HP 5920 & 5900 Switch Series
Part number: 5998-5309a
Software version: Release 23xx
Document version: 6W101-20150320

Advertising

   Summary of Contents for HP 5920

  • Page 1: Network Management And Monitoring, Configuration Guide

    HP 5920 & 5900 Switch Series Network Management and Monitoring Configuration Guide Part number: 5998-5309a Software version: Release 23xx Document version: 6W101-20150320...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Using ping, tracert, and system debugging ··············································································································· 1   Ping ····················································································································································································· 1   Using a ping command to test network connectivity ···························································································· 1   Ping example ···························································································································································· 1   Tracert ················································································································································································ 3   Prerequisites ······························································································································································ 4   Using a tracert command to identify failed or all nodes in a path ····································································· 4  ...

  • Page 4: Table Of Contents

    Configuration example for NTP broadcast mode with authentication ····································································· 45   Configuration example for MPLS VPN time synchronization in client/server mode ·············································· 48   Configuration example for MPLS VPN time synchronization in symmetric active/passive mode ························· 49   Configuring SNTP ······················································································································································ 52  ...

  • Page 5: Table Of Contents

    Default output rules for hidden logs····················································································································· 79   Default output rules for trace logs ························································································································ 79   Log formats ····························································································································································· 79   FIPS compliance ····························································································································································· 82   Information center configuration task list ····················································································································· 82   Outputting logs to the console ······································································································································ 83  ...

  • Page 6: Table Of Contents

    Network requirements ········································································································································· 115   Configuration procedure ···································································································································· 115   Alarm function configuration example ······················································································································· 116   Network requirements ········································································································································· 116   Configuration procedure ···································································································································· 117   Configuring NQA ··················································································································································· 119   Overview ······································································································································································· 119   NQA operation ··················································································································································· 119  ...

  • Page 7: Table Of Contents

    NQA collaboration configuration example······································································································ 165   ICMP template configuration example ·············································································································· 167   DNS template configuration example ··············································································································· 168   TCP template configuration example ················································································································ 169   HTTP template configuration example ··············································································································· 170   FTP template configuration example ················································································································· 170  ...

  • Page 8: Table Of Contents

    Configuration procedure ···································································································································· 197   Verifying the configuration ································································································································· 198   Configuring sFlow ··················································································································································· 199   Protocols and standards ·············································································································································· 199   sFlow configuration task list ········································································································································ 199   Configuring the sFlow agent and sFlow collector information ················································································ 200   Configuring flow sampling ··········································································································································...

  • Page 9: Table Of Contents

    Enabling NAT traversal for the CPE ·················································································································· 228   Specifying an SSL client policy for HTTPS connection to ACS ······································································· 228   Displaying and maintaining CWMP ·························································································································· 229   CWMP configuration example ··································································································································· 229   Network requirements ········································································································································· 229   Configuration procedure ····································································································································...

  • Page 10: Table Of Contents

    Support and other resources ·································································································································· 279   Contacting HP ······························································································································································ 279   Subscription service ············································································································································ 279   Related information ······················································································································································ 279   Documents ···························································································································································· 279   Websites ······························································································································································· 279   Conventions ·································································································································································· 280   Index ········································································································································································ 282   viii...

  • Page 11: Using Ping, Tracert, And System Debugging

    Using ping, tracert, and system debugging This chapter covers ping, tracert, and information about debugging the system. Ping Use the ping utility to determine if a specific address is reachable. Ping sends ICMP echo requests (ECHO-REQUEST) to the destination device. Upon receiving the requests, the destination device responds with ICMP echo replies (ECHO-REPLY) to the source device.

  • Page 12

    Figure 1 Network diagram Configuration procedure # Use the ping command on Device A to test connectivity to Device C. Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break 56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms 56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms 56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms 56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=1.963 ms 56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=1.991 ms...

  • Page 13: Tracert

    The intermediate device (Device B) adds the IP address of its outbound interface (1.1.2.1) to the RR option of the ICMP echo request, and forwards the packet. Upon receiving the request, the destination device copies the RR option in the request and adds the IP address of its outbound interface (1.1.2.2) to the RR option.

  • Page 14: Prerequisites

    Enable sending of ICMP timeout packets on the intermediate devices (devices between the source • and destination devices). If the intermediate devices are HP devices, execute the ip ttl-expires enable command on the devices. For more information about this command, see Layer 3—IP Services Command Reference.

  • Page 15

    Test the network connectivity between Device A and Device C. If they cannot reach each other, locate the failed nodes in the network. Figure 3 Network diagram 1.1.1.1/24 1.1.1.2/24 1.1.2.1/24 1.1.2.2/24 Device A Device B Device C Configuration procedure Configure the IP addresses for devices as shown in Figure Configure a static route on Device A.

  • Page 16: System Debugging

    Use the debugging ip icmp command on Device A and Device C to verify that they can send and receive the specific ICMP packets, or use the display ip routing-table command to verify that there is a route from Device A to Device C. System debugging The device supports debugging for the majority of protocols and features and provides debugging information to help users diagnose errors.

  • Page 17: Debugging A Feature Module

    Debugging a feature module Output of debugging commands is memory intensive. To guarantee system performance, enable debugging only for modules that are in an exceptional condition. When debugging is complete, use the undo debugging all command to disable all the debugging functions. To debug a feature module: Step Command...

  • Page 18: Configuring Ntp

    Configuring NTP Synchronize your device with a trusted time source by using the Network Time Protocol (NTP) or changing the system time before you run it on a live network. Various tasks, including network management, charging, auditing, and distributed computing depend on an accurate system time setting, because the timestamps of system messages and logs use the system time.

  • Page 19: Ntp Architecture

    The synchronization process is as follows: Device A sends Device B an NTP message, which is timestamped when it leaves Device A. The time stamp is 10:00:00 am (T1). When this NTP message arrives at Device B, Device B adds a timestamp showing the time when the message arrived at Device B.

  • Page 20: Association Modes

    To ensure time accuracy and availability, you can specify multiple NTP servers for a device. The device selects an optimal NTP server as the clock source based on parameters such as stratum. The clock that the device selects is called the reference source. For more information about clock selection, see the related protocols and standards.

  • Page 21

    Mode Working process Principle Application scenario On the symmetric active peer, specify the IP address of the symmetric passive peer. A symmetric active peer Figure 6 shows, this periodically sends clock mode is most often used A symmetric active peer synchronization messages to a between two or more and a symmetric passive...

  • Page 22: Ntp Security

    NTP security To improve time synchronization security, NTP provides the access control and authentication functions. NTP access control You can control NTP access by using an ACL. The access rights are in the following order, from least restrictive to most restrictive: Peer—Allows time requests and NTP control queries (such as alarms, authentication status, and time •...

  • Page 23: Ntp For Mpls Vpns

    in the NTP message. If they are the same, the receiver accepts the message. Otherwise, it discards the message. NTP for MPLS VPNs The device supports multiple VPN instances when it functions as an NTP client or a symmetric active peer to realize time synchronization with the NTP server or symmetric passive peer in an MPLS VPN network.

  • Page 24: Configuration Task List

    The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN • interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). Configuration task list Tasks at a glance (Required.)

  • Page 25: Configuring Ntp In Symmetric Active/passive Mode

    Step Command Remarks Enter system view. system-view • Specify an NTP server for the device: ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number | version Specify an NTP server for the By default, no NTP server is number ] * device.

  • Page 26: Configuring Ntp In Broadcast Mode

    Step Command Remarks • Specify a symmetric-passive peer: ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number | version Specify a symmetric-passive By default, no symmetric-passive number ] * peer for the device.

  • Page 27: Configuring Ntp In Multicast Mode

    Step Command Remarks By default, the device does not operate in broadcast server mode. Configure the device to ntp-service broadcast-server After you execute the command, operate in NTP broadcast [ authentication-keyid keyid | the device receives NTP broadcast server mode. version number ] * messages from the specified interface.

  • Page 28: Configuring Access Control Rights

    Step Command Remarks • Configure the device to operate in multicast server mode: ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | By default, the device does not ttl ttl-number | version number ] operate in multicast server mode. Configure the device to After you execute the command, operate in multicast server •...

  • Page 29

    Set the key as a trusted key on both client and server. • • Associate the key with the NTP server on the client. The key IDs and key values configured on the server and client must be the same. Otherwise, NTP authentication fails.

  • Page 30: Configuring Ntp Authentication In Symmetric Active/passive Mode

    Table 2 NTP authentication results Client Server Configure Configure a a key and Authentication Associate the key and Enable NTP configure Enable NTP result key with an NTP configure it authentication it as a authentication server as a trusted trusted Succeeded.

  • Page 31

    Step Command Remarks Enter system view. system-view By default, NTP authentication is Enable NTP authentication. ntp-service authentication enable disabled. ntp-service authentication-keyid Configure an NTP By default, no NTP authentication keyid authentication-mode md5 authentication key. key is configured. { cipher | simple } value Configure the key as a trusted ntp-service reliable By default, no authentication key is...

  • Page 32

    Table 3 NTP authentication results Active peer Passive peer Configure Associate a key and Configure a the key Authentication result Enable NTP configure Enable NTP key and with a authentication it as a authentication configure it as passive trusted a trusted key peer Stratum level of the active and passive peers is not considered.

  • Page 33: Configuring Ntp Authentication In Broadcast Mode

    Configuring NTP authentication in broadcast mode When you configure NTP authentication in broadcast mode: • Enable NTP authentication. Configure an authentication key. • Set the key as a trusted key on both the broadcast client and server. • Configure an NTP authentication key on the broadcast server. •...

  • Page 34: Configuring Ntp Authentication In Multicast Mode

    Table 4 NTP authentication results Broadcast server Broadcast client Configure a Enable Associate Configure a key and Authentication result the key with Enable NTP key and configure it authentic a broadcast authentication configure it as as a trusted ation server a trusted key Succeeded.

  • Page 35

    Step Command Remarks Enter system view. system-view By default, NTP authentication is Enable NTP authentication. ntp-service authentication enable disabled. ntp-service authentication-keyid Configure an NTP By default, no NTP authentication keyid authentication-mode md5 authentication key. key is configured. { cipher | simple } value Configure the key as a trusted ntp-service reliable By default, no authentication key is...

  • Page 36

    Table 5 NTP authentication results Multicast server Multicast client Configur e a key Configure a Authentication Associate the key and Enable NTP Enable NTP result configure key with a configure it authentication authentication it as a multicast server as a trusted trusted Succeeded.

  • Page 37: Configuring Ntp Optional Parameters

    Configuring NTP optional parameters The configuration tasks in this section are optional tasks. Configure them to improve NTP security, performance, or reliability. Specifying the source interface for NTP messages To prevent interface status changes from causing NTP communication failures, configure the device to use the IP address of an interface that is always up, for example, a loopback interface, as the source IP address for the NTP messages to be sent.

  • Page 38: Configuring The Maximum Number Of Dynamic Associations

    Step Command Remarks • For IPv4: ntp-service inbound disable Disable the interface from By default, an interface processes • For IPv6: processing NTP messages. NTP messages. ntp-service ipv6 inbound disable Configuring the maximum number of dynamic associations NTP has the following types of associations: Static association—A manually created association.

  • Page 39: Configuring The Local Clock As A Reference Source

    Step Command Remarks • IPv4 packets: The defaults for a DSCP value: ntp-service dscp dscp-value Set a DSCP value for NTP • • 48 for IPv4 NTP packets. IPv6 packets: packets. ntp-service ipv6 dscp • 56 for IPv6 NTP packets. dscp-value Configuring the local clock as a reference source Follow these guidelines when you configure the local clock as a reference source:...

  • Page 40

    Figure 9 Network diagram Configuration procedure Set the IP address for each interface as shown in Figure 9. (Details not shown.) Configure Device A: # Enable the NTP service. <DeviceA> system-view [DeviceA] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2. [DeviceA] ntp-service refclock-master 2 Configure Device B: # Enable the NTP service.

  • Page 41: Ipv6 Ntp Client/server Mode Configuration Example

    IPv6 NTP client/server mode configuration example Network requirements As shown in Figure 10, the local clock of Device A is to be used as a reference source, with the stratum level 2. Device B operates in client mode and Device A is to be used as the IPv6 NTP server for Device Figure 10 Network diagram Configuration procedure Set the IP address for each interface as shown in...

  • Page 42: Ntp Symmetric Active/passive Mode Configuration Example

    The output shows that Device B has been synchronized to Device A, the clock stratum level of Device B is 3, and that of Device A is 2. # Display IPv6 NTP association information for Device B. [DeviceB] display ntp-service ipv6 sessions Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.

  • Page 43

    # Enable the NTP service. <DeviceA> system-view [DeviceA] ntp-service enable # Specify the local clock as the reference source, with the stratum level 3. [DeviceA] ntp-service refclock-master 3 Configure Device B: # Enable the NTP service. [DeviceB] ntp-service enable # Specify Device A as the NTP server of Device B. [DeviceB] ntp-service unicast-server 3.0.1.31 Configure Device C: # Enable the NTP service.

  • Page 44: Ipv6 Ntp Symmetric Active/passive Mode Configuration Example

    IPv6 NTP symmetric active/passive mode configuration example Network requirements As shown in Figure 12, Device C has a clock more accurate than Device A. Set the local clock of Device A as a reference source, with the stratum level 3. •...

  • Page 45

    <DeviceC> system-view [DeviceC] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2. [DeviceC] ntp-service refclock-master 2 # Configure Device B as an IPv6 symmetric passive peer. [DeviceC] ntp-service ipv6 unicast-peer 3000::35 Verify the configuration: # After the configuration, Device B has two time servers Device A and Device C.

  • Page 46: Ntp Broadcast Mode Configuration Example

    NTP broadcast mode configuration example Network requirements As shown in Figure 13, Switch C functions as the NTP server for multiple devices on a network segment and synchronizes the time among multiple devices. Switch C's local clock is to be used as a reference source, with the stratum level 2. •...

  • Page 47: Ntp Multicast Mode Configuration Example

    [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ntp-service broadcast-client Configure Switch B: # Enable the NTP service. <SwitchB> system-view [SwitchB] ntp-service enable # Configure Switch B to operate in broadcast client mode and receive broadcast messages on VLAN-interface 2. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ntp-service broadcast-client Verify the configuration: # Switch A and Switch B get synchronized upon receiving a broadcast message from Switch C.

  • Page 48

    Switch A and Switch D operate in multicast client mode and receive multicast messages through • VLAN-interface 3 and VLAN-interface 2, respectively. Figure 14 Network diagram Vlan-int2 3.0.1.31/24 Switch C NTP multicast server Vlan-int3 Vlan-int3 Vlan-int2 1.0.1.11/24 1.0.1.10/24 3.0.1.30/24 Switch A Switch B NTP multicast client Vlan-int2...

  • Page 49

    Local mode: bclient Reference clock ID: 3.0.1.31 Leap indicator: 00 Clock jitter: 0.044281 s Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.00229 ms Root dispersion: 4.12572 ms Reference time: d0d289fe.ec43c720 Sat, Jan 8 2011 7:00:14.922 The output shows that Switch D has been synchronized to Switch C, the clock stratum level of Switch D is 3, and that of Switch C is 2.

  • Page 50: Ipv6 Ntp Multicast Mode Configuration Example

    [SwitchA-Vlan-interface3] ntp-service multicast-client Verify the configuration: # Display the NTP status of Switch A after clock synchronization. [SwitchA-Vlan-interface3] display ntp-service status Clock status: synchronized Clock stratum: 3 System peer: 3.0.1.31 Local mode: bclient Reference clock ID: 3.0.1.31 Leap indicator: 00 Clock jitter: 0.165741 s Stability: 0.000 pps Clock precision: 2^-10...

  • Page 51

    Figure 15 Network diagram Configuration procedure Set the IP address for each interface as shown in Figure 15. (Details not shown.) Configure Switch C: # Enable the NTP service. <SwitchC> system-view [SwitchC] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2. [SwitchC] ntp-service refclock-master 2 # Configure Switch C to operate in IPv6 multicast server mode and send multicast messages through VLAN-interface 2.

  • Page 52

    Leap indicator: 00 Clock jitter: 0.000977 s Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.00000 ms Root dispersion: 8.00578 ms Reference time: d0c60680.9754fb17 Wed, Dec 29 2010 19:12:00.591 The output shows that Switch D has been synchronized to Switch C, the clock stratum level of Switch D is 3, and that of Switch C is 2.

  • Page 53: Configuration Example For Ntp Client/server Mode With Authentication

    # Configure Switch A to operate in IPv6 multicast client mode and receive IPv6 multicast messages on VLAN-interface 3. [SwitchA] interface vlan-interface 3 [SwitchA-Vlan-interface3] ntp-service ipv6 multicast-client ff24::1 Verify the configuration: # Display the NTP status of Switch A after clock synchronization. [SwitchA-Vlan-interface3] display ntp-service status Clock status: synchronized Clock stratum: 3...

  • Page 54

    Figure 16 Network diagram Configuration procedure Set the IP address for each interface as shown in Figure 16. (Details not shown.) Configure Device A: # Enable the NTP service. <DeviceA> system-view [DeviceA] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2. [DeviceA] ntp-service refclock-master 2 Configure Device B: # Enable the NTP service.

  • Page 55: Configuration Example For Ntp Broadcast Mode With Authentication

    Reference clock ID: 1.0.1.11 Leap indicator: 00 Clock jitter: 0.005096 s Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.00655 ms Root dispersion: 1.15869 ms Reference time: d0c62687.ab1bba7d Wed, Dec 29 2010 21:28:39.668 The output shows that Device B has been synchronized to Device A, the clock stratum level of Device B is 3, and that of Device A is 2.

  • Page 56

    Figure 17 Network diagram Vlan-int2 3.0.1.31/24 Switch C NTP broadcast server Vlan-int2 3.0.1.30/24 Switch A NTP broadcast client Vlan-int2 3.0.1.32/24 Switch B NTP broadcast client Configuration procedure Set the IP address for each interface as shown in Figure 17. (Details not shown.) Configure Switch A: # Enable the NTP service.

  • Page 57

    <SwitchC> system-view [SwitchC] ntp-service enable # Specify the local clock as the reference source, with the stratum level 3. [SwitchC] ntp-service refclock-master 3 # Configure Switch C to operate in NTP broadcast server mode and use VLAN-interface 2 to send NTP broadcast packets.

  • Page 58: Configuration Example For Mpls Vpn Time Synchronization In Client/server Mode

    source reference stra reach poll now offset delay disper ******************************************************************************** [1245]3.0.1.31 127.127.1.0 -0.0 0.0000 Notes: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured. Total sessions : 1 The output shows that an association has been set up between Switch B and Switch C. Configuration example for MPLS VPN time synchronization in client/server mode Network requirements...

  • Page 59: Configuration Example For Mpls Vpn Time Synchronization In Symmetric Active/passive Mode

    # Specify the local clock as the reference source, with the stratum level 2. [CE1] ntp-service refclock-master 2 Configure PE 2: # Enable the NTP service. <PE2> system-view [PE2] ntp-service enable # Specify CE 1 in VPN 1 as the NTP server of PE 2. [PE2] ntp-service unicast-server 10.1.1.1 vpn-instance vpn1 Verify the configuration: # Display the IPv4 NTP association information and status on PE 2 a certain period of time later.

  • Page 60

    Configure CE 1's local clock as a reference source, with the stratum level 2. • • Configure CE 1 to operate in symmetric active mode. Specify VPN 1 as the target VPN. • Figure 19 Network diagram Configuration procedure Set the IP address for each interface as shown in Figure 19.

  • Page 61

    Clock precision: 2^-10 Root delay: 0.00655 ms Root dispersion: 1.15869 ms Reference time: d0c62687.ab1bba7d Wed, Dec 29 2010 21:28:39.668 [PE1] display ntp-service sessions source reference stra reach poll now offset delay disper ******************************************************************************** [1245]10.1.1.1 127.127.1.0 -0.0 0.0000 Notes: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured. Total sessions : 1 [PE1] display ntp-service trace Server...

  • Page 62: Configuring Sntp

    Configuring SNTP SNTP is a simplified, client-only version of NTP specified in RFC 4330. SNTP supports only the client/server mode. An SNTP-enabled device can receive time from NTP servers, but cannot provide time services to other devices. SNTP uses the same packet format and packet exchange procedure as NTP, but provides faster synchronization at the price of time accuracy.

  • Page 63: Configuring Sntp Authentication

    Step Command Remarks • For IPv4: sntp unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] By default, no NTP server is [ authentication-keyid keyid | specified for the device. source interface-type interface-number | version Repeat this step to specify multiple Specify an NTP server for the number ] * NTP servers.

  • Page 64: Displaying And Maintaining Sntp

    Step Command Remarks • For IPv4: sntp unicast-server { ip-address | server-name } [ vpn-instance vpn-instance-name ] authentication-keyid keyid Associate the SNTP By default, no NTP server is authentication key with the • For IPv6: specified. specific NTP server. sntp ipv6 unicast-server { ipv6-address | server-name } [ vpn-instance vpn-instance-name ]...

  • Page 65

    # Enable NTP authentication on Device A. [DeviceA] ntp-service authentication enable # Configure an NTP authentication key, with the key ID of 10 and key value of aNiceKey. Input the key in plain text. [DeviceA] ntp-service authentication-keyid 10 authentication-mode md5 simple aNiceKey # Specify the key as a trusted key.

  • Page 66: Configuring Ptp

    Configuring PTP Overview Network clock synchronization keeps the offset of time and frequency within a rational range among all the devices in a network. It involves two concepts: • Phase synchronization (time synchronization)—Keeps frequency and phase consistency of signals. Frequency synchronization (clock synchronization)—Keeps a specific relationship between signals •...

  • Page 67

    PTP domain A PTP domain refers to a network enabled with PTP. A PTP domain has only one synchronization clock. All devices in the domain synchronize time with the clock. Clock node and PTP port A node in a PTP domain is a clock node. A port enabled with PTP is a PTP port. PTP defines the following three types of basic clock nodes: Ordinary Clock (OC)—A PTP clock with a single PTP port in a PTP domain for time synchronization.

  • Page 68: Synchronization Mechanism

    Besides the three basic types of clock nodes, PTP introduces some hybrid clock nodes. For example, a TC+OC has multiple PTP ports in a PTP domain: one port is the OC type, and the others are the TC type. A TC+OC forwards PTP messages through TC-type ports and performs delay corrections. In addition, it synchronizes time through its OC-type port.

  • Page 69

    PTP defines two transmission delay measurement mechanisms: Request_Response and Peer Delay. The basis of the two mechanisms is that the transmission delay from the master clock to the member clock is the same as that from the member clock to the master clock. Request_Response Figure 23 Operation procedure of the Request_Response mechanism Master clock...

  • Page 70

    Peer Delay Figure 24 Operation procedure of the Peer Delay mechanism Master clock Member clock Timestamps known by member clock t1, t2 t1, t2, t3 t1, t2, t3, t4, t6 t1, t2, t3, t4, t5, t6 The Peer Delay mechanism uses Pdelay messages to calculate link delay, which applies to only point-to-point delay measurement.

  • Page 71: Protocols And Standards

    In two-step mode, t1 is carried in the Follow_Up message, and t4 and t5 are carried in the • Pdelay_Resp and Pdelay_Resp_Follow_Up messages. Protocols and standards IEEE 1588-2008, IEEE Standard for a Precision Clock Synchronization Protocol for Networked • Measurement and Control Systems IEEE P802.1AS, Timing and Synchronization for Time-Sensitive Applications in Bridged Local Area •...

  • Page 72: Specifying A Ptp Standard

    Tasks at a glance The PTP standard is IEEE 802.1AS (802.1AS): (Required.) Specifying the clock node type (Optional.) Specifying a PTP domain (Optional.) Configuring an OC to operate as only a member clock (Optional.) Configuring the role of a PTP port (Optional.) Configuring the port type for a TC+OC (Optional.)

  • Page 73: Specifying A Ptp Domain

    Step Command Remarks Enter system view. system-view Specify the clock node type ptp mode { bc | e2etc | e2etc-oc | By default, no clock node type is for the device. oc | p2ptc | p2ptc-oc } specified. Specifying a PTP domain Within a PTP domain, all devices follow the same rules to communicate with each other.

  • Page 74: Configuring The Mode For Carrying Timestamps

    To configure the PTP port role on an OC, BC, E2ETC+OC, or P2PTC+OC: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view or Layer 3 interface-number Ethernet interface view. By default, the PTP port role is Configure the role of the PTP ptp force-state { master | passive | automatically specified through...

  • Page 75: Configuring The Port Type For A Tc+oc

    Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view or Layer 3 interface-number Ethernet interface view. By default, the delay measurement Specify a delay measurement ptp delay-mechanism { e2e | p2p } mechanism depends on the PTP mechanism for a BC or OC.

  • Page 76: Messages

    Specifying the number of announcement intervals before the receiving node stops receiving announce messages A master node periodically sends announce messages to the member nodes. If a member node does not receive any announce message from the master node within the specified interval, it considers the master node invalid.

  • Page 77: Configuring The Minimum Interval For Sending Delay_req Messages

    Step Command Remarks By default: • The interval is 2 seconds if the Configure the interval for PTP standard is IEEE 1588 ptp syn-interval value sending Sync messages. Version 2. • The interval is 2 seconds if the PTP standard is IEEE 802.1AS. Configuring the minimum interval for sending Delay_Req messages Step...

  • Page 78: Specifying The Protocol For Encapsulating Ptp Messages As Udp (ipv4)

    Specifying the protocol for encapsulating PTP messages as UDP (IPv4) PTP messages can be encapsulated in IEEE 802.3/Ethernet packets or UDP packets. To configure the protocol for encapsulating PTP messages as UDP (IPv4): Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view or Layer 3...

  • Page 79: Configuring The Cumulative Offset Between The Utc And Tai

    Configuring the cumulative offset between the UTC and TAI The time displayed on a device is based on the Coordinated Universal Time (UTC). There is an offset between UTC and TAI (International Atomic Time in English), which is made public periodically. This task allows you to adjust the offset between the UTC and TAI on the device.

  • Page 80: Configuring A Priority Of The Clock

    Step Command Remarks Optional. Configure priority 2 of the ptp priority clock-source { bits1 | clock. bits2 | local } priority2 pri2-value The default is 128. Optional. Configure the attribute value ptp clock-source { bits1 | bits2 } of the Bits clock. time-source ts-value The default is 160.

  • Page 81: Displaying And Maintaining Ptp

    Displaying and maintaining PTP Execute display commands in any view and the reset command in user view. Task Command Display PTP clock information. display ptp clock Display the delay correction history. display ptp corrections display ptp foreign-masters-record [ interface Display information about foreign master nodes. interface-type interface-number ] display ptp interface [ interface-type interface-number Display PTP information on an interface.

  • Page 82

    # On Ten-GigabitEthernet 1/0/1, specify the delay measurement mechanism as p2p, and enable PTP. [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] ptp delay-mechanism p2p [DeviceA-Ten-GigabitEthernet1/0/1] ptp enable [DeviceA-Ten-GigabitEthernet1/0/1] quit Configure Device B: # Specify the PTP standard as IEEE 1588 Version 2. <DeviceB>...

  • Page 83: Ptp Configuration Example (ieee 802.1as)

    Clock quality : Class : 248 Accuracy : 254 Offset (log variance) : 65535 Offset from master : 0 (ns) Mean path delay : 0 (ns) Steps removed Local clock time : Sun Jan 15 20:57:29 2011 # Display brief PTP statistics on Device A. [DeviceA] display ptp interface brief Name State...

  • Page 84

    Figure 26 Network diagram P2PTC XGE1/0/1 XGE1/0/1 XGE1/0/2 XGE1/0/1 Device A Device B Device C PTP domain Configuration procedure Configure Device A: # Specify the PTP standard as IEEE 802.1AS. <DeviceA> system-view [DeviceA] ptp profile 802.1AS # Specify the clock node type as OC. [DeviceA] ptp mode oc # Enable PTP on Ten-GigabitEthernet 1/0/1.

  • Page 85

    When the network is stable, display PTP clock information by using the display ptp clock command, and display brief PTP statistics on an interface by using the display ptp interface brief command. # Display PTP clock information on Device A. [DeviceA] display ptp clock PTP profile : IEEE 802.1AS...

  • Page 86

    XGE1/0/2...

  • Page 87: Configuring The Information Center

    Configuring the information center The information center on a device classifies and manages logs for all modules so that network administrators can monitor network performance and troubleshoot network problems. Overview The information center receives logs generated by source modules and outputs logs to different destinations according to user-defined output rules.

  • Page 88: Log Destinations

    Severity Level Description value Action must be taken immediately. For example, traffic on an interface exceeds Alert the upper limit. Critical condition. For example, the device temperature exceeds the upper limit, Critical the power module fails, or the fan tray fails. Error Error condition.

  • Page 89: Default Output Rules For Security Logs

    Table 8 Default output rule for diagnostic logs Destination Log source modules Output switch Severity Diagnostic log file All supported modules Enabled Debug Default output rules for security logs Security logs can only be output to the security log file, and cannot be filtered by source modules and severity levels.

  • Page 90

    Table 12 Log formats Output destination Format Example %Nov 24 14:21:43:502 2010 HP Console, monitor SYSLOG/6/SYSLOG_RESTART: Prefix Timestamp Sysname terminal, log buffer, or System restarted –- Module/Level/Mnemonic: Content log file HP Comware Software. • HP format: <190>Nov 24 16:22:21 2010 HP %%10SYSLOG/6/SYSLOG_RE •...

  • Page 91

    IP address) You can use the sysname command to modify the name of the device. Indicates that the information was generated by an HP device. %% (vendor ID) This field exists only in logs sent to the log host.

  • Page 92: Fips Compliance

    Timestamp Description Example parameters <189>2003-05-30T06:42:44 Sysname %%10FTPD/5/FTPD_LOGIN(l): Timestamp format stipulated in ISO 8601. User ftp (192.168.1.23) has logged in Only logs that are sent to a log host support successfully. this parameter. 2003-05-30T06:42:44 is a timestamp in the iso format. % Sysname FTPD/5/FTPD_LOGIN: User No timestamp is included.

  • Page 93: Outputting Logs To The Console

    Outputting logs to the console Step Command Remarks Enter system view. system-view By default, the information center is Enable the information center. info-center enable enabled. info-center source { module-name | For information about default Configure an output rule for default } { console | monitor | output rules, see "Default output the console.

  • Page 94: Outputting Logs To A Log Host

    (Optional.) Specify the By default, logs are sent in HP format to format for logs sent to a info-center format { unicom | cmcc } a log host. log host.

  • Page 95: Saving Logs To The Log File

    Step Command Remarks (Optional.) Set the maximum info-center logbuffer size By default, the log buffer can store number of logs that can be buffersize 512 logs. stored in the log buffer. info-center source { module-name | For information about default Configure an output rule for default } { console | monitor | output rules, see...

  • Page 96: Managing Security Logs

    Step Command Remarks • Method 1: Configure the interval to perform the save Use either method. operation: info-center logfile frequency The default saving interval is Save the logs in the log file freq-sec 86400 seconds. buffer to the log file. •...

  • Page 97: Managing The Security Log File

    Step Command Remarks By default, the alarm threshold of (Optional.) Set the alarm the security log file usage is 80. info-center security-logfile threshold of the security log When the usage of the security log alarm-threshold usage file usage. file reaches 80%, the system will inform the user.

  • Page 98: Configuring The Maximum Size Of The Trace Log File

    Step Command Remarks By default, the maximum size is 10 (Optional.) Configure the info-center diagnostic-logfile quota maximum size of the To ensure normal operation, set the size diagnostic log file. size argument to a value between 1 MB and 10 MB. The default directory is flash:/diagfile.

  • Page 99: Enabling Duplicate Log Suppression

    Step Command Remarks Enable synchronous By default, synchronous info-center synchronous information output. information output is disabled. Enabling duplicate log suppression The output of consecutive duplicate logs at an interval of less than 30 seconds wastes system and network resources. With this feature enabled, the system starts a suppression period upon outputting a log: During the suppression period, the system does not output logs that have the same module name, •...

  • Page 100: Displaying And Maintaining Information Center

    Step Command Remarks Disable the interface from By default, all interfaces generate generating link up or link undo enable log updown link up and link down logs when down logs. the interface state changes. Displaying and maintaining information center Execute display commands in any view and reset commands in user view. Task Command Display the information of each output destination.

  • Page 101: Configuration Example For Outputting Logs To A Unix Log Host

    <Sysname> terminal logging level 6 <Sysname> terminal monitor Current terminal monitor is on. Now, if the FTP module generates logs, the information center automatically sends the logs to the console, and the console displays the logs. Configuration example for outputting logs to a UNIX log host Network requirements Configure the device to output to the UNIX log host FTP logs that have a severity level of at least...

  • Page 102: Configuration Example For Outputting Logs To A Linux Log Host

    # Device configuration messages local4.info /var/log/Device/info.log In this configuration, local4 is the name of the logging facility that the log host uses to receive logs. info is the informational level. The UNIX system records the log information that has a severity level of at least informational to the file /var/log/Device/info.log.

  • Page 103

    [Sysname] info-center source default loghost deny To avoid outputting unnecessary information, disable all modules from outputting log information to the specified destination (loghost in this example) before you configure an output rule. # Configure an output rule to enable output to the log host FTP logs that have a severity level of at least informational.

  • Page 104: Configuring Snmp

    Configuring SNMP This chapter provides an overview of the Simple Network Management Protocol (SNMP) and guides you through the configuration procedure. Overview SNMP is an Internet standard protocol widely used for a management station to access and operate the devices on a network, regardless of their vendors, physical characteristics, and interconnect technologies.

  • Page 105: Snmp Operations

    Figure 32 MIB tree A MIB view represents a set of MIB objects (or MIB object hierarchies) with certain access privileges and is identified by a view name. The MIB objects included in the MIB view are accessible while those excluded from the MIB view are inaccessible.

  • Page 106: Configuring Snmpv1 Or Snmpv2c Basic Parameters

    Configuring SNMPv1 or SNMPv2c basic parameters SNMPv1 and SNMPv2c settings are supported only in non-FIPS mode. To configure SNMPv1 or SNMPv2c basic parameters: Step Command Remarks Enter system view. system-view By default, the SNMP agent is disabled. The SNMP agent is enabled when (Optional.) Enable the snmp-agent you perform any command that...

  • Page 107: Configuring Snmpv3 Basic Parameters

    Step Command Remarks • (Method 1) Create an SNMP community: snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view Use either method. view-name ] [ acl acl-number | acl By default, no SNMP group or ipv6 ipv6-acl-number ] * SNMP community exists.

  • Page 108

    Table 16 Basic security setting requirements for different security models Security model Security key settings Security model Remarks keyword for the group for the user If the authentication key or Authentication with Authentication key, the privacy key is not privacy privacy privacy key configured, SNMP...

  • Page 109

    Step Command Remarks By default, no remote engine ID is snmp-agent remote { ip-address | configured. (Optional.) Configure a remote ipv6 ipv6-address } [ vpn-instance To send informs to an SNMPv3 engine ID. vpn-instance-name ] engineid NMS, you must configure the engineid SNMP engine ID of the NMS.

  • Page 110: Configuring Snmp Logging

    Step Command Remarks • In non-FIPS mode: snmp-agent usm-user v3 user-name group-name [ remote { ip-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode { md5 | sha } auth-password If the cipher keyword is specified, [ privacy-mode { aes128 | the arguments auth-password des56 } priv-password ] ] [ acl...

  • Page 111: Configuring Snmp Notifications

    Step Command Remarks (Optional.) Enable SNMP snmp-agent log { all | By default, SNMP logging is logging. get-operation | set-operation } disabled. (Optional.) Enable SNMP By default, SNMP notification snmp-agent trap log notification logging. logging is disabled. Configuring SNMP notifications The SNMP Agent sends notifications (traps and informs) to inform the NMS of significant events, such as link state changes and user logins or logouts.

  • Page 112

    Configuration guidelines When network congestion occurs or the destination is not reachable, the SNMP agent buffers notifications in a queue. You can configure the queue size and the notification lifetime (the maximum time that a notification can stay in the queue). A notification is deleted when its lifetime expires. When the notification queue is full, the oldest notifications are automatically deleted.

  • Page 113

    Step Command Remarks • (Method 1) Send traps to the target host: In non-FIPS mode: snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ] In FIPS mode: snmp-agent target-host trap address...

  • Page 114: Displaying The Snmp Settings

    Step Command Remarks By default, the SNMP agent sends a periodical trap every 60 (Optional.) Configure seconds. snmp-agent trap periodical-interval the interval for sending interval-time This configuration is available in periodical traps. Release 2311P04 and later versions. Displaying the SNMP settings Execute display commands in any view.

  • Page 115: Network Requirements

    Network requirements As shown in Figure 33, the NMS (1.1.1.2/24) uses SNMPv1 to manage the SNMP agent (1.1.1.1/24), and the agent automatically sends notifications to report events to the NMS. Figure 33 Network diagram Configuration procedure Configure the SNMP agent: # Configure the IP address of the agent and make sure the agent and the NMS can reach each other.

  • Page 116: Snmpv3 Configuration Example

    1: Oid=ifMtu.135471 Syntax=INT Value=1500 Get finished # Use a wrong community name to get the value of a MIB node on the agent. You can see an authentication failure trap on the NMS. 1.1.1.1/2934 V1 Trap = authenticationFailure SNMP Version = V1 Community = public Command = Trap Enterprise = 1.3.6.1.4.1.43.1.16.4.3.50...

  • Page 117

    [Agent] snmp-agent sys-info location telephone-closet,3rd-floor # Enable notifications, specify the NMS at 1.1.1.2 as a trap destination, and set the username to managev3user for the traps. [Agent] snmp-agent trap enable [Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname managev3user v3 privacy Configure the SNMP NMS: Specify SNMPv3.

  • Page 118

    Community = managev3user Command = Trap...

  • Page 119: Configuring Rmon

    For more information about SNMP notifications, see "Configuring SNMP." HP devices provide an embedded RMON agent as the RMON monitor. An NMS can perform basic SNMP operations to access the RMON MIB. RMON groups Among standard RMON groups, HP implements the statistics group, history group, event group, alarm group, probe configuration group, and user history group.

  • Page 120: Alarm Group

    The history table stores traffic statistics collected for each sampling interval. Event group The event group controls the generation and notifications of events triggered by the alarms defined in the alarm group and the private alarm group. The following are RMON alarm event handling methods: Log—Logs event information (including event time and description) in the event log table so the •...

  • Page 121: Sample Types For The Alarm Group And The Private Alarm Group

    Compares the calculation result with the predefined thresholds, and then takes one of the following actions: Triggers the event associated with the rising alarm event if the result is equal to or greater than the rising threshold. Triggers the event associated with the falling alarm event if the result is equal to or less than the falling threshold.

  • Page 122: Creating An Rmon History Control Entry

    Step Command Remarks By default, the RMON statistics table does not contain entries. Create an entry for You can create one statistics entry for the interface in the rmon statistics entry-number [ owner each Ethernet interface, and a maximum RMON statistics text ] of 100 statistics entries on the device.

  • Page 123: Displaying And Maintaining Rmon Settings

    Maximum number Entry Parameters to be compared of entries • Alarm variable (alarm-variable) • Sampling interval (sampling-interval) • Sample type (absolute or delta) Alarm • Rising threshold (threshold-value1) • Falling threshold (threshold-value2) • Alarm variable formula (prialarm-formula) • Sampling interval (sampling-interval) •...

  • Page 124: Ethernet Statistics Group Configuration Example

    Task Command Display RMON private alarm display rmon prialarm [ entry-number ] entries. Display RMON event entries. display rmon event [ entry-number ] Display log information for display rmon eventlog [ entry-number ] event entries. Ethernet statistics group configuration example Network requirements Create an RMON Ethernet statistics entry on the device in Figure 36...

  • Page 125: History Group Configuration Example

    History group configuration example Network requirements Create an RMON history control entry on the device in Figure 37 to sample traffic statistics for Ten-GigabitEthernet 1/0/1 every minute. Figure 37 Network diagram Configuration procedure # Create an RMON history control entry to sample traffic statistics every minute for Ten-GigabitEthernet 1/0/1.

  • Page 126: Alarm Function Configuration Example

    collisions , utilization Sampling record 4 : dropevents , octets : 933 packets , broadcast packets multicast packets : 7 , CRC alignment errors : 0 undersize packets : 0 , oversize packets fragments , jabbers collisions , utilization Sampling record 5 : dropevents , octets : 898...

  • Page 127: Configuration Procedure

    Figure 38 Network diagram Configuration procedure # Configure the SNMP agent (the device) with the same SNMP settings as the NMS at 1.1.1.2. This example uses SNMPv1, read community public, and write community private. <Sysname> system-view [Sysname] snmp-agent [Sysname] snmp-agent community read public [Sysname] snmp-agent community write private [Sysname] snmp-agent sys-info version v1 [Sysname] snmp-agent trap enable...

  • Page 128

    EtherStatsEntry 1 owned by user1 is VALID. Interface : Ten-GigabitEthernet1/0/1<ifIndex.3> etherStatsOctets : 57329 , etherStatsPkts : 455 etherStatsBroadcastPkts : 53 , etherStatsMulticastPkts : 353 etherStatsUndersizePkts , etherStatsOversizePkts etherStatsFragments , etherStatsJabbers etherStatsCRCAlignErrors : 0 , etherStatsCollisions etherStatsDropEvents (insufficient resources): 0 Incoming packets by size : 65-127 : 413 128-255...

  • Page 129: Configuring Nqa

    Configuring NQA Overview Network quality analyzer (NQA) allows you to measure network performance, verify the service levels for IP services and applications, and troubleshoot network problems. It provides the following types of operations: • ICMP echo DHCP • • • HTTP •...

  • Page 130: Collaboration

    A UDP jitter or a voice operation sends a specific number of probe packets. The number of probe • packets is configurable with the probe packet-number command. An FTP operation uploads or downloads a file. • An HTTP operation gets a Web page. •...

  • Page 131: Nqa Configuration Task List

    Table 18 describes the relationships between performance metrics and NQA operation types. Table 18 Performance metrics and NQA operation types Performance metric NQA operation types that can gather the metric All NQA operation types excluding UDP jitter, path Probe duration jitter, and voice All NQA operation types excluding UDP jitter, path Number of probe failures...

  • Page 132: Enabling The Nqa Client

    Step Command Remarks Enter system view. system-view By default, the NQA server Enable the NQA server. nqa server enable is disabled. • TCP listening service: nqa server tcp-connect ip-address You can specify the ToS port-number [ tos tos ] [ vpn-instance value in the IP packet vpn-instance-name ] Configure a TCP or UDP...

  • Page 133: Configuring The Icmp Echo Operation

    Tasks at a glance (Optional.) Configuring the saving of NQA history records Configuring the ICMP echo operation The ICMP echo operation measures the reachability of a destination device. It has the same function as the ping command, but provides more output information. In addition, if multiple paths exist between the source and destination devices, you can specify the next hop for the ICMP echo operation.

  • Page 134: Configuring The Dhcp Operation

    Configuring the DHCP operation The DHCP operation measures whether or not the DHCP server can respond to client requests. DHCP also measures the amount of time it takes for the NQA client to obtain an IP address from a DHCP server. The NQA client simulates the DHCP relay agent to forward DHCP requests for IP address acquisition from the DHCP server.

  • Page 135: Configuring The Ftp Operation

    Step Command Remarks Create an NQA operation By default, no NQA operation is and enter NQA operation nqa entry admin-name operation-tag created. view. Specify the DNS type and type dns enter its view. Specify the IP address of the By default, no destination IP DNS server as the destination destination ip ip-address address is specified.

  • Page 136: Configuring The Http Operation

    Step Command Remarks By default, the FTP operation type is get, Specify the FTP operation operation { get | put } which means obtaining files from the FTP type. server. Specify an FTP login By default, no FTP login username is username username username.

  • Page 137: Configuring The Udp Jitter Operation

    Step Command Remarks Every time you enter the raw request view, (Optional.) Enter raw request raw-request the previously configured content of the view. HTTP request is removed. (Optional.) Specify the By default, no contents are specified. content of a GET request for Enter or paste the content.

  • Page 138: Configuring The Snmp Operation

    Step Command Remarks By default, no destination port number is specified. Specify the destination port of destination port port-number The destination port must be the UDP packets. same as that of the listening service on the NQA server. (Optional.) Specify the source By default, no source port number source port port-number port number of UDP packets.

  • Page 139: Configuring The Tcp Operation

    Step Command Remarks Specify the SNMP type and type snmp enter its view. Specify the destination By default, no destination IP address is destination ip ip-address address of SNMP packets. specified. (Optional.) Specify the source By default, no source port number is source port port-number port of SNMP packets.

  • Page 140: Configuring The Udp Echo Operation

    Configuring the UDP echo operation The UDP echo operation measures the round-trip time between the client and a specific UDP port on the NQA server. The UDP echo operation requires both the NQA server and the NQA client. Before you perform a UDP echo operation, configure a UDP listening service on the NQA server.

  • Page 141: Configuring The Voice Operation

    Configuring the voice operation CAUTION: To ensure successful voice operations and avoid affecting existing services, do not perform the operations on well-known ports from 1 to 1023. The voice operation measures VoIP network performance. The voice operation works as follows: The NQA client sends voice packets of G.711 A-law, G.711 μ-law or G.729 A-law codec type at a specific interval to the destination device (NQA server).

  • Page 142: Configuring The Dlsw Operation

    Step Command Remarks By default, no destination port number is configured. Specify the destination port of destination port port-number The destination port must be the same voice packets. as that of the listening service on the NQA server. codec-type { g711a | g711u | By default, the codec type is G.711 Specify the codec type.

  • Page 143: Configuring The Path Jitter Operation

    Before you configure the path jitter operation, perform the following configurations: Enable sending ICMP time-exceeded packets on the intermediate devices between the source and • the destination devices. If the intermediate devices are HP devices, use the ip ttl-expires enable command. •...

  • Page 144: Configuring Optional Parameters For The Nqa Operation

    Step Command Remarks By default, no source IP address is specified. Specify the source IP address of source ip ip-address The source IP address must be the IP ICMP echo request. address of a local interface and the interface must be up. Specify the number of ICMP probe packet-number echo requests to be sent in a...

  • Page 145: Configuring The Collaboration Function

    Step Command Remarks For a voice or path jitter operation, the default setting is 60000 milliseconds. For other operations, the default setting is 0 (Optional.) Specify the milliseconds. Only one operation is interval at which the NQA frequency interval performed. operation repeats.

  • Page 146: Configuring Threshold Monitoring

    Step Command Remarks type { dhcp | dlsw | dns | ftp | The collaboration function is not Specify an NQA operation http | icmp-echo | snmp | tcp | available for the path jitter, UDP type and enter its view. udp-echo } jitter, and voice operations.

  • Page 147

    If the action to be triggered is configured as trap-only for a reaction entry, when the state of the entry changes, a trap message is generated and sent to the NMS. Configuration procedure Before you configure threshold monitoring, configure the destination address of the trap messages by using the snmp-agent target-host command.

  • Page 148

    Step Command Remarks • Monitor the operation duration (not supported in the UDP jitter and voice operations): reaction item-number checked-element late probe-duration threshold-type { accumu accumulate-occurrences | average | consecutive consecutive-occurrences } threshold-value upper-threshold action-type lower-threshold [ { none | trap-only } ] •...

  • Page 149: Configuring The Nqa Statistics Collection Function

    Configuring the NQA statistics collection function NQA collects statistics for operations completed within a specific period. The statistics forms a statistics group. A statistics group is generated after an operation is completed. To view information about the statistics groups, use the display nqa statistics command. A statistics group is deleted when its hold time expires.

  • Page 150: Scheduling The Nqa Operation On The Nqa Client

    Step Command Remarks Create an NQA By default, no NQA operation operation and enter nqa entry admin-name operation-tag is created. NQA operation view. The UDP jitter, path jitter, and Enter NQA operation type { dhcp | dlsw | dns | ftp | http | voice operations do not support type view.

  • Page 151: Configuring The Icmp Template

    Some operation parameters for an NQA template can be specified by the template configuration or the feature that uses the template. When both are specified, the parameters in the template configuration take effect. Configuring the ICMP template A feature that uses the ICMP template creates and starts the ICMP operation to measure the reachability of a destination device.

  • Page 152: Configuring The Tcp Template

    In DNS template view, you can specify the address expected to be returned. If the returned IP addresses include the expected address, the DNS server is valid and the operation succeeds. Otherwise, the operation fails. Create a mapping between the domain name and an address before you perform the DNS operation. For information about configuring the DNS server, see Layer 3—IP Services Configuration Guide.

  • Page 153: Configuring The Http Template

    In TCP template view, you can specify the expected data to be returned. If you do not specify the expected data, the TCP operation only tests whether the client can establish a TCP connection to the server. The TCP operation requires both the NQA server and the NQA client. Before you perform a TCP operation, configure a TCP listening service on the NQA server.

  • Page 154

    length, and it does not include the header length. An HTTP packet with this field indicates that the packet data does not include the multipart type and the packet body is a data type. The status code of the HTTP packet is a three-digit field in decimal notation, and it includes the status information for the HTTP server.

  • Page 155: Configuring The Ftp Template

    Step Command Remarks (Optional.) Configure the expect data expression By default, no expected data is expected data. [ offset number ] configured. Configuring the FTP template A feature that uses the FTP template creates and starts the FTP operation to measure the time the NQA client uses to transfer a file to or download a file from an FTP server.

  • Page 156: Displaying And Maintaining Nqa

    Step Command Remarks Enter system view. system-view Create an NQA template nqa template { dns | ftp | http and enter its view. | icmp | tcp } name Configure a description. description text By default, no description is configured. The default setting is 5000 milliseconds.

  • Page 157: Nqa Configuration Examples

    NQA configuration examples ICMP echo operation configuration example Network requirements As shown in Figure 41, configure and schedule an ICMP echo operation from the NQA client Device A to Device B through Device C to test the round-trip time. Figure 41 Network diagram Configuration procedure # Assign each interface an IP address.

  • Page 158: Dhcp Operation Configuration Example

    # Enable saving history records and configure the maximum number of history records that can be saved as 10. [DeviceA-nqa-admin-test1-icmp-echo] history-record enable [DeviceA-nqa-admin-test1-icmp-echo] history-record number 10 [DeviceA-nqa-admin-test1-icmp-echo] quit # Start the ICMP echo operation. [DeviceA] nqa schedule admin test1 start-time now lifetime forever # After the ICMP echo operation runs for a period of time, stop the operation.

  • Page 159: Dns Operation Configuration Example

    Figure 42 Network diagram Configuration procedure # Create a DHCP operation to be performed to the destination IP address 10.1.1.2. <SwitchA> system-view [SwitchA] nqa entry admin test1 [SwitchA-nqa-admin-test1] type dhcp [SwitchA-nqa-admin-test1-dhcp] destination ip 10.1.1.2 # Enable the saving of history records. [SwitchA-nqa-admin-test1-dhcp] history-record enable [SwitchA-nqa-admin-test1-dhcp] quit # Start the DHCP operation.

  • Page 160

    Figure 43 Network diagram Configuration procedure # Assign each interface an IP address. (Details not shown.) # Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) # Create a DNS operation. <DeviceA>...

  • Page 161: Ftp Operation Configuration Example

    FTP operation configuration example Network requirements As shown in Figure 44, configure an FTP operation to test the time required for Device A to upload a file to the FTP server. The login username is admin, the login password is systemtest, and the file to be transferred to the FTP server is config.txt.

  • Page 162: Http Operation Configuration Example

    Min/Max/Average round trip time: 173/173/173 Square-Sum of round trip time: 29929 Last succeeded probe time: 2011-11-22 10:07:28.6 Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to internal error: 0 Failures due to other errors: 0 # Display the history records of the FTP operation.

  • Page 163: Udp Jitter Operation Configuration Example

    # Enable the saving of history records. [DeviceA-nqa-admin-test1-http] history-record enable [DeviceA-nqa-admin-test1-http] quit # Start the HTTP operation. [DeviceA] nqa schedule admin test1 start-time now lifetime forever # After the HTTP operation runs for a period of time, stop the operation. [DeviceA] undo nqa schedule admin test1 # Display the most recent results of the HTTP operation.

  • Page 164

    # Enable the NQA server and configure a listening service to listen on the IP address 10.2.2.2 and UDP port 9000. <DeviceB> system-view [DeviceB] nqa server enable [DeviceB] nqa server udp-echo 10.2.2.2 9000 Configure Device A: # Create a UDP jitter operation. <DeviceA>...

  • Page 165

    Negative SD square-sum: 460 Negative DS square-sum: 754 One way results: Max SD delay: 15 Max DS delay: 16 Min SD delay: 7 Min DS delay: 7 Number of SD delay: 10 Number of DS delay: 10 Sum of SD delay: 78 Sum of DS delay: 85 Square-Sum of SD delay: 666 Square-Sum of DS delay: 787...

  • Page 166: Snmp Operation Configuration Example

    SNMP operation configuration example Network requirements As shown in Figure 47, configure an SNMP operation to test the time the NQA client uses to get a value from the SNMP agent. Figure 47 Network diagram Configuration procedure Assign each interface an IP address. (Details not shown.) Configure static routes or a routing protocol to make sure the devices can reach each other.

  • Page 167: Tcp Operation Configuration Example

    Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 # Display the history records of the SNMP operation. [DeviceA] display nqa history admin test1 NQA entry (admin admin, tag test1) history records: Index Response Status...

  • Page 168: Udp Echo Operation Configuration Example

    # After the TCP operation runs for a period of time, stop the operation. [DeviceA] undo nqa schedule admin test1 # Display the most recent results of the TCP operation. [DeviceA] display nqa result admin test1 NQA entry (admin admin, tag test1) test results: Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 13/13/13...

  • Page 169: Voice Operation Configuration Example

    Configure Device A: # Create a UDP echo operation. <DeviceA> system-view [DeviceA] nqa entry admin test1 [DeviceA-nqa-admin-test1] type udp-echo # Configure 10.2.2.2 as the destination IP address and port 8000 as the destination port. [DeviceA-nqa-admin-test1-udp-echo] destination ip 10.2.2.2 [DeviceA-nqa-admin-test1-udp-echo] destination port 8000 # Enable the saving of history records.

  • Page 170

    Configuration procedure Assign each interface an IP address. (Details not shown.) Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) Configure Device B: # Enable the NQA server, and configure a listening service to listen on IP address 10.2.2.2 and UDP port 9000.

  • Page 171

    Max negative SD: 203 Max negative DS: 1297 Negative SD number: 255 Negative DS number: 259 Negative SD sum: 759 Negative DS sum: 1796 Negative SD average: 2 Negative DS average: 6 Negative SD square-sum: 53655 Negative DS square-sum: 1691776 One way results: Max SD delay: 343 Max DS delay: 985...

  • Page 172: Dlsw Operation Configuration Example

    Min SD delay: 0 Min DS delay: 0 Number of SD delay: 4 Number of DS delay: 4 Sum of SD delay: 1390 Sum of DS delay: 1079 Square-Sum of SD delay: 483202 Square-Sum of DS delay: 973651 SD lost packets: 0 DS lost packets: 0 Lost packets for unknown reason: 0 Voice scores:...

  • Page 173: Path Jitter Operation Configuration Example

    Packet loss ratio: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to internal error: 0 Failures due to other errors: 0 # Display the history records of the DLSw operation. [DeviceA] display nqa history admin test1 NQA entry (admin admin, tag test1) history records: Index...

  • Page 174

    [DeviceA] display nqa result admin test1 NQA entry (admin admin, tag test1) test results: Hop IP 10.1.1.2 Basic Results Send operation times: 10 Receive response times: 10 Min/Max/Average round trip time: 9/21/14 Square-Sum of round trip time: 2419 Extended Results Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0...

  • Page 175: Nqa Collaboration Configuration Example

    NQA collaboration configuration example Network requirements As shown in Figure 53, configure a static route to Switch C with Switch B as the next hop on Switch A. Associate the static route, a track entry, and an ICMP operation to monitor the state of the static route. Figure 53 Network diagram Configuration procedure Assign each interface an IP address.

  • Page 176

    Verifying the configuration # On Switch A, display information about all the track entries. [SwitchA] display track all Track ID: 1 State: Positive Duration: 0 days 0 hours 0 minutes 0 seconds Notification delay: Positive 0, Negative 0 (in seconds) Tracked object: NQA entry: admin test1 Reaction: 1...

  • Page 177: Icmp Template Configuration Example

    Destinations : 12 Routes : 12 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 10.2.1.2 Vlan3 10.2.1.0/32 Direct 0 10.2.1.2 Vlan3 10.2.1.2/32 Direct 0 127.0.0.1 InLoop0 10.2.1.255/32 Direct 0 10.2.1.2 Vlan3 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0...

  • Page 178: Dns Template Configuration Example

    # Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) # Create ICMP template icmp and specify 10.2.2.2 as the destination IP address. <DeviceA> system-view [DeviceA] nqa template icmp icmp [DeviceA-nqatplt-icmp-icmp] destination ip 10.2.2.2 # Set the probe timeout time for the ICMP operation to 500 milliseconds, and configure the operation to repeat at an interval of 3000 milliseconds.

  • Page 179: Tcp Template Configuration Example

    [DeviceA-nqatplt-dns-dns] reaction trigger probe-pass 2 # If the number of consecutive probe failures reaches 2, the operation fails. The NQA client notifies the feature of the operation failure. [DeviceA-nqatplt-dns-dns] reaction trigger probe-fail 2 TCP template configuration example Network requirements As shown in Figure 56, configure a TCP template for a feature to perform the TCP operation to test whether Device A can establish a TCP connection to Device B and process the server's response.

  • Page 180: Http Template Configuration Example

    HTTP template configuration example Network requirements As shown in Figure 57, configure an HTTP template for a feature to perform the HTTP operation to test whether the NQA client can establish a connection to and get data from the HTTP server. Figure 57 Network diagram Configuration procedure # Assign each interface an IP address.

  • Page 181

    Configuration procedure # Assign each interface an IP address. (Details not shown.) # Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) # Create FTP template ftp. <DeviceA> system-view [DeviceA] nqa template ftp ftp # Specify the URL of the FTP server.

  • Page 182: Configuring Port Mirroring

    Configuring port mirroring The port mirroring feature is available on Layer 2 Ethernet interfaces, Layer 3 Ethernet interfaces, and FC interfaces. The term "interface" in this chapter collectively refers to these types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).

  • Page 183: Port Mirroring Classification And Implementation

    Reflector port, egress port, and remote probe VLAN A reflector port, remote probe VLAN, and an egress port are used for Layer 2 remote port mirroring. The remote probe VLAN specially transmits mirrored packets to the destination device. Both the reflector port and egress port reside on a source device and send mirrored packets to the remote probe VLAN.

  • Page 184

    Layer 2 remote port mirroring—The mirroring source and the mirroring destination are located on • different devices on a same Layer 2 network. Layer 3 remote port mirroring—The mirroring source and the mirroring destination are separated • by IP networks. Layer 2 remote port mirroring The source device copies packets received on the source port to the egress port.

  • Page 185: Configuring Local Port Mirroring

    forwards the packets to the data monitoring device. For more information about GRE tunnels and tunnel interfaces, see Layer 3—IP Services Configuration Guide. Figure 61 Layer 3 remote port mirroring implementation Tunnel interface Tunnel interface Source Destination device device GRE tunnel IP network XGE1/0/2 XGE1/0/1...

  • Page 186: Configuring The Monitor Port For The Local Mirroring Group

    A mirroring group can contain multiple source ports. • • A port can act as a source port for multiple mirroring groups, but the port cannot be a reflector port, egress port, or monitor port at the same time. Configuration procedure To configure source ports in system view: Step Command...

  • Page 187: Configure Local Port Mirroring With Multiple Monitor Ports

    If you have configured the reflector port for a remote source group, do not configure the egress port • for it. A VLAN can act as the remote probe VLAN for only one remote source group. HP recommends that • you use the remote probe VLAN for port mirroring exclusively. Do not create a VLAN interface or...

  • Page 188: Configuring Layer 2 Remote Port Mirroring

    A remote probe VLAN must be a static VLAN. To delete this static VLAN, you must first remove the • remote probe VLAN configuration by using the undo mirroring-group remote-probe vlan command. • If the remote probe VLAN of a remote mirroring group is removed, the remote mirroring group will become invalid.

  • Page 189: Configuring A Remote Destination Group On The Destination Device

    MVRP is enabled, MVRP might register the remote probe VLAN with unexpected ports, resulting in undesired duplicates. For more information about MVRP, see Layer 2—LAN Switching Configuration Guide. • HP recommends that you configure the destination device first, then the intermediate devices, and then the source device. Tasks at a glance (Required.)

  • Page 190

    A mirroring group must contain only one monitor port, and a monitor port can belong to only one • mirroring group. To configure the monitor port for a remote destination group in system view: Step Command Remarks Enter system view. system-view Configure the monitor port for mirroring-group group-id...

  • Page 191: Configuring A Remote Source Group On The Source Device

    Step Command • For an access port: port access vlan vlan-id • For a trunk port: Assign the port to the probe VLAN. port trunk permit vlan vlan-id • For a hybrid port: port hybrid vlan vlan-id { tagged | untagged } For more information about the port access vlan, port trunk permit vlan, and port hybrid vlan commands, see Layer 2—LAN Switching Command Reference.

  • Page 192

    Step Command Remarks Configure the port as a source mirroring-group group-id By default, a port does not act as a port for the specified remote mirroring-port { both | inbound | source port for any remote source source group. outbound } group.

  • Page 193: Configuring Layer 3 Remote Port Mirroring

    When a VLAN is configured as a remote probe VLAN, use the remote probe VLAN for port • mirroring exclusively. The remote mirroring groups on the source device and destination device must use the same remote • probe VLAN. To configure the remote probe VLAN for a remote source group: Step Command Remarks...

  • Page 194: Configuration Prerequisites

    Configuration prerequisites Create a tunnel interface and a GRE tunnel. The source and destination addresses of the tunnel interface are the IP addresses of the physical interfaces on the source and destination devices respectively. For more information about tunnel interfaces, see Layer 3—IP Services Configuration Guide. Configuring local mirroring groups Configure a local mirroring group on the source device and on the destination device separately.

  • Page 195: Configuring The Monitor Port For A Local Mirroring Group

    Do not enable the spanning tree feature on the monitor port. • • HP recommends that you use a monitor port only for port mirroring, so the data monitoring device receives and analyzes only the mirrored traffic. Configuration procedure To configure the monitor port in system view:...

  • Page 196: Displaying And Maintaining Port Mirroring

    Displaying and maintaining port mirroring Execute display commands in any view. Task Command display mirroring-group { group-id | all | local | Display mirroring group information. remote-destination | remote-source } Local port mirroring configuration example Network requirements As shown in Figure 62, configure local port mirroring in source port mode so the server can monitor the bidirectional traffic of the Marketing department and the Technical department.

  • Page 197: Verifying The Configuration

    [Device-Ten-GigabitEthernet1/0/3] quit Verifying the configuration # Display information about all mirroring groups. [Device] display mirroring-group all Mirroring group 1: Type: Local Status: Active Mirroring port: Ten-GigabitEthernet1/0/1 Both Ten-GigabitEthernet1/0/2 Both Monitor port: Ten-GigabitEthernet1/0/3 Layer 2 remote port mirroring configuration example Network requirements As shown in Figure 63, configure Layer 2 remote port mirroring so the server can monitor the...

  • Page 198

    [DeviceC-Ten-GigabitEthernet1/0/1] quit # Create a remote destination group. [DeviceC] mirroring-group 2 remote-destination # Create VLAN 2, which is to be configured as the remote probe VLAN. [DeviceC] vlan 2 # Disable MAC address learning for VLAN 2. [DeviceC-vlan2] undo mac-address mac-learning enable [DeviceC-vlan2] quit # Configure VLAN 2 as the remote probe VLAN of the mirroring group and Ten-GigabitEthernet 1/0/2 as the monitor port of the mirroring group.

  • Page 199

    [DeviceA-vlan2] quit # Configure VLAN 2 as the remote probe VLAN of the mirroring group. [DeviceA] mirroring-group 1 remote-probe vlan 2 # Configure Ten-GigabitEthernet 1/0/1 as a source port and Ten-GigabitEthernet 1/0/2 as the egress port in the mirroring group. [DeviceA] mirroring-group 1 mirroring-port ten-gigabitethernet 1/0/1 both [DeviceA] mirroring-group 1 monitor-egress ten-gigabitethernet 1/0/2 # Configure Ten-GigabitEthernet 1/0/2 as a trunk port to permit the packets of VLAN 2 to pass through,...

  • Page 200

    Figure 64 Network diagram ServerA Dept. A XGE1/0/1 XGE1/0/11 ServerB DeviceA XGE1/0/2 XGE1/0/12 XGE1/0/13 Dept. B XGE1/0/3 ServerC Dept. C Configuration procedure # Create remote source group 1. <DeviceA> system-view [DeviceA] mirroring-group 1 remote-source # Configure Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 as source ports of the remote source group.

  • Page 201: Layer 3 Remote Port Mirroring Configuration Example

    Layer 3 remote port mirroring configuration example Network requirements As shown in Figure 65, configure Layer 3 remote port mirroring and create a GRE tunnel so the server can monitor the bidirectional traffic of the Marketing department through a GRE tunnel. Figure 65 Network diagram Configuration procedure Configure IP addresses for the tunnel interfaces and related ports on the devices.

  • Page 202: Mirroring Group

    # Enable the OSPF protocol. [DeviceA] ospf 1 [DeviceA-ospf-1] area 0 [DeviceA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [DeviceA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [DeviceA-ospf-1-area-0.0.0.0] quit [DeviceA-ospf-1] quit # Create local mirroring group 1. [DeviceA] mirroring-group 1 local # Configure Ten-GigabitEthernet 1/0/1 as a source port and Tunnel 0 as the monitor port of local mirroring group 1.

  • Page 203

    # Create local mirroring group 1. [DeviceC] mirroring-group 1 local # Configure Ten-GigabitEthernet 1/0/1 as a source port and Ten-GigabitEthernet 1/0/2 as the monitor port of local mirroring group 1. [DeviceC] mirroring-group 1 mirroring-port ten-gigabitethernet 1/0/1 inbound [DeviceC] mirroring-group 1 monitor-port ten-gigabitethernet 1/0/2 # Disable the spanning tree feature on the monitor port Ten-GigabitEthernet 1/0/2.

  • Page 204: Configuring Flow Mirroring

    Configuring flow mirroring The flow mirroring feature is available on both Layer 2 and Layer 3 Ethernet interfaces. The term "interface" in this chapter collectively refers to these two types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).

  • Page 205: Configuring A Traffic Behavior

    Step Command Remarks By default, no match criterion is Configure match criteria. if-match match-criteria configured in a traffic class. Configuring a traffic behavior Step Command Remarks Enter system view. system-view Create a traffic behavior and By default, no traffic behavior traffic behavior behavior-name enter traffic behavior view.

  • Page 206: Applying A Qos Policy

    Applying a QoS policy Applying a QoS policy to an interface By applying a QoS policy to an interface, you can mirror the traffic in a specified direction on the interface. A policy can be applied to multiple interfaces, but in one direction (inbound or outbound) of an interface, only one policy can be applied.

  • Page 207: Flow Mirroring Configuration Example

    Step Command Enter system view. system-view Enter control plane view. control-plane slot slot-number Apply a QoS policy to the qos apply policy policy-name inbound control plane. Flow mirroring configuration example Network requirements As shown in Figure 66, configure flow mirroring so that the server can monitor the following traffic: All traffic that the Technical department sends to access the Internet.

  • Page 208

    [DeviceA-acl-adv-3000] quit # Create traffic class tech_c, and configure the match criterion as ACL 3000. [DeviceA] traffic classifier tech_c [DeviceA-classifier-tech_c] if-match acl 3000 [DeviceA-classifier-tech_c] quit # Create traffic behavior tech_b, configure the action of mirroring traffic to port Ten-GigabitEthernet 1/0/3. [DeviceA] traffic behavior tech_b [DeviceA-behavior-tech_b] mirror-to interface ten-gigabitethernet 1/0/3 [DeviceA-behavior-tech_b] quit...

  • Page 209: Configuring Sflow

    Configuring sFlow Sampled Flow (sFlow) is a traffic monitoring technology. As shown in Figure 67, the sFlow system involves an sFlow agent embedded in a device and a remote sFlow collector. The sFlow agent collects interface counter information and packet information and encapsulates the sampled information in sFlow packets.

  • Page 210: Configuring The Sflow Agent And Sflow Collector Information

    { ip ip-address | NOTE: address for the ipv6 ipv6-address } • HP recommends that you manually configure sFlow agent. an IP address for the sFlow agent. • Only one IP address can be configured for the sFlow agent on the device, and a newly configured IP address overwrites the existing one.

  • Page 211: Configuring Counter Sampling

    (starting from The default setting is 128 bytes. the packet header) that flow sflow flow max-header length HP recommends the default. sampling can copy per packet. Specify the sFlow collector for By default, no sFlow collector is sflow flow collector collector-id flow sampling.

  • Page 212: Sflow Configuration Example

    Task Command Display sFlow configuration. display sflow sFlow configuration example Network requirements As shown in Figure 68, configure flow sampling in random mode and counter sampling on Ten-GigabitEthernet 1/0/1 of the device to monitor traffic on the port. Configure the device to send sampled information in sFlow packets through Ten-GigabitEthernet 1/0/3 to the sFlow collector.

  • Page 213

    [Sysname-Ten-GigabitEthernet1/0/1] sflow sampling-rate 4000 # Specify sFlow collector 1 for flow sampling. [Sysname-Ten-GigabitEthernet1/0/1] sflow flow collector 1 Verifying the configuration # Display the sFlow configuration and operation information. [Sysname-Ten-GigabitEthernet1/0/1] display sflow sFlow datagram version: 5 Global information: Agent IP: 3.3.3.1(CLI) Source address: Collector information: Port...

  • Page 214

    Verify that the bound VPN already exists. Verify that the length of an sFlow packet is greater than the length of the sFlow packet header plus the number of bytes (HP recommends the default) that flow sampling can copy per packet.

  • Page 215: Monitoring And Maintaining Processes

    Monitoring and maintaining processes HP Comware V7 is a full-featured, modular, and scalable network operating system based on the Linux kernel. Comware V7 software features run the following types of independent processes: • User process—Runs in user space. Most Comware V7 software features run user processes. Each process runs in an independent space so the failure of a process does not affect other processes.

  • Page 216: Monitoring Kernel Threads

    Task Command Display heap memory usage for a display process memory heap job job-id [ verbose ] [ slot slot-number ] user process. Display the addresses of memory display process memory heap job job-id size memory-size [ offset blocks with a specified size used offset-size ] [ slot slot-number ] by a user process.

  • Page 217: Configuring Kernel Thread Starvation Detection

    Step Command Remarks (Optional.) Set the interval monitor kernel deadloop time interval [ slot for identifying a kernel The default is 8 seconds. slot-number ] thread deadloop. (Optional.) Disable kernel After enabled, kernel thread monitor kernel deadloop exclude-thread thread deadloop detection deadloop detection monitors tid [ slot slot-number ] for a kernel thread.

  • Page 218

    Task Command display kernel reboot show-number [ offset ] [ verbose ] [ slot Display kernel thread reboot information. slot-number ] display kernel starvation show-number [ offset ] [ verbose ] Display kernel thread starvation information. [ slot slot-number ] Display kernel thread starvation detection display kernel starvation configuration [ slot slot-number ] configuration.

  • Page 219: Configuring Eaa

    Configuring EAA Overview Embedded Automation Architecture (EAA) is a monitoring framework that enables you to self-define monitored events and actions to take in response to an event. It allows you to create monitor policies by using the CLI or Tcl scripts. EAA framework EAA framework includes a set of event sources, a set of event monitors, a real-time event manager (RTM), and a set of user-defined monitor policies, as shown in...

  • Page 220: Elements In A Monitor Policy

    RTM manages the creation, state machine, and execution of monitor policies. EAA monitor policies A monitor policy specifies the event to monitor and actions to take when the event occurs. You can configure EAA monitor policies by using the CLI or Tcl. A monitor policy contains the following elements: •...

  • Page 221: Eaa Environment Variables

    Event type Description SNMP_Notification event occurs when the monitored MIB variable's value in an SNMP SNMP_Notification notification matches the specified condition. For example, the broadcast traffic rate on an Ethernet interface is equal to or greater than 30%. Action You can create a series of order-dependent actions to take in response to the event specified in the monitor policy.

  • Page 222: Configuring A User-defined Eaa Environment Variable

    Event-specific variable—Available only for a type of event. • Table 20 shows all system-defined variables. Table 20 System-defined EAA environment variables by event type Variable name Description Any event: _event_id Event ID. _event_type Event type. _event_type_string Event type description. _event_time Time when the event occurs.

  • Page 223: Configuring A Monitor Policy

    Step Command Remarks Enter system view. system-view Configure a By default, no user-defined environment user-defined EAA rtm environment env-name variables are configured. The system provides environment env-value the system-defined variables in Table variable. Configuring a monitor policy You can configure a monitor policy by using the CLI or Tcl. Configuration restrictions and guidelines When you configure monitor policies, follow these restrictions and guidelines: Make sure the actions in different policies do not conflict.

  • Page 224

    Step Command Remarks • Configure a CLI event: event cli { async [ skip ] | sync } mode { execute | help | tab } pattern regular-exp • Configure a hotplug event: event hotplug slot slot-number • Configure an interface event: event interface interface-type interface-number monitor-obj monitor-obj start-op start-op start-val...

  • Page 225: Configuring A Monitor Policy By Using Tcl

    Step Command Remarks By default, CLI-defined policies are not enabled. Enable the policy. commit A CLI-defined policy can take effect only after you perform this step. Configuring a monitor policy by using Tcl Step Command Remarks Edit a Tcl script file The supported Tcl version is 8.5.8.

  • Page 226: Suspending Monitor Policies

    Line Content Requirements You can reference a variable name in the $variable_name format instead of specifying a value for an argument when you define an action. Line 2 Actions The following actions are available: • Standard Tcl commands. • EAA-specific Tcl commands. •...

  • Page 227

    Configuration procedure # Enter system view. <Sysname> system-view # Create the CLI-defined policy test and enter its view. [Sysname] rtm cli-policy test # Add a CLI event that occurs when a question mark (?) is entered at any command line that contains letters and digits.

  • Page 228: Tcl-defined Policy Configuration Example

    Tcl-defined policy configuration example Network requirements Use Tcl to create a monitor policy on the device. This policy must meet the following requirements: EAA sends the log message "rtm_tcl_test is running" when a command that contains the display • this string is entered. The system executes the command only after it executes the policy successfully.

  • Page 229: Configuring Cwmp

    Configuring CWMP CWMP is available in release 231 1P04 and later versions. Overview CPE WAN Management Protocol (CWMP), also called "TR-069," is a DSL Forum technical specification for remote management of home network devices. The protocol was initially designed to provide remote autoconfiguration through a server for large numbers of dispersed end-user devices in DSL networks.

  • Page 230: Basic Cwmp Functions

    Basic CWMP functions The ACS identifies different categories of CPEs by provision code. You can use the ACS to autoconfigure and upgrade each category of CPEs in bulk. Autoconfiguration You can create configuration files for different categories of CPEs on the ACS. The ACS identifies the configuration file for a CPE by its provision code.

  • Page 231: How Cwmp Works

    Category Objects ACS URL ACS username ACS password PeriodicInformEnable CWMP settings PeriodicInformInterval PeriodicInformTime ConnectionRequestURL (CPE URL) ConnectionRequestUsername (CPE username) ConnectionRequestPassword (CPE password) How CWMP works CWMP uses remote procedure call (RPC) methods for bidirectional communication between CPE and ACS. The RPC methods are encapsulated in HTTP or HTTPS. RPC methods Table 23 shows the primary RPC methods used in CWMP.

  • Page 232

    NOTE: For the CPE to complete autoconfiguration at its initial startup, HP recommends that you use a DHCP server. The DHCP option for ACS parameter assignment is option 43. For more information about DHCP, Layer 3—IP Services Configuration Guide CWMP connection establishment...

  • Page 233: Enabling Cwmp From The Cli

    For an attribute, the CLI- and ACS-assigned values have higher priority than the DHCP-assigned value. The CLI- and ACS-assigned values overwrite each other, whichever is assigned later. This document only describes configuring ACS and CPE attributes from the CLI and DHCP server. For more information about configuring and using the ACS, see ACS documentation.

  • Page 234: Configuring Acs Attributes

    You can use DHCP option 43 to assign the ACS URL and ACS login authentication username and password. If the DHCP server is an HP device, you can configure DHCP option 43 by using the option 43 hex 01length URL username password command.

  • Page 235: Configuring The Default Acs Attributes From The Cli

    Attribute Attribute value Hexadecimal form ACS connect 5678 35363738 password For more information about DHCP and DHCP Option 43, see layer 3—IP Services Configuration Guide. Configuring the preferred ACS attributes from the CLI Step Command Remarks Enter system view. system-view Enter CWMP view.

  • Page 236: Configuring Acs Authentication Parameters

    Configuring ACS authentication parameters To protect the CPE against unauthorized access, configure a CPE username and password for ACS authentication. When an ACS initiates a connection to the CPE, the ACS must provide the correct username and password. NOTE: The password setting is optional. You may choose to use only a username for authentication. To configure ACS authentication parameters: Step Command...

  • Page 237: Configuring Autoconnect Parameters

    To configure the CWMP connection interface: Step Command Remarks Enter system view. system-view Enter CWMP view. cwmp Specify the interface that cwmp cpe connect interface No CWMP connection interface is connects to the ACS as the interface-type interface-number specified. CWMP connection interface. Configuring autoconnect parameters You can configure the CPE to connect to the ACS periodically, or at a schedule time for configuration or software update.

  • Page 238: Enabling Nat Traversal For The Cpe

    Step Command Remarks Enter system view. system-view Enter CWMP view. cwmp By default, the CPE retries a failed Configure the maximum cwmp cpe connect retry times connection until the connection is number of connection retries. established. Configuring the close-wait timer The close-wait timer specifies the amount of time the connection to the ACS can be idle before it is terminated.

  • Page 239: Displaying And Maintaining Cwmp

    As shown in Figure 3, use HP IMC BIMS as the ACS to bulk-configure the devices (CPEs), and assign ACS attributes to the CPEs from the DHCP server. The configuration files for the devices in equipment rooms A and B are configure1.cfg and configure2.cfg,...

  • Page 240

    Figure 3 Network diagram DHCP Server DNS Server 10.185.10.41 10.185.10.52 10.185.10.60 Device A Device B Device C Device D Device E Device F Room A Room B Table 25 shows the ACS attributes for the CPEs to connect to the ACS. Table 25 ACS attributes Item Setting...

  • Page 241

    Configuration procedure Configuring the ACS Log in to the ACS: Launch a Web browser on the ACS configuration terminal. In the address bar of the Web browser, enter the ACS URL and port number. This example uses http://10.185.10.41:8080/imc. On the login page, enter the ACS login username and password, and then click Login. Create a CPE user account: Select Service >...

  • Page 242

    On the Add Device Group page, enter a service group name (for example, DB_1), and then click OK. Figure 6 Adding a device group Select Service > Resource > Device Class from the top navigation bar. Click Add. On the Add Device Class page, enter a device class name for devices in equipment room A, and then click OK.

  • Page 243

    Repeat the previous two steps to add other devices. Figure 8 Adding a CPE After the CPE is added successfully, a success message is displayed, as shown in Figure Figure 9 CPE added successfully Configure the system settings of the ACS, as shown in Figure...

  • Page 244

    Figure 10 Configuring the system settings of the ACS Add configuration templates and software library entries for the two classes of devices: Select Service > BIMS > Configuration Management > Configuration Templates from the navigation tree. Figure 11 Configuring templates page On the Configuration Templates page, click Import….

  • Page 245

    Figure 12 Importing configuration template After the configuration template is added successfully, a success message is displayed, as shown in Figure Figure 13 Configuration templates...

  • Page 246

    Select Service > BIMS > Configuration Management > Software Library from the top navigation bar. Figure 14 Configuring software library On the Software Library page, click Import…. On the Import CPE Software page, select the software images for the Device_A device class, add the Device_A class to the Applicable CPEs pane, and then click OK.

  • Page 247

    Figure 16 Deployment Guide On the Auto Deploy Configuration page, click Select Class. Figure 17 Configuring auto deployment On the Device Class page, select Device_A, and then click OK.

  • Page 248

    A. Configuring the DHCP server In this example, an HP device is operating as the DHCP server. Configure an IP address pool to assign IP addresses and DNS server address to the CPEs. This example uses subnet 10.185.10.0/24 for IP address assignment.

  • Page 249

    [DHCP_server] dhcp enable # Enable DHCP server on VLAN-interface 1. [DHCP_server] interface vlan-interface 1 [DHCP_server-Vlan-interface1] dhcp select server global-pool [DHCP_server-Vlan-interface1] quit # Exclude the DNS server address 10.185.10.60 and the ACS IP address 10.185.10.41 from dynamic allocation. [DHCP_server] dhcp server forbidden-ip 10.185.10.41 [DHCP_server] dhcp server forbidden-ip 10.185.10.60 # Create DHCP address pool 0.

  • Page 250: Configuring Netconf

    Configuring NETCONF Overview Network Configuration Protocol (NETCONF) is an XML-based network management protocol with good filtering capabilities. It provides programmable mechanisms to manage and configure network devices. Through NETCONF, you can configure device parameters, retrieve parameter values, and get statistics information.

  • Page 251: Netconf Message Format

    NETCONF XML API reference for the switch. The following example shows a NETCONF message for getting all parameters of all interfaces on the device: <?xml version="1.0" encoding="utf-8"?> <rpc message-id ="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-bulk> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface/> </Interfaces> </Ifmgr> </top>...

  • Page 252: How To Use Netconf

    </env:Header> <env:Body> <rpc message-id ="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-bulk> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <IF> <Interfaces> <Interface/> </Interfaces> </IF> </top> </filter> </get-bulk> </rpc> </env:Body> </env:Envelope> How to use NETCONF You can use NETCONF to manage and configure the device by using the methods in...

  • Page 253

    FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode (see Security Configuration Guide) and non-FIPS mode. NETCONF configuration task list Task at a glance (Optional.) Enabling NETCONF over SOAP (Optional.)

  • Page 254: Enabling Netconf Over Ssh

    The device automatically advertises its NETCONF capabilities to the client in a hello message as follows: <?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:pa rams:netconf:base:1.1</capability><capability>urn:ietf:params:netconf:writable-runnin g</capability><capability>urn:ietf:params:netconf:capability:notification:1.0</capabi lity><capability>urn:ietf:params:netconf:capability:validate:1.1</capability><capabil ity>urn:ietf:params:netconf:capability:interleave:1.0</capability><capability>urn:iet f:params:netconf:capability:hp-netconf-ext:1.0</capability></capabilities><session-id >1</session-id></hello>]]>]]> Where: The <capabilities> parameter represents the capabilities supported by the device. • • The <session-id> parameter represents the unique ID assigned to the current session.

  • Page 255: Subscribing To Event Notifications

    You can send multiple subscription messages to subscribe to notification of multiple events. Subscription procedure # Copy the following message to the client to complete the subscription: <?xml version="1.0" encoding="UTF-8"?> <rpc message-id="101" xmlns ="urn:ietf:params:xml:ns:netconf:base:1.0"> <create-subscription xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0"> <stream>NETCONF</stream> <filter> <event xmlns="http://www.hp.com/netconf/event:1.0"> <Code>code</Code> <Group>group</Group> <Severity>severity</Severity> </event> </filter> <startTime>start-time</startTime> <stopTime>stop-time</stopTime> </create-subscription>...

  • Page 256: Example For Subscribing To Event Notifications

    The <severity> parameter represents the severity level of the event. • • The <start-time> parameter represents the start time of the subscription. The <stop-time> argument represents the end time of the subscription. • After receiving the subscription request from the client, the device returns a response in the following format if the subscription is successful: <?xml version="1.0"...

  • Page 257: Locking/unlocking The Configuration

    # If fan 1 on the device encounters problems, the device sends the following text to the client that has subscribed to all events: <?xml version="1.0" encoding="UTF-8"?> <notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0"> <eventTime>2011-01-04T12:30:46</eventTime> <event xmlns="http://www.hp.com/netconf/event:1.0"> <Group>DEV</Group> <Code>FAN_DIRECTION_NOT_PREFERRED</Code> <Slot>6</Slot> <Severity>Alert</Severity> <context>Fan 1 airflow direction is not preferred on slot 6, please check it.</context>...

  • Page 258: Locking The Configuration

    Locking the configuration # Copy the following text to the client to lock the configuration: <?xml version="1.0" encoding="UTF-8"?> <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <lock> <target> <running/> </target> </lock> </rpc> After receiving the lock request, the device returns a response in the following format if the lock operation is successful: <?xml version="1.0"...

  • Page 259: Performing Service Operations

    # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> </capabilities> </hello> # Lock the configuration. <?xml version="1.0" encoding="UTF-8"?> <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <lock> <target> <running/> </target> </lock> </rpc> Verifying the configuration If the client receives the following response, the lock operation is successful: <?xml version="1.0"...

  • Page 260: Performing The Get/get-bulk Operation

    The number of matched data entries is less than the value of the count attribute. # Copy the following text to the client to perform the get operation: <?xml version="1.0" encoding="UTF-8"?> <rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <getoperation> <filter> <top xmlns=" http://www.hp.com/netconf/data:1.0"> Specify the module, submodule, table name, and column name </top> </filter> </getoperation> </rpc>...

  • Page 261: Performing The Get-config/get-bulk-config Operation

    The <get-config> and <get-bulk-config> messages are similar. The following is a <get-config> message example: <?xml version="1.0"?> <rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter> <top xmlns="http://www.hp.com/netconf/config:1.0"> Specify the module name, submodule name, table name, and column name </top> </filter> </get-config>...

  • Page 262: Performing The Edit-config Operation

    <edit-config> <target><running></running></target> <error-option> Default operation when an error occurs </error-option> <config> <top xmlns="http://www.hp.com/netconf/config:1.0"> Specify the module name, submodule name, table name, and column name </top> </config> </edit-config> </rpc> After receiving the edit-config request, the device returns a response in the following format if the operation is successful: <?xml version="1.0">...

  • Page 263

    <get-config> <source> <running/> </source> </get-config> </rpc> Verifying the configuration If the client receives the following text, the get-config operation is successful: <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:web="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <data> <top xmlns="http://www.hp.com/netconf/config:1.0"> <Ifmgr> <Interfaces> <Interface> <IfIndex>1307</IfIndex> <Shutdown>1</Shutdown> </Interface> <Interface> <IfIndex>1308</IfIndex> <Shutdown>1</Shutdown> </Interface> <Interface>...

  • Page 264: Syslog Configuration Data Retrieval Example

    <Interface> <Index>1313</Index> <VlanType>2</VlanType> </Interface> </Interfaces> </Ifmgr> <Syslog> <LogBuffer> <BufferSize>120</BufferSize> </LogBuffer> </Syslog> <System> <Device> <SysName>HP</SysName> <TimeZone> <Zone>+11:44</Zone> <ZoneName>beijing</ZoneName> </TimeZone> </Device> </System> </top> </data> </rpc-reply> Syslog configuration data retrieval example Network requirements Retrieve configuration data for the Syslog module. Configuration procedure # Enter XML view.

  • Page 265: Example For Retrieving A Data Entry For The Interface Table

    <running/> </source> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/config:1.0"> <Syslog/> </top> </filter> </get-config> </rpc> Verifying the configuration If the client receives the following text, the get-config operation is successful: <?xml version="1.0" encoding="UTF-8"?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <data> <top xmlns="http://www.hp.com/netconf/config:1.0"> <Syslog> <LogBuffer> <BufferSize>120</BufferSize> </LogBuffer> </Syslog>...

  • Page 266: Example For Changing The Value Of A Parameter

    </Interfaces> </Ifmgr> </top> </filter> </get-bulk> </rpc> Verifying the configuration If the client receives the following text, the get-bulk operation is successful: <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:web="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <data> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface> <IfIndex>3</IfIndex> <Name>Ten-GigabitEthernet1/0/2</Name> <AbbreviatedName>XGE1/0/2</AbbreviatedName> <PortIndex>3</PortIndex> <ifTypeExt>22</ifTypeExt> <ifType>6</ifType> <Description>Ten-GigabitEthernet 1/0/2 Interface</Description>...

  • Page 267: Saving, Rolling Back, And Loading The Configuration

    </capabilities> </hello> # Change the log buffer size for the Syslog module to 512. <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:web="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <running/> </target> <config> <top xmlns="http://www.hp.com/netconf/config:1.0" web:operation="merge"> <Syslog> <LogBuffer> <BufferSize>512</BufferSize> </LogBuffer> </Syslog> </top> </config> </edit-config> </rpc> Verifying the configuration If the client receives the following text, the edit-config operation is successful: <?xml version="1.0"...

  • Page 268: Rolling Back The Configuration

    After receiving the save request, the device returns a response in the following format if the save operation is successful: <?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply> Rolling back the configuration # Copy the following text to the client to roll back the configuration: <?xml version="1.0"...

  • Page 269: Example For Saving The Configuration

    <rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply> Example for saving the configuration Network requirements Save the current configuration to the configuration file my_config.cfg. Configuration procedure # Enter XML view. <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> </capabilities> </hello> # Save the configuration of the device to the configuration file my_config.cfg.

  • Page 270

    <rpc message-id ="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface> <AdminStatus>2</AdminStatus> </Interface> </Interfaces> </Ifmgr> </top> </filter> </get> </rpc> Regular expression match • To implement a complex data filtering with characters, you can add a regExp attribute for a specific element.

  • Page 271: Example For Filtering Data With Regular Expression Match

    # Copy the following text to the client to retrieve extension information about the entity of which the CPU usage is more than 50%: <rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:hp="http://www.hp.com/netconf/base:1.0"> <get> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Device> <ExtPhysicalEntities> <Entity> <CpuUsage hp:match="more:50"></CpuUsage> </Entity> </ExtPhysicalEntities>...

  • Page 272

    </capabilities> </hello> # Retrieve all data including colons in the Description column of the Interfaces table under the Ifmgr module. <?xml version="1.0"?> <rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:reg="http://www.hp.com/netconf/base:1.0"> <get> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface> <Description reg:regExp=":"/> </Interface> </Interfaces> </Ifmgr> </top>...

  • Page 273: Example For Filtering Data By Conditional Match

    # Retrieve data in the Name column with the ifindex value not less than 5000 in the Interfaces table under the Ifmgr module. <rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="http://www.hp.com/netconf/base:1.0"> <get> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface> <IfIndex nc:match="more:5000"/> <Name/> </Interface> </Interfaces>...

  • Page 274: Performing Cli Operations Through Netconf

    </Ifmgr> </top> </filter> </get> </rpc> Verifying the configuration If the client receives the following text, the operation is successful: <?xml version="1.0" encoding="UTF-8"?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="http://www.hp.com/netconf/base:1.0" message-id="100"> <data> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface> <IfIndex>7241</IfIndex> <Name>NULL0</Name> </Interface> <Interface> <IfIndex>7243</IfIndex> <Name>Register-Tunnel0</Name> </Interface> </Interfaces>...

  • Page 275: Cli Operation Example

    <?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <CLI> <Execution> <![CDATA[Responses to the commands]]> </Execution> </CLI> </rpc-reply> CLI operation example Configuration requirements Send the display current-configuration command to the device. Configuration procedure # Enter XML view. <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities>...

  • Page 276: Retrieving Netconf Session Information

    telnet server enable irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 ]]> </Execution> </CLI> </rpc-reply> Retrieving NETCONF session information You can use the get-sessions operation to retrieve NETCONF session information of the device. # Copy the following message to the client to retrieve NETCONF session information from the device: <?xml version="1.0"...

  • Page 277: Terminating Another Netconf Session

    <?xml version="1.0" encoding="UTF-8"?> <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-sessions/> </rpc> If the client receives a message as follows, the operation is successful: <?xml version="1.0" encoding="UTF-8"?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <get-sessions> <Session> <SessionID>1</SessionID> <Line>vty0</Line> <UserName></UserName> <Since>2011-01-05T00:24:57</Since> <LockHeld>false</LockHeld> </Session> </get-sessions> </rpc-reply> The output shows the following information: •...

  • Page 278: Configuration Example

    Configuration example Configuration requirement The user whose session's ID is 1 terminates the session with session ID 2. Configuration procedure # Enter XML view. <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> </capabilities> </hello> # Terminate the session with session ID 2. <rpc message-id="101"...

  • Page 279: Appendix

    NETCONF operations available with Comware V7. Table 30 NETCONF operations Operation Description XML example To retrieve device configuration and state information for the Syslog module: <rpc message-id ="101" xmlns="urn:ietf:params:xml:ns:netconf:ba se:1.0" xmlns:xc="http://www.hp.com/netconf/base :1.0"> <get> <filter type="subtree"> Retrieves device configuration and state information. <top xmlns="http://www.hp.com/netconf/data:1. 0"> <Syslog>...

  • Page 280

    Operation Description XML example To retrieve non-default configuration data for the interface table: <rpc message-id ="100" xmlns="urn:ietf:params:xml:ns:netconf:ba se:1.0" xmlns:xc="http://www.hp.com/netconf/base :1.0"> <get-config> <source> <running/> </source> Retrieves the non-default configuration data. If <filter type="subtree"> get-config non-default configuration data <top does not exist, the device returns xmlns="http://www.hp.com/netconf/config:...

  • Page 281

    <running/> Retrieves a number of </source> non-default configuration data <filter type="subtree"> get-bulk-config entries starting from the data entry next to the one with the <top xmlns="http://www.hp.com/netconf/config: specified index. 1.0"> <Ifmgr> </Ifmgr> </top> </filter> </get-bulk-config> </rpc> To change the buffer size to 120: <rpc message-id ="101"...

  • Page 282

    Operation Description XML example Creates a specified target. To use the create attribute in the edit-config operation, you must specify the operation target. • If the table supports target The XML data format is the same as the edit-config creation and the specified edit-config: create message with the merge attribute.

  • Page 283

    Operation Description XML example Deletes the specified configuration. • If the specified target has only the table index, the operation removes all configuration of the specified target, and the target itself. The syntax is the same as the edit-config message with •...

  • Page 284

    <config xmlns:xc="urn:ietf:params:xml:ns:netconf • merge—This is the default :base:1.0"> value for the edit-config: <top <default-operation> default-operation xmlns="http://www.hp.com/netconf/config: element. 1.0"> • replace—This value is used <Ifmgr > when the operation attribute <Interfaces> is not specified and the <Interface> default operation method is <Index>262</Index>...

  • Page 285

    <config xmlns:xc="urn:ietf:params:xml:ns:netconf Determines the action to take in :base:1.0"> case of a configuration error. <top The error-option element has xmlns="http://www.hp.com/netconf/config: 1.0"> one of the following values: <Ifmgr xc:operation="merge"> • stop-on-error—Stops the operation on error and <Interfaces> returns an error message.

  • Page 286

    <test-option>test-only</test-option> • <config test-then-set—Performs a xmlns:xc="urn:ietf:params:xml:ns:netconf validation test before :base:1.0"> attempting to set. If the <top validation test fails, the xmlns="http://www.hp.com/netconf/config: edit-config operation is not 1.0"> performed. This is the default edit-config: <Ifmgr xc:operation="merge"> test-option value. test-option <Interfaces> • set—Directly performs the <Interface>...

  • Page 287

    Operation Description XML example To lock the configuration: Locks the configuration data that can be changed by the <rpc message-id="101" edit-config operation. Other xmlns="urn:ietf:params:xml:ns:netconf:ba configurations are not limited by se:1.0"> the lock operation. <lock> lock This lock operation locks only <target>...

  • Page 288

    Operation Description XML example Executes CLI operations. A request message encloses commands in the <CLI> To execute the display this command in system view: element, and a response message encloses the command <rpc message-id="101" output in the <CLI> element. xmlns="urn:ietf:params:xml:ns:netconf:ba NETCONF supports the se:1.0">...

  • Page 289: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. For a complete list of acronyms and their definitions, see HP FlexNetwork Technology Acronyms.

  • Page 290: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 291

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 292: Index

    Index NMM flow mirroring QoS policy, NMM flow mirroring QoS policy (control access control plane), NMM NTP access control rights NMM flow mirroring QoS policy (global), configuration, NMM flow mirroring QoS policy (interface), NMM NTP peer ACL, NMM flow mirroring QoS policy (VLAN), NMM NTP query ACL, architecture NMM NTP security,...

  • Page 293

    NMM NTP client/server mode with NMM NQA client ICMP echo operation, 123, authentication, NMM NQA client ICMP template, 141, 141, NMM NTP configuration, NMM NQA client operation scheduling, NMM NTP multicast authentication, NMM NQA client SNMP operation, 128, NMM NTP security, NMM NQA client statistics collection function, NMM NTP symmetric active/passive mode NMM NQA client TCP operation,...

  • Page 294

    CWMP ACS attribute (default)(CLI), NMM NQA, 19, 121, CWMP ACS attribute (preferred), NMM NQA client DHCP operation, 124, CWMP ACS autoconnect parameters, NMM NQA client DLSw operation, 132, CWMP ACS close-wait timer, NMM NQA client DNS operation, 124, CWMP ACS connection retry max number, NMM NQA client DNS template, 141, CWMP ACS periodic Inform feature, NMM NQA client FTP operation, 125,...

  • Page 295

    NMM NTP client/server mode with MPLS VPN NMM remote port mirroring source group, time synchronization, NMM remote port mirroring source group egress NMM NTP local clock as reference source, port, NMM NTP max number dynamic NMM remote port mirroring source group remote associations, probe VLAN, NMM NTP multicast association mode, 17,...

  • Page 296

    data ACS authentication parameters, NMM NETCONF configuration data retrieval (all modules), ACS connection interface, NMM NETCONF configuration data retrieval ACS provision code, (Syslog module), attribute type, NMM NETCONF data entry retrieval (interface CWMP ACS autoconnect parameters, table), NAT traversal, NMM NETCONF filtering (conditional CPE WAN Management Protocol.

  • Page 297

    NMM information center log output NMM port mirroring remote destination group, (console), 90, NMM port mirroring remote source group, NMM information center log output (Linux log NMM port mirroring remote source group egress host), 92, port, NMM information center log output (UNIX log NMM port mirroring remote source group remote host), probe VLAN,...

  • Page 298

    PMM kernel threads, NMM NQA client UDP echo operation, 130, SNMP settings, egress port user PMM, NMM Layer 2 remote port mirroring, DLSw NMM port mirroring remote source group egress port, NMM NQA, 1 19 Embedded Automation Architecture. Use NMM NQA client DLSw operation, 132, enabling CWMP, NMM NQA,...

  • Page 299

    NMM EAA environment variable configuration NMM information center system logs, (user-defined), NMM NETCONF message, NMM EAA event monitor, NMM EAA event monitor policy element, NMM NQA, 1 19 NMM EAA event monitor policy environment NMM NQA client FTP operation, 125, variable, 21 1 NMM NQA client FTP template, 145,...

  • Page 300

    NMM RMON group, log output (Linux log host), 92, NMM RMON history control entry, 1 12 log output (log buffer), NMM RMON history group log output (log host), configuration, 1 15 log output (monitor terminal), host log output (UNIX log host), NMM information center log output (log log save to file, host),...

  • Page 301

    NMM NQA client DHCP operation, 124, PMM, NMM NQA client DLSw operation, 132, PMM deadloop detection, NMM NQA client DNS operation, 124, PMM starvation detection, NMM NQA client DNS template, 141, NMM NQA client FTP operation, 125, Layer 2 NMM NQA client FTP template, 145, NMM port mirroring configuration, NMM NQA client history record save, NMM remote port mirroring...

  • Page 302

    NMM information center diagnostic logs, NMM PTP non-Pdelay message MAC address, NMM information center duplicate log maintaining suppression, NMM information center, NMM information center hidden logs, NMM PTP, NMM information center interface link up/link PMM, down log generation, PMM kernel threads, NMM information center log default output PMM Linux, rules,...

  • Page 303

    module feature module debug, CWMP CPE NAT traversal, NMM information center configuration, 77, NETCONF NMM NETCONF configuration data retrieval capability exchange, (all modules), CLI operations, 264, NMM NETCONF configuration data retrieval CLI return, (Syslog module), configuration, 240, NMM NETCONF data entry retrieval (interface configuration data retrieval (all modules), table), configuration data retrieval (Syslog module),...

  • Page 304

    NMM flow mirroring QoS policy application NMM NQA client SNMP operation, (interface), NMM NQA client statistics collection function, NMM flow mirroring QoS policy application NMM NQA client TCP operation, 129, (VLAN), NMM NQA client template configuration, NMM flow mirroring QoS policy NMM NQA client threshold monitoring, configuration, NMM NQA client UDP echo operation, 130,...

  • Page 305

    NMM PTP timestamp, NMM NQA ICMP template configuration, NMM sFlow counter sampling NMM NTP broadcast association mode, configuration, NMM NTP broadcast mode with authentication, NMM sFlow flow sampling configuration, NMM NTP client/server association mode, NMM SNTP authentication, NMM NTP client/server mode with NMM SNTP NTP server specification, authentication, ping address reachability determination,...

  • Page 306

    CWMP CPE attributes, information center log formats, CWMP CPE NAT traversal, information center log levels, CWMP framework, information center log output (console), 83, CWMP settings display, information center log output (Linux log host), 92, displaying information center, information center log output (log buffer), displaying NTP, information center log output (log host), displaying PTP,...

  • Page 307

    NETCONF configuration load, NQA client/Track collaboration, NETCONF configuration lock/unlock, 247, NQA client/Track collaboration function, NETCONF configuration rollback, NQA configuration, 19, 121, NETCONF configuration save, NQA ICMP template configuration, NETCONF data entry retrieval (interface NQA operation, 1 19 table), NQA server configuration, NETCONF data filtering, NQA threshold monitoring, NETCONF edit-config operation,...

  • Page 308

    port mirroring configuration, system information security log default output rules, port mirroring implementation, system information trace log default output rules, port mirroring remote destination group, system maintenance, port mirroring remote source group, tracert, 3, PTP clock mode, tracert node failure identification, PTP configuration, PTPconfiguration, NMM RMON alarm function configuration,...

  • Page 309

    client template optional parameters, IPv6 client/server association mode configuration, client threshold monitoring, IPv6 multicast association mode configuration, client UDP echo operation, 130, IPv6 symmetric active/passive association mode client UDP jitter operation, 127, configuration, client voice operation, 131, local clock as reference source, client/Track collaboration, message processing disable, client/Track collaboration function,...

  • Page 310

    NMM information logs to monitor terminal, path NMM NQA client path jitter operation, 133, NMM NQA path jitter, 1 19 packet Pdelay_Req message, NMM flow mirroring performing configuration, 194, 194, NMM NETCONF CLI operations, 264, NMM flow mirroring match criteria NMM NETCONF edit-config operation, configuration, NMM NETCONF get/get-bulk operation,...

  • Page 311

    NMM flow mirroring QoS policy application direction (outbound), (interface), displaying, NMM flow mirroring QoS policy application egress port, (VLAN), implementation, NMM flow mirroring QoS policy Layer 2 remote port mirroring configuration, configuration, Layer 3 local group source port configuration port restrictions, configuring local mirroring to support multiple Layer 3 remote configuration,...

  • Page 312

    applying NMM flow mirroring QoS policy, configuring NMM EAA monitor policy (Tcl), 215, applying NMM flow mirroring QoS policy (control plane), configuring NMM flow mirroring, 194, applying NMM flow mirroring QoS policy configuring NMM flow mirroring match (global), criteria, applying NMM flow mirroring QoS policy configuring NMM flow mirroring QoS policy, (interface), configuring NMM flow mirroring traffic...

  • Page 313

    configuring NMM NQA client HTTP configuring NMM NTP broadcast mode with operation, 126, authentication, configuring NMM NQA client HTTP configuring NMM NTP broadcast server, 16, template, 143, configuring NMM NTP client/server association configuring NMM NQA client ICMP echo mode, 14, operation, 123, configuring NMM NTP client/server mode configuring NMM NQA client ICMP...

  • Page 314

    configuring NMM PTP (IEEE 802.1AS), configuring SNMP basic parameters, configuring NMM PTP announce message configuring SNMP logging, sending interval, configuring SNMP notification, configuring NMM PTP announcement configuring SNMPv1, interval, configuring SNMPv1 agent notification, configuring NMM PTP Bits clock parameter, configuring SNMPv1 basic parameters, configuring NMM PTP clock priority, configuring SNMPv2c, configuring NMM PTP cumulative offset,...

  • Page 315

    enabling NMM NETCONF over SOAP, performing NMM NETCONF get-config/get-bulk-config operation, enabling NMM NQA client, performing NMM NETCONF service enabling NMM NTP, operations, enabling NMM PTP on port, retrieving NMM NETCONF configuration data (all enabling NMM SNTP, modules), enabling SNMP notification, retrieving NMM NETCONF configuration data entering NMM NETCONF XML view, (Syslog module),...

  • Page 316

    NMM NTP, NMM PTP, NMM flow mirroring configuration, 194, 194, NMM PTP message encapsulating protocol, NMM flow mirroring match criteria configuration, NMM RMON, 1 1 1 NMM flow mirroring QoS policy application, NMM sFlow, NMM flow mirroring QoS policy application NMM SNMP configuration, (control plane), SNMP versions,...

  • Page 317

    remote source group remote probe VLAN history group, configuration, history group configuration, 1 15 remote source group source ports, private alarm group, 1 10 remote probe VLAN private alarm group sample type, 1 1 1 NMM Layer 2 remote port mirroring, protocols and standards, 1 1 1 NMM port mirroring monitor port to remote...

  • Page 318

    NMM system information default trace log NMM NTP multicast server configuration, output, NMM SNTP configuration, 52, 52, runtime NMM SNTP NTP server specification, NMM EAA event monitor policy runtime, 21 1 service NMM NETCONF configuration data retrieval (all modules), sampling NMM NETCONF configuration data retrieval NMM RMON alarm group sample type, 1 1 1...

  • Page 319

    Get operation, 95, displaying, logging configuration, enable, manager, NTP server specification, MIB, 94, SOAP MIB view-based access control, NMM NETCONF message format, NMM NQA, 1 19 NMM NETCONF over SOAP enable, NMM NQA client SNMP operation, 128, source NMM RMON alarm function configuration, 1 16 NMM port mirroring, NMM RMON configuration,...

  • Page 320

    NMM information center duplicate log NMM information center log output (log buffer), suppression, NMM information center log output (log host), suspending NMM information center log output (monitor NMM EAA monitor policy, terminal), switch NMM information center log output (UNIX log host), module debug, NMM information center log save to file,...

  • Page 321

    NMM NQA client template optional Track parameters, NMM NQA client/Track collaboration, NMM NQA ICMP template configuration, NMM NQA client/Track collaboration terminating function, NMM NETCONF session, NMM NQA collaboration, testing traffic ping network connectivity test, mirroring. See flow mirroring threshold NMM RMON alarm function configuration, 1 16 NMM NQA client threshold NMM RMON configuration,...

  • Page 322

    NMM NTP client/server mode with NMM flow mirroring configuration, 194, 194, authentication, NMM flow mirroring QoS policy application, NMM NTP client/server mode with MPLS VPN NMM Layer 2 remote port mirroring time synchronization, configuration, NMM NTP configuration, 8, NMM Layer 3 remote port mirroring NMM NTP multicast association mode, configuration, NMM NTP symmetric active/passive...

This manual also for:

5900

Comments to this Manuals

Symbols: 0
Latest comments: