H3C S5820X Series Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. s5820x series
  6. Configuration manual

H3C S5820X Series Configuration Manual

Network management and monitoring
Hide thumbs Also See for S5820X Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, Installation Manual
H3C S5820X&S5800 Series Ethernet Switches
Network Management and Monitoring
Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Document Version: 6W103-20100716
Product Version: Release 1110

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5820X Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S5820X Series

Summary of Contents for H3C S5820X Series

  • Page 1 H3C S5820X&S5800 Series Ethernet Switches Network Management and Monitoring Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document Version: 6W103-20100716 Product Version: Release 1110...
  • Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners.
  • Page 3 Preface The H3C S5800&S5820X documentation set includes 11 configuration guides, which describe the software features for the S5800&S5820X Series Ethernet Switches and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
  • Page 4 Means reader be careful. Improper operation may cause data loss or damage to equipment. Means a complementary description. About the H3C S5800&S5820X Documentation Set The H3C S5800&S5820X documentation set also includes: Category Documents Purposes Marketing brochures Describe product specifications and benefits.
  • Page 5 Interface Cards User available for the products. Manual Describes the benefits, features, hardware H3C OAP Cards User specifications, installation, and removal of the OAP Manual cards available for the products. H3C Low End Series...
  • Page 6 Obtaining Documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support &...

  • Page 7: Table Of Contents

    Table of Contents 1 System Maintenance and Debugging···································································································1-1 Ping······················································································································································1-1 Introduction···································································································································1-1 Configuring Ping ···························································································································1-1 Ping Configuration Example ·········································································································1-2 Tracert ·················································································································································1-4 Introduction···································································································································1-4 Configuring Tracert·······················································································································1-4 System Debugging·······························································································································1-5 Introduction to System Debugging ·······························································································1-5 Configuring System Debugging····································································································1-6 Ping and Tracert Configuration Example·····························································································1-7 2 NQA Configuration·································································································································2-1 NQA Overview ·····································································································································2-1 Introduction to NQA······················································································································2-1 Features of NQA ··························································································································2-1...
  • Page 8 ICMP Echo Test Configuration Example ····················································································2-25 DHCP Test Configuration Example ····························································································2-26 DNS Test Configuration Example ······························································································2-27 FTP Test Configuration Example ·······························································································2-28 HTTP Test Configuration Example·····························································································2-29 UDP Jitter Test Configuration Example······················································································2-30 SNMP Test Configuration Example····························································································2-33 TCP Test Configuration Example ·······························································································2-34 UDP Echo Test Configuration Example ·····················································································2-35 DLSw Test Configuration Example ····························································································2-36 NQA Collaboration Configuration Example ················································································2-37 3 NTP Configuration··································································································································3-1...
  • Page 9 Displaying and Maintaining IPC ···········································································································4-3 5 PoE Configuration··································································································································5-1 PoE Overview ······································································································································5-1 Introduction to PoE·······················································································································5-1 Protocol Specification···················································································································5-2 PoE Configuration Task List ················································································································5-2 Enabling PoE ·······································································································································5-4 Enabling PoE for a PoE Interface·································································································5-4 Detecting PDs ······································································································································5-5 Enabling the PSE to Detect Non-Standard PDs···········································································5-5 Configuring a PD Disconnection Detection Mode ········································································5-5 Configuring the Maximum PoE Interface Power ··················································································5-6 Configuring PoE Power Management··································································································5-6...
  • Page 10 8 RMON Configuration······························································································································8-1 RMON Overview ··································································································································8-1 Introduction···································································································································8-1 Working Mechanism ·····················································································································8-1 RMON Groups······························································································································8-2 Configuring the RMON Statistics Collection ························································································8-3 Configuring RMON Ethernet Statistics Collection ········································································8-4 Configuring RMON History Statistics Collection···········································································8-4 Configuring the RMON Alarm Function ·······························································································8-5 Configuration Prerequisites ··········································································································8-5 Configuration Procedure ··············································································································8-5 Displaying and Maintaining RMON ······································································································8-7 Ethernet Statistics Group Configuration Example ···············································································8-7 History Group Configuration Example ·································································································8-8...
  • Page 11 Configuring Web User Accounts in Batches ··············································································9-20 Displaying and Maintaining Cluster Management ·············································································9-20 Cluster Management Configuration Example ····················································································9-21 10 Sampler Configuration·······················································································································10-1 Sampler Overview ·····························································································································10-1 Creating a Sampler····························································································································10-1 Displaying and Maintaining Sampler ·································································································10-2 Sampler Configuration Examples ······································································································10-2 Using the Sampler with NetStream ····························································································10-2 11 Port Mirroring Configuration·············································································································11-1 Introduction to Port Mirroring ·············································································································11-1 Classification of Port Mirroring ···································································································11-1...
  • Page 12 Configuration Procedure ············································································································12-5 13 NetStream Configuration···················································································································13-1 NetStream Overview··························································································································13-1 Basic Concepts of NetStream············································································································13-2 What Is a Flow····························································································································13-2 How NetStream Works ···············································································································13-2 Key Technologies of NetStream ········································································································13-3 Flow Aging··································································································································13-3 NetStream Data Export ··············································································································13-3 NetStream Export Formats·········································································································13-5 Introduction to NetStream Sampling and Filtering ·············································································13-5 NetStream Sampling ··················································································································13-5 NetStream Filtering ····················································································································13-6 NetStream Configuration Task List····································································································13-6...
  • Page 13 Configuring IPv6 NetStream Data Export ··························································································14-6 Configuring IPv6 NetStream Common Data Export ···································································14-6 Configuring IPv6 NetStream Aggregation Data Export ······························································14-7 Configuring Attributes of IPv6 NetStream Data Export······································································14-9 Configuring IPv6 NetStream Export Format···············································································14-9 Configuring Refresh Rate for IPv6 NetStream Version 9 Templates ·········································14-9 Displaying and Maintaining IPv6 NetStream ···················································································14-11 IPv6 NetStream Configuration Examples ························································································14-11 IPv6 NetStream Common Data Export Configuration Example ···············································14-11...
  • Page 14 17 Index ····················································································································································17-1 viii...

  • Page 15: System Maintenance And Debugging

    System Maintenance and Debugging This chapter includes these sections: Ping Tracert System Debugging Ping and Tracert Configuration Example You can use the ping command and the tracert command to verify the current network connectivity, and use the debug command to enable debugging and thus to diagnose system faults based on the debugging information.

  • Page 16: Ping Configuration Example

    For a low-speed network, you are recommended to set a larger value for the timeout timer (indicated by the -t parameter in the command) when configuring the ping command. Only the directly connected segment address can be pinged if the outgoing interface is specified with the -i argument Ping Configuration Example Network requirements...
  • Page 17 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=2 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=3 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2...

  • Page 18: Tracert

    Enable sending of ICMP timeout packets on the intermediate device (the device between the source and destination devices). If the intermediate device is an H3C device, execute the ip ttl-expires enable command on the device. For more information about this command, see IP Performance Optimization Configuration Commands in the Layer 3 - IP Services Command Reference.

  • Page 19: System Debugging

    Enable sending of ICMP destination unreachable packets on the destination device. If the destination device is an H3C device, execute the ip unreachables enable command. For more information about this command, see IP Performance Optimization Configuration Commands in the Layer 3 - IP Services Command Reference.

  • Page 20: Configuring System Debugging

    Figure 1-3 The relationship between the protocol and screen output switch Debugging Debugging information information Protocol Protocol debugging debugging switch switch Screen output Screen output switch switch Configuring System Debugging Output of the debugging information may reduce system efficiency. Administrators usually use the debugging commands to diagnose network failure.

  • Page 21: Ping And Tracert Configuration Example

    To do… Use the command… Remarks Required Enable debugging for a specified debugging { all [ timeout time ] | Disabled by default module module-name [ option ] } Available in user view display debugging [ interface interface-type interface-number ] Optional Display the enabled debugging [ module-name ] [ | { begin |...
  • Page 22 100.00% packet loss # Device A and Device C cannot reach each other. Use the tracert command to determine failed nodes. <DeviceA> system-view [DeviceA] ip ttl-expires enable [DeviceA] ip unreachables enable [DeviceA] tracert 1.1.2.2 traceroute to 1.1.2.2(1.1.2.2) 30 hops max,40 bytes packet, press CTRL_C to bre 1 1.1.1.2 14 ms 10 ms 20 ms 2 * * * 3 * * *...

  • Page 23: Nqa Configuration

    NQA Configuration This chapter includes these sections: NQA Overview NQA Configuration Task List Configuring the NQA Server Enabling the NQA Client Creating an NQA Test Group Configuring an NQA Test Group Configuring the Collaboration Function Configuring Trap Delivery Configuring the NQA Statistics Function Configuring the History Records Saving Function Configuring Optional Parameters Common to an NQA Test Group Scheduling an NQA Test Group...
  • Page 24 Supporting the collaboration function Collaboration is implemented by establishing reaction entries to monitor the detection results of the current test group. If the number of consecutive probe failures reaches a certain limit, NQA’s collaboration with other modules is triggered. The implementation of collaboration is shown in Figure 2-1.

  • Page 25: Basic Concepts Of Nqa

    Basic Concepts of NQA Test group Before performing an NQA test, create an NQA test group, and configure NQA test parameters such as test type, destination address and destination port. Each test group has an administrator name and operation tag, which can uniquely define a test group. Test and probe After an NQA test is started, one test is performed at a regular interval and you can set the interval as needed.

  • Page 26: Nqa Configuration Task List

    NQA Configuration Task List To perform TCP, UDP jitter or UDP echo tests, configure the NQA server on the peer device. Complete the following task to enable the NQA server: Task Remarks Configuring the NQA Server Required for TCP, UDP echo and UDP jitter tests To perform an NQA test successfully, make the following configurations on the NQA client: Enable the NQA client Create a test group and configure test parameters according to the test type.

  • Page 27: Configuring The Nqa Server

    Task Remarks Scheduling an NQA Test Group Required Configuring the NQA Server Before performing TCP, UDP echo or UDP jitter tests, configure the NQA server on the peer device. The NQA server makes a response to the request sent by the NQA client by listening to the specified destination address and port number.

  • Page 28: Configuring An Nqa Test Group

    To do… Use the command… Remarks Enter system view system-view — Create an NQA test group and nqa entry admin-name Required enter the NQA test group view operation-tag If you execute the nqa entry command to enter the test group view with test type configured, you directly enter the test type view of the test group.

  • Page 29: Configuring A Dhcp Test

    To do… Use the command… Remarks Optional By default, no interface address is specified as the source IP address of ICMP probe requests. If you use the source ip command Specify the IP address of an source interface interface-type to configure the source IP address interface as the source IP address interface-number of ICMP echo probe requests, the...

  • Page 30: Configuring A Dns Test

    server and DHCP relay, see DHCP Server Configuration and DHCP Relay Agent Configuration in the Layer 3 - IP Services Configuration Guide. Configuring a DHCP test Follow these steps to configure a DHCP test: To do… Use the command… Remarks Enter system view system-view —...

  • Page 31: Configuring An Ftp Test

    To do… Use the command… Remarks Enter system view system-view — Enter NQA test group view nqa entry admin-name operation-tag — Configure the test type as DNS type dns Required and enter test type view Required By default, no destination IP address is configured for a test Specify a destination address for destination ip ip-address...
  • Page 32 To do… Use the command… Remarks nqa entry admin-name Enter NQA test group view — operation-tag Configure the test type as FTP and type ftp Required enter test type view Required By default, no destination IP address is configured for a test Configure the destination address destination ip ip-address operation.

  • Page 33: Configuring An Http Test

    When you execute the put command, a file file-name with fixed size and content is created on the FTP server. When you execute the get command, the device does not save the files obtained from the FTP server. When you execute the get command, the FTP test cannot succeed if a file named file-name does not exist on the FTP server.

  • Page 34: Configuring A Udp Jitter Test

    To do… Use the command… Remarks Optional By default, no source IP address is specified. Configure the source IP address of source ip ip-address The source IP address must be a probe request that of an interface on the device and the interface must be up.
  • Page 35 Delay jitter refers to the difference between the interval of receiving two packets consecutively and the interval of sending these two packets. The procedure of a UDP jitter test is as follows: The source sends packets at regular intervals to the destination port. The destination affixes a time stamp to each packet that it receives and then sends it back to the source.

  • Page 36: Configuring An Snmp Test

    To do… Use the command… Remarks Optional Configure the size of a probe data-size size packet sent 100 bytes by default. Optional Configure the filler string of a By default, the filler string of a data-fill string probe packet sent probe packet is the hexadecimal number 00010203040506070809.

  • Page 37: Configuring A Tcp Test

    Configuration prerequisites The SNMP agent function must be enabled on the device that serves as an SNMP agent before an SNMP test. For the configuration of SNMP agent, see SNMP Configuration in the Network Management and Monitoring Configuration Guide. Configuring an SNMP test Follow these steps to configure an SNMP test: To do…...

  • Page 38: Configuring A Udp Echo Test

    Configuring a TCP test Follow these steps to configure a TCP test: To do… Use the command… Remarks Enter system view system-view — nqa entry admin-name Enter NQA test group view — operation-tag Configure the test type as TCP type tcp Required and enter test type view Required...
  • Page 39 Configuration prerequisites A UDP echo test requires cooperation between the NQA server and the NQA client. Configure the UDP listening function on the NQA server before the UDP echo test. For the configuration of the UDP listening function, see Configuring the NQA Server.

  • Page 40: Configuring A Dlsw Test

    To do… Use the command… Remarks Optional By default, no source IP address is specified. Configure the source IP address of source ip ip-address The source IP address must be a probe request in a test operation that of an interface on the device and the interface must be up.

  • Page 41: Configuring The Collaboration Function

    To do… Use the command… Remarks Configuring Optional Configure common optional Optional Parameters Common to an NQA parameters Test Group Configuring the Collaboration Function Collaboration is implemented by establishing reaction entries to monitor the detection results of the current test group. If the number of consecutive probe failures reaches the threshold, the configured action is triggered.

  • Page 42: Configuring Trap Delivery

    Configuring Trap Delivery Traps can be sent to the network management server when test is completed, test fails or probe fails. Configuration prerequisites Before configuring trap delivery, configure the destination address of the trap message with the snmp-agent target-host command, create an NQA test group, and configure related parameters. For the introduction to the snmp-agent target-host command, refer to SNMP Configuration Commands in the Network Management and Monitoring Command Reference.

  • Page 43: Configuring The History Records Saving Function

    To do… Use the command… Remarks type { dlsw | dns | ftp | http | Enter test type view of the test — icmp-echo | snmp | tcp | group udp-echo | udp-jitter } Optional Configure the interval for collecting statistics interval interval the statistics of the test results 60 minutes by default.

  • Page 44: Configuring Optional Parameters Common To An Nqa Test Group

    To do… Use the command… Remarks Required Enable the saving of the By default, history records of history records of the NQA history-record enable the NQA test group are not test group saved. Optional Set the lifetime of the history By default, the history records records in an NQA test history-record keep-time keep-time...

  • Page 45: Scheduling An Nqa Test Group

    To do… Use the command… Remarks Optional By default, the interval between two consecutive tests for a test group is 0 milliseconds, that is, Configure the interval between two frequency interval only one test is performed. consecutive tests for a test group If the last test is not completed when the interval specified by the frequency command is reached, a...

  • Page 46: Displaying And Maintaining Nqa

    A test group performs tests when the system time is between the start time and the end time (the start time plus test duration). If the system time is behind the start time when you execute the nqa schedule command, a test is started when the system time reaches the start time. If the system time is between the start time and the end time, a test is started at once.

  • Page 47: Nqa Configuration Examples

    To do… Use the command… Remarks Display the statistics of a type of NQA display nqa statistics [ admin-name test operation-tag ] Display NQA server status display nqa server status NQA Configuration Examples ICMP Echo Test Configuration Example Network requirements As shown in Figure 2-3, use the NQA ICMP function to test whether the NQA client (Device A) can...

  • Page 48: Dhcp Test Configuration Example

    Last succeeded probe time: 2007-08-23 15:00:01.2 Extended results: Packet lost in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 # Display the history of ICMP echo tests.

  • Page 49: Dns Test Configuration Example

    [DeviceA] undo nqa schedule admin test # Display the result of the last DHCP test. [DeviceA] display nqa result admin test NQA entry(admin admin, tag test) test results: Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 624/624/624 Square-Sum of round trip time: 389376 Last succeeded probe time: 2007-11-22 09:56:03.2 Extended results:...

  • Page 50: Ftp Test Configuration Example

    [DeviceA] undo nqa schedule admin test # Display results of the last DNS test. [DeviceA] display nqa result admin test NQA entry(admin admin, tag test) test results: Destination IP address: 10.2.2.2 Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 62/62/62 Square-Sum of round trip time: 3844 Last succeeded probe time: 2008-11-10 10:49:37.3 Extended results:...

  • Page 51: Http Test Configuration Example

    [DeviceA-nqa-admin-test-ftp] history-record enable [DeviceA-nqa-admin-test-ftp] quit # Enable FTP test. [DeviceA] nqa schedule admin test start-time now lifetime forever # Disable FTP test after the test begins for a period of time. [DeviceA] undo nqa schedule admin test # Display results of the last FTP test. [DeviceA] display nqa result admin test NQA entry(admin admin, tag test) test results: Destination IP address: 10.2.2.2...

  • Page 52: Udp Jitter Test Configuration Example

    [DeviceA-nqa-admin-test-http] http-version v1.0 # Enable the saving of history records. [DeviceA-nqa-admin-test-http] history-record enable [DeviceA-nqa-admin-test-http] quit # Enable HTTP test. [DeviceA] nqa schedule admin test start-time now lifetime forever # Disable HTTP test after the test begins for a period of time. [DeviceA] undo nqa schedule admin test # Display results of the last HTTP test.
  • Page 53 [DeviceB] nqa server udp-echo 10.2.2.2 9000 Configure Device A # Create a UDP jitter test group and configure related test parameters. <DeviceA> system-view [DeviceA] nqa entry admin test [DeviceA-nqa-admin-test] type udp-jitter [DeviceA-nqa-admin-test-udp-jitter] destination ip 10.2.2.2 [DeviceA-nqa-admin-test-udp-jitter] destination port 9000 [DeviceA-nqa-admin-test-udp-jitter] frequency 1000 [DeviceA-nqa-admin-test-udp-jitter] quit # Enable UDP jitter test.
  • Page 54 Sum of SD delay: 78 Sum of DS delay: 85 Square sum of SD delay: 666 Square sum of DS delay: 787 SD lost packet(s): 0 DS lost packet(s): 0 Lost packet(s) for unknown reason: 0 # Display the statistics of UDP jitter tests. [DeviceA] display nqa statistics admin test NQA entry(admin admin, tag test) test statistics: NO.

  • Page 55: Snmp Test Configuration Example

    The display nqa history command does not show the results of UDP jitter tests. Therefore, to know the result of a UDP jitter test, you are recommended to use the display nqa result command to view the probe results of the latest NQA test, or use the display nqa statistics command to view the statistics of NQA tests.

  • Page 56: Tcp Test Configuration Example

    Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 50/50/50 Square-Sum of round trip time: 2500 Last succeeded probe time: 2007-11-22 10:24:41.1 Extended results: Packet lost in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0...

  • Page 57: Udp Echo Test Configuration Example

    [DeviceA] nqa schedule admin test start-time now lifetime forever # Disable TCP test after the test begins for a period of time. [DeviceA] undo nqa schedule admin test # Display results of the last TCP test. [DeviceA] display nqa result admin test NQA entry(admin admin, tag test) test results: Destination IP address: 10.2.2.2 Send operation times: 1...

  • Page 58: Dlsw Test Configuration Example

    [DeviceA-nqa-admin-test] type udp-echo [DeviceA-nqa-admin-test-udp-echo] destination ip 10.2.2.2 [DeviceA-nqa-admin-test-udp-echo] destination port 8000 # Enable the saving of history records. [DeviceA-nqa-admin-test-udp-echo] history-record enable [DeviceA-nqa-admin-test-udp-echo] quit # Enable UDP echo test. [DeviceA] nqa schedule admin test start-time now lifetime forever # Disable UDP echo test after the test begins for a period of time. [DeviceA] undo nqa schedule admin test # Display results of the last UDP echo test.

  • Page 59: Nqa Collaboration Configuration Example

    [DeviceA-nqa-admin-test] type dlsw [DeviceA-nqa-admin-test-dlsw] destination ip 10.2.2.2 # Enable the saving of history records. [DeviceA-nqa-admin-test-dlsw] history-record enable [DeviceA-nqa-admin-test-dlsw] quit # Enable DLSw test. [DeviceA] nqa schedule admin test start-time now lifetime forever # Disable DLSw test after the test begins for a period of time. [DeviceA] undo nqa schedule admin test # Display the result of the last DLSw test.
  • Page 60 Figure 2-13 Network diagram for NQA collaboration configuration example Device B Vlan-int3 Vlan-int2 10.2.1.1/24 10.1.1.1/24 Vlan-int3 Vlan-int2 10.2.1.2/24 10.1.1.2/24 Device A Device C Configuration procedure Assign each interface an IP address. (omitted) On Device A, configure a unicast static route and associate the static route with a track entry. # Configure a static route, whose destination address is 10.2.1.1, and associate the static route with track entry 1.
  • Page 61 Reaction: 1 # Display brief information about active routes in the routing table on Device A. [DeviceA] display ip routing-table Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost NextHop Interface 10.1.1.0/24 Static 60 10.2.1.1 Vlan3 10.2.1.0/24 Direct 0 10.2.1.2...

  • Page 62: Ntp Configuration

    NTP Configuration This chapter includes these sections: NTP Overview NTP Configuration Task List Configuring the Operation Modes of NTP Configuring Optional Parameters of NTP Configuring Access-Control Rights Configuring NTP Authentication Displaying and Maintaining NTP NTP Configuration Examples NTP Overview Defined in RFC 1305, the Network Time Protocol (NTP) synchronizes timekeeping among distributed time servers and clients.

  • Page 63: How Ntp Works

    Clock stratum determines the accuracy of a server, which ranges from 1 to 16. The stratum of a reference clock ranges from 1 to 15. The clock accuracy decreases as the stratum number increases. A stratum 16 clock is in the unsynchronized state and cannot serve as a reference clock.

  • Page 64: Ntp Message Format

    Figure 3-1 Basic work flow of NTP NTP message 10:00:00 am IP network Device A Device B NTP message 10:00:00 am 11:00:01 am IP network Device B Device A NTP message 10:00:00 am 11:00:01 am 11:00:02 am IP network Device B Device A NTP message received at 10:00:03 am IP network...
  • Page 65 All NTP messages mentioned in this document refer to NTP clock synchronization messages. A clock synchronization message is encapsulated in a UDP packet, in the format shown in Figure 3-2. Figure 3-2 Clock synchronization message format Main fields of a clock synchronization message are described as follows: LI: 2-bit leap indicator.

  • Page 66: Operation Modes Of Ntp

    Reference Identifier: Identifier of the particular reference source. Reference Timestamp: The local time at which the local clock was last set or corrected. Originate Timestamp: The local time at which the request departed from the send end for the service host. Receive Timestamp: The local time at which the request arrived at the receive end.
  • Page 67 Figure 3-4 Symmetric peers mode In the symmetric peers mode, devices that work in the symmetric active mode and symmetric passive mode exchange NTP messages with the Mode field 3 (client mode) and 4 (server mode). Then the device that works in the symmetric active mode periodically sends clock synchronization messages, with the Mode field in the messages set to 1 (symmetric active);...

  • Page 68: Ntp Configuration Task List

    Multicast mode Figure 3-6 Multicast mode Server Client Network After receiving the first multicast message, the Periodically multicasts clock client sends a request synchronization messages (Mode 5) Calculates the network delay Clock synchronization message between client and the server exchange (Mode 3 and Mode 4) and enters the multicast client mode Periodically multicasts clock...

  • Page 69: Configuring The Operation Modes Of Ntp

    Configuring the Operation Modes of NTP Devices can implement clock synchronization in one of the following modes: Client/server mode Symmetric mode Broadcast mode Multicast mode For the client/server mode or symmetric mode, configure only clients or symmetric-active peers; for the broadcast or multicast mode, configure both servers and clients. A single device can have a maximum of 128 associations at the same time, including static associations and dynamic associations.

  • Page 70: Configuring The Ntp Symmetric Peers Mode

    In the ntp-service unicast-server command, ip-address must be a unicast address, rather than a broadcast address, a multicast address or the IP address of the local clock. When the source interface for NTP messages is specified by the source-interface argument, the source IP address of the NTP messages is configured as the primary IP address of the specified interface.

  • Page 71: Configuring Ntp Broadcast Mode

    In the symmetric mode, use any NTP configuration command in Configuring the Operation Modes of NTP to enable NTP. Otherwise, a symmetric-passive peer does not process NTP messages from a symmetric-active peer. In the ntp-service unicast-peer command, ip-address must be a unicast address, rather than a broadcast address, a multicast address or the IP address of the local clock.

  • Page 72: Configuring Ntp Multicast Mode

    To do… Use the command… Remarks interface interface-type Enter the interface used to send Enter interface view interface-number NTP broadcast messages. ntp-service broadcast-server Configure the device to work in [ authentication-keyid keyid | Required the NTP broadcast server mode version number ] * A broadcast server can synchronize broadcast clients only when its clock has been synchronized.

  • Page 73: Configuring Optional Parameters Of Ntp

    To do… Use the command… Remarks ntp-service multicast-server [ ip-address ] Configure the device to work in [ authentication-keyid keyid | Required the NTP multicast server mode ttl ttl-number | version number ] A multicast server can synchronize broadcast clients only when its clock is synchronized. You can configure up to 1024 multicast clients, among which 128 can take effect at the same time.

  • Page 74: Disabling An Interface From Receiving Ntp Messages

    If you have specified the source interface for NTP messages in the ntp-service unicast-server or ntp-service unicast-peer command, the interface specified in the ntp-service unicast-server or ntp-service unicast-peer command serves as the source interface of NTP messages. If you have configured the ntp-service broadcast-server or ntp-service multicast-server command, the source interface of the broadcast or multicast NTP messages is the interface configured with the respective command.

  • Page 75: Configuring Access-Control Rights

    Configuring Access-Control Rights You can configure the NTP service access-control right to the local device. There are four access-control rights as follows: query: Control query permitted. This level of right permits the peer devices to perform control query to the NTP service on the local device but does not permit a peer device to synchronize its clock to that of the local device.

  • Page 76: Configuring Ntp Authentication

    The access-control right mechanism provides only a minimum degree of security protection for the system running NTP. A more secure method is NTP authentication. Configuring NTP Authentication The NTP authentication feature should be enabled for a system running NTP in a network where there is a high security demand.
  • Page 77 To do… Use the command… Remarks Enter system view system-view — Required ntp-service authentication Enable NTP authentication enable Disabled by default ntp-service Required Configure an NTP authentication-keyid keyid No NTP authentication key by authentication key authentication-mode md5 default value Required Configure the key as a trusted ntp-service reliable No authentication key is...

  • Page 78: Displaying And Maintaining Ntp

    To do… Use the command… Remarks ntp-service Required Configure an NTP authentication-keyid keyid No NTP authentication key by authentication key authentication-mode md5 default value Required Configure the key as a trusted ntp-service reliable No authentication key is authentication-keyid keyid configured to be trusted by default.

  • Page 79: Ntp Configuration Examples

    NTP Configuration Examples Configuring NTP Client/Server Mode Network requirements Perform the following configurations to synchronize the time between Device B and Device A: The local clock of Device A is to be used as a reference source, with the stratum level of 2. Device B works in the client mode and Device A is to be used as the NTP server of Device Figure 3-7 Network diagram for NTP client/server mode configuration Configuration procedure...

  • Page 80: Configuring The Ntp Symmetric Mode

    Reference time: 14:53:27.371 UTC Sep 19 2005 (C6D94F67.5EF9DB22) As shown above, Device B has been synchronized to Device A, and the clock stratum level of Device B is 3, while that of Device A is 2. # View the NTP session information of Device B, which shows that an association has been set up between Device B and Device A.

  • Page 81: Configuring Ntp Broadcast Mode

    Reference clock ID: 3.0.1.31 Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^18 Clock offset: -21.1982 ms Root delay: 15.00 ms Root dispersion: 775.15 ms Peer dispersion: 34.29 ms Reference time: 15:22:47.083 UTC Sep 19 2005 (C6D95647.153F7CED) As shown above, Device B has been synchronized to Device A, and the clock stratum level of Device B is 3.
  • Page 82 Switch C works in the broadcast server mode and sends out broadcast messages from VLAN-interface 2. Switch A and Switch B work in the broadcast client mode. Switch A and Switch B listens to broadcast messages through its VLAN-interface 2. Figure 3-9 Network diagram for NTP broadcast mode configuration Vlan-int2 3.0.1.31/24...

  • Page 83: Configuring Ntp Multicast Mode

    Clock precision: 2^18 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.30 ms Reference time: 16:01:51.713 UTC Sep 19 2005 (C6D95F6F.B6872B02) As shown above, Switch A has been synchronized to Switch C, and the clock stratum level of Switch A is 3, while that of Switch C is 2.
  • Page 84 # Configure Switch C to work in the multicast server mode and send multicast messages through VLAN-interface 2. [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] ntp-service multicast-server Configuration on Switch D: # Configure Switch D to work in the multicast client mode and receive multicast messages on VLAN-interface 2.
  • Page 85 [SwitchB-vlan3] quit [SwitchB] interface vlan-interface 3 [SwitchB-Vlan-interface3] igmp enable [SwitchB-Vlan-interface3] igmp static-group 224.0.1.1 [SwitchB-Vlan-interface3] quit [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] igmp-snooping static-group 224.0.1.1 vlan 3 Configuration on Switch A: <SwitchA> system-view [SwitchA] interface vlan-interface 3 # Configure Switch A to work in the multicast client mode and receive multicast messages on VLAN-interface 3.

  • Page 86: Configuring Ntp Client/Server Mode With Authentication

    Configuring NTP Client/Server Mode with Authentication Network requirements As shown in Figure 3-11, perform the following configurations to synchronize the time between Device B and Device A and ensure clock synchronization security. The local clock of Device A is to be configured as a reference source, with the stratum level of 2.

  • Page 87: Configuring Ntp Broadcast Mode With Authentication

    Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 1.05 ms Peer dispersion: 7.81 ms Reference time: 14:53:27.371 UTC Sep 19 2005 (C6D94F67.5EF9DB22) As shown above, Device B has been synchronized to Device A, and the clock stratum level of Device B is 3, while that of Device A is 2.
  • Page 88 [SwitchC] ntp-service authentication enable [SwitchC] ntp-service authentication-keyid 88 authentication-mode md5 123456 [SwitchC] ntp-service reliable authentication-keyid 88 # Specify Switch C as an NTP broadcast server, and specify an authentication key. [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] ntp-service broadcast-server authentication-keyid 88 Configuration on Switch D: # Configure NTP authentication.

  • Page 89: Ipc Configuration

    IPC Configuration This chapter includes these sections: IPC Overview Enabling IPC Performance Statistics Collection Displaying and Maintaining IPC IPC Overview Introduction to IPC Inter-Process Communication (IPC) is a reliable communication mechanism among different nodes. The following are the basic concepts in IPC. Node An IPC node is an entity that supports IPC;...

  • Page 90: Enabling Ipc Performance Statistics Collection

    Figure 4-1 Relationship between a node, link and channel Node 1 Application 2 Application 1 Application 3 Application 1 Application 3 Application 2 Node 2 Packet sending modes IPC supports three packet sending modes: unicast, multicast (broadcast is considered as a special multicast), and mixcast, each having a corresponding queue.

  • Page 91: Displaying And Maintaining Ipc

    Displaying and Maintaining IPC To do… Use the command… Remarks Display IPC node information display ipc node Display channel information about display ipc channel { node a node node-id | self-node } Display queue information about a display ipc queue { node node-id node | self-node } Display multicast group...

  • Page 92: Poe Configuration

    PSE: A device that supplies power to PDs. A PSE can be built-in (Endpoint) or external (Midspan). A built-in PSE is integrated in a switch or router, and an external PSE is independent from a switch or router. The PSEs of H3C are built in, and can be classified into two types:...

  • Page 93: Protocol Specification

    Device with a single PSE: Only one PSE is available on the device, so the whole device is considered as a PSE. Device with multiple PSEs: For a device with multiple PSEs, an interface board with the PoE power supply capability is a PSE. The system uses PSE IDs to identify different PSEs. To display the mapping between a PSE ID and the slot number of an interface board, use the display poe device command .
  • Page 94 PoE interface, you can only select one mode (including modification and removal of a PoE interface). Complete these tasks to configure PoE: Task Remarks Enabling PoE Enabling PoE for a PoE Interface Required Enabling the PSE to Detect Optional Non-Standard PDs Detecting PDs Configuring a PD Disconnection Optional...

  • Page 95: Enabling Poe

    Before configure PoE, make sure that the PoE power supply and PSE is operating normally; otherwise, you cannot configure PoE or the configured PoE function does not take effect. Turning off the PoE power supply during the startup of the device might cause the PoE configuration in the PoE profile invalid.

  • Page 96: Detecting Pds

    To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter PoE interface view — interface-number Required Enable PoE for the PoE poe enable interface Disabled by default. Optional Configure PoE interface power poe mode signal signal (power over signal supply mode cables) by default.

  • Page 97: Configuring The Maximum Poe Interface Power

    To do… Use the command… Remarks Enter system view system-view — Optional Configure a PD disconnection poe disconnect { ac | dc } The default PD disconnection detection mode detection mode is ac. If you change the PD disconnection detection mode when the device is supplying power to the PDs, the connected PDs will be powered off.
  • Page 98 When the PoE interface power management priority policy is enabled, if the PSE power is overloaded and a new PD is added, the PD with a lower priority is first powered off to guarantee the power supply to the PD with a higher priority. 19 watts guard band is reserved for each PoE interface on the device to prevent a PD from being powered off because of a sudden increase of the PD power.

  • Page 99: Configuring The Poe Monitoring Function

    Configuring the PoE Monitoring Function When the PoE monitoring function is enabled, the system monitors the parameter values related to PoE power supply, PSE, PD, and device temperature in real time. When a specific value exceeds the limited range, the system automatically takes some measures to protect itself.

  • Page 100: Configuring Poe Profile

    Configuring PoE Profile Follow these steps to configure a PoE profile: To do… Use the command… Remarks Enter system view system-view — Create a PoE profile, and enter poe-profile profile-name [ index ] Required PoE profile view Required Enable PoE for the PoE interface poe enable Disabled by default.

  • Page 101: Upgrading Pse Processing Software In Service

    To do… Use the command… Remarks Enter system view system-view — apply poe-profile { index index | name Apply the PoE profile to one or Required profile-name } interface multiple PoE interfaces interface-range Follow these steps to apply the PoE profile in interface view: To do…...

  • Page 102: Displaying And Maintaining Poe

    To do… Use the command… Remarks Upgrade the PSE processing poe update { full | refresh } Required software in service filename pse pse-id Displaying and Maintaining PoE To do… Use the command… Remarks Display the mapping between ID, display poe device module, and slot of all PSEs Display the power supply state of display poe interface [ interface-type...

  • Page 103: Troubleshooting Poe

    The maximum power of AP 2 connected to GigabitEthernet 1/0/12 does not exceed 9000 milliwatts. Figure 5-2 Network diagram for PoE Configuration procedure # Enable PoE on GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3, and set their power supply priority to critical. <Sysname>...
  • Page 104 The priority of the PoE interface is already set. Solution: In the first case, you can solve the problem by increasing the maximum PSE power, or by reducing the maximum power of the PoE interface when the guaranteed remaining power of the PSE cannot be modified.

  • Page 105: Snmp Configuration

    SNMP Configuration This chapter includes these sections: SNMP Overview SNMP Configuration Configuring SNMP Logging Configuring SNMP Trap Displaying and Maintaining SNMP SNMPv1/SNMPv2c Configuration Example SNMPv3 Configuration Example SNMP Logging Configuration Example SNMP Overview Simple Network Management Protocol (SNMP) offers the communication rules between a management device and the managed devices on the network;...

  • Page 106: Snmp Protocol Version

    Set operation: The NMS can reconfigure the value of one or more objects in the agent MIB (Management Information Base) by means of this operation. Trap operation: The agent sends traps to the NMS through this operation. Inform operation: The NMS sends traps to other NMSs through this operation. SNMP Protocol Version Currently, SNMP agents support SNMPv1, SNMPv2c and SNMPv3.

  • Page 107: Snmp Configuration

    { contact The defaults are as follows: Configure SNMP agent system sys-contact | location Hangzhou H3C Technologies information sys-location | version { all | { v1 Co., Ltd. for contact; Hangzhou | v2c | v3 }* } } China for location, and SNMP v3 for the version.
  • Page 108 To do… Use the command… Remarks snmp-agent group v3 group-name [ authentication | privacy ] [ read-view Configure an SNMP agent group Required read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ] snmp-agent calculate-password Convert the user-defined plain plain-password mode text password to a cipher text Optional...
  • Page 109 { contact The defaults are as follows: Configure SNMP agent system sys-contact | location Hangzhou H3C Technologies information sys-location | version { { v1 | Co., Ltd. for contact; Hangzhou v2c | v3 }* | all } } China for location and SNMP v3 for the version.

  • Page 110: Configuring Snmp Logging

    The validity of a USM user depends on the engine ID of the SNMP agent. If the engine ID generated when the USM user is created is not identical to the current engine ID, the USM user is invalid. Configuring SNMP Logging Introduction to SNMP Logging SNMP logs the Get and Set operations that the NMS performs on the SNMP agent.

  • Page 111: Configuring Snmp Trap

    A large number of logs occupy storage space of the device, thus affecting the performance of the device. Therefore, it is recommended to disable SNMP logging. The size of SNMP logs cannot exceed that allowed by the information center, and the total length of the node field and value field of each log record cannot exceed 1K bytes;...

  • Page 112: Configuring Trap Parameters

    To do… Use the command… Remarks snmp-agent trap enable [ acfp [ client | policy | rule | server ] | bfd | bgp | configuration | flash | ospf [ process-id ] [ ifauthfail | ifcfgerror | ifrxbadpkt | ifstatechange | iftxretransmit | Optional lsdbapproachoverflow |...
  • Page 113 Basic SNMP configurations have been completed. These configurations include version configuration: community name is needed when SNMPv1 and v2c are adopted; username and MIB view are needed if SNMPv3 is adopted. Configuration of these parameters must be the same as that on the NMS. A connection has been established between the device and the NMS, and they can operate each other.

  • Page 114: Displaying And Maintaining Snmp

    An extended linkUp/linkDown trap is the standard linkUp/linkDown trap (defined in RFC) appended with interface description and interface type information. If the extended messages are not supported on the NMS, disable this function to let the device send standard linkUp/linkDown traps. If the sending queue of traps is full, the system automatically deletes some oldest traps to receive new traps.

  • Page 115: Snmpv1/Snmpv2C Configuration Example

    SNMPv1/SNMPv2c Configuration Example Network requirements As shown in Figure 6-3, the NMS connects to the agent through an Ethernet. The IP address of the NMS is 1.1.1.2/24. The IP address of the agent is 1.1.1.1/24. The NMS monitors and manages the agent by using SNMPv1 or SNMPv2c. The agent reports errors or faults to the NMS.

  • Page 116: Snmpv3 Configuration Example

    Verify the configuration After the above configuration, an SNMP connection is established between the NMS and the agent. The NMS can get and configure the values of some parameters on the agent through MIB nodes. Execute the shutdown or undo shutdown command to an idle interface on the agent, and the NMS receives the corresponding trap.

  • Page 117: Snmp Logging Configuration Example

    [Sysname] snmp-agent trap enable [Sysname] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname public v3 Configuring the SNMP NMS SNMPv3 uses an authentication and privacy security model. On the NMS, the user needs to specify the username and security level, and based on that level, configure the authentication mode, authentication password, privacy mode, and privacy password.
  • Page 118 For the configurations for the NMS and agent, see SNMPv1/SNMPv2c Configuration Example SNMPv3 Configuration Example. # Enable logging display on the terminal. (This function is enabled by default so that you can omit this configuration). <Sysname> terminal monitor <Sysname> terminal logging # Enable the information center to output the system information with the severity level equal to or higher than informational to the console port.
  • Page 119 Field Description Value set when the SET operation is performed (This field is null, meaning the value obtained with the GET operation is not logged.) value When the value is a string of characters and the string contains characters not in the range of ASCII 0 to 127 or invisible characters, the string is displayed in hexadecimal.

  • Page 120: Mib Style Configuration

    MIB style, the device sysOID is under the H3C’s enterprise ID 25506, and the private MIB is under the enterprise ID 2011. In the H3C new MIB style, both the device sysOID and the private MIB are under the H3C’s enterprise ID 25506. These two styles of MIBs implement the same management function except for their root nodes.

  • Page 121: Rmon Configuration

    RMON Configuration This chapter includes these sections: RMON Overview Configuring the RMON Statistics Collection Configuring the RMON Alarm Function Displaying and Maintaining RMON RMON Overview Introduction Remote Monitoring (RMON) is used to remotely monitor and manage devices on the network by implementing such functions as statistics collection and alarm.

  • Page 122: Rmon Groups

    H3C devices adopt the second way and realizes the RMON agent function. With the RMON agent function, the management device can obtain information about total traffic flowing among the managed devices on all connected network segments error statistics and performance statistics for network management.

  • Page 123: Configuring The Rmon Statistics Collection

    Log-Trap: Logging event information in the event log table and sending a trap to the NMS. None: No action. Alarm group The RMON alarm group monitors specified alarm variables, such as total number of received packets (etherStatsPkts) on an interface. When you define an alarm entry, the system gets the value of the monitored alarm variable at a specified interval.

  • Page 124: Configuring Rmon Ethernet Statistics Collection

    The history group collects statistics of variables defined in the history record table, and the records a cumulative sum of the variables in each period. For detailed configuration, see Configuring RMON History Statistics Collection. Configuring RMON Ethernet Statistics Collection Follow these steps to configure RMON Ethernet statistics collection: To do…...

  • Page 125: Configuring The Rmon Alarm Function

    The entry-number must be globally unique and cannot be used on another interface; otherwise, the operation fails. You can configure multiple history entries on one interface, but the values of the entry-number arguments must be different, and the values of the sampling-interval arguments must be different either;...
  • Page 126 To do… Use the command… Remarks rmon alarm entry-number alarm-variable sampling-interval Create an entry in the alarm { absolute | delta } rising-threshold table threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 [ owner text ] rmon prialarm entry-number Required prialarm-formula prialarm-des Use at least one command. sampling-interval { absolute | changeratio | delta } Create an entry in the private...

  • Page 127: Displaying And Maintaining Rmon

    Maximum number of Entry Parameters to be compared entries that can be created Alarm variable formula (alarm-variable), sampling interval (sampling-interval), sampling type (absolute, Prialarm changeratio or delta), rising threshold (threshold-value1) and falling threshold (threshold-value2) Displaying and Maintaining RMON To do… Use the command…...

  • Page 128: History Group Configuration Example

    Figure 8-1 Network diagram for RMON Configuration procedure # Configure RMON to gather statistics for interface GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] rmon statistics 1 owner user1 After the above configuration, the system gathers statistics of packets received on GigabitEthernet 1/0/1.
  • Page 129 Figure 8-2 Network diagram for RMON Configuration procedure # Configure RMON to gather statistics on interface GigabitEthernet 1/0/1 periodically. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] rmon history 1 buckets 8 interval 60 owner user1 After the above configuration, the system gathers statistics on packets received on GigabitEthernet 1/0/1 at an interval of 1 minute, and statistics of the last 8 times are saved in the history statistics table.

  • Page 130: Alarm Group Configuration Example

    collisions , utilization Sampled values of record 5 : dropevents , octets : 898 packets , broadcast packets multicast packets : 6 , CRC alignment errors : 0 undersize packets : 0 , oversize packets fragments , jabbers collisions , utilization Sampled values of record 6 : dropevents , octets...
  • Page 131 Figure 8-3 Network diagram for RMON Configuration procedure # Configure the SNMP agent. (Note that parameter values configured on the agent must be the same as the those configured on the NMS: suppose SNMPv1 is enabled on the NMS, the read community name is public, the write community name is private, the IP address of the NMS is 1.1.1.2, authentication protocol is MD5, authorization password is authkey, the privacy protocol is DES56, and the privacy password is prikey.)
  • Page 132 etherStatsBroadcastPkts : 53 , etherStatsMulticastPkts : 353 etherStatsUndersizePkts , etherStatsOversizePkts etherStatsFragments , etherStatsJabbers etherStatsCRCAlignErrors : 0 , etherStatsCollisions etherStatsDropEvents (insufficient resources): 0 Packets received according to length: 65-127 : 413 128-255 : 35 256-511: 0 512-1023: 0 1024-1518: 0 After completing the configuration, you may query alarm events on the NMS. On the monitored device, alarm event messages are displayed when events occur.

  • Page 133: Cluster Management Configuration

    Cluster Management Configuration This chapter includes these sections: Cluster Management Overview Cluster Configuration Task List Configuring the Management Device Configuring the Member Devices Configuring Access Between the Management Device and Member Devices Adding a Candidate Device to a Cluster Configuring Advanced Cluster Functions Displaying and Maintaining Cluster Management Cluster Management Configuration Example Cluster Management Overview...

  • Page 134: How A Cluster Works

    Member device (Member): A device managed by the management device in a cluster. Candidate device (Candidate): A device that does not belong to any cluster but can be added to a cluster. The topology information of a candidate device has been collected by the management device but it has not been added to the cluster.
  • Page 135 including their software version, host name, MAC address and port number. The management device uses NTDP to collect the information of the devices within user-specified hops and the topology information of all devices to specify the candidate devices of the cluster. The management device adds or deletes a member device and modifies cluster management configuration according to the candidate device information collected through NTDP.
  • Page 136 to the adjacent device. Topology collection response includes the basic information of the NDP-enabled device and NDP information of all adjacent devices. The adjacent device performs the same operation until the NTDP topology collection request is sent to all the devices within specified hops. When the NTDP topology collection request is advertised in the network, large numbers of network devices receive the NTDP topology collection request and send NTDP topology collection response at the same time, which may cause congestion and the management...
  • Page 137 identifies itself as Active. When a cluster is created, its management device and member devices begin to send handshake packets. Upon receiving the handshake packets from the other side, the management device or a member device simply remains its state as Active, without sending a response.

  • Page 138: Cluster Configuration Task List

    If a candidate device is connected to the management device through another candidate device, the ports between the two candidate devices are cascade ports. For information about VLAN, see VLAN Configuration in the Layer 2 - LAN Switching Configuration Guide. Cluster Configuration Task List Before configuring a cluster, determine the roles and functions the devices.

  • Page 139: Configuring The Management Device

    Task Remarks Configuring Access Between the Management Device and Member Optional Devices Adding a Candidate Device to a Cluster Optional Configuring Topology Management Optional Configuring Configuring Interaction for a Cluster Optional Advanced Cluster SNMP Configuration Synchronization Optional Functions Configuring Web User Accounts in Batches Optional Disabling the NDP and NTDP functions on the management device and member devices after a cluster is created does not cause the cluster to be dismissed, but influences the...

  • Page 140: Configuring Ndp Parameters

    To do… Use the command… Remarks Optional Enable NDP globally ndp enable Enabled by default. In system ndp enable interfaceinterface-list view Use either command In Ethernet interface interface-type Enable NDP By default, NDP is enabled interface view interface-number for the port(s) globally and also on all or Layer 2 ports.

  • Page 141: Enabling Ntdp Globally And For Specific Ports

    Enabling NTDP Globally and for Specific Ports NTDP works normally only when NTDP is enabled both globally and on specific ports. Follow these steps to enable NTDP globally and for specific ports: To do… Use the command… Remarks Enter system view system-view —...

  • Page 142: Manually Collecting Topology Information

    To do… Use the command… Remarks Optional Configure the maximum hops for ntdp hop hop-value topology collection 3 by default. Optional Configure the interval to ntdp timer interval collect topology information 1 minute by default. Configure the delay to forward Optional ntdp timer hop-delay topology-collection request...

  • Page 143: Establishing A Cluster

    Establishing a Cluster Before establishing a cluster, specify the management VLAN, and you are not allowed to modify the management VLAN after a device is added to the cluster. In addition, configure a private IP address pool for the devices to be added to the cluster on the device to be configured as the management device before establishing a cluster.

  • Page 144: Enabling Management Vlan Auto-Negotiation

    Enabling Management VLAN Auto-Negotiation The management VLAN limits the cluster management range. If the device discovered by the management device does not belong to the management VLAN. If the cascade ports and the ports connecting with the management device do not allow the packets from the management VLAN to pass, the new device cannot be added to the cluster.

  • Page 145: Configuring Cluster Management Protocol Packets

    Configuring Cluster Management Protocol Packets By default, the destination MAC address of cluster management protocol packets (including NDP, NTDP and HABP packets) is a multicast MAC address 0180-C200-000A, which IEEE reserved for later use. Because some devices cannot forward the multicast packets with the destination MAC address of 0180-C200-000A, cluster management packets cannot traverse these devices.

  • Page 146: Configuring The Member Devices

    Adding a member device To do… Use the command… Remarks Enter system view system-view — Enter cluster view cluster — add-member [ member-number ] Add a candidate device to the Required cluster mac-address mac-address [ password password ] Removing a member device To do…...

  • Page 147: Enabling The Cluster Function

    Enabling the Cluster Function Refer to Enabling the Cluster Function. Deleting a Member Device from a Cluster To do… Use the command… Remarks Enter system view — system-view Enter cluster view — cluster Delete a member device from undo administrator-address Required the cluster Configuring Access Between the Management Device and...

  • Page 148: Adding A Candidate Device To A Cluster

    password of any member (including the management device and member devices) of the cluster; otherwise, the switching may fail because of an authentication failure. If the member specified in this command does not exist, the system prompts error when you execute the command; if the switching succeeds, your user level on the management device is retained.

  • Page 149: Configuring Interaction For A Cluster

    blacklist contains the MAC addresses of devices. If a blacklisted device is connected to a network through another device not included in the blacklist, the MAC address and access port of the latter are also included in the blacklist. The candidate devices in a blacklist can be added to a cluster only if the administrator manually removes them from the list.
  • Page 150 FTP/TFTP server configured through the management device. With a log host configured for a cluster, all the log information of the members in the cluster is output to the configured log host in the following way: first, the member devices send their log information to the management device, which then converts the addresses of log information and sends them to the log host.

  • Page 151: Snmp Configuration Synchronization

    SNMP Configuration Synchronization SNMP configuration synchronization facilitates management of a cluster, with which you can perform SNMP-related configurations on the management device and synchronize them to the member devices on the whitelist. This operation is equal to configuring multiple member devices at one time, simplifying the configuration process.

  • Page 152: Configuring Web User Accounts In Batches

    The SNMP-related configurations are retained when a cluster is dismissed or the member devices are removed from the whitelist. For information about SNMP, see SNMP Configuration in the Network Management and Monitoring Configuration Guide. Configuring Web User Accounts in Batches Configuring Web user accounts in batches enables you to configure on the management device the username and password used to log in to the devices (including the management device and member devices) within a cluster through Web and synchronize the configurations to the...

  • Page 153: Cluster Management Configuration Example

    To do… Use the command… Remarks Display the device information display ntdp device-list collected through NTDP [ verbose ] Display the detailed NTDP display ntdp single-device information of a specified device mac-address mac-address Display information of the cluster to which the current display cluster device belongs display cluster base-topology...
  • Page 154 Add the device whose MAC address is 000f-e201-0013 to the blacklist. Figure 9-4 Network diagram for cluster management configuration Configuration procedure Configure member device Switch A # Enable NDP globally and for port GigabitEthernet 1/0/1. <SwitchA> system-view [SwitchA] ndp enable [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] ndp enable [SwitchA-GigabitEthernet1/0/1] quit...
  • Page 155 [SwitchB-GigabitEthernet1/0/3] quit # Configure the period for the receiving device to keep NDP packets as 200 seconds. [SwitchB] ndp timer aging 200 # Configure the interval to send NDP packets as 70 seconds. [SwitchB] ndp timer hello 70 # Enable NTDP globally and for ports GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3. [SwitchB] ntdp enable [SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] ntdp enable...
  • Page 156 [abc_0.SwitchB-cluster] management-vlan synchronization enable # Configure the holdtime of the member device information as 100 seconds. [abc_0.SwitchB-cluster] holdtime 100 # Configure the interval to send handshake packets as 10 seconds. [abc_0.SwitchB-cluster] timer 10 # Configure the FTP Server, TFTP Server, Log host and SNMP host for the cluster. [abc_0.SwitchB-cluster] ftp-server 63.172.55.1 [abc_0.SwitchB-cluster] tftp-server 63.172.55.1 [abc_0.SwitchB-cluster] logging-host 69.172.55.4...

  • Page 157: Sampler Configuration

    Sampler Configuration This chapter includes these sections: Sampler Overview Creating a Sampler Displaying and Maintaining Sampler Sampler Configuration Examples Sampler Overview A sampler provides the packet sampling function. In other words, a sampler selects a packet from a group of packets with fixed number, and sends it to the service module for processing. There are two sampling modes: Fixed mode: The first packet in a packet group is selected.

  • Page 158: Displaying And Maintaining Sampler

    To do… Use the command… Remarks Enter system view system-view — sampler sampler-name mode fixed Create a sampler Required packet-interval rate Configure the NetStream to ip netstream sampler sampler-name Required reference the sampler { inbound | outbound } Displaying and Maintaining Sampler To do…...
  • Page 159 [SwitchA-GigabitEthernet1/0/1] ip netstream inbound [SwitchA-GigabitEthernet1/0/1] ip netstream sampler 256 inbound [SwitchA-GigabitEthernet1/0/1] quit # Configure the destination address and port number (that is, the address and port number of NSC) for NetStream statistics packets, leaving the default for source address. [SwitchA] ip netstream export host 12.110.2.2 5000 10-3...

  • Page 160: Port Mirroring Configuration

    Port Mirroring Configuration This chapter includes these sections: Introduction to Port Mirroring Configuring Local Port Mirroring Configuring Layer 2 Remote Port Mirroring Configuring Layer 3 Remote Port Mirroring Displaying and Maintaining Port Mirroring Port Mirroring Configuration Examples Introduction to Port Mirroring Port mirroring is the process of copying the packets that pass through a port/CPU (a mirroring port/CPU) to another port (the monitor port) that is connected with a monitoring device for packet analysis.

  • Page 161: Implementing Port Mirroring

    Implementing Port Mirroring Port mirroring is implemented through port mirroring groups. There are three types of mirroring groups: local, remote source, and remote destination. The following subsections describe how local port mirroring, Layer 2 remote port mirroring, and Layer 3 remote port mirroring are implemented. Local port mirroring Local port mirroring is implemented through a local mirroring group.
  • Page 162 probe VLAN for remote mirroring through the egress port, and transmits the packets to the destination device via the intermediate device. When receiving these mirrored packets, the destination device compares their VLAN IDs to the ID of the remote probe VLAN configured in the remote destination mirroring group.

  • Page 163: Configuring Local Port Mirroring

    Figure 11-3 Layer 3 remote port mirroring implementation On the source device, packets of the mirroring port (or CPU) are mirrored to the tunnel interface that serves as the monitor port in the remote source mirroring group. Then the mirrored packets are transmitted to the destination device through the GRE tunnel.

  • Page 164: Creating A Local Mirroring Group

    More specifically, the S5800 series switches allow you to configure a port as the source port of up to four mirroring groups, and the S5820X series switches allow you to configure a port as the source port of up to two mirroring groups.

  • Page 165: Configuring Mirroring Cpus For The Local Mirroring Group

    To do… Use the command… Remarks Required mirroring-group group-id Configure mirroring ports mirroring-port mirroring-port-list By default, no mirroring port is { both | inbound | outbound } configured for a mirroring group. Configuring a mirroring port in interface view Follow these steps to configure a mirroring port for a local mirroring group in interface view: To do…...

  • Page 166: Configuring The Monitor Port For The Local Mirroring Group

    Configuring the Monitor Port for the Local Mirroring Group You can configure the monitor port for a mirroring group in system view, or assign the current port to a mirroring group as the monitor port in interface view. The two methods produce the same result. Configuring the monitor port in system view Follow these steps to configure the monitor port of a local mirroring group in system view: To do…...

  • Page 167: Configuring Layer 2 Remote Port Mirroring

    More specifically, the S5800 series switches allow you to configure a port as the source port of up to four mirroring groups, and the S5820X series switches allow you to configure a port as the source port of up to two mirroring groups.

  • Page 168: Configuration Prerequisites

    Task Remarks Configuring the remote probe VLAN for the remote Required destination mirroring group Assigning the monitor port to the remote probe Required VLAN Configuration Prerequisites Before configuring Layer 2 remote port mirroring, make sure that you have created static VLANs for the remote probe VLAN.
  • Page 169 To do… Use the command… Remarks Required mirroring-group group-id Configure mirroring ports for the mirroring-port mirroring-port-list By default, no mirroring port is remote source mirroring group { both | inbound | outbound } configured for a mirroring group. Configuring a mirroring port in interface view Follow these steps to configure a mirroring port for the remote source mirroring group in interface view: To do…...
  • Page 170 Configuring the egress port for the remote source mirroring group You can configure the egress port for a mirroring group in system view, or assign the current port to it as the egress port in interface view. The two configuration methods produce the same result. Configuring the egress port in system view Follow these steps to configure the egress port for the remote source mirroring group in system view: To do…...

  • Page 171: Configuring A Remote Destination Mirroring Group (On The Destination Device)

    To do… Use the command… Remarks Required mirroring-group group-id Configure the remote probe VLAN By default, no remote probe VLAN remote-probe vlan rprobe-vlan-id is configured for a mirroring group. It is recommended that you use the remote probe VLAN for port mirroring exclusively. To remove the VLAN configured as a remote probe VLAN, you must remove the remote probe VLAN with undo mirroring-group remote-probe vlan command first.
  • Page 172 Configuring the monitor port in interface view Follow these steps to configure the monitor port for the remote destination mirroring group in interface view: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view —...

  • Page 173: Configuring Layer 3 Remote Port Mirroring

    It is recommended that you use the remote probe VLAN for port mirroring exclusively. To remove the VLAN configured as a remote probe VLAN, you must remove the remote probe VLAN with undo mirroring-group remote-probe vlan command first. Removing the probe VLAN can invalidate the remote source mirroring group.

  • Page 174: Configuration Prerequisites

    More specifically, the S5800 series switches allow you to configure a port as the source port of up to four mirroring groups, and the S5820X series switches allow you to configure a port as the source port of up to two mirroring groups.

  • Page 175: Configuring Mirroring Ports For A Local Mirroring Group

    To do… Use the command… Remarks Required Create a local mirroring group mirroring-group group-id local By default, no mirroring group exists on a device. Configuring Mirroring Ports for a Local Mirroring Group On the source device, configure the ports you want to monitor as the mirroring ports; on the destination device, configure the physical port corresponding to the tunnel interface as the mirroring port.

  • Page 176: Configuring Mirroring Cpus For A Local Mirroring Group

    Configuring Mirroring CPUs for a Local Mirroring Group Follow these steps to configure mirroring CPUs for a local mirroring group: To do… Use the command… Remarks Enter system view — system-view mirroring-group group-id Required mirroring-cpu slot Configure mirroring CPUs By default, no mirroring CPU is slot-number-list { both | inbound | configured for a mirroring group.

  • Page 177: Displaying And Maintaining Port Mirroring

    To do… Use the command… Remarks Required Configure the current port as the [ mirroring-group group-id ] By default, a port does not serve monitor port monitor-port as the monitor port for any mirroring group. A mirroring group contains only one monitor port. To ensure that the port mirroring function can work properly, do not enable STP, MSTP, or RSTP on the monitor port.

  • Page 178: Layer 2 Remote Port Mirroring Configuration Example

    Figure 11-4 Network diagram for local port mirroring configuration Configuration procedure Create a local mirroring group. # Create local mirroring group 1. <DeviceA> system-view [DeviceA] mirroring-group 1 local # Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as mirroring ports and port GigabitEthernet 1/0/3 as the monitor port.
  • Page 179 connects to the server through GigabitEthernet 1/0/2, and to the trunk port GigabitEthernet 1/0/2 of Device B through the trunk port GigabitEthernet 1/0/1. Configure Layer 2 remote port mirroring to enable the server to monitor the bidirectional traffic of the marketing department. Figure 11-5 Network diagram for Layer 2 remote port mirroring configuration Configuration procedure Configure Device A (the source device)

  • Page 180: Layer 3 Remote Port Mirroring Configuration Example

    [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan 2 [DeviceB-GigabitEthernet1/0/2] quit Configure Device C (the destination device) # Configure GigabitEthernet 1/0/1 as a trunk port that permits the packets of VLAN 2 to pass through. <DeviceC> system-view [DeviceC] interface gigabitethernet 1/0/1 [DeviceC-GigabitEthernet1/0/1] port link-type trunk [DeviceC-GigabitEthernet1/0/1] port trunk permit vlan 2 [DeviceC-GigabitEthernet1/0/1] quit # Create a remote destination mirroring group.
  • Page 181 Figure 11-6 Network diagram for Layer 3 remote port mirroring configuration Configuration procedure Configure IP addresses for the tunnel interfaces and related ports on the devices. Configure IP addresses and subnet masks for related ports and the tunnel interfaces according to the configurations shown in Figure 11-6.
  • Page 182 [DeviceA-ospf-1-area-0.0.0.0] quit [DeviceA-ospf-1] quit # Create local mirroring group 1. [DeviceA] mirroring-group 1 local # Configure GigabitEthernet 1/0/1 as a mirroring port and Tunnel 0 as the monitor port of local mirroring group 1. [DeviceA] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 both [DeviceA] mirroring-group 1 monitor-port tunnel 0 Configure Device B (the intermediate device) # Enable the OSPF protocol...
  • Page 183 [DeviceC-ospf-1] quit # Create local mirroring group 1. [DeviceC] mirroring-group 1 local # Configure GigabitEthernet 1/0/1 as a mirroring port and GigabitEthernet 1/0/2 as the monitor port of local mirroring group 1. [DeviceC] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 inbound [DeviceC] mirroring-group 1 monitor-port gigabitethernet 1/0/2 Verify the configurations After the above configurations are completed, you can monitor all the packets received and sent by the marketing department on the server.

  • Page 184: Traffic Mirroring Configuration

    Traffic Mirroring Configuration This chapter includes these sections: Traffic Mirroring Overview Configuring Traffic Mirroring Displaying and Maintaining Traffic Mirroring Traffic Mirroring Configuration Examples Traffic Mirroring Overview Traffic mirroring is the action of copying the specified packets to the specified destination for packet analyzing and monitoring.

  • Page 185: Mirroring Traffic To The Cpu

    To do… Use the command… Remarks Required Configure the match criteria if-match match-criteria By default, no match criterion is configured in a traffic class. Exit class view quit — Required Create a behavior and enter traffic behavior behavior-name By default, no traffic behavior behavior view exists.

  • Page 186: Applying A Qos Policy

    To do… Use the command… Remarks Required Create a behavior and enter traffic behavior behavior-name By default, no traffic behavior behavior view exists. Required By default, traffic mirroring is Mirror traffic to the CPU mirror-to cpu not configured in a traffic behavior.
  • Page 187 To do… Use the command… Remarks view or port effect on the current interface; Enter port group port-group manual group view settings in port group view take view port-group-name effect on all ports in the port group. Apply a policy to the interface or qos apply policy policy-name Required all ports in the port group...

  • Page 188: Displaying And Maintaining Traffic Mirroring

    For details about the qos apply policy command, see QoS Policy Configuration Commands in the ACL and QoS Command Reference. Displaying and Maintaining Traffic Mirroring To do… Use the command… Remarks Display traffic behavior display traffic behavior Available in any view configuration information user-defined [ behavior-name ] display qos policy user-defined...
  • Page 189 [Sysname-acl-basic-2000] rule permit source 192.168.0.1 0 [Sysname-acl-basic-2000] quit # Create class 1 and configure the class to use ACL 2000 for traffic classification. [Sysname] traffic classifier 1 [Sysname-classifier-1] if-match acl 2000 [Sysname-classifier-1] quit # Create behavior 1 and configure the action of mirroring traffic to GigabitEthernet1/0/2 in the traffic behavior.

  • Page 190: Netstream Configuration

    NetStream Configuration This chapter includes these sections: NetStream Overview Basic Concepts of NetStream Key Technologies of NetStream Introduction to NetStream Sampling and Filtering NetStream Configuration Task List Enabling NetStream Configuring NetStream Filtering and Sampling Configuring NetStream Data Export Configuring Attributes of NetStream Export Data Configuring NetStream Flow Aging Displaying and Maintaining NetStream NetStream Configuration Examples...

  • Page 191: Basic Concepts Of Netstream

    Basic Concepts of NetStream What Is a Flow NetStream is an accounting technology to provide statistics on a per-flow basis. An IPv4 flow is defined by the 7-tuple elements: destination address, source IP address, destination port number, source port number, protocol number, type of service (ToS), and inbound or outbound interface. The 7-tuple elements define a unique flow.

  • Page 192: Key Technologies Of Netstream

    The device is acting as the NDE in a NetStream system; therefore, this document focuses on the description and configuration of NDE. NSC and NDA are usually integrated into a NetStream server. Key Technologies of NetStream Flow Aging The flow aging in NetStream is a means used by the NDE to export NetStream data to the NetStream server.
  • Page 193 Aggregation mode Aggregation criteria Source AS number Source address mask length Source-prefix aggregation Source prefix Inbound interface index Destination AS number Destination address mask length Destination-prefix aggregation Destination prefix Outbound interface index Source AS number Destination AS number Source address mask length Destination address mask length Prefix aggregation Source prefix...

  • Page 194: Netstream Export Formats

    Aggregation mode Aggregation criteria Source AS number Source prefix Source address mask length ToS- prefix aggregation Destination AS number Destination address mask length Destination prefix Inbound interface index Outbound interface index Protocol type Source port ToS-protocol-port aggregation Destination port Inbound interface index Outbound interface index The nine aggregation modes work independently and can be configured on the same interface.

  • Page 195: Netstream Filtering

    NetStream Filtering By referencing an access control list (ACL) in or applying a Quality of Service (QoS) policy to NetStream filtering, NetStream collects statistics on packets permitted by the filtering criteria. This allows for selecting specific data flows for statistics purpose. The NetStream filtering by QoS policy is flexible and suitable for various applications.

  • Page 196: Enabling Netstream

    Task Remarks Enabling NetStream Required Configuring NetStream Filtering Optional Configuring NetStream Sampling Optional Configuring NetStream Common Data Export Configuring NetStream Data Select a command accordingly Export Configuring NetStream Aggregation Data Export Configuring Attributes of NetStream Export Data Optional Configuring NetStream Flow Aging Optional Enabling NetStream Follow...
  • Page 197 To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional Reference an ACL in NetStream ip netstream filter acl acl-number By default, no ACL is filtering { inbound | outbound } referenced and IPv4 packets are not filtered.

  • Page 198: Configuring Netstream Sampling

    To do… Use the command… Remarks Specify a behavior for a class in the classifier tcl-name behavior — policy behavior-name Quit the policy view — quit In interface view, port group view: — Interface-based qos apply policy policy-name { inbound —...

  • Page 199: Configuring Netstream Data Export

    When NetStream filtering and sampling are both configured, packets are filtered first and then the permitted packets are sampled. A sampler must be created by using the sampler command before being referenced by NetStream sampling. A sampler that is referenced by NetStream sampling cannot be deleted. For description of the sampler, see Sampler Configuration in the Network Management and Monitoring Configuration Guide.

  • Page 200: Configuring Netstream Aggregation Data Export

    To do… Use the command… Remarks Optional Limit the data export rate ip netstream export rate rate No limit by default. Configuring NetStream Aggregation Data Export NetStream aggregation can be implemented by software or hardware. The NetStream hardware aggregation directly merges the statistics of data flows at the hardware layer according to the aggregation criteria of the specific aggregation mode, and stores the NetStream hardware aggregation data in the cache.
  • Page 201 To do… Use the command… Remarks Required By default, no destination address is configured in NetStream aggregation view. Its default Configure the destination ip netstream export host destination address is that address for the NetStream ip-address udp-port [ vpn-instance configured in system view, if any. aggregation data export vpn-instance-name ] Note that if you expect NetStream...

  • Page 202: Configuring Attributes Of Netstream Export Data

    Configurations in NetStream aggregation view apply to aggregation data export only, while those in system view apply to common data export. Without configurations in NetStream aggregation view, the configurations in system view, if any, apply to the aggregation data export. The aging of NetStream hardware aggregation entries is exactly the same as the aging of NetStream common data entries.

  • Page 203: Configuring Refresh Rate For Netstream Version 9 Templates

    travels to the NetStream-enabled device are for the source IP address; the destination AS and the peer AS to which the NetStream-enabled device passes the flow are for the destination IP address. To specify which AS numbers to be recorded for the source and destination IP addresses, include keyword peer-as or origin-as.

  • Page 204: Configuring Netstream Flow Aging

    To do… Use the command… Remarks Optional ip netstream export Configure the interval at which the v9-template refresh-rate time By default, the template is template is resent minutes resent every 30 minutes. The refresh frequency and interval can be both configured, and the template is resent when either of the conditions is reached.

  • Page 205: Configuring Netstream Flow Aging

    Configuring NetStream Flow Aging Configuring periodical aging Follow these steps to configure periodical aging: To do… Use the command… Remarks Enter system view system-view — Optional Set the aging timer ip netstream timeout active for active flows minutes 5 minutes by default. Configure periodical Optional...

  • Page 206: Netstream Configuration Examples

    NetStream Configuration Examples NetStream Common Data Export Configuration Example Network requirements As shown in Figure 13-4, configure NetStream on Switch A to collect statistics on packets passing through it. Configure to export NetStream common data to UDP port 5000 of the NetStream server at 12.110.2.2/16.
  • Page 207 All the routers in the network are running EBGP. For the description of BGP, refer to BGP Configuration in the Layer 3 - IP Routing Configuration Guide. Figure 13-5 Network diagram for configuring NetStream aggregation data export Configuration procedure # Enable NetStream in both inbound and outbound directions of GigabitEthernet 1/0/1. <SwitchA>...
  • Page 208 [SwitchA-ns-aggregation-dstpre] quit # Configure the aggregation mode as prefix, and in aggregation view configure the destination address for the NetStream prefix aggregation data export. [SwitchA] ip netstream aggregation prefix [SwitchA-ns-aggregation-prefix] enable [SwitchA-ns-aggregation-prefix] ip netstream export host 4.1.1.1 7000 [SwitchA-ns-aggregation-prefix] quit 13-19...

  • Page 209: Ipv6 Netstream Configuration

    IPv6 NetStream Configuration This chapter includes these sections: IPv6 NetStream Overview Basic Concepts of IPv6 NetStream Key Technologies of IPv6 NetStream IPv6 NetStream Configuration Task List Configuring NetStream Data Export Configuring Attributes of NetStream Export Data Displaying and Maintaining IPv6 NetStream IPv6 NetStream Configuration Examples IPv6 NetStream Overview Legacy traffic statistics collection methods, like SNMP and port mirroring, cannot provide...

  • Page 210: Basic Concepts Of Ipv6 Netstream

    Basic Concepts of IPv6 NetStream What Is an IPv6 Flow IPv6 NetStream is an accounting technology to provide statistics on a per-flow basis. An IPv6 flow is defined by the 7-tuple elements: destination address, source IP address, destination port number, source port number, protocol number, type of service (ToS), and inbound or outbound interface.

  • Page 211: Key Technologies Of Ipv6 Netstream

    Devices are acting as the NDE in a NetStream system; therefore, this document focuses on the description and configuration of NDE. NSC and NDA are usually integrated into a NetStream server. Key Technologies of IPv6 NetStream Flow Aging The flow aging in NetStream is a means used by the NDE to export NetStream data to the NetStream server.

  • Page 212: Ipv6 Netstream Export Formats

    Aggregation mode Aggregation criteria Destination AS number Destination address mask length Destination-prefix aggregation Destination prefix Outbound interface index Source AS number Destination AS number Source address mask length Destination address mask length Prefix aggregation Source prefix Destination prefix Inbound interface index Outbound interface index The four aggregation modes work independently and can be configured on the same interface.

  • Page 213: Ipv6 Netstream Configuration Task List

    IPv6 NetStream Configuration Task List Before configuring IPv6 NetStream, you need to make sure your requirements and decide to make proper configurations accordingly. Make sure on which device you want to enable IPv6 NetStream, that is, the NDE. If multiple service flows are passing the NDE, you can use an QoS policy to select the target data.

  • Page 214: Configuring Ipv6 Netstream Data Export

    NetStream can be enabled only on a Layer 2 Ethernet interface of the S5820X&S5800. For details about the ip netstream { inbound | outbound } command, refer to NetStream Configuration Commands in the Network Management and Monitoring Command Reference. Configuring IPv6 NetStream Data Export To allow the NDE to export collected statistics to the NSC, you need to configure the source interface out of which the data is sent and the destination host to which the data is sent.

  • Page 215: Configuring Ipv6 Netstream Aggregation Data Export

    To do… Use the command… Remarks Optional Limit the data export rate ipv6 netstream export rate rate No limit by default. Configuring IPv6 NetStream Aggregation Data Export IPv6 NetStream aggregation can be implemented by software or hardware. The IPv6 NetStream hardware aggregation directly merges the statistics of data flows at the hardware layer according to the aggregation criteria of the specific aggregation mode, and stores the IPv6 NetStream hardware aggregation data in the cache.
  • Page 216 To do… Use the command… Remarks Required By default, no destination address is configured in IPv6 NetStream aggregation view. Its default ipv6 netstream export destination address is that Configure the destination host ip-address udp-port configured in system view, if any. address for the IPv6 NetStream [ vpn-instance Note that if you expect IPv6...

  • Page 217: Configuring Attributes Of Ipv6 Netstream Data Export

    Configurations in IPv6 NetStream aggregation view apply to aggregation data export only, while those in system view apply to common data export. Without configurations in IPv6 NetStream aggregation view, the configurations in system view, if any, apply to the aggregation data export. The aging of IPv6 NetStream hardware aggregation entries is exactly the same as the aging of IPv6 NetStream common data entries.
  • Page 218 Follow these steps to configure the refresh rate for IPv6 NetStream version 9 templates: To do… Use the command… Remarks Enter system view — system-view Optional ipv6 netstream export Configure the frequency with which v9-template refresh-rate By default, the template is the template is resent packet packets resent every 20 packets.

  • Page 219: Displaying And Maintaining Ipv6 Netstream

    Displaying and Maintaining IPv6 NetStream To do… Use the command… Remarks Display the IPv6 NetStream display ipv6 netstream cache entry information in the cache [ slot slot-number ] [ verbose ] Display the information about display ipv6 netstream export Available in any view IPv6 NetStream data export Display the configuration and display ipv6 netstream template...

  • Page 220: Pv6 Netstream Aggregation Data Export Configuration Example

    [SwitchA-Vlan-interface2000] ip address 12.110.2.1 255.255.0.0 [SwitchA-Vlan-interface2000] quit # Configure the destination IP address and port number for IPv6 NetStream data export as 12.110.2.2 and 5000. [SwitchA] ipv6 netstream export host 12.110.2.2 5000 Pv6 NetStream Aggregation Data Export Configuration Example Network requirements As shown in Figure 14-3, configure IPv6 NetStream on Switch A sot that...
  • Page 221 [SwitchA] ipv6 netstream aggregation protocol-port [SwitchA-ns6-aggregation-protport] ipv6 netstream export host 4.1.1.1 3000 [SwitchA-ns6-aggregation-protport] enable [SwitchA-ns6-aggregation-protport] quit # Configure the aggregation mode as source-prefix, and in aggregation view configure the destination host for the IPv6 NetStream source-prefix aggregation data export. [SwitchA] ipv6 netstream aggregation source-prefix [SwitchA-ns6-aggregation-srcpre] ipv6 netstream export host 4.1.1.1 4000 [SwitchA-ns6-aggregation-srcpre] enable [SwitchA-ns6-aggregation-srcpre] quit...

  • Page 222: Sflow Configuration

    sFlow Configuration This chapter includes these sections: sFlow Overview Configuring sFlow Displaying and Maintaining sFlow sFlow Configuration Example Troubleshooting sFlow Configuration sFlow Overview Introduction to sFlow Sampled Flow (sFlow) is a traffic monitoring technology mainly used to collect and analyze traffic statistics.

  • Page 223: Configuring Sflow

    The sFlow agent periodically collects the statistics of all sFlow enabled ports. When the sFlow packet buffer overflows or the one-second timer expires, the sFlow agent sends sFlow packets to the specified sFlow collector. Configuring sFlow The sFlow feature enables the remote sFlow collector to monitor the network and analyze sFlow packet statistics.

  • Page 224: Displaying And Maintaining Sflow

    The sFlow agent and sFlow collector must not have the same IP address. Currently, you can specify at most two sFlow collectors on the device. The sFlow agent and sFlow collector must be configured with the same version of IP addresses. Displaying and Maintaining sFlow To do…...

  • Page 225: Troubleshooting Sflow Configuration

    [Device] sflow interval 30 # Enable sFlow in both the inbound and outbound directions on GigabitEthernet 1/0/1. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] sflow enable inbound [Device-GigabitEthernet1/0/1] sflow enable outbound # Specify the packet sampling rate on the interface. [Device-GigabitEthernet1/0/1] sflow sampling-rate 100000 # Specify the traffic sampling mode.

  • Page 226: Information Center Configuration

    Information Center Configuration This chapter includes these sections: Information Center Configuration Configuring Information Center Displaying and Maintaining Information Center Information Center Configuration Examples Information Center Overview Introduction to Information Center Acting as the system information hub, information center classifies and manages the system information, offering a powerful support for network administrators and developers in monitoring network performance and diagnosing network problems.

  • Page 227: Classification Of System Information

    Figure 16-1 Information center diagram (default) By default, the information center is enabled. An enabled information center affects the system performance in some degree due to information classification and output. Such impact becomes more obvious in the event that there is enormous information waiting for processing. Classification of System Information The system information of the information center falls into three types: Log information...

  • Page 228: Eight Output Destinations And Ten Channels Of System Information

    information with severity level informational, the information with severity level emergency through informational is output. Table 16-1 Severity description Severity Severity value Description Emergency The system is unusable. Alert Action must be taken immediately Critical Critical conditions Error Error conditions Warning Warning conditions Notice...

  • Page 229: Outputting System Information By Source Module

    Information Default channel Default output destination Description channel name number Receives trap information, a buffer trapbuffer Trap buffer inside the device for recording information. Receives log and debugging logbuffer Log buffer information, a buffer inside the device for recording information. snmpagent SNMP module Receives trap information.

  • Page 230: System Information Format

    All trap information is allowed to be output to the console, monitor terminal, log host, Web interface, and log file; trap information with severity level equal to or higher than informational is allowed to be output to the trap buffer and SNMP module; trap information is not allowed to be output to the log buffer.
  • Page 231 If the output destination is the log host, the system information is in the following format according to RFC 3164 (The BSD Syslog Protocol): <Int_16>timestamp sysname %%nnmodule/level/digest: source content The closing set of angel brackets < >, the space, the forward slash /, and the colon are all required in the above format.

  • Page 232: Configuring Information Center

    level (severity) System information can be divided into eight levels based on its severity, from 0 to 7. Refer to Table 16-1 for definition and description of these severity levels. The levels of system information generated by modules are predefined, and you cannot change the system information levels.

  • Page 233: Outputting System Information To The Console

    Outputting System Information to the Console Outputting system information to the console To do… Use the command… Remarks Enter system view system-view — Optional Enable information center info-center enable Enabled by default Optional info-center channel Name the channel with a channel-number name Refer to Table 16-2...

  • Page 234: Outputting System Information To A Monitor Terminal

    To do… Use the command… Remarks Required Enable the display of debugging terminal debugging information on the console Disabled by default Optional Enable the display of log terminal logging information on the console Enabled by default Optional Enable the display of trap terminal trapping information on the console Enabled by default...

  • Page 235: Outputting System Information To A Log Host

    Enabling the display of system information on a monitor terminal After setting to output system information to a monitor terminal, enable the associated display function in order to display the output information on the monitor terminal. Follow these steps to enable the display of system information on a monitor terminal: To do…...

  • Page 236: Outputting System Information To The Trap Buffer

    To do… Use the command… Remarks Required By default, the system does not output information to a log host. info-center loghost If you specify to output system [ vpn-instance information to a log host, the Specify a log host and configure vpn-instance-name ] system uses channel 2 (loghost) the parameters when system...

  • Page 237: Outputting System Information To The Log Buffer

    The trap buffer receives the trap information only, and discards the log and debugging information even if you have configured to output them to the trap buffer. To do… Use the command… Remarks Enter system view — system-view Optional Enable information center info-center enable Enabled by default Optional...

  • Page 238: Outputting System Information To The Snmp Module

    You can configure to output log, trap, and debugging information to the log buffer, but the log buffer receives the log and debugging information only, and discards the trap information. To do… Use the command… Remarks Enter system view — system-view Optional Enable information center...
  • Page 239 The SNMP module receives the trap information only, and discards the log and debugging information even if you have configured to output them to the SNMP module. To monitor the device running status, trap information is usually sent to the SNMP network management station (NMS).

  • Page 240: Outputting System Information To The Web Interface

    Outputting System Information to the Web Interface This feature allows you to control whether to output system information to the Web interface and which system information can be output to the Web interface. The Web interface provides abundant search and sorting functions; therefore, if you configure to output the system information to the Web interface, you can view system information by clicking corresponding tabs after logging in to the device through the Web interface.

  • Page 241: Saving System Information To A Log File

    Saving System Information to a Log File With the log file feature enabled, the log information generated by the system can be saved to a specified directory with a predefined frequency. This allows you to check the operation history at any time to ensure that the device functions properly. Logs are saved into the log file buffer before they are saved into a log file.

  • Page 242: Configuring Synchronous Information Output

    To ensure that the device works normally, use the info-center logfile size-quota command to set a log file to be no smaller than 1 MB and no larger than 10 MB. To manually configure the directory to which a log file can be saved, use the info-center logfile switch-directory command.

  • Page 243: Displaying And Maintaining Information Center

    To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required By default, all ports are allowed Disable the port from generating undo enable log updown to generate link up/down logging link up/down logging information information when the port state changes.

  • Page 244: Information Center Configuration Examples

    To do… Use the command… Remarks display logbuffer summary Display a summary of the log [ level severity | slot Available in any view buffer slot-number ] * Display the state of the trap display trapbuffer [ reverse ] buffer and the trap information Available in any view [ size buffersize ] recorded...
  • Page 245 Because the default system configurations for different channels are different, disable the output of log, trap, and debugging information of all modules on the specified channel (loghost in this example) first and then configure the output rule as needed so that unnecessary information is not output.

  • Page 246: Outputting Log Information To A Linux Log Host

    # kill -HUP 147 # syslogd -r & After the above configurations, the system is able to record log information into the log file. Outputting Log Information to a Linux Log Host Network requirements Send log information to a Linux log host with an IP address of 1.2.0.1/16; Log information with severity equal to or higher than informational is output to the log host;...

  • Page 247: Outputting Log Information To The Console

    # mkdir /var/log/Device # touch /var/log/Device/info.log Step3 Edit file /etc/syslog.conf and add the following contents. # Device configuration messages local5.info /var/log/Device/info.log In the above configuration, local5 is the name of the logging facility used by the log host to receive logs. info is the information level. The Linux system records the log information with severity level equal to or higher than informational to file /var/log/Device/info.log.
  • Page 248 Figure 16-4 Network diagram for sending log information to the console Configuration procedure # Enable information center. <Sysname> system-view [Sysname] info-center enable # Use channel console to output log information to the console (optional, console by default). [Sysname] info-center console channel console # Disable the output of log, trap, and debugging information of all modules on channel console.
  • Page 249 Index Configuring Local Mirroring Groups 11-15 Applications of NTP Configuring Mirroring CPUs for a Local Applying a QoS Policy 12-3 Mirroring Group 11-17 Applying PoE Profile Configuring Mirroring CPUs for the Local Mirroring Group 11-6 Basic Concepts of NQA Configuring Mirroring Ports for a Local Mirroring Group 11-16 Configuring Mirroring Ports for the Local...
  • Page 250 Configuring Refresh Rate for NetStream Enabling Management VLAN Version 9 Templates 13-14 Auto-Negotiation 9-12 Configuring RMON Ethernet Statistics Enabling NDP Globally and for Specific Collection Ports Configuring RMON History Statistics Enabling NDP 9-14 Collection Enabling NTDP Globally and for Specific Configuring Synchronous Information Ports Output...
  • Page 251 Introduction to System Debugging Operation Modes of NTP IPv6 NetStream Common Data Export Operation of sFlow 15-1 Configuration Example 14-11 Outputting Log Information to a Linux IPv6 NetStream Data Export 14-3 Log Host 16-21 Outputting Log Information to a Unix Log Host 16-19 Layer 2 Remote Port Mirroring...
  • Page 252 SNMP Test Configuration Example 2-33 Specifying the Source Interface for NTP Messages 3-12 System Information Format 16-5 TCP Test Configuration Example 2-34 The Remote sFlow Collector Cannot Receive sFlow Packets 15-4 UDP Echo Test Configuration Example 2-35 UDP Jitter Test Configuration Example 2-30 Using the Sampler with NetStream 10-2...

This manual is also suitable for:

S5800 series

Table of Contents