HPE FlexNetwork 5510 HI Series Network Management And Monitoring Configuration Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. FlexNetwork 5510 HI Series
  6. Network management and monitoring configuration manual

HPE FlexNetwork 5510 HI Series Network Management And Monitoring Configuration Manual

Hide thumbs Also See for FlexNetwork 5510 HI Series:
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual , Installation Manual
HPE FlexNetwork 5510 HI Switch Series
Network Management and Monitoring
Configuration Guide
Part number: 5200-0015b
Software version: Release 11xx
Document version: 6W102-20171020

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FlexNetwork 5510 HI Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for HPE FlexNetwork 5510 HI Series

Summary of Contents for HPE FlexNetwork 5510 HI Series

  • Page 1 HPE FlexNetwork 5510 HI Switch Series Network Management and Monitoring Configuration Guide Part number: 5200-0015b Software version: Release 11xx Document version: 6W102-20171020...
  • Page 2 © Copyright 2015, 2017 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Using ping, tracert, and system debugging ············································ 1 Ping ········································································································································ 1 Using a ping command to test network connectivity ···································································· 1 Ping example ····················································································································· 1 Tracert ····································································································································· 3 Prerequisites ······················································································································ 4 Using a tracert command to identify failed or all nodes in a path ···················································· 4 Tracert example ··················································································································...
  • Page 4 Enabling the SNTP service ········································································································ 46 Specifying an NTP server for the device ······················································································· 46 Configuring SNTP authentication ································································································· 47 Displaying and maintaining SNTP ································································································ 48 SNTP configuration example ······································································································ 48 Configuring the information center ····················································· 50 Overview ································································································································ 50 Log types ·························································································································...
  • Page 5 Sample types for the alarm group and the private alarm group ···················································· 84 Protocols and standards ····································································································· 84 Configuring the RMON statistics function ······················································································ 84 Creating an RMON Ethernet statistics entry ············································································ 84 Creating an RMON history control entry ················································································· 84 Configuring the RMON alarm function ··························································································...
  • Page 6 UDP jitter operation configuration example ··········································································· 134 SNMP operation configuration example ··············································································· 136 TCP operation configuration example ·················································································· 137 UDP echo operation configuration example ··········································································· 139 UDP tracert operation configuration example ········································································· 140 Voice operation configuration example ················································································· 141 DLSw operation configuration example ················································································ 144 Path jitter operation configuration example ············································································...
  • Page 7 Configuring sFlow ········································································ 183 Protocols and standards ·········································································································· 183 sFlow configuration task list ······································································································ 183 Configuring the sFlow agent and sFlow collector information ··························································· 184 Configuring flow sampling ········································································································ 184 Configuring counter sampling ··································································································· 185 Displaying and maintaining sFlow ······························································································ 185 sFlow configuration example ····································································································...
  • Page 8 Configuring PoE ··········································································· 224 Overview ······························································································································ 224 PoE configuration task list ········································································································ 224 Enabling PoE ························································································································ 225 Enabling PoE for a PSE ···································································································· 225 Enabling PoE for a PI ······································································································· 225 Enabling nonstandard PD detection ··························································································· 226 Configuring the maximum PI power ··························································································· 226 Configuring PI power management ····························································································...
  • Page 9 Syslog configuration data retrieval example ·········································································· 258 Example for retrieving a data entry for the interface table ························································· 259 Example for changing the value of a parameter ····································································· 260 Saving, rolling back, and loading the configuration ········································································ 261 Saving the configuration ··································································································· 261 Rolling back the configuration based on a configuration file ······················································...

  • Page 10: Using Ping, Tracert, And System Debugging

    Using ping, tracert, and system debugging This chapter covers ping, tracert, and information about debugging the system. Ping Use the ping utility to determine if a specific address is reachable. Ping sends ICMP echo requests (ECHO-REQUEST) to the destination device. Upon receiving the requests, the destination device responds with ICMP echo replies (ECHO-REPLY) to the source device.
  • Page 11 Figure 1 Network diagram Device A Device B Device C 1.1.1.1/24 1.1.2.1/24 1.1.1.2/24 1.1.2.2/24 ECHO-REQUEST (NULL) ECHO-REQUEST 1st=1.1.2.1 ECHO-REPLY ECHO-REPLY 1st=1.1.2.1 ECHO-REPLY 1st=1.1.2.1 2nd=1.1.2.2 1st=1.1.2.1 2nd=1.1.2.2 2nd=1.1.2.2 3rd=1.1.1.2 3rd=1.1.1.2 4th=1.1.1.1 Configuration procedure # Use the ping command on Device A to test connectivity to Device C. <DeviceA>...

  • Page 12: Tracert

    The source device (Device A) sends an ICMP echo request to the destination device (Device C) with the RR option blank. The intermediate device (Device B) adds the IP address of its outbound interface (1.1.2.1) to the RR option of the ICMP echo request, and forwards the packet. Upon receiving the request, the destination device copies the RR option in the request and adds the IP address of its outbound interface (1.1.2.2) to the RR option.

  • Page 13: Prerequisites

    Enable sending of ICMP timeout packets on the intermediate devices (devices between the source and destination devices). If the intermediate devices are HPE devices, execute the ip ttl-expires enable command on the devices. For more information about this command, see Layer 3—IP Services Command Reference.

  • Page 14: System Debugging

    Configuration procedure Configure the IP addresses for devices as shown in Figure 3. (Details not shown.) Configure a static route on Device A. <DeviceA> system-view [DeviceA] ip route-static 0.0.0.0 0.0.0.0 1.1.1.2 [DeviceA] quit Use the ping command to test connectivity between Device A and Device C. <DeviceA>...

  • Page 15: Debugging Information Control Switches

    Debugging information control switches The following switches control the display of debugging information: • Module debugging switch—Controls whether to generate the module-specific debugging information. • Screen output switch—Controls whether to display the debugging information on a certain screen. Use terminal monitor and terminal logging level commands to turn on the screen output switch.

  • Page 16: Configuring Ntp

    Configuring NTP Synchronize your device with a trusted time source by using the Network Time Protocol (NTP) or changing the system time before you run it on a live network. Various tasks, including network management, charging, auditing, and distributed computing depend on an accurate system time setting, because the timestamps of system messages and logs use the system time.

  • Page 17: Ntp Architecture

    The synchronization process is as follows: Device A sends Device B an NTP message, which is timestamped when it leaves Device A. The time stamp is 10:00:00 am (T1). When this NTP message arrives at Device B, Device B adds a timestamp showing the time when the message arrived at Device B.

  • Page 18: Association Modes

    If the devices in a network cannot synchronize to an authoritative time source, you can select a device that has a relatively accurate clock from the network, and use the local clock of the device as the reference clock to synchronize other devices in the network. Association modes NTP supports the following association modes: •...

  • Page 19: Ntp Security

    Mode Working process Principle Application scenario broadcast message, the client population. and the server start to exchange The broadcast mode has messages calculate a lower time accuracy network delay between them. than the client/server and Then, only the broadcast server symmetric active/passive sends clock...

  • Page 20: Ntp For Mpls L3Vpn Instances

    NTP authentication Use this feature to authenticate the NTP messages for security purposes. If an NTP message passes authentication, the device can receive it and get time synchronization information. If not, the device discards the message. This function makes sure the device does not synchronize to an unauthorized time server.

  • Page 21: Protocols And Standards

    The device supports multiple VPN instances only when it functions as a CE in an MPLS VPN. For more information about MPLS L3VPN, VPN instance, and PE, see MPLS Configuration Guide. Figure 8 shows, users in VPN 1 and VPN 2 are connected to the MPLS backbone network through provider edge (PE) devices, and services of the two VPNs are isolated.

  • Page 22: Enabling The Ntp Service

    Tasks at a glance (Optional.) Configuring access control rights (Optional.) Configuring NTP authentication (Optional.) Configuring NTP optional parameters Enabling the NTP service Step Command Remarks Enter system view. system-view By default, the NTP service is not Enable the NTP service. ntp-service enable enabled.

  • Page 23: Configuring Ntp In Symmetric Active/Passive Mode

    Step Command Remarks vpn-instance vpn-instance-name authentication-keyid keyid | priority | source interface-type interface-number ] * Configuring NTP in symmetric active/passive mode When the device operates in symmetric active/passive mode, specify on a symmetric-active peer the IP address for a symmetric-passive peer. Follow these guidelines when you configure a symmetric-active peer: •...

  • Page 24: Configuring Ntp In Multicast Mode

    Configuring a broadcast client Step Command Remarks Enter system view. system-view interface interface-type Enter the interface for receiving Enter interface view. interface-number NTP broadcast messages. By default, the device does not operate in broadcast client mode. Configure device After you execute the command, operate in broadcast client ntp-service broadcast-client device...

  • Page 25: Configuring Access Control Rights

    Configuring the multicast server Step Command Remarks Enter system view. system-view interface interface-type Enter the interface for sending Enter interface view. interface-number NTP multicast message. • Configure device operate in multicast server mode: ntp-service multicast-server ip-address By default, the device does not authentication-keyid operate in multicast server mode.

  • Page 26: Configuring Ntp Authentication In Client/Server Mode

    Configuring NTP authentication in client/server mode To ensure a successful NTP authentication, configure the same authentication key ID, algorithm, and key on the server and client. Make sure the peer device is allowed to use the key ID for authentication on the local device. To configure NTP authentication for a client: Step Command...

  • Page 27: Configuring Ntp Authentication In Symmetric Active/Passive Mode

    Step Command Remarks hmac-sha-384 hmac-sha-512 md5 } { cipher | simple } string [ acl ipv4-acl-number ipv6 ipv6-acl-number ] * default, Configure the key as a ntp-service reliable authentication-keyid authentication trusted key. keyid configured as a trusted key. NTP authentication results differ when different configurations are performed on client and server. For more information, see Table 2.
  • Page 28 Step Command Remarks [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] * By default, no authentication Configure the key as a ntp-service reliable key is configured as a trusted trusted key. authentication-keyid keyid key. • Associate the specified key with a passive peer: ntp-service...

  • Page 29: Configuring Ntp Authentication In Broadcast Mode

    Table 3 NTP authentication results Active peer Passive peer Configur e a key Associat Configure a Authentication Enable e the key Enable result authenticatio configure with authenticatio configure it passive as a trusted trusted peer Stratum level of the active and passive peers is not considered. Succeeded Failed Failed...
  • Page 30 Step Command Remarks ipv6-acl-number ] * Configure the key as a ntp-service reliable By default, no authentication key trusted key. authentication-keyid keyid is configured as a trusted key. To configure NTP authentication for a broadcast server: Step Command Remarks Enter system view. system-view Enable By default, NTP authentication is...

  • Page 31: Configuring Ntp Authentication In Multicast Mode

    Broadcast server Broadcast client Configur e a key Associat Configure Authentication Enable e the key Enable a key and result authenticatio configure with authenticatio configure broadcas trusted t server trusted key No authentication Failed No authentication Configuring NTP authentication in multicast mode To ensure a successful NTP authentication, configure the same authentication key ID, algorithm, and key on the multicast server and client.

  • Page 32: Configuring Ntp Optional Parameters

    Step Command Remarks authentication-mode { hmac-sha-1 | hmac-sha-256 hmac-sha-384 hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] * By default, no authentication Configure the key as ntp-service reliable authentication-keyid key is configured as a trusted a trusted key.

  • Page 33: Specifying The Source Interface For Ntp Messages

    Specifying the source interface for NTP messages To prevent interface status changes from causing NTP communication failures, configure the device to use the IP address of an interface that is always up, for example, a loopback interface, as the source IP address for the NTP messages to be sent. Set the loopback interface as the source interface so that any interface status change on the device will not cause NTP messages to be unable to be received.

  • Page 34: Configuring The Maximum Number Of Dynamic Associations

    Configuring the maximum number of dynamic associations NTP has the following types of associations: • Static association—A manually created association. • Dynamic association—Temporary association created by the system during NTP operation. A dynamic association is removed if no messages are exchanged within about 12 minutes. The following describes how an association is established in different association modes: •...

  • Page 35: Displaying And Maintaining Ntp

    as a time server to synchronize other devices in the network. If the local clock is incorrect, timing errors occur. • Before you configure this feature, adjust the local system time to make sure it is accurate. To configure the local clock as a reference source: Step Command Remarks...

  • Page 36: Ipv6 Ntp Client/Server Mode Configuration Example

    [DeviceA] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2. [DeviceA] ntp-service refclock-master 2 Configure Device B: # Enable the NTP service. <DeviceB> system-view [DeviceB] ntp-service enable # Specify Device A as the NTP server of Device B so that Device B is synchronized to Device A. [DeviceB] ntp-service unicast-server 1.0.1.11 Verify the configuration: # Verify that Device B has synchronized to Device A, and the clock stratum level is 3 on Device...
  • Page 37 Configuration procedure Set the IP address for each interface, and make sure Device A and Device B can reach each other, as shown in Figure 10. (Details not shown.) Configure Device A: # Enable the NTP service. <DeviceA> system-view [DeviceA] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2.

  • Page 38: Ntp Symmetric Active/Passive Mode Configuration Example

    NTP symmetric active/passive mode configuration example Network requirements As shown in Figure • Configure the local clock of Device A as a reference source, with the stratum level 2. • Configure Device A to operate in symmetric-active mode and specify Device B as the passive peer of Device A.

  • Page 39: Ipv6 Ntp Symmetric Active/Passive Mode Configuration Example

    source reference stra reach poll now offset delay disper ******************************************************************************** [12]3.0.1.31 127.127.1.0 34 0.4251 6.0882 1392.1 Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured. Total sessions: 1 IPv6 NTP symmetric active/passive mode configuration example Network requirements As shown in Figure •...

  • Page 40: Ntp Broadcast Mode Configuration Example

    Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.01855 ms Root dispersion: 9.23483 ms Reference time: d0c6047c.97199f9f Wed, Dec 29 2010 19:03:24.590 # Verify that an IPv6 NTP association has been established between Device B and Device A. [DeviceB] display ntp-service ipv6 sessions Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.
  • Page 41 <SwitchC> system-view [SwitchC] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2. [SwitchC] ntp-service refclock-master 2 # Configure Switch C to operate in broadcast server mode and send broadcast messages through VLAN-interface 2. [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] ntp-service broadcast-server Configure Switch A:...

  • Page 42: Ntp Multicast Mode Configuration Example

    NTP multicast mode configuration example Network requirements As shown in Figure 14, Switch C functions as the NTP server for multiple devices on different network segments and synchronizes the time among multiple devices. • Configure Switch C's local clock as a reference source, with the stratum level 2. •...
  • Page 43 [SwitchD-Vlan-interface2] ntp-service multicast-client Verify the configuration: Switch D and Switch C are on the same subnet, so Switch D can do the following: Receive the multicast messages from Switch C without being enabled with the multicast  functions. Synchronize to Switch C. ...

  • Page 44: Ipv6 Ntp Multicast Mode Configuration Example

    [SwitchB- GigabitEthernet1/0/1] igmp-snooping static-group 224.0.1.1 vlan 3 Configure Switch A: # Enable the NTP service. <SwitchA> system-view [SwitchA] ntp-service enable # Configure Switch A to operate in multicast client mode and receive multicast messages on VLAN-interface 3. [SwitchA] interface vlan-interface 3 [SwitchA-Vlan-interface3] ntp-service multicast-client Verify the configuration: # Verify that Switch A has synchronized to Switch C, and the clock stratum level is 3 on Switch...
  • Page 45 Figure 15 Network diagram Vlan-int2 3000::2/64 Switch C NTP multicast server Vlan-int3 Vlan-int3 Vlan-int2 2000::1/64 2000::2/64 3000::1/64 Switch A Switch B NTP multicast client Vlan-int2 3000::3/64 Switch D NTP multicast client Configuration procedure Set the IP address for each interface, and make sure the switches can reach each other, as shown in Figure 15.
  • Page 46 Local mode: bclient Reference clock ID: 165.84.121.65 Leap indicator: 00 Clock jitter: 0.000977 s Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.00000 ms Root dispersion: 8.00578 ms Reference time: d0c60680.9754fb17 Wed, Dec 29 2010 19:12:00.591 # Verify that an IPv6 NTP association has been established between Switch D and Switch C. [SwitchD-Vlan-interface2] display ntp-service ipv6 sessions Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.

  • Page 47: Configuration Example For Ntp Client/Server Mode With Authentication

    [SwitchA-Vlan-interface3] ntp-service ipv6 multicast-client ff24::1 Verify the configuration: # Verify that Switch A has synchronized to Switch C, and the clock stratum level is 3 on Switch A and 2 on Switch C. [SwitchA-Vlan-interface3] display ntp-service status Clock status: synchronized Clock stratum: 3 System peer: 3000::2 Local mode: bclient...
  • Page 48 Configuration procedure Set the IP address for each interface, and make sure Device A and Device B can reach each other, as shown in Figure 16. (Details not shown.) Configure Device A: # Enable the NTP service. <DeviceA> system-view [DeviceA] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2.

  • Page 49: Configuration Example For Ntp Broadcast Mode With Authentication

    Reference time: d0c62687.ab1bba7d Wed, Dec 29 2010 21:28:39.668 # Verify that an IPv4 NTP association has been established between Device B and Device A. [DeviceB] display ntp-service sessions source reference stra reach poll now offset delay disper ******************************************************************************** [1245]1.0.1.11 127.127.1.0 -0.0 0.0065 Notes: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured.
  • Page 50 [SwitchA] ntp-service authentication enable [SwitchA] ntp-service authentication-keyid 88 authentication-mode md5 simple 123456 [SwitchA] ntp-service reliable authentication-keyid 88 # Configure Switch A to operate in NTP broadcast client mode and receive NTP broadcast messages on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ntp-service broadcast-client Configure Switch B: # Enable the NTP service.

  • Page 51: Configuration Example For Mpls Vpn Time Synchronization In Client/Server Mode

    Verify the configuration: After NTP authentication is enabled on Switch C, Switch A and Switch B can synchronize their local clocks to Switch C. # Verify that Switch B has synchronized to Switch C, and the clock stratum level is 4 on Switch B and 3 on Switch C.
  • Page 52 Figure 18 Network diagram VPN 1 VPN 1 CE 1 CE 3 NTP server 10.1.1.1/24 10.3.1.1/24 PE 2 NTP client PE 1 10.3.1.2/24 MPLS backbone CE 2 CE 4 VPN 2 VPN 2 Configuration procedure Before you perform the following configuration, be sure you have completed MPLS VPN-related configurations.

  • Page 53: Configuration Example For Mpls Vpn Time Synchronization In Symmetric Active/Passive Mode

    Root dispersion: 1.15869 ms Reference time: d0c62687.ab1bba7d Wed, Dec 29 2010 21:28:39.668 # Verify that an IPv4 NTP association has been established between PE 2 and CE 1. [PE2] display ntp-service sessions source reference stra reach poll now offset delay disper ******************************************************************************** [1245]10.1.1.1 127.127.1.0...
  • Page 54 Configuration procedure Before you perform the following configuration, be sure you have completed MPLS VPN-related configurations. Set the IP address for each interface, as shown in Figure 19. Make sure CE 1 and PE 1, PE 1 and PE 2, and PE 2 and CE 3 can reach each other. (Details not shown.) Configure CE 1: # Enable the NTP service.

  • Page 55: Configuring Sntp

    Configuring SNTP SNTP is a simplified, client-only version of NTP specified in RFC 4330. SNTP supports only the client/server mode. An SNTP-enabled device can receive time from NTP servers, but cannot provide time services to other devices. SNTP uses the same packet format and packet exchange procedure as NTP, but provides faster synchronization at the price of time accuracy.

  • Page 56: Configuring Sntp Authentication

    Step Command Remarks • IPv4: sntp unicast-server { server-name | ip-address } vpn-instance vpn-instance-name authentication-keyid By default, no NTP server is keyid | source interface-type specified for the device. interface-number | version Repeat this step specify number ] * Specify an NTP server for multiple NTP servers.

  • Page 57: Displaying And Maintaining Sntp

    Step Command Remarks [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] * Specify the key as a sntp reliable authentication-keyid By default, no trusted key is trusted key. keyid specified. • IPv4: sntp unicast-server server-name ip-address vpn-instance vpn-instance-name Associate the SNTP authentication-keyid keyid By default, no NTP server is authentication...
  • Page 58 # Configure the local clock of Device A as a reference source, with the stratum level 2. [DeviceA] ntp-service refclock-master 2 # Enable NTP authentication on Device A. [DeviceA] ntp-service authentication enable # Configure an NTP authentication key, with the key ID of 10 and key value of aNiceKey. Input the key in plain text.

  • Page 59: Configuring The Information Center

    Configuring the information center The information center on a device classifies and manages logs for all modules so that network administrators can monitor network performance and troubleshoot network problems. Overview The information center receives logs generated by source modules and outputs logs to different destinations according to user-defined output rules.

  • Page 60: Log Destinations

    Severit Level Description y value Error Error condition. For example, the link state changes. Warning condition. For example, an interface is disconnected, or the memory Warning resources are used up. Normal but significant condition. For example, a terminal logs in to the device, Notification or the device reboots.

  • Page 61: Default Output Rules For Hidden Logs

    The actual format depends on the log resolution tool used. Table 12 Log formats Output Format Example destination %Nov 24 14:21:43:502 2010 HPE Console, monitor SYSLOG/6/SYSLOG_RESTART: Prefix Timestamp Sysname terminal, log buffer, or System restarted –-...
  • Page 62 IP address) log. You can use the sysname command to modify the name of the device. Indicates that the information was generated by an HPE device. %% (vendor ID) This field exists only in logs sent to the log host.

  • Page 63: Fips Compliance

    Table 15 Description of the timestamp parameters Timestamp Description Example parameters Time that has elapsed since system startup, %0.109391473 Sysname in the format of xxx.yyy. xxx represents the FTPD/5/FTPD_LOGIN: User higher 32 bits, and yyy represents the lower (192.168.1.23) has logged in successfully. boot 32 bits, of milliseconds elapsed.

  • Page 64: Outputting Logs To The Console

    Task at a glance (Optional.) Configuring the maximum size of the trace log file (Optional.) Enabling synchronous information output (Optional.) Enabling duplicate log suppression (Optional.) Disabling an interface from generating link up or link down logs (Optional.) Setting the minimum storage period for logs Outputting logs to the console Step Command...

  • Page 65: Outputting Logs To A Log Host

    Step Command Remarks Return to user view. quit Enable log output to the terminal monitor The default setting is enabled. monitor terminal. Enable the display of debug By default, the display of debug information on the current terminal debugging information is disabled on the terminal.

  • Page 66: Saving Logs To The Log File

    Step Command Remarks info-center source module-name default For information about default Configure an output rule for { console | monitor | logbuffer | output rules, see "Default output the log buffer. logfile | loghost } { deny | level rules for logs."...

  • Page 67: Managing Security Logs

    Step Command Remarks • Configure the interval to perform the save operation: The default saving interval is info-center logfile 86400 seconds. Save the logs in the log file frequency freq-sec buffer to the log file. Execute logfile save • Manually save the logs in the command in any view.

  • Page 68: Managing The Security Log File

    Managing the security log file To manage and maintain the security log file, the security log administrator must pass local AAA authentication first. For more information about security log administrator, see Security Configuration Guide. To manage the security log file: Task Command Remarks...

  • Page 69: Configuring The Maximum Size Of The Trace Log File

    Step Command Remarks • Configure the interval to perform saving operation: info-center The default saving interval is Save the diagnostic logs in diagnostic-logfile 86400 seconds. the diagnostic log file buffer frequency freq-sec diagnostic-logfile save to the diagnostic log file. • Manually save the diagnostic command is available in any view.

  • Page 70: Disabling An Interface From Generating Link Up Or Link Down Logs

    suppression period is 30 seconds for the first time, 2 minutes for the second time, and 10 minutes for subsequent times. • If a different log is generated during the suppression period, the system aborts the current suppression period, outputs suppressed logs and the log number and then the different log, and starts another suppression period.

  • Page 71: Displaying And Maintaining Information Center

    Step Command Remarks Enter system view. system-view minimum By default, the log minimum info-center syslog min-age min-age storage period. storage period is not set. Displaying and maintaining information center Execute display commands in any view and reset commands in user view. Task Command Display the diagnostic log file configuration.

  • Page 72: Configuration Example For Outputting Logs To A Unix Log Host

    # Enable the display of logs on the console. By default, the display of logs on the console is enabled. <Device> terminal logging level 6 <Device> terminal monitor The current terminal is enabled to display logs. Now, if the FTP module generates logs, the information center automatically sends the logs to the console, and the console displays the logs.

  • Page 73: Configuration Example For Outputting Logs To A Linux Log Host

    NOTE: Follow these guidelines while editing the file /etc/syslog.conf: • Comments must be on a separate line and must begin with a pound sign (#). • No redundant spaces are allowed after the file name. • The logging facility name and the severity level specified in the /etc/syslog.conf file must be identical to those configured on the device by using the info-center loghost and info-center source commands.
  • Page 74 a. Log in to the log host as a root user. b. Create a subdirectory named Device in the directory /var/log/, and create file info.log in the Device directory to save logs of Device. # mkdir /var/log/Device # touch /var/log/Device/info.log c.

  • Page 75: Configuring Snmp

    Configuring SNMP This chapter provides an overview of the Simple Network Management Protocol (SNMP) and guides you through the configuration procedure. Overview SNMP is an Internet standard protocol widely used for a management station to access and operate the devices on a network, regardless of their vendors, physical characteristics, and interconnect technologies.

  • Page 76: Snmp Operations

    Figure 26 MIB tree Root A MIB view represents a set of MIB objects (or MIB object hierarchies) with certain access privileges and is identified by a view name. The MIB objects included in the MIB view are accessible while those excluded from the MIB view are inaccessible.

  • Page 77: Fips Compliance

    • View-based Access Control Model—VACM mode controls access to MIB objects by assigning MIB views to SNMP communities or users. • Role based access control—RBAC mode controls access to MIB objects by assigning user roles to SNMP communities or users. An SNMP community or user with a predefined user role network-admin or level-15 has ...
  • Page 78 Step Command Remarks By default, the local engine ID is (Optional.) Change snmp-agent local-engineid engineid the company ID plus the device the local engine ID. default, view ViewDefault is predefined. In this view, all the MIB objects in the iso subtree but the snmpUsmMIB, snmpVacmMIB, snmpModules.18 subtrees are...

  • Page 79: Configuring Snmpv3 Basic Parameters

    Step Command Remarks By default, the maximum SNMP packet size that the SNMP agent can handle is 1500 bytes. If the packet size of the requests 11. (Optional.) Configure and responses that contain MIB the maximum SNMP snmp-agent packet max-size node information exceeds the packet size (in bytes) byte-count...
  • Page 80 Step Command Remarks calculate-password command. By default, the system contact is (Optional.) Configure Hewlett Packard Enterprise snmp-agent sys-info contact system contact. sys-contact Company 3000 Hanover St Palo Alto, CA94304 (Optional.) Configure snmp-agent sys-info location By default, the system location is system location.
  • Page 81 Step Command Remarks snmp-agent group group-name { authentication | privacy } [ read-view read-view write-view write-view ] [ notify-view notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • non-FIPS mode: snmp-agent calculate-password plain-password mode { 3desmd5 | 3dessha | md5 | sha } { local-engineid | 10.

  • Page 82: Configuring Snmp Logging

    Step Command Remarks cipher simple authentication-mode auth-password privacy-mode aes128 priv-password acl-number ipv6 ipv6-acl-number RBAC mode: snmp-agent usm-user v3 user-name user-role role-name remote ip-address ipv6 ipv6-address vpn-instance vpn-instance-name cipher simple authentication-mode auth-password privacy-mode aes128 priv-password acl-number ipv6 ipv6-acl-number ] * 12. (Optional.) Create an SNMP snmp-agent context By default, no SNMP context is...

  • Page 83: Configuring Snmp Notifications

    Step Command Remarks logging. get-operation | set-operation } disabled. (Optional.) Enable SNMP By default, SNMP notification snmp-agent trap log notification logging. logging is disabled. Configuring SNMP notifications The SNMP Agent sends notifications (traps and informs) to inform the NMS of significant events, such as link state changes and user logins or logouts.
  • Page 84 time that a notification can stay in the queue). A notification is deleted when its lifetime expires. When the notification queue is full, the oldest notifications are automatically deleted. You can extend standard linkUp/linkDown notifications to include interface description and interface type, but must make sure that the NMS supports the extended SNMP messages.

  • Page 85: Displaying The Snmp Settings

    Step Command Remarks By default, SNMP uses the IP (Optional.) Configure a snmp-agent { inform | trap } source address of the outgoing routed source address interface-type interface-number interface source notifications. address. (Optional.) Enable By default, the SNMP agent extended snmp-agent trap if-mib link extended sends standard linkup/linkDown linkUp/linkDown...

  • Page 86: Snmpv1/Snmpv2C Configuration Example

    SNMPv1/SNMPv2c configuration example SNMPv1 configuration procedure is the same as the SNMPv2c configuration procedure. This example uses SNMPv1, and is available only for non-FIPS mode. Network requirements As shown in Figure 27, the NMS (1.1.1.2/24) uses SNMPv1 to manage the SNMP agent (1.1.1.1/24), and the agent automatically sends notifications to report events to the NMS.

  • Page 87: Snmpv3 In Vacm Mode Configuration Example

    1: 1.3.6.1.2.1.2.2.1.4.135471 Response binding: 1: Oid=ifMtu.135471 Syntax=INT Value=1500 Get finished # Use a wrong community name to get the value of a MIB node on the agent. You can see an authentication failure trap on the NMS. 1.1.1.1/2934 V1 Trap = authenticationFailure SNMP Version = V1 Community = public Command = Trap...
  • Page 88 [Agent] snmp-agent sys-info location telephone-closet,3rd-floor # Enable notifications, specify the NMS at 1.1.1.2 as a trap destination, and set the username to managev3user for the traps. [Agent] snmp-agent trap enable [Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname managev3user v3 privacy Configure the SNMP NMS: Specify SNMPv3.

  • Page 89: Snmpv3 In Rbac Mode Configuration Example

    Command = Trap SNMPv3 in RBAC mode configuration example Network requirements As shown in Figure 29, the NMS (1.1.1.2/24) uses SNMPv3 to monitor and manage the interface status of the agent (1.1.1.1/24). The agent automatically sends notifications to report events to the NMS.
  • Page 90 Request binding: 1: 1.3.6.1.2.1.1.5.0 Response binding: Session failed ! SNMP: Cannot access variable, No Access, error index=11: Oid=sysName.0 Syntax=OCTETS Value=HPE Set finished %Aug 14 16:13:21:475 2013 Agent SNMP/5/SNMP_SETDENY: -IPAddr=1.1.1.2-SecurityName=managev3user-SecurityModel=SNMPv3-OP=SET-Node=sysNam e(1.3.6.1.2.1.1.5.0)-Value=HPE; Permission denied. # Log in to the agent. You can see a notification on the NMS.

  • Page 91: Configuring Rmon

    For more information about SNMP notifications, see "Configuring SNMP." HPE devices provide an embedded RMON agent as the RMON monitor. An NMS can perform basic SNMP operations to access the RMON MIB. RMON groups Among standard RMON groups, HPE implements the statistics group, history group, event group, alarm group, probe configuration group, and user history group.
  • Page 92 • Log—Logs event information (including event time and description) in the event log table so the management device can get the logs through SNMP. • Trap—Sends an SNMP notification when the event occurs. • Log-Trap—Logs event information in the event log table and sends an SNMP notification when the event occurs.

  • Page 93: Sample Types For The Alarm Group And The Private Alarm Group

    crosses the rising threshold multiple times before it crosses the falling threshold, only the first crossing triggers a rising alarm event. Sample types for the alarm group and the private alarm group The RMON agent supports the following sample types: •...

  • Page 94: Configuring The Rmon Alarm Function

    To create an RMON history control entry: Step Command Remarks Enter system view. system-view Enter Ethernet interface interface-type interface view. interface-number By default, the RMON history control Create an entry for rmon history entry-number table does not contain entries. the interface in the buckets number interval...

  • Page 95: Displaying And Maintaining Rmon Settings

    Step Command Remarks • Create entry alarm table: rmon alarm entry-number alarm-variable sampling-interval absolute delta startup-alarm falling rising By default, the RMON rising-falling rising-threshold alarm table and the private alarm table do threshold-value1 event-entry1 falling-threshold threshold-value2 not contain entries. event-entry2 [ owner text ] Create an entry in the You can associate an •...

  • Page 96: History Group Configuration Example

    Configuration procedure # Create an RMON Ethernet statistics entry for GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] rmon statistics 1 owner user1 # Display statistics collected by the RMON agent for GigabitEthernet 1/0/1. <Sysname> display rmon statistics gigabitethernet 1/0/1 EtherStatsEntry 1 owned by user1 is VALID.
  • Page 97 undersize packets : 0 , oversize packets fragments , jabbers collisions , utilization Sampling record 2 : dropevents , octets : 962 packets : 10 , broadcast packets multicast packets : 6 , CRC alignment errors : 0 undersize packets : 0 , oversize packets fragments , jabbers...

  • Page 98: Alarm Function Configuration Example

    multicast packets : 6 , CRC alignment errors : 0 undersize packets : 0 , oversize packets fragments , jabbers collisions , utilization # Get the traffic statistics from the NMS through SNMP. (Details not shown.) Alarm function configuration example Network requirements As shown in Figure...
  • Page 99 <Sysname> display rmon alarm 1 AlarmEntry 1 owned by user1 is VALID. Sample type : delta Sampled variable : 1.3.6.1.2.1.16.1.1.1.4.1<etherStatsOctets.1> Sampling interval (in seconds) Rising threshold : 100(associated with event 1) Falling threshold : 50(associated with event 1) Alarm sent upon entry startup : risingOrFallingAlarm Latest value # Display statistics for GigabitEthernet 1/0/1.

  • Page 100: Configuring Nqa

    Configuring NQA Overview Network quality analyzer (NQA) allows you to measure network performance, verify the service levels for IP services and applications, and troubleshoot network problems. It provides the following types of operations: • ICMP echo. • ICMP jitter. • DHCP.

  • Page 101: Collaboration

    • An HTTP operation gets a Web page. • A DHCP operation gets an IP address through DHCP. • A DNS operation translates a domain name to an IP address. • An ICMP echo operation sends an ICMP echo request. •...

  • Page 102: Nqa Configuration Task List

    Table 18 Performance metrics and NQA operation types NQA operation types that can gather the Performance metric metric All NQA operation types except UDP jitter, UDP Probe duration tracert, path jitter, and voice All NQA operation types except UDP jitter, UDP Number of probe failures tracert, path jitter, and voice Round-trip time...

  • Page 103: Enabling The Nqa Client

    Step Command Remarks port-number vpn-instance You can set the ToS value vpn-instance-name ] [ tos tos ] in the IP header of reply • packets sent by the NQA listening service: server. nqa server udp-echo ip-address port-number vpn-instance vpn-instance-name ] [ tos tos ] Enabling the NQA client Step Command...

  • Page 104: Configuring The Icmp Echo Operation

    Configuring the ICMP echo operation The ICMP echo operation measures the reachability of a destination device. It has the same function as the ping command, but provides more output information. In addition, if multiple paths exist between the source and destination devices, you can specify the next hop for the ICMP echo operation.

  • Page 105: Configuring The Icmp Jitter Operation

    Step Command Remarks By default, no next hop IP address • IPv4 address: is configured. (Optional.) Specify the next next-hop ip ip-address hop IP address for ICMP The next-hop ipv6 command is • IPv6 address: echo requests. available in Release 1121 and next-hop ipv6 ipv6-address later.

  • Page 106: Configuring The Dhcp Operation

    NOTE: Use the display nqa result or display nqa statistics command to verify the ICMP jitter operation. The display nqa history command does not display the ICMP jitter operation results or statistics. Configuring the DHCP operation The DHCP operation measures whether or not the DHCP server can respond to client requests. DHCP also measures the amount of time it takes the NQA client to obtain an IP address from a DHCP server.

  • Page 107: Configuring The Ftp Operation

    To configure the DNS operation: Step Command Remarks Enter system view. system-view Create an NQA operation entry admin-name By default, no NQA operations and enter NQA operation operation-tag exist. view. Specify the DNS type and type dns enter its view. Specify the IP address of the DNS server as the By default, no destination IP...

  • Page 108: Configuring The Http Operation

    Step Command Remarks interface must be up. Otherwise, no FTP requests can be sent out. By default, the FTP operation type is get, (Optional.) Specify the FTP operation { get | put } which means obtaining files from the FTP operation type.

  • Page 109: Configuring The Udp Jitter Operation

    Step Command Remarks If you set the HTTP operation type to raw, configure the content of the HTTP request to be sent to the HTTP server in raw request view. Every time you enter raw request view, 10. (Optional.) Enter raw request raw-request the previously configured content of the view.

  • Page 110: Configuring The Snmp Operation

    Step Command Remarks be the same as the port number of the listening service on the NQA server. By default, the packets take the primary IP address of the output interface their source IP address. (Optional.) Specify source IP address for UDP source ip ip-address The source IP address must be packets.

  • Page 111: Configuring The Tcp Operation

    Step Command Remarks (Optional.) Specify By default, no source port number is source port SNMP source port port-number specified. packets. By default, the packets take the primary IP address of the output interface as their source IP address. (Optional.) Specify source IP address of SNMP source ip ip-address The source IP address must be the IP...

  • Page 112: Configuring The Udp Echo Operation

    Step Command Remarks TCP packets can be sent out. Configuring the UDP echo operation The UDP echo operation measures the round-trip time between the client and a UDP port on the NQA server. The UDP echo operation requires both the NQA server and the NQA client. Before you perform a UDP echo operation, configure a UDP listening service on the NQA server.

  • Page 113: Configuring The Udp Tracert Operation

    Before you configure the UDP tracert operation, perform the following tasks: • Enable sending ICMP time exceeded messages on the intermediate devices between the source and destination devices. If the intermediate devices are HPE devices, use the ip ttl-expires enable command. •...

  • Page 114: Configuring The Voice Operation

    Step Command Remarks round of the UDP tracert operation. By default, the output interface for UDP packets is not specified. The NQA client determines the output 10. (Optional.) Specify an output interface interface-type interface based on the routing table interface for UDP packets. interface-number lookup.
  • Page 115 The evaluation of voice quality depends on users' tolerance for voice quality. For users with higher tolerance for voice quality, use the advantage-factor command to set an advantage factor. When the system calculates the ICPIF value, it subtracts the advantage factor to modify ICPIF and MOS values for voice quality evaluation.

  • Page 116: Configuring The Dlsw Operation

    Before you configure the path jitter operation, perform the following tasks: • Enable sending ICMP time exceeded messages on the intermediate devices between the source and destination devices. If the intermediate devices are HPE devices, use the ip ttl-expires enable command. •...

  • Page 117: Configuring Optional Parameters For The Nqa Operation

    For more information about the ip ttl-expires enable and ip unreachables enable commands, see Layer 3—IP Services Command Reference. To configure the path jitter operation: Step Command Remarks Enter system view. system-view Create an NQA operation and entry admin-name By default, no NQA operations exist. enter NQA operation view.
  • Page 118 Step Command Remarks Enter system view. system-view Create an NQA operation entry admin-name and enter NQA operation By default, no NQA operations exist. operation-tag view. type { dhcp | dlsw | dns | ftp | Specify http | icmp-echo | icmp-jitter operation type and enter | path-jitter | snmp | tcp | its view.

  • Page 119: Configuring The Collaboration Feature

    Configuring the collaboration feature Collaboration is implemented by associating a reaction entry of an NQA operation with a track entry. The reaction entry monitors the NQA operation. If the number of operation failures reaches the specified threshold, the configured action is triggered. To configure the collaboration feature: Step Command...
  • Page 120 • trigger-only—NQA displays results on the terminal screen, and meanwhile triggers other modules for collaboration. The DNS operation does not support the action of sending trap messages. Reaction entry In a reaction entry, configure a monitored element, a threshold type, and an action to be triggered to implement threshold monitoring.
  • Page 121 Step Command Remarks • Monitor failure times (not supported in the ICMP jitter, UDP jitter, UDP tracert, or voice operations): reaction item-number checked-element probe-fail threshold-type accumulate accumulate-occurrences | consecutive consecutive-occurrences } [ action-type { none | trap-only } ] • Monitor the round-trip time (only for the ICMP jitter, UDP jitter, and voice operations):...

  • Page 122: Configuring The Nqa Statistics Collection Feature

    Configuring the NQA statistics collection feature NQA forms statistics within the same collection interval as a statistics group. To display information about the statistics groups, use the display nqa statistics command. If you use the frequency command to set the interval to 0 milliseconds for an NQA operation, NQA does not generate any statistics group for the operation.

  • Page 123: Scheduling The Nqa Operation On The Nqa Client

    Step Command Remarks The default setting is 50. (Optional.) If the maximum number of maximum number of history records for an NQA history-record number number history records that can operation reached, be saved. earliest history records are deleted. (Optional.) Display display nqa history NQA history records.

  • Page 124: Configuring The Icmp Template

    Tasks at a glance • Configuring the TCP half open template • Configuring the UDP template • Configuring the HTTP template • Configuring the HTTPS template • Configuring the FTP template • Configuring the SSL template (Optional.) Configuring optional parameters for the NQA template Configuring the ICMP template A feature that uses the ICMP template performs the ICMP operation to measure the reachability of a destination device.

  • Page 125: Configuring The Dns Template

    Step Command Remarks If you execute the reaction trigger per-probe reaction trigger probe-pass commands multiple times, the most recent configuration takes effect. If you execute the reaction trigger per-probe reaction trigger probe-fail commands multiple times, the most recent configuration takes effect.

  • Page 126: Configuring The Tcp Template

    Step Command Remarks the IP address of a local interface, and the interface must be up. Otherwise, no probe packets can be sent out. (Optional.) Specify the source By default, no source port source port port-number port for probe packets. number is specified.

  • Page 127: Configuring The Tcp Half Open Template

    Step Command Remarks check only when you configure both the data-fill and expect-data commands. Configuring the TCP half open template IMPORTANT: This feature is available in Release 1121 and later. A feature that uses the TCP half open template performs the TCP half open operation to test whether the TCP service is available on the server.

  • Page 128: Configuring The Udp Template

    Step Command Remarks effect. Configuring the UDP template IMPORTANT: This feature is available in Release 1121 and later. A feature that uses the UDP template performs the UDP operation to test the following items: • Reachability of a specific port on the NQA server. •...

  • Page 129: Configuring The Http Template

    Step Command Remarks already executed. Configuring the HTTP template A feature that uses the HTTP template performs the HTTP operation to measure the time it takes the NQA client to obtain data from an HTTP server. The expected data is checked only when the data is configured and the HTTP response contains the Content-Length field in the HTTP header.

  • Page 130: Configuring The Https Template

    Step Command Remarks before it returns to HTTP template view. By default, the packets take the • IPv4 address: primary IP address of the output source ip ip-address interface as their source IP address. 11. (Optional.) Specify the source • IP address for the probe IPv6 address:...

  • Page 131: Configuring The Ftp Template

    Step Command Remarks By default, the HTTPS operation type is get, which means obtaining data from the HTTPS server. (Optional.) Specify the HTTPS operation { get | post | If you set the HTTPS operation type to operation type. raw } raw, use the raw-request command to configure the content of the request to be sent to the HTTPS server.

  • Page 132: Configuring The Ssl Template

    Step Command Remarks When you perform the get operation, the file name is required. When you perform the put operation, the filename argument does not take effect, even if it is specified. The file name operation determined by the filename command. By default, the FTP operation type is (Optional.) Specify the operation { get | put }...

  • Page 133: Configuring Optional Parameters For The Nqa Template

    Step Command Remarks (Optional.) Specify the By default, the destination port number destination port number destination port port-number is not specified. for the operation. By default, the packets take the primary IP address of the output interface as • IPv4 address: their source IP address.

  • Page 134: Displaying And Maintaining Nqa

    Step Command Remarks failure. Displaying and maintaining NQA Execute display commands in any view. Task Command Display history records display nqa history [ admin-name operation-tag ] operations. Display the current monitoring results of display nqa reaction counters [ admin-name operation-tag reaction entries.
  • Page 135 Configuration procedure # Assign IP addresses to interfaces, as shown in Figure 36. (Details not shown.) # Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) # Create an ICMP echo operation. <DeviceA>...

  • Page 136: Icmp Jitter Operation Configuration Example

    Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.2 Succeeded 2007-08-23 15:00:01.1 Succeeded 2007-08-23 15:00:01.1 Succeeded 2007-08-23 15:00:01.1 Succeeded 2007-08-23 15:00:01.1 The output shows that the packets sent by Device A can reach Device B through Device C. No packet loss occurs during the operation.
  • Page 137 Last packet received time: 2015-03-09 17:40:29.8 Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 ICMP-jitter results: RTT number: 10 Min positive SD: 0 Min positive DS: 0...

  • Page 138: Dhcp Operation Configuration Example

    Max positive SD: 1 Max positive DS: 2 Positive SD number: 18 Positive DS number: 46 Positive SD sum: 18 Positive DS sum: 49 Positive SD average: 1 Positive DS average: 1 Positive SD square-sum: 18 Positive DS square-sum: 55 Min negative SD: 1 Min negative DS: 1 Max negative SD: 1...

  • Page 139: Dns Operation Configuration Example

    NQA entry (admin admin, tag test1) test results: Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 512/512/512 Square-Sum of round trip time: 262144 Last succeeded probe time: 2011-11-22 09:56:03.2 Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 # Display the history records of the DHCP operation.

  • Page 140: Ftp Operation Configuration Example

    [DeviceA] nqa schedule admin test1 start-time now lifetime forever # After the DNS operation runs for a period of time, stop the operation. [DeviceA] undo nqa schedule admin test1 # Display the most recent result of the DNS operation. [DeviceA] display nqa result admin test1 NQA entry (admin admin, tag test1) test results: Send operation times: 1 Receive response times: 1...

  • Page 141: Http Operation Configuration Example

    [DeviceA-nqa-admin-test1-ftp] source ip 10.1.1.1 # Configure the device to upload file config.txt to the FTP server. [DeviceA-nqa-admin-test1-ftp] operation put [DeviceA-nqa-admin-test1-ftp] filename config.txt # Set the username to admin for the FTP operation. [DeviceA-nqa-admin-test1-ftp] username admin # Set the password to systemtest for the FTP operation. [DeviceA-nqa-admin-test1-ftp] password simple systemtest # Enable the saving of history records.
  • Page 142 Figure 41 Network diagram NQA client HTTP server 10.1.1.1/16 10.2.2.2/16 IP network Device A Device B Configuration procedure # Assign IP addresses to interfaces, as shown in Figure 41. (Details not shown.) # Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) # Create an HTTP operation.

  • Page 143: Udp Jitter Operation Configuration Example

    Succeeded 2011-11-22 10:12:47.9 The output shows that it took Device A 64 milliseconds to obtain data from the HTTP server. UDP jitter operation configuration example Network requirements As shown in Figure 42, configure a UDP jitter operation to test the jitter, delay, and round-trip time between Device A and Device B.
  • Page 144 Last packet received time: 2011-05-29 13:56:17.6 Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 UDP-jitter results: RTT number: 10 Min positive SD: 4 Min positive DS: 1...

  • Page 145: Snmp Operation Configuration Example

    Min positive SD: 3 Min positive DS: 1 Max positive SD: 30 Max positive DS: 79 Positive SD number: 186 Positive DS number: 158 Positive SD sum: 2602 Positive DS sum: 1928 Positive SD average: 13 Positive DS average: 12 Positive SD square-sum: 45304 Positive DS square-sum: 31682 Min negative SD: 1...

  • Page 146: Tcp Operation Configuration Example

    [DeviceA] nqa entry admin test1 [DeviceA-nqa-admin-test1] type snmp # Specify 10.2.2.2 as the destination IP address of the SNMP operation. [DeviceA-nqa-admin-test1-snmp] destination ip 10.2.2.2 # Enable the saving of history records. [DeviceA-nqa-admin-test1-snmp] history-record enable [DeviceA-nqa-admin-test1-snmp] quit # Start the SNMP operation. [DeviceA] nqa schedule admin test1 start-time now lifetime forever # After the SNMP operation runs for a period of time, stop the operation.
  • Page 147 # Enable the NQA server. <DeviceB> system-view [DeviceB] nqa server enable # Configure a listening service to listen on the IP address 10.2.2.2 and TCP port 9000. [DeviceB] nqa server tcp-connect 10.2.2.2 9000 Configure Device A: # Create a TCP operation. <DeviceA>...

  • Page 148: Udp Echo Operation Configuration Example

    UDP echo operation configuration example Network requirements As shown in Figure 45, configure a UDP echo operation on the NQA client to test the round-trip time to Device B. The destination port number is 8000. Figure 45 Network diagram NQA client NQA server 10.1.1.1/16 10.2.2.2/16...

  • Page 149: Udp Tracert Operation Configuration Example

    Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 # Display the history records of the UDP echo operation. [DeviceA] display nqa history admin test1 NQA entry (admin admin, tag test1) history records: Index Response Status...

  • Page 150: Voice Operation Configuration Example

    [DeviceA-nqa-admin-test1-udp-tracert] no-fragment enable # Set the maximum number of consecutive probe failures to 6. [DeviceA-nqa-admin-test1-udp-tracert] max-failure 6 # Set the TTL value to 1 for UDP packets in the start round of the UDP tracert operation. [DeviceA-nqa-admin-test1-udp-tracert] init-ttl 1 # Start the UDP tracert operation. [DeviceA] nqa schedule admin test1 start-time now lifetime forever # After the UDP tracert operation runs for a period of time, stop the operation.
  • Page 151 Configuration procedure Assign IP addresses to interfaces, as shown in Figure 47. (Details not shown.) Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) Configure Device B: # Enable the NQA server. <DeviceB>...
  • Page 152 Max negative SD: 203 Max negative DS: 1297 Negative SD number: 255 Negative DS number: 259 Negative SD sum: 759 Negative DS sum: 1796 Negative SD average: 2 Negative DS average: 6 Negative SD square-sum: 53655 Negative DS square-sum: 1691776 One way results: Max SD delay: 343 Max DS delay: 985...

  • Page 153: Dlsw Operation Configuration Example

    Min SD delay: 0 Min DS delay: 0 Number of SD delay: 4 Number of DS delay: 4 Sum of SD delay: 1390 Sum of DS delay: 1079 Square-Sum of SD delay: 483202 Square-Sum of DS delay: 973651 SD lost packets: 0 DS lost packets: 0 Lost packets for unknown reason: 0 Voice scores:...

  • Page 154: Path Jitter Operation Configuration Example

    Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to internal error: 0 Failures due to other errors: 0 # Display the history records of the DLSw operation. [DeviceA] display nqa history admin test1 NQA entry (admin admin, tag test1) history records: Index Response...

  • Page 155: Nqa Collaboration Configuration Example

    Hop IP 10.1.1.2 Basic Results Send operation times: 10 Receive response times: 10 Min/Max/Average round trip time: 9/21/14 Square-Sum of round trip time: 2419 Extended Results Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 Path-Jitter Results...
  • Page 156 Figure 50 Network diagram Switch B Vlan-int3 Vlan-int2 10.2.1.1/24 10.1.1.1/24 Vlan-int3 Vlan-int2 10.2.1.2/24 10.1.1.2/24 Switch A Switch C Configuration procedure Assign IP addresses to interfaces, as shown in Figure 50. (Details not shown.) On Switch A, configure a static route, and associate the static route with track entry 1. <SwitchA>...
  • Page 157 Destinations : 13 Routes : 13 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 10.1.1.0/24 Static 60 10.2.1.1 Vlan3 10.2.1.0/24 Direct 0 10.2.1.2 Vlan3 10.2.1.0/32 Direct 0 10.2.1.2 Vlan3 10.2.1.2/32 Direct 0 127.0.0.1 InLoop0 10.2.1.255/32 Direct 0 10.2.1.2 Vlan3 127.0.0.0/8 Direct 0...

  • Page 158: Icmp Template Configuration Example

    224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 127.0.0.1 InLoop0 The output shows that the static route does not exist, and the status of the track entry is negative. ICMP template configuration example Network requirements As shown in Figure 51, configure an ICMP template for a feature to perform the ICMP echo operation from Device A to Device B.

  • Page 159: Dns Template Configuration Example

    [DeviceA-nqatplt-icmp-icmp] reaction trigger probe-fail 2 DNS template configuration example Network requirements As shown in Figure 52, configure a DNS template for a feature to perform the DNS operation. The operation tests whether Device A can perform the address resolution through the DNS server. Figure 52 Network diagram DNS server NQA client...

  • Page 160: Tcp Half Open Template Configuration Example

    Figure 53 Network diagram NQA client NQA server 10.1.1.1/16 10.2.2.2/16 IP network Device A Device B Configuration procedure Assign IP addresses to interfaces, as shown in Figure 53. (Details not shown.) Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) Configure Device B: # Enable the NQA server.

  • Page 161: Udp Template Configuration Example

    Configure Device A: # Create TCP half open template test. <DeviceA> system-view [DeviceA] nqa template tcphalfopen test # Specify 10.2.2.2 as the destination IP address. [DeviceA-nqatplt-tcphalfopen-test] destination ip 10.2.2.2 # Configure the NQA client to notify the feature of the successful operation event if the number of consecutive successful probes reaches 2.

  • Page 162: Http Template Configuration Example

    [DeviceA-nqatplt-udp-udp] reaction trigger probe-fail 2 HTTP template configuration example Network requirements As shown in Figure 56, configure an HTTP template for a feature to perform the HTTP operation. The operation tests whether the NQA client can get data from the HTTP server. Figure 56 Network diagram NQA client HTTP server...

  • Page 163: Ftp Template Configuration Example

    # Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) # Configure an SSL client policy named abc on Device A, and make sure Device A can use the policy to connect to the HTTPS server.

  • Page 164: Ssl Template Configuration Example

    # Configure the device to upload file config.txt to the FTP server. [DeviceA-nqatplt-ftp-ftp] operation put [DeviceA-nqatplt-ftp-ftp] filename config.txt # Set the username to admin for the FTP server login. [DeviceA-nqatplt-ftp-ftp] username admin # Set the password to systemtest for the FTP server login. [DeviceA-nqatplt-ftp-ftp] password simple systemtest # Configure the NQA client to notify the feature of the successful operation event if the number of consecutive successful probes reaches 2.

  • Page 165: Configuring Port Mirroring

    Configuring port mirroring The port mirroring feature is available on both Layer 2 and Layer 3 Ethernet interfaces. The term "interface" in this chapter collectively refers to these two types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).

  • Page 166: Port Mirroring Classification And Implementation

    probe VLAN. For more information about the reflector port, egress port, remote probe VLAN, and Layer 2 remote port mirroring, see "Port mirroring classification and implementation." NOTE: On port mirroring devices, all ports except source, destination, reflector, and egress ports are called common ports.
  • Page 167 A remote source group or remote destination group is a mirroring group that contains the mirroring sources or the mirroring destination, respectively. Intermediate devices are the devices between the source devices and the destination device. Remote port mirroring includes the following types: •...

  • Page 168: Configuring Local Port Mirroring

    c. The destination device receives the mirrored packet from the physical interface of the tunnel interface. The tunnel interface acts as the source port in the local mirroring group created on the destination device. d. The physical interface of the tunnel interface sends one copy of the packet to the monitor port GigabitEthernet 1/0/2.

  • Page 169: Configuring The Monitor Port For The Local Mirroring Group

    • Assign a list of source ports to the mirroring group in system view. • Assign a port to the mirroring group as a source port in interface view. To assign multiple ports to the mirroring group as source ports in interface view, repeat the operation.

  • Page 170: Configure Local Port Mirroring With Multiple Monitor Ports

    • For a Layer 2 aggregate interface configured as the monitor port, do not configure its member ports as source ports. • A mirroring group contains only one monitor port. • Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.

  • Page 171: Configuring Layer 2 Remote Port Mirroring

    • If you have configured a reflector port for a remote source group, do not configure an egress port for it. • A VLAN can act as the remote probe VLAN for only one remote source group. As a best practice, use the remote probe VLAN for port mirroring exclusively.

  • Page 172: Configuring A Remote Destination Group On The Destination Device

    • Configure a cooperating remote destination group on the destination device. • If intermediate devices exist, configure the following devices and ports to allow the remote probe VLAN to pass through. Intermediate devices.  Ports connected to the intermediate devices on the source and destinations devices. ...
  • Page 173 • Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic. • A mirroring group must contain only one monitor port. • A monitor port can belong to only one mirroring group. Configuring the monitor port for a remote destination group in system view Step Command...

  • Page 174: Configuring A Remote Source Group On The Source Device

    Step Command Remarks Enter the interface view of interface interface-type the monitor port. interface-number • access port: For more information about the port access vlan vlan-id port access vlan, port trunk • trunk port: Assign the port to the permit vlan, and port hybrid port trunk permit vlan vlan-id remote probe VLAN.
  • Page 175 Step Command Remarks Configure source ports for mirroring-group group-id By default, no source port is the specified remote source mirroring-port interface-list configured for a remote source group. { both | inbound | outbound } group. Configuring a source port for a remote source group in interface view Step Command Remarks...

  • Page 176: Configuring Layer 3 Remote Port Mirroring

    Step Command Remarks interface interface-type Enter interface view. interface-number Configure the port as the By default, a port does not act as mirroring-group group-id egress port for the specified the egress port for any remote monitor-egress remote source group. source group. Configuring the remote probe VLAN for a remote source group When you configure the remote probe VLAN for a remote source group, follow these restrictions and guidelines:...

  • Page 177: Configuration Prerequisites

    Tasks at a glance Configuring local mirroring groups Configuring source ports for a local mirroring group Configuring the monitor port for a local mirroring group (Required.) Configuring the destination device: Configuring local mirroring groups Configuring source ports for a local mirroring group Configuring the monitor port for a local mirroring group Configuration prerequisites Before configuring Layer 3 remote mirroring, complete the following tasks:...

  • Page 178: Configuring The Monitor Port For A Local Mirroring Group

    When acting as a source port for unidirectional mirroring, the port can be assigned to up to  four mirroring groups. When acting as a source port for bidirectional mirroring, the port can be assigned to up to  two mirroring groups. When acting as a source port for unidirectional and bidirectional mirroring, the port can be ...

  • Page 179: Displaying And Maintaining Port Mirroring

    Step Command Remarks Configure the monitor port mirroring-group group-id By default, no monitor port is specified local monitor-port interface-type configured for a local mirroring mirroring group. interface-number group. Configure the monitor port in interface view Step Command Remarks Enter system view. system-view interface interface-type...
  • Page 180 Figure 63 Network diagram Marketing Dept. GE1/0/1 GE1/0/3 Device GE1/0/2 Server Technical Dept. Source port Monitor port Configuration procedure # Create local mirroring group 1. <Device> system-view [Device] mirroring-group 1 local # Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as source ports for local mirroring group [Device] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 gigabitethernet 1/0/2 both # Configure GigabitEthernet 1/0/3 as the monitor port for local mirroring group 1.

  • Page 181: Layer 2 Remote Port Mirroring Configuration Example

    Layer 2 remote port mirroring configuration example Network requirements As shown in Figure 64, configure Layer 2 remote port mirroring so the server can monitor the bidirectional traffic of the Marketing department. Figure 64 Network diagram Source Intermediate Destination device device device Device A...
  • Page 182 # Create VLAN 2. <DeviceB> system-view [DeviceB] vlan 2 # Disable MAC address learning for VLAN 2. [DeviceB-vlan2] undo mac-address mac-learning enable [DeviceB-vlan2] quit # Configure GigabitEthernet 1/0/1 as a trunk port to permit the packets from VLAN 2 to pass through.

  • Page 183: Local Port Mirroring With Multiple Monitor Ports Configuration Example

    Monitor port: GigabitEthernet1/0/2 Remote probe VLAN: 2 # Display information about all mirroring groups on Device A. [DeviceA] display mirroring-group all Mirroring group 1: Type: Remote source Status: Active Mirroring port: GigabitEthernet1/0/1 Both Monitor egress port: GigabitEthernet1/0/2 Remote probe VLAN: 2 The output shows that you can monitor all packets received and sent by the Marketing department on the server.

  • Page 184: Layer 3 Remote Port Mirroring Configuration Example

    [DeviceA] mirroring-group 1 reflector-port gigabitethernet 1/0/5 This operation may delete all settings made on the interface. Continue? [Y/N]:y # Create VLAN 10, and assign ports GigabitEthernet 1/0/11 through GigabitEthernet 1/0/13 to VLAN [DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 1/0/11 to gigabitethernet 1/0/13 [DeviceA-vlan10] quit # Configure VLAN 10 as the remote probe VLAN of the remote source group.
  • Page 185 [DeviceA-Tunnel0] source 20.1.1.1 [DeviceA-Tunnel0] destination 30.1.1.2 [DeviceA-Tunnel0] quit # Enable the OSPF protocol. [DeviceA] ospf 1 [DeviceA-ospf-1] area 0 [DeviceA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [DeviceA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [DeviceA-ospf-1-area-0.0.0.0] quit [DeviceA-ospf-1] quit # Create local mirroring group 1. [DeviceA] mirroring-group 1 local # Configure GigabitEthernet 1/0/1 as a source port and Tunnel 0 as the monitor port of local mirroring group 1.
  • Page 186 [DeviceC-ospf-1] quit # Create local mirroring group 1. [DeviceC] mirroring-group 1 local # Configure GigabitEthernet 1/0/1 as a source port and GigabitEthernet 1/0/2 as the monitor port of local mirroring group 1. [DeviceC] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 inbound [DeviceC] mirroring-group 1 monitor-port gigabitethernet 1/0/2 # Disable the spanning tree feature on the monitor port GigabitEthernet 1/0/2.

  • Page 187: Configuring Flow Mirroring

    Configuring flow mirroring The flow mirroring feature is available on both Layer 2 and Layer 3 Ethernet interfaces. The term "interface" in this chapter collectively refers to these two types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).

  • Page 188: Configuring A Traffic Behavior

    Step Command Remarks By default, no match criterion is Configure match criteria. if-match match-criteria configured in a traffic class. Configuring a traffic behavior Step Command Remarks Enter system view. system-view Create a traffic behavior and By default, no traffic behavior traffic behavior behavior-name enter traffic behavior view.

  • Page 189: Applying A Qos Policy To A Vlan

    The device does not support mirroring outbound traffic of aggregate interfaces. To apply a QoS policy to an interface: Step Command Enter system view. system-view Enter interface view. interface interface-type interface-number Apply a policy to the interface. qos apply policy policy-name { inbound | outbound } Applying a QoS policy to a VLAN You can apply a QoS policy to a VLAN to mirror the traffic in the inbound direction on all ports in the VLAN.

  • Page 190: Flow Mirroring Configuration Example

    Flow mirroring configuration example Network requirements As shown in Figure 67, configure flow mirroring so that the server can monitor following traffic: • All traffic that the Technical department sends to access the Internet. • IP traffic that the Technical department sends to the Marketing department during working hours (8:00 to 18:00) on weekdays.

  • Page 191: Verifying The Configuration

    # Create QoS policy tech_p, and associate traffic class tech_c with traffic behavior tech_b in the QoS policy. [DeviceA] qos policy tech_p [DeviceA-qospolicy-tech_p] classifier tech_c behavior tech_b [DeviceA-qospolicy-tech_p] quit # Apply QoS policy tech_p to the incoming packets of GigabitEthernet 1/0/4. [DeviceA] interface gigabitethernet 1/0/4 [DeviceA-GigabitEthernet1/0/4] qos apply policy tech_p inbound [DeviceA-GigabitEthernet1/0/4] quit...

  • Page 192: Configuring Sflow

    Configuring sFlow sFlow is a traffic monitoring technique. As shown in Figure 68, the sFlow system involves an sFlow agent embedded in a device and a remote sFlow collector. The sFlow agent collects interface counter information and packet information and encapsulates the sampled information in sFlow packets. When the sFlow packet buffer is full, or the aging timer (fixed to 1 second) expires, the sFlow agent performs the following tasks: •...

  • Page 193: Configuring The Sflow Agent And Sflow Collector Information

    Configuring the sFlow agent and sFlow collector information Step Command Remarks Enter system view. system-view By default, no IP address is configured for the sFlow agent. The device periodically checks whether the sFlow agent has an IP address. If not, the device automatically selects an IPv4 address for the sFlow agent but does not save (Optional.) the IPv4 address in the configuration file.

  • Page 194: Configuring Counter Sampling

    Step Command Remarks support. Enable flow sampling and specify number By default, no flow sampling rate packets out of which flow sflow sampling-rate rate is configured. sampling samples a packet on the interface. (Optional.) Set the maximum The default setting is 128 bytes. number of bytes (starting from the packet header) that sflow flow max-header length...

  • Page 195: Sflow Configuration Example

    sFlow configuration example Network requirements As shown in Figure 69, perform the following tasks: • Configure flow sampling in random mode and counter sampling on GigabitEthernet 1/0/1 of the device to monitor traffic on the port. • Configure the device to send sampled information in sFlow packets through GigabitEthernet 1/0/3 to the sFlow collector.

  • Page 196: Verifying The Configuration

    Verifying the configuration # Verify that GigabitEthernet 1/0/1 enabled with sFlow is active, and sFlow is operating correctly. [Device-GigabitEthernet1/0/1] display sflow sFlow datagram version: 5 Global information: Agent IP: 3.3.3.1(CLI) Source address: Collector information: Port Aging Size VPN-instance Description 3.3.3.2 6343 1400 netserver...
  • Page 197 The number of bytes (use the default setting as a best practice) that flow sampling can copy  per packet.

  • Page 198: Monitoring And Maintaining Processes

    Monitoring and maintaining processes HPE Comware V7 is a full-featured, modular, and scalable network operating system based on the Linux kernel. Comware V7 software features run the following types of independent processes: • User process—Runs in user space. Most Comware V7 software features run user processes.

  • Page 199: Monitoring Kernel Threads

    Task Command blocks with a specified size used offset-size ] [ slot slot-number [ cpu cpu-number ] ] by a user process. Display memory content starting display process memory heap job job-id address starting-address from a specified memory block for length memory-length [ slot slot-number [ cpu cpu-number ] ] a user process.

  • Page 200: Configuring Kernel Thread Starvation Detection

    Configuring kernel thread starvation detection CAUTION: Inappropriate configuration of kernel thread starvation detection can cause service problems or system breakdown. Make sure you understand the impact of this configuration on your network before you configure kernel thread starvation detection. Starvation occurs when a thread is unable to access shared resources. Kernel thread starvation detection enables the system to detect and report thread starvation.
  • Page 201 Task Command reset kernel reboot slot slot-number Clear kernel thread reboot information. cpu-number ] ] reset kernel starvation [ slot slot-number [ cpu Clear kernel thread starvation information. cpu-number ] ]...

  • Page 202: Configuring Eaa

    Configuring EAA Overview Embedded Automation Architecture (EAA) is a monitoring framework that enables you to self-define monitored events and actions to take in response to an event. It allows you to create monitor policies by using the CLI or Tcl scripts. EAA framework EAA framework includes a set of event sources, a set of event monitors, a real-time event manager (RTM), and a set of user-defined monitor policies, as shown in...

  • Page 203: Elements In A Monitor Policy

    You can configure EAA monitor policies by using the CLI or Tcl. A monitor policy contains the following elements: • One event. • A minimum of one action. • A minimum of one user role. • One running time setting. For more information, see "Elements in a monitor policy."...

  • Page 204: Eaa Environment Variables

    • Executing a command. • Sending a log. • Enabling an active/standby switchover. • Executing a reboot without saving the running configuration. User role For EAA to execute an action in a monitor policy, you must assign the policy the user role that has access to the action-specific commands and resources.

  • Page 205: Configuring A User-Defined Eaa Environment Variable

    Variable name Description CLI: _cmd Commands that are matched. Syslog: _syslog_pattern Log message content. Hotplug: _slot ID of the IRF member device where a hot swap event occurs. _subslot ID of the slot on which a hot swap event occurs. Interface: _ifname Interface name.

  • Page 206: Configuration Restrictions And Guidelines

    Configuration restrictions and guidelines When you configure monitor policies, follow these restrictions and guidelines: • Make sure the actions in different policies do not conflict. Policy execution result will be unpredictable if policies that conflict in actions are running concurrently. •...

  • Page 207: Configuring A Monitor Policy By Using Tcl

    Step Command Remarks action number syslog priority level facility local-number msg msg • Configure active/standby switchover action: action number switchover By default, a monitor policy contains user roles that its creator had at the time of policy creation. An EAA policy cannot have both the security-audit user role and other user...

  • Page 208: Suspending Monitor Policies

    Table 21 Tcl script requirements Line Content Requirements This line must take the following format: ::comware::rtm::event_register eventname Line 1 Event, user roles, and policy runtime arg1 arg2 arg3 …user-role rolename1 | [ user-role rolename2 | [ ] ][ running-time running-time ] You can reference a variable name in the $variable_name format instead of specifying a value for an argument when you define an...
  • Page 209 When the event occurs, the system executes the command and sends the log message "hello world" to the information center. Configuration procedure # Create the CLI-defined policy test and enter its view. <Sysname> system-view [Sysname] rtm cli-policy test # Add a CLI event that occurs when a question mark (?) is entered at any command line that contains letters and digits.

  • Page 210: Cli-Defined Policy With Eaa Environment Variables Configuration Example

    CLI-defined policy with EAA environment variables configuration example Network requirements Define an environment variable to match the IP address 1.1.1.1. Configure a policy from the CLI to monitor the event that occurs when a command line that contains loopback0 is executed. In the policy, use the environment variable for IP address assignment. When the event occurs, the system performs the following tasks: •...

  • Page 211: Tcl-Defined Policy Configuration Example

    %Jan 3 09:46:10:613 2014 Sysname RTM/6/RTM_POLICY: CLI policy test is running successfully. # Verify that Loopback 0 has been created and assigned the IP address 1.1.1.1. <Sysname> terminal monitor <Sysname> display interface loopback brief Brief information on interface(s) under route mode: Link: ADM - administratively down;...
  • Page 212 %Jun 4 15:02:30:382 2013 Sysname RTM/6/RTM_POLICY: TCL policy test is running successfully.

  • Page 213: Configuring Cwmp

    Configuring CWMP Overview CPE WAN Management Protocol (CWMP), also called "TR-069," is a DSL Forum technical specification for remote management of home network devices. The protocol was initially designed to provide remote autoconfiguration through a server for large numbers of dispersed end-user devices in DSL networks. However, it has been increasingly used on other types of networks, including Ethernet, for remote autoconfiguration.

  • Page 214: How Cwmp Works

    The following are methods available for the ACS to issue configuration to the CPE: • Transfers the configuration file to the CPE, and specifies the file as the next-startup configuration file. At a reboot, the CPE starts up with the ACS-specified configuration file. •...
  • Page 215 Table 23 RPC methods RPC method Description The ACS obtains the values of parameters on the CPE. The ACS modifies the values of parameters on the CPE. The CPE sends an Inform message to the ACS for the following purposes: •...

  • Page 216: Configuration Task List

    Figure 2 CWMP message interaction procedure (1) Open TCP connection (2) SSL initiation (3) HTTP post (Inform) (4) HTTP response (Inform response) (5) HTTP post (empty) (6) HTTP response (GetParameterValues request) (7) HTTP post (GetParameterValues response) (8) HTTP response (SetParameterValues request) (9) HTTP post (SetParameterValues response) (10) HTTP response (empty) (11) Close connection...

  • Page 217: Enabling Cwmp From The Cli

    You can use DHCP option 43 to assign the ACS URL and ACS login authentication username and password. If the DHCP server is an HPE device, you can configure DHCP option 43 by using the option 43 hex 01length URL username password command.

  • Page 218: Configuring The Default Acs Attributes From The Cli

    The following example configures the ACS address as http://169.254.76.31:7547/acs, username as 1234, and password as 5678: <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] option 43 hex 0127687474703A2F2F3136392E3235342E37362E33313A373534372F61637320313233342035363738 Table 24 Hexadecimal forms of the ACS attributes Attribute Attribute value Hexadecimal form Length 39 characters 687474703A2F2F3136392E3235342E37362E33313A37353...

  • Page 219: Configuring Cpe Attributes

    Step Command Remarks (Optional.) Configure By default, no password has been cwmp acs default password password for authentication configured for authentication to { cipher | simple } password to the default ACS URL. the default ACS URL. Configuring CPE attributes You can assign CPE attribute values to the CPE from the CPE's CLI or the ACS.

  • Page 220: Configuring The Cwmp Connection Interface

    Configuring the CWMP connection interface The CWMP connection interface is the interface that the CPE uses to communicate with the ACS. To establish a CWMP connection, the CPE sends the IP address of this interface in the Inform messages, and the ACS replies to this IP address. Typically, the CPE selects the CWMP connection interface automatically.

  • Page 221: Enabling Nat Traversal For The Cpe

    Configuring the maximum number of connection retries The CPE retries a connection automatically when one of the following events occurs: • The CPE fails to connect to the ACS. • The connection is disconnected before the session on the connection is completed. The CPE considers a connection attempt as having failed when the close-wait timer expires.

  • Page 222: Specifying An Ssl Client Policy For Https Connection To Acs

    As shown in Figure 3, use HPE IMC BIMS as the ACS to bulk-configure the devices (CPEs), and assign ACS attributes to the CPEs from the DHCP server. The configuration files for the devices in equipment rooms A and B are configure1.cfg and...

  • Page 223: Configuration Procedure

    Figure 3 Network diagram DHCP Server DNS Server 10.185.10.41 10.185.10.52 10.185.10.60 Device A Device B Device C Device D Device E Device F Room A Room B Table 25 shows the ACS attributes for the CPEs to connect to the ACS. Table 25 ACS attributes Item Setting...
  • Page 224 a. Launch a Web browser on the ACS configuration terminal. b. In the address bar of the Web browser, enter the ACS URL and port number. This example uses http://10.185.10.41:8080/imc. c. On the login page, enter the ACS login username and password, and then click Login. Create a CPE user account: a.
  • Page 225 Figure 6 Adding a device group d. Select Service > Resource > Device Class from the top navigation bar. e. Click Add. f. On the Add Device Class page, enter a device class name for devices in equipment room A, and then click OK. In this example, the device class for devices in equipment room A is Device_A.
  • Page 226 Figure 8 Adding a CPE After the CPE is added successfully, a success message is displayed, as shown in Figure Figure 9 CPE added successfully Configure the system settings of the ACS, as shown in Figure...
  • Page 227 Figure 10 Configuring the system settings of the ACS Add configuration templates and software library entries for the two classes of devices: a. Select Service > BIMS > Configuration Management > Configuration Templates from the navigation tree. Figure 11 Configuring templates page b.
  • Page 228 Figure 12 Importing configuration template After the configuration template is added successfully, a success message is displayed, as shown in Figure Figure 13 Configuration templates...
  • Page 229 e. Select Service > BIMS > Configuration Management > Software Library from the top navigation bar. Figure 14 Configuring software library f. On the Software Library page, click Import…. g. On the Import CPE Software page, select the software images for the Device_A device class, add the Device_A class to the Applicable CPEs pane, and then click OK.
  • Page 230 Figure 16 Deployment Guide c. On the Auto Deploy Configuration page, click Select Class. Figure 17 Configuring auto deployment d. On the Device Class page, select Device_A, and then click OK.
  • Page 231 A. Configuring the DHCP server In this example, an HPE device is operating as the DHCP server. Configure an IP address pool to assign IP addresses and DNS server address to the CPEs.

  • Page 232: Verifying The Configuration

    # Enable DHCP server on VLAN-interface 1. [DHCP_server] interface vlan-interface 1 [DHCP_server-Vlan-interface1] dhcp select server global-pool [DHCP_server-Vlan-interface1] quit # Exclude the DNS server address 10.185.10.60 and the ACS IP address 10.185.10.41 from dynamic allocation. [DHCP_server] dhcp server forbidden-ip 10.185.10.41 [DHCP_server] dhcp server forbidden-ip 10.185.10.60 # Create DHCP address pool 0.

  • Page 233: Configuring Poe

    PSEs and midspan PSEs. HPE PSEs are endpoint PSEs. An HPE PSE can be a device with only one built-in PSE, or it can be a PoE-capable interface card or subcard on a device. A device with multiple PSEs uses PSE IDs to identify different PSEs.

  • Page 234: Enabling Poe

    Tasks at a glance Remarks (Required.) Enabling PoE: • Enabling PoE for a PSE • Enabling PoE for a PI (Optional.) Enabling nonstandard PD detection (Optional.) Configuring the maximum PI power (Optional.) Configuring PI power management (Optional.) Configuring PSE power monitoring (Optional.) Configuring a PI by using a PoE profile: •...

  • Page 235: Enabling Nonstandard Pd Detection

    The switch series transmits power over signal wires. NOTE: A PSE can supply power to a PD directly only when the PSE and PD use the same power transmission mode. If the PSE and PD use different power transmission modes, you must change the order of the lines in the twisted pair cable to supply power to the PD.

  • Page 236: Configuring Pi Power Management

    Configuring PI power management PI power management enables the PSE to perform priority-based PI power management in PSE power overload situations. In descending order, the power-supply priority levels of a PI are critical, high, and low. The PD priority is determined by the priority of the PI to which the PD is connected. All PSEs use the same PI power management mechanism.

  • Page 237: Configuring Poe Monitoring

    Step Command Remarks (Optional.) Configure poe priority { critical | high | By default, the power supply power supply priority for a PI. low } priority for the PSE is low. Configuring PoE monitoring When the PoE monitoring function is enabled, the system monitors PSEs and PDs in real time. If a specific value exceeds the threshold, the system automatically takes self-protection measures.

  • Page 238: Applying A Poe Profile

    Step Command Remarks Create a PoE profile, and poe-profile profile-name [ index ] enter PoE profile view. default, this function Enable PoE. poe enable disabled. (Optional.) Configure The default maximum PI power is poe max-power max-power maximum PI power. 30000 milliwatts. (Optional.) Configure poe priority { critical | high |...

  • Page 239: Displaying And Maintaining Poe

    Step Command Enter system view. system-view Upgrade the PSE firmware in service. poe update { full | refresh } filename [ pse pse-id ] Displaying and maintaining PoE Execute display commands in any view. Task Command display poe device [ slot slot-number ] Display PSE information.

  • Page 240: Troubleshooting Poe

    [PSE] poe enable pse 1 # Enable PoE on GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3, and configure their power supply priority as critical. [PSE] interface gigabitethernet 1/0/1 [PSE-GigabitEthernet1/0/1] poe enable [PSE-GigabitEthernet1/0/1] poe priority critical [PSE-GigabitEthernet1/0/1] quit [PSE] interface gigabitethernet 1/0/2 [PSE-GigabitEthernet1/0/2] poe enable [PSE-GigabitEthernet1/0/2] poe priority critical [PSE-GigabitEthernet1/0/2] quit...

  • Page 241: Failure To Apply A Poe Profile To A Pi

    Failure to apply a PoE profile to a PI Symptom PoE profile application for a PI failed. Analysis Possible reasons include: • Some configurations in the PoE profile are already configured. • Some configurations in the PoE profile do not meet the configuration requirements of the PI. •...

  • Page 242: Configuring The Packet Capture

    Configuring the packet capture Overview The packet capture feature captures incoming packets that are to be forwarded in CPU. The feature displays the captured packets in real time, and allows you to save the captured packets to a .pcap file for future analysis.
  • Page 243 Category Description Examples field. If you do not specify a direction qualifier, the src or dst qualifier • src or dst—Matches the source or applies. destination IP address field. NOTE: The src or dst qualifier applies if you do not specify a direction qualifier.
  • Page 244 Capture filter operators Capture filters support logical operators (Table 29), arithmetic operators (Table 30), and relational operators (Table 31). Logical operators can use both alphanumeric and nonalphanumeric symbols. The arithmetic and relational operators can use only nonalphanumeric symbols. Logical operators are left associative. They group from left to right. The not operator has the highest priority.
  • Page 245 Table 31 Relational operators for capture filters Nonalphanumeric Description symbol Equal to. For example, ip[6]=0x1c matches an IPv4 packet if its seventh byte of payload is equal to 0x1c. Not equal to. For example, len!=60 matches a packet if its length is not equal to 60 bytes. Greater than.
  • Page 246 Variable Description type • ip.len le 1500. • ip.len le 02734. • ip.len le 0x436. This variable type has two values: true or false. This variable type applies if you use a packet field string alone to identify the presence of a field in a packet.

  • Page 247: Building A Capture Filter

    Nonalphanumeri Alphanumeric Description symbol symbol Joins two conditions. && Use this operator to display traffic that matches both conditions. Joins two conditions. Use this operator to display traffic that matches either of the conditions. Table 35 Relational operators for display filters Nonalphanumeric Alphanumeric Description...

  • Page 248: Building A Display Filter

    The expr relop expr expression Use this type of expression to capture packets that match the result of arithmetic operations. This expression contains keywords, arithmetic operators (expr), and relational operators (relop). For example, len+100>=200 captures packets that are greater than or equal to 100 bytes. The proto [ expr:size ] expression Use this type of expression to capture packets that match the result of arithmetic operations on a number of bytes relative to a protocol layer.

  • Page 249: Prerequisites

    Packet field expressions contain only packet field strings. For example, tcp.flags.syn displays all TCP packets that contain the SYN bit field. The proto[…] expression Use this type of expression to display packets that contain specific field values. This type of expression contains the following elements: •...

  • Page 250: Displaying The Contents In A Packet File

    Task Command • Save captured packets file: packet-capture interface interface-type interface-number [ capture-filter capt-expression | limit-captured-frames limit | limit-frame-size bytes | autostop filesize kilobytes | autostop duration seconds | autostop files numbers | capture-ring-buffer filesize kilobytes capture-ring-buffer duration seconds Capture incoming packets capture-ring-buffer files numbers ] * write filepath [ raw | { brief | on an interface.

  • Page 251: Packet File Display Configuration Example

    Configuration procedure # Create an IPv4 advanced ACL to match packets that are sourced from 192.168.56.0/24. <SwitchA> system-view [SwitchA] acl number 3000 [SwitchA-acl-adv-3000] rule permit ip source 192.168.56.0 0.0.0.255 # Configure a traffic behavior to mirror traffic to the CPU. <SwitchA>...
  • Page 252 • Capture 10 incoming packets on GigabitEthernet 1/0/1 and save the packets to a packet file. • Display contents in the file. Figure 24 Network diagram HostA 192.168.56.1/24 GE1/0/1 Internet GE1/0/2 SwitchA HostB 192.168.56.2/24 Configuration procedure # Capture packets on GigabitEthernet 1/0/1. Set the maximum number of captured packets to 10. Save the packets to the file flash:/a.pcap.

  • Page 253: Configuring Netconf

    Configuring NETCONF Overview Network Configuration Protocol (NETCONF) is an XML-based network management protocol with filtering capabilities. It provides programmable mechanisms to manage and configure network devices. Through NETCONF, you can configure device parameters, retrieve parameter values, and get statistics information. In NETCONF messages, each data item is contained in a fixed element.

  • Page 254: Netconf Message Format

    NETCONF message format NETCONF IMPORTANT: When configuring NETCONF in XML view, you must add the end mark "]]>]]>" at the end of an XML message. Otherwise, the device cannot identify the message. Examples in this chapter do not have this end mark. Do add it in actual operations. All NETCONF messages are XML-based and comply with RFC 4741.

  • Page 255: How To Use Netconf

    <env:Body> <rpc message-id ="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-bulk> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface/> </Interfaces> </Ifmgr> </top> </filter> </get-bulk> </rpc> </env:Body> </env:Envelope> How to use NETCONF You can use NETCONF to manage and configure the device by using the methods in Table Table 37 NETCONF methods for configuring the device Configuration tool...

  • Page 256: Fips Compliance

    FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode (see Security Configuration Guide) and non-FIPS mode. NETCONF configuration task list Task at a glance (Optional.) Enabling NETCONF over SOAP (Optional.)

  • Page 257: Enabling Netconf Over Ssh

    Enabling NETCONF over SSH This feature allows users to use a client to perform NETCONF operations on the device through a NETCONF-over-SSH connection. To enable NETCONF over SSH: Step Command Remark Enter system view. system-view Enable NETCONF over By default, NETCONF over SSH is netconf ssh server enable SSH.

  • Page 258: Entering Xml View

    Task Command Remarks Enter system view. system-view By default, the NETCONF session idle timeout time is as follows: • 10 minutes for NETCONF over SOAP Set the NETCONF netconf { soap | agent } over HTTP sessions and NETCONF session idle timeout idle-timeout minute over SOAP over HTTPS sessions.

  • Page 259: Subscription Procedure

    A subscription takes effect only on the current session. If the session is terminated, the subscription is automatically canceled. You can send multiple subscription messages to subscribe to notification of multiple events. Subscription procedure # Copy the following message to the client to complete the subscription: <?xml version="1.0"...

  • Page 260: Example For Subscribing To Event Notifications

    For more information about error messages, see RFC 4741. Example for subscribing to event notifications Network requirements Configure a client to subscribe to all events with no time limitation. After the subscription is successful, all events on the device are sent to the client before the session between the device and client is terminated.

  • Page 261: Locking/Unlocking The Configuration

    # When another client (192.168.100.130) logs in to the device, the device sends a notification to the client that has subscribed to all events: <?xml version="1.0" encoding="UTF-8"?> <notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0"> <eventTime>2011-01-04T12:30:52</eventTime> <event xmlns="http://www.hp.com/netconf/event:1.0"> <Group>SHELL</Group> <Code>SHELL_LOGIN</Code> <Slot>6</Slot> <Severity>Notification</Severity> <context>VTY logged in from 192.168.100.130.</context> </event>...

  • Page 262: Example For Locking The Configuration

    <target> <running/> </target> </unlock> </rpc> After receiving the unlock request, the device returns a response in the following format if the unlock operation is successful: <?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply> Example for locking the configuration Network requirements Lock the device configuration so that other users cannot change the device configuration.

  • Page 263: Performing Service Operations

    <rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <rpc-error> <error-type>protocol</error-type> <error-tag>lock-denied</error-tag> <error-severity>error</error-severity> <error-message xml:lang="en">Lock failed because the NETCONF lock is held by another session.</error-message> <error-info> <session-id>1</session-id> </error-info> </rpc-error> </rpc-reply> The output shows that the lock operation failed because the client with session ID 1 held the lock, and only the client holding the lock can release the lock.

  • Page 264: Performing The Get-Config/Get-Bulk-Config Operation

    • If the module name and the submodule name are not provided, the operation retrieves the data for all modules and submodules. If a module name or a submodule name is provided, the operation retrieves the data for the specified module or submodule. •...

  • Page 265: Performing The Edit-Config Operation

    The <get-config> and <get-bulk-config> messages are similar. The following is a <get-config> message example: <?xml version="1.0"?> <rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter> <top xmlns="http://www.hp.com/netconf/config:1.0"> Specify the module name, submodule name, table name, and column name </top> </filter> </get-config> </rpc>...

  • Page 266: All-Module Configuration Data Retrieval Example

    <rpc-reply message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply> # Perform the get operation to verify that the current value of the parameter is the same as the value specified through the edit-config operation. (Details not shown.) All-module configuration data retrieval example Network requirements Retrieve configuration data for all modules.

  • Page 267: Syslog Configuration Data Retrieval Example

    <IfIndex>1309</IfIndex> <Shutdown>1</Shutdown> </Interface> <Interface> <IfIndex>1311</IfIndex> <VlanType>2</VlanType> </Interface> <Interface> <IfIndex>1313</IfIndex> <VlanType>2</VlanType> </Interface> </Interfaces> </Ifmgr> <Syslog> <LogBuffer> <BufferSize>120</BufferSize> </LogBuffer> </Syslog> <System> <Device> <SysName>Sysname</SysName> <TimeZone> <Zone>+11:44</Zone> <ZoneName>beijing</ZoneName> </TimeZone> </Device> </System> </top> </data> </rpc-reply> Syslog configuration data retrieval example Network requirements Retrieve configuration data for the Syslog module. Configuration procedure # Enter XML view.

  • Page 268: Example For Retrieving A Data Entry For The Interface Table

    </capability> </capabilities> </hello> # Retrieve configuration data for the Syslog module. <rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/config:1.0"> <Syslog/> </top> </filter> </get-config> </rpc> Verifying the configuration If the client receives the following text, the get-config operation is successful: <?xml version="1.0"...

  • Page 269: Example For Changing The Value Of A Parameter

    <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:web="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-bulk> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0" xmlns:web="http://www.hp.com/netconf/base:1.0"> <Ifmgr> <Interfaces web:count="1"> </Interfaces> </Ifmgr> </top> </filter> </get-bulk> </rpc> Verifying the configuration If the client receives the following text, the get-bulk operation is successful: <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:web="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <data> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr>...

  • Page 270: Saving, Rolling Back, And Loading The Configuration

    Configuration procedure # Enter XML view. <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability>urn:ietf:params:netconf:base:1.0</capability> </capabilities> </hello> # Change the log buffer size for the Syslog module to 512. <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:web="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <running/> </target> <config> <top xmlns="http://www.hp.com/netconf/config:1.0" web:operation="merge"> <Syslog>...

  • Page 271: Rolling Back The Configuration Based On A Configuration File

    The name of the specified configuration file must start with the storage media name and end with the extension .cfg. The total length of the save path and file name must be no more than 191 characters. If the text includes the file column, you must specify the file name. The specified file will be used as the next-startup configuration file.
  • Page 272 You can repeat this step to configure multiple rollback points. Roll back the configuration based on the rollback point. For more information, see"Performing the save-point/rollback operation." The configuration can also be rolled back automatically when the NETCONF session idle time exceeds the rollback idle timeout time.
  • Page 273 <commit> <commit-id>2</commit-id> </commit> </save-point> </data> </rpc-reply> Performing the save-point/rollback operation # Copy the following text to the client to roll back the configuration: <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <save-point> <rollback> <commit-id/> <commit-index/> <commit-label/> </rollback> </save-point> </rpc> The <commit-id/> parameter uniquely identifies a rollback point. The <commit-index/>...
  • Page 274 <commit-label/> </get-commits> </save-point> </rpc> Specify one of the <commit-id>, <commit-index>, and <commit-label> parameters to get the specified rollback point configuration records. If no parameter is specified, this operation gets records for all rollback point configuration. The following text is a <save-point>/<get-commits> request example: <rpc message-id="101"...

  • Page 275: Loading The Configuration

    parameter is optional. If no parameter is specified, this operation gets the configuration data corresponding to the most recently configured rollback point. The following text is a <save-point>/< get-commit-information> request example: <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <save-point> <get-commit-information> <commit-information> <commit-label>SUPPORT VLAN</commit-label> </commit-information> </get-commit-information>...

  • Page 276: Example For Saving The Configuration

    xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply> Example for saving the configuration Network requirements Save the current configuration to the configuration file my_config.cfg. Configuration procedure # Enter XML view. <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> </capabilities> </hello> # Save the configuration of the device to the configuration file my_config.cfg. <?xml version="1.0"...
  • Page 277 <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface> <AdminStatus>2</AdminStatus> </Interface> </Interfaces> </Ifmgr> </top> </filter> </get> </rpc> You can also specify an attribute name that is the same as a column name of the current table at the row to implement full match. The system returns only configuration data that matches this attribute name.
  • Page 278 <Description hp:regExp="[A-Z]*"/> </Interface> </Interfaces> </Ifmgr> </top> </filter> </get-config> </rpc> • Conditional match To implement a complex data filtering with digits and character strings, you can add a match attribute for a specific element. Table 38 lists the conditional match operators. Table 38 Conditional match operators Operation Operator...

  • Page 279: Example For Filtering Data With Regular Expression Match

    </top> </filter> </get> </rpc> • Table-based match You can specify a match criterion for the row attribute filter to implement a table-based match, for example, IP address filtering. For the table-based match to take effect, you must use this filtering method before full match, regular expression match, and conditional match. Table-based match applies only to multi-instance tables with namespace http://www.hp.com/netconf/base:1.0.
  • Page 280 xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:reg="http://www.hp.com/netconf/base:1.0"> <get> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface> <Description reg:regExp=":"/> </Interface> </Interfaces> </Ifmgr> </top> </filter> </get> </rpc> Verifying the configuration If the client receives the following text, the operation is successful: <?xml version="1.0" encoding="UTF-8"?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:reg="http://www.hp.com/netconf/base:1.0" message-id="100"> <data>...

  • Page 281: Example For Filtering Data By Conditional Match

    Example for filtering data by conditional match Network requirements Retrieve data in the Name column with the ifindex value not less than 5000 in the Interfaces table under the Ifmgr module. Configuration procedure # Enter XML view. <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">...

  • Page 282: Performing Cli Operations Through Netconf

    <Name>NULL0</Name> </Interface> <Interface> <IfIndex>7243</IfIndex> <Name>Register-Tunnel0</Name> </Interface> </Interfaces> </Ifmgr> </top> </data> </rpc-reply> Performing CLI operations through NETCONF You can enclose command lines in XML messages to configure the device. Configuration procedure # Copy the following text to the client to execute the commands: <?xml version="1.0"...

  • Page 283: Retrieving Netconf Session Information

    <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> </capabilities> </hello> # Copy the following text to the client to execute the display current-configuration command: <?xml version="1.0" encoding="UTF-8"?> <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <CLI> <Execution> display current-configuration </Execution> </CLI> </rpc> Verifying the configuration If the client receives the following text, the operation is successful: <?xml version="1.0"...
  • Page 284 </rpc> After receiving the get-sessions request, the device returns a response in the following format if the get-sessions operation is successful: <?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-sessions> <Session> <SessionID>Configuration session ID </SessionID> <Line>line information</Line> <UserName>Name of the user creating the session</UserName> <Since>Time when the session was created</Since>...

  • Page 285: Terminating Another Netconf Session

    Terminating another NETCONF session NETCONF allows one client to terminate the NETCONF session of another client. The client whose session is terminated returns to user view. # Copy the following message to the client to terminate the specified NETCONF session: <rpc message-id="101"...

  • Page 286: Returning To The Cli

    <ok/> </rpc-reply> Returning to the CLI To return from XML view to the CLI, send the following close-session request: <?xml version="1.0"?> <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <close-session/> </rpc> When the device receives the close-session request, it sends the following response and returns to CLI's user view: <?xml version="1.0"...

  • Page 287: Appendix

    Appendix Appendix A Supported NETCONF operations Table 39 lists the NETCONF operations available with Comware V7. Table 39 NETCONF operations Operation Description XML example retrieve device configuration state information for the Syslog module: <rpc message-id ="101" xmlns="urn:ietf:params:xml:ns:netconf:ba se:1.0" xmlns:xc="http://www.hp.com/netconf/base :1.0"> <get>...
  • Page 288 Operation Description XML example retrieve device configuration state information for all interface: <rpc message-id ="100" xmlns="urn:ietf:params:xml:ns:netconf:ba se:1.0"> <get-bulk> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1. Retrieves a number of data 0"> entries (including device configuration state <Ifmgr> get-bulk information) starting from the <Interfaces xc:count=”5”...
  • Page 289 Operation Description XML example NETCONF :base:1.0"> documents. <top xmlns="http://www.hp.com/netconf/config: 1.0"> <VLAN xc:operation="merge"> <HybridInterfaces> <Interface> <IfIndex>262</IfIndex> <UntaggedVlanList incremental=”true”>1-10</Description> </Interface> </HybridInterfaces> </VLAN> </top> </config> </edit-config> </rpc> To change the buffer size to 120: <rpc message-id ="101" xmlns="urn:ietf:params:xml:ns:netconf:ba se:1.0" Changes running xmlns:xc="urn:ietf:params:xml:ns:netconf configuration. :base:1.0">...
  • Page 290 Operation Description XML example Replaces the specified target. • specified target exists, operation replaces the configuration of the target with the configuration carried in the message. • If the specified target does The syntax is the same as the edit-config message edit-config: not exist but is allowed to with the merge attribute.
  • Page 291 Operation Description XML example method. <rpc message-id ="101" xmlns="urn:ietf:params:xml:ns:netconf:ba If you do not specify an se:1.0"> operation attribute edit-config message, <edit-config> NETCONF uses one of the <target> following default operation <running/> attributes: merge, create, </target> delete, replace. Your setting of the value for the <default-operation>...
  • Page 292 Operation Description XML example <Interfaces> <Interface> <Index>262</Index> <Description>222</Description> <ConfigSpeed>100</ConfigSpeed> <ConfigDuplex>1</ConfigDuplex> </Interface> <Interface> <Index>263</Index> <Description>333</Description> <ConfigSpeed>100</ConfigSpeed> <ConfigDuplex>1</ConfigDuplex> </Interface> </Interfaces> </Ifmgr> </top> </config> </edit-config> </rpc> To issue the configuration for an interface for test purposes: <rpc message-id ="101" xmlns="urn:ietf:params:xml:ns:netconf:ba se:1.0"> Determines whether to issue a <edit-config>...
  • Page 293 Operation Description XML example </Ifmgr> </top> </config> </edit-config> </rpc> To clear statistics information for all interfaces: <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:ba se:1.0"> <action> <top xmlns="http://www.hp.com/netconf/action: 1.0"> Issues actions that are not for <Ifmgr> action configuring data, for example, <ClearAllIfStatistics> reset action. <Clear> </Clear>...
  • Page 294 Operation Description XML example To terminate the NETCONF session for the current Terminates NETCONF user: session for the current user, to unlock the configuration and <rpc message-id="101" close-session release resources (for xmlns="urn:ietf:params:xml:ns:netconf:ba se:1.0"> example, memory) this session. This operation logs the <close-session/>...
  • Page 295 Operation Description XML example To roll back the current configuration to the Rolls back the configuration. To configuration in the file 1A.cfg: do so, you must specify the <rpc message-id="101" configuration file in the <file> xmlns="urn:ietf:params:xml:ns:netconf:ba element. After device se:1.0"> rollback finishes the rollback operation, the current device configuration...

  • Page 296: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.

  • Page 297: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 298: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 299: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 300 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 302: Index

    Index packet capture filter operator, packet capture operator, access control assigning SNMP MIB, CWMP ACS attribute (preferred)(CLI), SNMP view-based MIB, CWMP ACS attribute (preferred)(DHCP server), accessing NTP access control, port mirroring monitor port to remote probe VLAN, NTP access control rights, SNMP access control mode, associating IPv6 NTP client/server association mode,...
  • Page 303 broadcast NQA client template (HTTP), NMM NTP association mode, NQA client template (HTTPS), NMM NTP broadcast association mode with NQA client template (ICMP), authentication, NQA client template (SSL), NTP broadcast association mode, 9, 14, 20 NQA client template (TCP half open), NTP broadcast client configuration, NQA client template (TCP), NTP broadcast mode dynamic associations...
  • Page 304 common Layer 3 remote port mirroring local group monitor port, information center common logs, Layer 3 remote port mirroring local group monitor comparing port (system view), packet capture display filter operator, Layer 3 remote port mirroring local group source packet capture filter operator, ports, conditional match NETCONF data filtering, 267,...
  • Page 305 NQA client operation (voice), NTP client/server mode+authentication, NQA client operation optional parameters, NTP dynamic associations max, NQA client statistics collection, NTP local clock as reference source, NQA client template, NTP multicast association mode, NQA client template (DNS), NTP multicast client, NQA client template (FTP), NTP multicast mode authentication, NQA client template (HTTP),...
  • Page 306 SNMPv1, basic functions, SNMPv1 agent host notification, configuration, 204, 207, 213 SNMPv1 basics, CPE, SNMPv2c, CPE ACS authentication parameters, SNMPv2c agent host notification, CPE ACS connection interface, SNMPv2c basics, CPE ACS provision code, SNMPv3 agent host notification, CPE attribute configuration, SNMPv3 basics, CPE NAT traversal, SNTP,...
  • Page 307 ping address reachability, NMM NTP broadcast mode with authentication, device NMM NTP client/server mode with MPLS VPN CWMP configuration, 204, 207, 213 time synchronization, information center configuration, 50, 54, 62 NMM NTP multicast association mode, information center log output configuration NMM NTP symmetric active/passive mode with (console), 62, 62...
  • Page 308 information center interface link up/link down event monitor policy user role, log generation, event source, NTP message receiving, how it works, displaying monitor policy, CWMP settings, monitor policy configuration, EAA settings, monitor policy configuration (CLI), information center, monitor policy configuration (CLI-defined), NQA, monitor policy configuration NTP,...
  • Page 309 CWMP configuration, 204, 207, 213 firmware Layer 2 remote port mirroring configuration, PoE PSE firmware upgrade, flow Layer 3 remote port mirroring configuration, mirroring. See flow mirroring Sampled Flow. Use sFlow PoE configuration, 224, 224 flow mirroring port mirroring configuration, 156, 170 configuration, 178, 178, 181...
  • Page 310 history interface link up/link down log generation, NQA client history record save, log default output rules, RMON group, log output (console), RMON history control entry, log output (log buffer), RMON history group configuration, log output (log host), host log output (monitor terminal), information center log output (log host), log output configuration (console), SNMP agent host notification,...
  • Page 311 NQA client operation (UDP echo), NTP symmetric active/passive association mode, NQA client operation (UDP jitter), NQA client operation (UDP tracert), NQA client operation (voice), kernel thread NQA client operation optional parameters, display, NQA client operation scheduling, Linux process, NQA client statistics collection, maintain, NQA client template (DNS), PMM,...
  • Page 312 NMM NETCONF configuration, 252, 253 packet capture display filter operator, logging packet capture filter configuration (logical expression), information center common logs, packet capture filter operator, information center configuration, 50, 54, 62 packet capture operator, information center custom logs, information center diagnostic log save (log file), maintaining information center diagnostic logs,...
  • Page 313 feature module debug, configuration rollback (configuration file-based), information center configuration, 50, 54, 62 configuration rollback (rollback point-based), NMM NETCONF configuration data retrieval (all modules), configuration save, 261, 261, 267 NMM NETCONF configuration data retrieval data entry retrieval (interface table), (Syslog module), data filtering, NMM NETCONF data entry retrieval (interface data filtering (conditional match),...
  • Page 314 information center security log file NQA operation configuration (DLSw), management, NQA operation configuration (DNS), information center security log save (log file), NQA operation configuration (FTP), NQA operation configuration (HTTP), information center synchronous log output, NQA operation configuration (ICMP echo), information center system log types, NQA operation configuration (ICMP jitter), information center trace log file max size, NQA operation configuration (path jitter),...
  • Page 315 information center configuration, 50, 54, 62 EAA monitor policy configuration, NMM IPv6 NTP multicast association mode, EAA monitor policy configuration (CLI), EAA monitor policy configuration (CLI-defined), NMM NETCONF configuration, NMM NTP broadcast association mode, EAA monitor policy configuration (CLI-defined+environment variables), NMM NTP broadcast mode with authentication, EAA monitor policy configuration (Tcl),...
  • Page 316 IPv6 NTP client/server association mode NETCONF save-point/get-commits operation, configuration, IPv6 NTP multicast association mode NETCONF save-point/rollback operation, configuration, NETCONF service operations, IPv6 NTP symmetric active/passive NETCONF session establishment, association mode configuration, NETCONF session information retrieval, Layer 2 remote port mirroring (egress port), NETCONF session termination, NETCONF supported operations, Layer 2 remote port mirroring configuration,...
  • Page 317 NQA operation configuration (path jitter), NTP protocols and standards, NQA operation configuration (SNMP), NTP security, NQA operation configuration (TCP), NTP symmetric active/passive association mode configuration, NQA operation configuration (UDP echo), NTP symmetric active/passive mode NQA operation configuration (UDP jitter), authentication configuration, NQA operation configuration (UDP tracert), NTP symmetric active/passive mode with MPLS VPN time synchronization,...
  • Page 318 SNMP agent host notification, client operation (DHCP), SNMP basics configuration, client operation (DLSw), SNMP configuration, client operation (DNS), SNMP framework, client operation (FTP), SNMP Get operation, client operation (HTTP), SNMP logging configuration, client operation (ICMP echo), SNMP MIB, client operation (ICMP jitter), SNMP notification, client operation (path jitter), SNMP protocol versions,...
  • Page 319 template configuration (DNS), MPLS L3VPN instance support, template configuration (FTP), multicast association mode, template configuration (HTTP), multicast association mode configuration, 15, 33 template configuration (HTTPS), multicast client configuration, template configuration (ICMP), multicast mode authentication configuration, template configuration (SSL), multicast mode dynamic associations max, template configuration (TCP half open), multicast server configuration, template configuration (TCP),...
  • Page 320 Layer 3 remote port mirroring configuration, PoE PD detection (nonstandard), NTP DSCP value setting, performing packet capture display filter configuration NETCONF save-point/begin operation, (packet field expression), NETCONF save-point/commit operation, port mirroring configuration, 156, 170 NETCONF save-point/end operation, SNTP configuration, 46, 46, 48 NETCONF save-point/get-commit-information packet capture operation,...
  • Page 321 profile configuration, port mirroring profile PI configuration, classification, PSE firmware upgrade, configuration, 156, 170 PSE power monitoring configuration, configuring local mirroring to support multiple monitor ports, troubleshoot, destination, troubleshoot PI critical priority failure, destination device, troubleshoot PoE profile failure, direction, policy display, CWMP ACS HTTPS SSL client policy,...
  • Page 322 sourcing equipment. Use configuring EAA monitor policy (Tcl-defined), private configuring flow mirroring, 178, 181 RMON private alarm group, configuring flow mirroring match criteria, procedure configuring flow mirroring QoS policy, applying flow mirroring QoS policy, configuring flow mirroring traffic behavior, applying flow mirroring QoS policy (control configuring information center, plane), configuring information center log output...
  • Page 323 configuring local port mirroring with multiple configuring NQA client template (TCP half open), monitor ports, configuring NMM IPv6 NTP multicast configuring NQA client template (TCP), association mode, configuring NQA client template (UDP), configuring NMM NETCONF, configuring NQA client template optional configuring NMM NTP broadcast association parameters, mode,...
  • Page 324 configuring NTP multicast client, configuring SNMPv1, configuring NTP multicast mode configuring SNMPv1 agent host notification, authentication, configuring SNMPv1 basics, configuring NTP multicast server, configuring SNMPv2c, configuring NTP optional parameters, configuring SNMPv2c agent host notification, configuring NTP symmetric active/passive configuring SNMPv2c basics, association mode, 14, 29 configuring SNMPv3 agent host notification,...
  • Page 325 enabling SNTP, retrieving NMM NETCONF configuration data (all modules), entering NMM NETCONF XML view, retrieving NMM NETCONF configuration data establishing NMM NETCONF session, (Syslog module), exchanging NMM NETCONF capabilities, retrieving NMM NETCONF data entry (interface filtering NETCONF data (regex match), table), filtering NMM NETCONF data, retrieving NMM NETCONF session information,...
  • Page 326 SNMP versions, port mirroring source group remote probe VLAN, provision code (ACS), port mirroring source group source ports, Remote Network Monitoring. Use RMON PoE configuration, 224, 224 remote probe VLAN PoE configuration (uni-PSE device), Layer 2 remote port mirroring, PoE enabling, port mirroring monitor port to remote probe VLAN power monitoring configuration, assignment,...
  • Page 327 NETCONF save-point/commit operation, NETCONF save-point/end operation, sampling NETCONF save-point/get-commit-information Sampled Flow. Use sFlow operation, sFlow counter sampling, NETCONF save-point/get-commits operation, sFlow flow sampling configuration, saving NETCONF save-point/rollback operation, information center diagnostic logs (log file), rolling back information center log (log file), NETCONF configuration (rollback information center security logs (log file), point-based),...
  • Page 328 session SNMPv1 basic parameter configuration, NETCONF session idle timeout time, SNMPv1 configuration, NMM NETCONF session establishment, SNMPv2c basic parameter configuration, NMM NETCONF session information SNMPv2c configuration, retrieval, SNMPv3 basic parameter configuration, NMM NETCONF session termination, SNMPv3 configuration (RBAC mode ), set operation SNMPv3 configuration (VACM mode ), SNMP,...
  • Page 329 statistics information center interface link up/link down log generation, NQA client statistics collection, information center log destinations, RMON configuration, 82, 86 information center log levels, RMON Ethernet statistics entry, information center log output (console), RMON Ethernet statistics group, information center log output (log buffer), RMON Ethernet statistics group configuration, information center log output (log host), RMON history control entry,...
  • Page 330 NQA client template (DNS), tracing NQA client template (FTP), information center trace log file max size, NQA client template (HTTP), Track NQA client template (HTTPS), NQA client+Track collaboration, NQA client template (ICMP), NQA collaboration, NQA client template (SSL), NQA collaboration configuration, NQA client template (TCP half open), traffic NQA client template (TCP),...
  • Page 331 NQA template configuration, port mirroring remote source group remote probe VLAN, NTP association mode, voice NTP client/server association mode, NQA client operation, NTP client/server mode+authentication, NQA operation configuration, NTP configuration, 7, 12, 26 NTP symmetric active/passive association mode, NTP MPLS L3VPN instance support, sFlow configuration, 183, 183, 186 UNIX...

Table of Contents

Save PDF