for Layer 2 remote port mirroring configuration Configuration procedure Configure Device A (the source device) # Create a remote source mirroring group. <DeviceA> system-view [DeviceA] mirroring-group 1 remote-source # Create VLAN 2 and disable the MAC address learning function for VLAN 2. [DeviceA] vlan 2 [DeviceA-vlan2] mac-address mac-learning disable [DeviceA-vlan2] quit...
Page 194: Configuring Local Port Mirroring With Multiple Monitor Ports Example
[DeviceB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port that permits the packets of VLAN 2 to pass through. [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port link-type trunk [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan 2 [DeviceB-GigabitEthernet1/0/2] quit Configure Device C (the destination device) # Configure GigabitEthernet 1/0/1 as a trunk port that permits the packets of VLAN 2 to pass through.
Page 195 Figure 69 Network diagram for configuring local port mirroring with multiple monitor ports Configuration procedure # Create remote source mirroring group 1. <SwitchA> system-view [SwitchA] mirroring-group 1 remote-source # Configure GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 as mirroring ports of remote source mirroring group 1.
Page 196: Configuring Layer 3 Remote Port Mirroring Example
Configuring Layer 3 remote port mirroring example Network requirements On the network shown in Figure Device A connects to the marketing department through GigabitEthernet 1/0/1, and to • GigabitEthernet 1/0/1 of Device B through GigabitEthernet 1/0/2; Device C connects to the server through GigabitEthernet 1/0/2, and to GigabitEthernet 1/0/2 of Device B through GigabitEthernet 1/0/1.
Page 197 [DeviceA-GigabitEthernet1/0/3] port service-loopback group 1 # In tunnel interface view, configure the tunnel to reference service loopback group 1. [DeviceA-GigabitEthernet1/0/3] quit [DeviceA] interface tunnel 0 [DeviceA-Tunnel0] service-loopback-group 1 [DeviceA-Tunnel0] quit # Enable the OSPF protocol. [DeviceA] ospf 1 [DeviceA-ospf-1] area 0 [DeviceA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [DeviceA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [DeviceA-ospf-1-area-0.0.0.0] network 50.1.1.0 0.0.0.255...
Page 198 [DeviceC-GigabitEthernet1/0/3] port service-loopback group 1 # In tunnel interface view, configure the tunnel to reference service loopback group 1. [DeviceC-GigabitEthernet1/0/3] quit [DeviceC] interface tunnel 0 [DeviceC-Tunnel0] service-loopback-group 1 [DeviceC-Tunnel0] quit # Enable the OSPF protocol. [DeviceC] ospf 1 [DeviceC-ospf-1] area 0 [DeviceC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [DeviceC-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [DeviceC-ospf-1-area-0.0.0.0] network 50.1.1.0 0.0.0.255...
Page 199: Configuring Traffic Mirroring
Configuring traffic mirroring Traffic mirroring is the action of copying the specified packets to the specified destination for packet analyzing and monitoring. You can configure mirroring traffic to an interface or to the CPU. Mirroring traffic to an interface: copies the matching packets on an interface to a destination •...
Page 200: Mirroring Traffic To The Cpu
Specify the destination mirror-to interface interface-type ports in a traffic behavior. On interface for traffic interface-number an HP 5800 switch, you can mirroring. configure up to four traffic mirroring destination ports in a traffic behavior. On an HP 5820X switch, you can...
Page 201: Applying A Qos Policy
To do… Use the command… Remarks Required. Create a policy and enter qos policy policy-name policy view. By default, no policy exists. Required. Associate the class with the classifier tcl-name behavior behavior- traffic behavior in the QoS By default, no traffic behavior name policy.
Page 202: Displaying And Maintaining Traffic Mirroring
Apply a QoS policy globally You can apply a QoS policy globally to the inbound or outbound direction of all ports. To apply a QoS policy globally: To do… Use the command… Remarks Enter system view. system-view — qos apply policy policy-name Apply a QoS policy globally.
Page 203 # Enter system view. <Sysname> system-view # Configure basic IPv4 ACL 2000 to match packets with the source IP address 192.168.0.1. [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 192.168.0.1 0 [Sysname-acl-basic-2000] quit # Create class 1 and configure the class to use ACL 2000 for traffic classification. [Sysname] traffic classifier 1 [Sysname-classifier-1] if-match acl 2000 [Sysname-classifier-1] quit...
Page 204: Configuring Netstream
Configuring NetStream The HP 5820X switch series do not support NetStream. Legacy traffic statistics collection methods, like SNMP and port mirroring, cannot provide precise network management because of inflexible statistical methods or high cost (dedicated servers are required). This calls for a new technology to collect traffic statistics.
Page 205: Netstream Key Technologies
• The NSC is usually a program running in Unix or Windows. It parses the packets sent from the NDE, stores the statistics to the database for the NDA. The NSC gathers the data from multiple NDEs, then filters and aggregates the total received data. •...
Page 206: Netstream Data Export
NetStream data export NetStream traditional data export NetStream collects statistics of each flow and, when the entry timer expires, exports the data of each entry to the NetStream server. Though the data includes statistics of each flow, this method consumes more bandwidth and CPU, and requires large cache size.
Page 207: Netstream Export Formats
Aggregation mode Aggregation criteria • Source prefix • Destination prefix • Source address mask length • Destination address mask length • Prefix-port aggregation • Protocol number • Source port • Destination port • Inbound interface index • Outbound interface index •...
Page 208: Introduction To Netstream Sampling And Filtering
Version 9: The most flexible format. It allows users to define templates with different statistics fields. • The template-based feature provides support of different statistics information, such as BGP next hop and MPLS information. Introduction to NetStream sampling and filtering NetStream sampling NetStream sampling basically reflects the network traffic information by collecting statistics on fewer packets.
Page 209 Figure 73 NetStream configuration flow Complete these tasks to configure NetStream: Task Remarks Enabling NetStream Required Configuring NetStream filtering Optional Configuring NetStream sampling Optional Configuring NetStream traditional data export Required Configuring NetStream data export Use at least one approach. Configuring NetStream aggregation data export Configuring attributes of NetStream export data Optional...
Page 210: Enabling Netstream
Enabling NetStream Enabling NetStream on an interface To do… Use the command… Remarks Enter system view. system-view — Enter Layer 2 Ethernet interface view or Layer 3 interface interface-type interface-number — Ethernet interface view. Required. Enable NetStream on the ip netstream { inbound | outbound } interface.
Page 211 deny to forward packets without performing NetStream processing. • permit to perform NetStream processing. • To configure QoS-based NetStream filtering: To do… Use the command… Remarks Enter system view. system-view — traffic classifier tcl-name [ operator { and | Define a class and enter its view. —...
Page 212: Configuring Netstream Sampling
Configuring NetStream sampling To do… Use the command… Remarks Enter system view. system-view — Enter Layer 2 Ethernet interface view or Layer interface interface-type interface-number — 3 Ethernet interface view. Required. Disable by default. Configure NetStream ip netstream sampler sampler-name You can also execute the sampling.
Page 213: Configuring Netstream Aggregation Data Export
NetStream interface interface-type interface- source interface. traditional data export. number • HP recommends you connect the network management interface to the NetStream server and configure it as the source interface. Optional. Limit the data export rate. ip netstream export rate rate No limit by default.
Page 214: Configuring Attributes Of Netstream Export Data
If no source interface is configured data export. interface-number in aggregation view, the source interface configured in system view, if any, is used. • HP recommends you connect the network management interface to the NetStream server. Required. Enable the current NetStream enable aggregation configuration.
Page 215 To configure the NetStream export format: To do… Use the command… Remarks Enter system view. system-view — .ip netstream export version 5 Optional. [ origin-as | peer-as ] Configure the version for By default, NetStream traditional data NetStream export export uses version 5; MPLS flow data format, and specify is not exported;...
Page 216: Configuring Refresh Rate For Netstream Version 9 Templates
Figure 74 Recorded AS information varies with different keyword configuration Enable NetStream AS 20 AS 21 AS 22 Include peer-as in the command. AS 23 AS 21 is recorded as the source AS, and AS 23 as the destination AS. Include origin-as in the command.
Page 217: Configuring Netstream Flow Aging
Configuring NetStream flow aging Flow aging approaches The following types of NetStream flow aging are available: Periodical aging • Forced aging • TCP FIN- and RST-triggered aging (it is automatically triggered when a TCP connection is terminated) • Periodical aging Periodical aging uses the following approaches: inactive flow aging and active flow aging.
Page 218: Displaying And Maintaining Netstream
To do… Use the command… Remarks Optional. Configure forced aging of the NetStream reset ip netstream statistics This command also entries. clears the cache. Displaying and maintaining NetStream To do… Use the command… Remarks display ip netstream cache [ verbose ] [ slot Display the NetStream entry slot-number ] [ | { begin | exclude | Available in any view...
Page 219: Configuring Netstream Aggregation Data Export Example
[SwitchA] interface vlan-interface 2000 [SwitchA-Vlan-interface2000] ip address 12.110.2.1 255.255.0.0 [SwitchA-Vlan-interface2000] quit [SwitchA] ip netstream export source interface vlan 2000 # Configure the destination host for the NetStream data export with the IP address being 12.1 10.2.2 and port number being 5000. [SwitchA] ip netstream export host 12.110.2.2 5000 Configuring NetStream aggregation data export example Network requirements...
Page 220 # Configure the aggregation mode as protocol-port, and in aggregation view configure the destination host for the NetStream protocol-port aggregation data export. [SwitchA] ip netstream aggregation protocol-port [SwitchA-ns-aggregation-protport] enable [SwitchA-ns-aggregation-protport] ip netstream export host 4.1.1.1 3000 [SwitchA-ns-aggregation-protport] quit # Configure the aggregation mode as source-prefix, and in aggregation view configure the destination host for the NetStream source-prefix aggregation data export.
Page 221: Configuring Ipv6 Netstream
Configuring IPv6 NetStream The HP 5820X switch series do not support IPv6 NetStream. Legacy traffic statistics collection methods, like SNMP and port mirroring, cannot provide precise network management because of inflexible statistical methods or high cost (dedicated servers are required). This calls for a new technology to collect traffic statistics.
Page 222: Ipv6 Netstream Key Technologies
• The NDA is a network traffic analysis tool. It collects statistics from the NSC, and performs further process, generates various types of reports for applications of traffic billing, network planning, and attack detection and monitoring. Typically, the NDA features a Web-based system for users to easily obtain, view, and gather the data.
Page 223: Ipv6 Netstream Export Format
NetStream server. This process is the IPv6 NetStream aggregation data export, which decreases the bandwidth usage compared to traditional data export. Table 7 lists the aggregation modes supported on the HP 5800. Table 7 IPv6 NetStream aggregation modes Aggregation mode Aggregation criteria •...
Page 224: Enabling Netstream
Disabled by default. NOTE: NetStream can only be enabled on Layer 2 Ethernet interface or Layer 3 Ethernet interface of the HP • 5800. For more information about the ip netstream { inbound | outbound } command, see “NetStream •...
Page 225: Configuring Ipv6 Netstream Aggregation Data Export
NetStream traditional source interface. number data export. • HP recommends you connect the network management interface to the NetStream server and configure it as the source interface. Optional. Limit the data export rate. ipv6 netstream export rate rate No limit by default.
Page 226 If no source interface is configured aggregation data export. interface-number in aggregation view, the source interface configured in system view, if any, is used. • HP recommends you connect the network management interface to the NetStream server. Enable the current IPv6 Required. NetStream aggregation enable Disabled by default.
Page 227: Configuring Attributes Of Ipv6 Netstream Data Export
Configuring attributes of IPv6 NetStream data export Configuring IPv6 NetStream export format The IPv6 NetStream export format configures to export IPv6 NetStream data in version 9 formats, and the data fields can be expanded to contain more information, such as the following information: Statistics about source AS, destination AS, and peer ASs in version 9 format.
Page 228: Displaying And Maintaining Ipv6 Netstream
NOTE: The refresh frequency and interval can be both configured, and the template is resent when either of the condition is reached. Displaying and maintaining IPv6 NetStream To do… Use the command… Remarks display ipv6 netstream cache [ verbose ] [ slot Display the IPv6 NetStream slot-number ] [ | { begin | exclude | include } Available in any view...
Page 229: Configuring Ipv6 Netstream Aggregation Data Export Example
[SwitchA-vlan2000] quit [SwitchA] interface vlan-interface 2000 [SwitchA-Vlan-interface2000] ip address 12.110.2.1 255.255.0.0 [SwitchA-Vlan-interface2000] quit # Configure the destination IP address and port number for IPv6 NetStream data export as 12.1 10.2.2 and 5000. [SwitchA] ipv6 netstream export host 12.110.2.2 5000 Configuring IPv6 NetStream aggregation data export example Network requirements As shown in Figure...
Page 230 [SwitchA-ns6-aggregation-protport] ipv6 netstream export host 4.1.1.1 3000 [SwitchA-ns6-aggregation-protport] enable [SwitchA-ns6-aggregation-protport] quit # Configure the aggregation mode as source-prefix, and in aggregation view configure the destination host for the IPv6 NetStream source-prefix aggregation data export. [SwitchA] ipv6 netstream aggregation source-prefix [SwitchA-ns6-aggregation-srcpre] ipv6 netstream export host 4.1.1.1 4000 [SwitchA-ns6-aggregation-srcpre] enable [SwitchA-ns6-aggregation-srcpre] quit # Configure the aggregation mode as destination-prefix, and in aggregation view configure the...
Page 231: Configuring Sflow
Configuring sFlow The Layer 3 Ethernet interface operates in route mode, For more information about the operating mode of the Ethernet interface, see Layer 2—LAN Switching Configuration Guide. sFlow is a traffic monitoring technology mainly used to collect and analyze traffic statistics. As shown in Figure 80, the sFlow system involves an sFlow agent embedded in a device and a remote sFlow collector.
Page 232: Configuring Sflow
{ ip ip-address | ipv6 for the sFlow agent. save the selected IP address. ipv6-address } • HP recommends configuring an IP address manually for the sFlow agent. • Only one IP address can be specified for the sFlow agent on the switch.
Page 233: Configuring Flow Sampling
By default, up to 128 bytes of a Set the maximum copied sflow flow max-header length sampled packet can be copied. length of a sampled packet. HP recommends using the default value. Required. Specify the sFlow collector for sflow flow collector collector-id No collector is specified for flow flow sampling.
Page 234: Configuring Sflow Example
Configuring sFlow example Network requirements As shown in Figure 81, Host A is connected with Server through Switch (sFlow agent). Enable sFlow (including flow sampling and counter sampling) on GigabitEthernet 1/0/1 to monitor traffic on the port. The Switch sends sFlow packets through GigabitEthernet 1/0/3 to the sFlow collector, which analyzes the sFlow packets and displays results.
Page 235: Troubleshooting Sflow Configuration
# Display the sFlow configuration and operation information. [Switch-GigabitEthernet1/0/1] display sflow sFlow Version: 5 sFlow Global Information: Agent IP:3.3.3.1 Collector Information: Port Aging Size Description 6343 1400 3.3.3.2 6543 1400 netserver 6343 1400 6343 1400 6343 1400 6343 1400 6343 1400 6343 1400...
Page 236: Configuring Information Center
Configuring information center Acting as the system information hub, information center classifies and manages system information, offering a powerful support for network administrators and developers in monitoring network performance and diagnosing network problems. The following describes the working process of information center: •...
Page 237: System Information Types
NOTE: By default, the information center is enabled. An enabled information center affects the system performance in some degree due to information classification and output. Such impact becomes more obvious in the event that there is enormous information waiting for processing. System information types The system information of the information center falls into the following types: •...
Page 238: Outputting System Information By Source Module
Table 9 Information channels and output destinations Information Default Default output destination Description channel channel name number Receives log, trap and debugging console Console information. Receives log, trap and debugging monitor Monitor terminal information, facilitating remote maintenance. Receives log, trap and debugging loghost Log host information and information will be...
Page 239: System Information Format
%Jun 26 17:08:35:809 2008 Sysname SHELL/4/LOGIN: VTY login from 1.1.1.1 If the output destination is the log host, the system information is in the following formats: HP and UNICOM.
Page 240 UNICOM format • <PRI>timestamp sysname vvmodule/level/serial_number: content NOTE: The closing set of angel brackets < >, the space, the forward slash /, and the colon are all required • in the UNICOM format. The format in the previous part is the original format of system information, so you may see the •...
Page 241 IP address of the device that generates the system information. In other cases (when the system information is sent to a log host in the format of HP, or sent to •...
Page 242: Configuring Information Center
This field indicates the source of the information, such as the slot number of a board, IRF member ID, IRF member ID and slot number, or the source IP address of the log sender. This field is optional and is only displayed when the system information is sent to a log host in the format of HP. content This field provides the content of the system information.
Page 243: Outputting System Information To The Console
Outputting system information to the console Outputting system information to the console To do… Use the command… Remarks Enter system view. system-view — Optional. Enable information center. info-center enable Enabled by default. Optional. Name the channel with a info-center channel channel- Table 9 for default channel specified channel number.
Page 244: Outputting System Information To A Monitor Terminal
Outputting system information to a monitor terminal System information can also be output to a monitor terminal, which is a user terminal that has login connections through the VTY user interface. Outputting system information to a monitor terminal To do… Use the command…...
Page 245: Outputting System Information To A Log Host
Set the format of the system Optional. information sent to a log host info-center format unicom HP by default. to UNICOM. Required By default, the system does not output information to a log host. If info-center loghost { ipv6 host-...
Page 246: Outputting System Information To The Trap Buffer
Outputting system information to the trap buffer NOTE: The trap buffer only receives the trap information, and discards the log and debugging information even if you have configured to output them to the trap buffer. To do… Use the command… Remarks Enter system view.
Page 247: Outputting System Information To The Snmp Module
To do… Use the command… Remarks Optional. Configure the channel through info-center logbuffer [ channel By default, system information is which system information can { channel-number | channel- output to the log buffer through be output to the log buffer name } | size buffersize ] * channel 4 (logbuffer) and the and specify the buffer size.
Page 248: Outputting System Information To The Web Interface
To do… Use the command… Remarks Optional. info-center timestamp { debugging Configure the format of the The time stamp format for log, | log | trap } { boot | date | time stamp. trap and debugging information none } is date by default.
Page 249: Saving System Information To A Log File
Saving system information to a log file With the log file feature enabled, the log information generated by system can be saved to a specified directory with a predefined frequency. This allows you to check the operation history at any time to make sure that the device functions properly.
Page 250: Saving Security Logs Into The Security Log File
Saving security logs into the security log file Introduction You can understand the device status, locate and troubleshoot network problems by viewing system information, especially the security logs. Generally, all kinds of system information including security logs is output into one folder, and it is difficult to recognize and check the security logs among all kinds of system information.
Page 251 Table 12 Save security logs into the security log file To do… Use the command… Remarks Enter system view. system-view — Optional. Enable the information center. info-center enable Enabled by default. Enable the saving of the Required. security logs into the security info-center security-logfile enable Disabled by default.
Page 252 To do… Use the command… Remarks Optional. By default, the system automatically saves the security log file at a frequency configured by the info-center Save all contents in the security log file security-logfile save security-logfile frequency buffer into the security log file. command into a directory configured by the info-center security-logfile switch-...
Page 253: Configuring Synchronous Information Output
To do… Use the command… Remarks Upload a file on the client to the remote FTP put localfile [ remotefile ] server. Download a file from a remote FTP server and get remotefile [ localfile ] save it. All other operations See Fundamentals supported by the device Configuration Guide.
Page 254: Displaying And Maintaining Information Center
With this feature applied to a port, when the state of the port changes, the system does not generate port link up/down logging information, and you cannot monitor the port state changes conveniently. HP recommends that you use the default configuration in normal cases. Displaying and maintaining information center To do…...
Page 255: Configuring Information Center Examples
To do… Use the command… Remarks Reset the trap buffer reset trapbuffer Available in user view Configuring information center examples Outputting log information to a Unix log host Network requirements Send log information to a Unix log host with an IP address of 1.2.0.1/16; •...
Page 256: Outputting Log Information To A Linux Log Host
Configure the log host The following configurations were performed on Solaris which has similar configurations to the Unix operating systems implemented by other vendors. Step 1: Log in to the log host as a root user. Step 2: Create a subdirectory named Device under directory /var/log/, and create file info.log under the Device directory to save logs of Device.
Page 257 Configuration procedure Before the configuration, make sure that Device and PC are reachable. Configure the device # Enable information center. <Sysname> system-view [Sysname] info-center enable # Specify the host with IP address 1.2.0.1/16 as the log host, use channel loghost to output log information (optional, loghost by default), and use local5 as the logging facility.
Page 258: Outputting Log Information To The Console
Step 4: After log file info.log is created and file /etc/syslog.conf is modified, you must issue the following commands to display the process ID of syslogd, kill the syslogd process, and restart syslogd using the -r option to make the modified configuration take effect. # ps -ae | grep syslogd # kill -9 147 # syslogd -r &...
Page 259: Saving Security Logs Into The Security Log File
[Sysname] quit # Enable the display of log information on a terminal. (Optional, this function is enabled by default.) <Sysname> terminal monitor Info: Current terminal monitor is on. <Sysname> terminal logging Info: Current terminal logging is on. After the configuration takes effect, if the specified module generates log information, the information center automatically sends the log information to the console, which then displays the information.
Page 260 Set the authentication mode to scheme for the user logging in to the device, and make sure that • only the local user who has passed the AAA local authentication can view and perform operations on the security log file. Logging in to the device as the security log administrator Set the directory for saving the security log file to Flash:/securitylog/seclog.log.
Page 261 Username:seclog Password: <Sysname> # Display the summary of the security log file. <Sysname> display security-logfile summary Security-log is enabled. Security-log file size quota: 1MB Security-log file directory: flash:/seclog Alarm-threshold: 80% Current usage: 0% Writing frequency: 1 hour 0 min 0 sec The command output indicates that the directory for saving the security log file is flash:/seclog.
Page 262 User(192.168.0.201:(none)):123 331 Give me your password, please Password: 230 Logged in successfully [ftp] put securitylog/seclog.log 227 Entering Passive Mode (192,168,1,2,8,58) 150 "D:\DEBUG\TEMP\seclog.log" file ready to receive in ASCII mode 226 Transfer finished successfully. FTP: 2063 byte(s) sent in 0.210 second(s), 9.00Kbyte(s)/sec. [ftp] quit...
Page 263: Support And Other Resources
After registering, you will receive email notification of product enhancements, new driver versions, firmware updates, and other product resources. Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking •...
Page 264: Conventions
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 265 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 266: Index
Index %% (vendor ID, system information), 230 configuring advanced cluster functions, 154 7-tuple elements agent IPv6 NetStream, 210 configuring NQA threshold monitoring, 28 NetStream, 193 configuring sFlow agent, 221 access aggregating configuring access between management device data export (IPv6 NetStream), 21 1 and member devices (cluster management), 153 data export (NetStream), 195 deleting member device from cluster, 152...
Page 267 channel attempt configuring maximum number of retry connection IPC, 82 attempts (CWMP), 130 system information, 226 attribute client. See also server configuring CPE attributes (CWMP), 128 configuring client/server mode (NTP), 61 data export configuration (IPv6 NetStream), 216 configuring NTP client authentication, 66 data export configuration (NetStream), 203 multicast configuration (NTP), 63 authenticating (NTP), 65...
Page 268 ACS username and password (CWMP), 127 deleting member device from cluster, 152 displaying, 157 advanced cluster functions, 154 enabling cluster function, 148, 152 automatic file deployment (CWMP), 121 enabling management VLAN auto-negotiation, 149 broadcast client, 62 establishing a cluster, 148 broadcast server, 62 maintaining, 157 client/server mode (NTP), 61...
Page 269 monitor port for remote destination mirroring group, interaction for cluster, 155 IPC, 82 monitor port for the local mirroring group, 169 IPv6 NetStream, 210, 217 monitor port in interface view, 169, 179 IPv6 NetStream aggregation data export, 214, 218 monitor port in system view, 169, 179 IPv6 NetStream data export, 213 MPLS VPN time synchronization in client/server IPv6 NetStream data export attributes, 216...
Page 270 RMON history statistics function, 1 12 outputting log information, 247 RMON statistics function, 1 1 1 outputting system information, 232 sampler, 162, 163 contacting HP, 252 sFlow, 220, 221, 223 content (system information), 231 control message (NTP), 56 sFlow agent, 221...
Page 271 configuring CPE close-wait timer, 130 auto-connection between ACS and CPE (CWMP), configuring CPE username and password, 128 configuring (CWMP), 126 configuring DHCP server, 125 configuring attributes (CWMP), 128 configuring DNS server, 126 configuring close-wait timer (CWMP), 130 configuring maximum number of retry connection attempts, 130 configuring username and password (CWMP), 128 monitoring status and performance (CWMP), 121...
Page 272 DHCP automatic configuration file deployment (CWMP), configuring server (CWMP), 125 configuration parameter deployment (CWMP), 123 configuring test (NQA), 15, 16 destination test configuration (NQA), 35 configuring remote destination mirroring group (on digest (system information), 230 the destination device), 173 disabling creating remote destination mirroring group, 173 interface receiving NTP messages, 64 system information format, 228...
Page 273 local port mirroring configuration, 167, 169 documentation conventions used, 253 port mirroring configuration, 164 website, 252 sFlow configuration, 220, 221, 223 echo test. See UDP echo test sFlow operation, 220 configuring ICMP (NQA), 14 statistics group (RMON), 1 10 ICMP configuration, 33 event UDP configuration (NQA), 45 event group (RMON), 1 10...
Page 274 configuring advanced cluster functions, 154 IPv6 NetStream concept, 210 NetStream aging, 194, 206 globally applying QoS policy (traffic mirroring), 191 NetStream concept, 193 group forced aging (NetStream flow), 206 alarm group (RMON), 1 10 format configuring alarm group (RMON), 1 18 configuring IPv6 NetStream data export format, configuring egress port for remote source mirroring group, 172...
Page 275 configuring network management-specific interface creating remote source mirroring group, 171 index (SNMP), 100 creating test group (NQA), 14 switching format of NM-specific ifindex, 100 Ethernet statistics group (RMON), 1 10 information event group (RMON), 1 10 manually collecting topology information (cluster history group (RMON), 1 10 management), 148, 152 private alarm group (RMON), 1 1 1...
Page 276 creating NQA test group, 14 system information source field, 231 system information sysname field, 230 enabling NQA client, 14 system information timestamp field, 229 NQA collaboration configuration, 51 system information types, 226 NQA configuration, 9, 33 system information vv field, 230 NQA DHCP test configuration, 35 instance NQA DLSw test configuration, 50...
Page 277 remote port mirroring, 165 aggregation data export configuration, 214, 218 configuration, 210, 217 remote port mirroring configuration, 181 data export, 21 1 sFlow configuration, 220, 221, 223 data export attribute configuration, 216 sFlow operation, 220 data export configuration, 213 Layer 3 data export format configuration, 216 configuring local mirroring groups, 178 displaying, 217...
Page 278 configuring access between management device disablng a port from generating linkup/linkdown information, 242 and member devices (cluster management), 153 enabling SNMP logging, 101 configuring communication between management device member devices (cluster information center configuration, 225, 231, 244 management), 150 outputting information (console), 247 configuring member device (cluster management), outputting information (Linux log host), 245 outputting information (UNIX log host), 244...
Page 279 enabling management VLAN auto-negotiation NTP operation, 57 (cluster management), 149 port mirroring configuration, 164 NetStream random (sampler), 162 ACL-based filtering configuration, 199 module aggregation data export, 195 outputting system information to SNMP module, aggregation data export configuration, 202, 208 system information field, 230 configuration, 193, 207 system information output by source, 227 data export, 195...
Page 280 NetStream aggregation data export configuration, CWMP network framework, 120 NQA client and server relationship, 12 NetStream configuration, 193, 207 NTP applications, 54 NetStream traditional data export configuration, network management applying traffic mirroring QoS policy, 190 NQA collaboration configuration, 51 configuring collaboration function (NQA), 27 NQA configuration, 9, 33 configuring DHCP test (NQA), 15 NQA DHCP test configuration, 35...
Page 281 FTP test configuration, 37 IPC channel, 82 IPC link, 82 HTTP test configuration, 38 ICMP echo test configuration, 33 basic concepts, 1 1 probe operation, 12 benefits, 9 scheduling test group, 32 client, 12 server, 12 collaboration configuration, 51 server configuration, 13 collaboration function, 9 SNMP test configuration, 43 configuration, 9, 33...
Page 282 IPC link, 82 configuring MPLS VPN time synchronization in client/server mode, 78 IPC sending modes, 83 configuring MPLS VPN time synchronization in local port mirroring configuration, 167, 169 symmetric peers mode, 80 NetStream filtering, 197 configuring multicast mode, 63, 72 NetStream sampling, 197 configuring optional parameters, 63 port mirroring configuration, 164...
Page 283 configuration, 164, 180 advantages, 85 configuring egress port for remote source mirroring group, 172 applying profile, 91 configuring Layer 3 local mirroring groups, 178 composition, 85 configuring Layer 3 remote, 177 configuring, 85, 93 configuring local mirroring group monitor port, 169 configuring maximum PoE interface power, 89 configuring mirroring CPUs for Layer 3 local configuring PD disconnection detection mode, 88...
Page 284 cluster member management, 151 implementing, 164 Layer 2 remote configuration, 181 configuring access between management device and member devices (cluster management), 153 Layer 2 remote port mirroring, 165 configuring access-control rights (NTP), 65 Layer 3 remote configuration, 185 configuring ACS server (CWMP), 127 Layer 3 remote port mirroring, 166 configuring ACS URL (CWMP), 127 link-mode, 164...
Page 285 configuring mirroring port in interface view, 168 configuring HTTP test (NQA), 18, 38 configuring ICMP echo test (NQA), 33 configuring mirroring port in system view, 168 configuring mirroring ports for Layer 3 local configuring information center, 231, 244 mirroring group, 178 configuring interaction for a cluster, 155 configuring mirroring ports for remote source configuring IPC, 82...
Page 286 configuring remote probe VLAN for remote source configuring NetStream version 9 template refresh rate, 205 mirroring group, 173 configuring network management-specific interface configuring remote source mirroring group (on the source device), 171 index (SNMP), 100 configuring NQA collaboration, 51 configuring RMON alarm function, 1 13 configuring NTDP parameters...
Page 287 enabling management VLAN auto-negotiation configuring web user accounts in batches (cluster management), 157 (cluster management), 149 creating local mirroring group, 167 enabling NDP (cluster management), 146, 152 creating remote destination mirroring group, 173 enabling NetStream, 199 creating remote source mirroring group, 171 enabling NetStream on interface, 199 enabling NTDP (cluster management), 147, 152 creating sampler, 162...
Page 288 NetStream filtering configuration, 199 outputting system information to SNMP module, traffic mirroring configuration, 188, 191 outputting system information to trap buffer, 235 query (NTP access-control right), 65 outputting system information to web interface, 237 random (sampler mode), 162 rebooting member device (cluster management), rebooting member device (cluster management), 152 removing member device (cluster management),...
Page 289 sFlow configuration, 222 configuring Ethernet statistics function, 1 12 configuring Ethernet statistics group, 1 15 sFlow counter configuration, 222 configuring history group, 1 16 saving configuring history statistics function, 1 12 security logs into security log file, 239, 248 configuring statistics function, 1 1 1 system information to log file, 238 displaying, 1 14 saving (NQA history function), 30...
Page 290 specifying configuring sampling, 222 displaying, 222 message source interface (NTP), 63 operation, 220 standby troubleshooting configuration, 224 active and standby ACS switchover (CWMP), 124 SNMP statistics configuration, 96 configuring collection function (NQA), 29 configuring, 97 configuring Ethernet statistics group (RMON), 1 15 configuring logging, 101, 107 configuring RMON history statistics function, 1 12 configuring network management-specific interface...
Page 291 enabling display on a monitor terminal, 233 collaboration function (NQA), 9 multiple test types (NQA), 9 format, 228 threshold monitoring (NQA), 10 information center configuration, 225, 231, 244 switching module field, 230 format of NM-specific ifindex (SNMP), 100 output destination, 226 NTP configuration, 54 outputting by source module, 227 port mirroring configuration, 180...
Page 292 NQA ICMP echo test configuration, 33 template IPv6 NetStream version 9, 216 NQA server configuration, 13 NetStream version 9, 205 NQA SNMP test configuration, 43 test and probe (NQA), 1 1 NQA TCP test configuration, 44 test group (NQA), 1 1 NQA UDP echo test configuration, 45 testing NQA UDP jitter test configuration, 40...
Page 293 types NetStream, 195 traffic system information, 226 IPv6 NetStream configuration, 210, 217 IPv6 NetStream flow concept, 210 configuring echo test (NQA), 23 mirroring. See traffic mirroring configuring jitter test (NQA), 19, 20 NetStream configuration, 193, 207 data export formats (NetStream), 196 NetStream filtering, 197 echo test configuration (NQA), 45 NetStream flow concept, 193 IPv6 NetStream version 9 data export format, 212...
Page 294 configuring remote probe VLAN for remote configuration (NQA), 47 destination mirroring group, 174 configuring (NQA), 24, 25 configuring remote probe VLAN for remote source vv (system information), 230 mirroring group, 173 enabling local port mirroring with remote probe configuring web user accounts in batches (cluster VLAN, 175 management), 157 enabling...

This manual is also suitable for:

5800 switch

HP 5820X Switch Configuration Manual

System Maintenance and Debugging

Configuring NQA

Configuring NTP

Configuring IPC

Configuring Poe

Configuring SNMP

Configuring RMON

Configuring CWMP

Configuring Cluster Management

Configuring a Sampler

Configuring Port Mirroring

Configuring Traffic Mirroring

Configuring Netstream

Configuring Ipv6 Netstream

Configuring Sflow

Configuring Information Center

Quick Links

Configuration Guide

Troubleshooting

Related Manuals for HP 5820X Switch

Summary of Contents for HP 5820X Switch