Download Print this page

Hewlett Packard Enterprise Aruba 3810 Management And Configuration Manual

Hewlett Packard Enterprise Aruba 3810 Management And Configuration Manual

Arubaos switch 16.08

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual

Aruba 3810 / 5400R Management and

Configuration Guide for ArubaOS-

Switch 16.08

Part Number: 5200-5491a

Published: January 2019

Edition: 2

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the Aruba 3810 and is the answer not in the manual?

Questions and answers

Summary of Contents for Hewlett Packard Enterprise Aruba 3810

Page 1 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS- Switch 16.08 Part Number: 5200-5491a Published: January 2019 Edition: 2...
Page 2 Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website. Acknowledgments ®...
Page 3: Table Of Contents
Contents Chapter 1 About this guide................Applicable products..........................33 Switch prompts used in this guide......................Chapter 2 Time synchronization..............NTP................................34 NTP related commands........................ timesync..........................timesync ntp........................ntp............................[no] ntp..........................enable...........................36 authentication....................... max-associations......................38 server........................... ntp server key-id.........................40 ipv6-multicast....................... debug ntp........................... trap..........................show ntp servers .......................
Page 4 Disabling time synchronization in DHCP mode by disabling the TimeP mode parameter............................. ip timep Other time protocol commands........................75 Show management command...................... show management......................Show SNTP command........................75 show sntp........................... Show TimeP command......................... show........................... Chapter 3 Resource usage................Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 5 Viewing current resource usage.......................79 showquos............................Viewing information on resource usage....................80 When insufficient resources are available..................81 Policy enforcement engine......................81 Usage notes for show resources output..................82 Chapter 4 Hardware components..............Services..............................Show services..........................parameters..........................show services........................84 Show services locator........................Show services device........................86 show services device......................
Page 6 Using pattern matching with the show interfaces custom command .....134 Auto-MDIX configurations........................Manual override.......................... About using friendly port names......................Configuring and operating rules for friendly port names............. Uni-directional link detection (UDLD).....................136 Configuring UDLD........................Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 7 Prerequisites........................Uplink Failure Detection.........................137 Configuration Guidelines for UFD....................enable/disable........................139 uplink-failure-detection..................... configuration........................uplink-failure-detection track.................139 show uplink-failure-detection................140 Port Shutdown with Broadcast Storm....................Configuration Commands......................fault-finder broadcast-storm..................... Viewing broadcast-storm configuration..................show fault-finder broadcast-storm..................Broadcast-storm event logs......................Multicast Storm Control..........................146 Overview............................. fault-finder multicast-storm..................146 fault-finder multicast-storm action.................148 show running-config....................
Page 8 Viewing and configuring a static trunk group (Menu)................183 Enable L4-based trunk load balancing....................185 trunk-load-balance........................Viewing trunk load balancing......................... show trunks..........................Operating notes...........................187 Distributed trunking..........................Configure ISC ports........................187 switch-interconnect......................187 Configuring distributed trunking ports..................trunk..........................Configuring peer-keepalive links....................Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 9 distributed-trunking......................189 Viewing distributed trunking information..................189 show lacp distributed......................189 show distributed-trunk...................... Viewing peer-keepalive configuration..................191 Viewing switch interconnect......................Port trunk operations..........................191 Fault tolerance ........................... Trunk configuration methods........................191 Dynamic LACP trunk........................191 Dynamic LACP Standby Links....................Viewing LACP Local Information....................192 Viewing LACP Peer Information....................192 Viewing LACP Counters......................193 Using keys to control dynamic LACP trunk...
Page 10 Viewing the current port speed and duplex configuration on a switch port..........249 show interfaces........................... Viewing the configuration........................251 show running-config........................RMON advanced management......................rmon alarm..........................Configuring UDLD verify before forwarding................... Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 11 UDLD time delay......................... Restrictions........................255 UDLD configuration commands....................link-keepalive mode......................256 show link-keepalive........................RMON generated when user changes UDLD mode..............MAC configurations..........................257 Configuring the MAC address count option................snmp-server mac-count-notify..................257 Configuring the MAC address table change option..............257 snmp-server mac-notify....................258 Per-port MAC change options for mac-notify................
Page 12 LLDP operation configuration options................Transmit and receive mode....................Options for reading LLDP information collected by the switch......... LLDP and LLDP-MED standards compatibility..............Port trunking........................IP address advertisements....................Spanning-tree blocking.....................312 802.1X blocking........................312 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 13 LLDP operation on the switch..................Time-to-Live for transmitted advertisements..............Delay interval between advertisements................312 Re-initialize delay interval....................313 SNMP notification support....................313 Changing the minimum interval..................313 Basic LLDP per-port advertisement content..............313 Port VLAN ID TLV support on LLDP.................314 LLDP-MED..........................LLDP-MED classes......................LLDP-MED operational support..................
Page 14 Configure a domain name......................354 domain-name........................Configure lease time........................lease..........................354 NetBIOS WINS servers.......................354 NetBIOS node type........................bios-ode-type......................355 Subnet and mask ........................network..........................355 DHCP server options........................Configure DHCP server options..................IP address range.........................357 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 15 range..........................Static bindings..........................357 static-bind......................... TFTP server domain name......................tftp-server......................... Configure the TFTP server address....................358 tftp-server......................... Number of ping packets......................dhcp-server ping.......................358 Save DHCP server automatic bindings..................359 dhcp-server database.......................359 DHCP server and SNMP notifications..................359 snmp-server enable traps....................359 Conflict logging on a DHCP server.....................
Page 16 Error reason for Aruba Central..................debug ztp..........................426 Error Reason log for Activate Provision................Stacking support......................... Fault finder switch events......................427 interface device-type network-device...............427 HTTP Proxy support with ZTP overview....................e Proxy Configuration........................428 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 17 proxy server.......................... proxy exception ip | host....................show proxy config........................435 Chapter 13 File transfers................File transfer methods..........................TFTP..............................Prerequisites..........................Downloading switch software......................436 copy tftp flash........................boot system flash......................reload..........................Enabling tftp..........................tftp ........................... Automatic software download from a TFTP server..............auto-tftp..........................
Page 18 Finding the port connection for a specific device on a VLAN........... Viewing and searching port-level MAC addresses............Determining whether a specific device is connected to the selected port......MSTP data............................. show spanning-tree........................490 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 19 IP IGMP status............................491 show ip igmp..........................VLAN information...........................493 show vlan............................ WebAgent status information.........................495 Configuring local mirroring........................Local mirroring sessions......................Traffic-direction criteria........................496 interface monitor all......................ACL criteria for inbound traffic — deprecated................interface monitor ip......................497 Mirror policy for inbound traffic....................class [ipv4|ipv6]........................
Page 20 Enabling jumbo frames to increase the mirroring path MTU............542 Effect of downstream VLAN tagging on untagged, mirrored traffic............Operating notes for traffic mirroring.....................543 Troubleshooting traffic mirroring......................Chapter 15 Virtual Technician..............Cisco Discovery Protocol (CDP)......................Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 21 show cdp traffic........................... clear cdp counters........................546 show cdp neighbors detail......................547 Enable/Disable debug tracing for MOCANA code................. debug security ..........................547 User diagnostic crash via Front Panel Security (FPS) button..............547 front-panel-security password-clear.................... front-panel-security diagnostic-reset................... show front-panel-security......................Diagnostic table...........................550 Validation rules..........................551 FPS Error Log..........................
Page 22 Viewing transceiver information......................Viewing information about transceivers (CLI)................576 support..........................576 Viewing transceiver information....................Information displayed with the detail parameter...............577 Viewing transceiver information for copper transceivers with VCT support........ Testing the Cable......................581 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 23 Using the Event Log for troubleshooting switch problems..............Event Log entries........................Using the Menu........................... Using the CLI..........................Clearing Event Log entries......................586 Turning event numbering on....................... Using log throttling to reduce duplicate Event Log and SNMP messages........Log throttle periods......................586 Example: of event counter operation................588 Reporting information about changes to the running configuration..........588...
Page 24 Scenarios that block the configuration restoration process..............Limitations..............................647 Blocking of configuration from other sessions................647 Troubleshooting and support......................... debug cfg-restore........................648 Chapter 19 Virtual Switching Framework (VSF)........Overview of VSF............................ Benefits of VSF............................Member roles............................Commander..........................Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 25 Standby............................Management module..........................VSF member ID............................. VSF link..............................651 vsf member link........................... Validation rules for VSF member..................652 Physical VSF ports..........................653 VSF domain ID............................653 VSF split..............................654 VSF merge.............................654 Member priority............................Interface naming conventions........................ Running-configuration synchronization ....................655 VSF deployment methods........................655 Discovered configuration mode procedure.................
Page 26 Isolating Rogue APs..........................Using the Rogue AP Isolation feature..................rogue-ap-isolation........................rogue-ap-isolation action......................703 rogue-ap-isolation whitelist......................704 clear rogue-ap-isolation.......................704 Feature Interactions........................MAC..........................Limitations........................... Troubleshooting...........................706 Switch does not detect the rogue AP TLVs..............Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 27 Show commands......................706 Requirements............................706 Limitations..............................706 Feature Interactions..........................Profile Manager and 802.1X....................... Profile Manager and LMA/WMA/MAC-AUTH................707 Profile manager and Private VLANs................... MAC lockout and lockdown ......................707 LMA/WMA/802.1X/Port-Security....................708 Troubleshooting............................. Dynamic configuration not displayed when using “show running-config”........708 The show run command displays non-numerical value for untagged-vlan.......708 Show commands.........................709...
Page 28 Enabling and disabling the OOBM port..................778 Setting the OOBM port speed..................... Configuring an OOBM IPv4 address...................779 Configuring an OOBM IPv4 default gateway................Configuring an IPv6 default gateway for OOBM devices............Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 29 (for stacked switches).................785 Application server commands........................786 Application client commands......................... Chapter 26 Websites..................Chapter 27 Support and other resources..........Accessing Hewlett Packard Enterprise Support..................Accessing updates..........................790 Customer self repair..........................791 Remote support............................. Warranty information..........................791 Regulatory information...........................792 Documentation feedback........................
Page 30 Unsupported zl modules........................Hot swapping of management modules..................836 Rapid routing switchover and stale timer..................Task Usage Reporting..........................836 Help text............................process-tracking help....................... show cpu help........................show cpu process help.....................837 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 31 Command tab..........................837 process-tracking....................... show cpu process......................837 Command ouput..........................838 show cpu process......................838 show cpu process slot <SLOT-LIST>................838 LACP-MAD Passthrough................Overview..............................LACP-MAD Passthrough Configuration....................840 interface lacp..........................840 show lacp............................ clear lacp statistics........................Smart Rate Technology................842 Show Smart Rate port..........................842 Rate-Limiting — GMB features when Fast-Connect SmartRate ports are configured....843 Error messages...........................844...
Page 32 Viewing the port and VLAN MAC addresses................857 Configuration backup and restore without reboot........860 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 33: Chapter 1 About This Guide
This guide provides information on how to configure, manage, and monitor basic switch operation. Applicable products This guide applies to these products: Aruba 3810 Switch Series (JL071A, JL072A, JL073A, JL074A, JL075A, JL076A) Aruba 5400R zl2 Switch Series (J9821A, J9822A, J9850A, J9851A, JL001A, JL002A, JL003A, JL095A) Switch prompts used in this guide Examples in this guide are representative and may not match your particular switch/environment.
Page 34: Chapter 2 Time Synchronization
[no]timesync [timep |sntp | timep-or-sntp | ntp] Description Use this command to configure the protocol for network time synchronization. Parameters and options Deletes all timesync configurations on the device. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 35: Timesync Ntp
timep Updates the system clock using TIMEP. sntp Updates the system clock using SNTP. timep-or-sntp Updates the system clock using TIMEP or SNTP (default). Updates the system clock using NTP timesync Switch(config)# timesync sntp Update the system clock using SNTP. timep Update the system clock using TIMEP.
Page 36: Ntp Enable
If timeSync is in SNTP or Timep when NTP is enabled. Disable NTP before changing timesync to When timesync is NTP and ntp is enabled and we try to SNTP or TIMEP change timesync to SNTP. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 37: Ntp Authentication
Enable ntp switch(config)# ntp enable Enable/disable NTP. ntp authentication Syntax ntp authentication key-id <KEY-ID> [authentication-mode <MODE> key-value <KEY-STRING>] [trusted] Description This command is used for authentication of NTP server by the NTP client. Parameters and options key-id <KEY-ID> Sets the key-id for the authentication key. authentication-mode Sets the NTP authentication mode key-value <KEY-STRING>...
Page 38: Ntp Max-Associations
This command is used to configure the NTP servers using a variety of parameters. A maximum of 8 NTP servers may be configured. The no version of this command removes parameters from the NTP servers. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 39 Parameters IP-ADDR Sets the IPv4 address of the NTP server. IPv6-ADDR Sets the IPv6 address of the NTP server. SERVER-NAME User configured host name will be saved in config. Hostname is resolved and IP address is updated to the existing NTP protocol data structure. KEY-ID Specifies the authentication key.
Page 40: Ntp Server Key-Id
Configure the maximum time intervals in seconds. min-poll <min-poll-val> Configure the minimum time intervals in seconds. ntp ipv6-multicast Syntax ntp ipv6-multicast Description Use this command to configure NTP multicast on a VLAN interface. Restrictions Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 41: Debug Ntp
Validation Error/Warning/Prompt IPv6 address not configured on the If ipv6 is not enabled on vlan interface VLAN. ntp ipv6–multicast Switch(vlan-2)# ntp ipv6-multicast Configure the interface to listen to the NTP multicast packets. debug ntp Syntax debug ntp [event|packet] Description Use this command to display debug messages for NTP. Parameters and options event Displays event log messages related to NTP.
Page 42: Show Ntp Servers
NTP server detail. Command context config Examples Shows NTP servers in detail. switch# show ntp servers show ntp statistics Syntax show ntp statistics Description Use this command to show NTP statistics. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 43: Show Ntp Status
show ntp statistics Switch(config)# show ntp statistics NTP Global statistics information NTP In Packets : 100 NTP Out Packets : 110 NTP Bad Version Packets NTP Protocol Error Packets show ntp status Syntax show ntp status Description Use this command to show the status of the NTP. show ntp status Switch(config)# show ntp status NTP Status information...
Page 44: Show Ntp Associations
Association Error Packets : 0 Origin Time : Fri Jul 3 11:39:40 2015 Receive Time : Fri Jul 3 11:39:44 2015 Transmit Time : Fri Jul 3 11:39:44 2015 ----------------------------------------------------------------------------- Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 45: Fqdn Support For Ntp Servers
Filter Delay = 4.23 4.14 2.41 5.95 2.37 2.33 4.26 4.33 Filter Offset = -8.59 -8.82 -9.91 -8.42 -10.51 -10.77 -10.13 -10.11 FQDN support for NTP servers FQDN support for NTP servers Fully Qualified Domain Name (FQDN) for a NTP server allows for the configuration of server names. Support for handling multiple IP addresses is resolved as part of a DNS resolution.
Page 46 Specify the authentication key. Switch(config)# ntp server <IP-ADDR> key key-id Max-poll Configure the maximum time intervals in seconds. Switch(config)# ntp server <IP-ADDR> key key-id max-poll <4-17> Enter an integer number. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 47: Elements Of Time Synchronization
Switch(config)# ntp server <IP-ADDR> key key-id Min-poll Configure the minimum time intervals in seconds. Switch(config)# ntp server <IP-ADDR> key key-id min-poll <4-17> Enter an integer number. Switch(config)# ntp server <IP-ADDR> key key-id prefer max-poll <max-poll-val> min-poll <min-poll-val> iburst Enable initial burst (iburst) mode. burst Enable burst mode.
Page 48: Timesync
SNTP server application.) Once the switch detects a particular server, it ignores time broadcasts from other SNTP servers unless the configurable Poll Interval expires three Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 49: Selecting And Configuring Sntp
consecutive times without an update received from the first-detected server. If the Poll Interval (configurable up to 720 seconds) expires three times without the switch detecting a time update from the original server, the switch accepts a broadcast time update from the next server it detects.Directs the switch to acquire its time synchronization from data broadcast by any SNTP server to the network broadcast address.
Page 50: Sntp
Value is between 1 and 3. oobm For switches that have a separate out-of-band management port, specifies that SNTP traffic goes through that port. (By default, SNTP traffic goes through the data ports.) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 51: Enabling Sntp In Broadcast Mode
sntp broadcast|unicast output switch# sntp broadcast switch# sntp unicast Enabling SNTP in Broadcast mode Because the switch provides an SNTP polling interval (default: 720 seconds), you need only timesync on page 48 and sntp on page 50 commands for minimal SNTP broadcast configuration. Figure 1: SNTP in Broadcast Mode on page 51 shows time synchronization in the factory default configuration, TimeP.
Page 52 SNTP Authentication : Disabled Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 720 Source IP Selection: Outgoing Interface Priority SNTP Server Address Version Key-id Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 53: Viewing Sntp Parameters
-------- ------------------- ------- ---------- 10.28.227.141 Figure 2: SNTP in unicast mode If the SNTP server you specify uses SNTP v4 or later, use the sntp server command to specify the correct version number. For example, suppose SNTP v4 is in use on the server you specified above (IP address 10.28.227.141.) Use the SNTP commands shown in the following figure to delete the server IP address, and then re-enter it with the correct version number for that server.
Page 54: Enabling Sntp Client Authentication
All of the above steps are necessary to enable authentication on the client. SNTP server authentication support The following must be performed on the SNTP server: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 55: Viewing All Sntp Authentication Keys That Have Been Configured On The Switch
• The same authentication key-identifier, trusted key, authentication mode and key-value that were configured on the SNTP client must also be configured on the SNTP server. • SNTP server authentication must be enabled on the server. If any of the parameters on the server are changed, the parameters have to be changed on all the SNTP clients in the network as well.
Page 56: Sntp Unicast Time Polling With Multiple Sntp Servers
1 10.28.22.141 switch# sntp server priority 2 2001:db8::215:60ff:fe79:8980 Delete a server address To delete the primary address and automatically convert the secondary address to primary: switch(config)# no sntp server 10.28.227.141 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 57: Sntp Software Version
SNTP software version sntp server <version> Syntax sntp server [<IP-ADDRESS>] [<VERSION>] Description Specifies the SNTP software version to use. Assigned on a per-server basis. Parameters and options <IP-ADDRESS> SNTP server ip-address <VERSION> The version setting is backwards-compatible. For example, using version 3 means that the switch accepts versions 1 through 3.
Page 58: Sntp Authentication Trusted Keys
The configuration file is subsequently saved to a TFTP server for later use. The SNTP authentication information is not saved and is not present in the retrieved configuration files, as shown in the following example. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 59: Configuring The Key-Identifier, Authentication Mode, And Key-Value
Retrieved configuration file when include credentials is not configured switch(config) # copy tftp startup-config 10.2.3.44 config1 Switch reboots ... Startup configuration timesync sntp sntp broadcast sntp 50 sntp server priority 1 10.10.10.2.3 sntp server priority 2 fe80::200:24ff:fec8:4ca8 4 IMPORTANT: The SNTP authentication line and the Key-ids are not displayed. Reconfigure SNTP authentication.
Page 60: Configuring A Key-Id As Trusted
SNTP client switch. If the switch is configured with the same key-id value, and the key-id value is configured as "trusted," the authentication succeeds. Only trusted key-id value information is used for SNTP authentication. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 61: Associating A Key With An Sntp Server
sntp authentication key-id trusted Syntax [no] sntp authentication key-id <KEY-ID> trusted Description Trusted keys are used during the authentication process. You can configure the switch with up to eight sets of key-id/key-value pairs. Select one, specific set for authentication; this is done by configuring the set as trusted. The key-id itself must already be configured on the switch.
Page 62: Sntp Server Priority
SNTP packets are not authenticated. sntp authentication Syntax [no] sntp authentication Description Enables the SNTP client authentication. SNTP client authentication defaults to disabled.: Parameters and options Disables authentication. Viewing SNTP authentication configuration information Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 63 show sntp Syntax show sntp authentication Description The show sntp command displays SNTP configuration information, including any SNTP authentication keys that have been configured on the switch. show sntp authentication To display all the SNTP authentication keys that have been configured on the switch, enter the show sntp authentication command.
Page 64: Viewing Statistical Information For Each Sntp Server
To display the statistical information for each SNTP server, enter the show sntp statistics command. The number of SNTP packets that have failed authentication is displayed for each SNTP server address. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 65: Sntp Messages In The Event Log
show sntp statistics switch(config)# show sntp statistics SNTP Statistics Received Packets : 0 Sent Packets : 3 Dropped Packets : 0 SNTP Server Address Auth Failed Pkts --------------------------------------- ---------------- 10.10.10.1 fe80::200:24ff:fec8:4ca8 To display the statistical information for each SNTP server, enter the show sntp statistics command. show sntp statistics Syntax show sntp statistics...
Page 66: Storing Security Information In The Running-Config File
2. Set TimeP as the synchronization mode using timesync sntp. 3. Enable TimeP for DHCP mode using sntp broadcast. 4. View the TimeP configuration using show sntp. Figure 5: Enabling TimeP operation in DHCP mode Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 67: Timesync Timep
timesync timep Syntax timesync timep Description Selects TimeP as the time synchronization method. TimeP in DHCP mode Because the switch provides a TimeP polling interval (default: 720 minutes), you need the timesync timep on page 67 and ip timep commands only, for a minimal TimeP DHCP configuration. ip timep dhcp Syntax ip timep dhcp...
Page 68: Timep Operation In Manual Mode
Select TimeP and configure it for manual operation using a TimeP server address of 10.28.227.141, and the default poll interval (720 minutes, assuming the TimeP poll interval is already set to the default). Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 69: Current Timep Configuration
Procedure 1. Select TimeP: switch(config)# timesync timep 2. Activate TimeP in manual mode: switch(config)# ip timep manual 10.28.227.141 3. Review the TimeP status: switch(config)# show timep show timep output switch(config)# show timep Timep Configuration Time Sync Mode: Timep TimeP Mode : Manual Server Address : 10.28.227.141 Poll Interval (min) : 720...
Page 70: Show Management
Specifies how long the switch waits between time polling intervals. The default is 720 minutes and the range is 1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.) Disable time synchronization protocols Disabling TimeP in manual mode Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 71: No Ip Timep
no ip timep Syntax [no] ip timep Description Disables TimeP. Parameters and options To change from one TimeP server to another, you must use the no ip timep command to disable TimeP mode, the reconfigure TimeP in manual mode with the new server IP address. Disabling time synchronization Either of these methods can be used to disable time synchronization without changing the Timep or SNTP configuration.
Page 72: No Ip Timep
If you then viewed the SNTP configuration, you would see the following: SNTP with time synchronization disabled switch(config)# show sntp SNTP Configuration SNTP Authentication : Disabled Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 720 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 73: Disabling Sntp Mode
Disabling SNTP mode Procedure 1. To view the current time synchronization, enter show sntp. 2. Use the sntp command to disable sntp mode: no sntp 3. View the SNTP configuration again to verify the configuration. Disabling SNTP Mode If you want to prevent the SNTP from being used even if it is selected by timesync (or the Menu interface's Time Sync Method parameter), configure the SNTP mode as disabled.
Page 74: Disabling Sntp By Deleting A Server
Timep Configuration Time Sync Mode: Timep TimeP Mode : DHCP Poll Interval (min): 720 Disabling TimeP in DHCP mode switch# no ip timep switch# show timep Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 75: Other Time Protocol Commands
Timep Configuration Time Sync Mode: Timep TimeP Mode : Disabled Other time protocol commands Features that apply to both SNTP and TimeP protocols. Show management command show management Syntax show management Description This command shows the switch addresses available for management, and the time server if the switch uses one. It can help you to easily examine and compare the IP addressing on the switch.
Page 76 SNTP packets that have failed authentication is displayed for each SNTP server address. switch(config) # show sntp statistics SNTP statistics Received Packets: 0 Sent Packets: 3 Dropped Packets: 0 SNTP Server Address Auth Failed Pkts Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 77: Show Timep Command
------------------- ---------------- 10.10.10.1 fe80::200:24ff:fec8:4ca8 Show TimeP command Using different show commands, you can display either the full TimeP configuration or a combined listing of all TimeP, SNTP, and VLAN IP addresses configured on the switch. show Syntax show timep | management Description Displays the timep and management information for the switch.
Page 78 -------- ---------------------------------------------- ---------------- 10.10..28.101 10.255.5.24 fe80::123%vlan10 Default Gateway : 10.0.9.80 VLAN Name MAC Address | IP Address ------------ ------------------- + ------------------- DEFAULT_VLAN 001279-88a100 | 10.30.248.184 VLAN10 001279-88a100 | 10.0.10.17 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 79: Chapter 3 Resource Usage
Chapter 3 Resource usage Viewing current resource usage showquos Syntax showqos|access-list|policyresources Description Displays the resource usage of the policy enforcement engine on the switch by software feature. For each type of resource, the amount still available and the amount used by each software feature is shown. Parameters and options show resources This output allows you to view current resource usage and, if necessary, prioritize and reconfigure software...
Page 80: Viewing Information On Resource Usage
Dynamic assignment of per-port or per-user ACLs and QoS through RADIUS authentication designated as “IDM” • Virus throttling (VT) using connection-rate filtering • Mirroring policies, including switch configuration as an endpoint for remote intelligent mirroring • Other features, including: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 81: When Insufficient Resources Are Available
◦ Management VLAN ◦ DHCP snooping ◦ Dynamic ARP protection ◦ Jumbo IP-MTU When insufficient resources are available Cause The switch has ample resources for configuring features and supporting: • RADIUS-authenticated clients (with or without the optional IDMapplication) • VT and blocking on individual clients. NOTE: Virus throttling does not operate on IPv6 traffic.
Page 82: Usage Notes For Show Resources Output
• Resource usage includes resources actually in use or reserved for future use by the listed features. • "Internal dedicated-purpose resources" include the following features: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 83 ◦ Per-port ingress and egress rate limiting through the CLI using rate-limit in/out ◦ Per-port ingress and egress broadcast rate limiting through the CLI using rate-limit bcast/mcast ◦ Per-port or per-VLAN priority or DSCP through the CLI using qos priority or qos dscp ◦...
Page 84: Chapter 4 Hardware Components
3. Threat Management Services zl Module tms-module No parameters This no parameters command lists only installed modules which have applications running that provide a pass- through CLI feature. show services Syntax show services Description Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 85: Show Services Locator
Show services of only installed modules. Show services switch# show services Installed Services Slot Index Description Name 1. Services zl Module services-module 2. HP ProCurve MSM765 zl Int-Ctlr msm765-applicati 3.Threat Management Services zl Module tms-module Show services locator Syntax show services <SLOT-ID>[details | device] Description Show services information.
Page 86: Show Services Device
“disabled” – for increased physical security • PXE (PXE-boot)Not displayed for all modules. Show services device switch# show services d device Services Module Device Configuration Device State ----------------|-------------------- disabled Shutdown enabled enabled Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 87: Requesting A Reboot
Requesting a reboot Syntax services <SLOT>boot[product|PXE|service|USB] Description This command requests a reboot (graceful shutdown and restart) of the x86. Parameters product Boot to the Product OS. Boot to the PXE or Product OS (if supported). service Boot to the Service OS. Boot to the USB or Product OS (if supported).
Page 88: Services (Manager)
Control services module locator LED. Name Name of the services CLI to access. Reload Reset the services module. Serial Connect to application via serial port. Shutdown Shutdown (halt) the services module. Options Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 89: Services (Configure)
slot-id Device slot identifier for the services module. <slot-id> <index> Configure parameters for the installed application. <slot-id> boot Reboot the services module. <slot-id> locator Controls services module locator LED. <slot-id> name <name> Configure parameters for the installed application. <slot-id> reload Reset the services module.
Page 90: Enable Or Disable Devices
Enter an ASCII string. Show services switch# show services Installed Services Slot Index Description Name Services zl Module services-module HPE ProCurve MSM765 zl Int-Ctlr msm765-applicati Threat Management Services zl Module tms-module Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 91: Show Services Set Locator Module
Connection to the application via a serial port WARNING: You are entering a mode on this product that is Hewlett Packard Enterprise Confidential and Proprietary. This mode, the commands and functionality specific to this mode, and all output from this mode are Hewlett Packard Enterprise Confidential and Proprietary.
Page 92: Command Name
Check: http://www.hpe.com/rnd/device_help/2_inform for more info. ◦ This switch only supports revision B and above transceivers. Check: http://www.hpe.com/rnd/device_help/2_inform for more info. ◦ Self test failure. ◦ Transceiver type not supported in this port. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 93: Show Interfaces Transceivers
◦ Transceiver type not supported in this software version. ◦ Not a Switch Transceiver. Go to: http://www.hpe.com/rnd/device_help/2_inform for more info. show interfaces transceivers Syntax show interfaces transceivers Description Figure 8: Example of show tech transceivers command on page 93 shows sample output from the show tech transceivers command.
Page 94: Clearing The Module Configuration
Because of the hot-swap capabilities of the modules, when a module is removed from the chassis, the module configuration remains in the configuration file. [no] module slot allows you to remove the module configuration information from the configuration file. This does not change how hot-swap works. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 95: Power Consumption
Power consumption NOTE: The show system power-supply detailed command is only supported on the 5400R and 3810M switches. show system power-supply Syntax show system power-supply [detailed | fahrenheit] Description Shows power supply information in either full detail or full detail in Fahrenheit only. Default temperature is displayed in degrees Celsius.
Page 96: Power Consumption
Power Consumption : 43 Watts AC Input Voltage : 119 Volts Inlet/Internal Temp : 85.6F/87.7F Fan 1 Speed (util) : 1650RPM (20%) Fan 2 Speed (util) : 1600RPM (19%) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 97: Power Consumption
Not Present J9830A IN5BGZ81KZ Powered Power Consumption : 95 Watts AC MAIN/AUX Voltage : 118/208 Volts Inlet/Internal Temp : 85.6F/87.7F Fan 1 Speed (util) : 1650RPM (20%) Fan 2 Speed (util) : 1600RPM (19%) J9829A IN5BGZ81KX Powered Power Consumption : 51 Watts AC Input Voltage : 208 Volts Inlet/Internal Temp : 85.6F/87.7F...
Page 98: Fans
Supplying (same summary as seen on the command show system power- supply). Fans There are three fan types: • Power supply fans • Fan-tray fans • Stacking switch fans Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 99: Show System
show system Syntax show system [chassislocate | information | temperature] Description Shows global system information and operational parameters for the switch. Command context manager and operator Parameters chassislocate Shows the chassis locator LED status. Possible values are ON, Off, and Blink. When the status is On or Blink, the number of minutes that the Locator LED will continue to be on or to blink is displayed.
Page 100: Show System Fans
Fan-7 | Fan Removed | | PS 1 Fan-8 | Fan Failed | PS 2 Fan-9 | Fan OK | PS 3 Fan-10 | Fan OK | PS 4 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 101 1 / 10 Fans in Failure State 1 / 10 Fans have been in Failure State The state of all system fans within the PoEP context is shown by using the command show system fans. Switch(PoEP)# show system fans Fan Information | State | Failures | Location -------+-------------+---------------------...
Page 102: Show System Power-Supply
The show system power-supply detailed command shows detailed information for power supplies in the powered state only. Examples Use of the command show system power-supply shows the power supply status for all active switches. Switch# show system power-supply Power Supply Status: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 103 Model Serial State AC/DC Wattage ---- --------- ------------ ----------------- -------------- --------- J9828A IN30G4D009 Powered AC 120V/240V J9828A IN30G4D00C Powered AC 120V/240V Not Present -- --------- J9830A IN43G4G05H Powered AC 120V/240V 2750 4 supply bays delivering power. Total power: 4150 W Use of the command show system power-supply detailed shows the power supply status in detail for all active switches.
Page 104 : 209 Volts Power Supplied : 21 Watts Power Capacity : 700 Watts Inlet Temp (C/F) : 27.7C/80.6F Internal Temp (C/F) : 32.5C/89.6F Fan 1 Speed : 1600 RPM Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 105 Fan 2 Speed : 1600 RPM Not Present J9830A IN43G4G05H Aux Not Powered 4 supply bays delivering power. Currently supplying 68 W / 4150 W total power. Use of the command show system power-supply shows the power supply status all active switches with power supply #2 showing permanent failure.
Page 106: Fan Failures And Snmp Traps
Syntax show system post <SLOT> Description Shows detailed POST information by slot or interface module, which aids in troubleshooting issues at start-up. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 107: Show System Post Member
Command context manager Parameters <SLOT> Specifies the slot number for detailed POST information. Example Show the detailed POST information on slot 1. switch# show system post 1 Slot 1 POST results Failed Results: Timestamp Test Type Port Error Code ----------------- --------- ---- ----------- 01/25/15 11:02:32 Loopback...
Page 108: Show System Post Vsf Member
Failed Results: Timestamp Test Type Port Error Code ----------------- --------- ---- ----------- 01/25/15 11:02:32 Loopback 0x1010060 01/25/15 11:02:50 Loopback 0x1032000 01/25/15 11:02:59 1/10 0xFFFFFFF 01/25/15 11:02:50 MACSEC 1/21 0x1082000 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 109 All Ports except the ones listed above have passed the following self-tests 1. Loopback 2. POE 3. MACSEC Note: This is just a reference. POE and MACSEC tests may not show up in cases where there is no support. Chapter 4 Hardware components...
Page 110: Chapter 5 Port Status And Configuration
Status and Counters - Port Status | Intrusion Flow Bcast Port Type | Alert Enabled Status Mode Mode Ctrl Limit ----- --------- + --------- ------- ------ ---------- ----- ----- ------ Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 111 100/1000T | No Down Auto-10-100 Auto 100/1000T | No Down 1000FDx Auto 100/1000T | No Down 1000FDx Auto 100/1000T | No Down 1000FDx Auto 100/1000T | No Down 1000FDx Auto 100/1000T | No Down 1000FDx Auto Show the configuration of the interfaces currently available. switch# show interfaces config Port Settings Port...
Page 112: Viewing Transceiver Information
10GbE X2-CX4 Xcver J8440C 10GbE X2-CX4 Xcver J4858A Gigabit-SX-LC Mini- GBIC J4858B Gigabit-SX-LC Mini- GBIC J4858C Gigabit-SX-LC Mini- V (some) GBIC J9054B 100-FX SFP-LC Transceiver J8177C Gigabit 1000Base-T Mini-GBIC Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 113: The Port Vlan Tagged Status
Product # Description Support J9150A 10GbE SFP+ SR Transceiver J9151A 10GbE SFP+ LR Transceiver J9152A 10GbE SFP+ LRM Transceiver J9153A 10GbE SFP+ ER Transceiver J9144A 10GbE X2-SC LRM Transceiver J8438A 10Gbe X2-SC ER Transceiver JH233A 40G QSFP+ MPO eSR4 Transceiver JH232A 40G QSFP+ LC LR4 SM Transceiver...
Page 114: Dynamically Updating The Show Interfaces Command
When using the display option in the CLI, the information stays on the screen and is updated every 3 seconds, as occurs with the display using the menu feature. The update is terminated with CTRL-C. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 115: Customizing The Show Interfaces Command
You can use the arrow keys to scroll through the screen when the output does not fit in one screen. Figure 9: show interfaces display command with dynamically updating output Customizing the show interfaces command You can create show commands displaying the information that you want to see in any order you want by using the option.
Page 116: Show Interface Smartrate
Smart Rate port only. If the command is run on a non‐Smart Rate port, a message similar to Port A1: This command is only applicable to Smart Rate ports will display. show interface port utilization Syntax show interface port-utilization Description Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 117: Enabling Or Disabling Ports And Configuring Port Mode
Use the show interface port-utilization command to view a real-time rate display for all ports on the switch. show interface port-utilization command on page 117 shows a sample output from this command. • For each port on the switch, the command provides a real-time display of the rate at which data is received (Rx) and transmitted (Tx) in terms of kilobits per second (KBits/s), number of packets per second (Pkts/s), and utilization (Util) expressed as a percentage of the total bandwidth available.
Page 118: Basic Usb Port Commands
One of the following messages indicates the presence or absence of the USB device: • Not able to sense device in USB port • USB device detected in port • no USB device detected in port Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 119: Usb-Port
usb-port Syntax usb-port no usb-port Description Enables the USB port. The no form of the command disables the USB port and any access to the device. Command context Config show usb-port Syntax show usb-port Description Displays the status of the USB port. It can be enabled, disabled, or not present. Command context operator Usage...
Page 120: Interface Flow-Control
Enabled Status Mode Mode Ctrl Limit ------ --------- + --------- ------- ------ ---------- ---- ---- ----- 10GbE-T | No 1000FDx 10GbE-T | No Down 10GigFD 10GbE-T | No Down 10GigFD Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 121: Configuring Auto-Mdix
10GbE-T | No Down 10GigFD 10GbE-T | No Down 10GigFD 10GbE-T | No Down 10GigFD 10GbE-T | No Down 10GigFD 10GbE-T | No Down 10GigFD Example continued from Example continued from Configuring flow control for a series of ports switch# no int a1-a4 flow-control switch# show interfaces brief Status and Counters - Port Status | Intrusion...
Page 122: Show Interfaces Brief
Auto off 10GbE-T | No Down 10GigFD Auto off 10GbE-T | No Down 10GigFD Auto off 10GbE-T | No Down 10GigFD Auto off 10GbE-T | No Down 10GigFD Auto off Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 123: Configuring Friendly Port Names
Configuring friendly port names interface name Syntax interface <PORT-LIST> name <port-name-string> Description Assigns a port name to <PORT-LIST>. Parameter Deletes the port name from <PORT-LIST>. Configuring a single port name Suppose that you have connected port A3 on the switch to Bill Smith's workstation, and want to assign Bill's name and workstation IP address (10.25.101.73) as a port name for port A3: Example of configuring a friendly port name switch# int A3 name Bill_Smith@10.25.101.73...
Page 124: Viewing Friendly Port Names With Other Port Data
Example of friendly port name data for all ports on the switch switch# show name Port Names Port Type Name ------ --------- ----------------------------------------------------------- 10GbE-T 10GbE-T 10GbE-T Bill_Smith@10.25.101.73 10GbE-T Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 125: Including Friendly Port Names In Per-Port Statistics Listings
10GbE-T Draft-Server:Trunk 10GbE-T Draft-Server:Trunk 10GbE-T Draft-Server:Trunk 10GbE-T Draft-Server:Trunk Example of friendly port name data for specific ports on the switch switch# show name A3-A5 Port Names Port : A3 Type : 10GbE-T Name : Bill_Smith@10.25.101.73 Port : A4 Type : 10GbE-T Name : Port : A5 Type : 10GbE-T...
Page 126 Tx Drop Packets : 0 Rx Drop Bytes Tx Drop Bytes Egress Queue Totals (Since boot or last clear) : Tx Packets Dropped Packets Tx Bytes Dropped Bytes 59,681 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 127: Searching The Configuration For Ports With Friendly Port Names
44,282 NOTE: For a given port, if a friendly port name does not exist in the running-config file, the Name line in the above command output appears as Name : not assigned. Searching the configuration for ports with friendly port names This option tells you which friendly port names have been saved to the startup-config file.
Page 128: Enabling Udld
10 to 100 deciseconds, where 10 is 1 second, 11 is 1.1 seconds, and so on. Change packet interval to seven seconds switch# link-keepalive interval 70 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 129: Changing The Keepalive Retries
The default implementation of UDLD sends the UDLD control packets untagged, even across tagged ports. If an untagged UDLD packet is received by a non-Hewlett Packard Enterprise switch, that switch may reject the packet. To avoid such an occurrence, you can configure ports to send out UDLD control packets that are tagged with a specified VLAN.
Page 130: Clear Link-Keepalive
Viewing summary information on all UDLD-enabled ports Enter the show link-keepalive command. show link-keepalive command Figure 12: show link-keepalive Viewing detailed UDLD information for specific ports Enter the show link-keepalive statistics command. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 131: Port Status And Port Parameters
show link-keepalive command Figure 13: show link-keepalive statistics Port status and Port parameters Connecting transceivers to fixed-configuration devices Cause If the switch either fails to show a link between an installed transceiver and another device or demonstrates errors or other unexpected behavior on the link, check the port configuration on both devices for a speed and/or duplex (mode) mismatch.
Page 132 Auto-10: Allows the port to negotiate between half-duplex (HDx) and full-duplex (FDx) while keeping speed at 10 Mbps. Also negotiates flow control (enabled or disabled.) Hewlett Packard Enterprise recommends auto-10 for links between 10/100 auto-sensing ports connected with Cat 3 cabling. (Cat 5 cabling is required for 100 Mbps links.)
Page 133: Error Messages Associated With The Show Interfaces Command
10-Gigabit CX4 Copper Ports: Auto: The port operates at 10 gigabits FDx and negotiates flow control. Lower speed settings or half-duplex are not allowed. 10-Gigabit SC Fiber-Optic Ports (10-GbE SR, 10-GbE LR, 10-GbE ER): Auto: The port operates at 10 gigabits FDx and negotiates flow control. Lower speed settings or half-duplex are not allowed.
Page 134: Using Pattern Matching With The Show Interfaces Custom Command
Manual override If you require control over the MDI/MDI-X feature, you can set the switch to either of these non-default modes: • Manual MDI • Manual MDI-X Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 135: About Using Friendly Port Names
Table 4: Cable types for auto and manual MDI/MDI-X settings Setting MDI/MDI-X device type PC or other MDI device type Switch, hub, or other MDI-X device Manual MDI Crossover cable Straight-through cable Manual MDI-X Straight-through cable Crossover cable Auto-MDI-X (the default) Either crossover or straight-through cable The AutoMDIX features apply only to copper port switches using twisted-pair copper Ethernet cables.
Page 136: Uni-Directional Link Detection (Udld)
When UDLD enabled on at least one port , UDLD packet received on UDLD disabled port will be re-forwarded out on all other UDLD disabled ports on the same VLAN as per the below conditions. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 137: Prerequisites
Procedure 1. If the incoming port itself is already blocked on the VLAN it will be dropped right away, and no re-forwarding will be done. 2. UDLD packet will be re-forwarded to other UDLD disabled ports of the same VLAN that are in forwarding state( non blocked ports).
Page 138 Figure 16: Teamed NICs with a failed uplink NOTE: The state of the LtD is purely governed by the state of the LtM, and is independent of the physical state of the ports in the LtD. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 139: Configuration Guidelines For Ufd
Configuration Guidelines for UFD Below is a list of configuration guidelines to be followed for UFD. These are applicable only to blade switches where there is a clear distinction between downlink and uplink ports. 1. UFD is required only when uplink-path redundancy is not available on the blade switches. 2.
Page 140: Show Uplink-Failure-Detection
1 delay 2 Alternately, to set delay value to 0, a user can also use the following command: switch(config)#uplink-failure-detection track 1 delay 0 show uplink-failure-detection Syntax show uplink-failure-detection Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 141: Port Shutdown With Broadcast Storm
Description Shows the uplink failure detection information. Command context manager Examples switch# show uplink-failure-detection Uplink Failure Detection Information UFD Enabled : Yes Track | Monitored Links to Delay | Links Disable State State Lacp Key Lacp Key (sec) ------+---------- ----------- -------- ------- --------- ---------- ------ | Dyn1 Dyn2...
Page 142: Viewing Broadcast-Storm Configuration
[ethernet] <AI> action [warn-and-disable <65535>]<percent 10> Configuration example 2 switch(config)# fault-finder broadcast-storm [ethernet] <A2> action [warn-and-disable] pps <100> Configuration example 3 switch(config)# fault-finder broadcast-storm [ethernet] <A22> action [warn] pps <100> Viewing broadcast-storm configuration Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 143: Show Fault-Finder Broadcast-Storm
show fault-finder broadcast-storm Syntax show fault-finder broadcast-storm [ethernet <PORT-LIST>] Description Display the broadcast-storm-control configuration. Parameters broadcast-storm Configure broadcast storm control. Rising threshold level in number of broadcast packets per second. Percent Rising threshold level as a percentage of bandwidth of the port. The percentage is calculated on 64 byte packet size.
Page 144 A1 Port Bcast storm Port status Rising threshold — Action none Disable timer — Disable timer left — Show example 4 switch(config)# show fault-finder broadcast-storm Port Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 145: Broadcast-Storm Event Logs
Bcast storm Port status Rising threshold Action warn Disable timer — Disable timer left — Broadcast-storm event logs Depending on the configuration of broadcast storm control, several of the following messages can be logged: • FFI: port <ID>-Administrator action required to re-enable. •...
Page 146: Multicast Storm Control
Configure the action taken when a multicast storm is detected. switch(config)# fault-finder multicast-storm ethernet 1/1 action warn Log an event only. warn-and-disable Log an event and disable the port. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 147 switch(config)# fault-finder multicast-storm ethernet 1/1 action warn-and-disable SECONDS Configure the number of seconds for which the port remains disabled. A value of 0 means that the port will remain disabled until manually re-enabled. switch(config)# fault-finder multicast-storm ethernet 1/1 action warn-and-disable 10 percent Configure the number of inbound multicast packets per second that is considered a multicast storm.
Page 148: Fault-Finder Multicast-Storm Action
Low sensitivity. medium Medium sensitivity. high High sensitivity. switch(config)# fault-finder multicast-storm action warn-and-disable sensitivity Configure the fault sensitivity level. switch(config)# fault-finder multicast-storm action warn-and-disable sensitivity Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 149: Show Running-Config
Low sensitivity. medium Medium sensitivity. high High sensitivity. switch(config)# fault-finder multicast-storm action warn-and-disable sensitivity high Global show command for auto-100 duplex Smart Rate port: switch(config)# show fault-finder Fault Finder Fault ID Sensitivity Action ------------------- ----------- ---------------- bad-driver medium warn bad-transceiver medium warn bad-cable...
Page 150: Show Logging
Multicast storm control is not supported in the following scenarios: • Unicast packet traffic • If the port is configured as a VSF port • If the port is configured as a trunk port Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 151: Chapter 6 Power Over Ethernet (Poe/Poe+) Operation
Chapter 6 Power over ethernet (PoE/PoE+) operation PoE technology allows IP telephones, wireless LAN access points, and other appliances to receive power and transfer data over existing ethernet LAN cabling. For more information about PoE technology, see the PoE planning and implementation guide, which is available on the Networking website at http://www.hpe.com/networking/support.
Page 152: Assigning Poe Ports To Vlans
"searching." If the PSE cannot supply the required amount of power, it does not supply any power. For PoE using a Type 1 device, a PSE will not supply any power to a PD unless the Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 153: Poe Configuration Options
PSE has at least 17 watts available. For example, if a PSE has a maximum available power of 382 watts and is already supplying 378 watts, and is then connected to a PD requiring 10 watts, the PSE will not supply power to the PD.
Page 154: Poe Power Priority
In the default configuration,PoE support is enabled on the ports in a PoE module installed on the switch. The default priority for all ports is low and the default power notification threshold is 80%. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 155 Using the CLI, you can: • Disable or re-enable PoE operation on individual PoE ports. • Enable support for pre-standard devices. • Change PoE priority level on individual PoE ports. • Change the threshold for generating a power level notice. •...
Page 156: Disabling Or Re-Enabling Poe Port Operation
There is no priority setting for the ports in this example. In the default PoE configuration, the ports are already set to low priority. In this case, the command is not necessary. Disabling or re-enabling PoE port operation Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 157: Interface
interface Syntax interface <PORT-LIST> power-over-ethernet Description Re-enables PoE operation on <PORT-LIST> and restores the priority setting in effect when PoE was disabled on <PORT-LIST>. Default: All PoE ports are initially enabled for PoE operation at Low priority. If you configure a higher priority, this priority is retained until you change it.
Page 158: Controlling Poe Allocation
Requires at least 4 watts at the PSE. Requires at least 7 watts at the PSE. 15.4 watts For PoE+Maximum power level output of 30 watts at the PSE. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 159: Manually Configuring Poe Power Levels
PoE port allocation by class To allocate by class for ports 6 to 8: switch# int 6-8 PoE-allocate-by class Manually configuring PoE power levels You can specify a power level (in watts) allocated for a port by using the value option. This is the maximum amount of power that will be delivered.
Page 160: Detection Status: Fault
PoE power to additional PoE devices trying to connect if that results in the switch not having enough power in reserve for redundancy. power-over-ethernet redundancy Syntax power-over-ethernet rdundancy [n+1|full] Description Allows you to set the amount of power held in reserve for redundancy. Parameters Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 161: Changing The Threshold For Generating A Power Notice
Means that all available power can be allocated to PDs. Default: No PoE redundancy enforced. One of the power supplies is held in reserve for redundancy. If a single power supply fails, no powered devices are shut down. If power supplies with different ratings are used, the highest-rated power supply is held in reserve to ensure full redundancy.
Page 162: Enabling Poe Detection Via Lldp Tlv Advertisement
Syntax int <PORT-LIST> poe-lldp-detect [enabled|disabled] Description Allows the data link layer to be used for power negotiation between a PD on a PoE port and LLDP. Default: Disabled Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 163 Enable LLDP switch(config) # int 7 PoE-lldp-detect enabled Interface context switch(eth-7) # PoE-lldp-detect enabled NOTE: Detecting PoE information via LLDP affects only power delivery; it does not affect normal Ethernet connectivity. Port with LLDP configuration information obtained from the device switch(config)# show power-over-ethernet brief Status and Counters - Port Power Status System Power Status...
Page 164: Initiating Advertisement Of Poe+ Tlvs
Log.When LLDP is enabled again, it causes a temporary power drop. This event is also recorded in the Event Log. Sample event log messages: W 08/04/10 13:35:50 02768 ports: Port A1 PoE power dropped. Exceeded physical classification for a PoE Type1 device (LLDP process disabled) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 165: Viewing Poe When Using Lldp Information
W 08/04/10 13:36:31 02771 ports: Port A1 PoE power dropped. Exceeded physical classification due to change in classification type (LLDP process enabled) Viewing PoE when using LLDP information show lldp config Syntax show lldp config <PORT-LIST> Description Displays the LLDP port configuration information, including the TLVs advertised. Chapter 6 Power over ethernet (PoE/PoE+) operation...
Page 166 Figure Figure 21: Local power information on page 166 shows an example of the local device power information using the show lldp info local-device <PORT-LIST> command. Figure 20: LLDP port configuration information with PoE Figure 21: Local power information Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 167: Viewing The Global Poe Power Status Of The Switch
Figure Figure 22: Remote power information on page 167 shows an example of the remote device power information using the show lldp info remote-device <PORT-LIST> command. Figure 22: Remote power information Viewing the global PoE power status of the switch show power-over-ethernet Syntax show power-over-ethernet [brief] [ethernet <PORT-LIST>] [slot <SLOT-ID-RANGE>]...
Page 168: Viewing Poe Status On All Ports
The command show power-over-ethernet displays data similar to that shown in Figure 23: show power- over-ethernet command output on page 168. Figure 23: show power-over-ethernet command output Viewing PoE status on all ports Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 169: Show Power-Over-Ethernet
show power-over-ethernet Syntax show power-over-ethernet brief Description Displays the port power status. • PoE Port Lists all PoE-capable ports on the switch. • Power Enable Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled. •...
Page 170: Viewing The Poe Status On Specific Ports
Viewing the PoE status on specific ports show power-over-ethernet Syntax show power-over-ethernet <PORT-LIST> Description Displays the following PoE status and statistics (since the last reboot) for each port in <PORT-LIST>: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 171 Power Enable Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled. For ports on which power is disabled, this is the only field displayed by show power-over-ethernet <PORT-LIST> . Priority Lists the power priority (Low, High, and Critical) configured on ports enabled for PoE.
Page 172 If you want to view the PoE status of ports A6 and A7, you would use show power-over-ethernet A6-A7 to display the data: Figure 26: show power-over-ethernet PORT-LIST output Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 173: Configuring Thresholds For Generating A Power Notice
Configuring thresholds for generating a power notice You can configure one of the following thresholds: A global power threshold that applies to all modules on the switch. This setting acts as a trigger for sending a notice when the PoE power consumption on any PoE module installed in the switch crosses the configured global threshold level.
Page 174: Poe Allocation
When LLDP is enabled again, it causes a temporary power drop. This event is also recorded in the event log. An example message looks like the following: W 08/04/10 13:36:31 02771 ports: Port A1 PoE power dropped. Exceeded physical classification due to change in classification type (LLDP process enabled) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 175: Chapter 7 Port Trunking
Chapter 7 Port trunking Port trunking overview Port trunking allows you to assign up to eight physical links to one logical link (trunk) that functions as a single, higher-speed link providing dramatically increased bandwidth. This capability applies to connections between backbone devices as well as to connections in other network areas where traffic bottlenecks exist.
Page 176: Viewing And Configuring Port Trunk Groups
In Example of a show trunk listing without specifying ports on page 177, the command does not include a port list, so the switch lists all ports having static trunk membership. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 177: Viewing Static Lacp And Dynamic Lacp Trunk Data
Example of a show trunk listing without specifying ports switch# show trunks Load Balancing Port | Name Type | Group Type ---- + ----------------------- --------- + ----- ----- | Print-Server-Trunk 10/100TX | Trk1 Trunk | Print-Server-Trunk 10/100TX | Trk1 Trunk 10/100TX | Trk2 Trunk...
Page 178: Removing Ports From A Static Trunk Group
<PORT-LIST> are configured as LACP passive, this command enables a dynamic LACP trunk group on <PORT-LIST>. Enable a dynamic LACP trunk group This example uses ports C4 and C5 to enable a dynamic LACP trunk group. switch# interface c4-c5 lacp active Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 179: Remove Ports From A Dynamic Lacp Trunk Group
Unless spanning tree is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, Hewlett Packard Enterprise recommends that you first disable the port or disconnect the link on that port.
Page 180: Specifying Minimum Active Links For Lacp
Configures the minimum threshold value for the active member links in a LACP trunk group. The no form of this command deletes the configured threshold and sets the threshold value to default. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 181: Lacp Enable-Timer
Command context interface Example: eth-Trk Parameters value Sets the threshold value for LACP trunk. The value is an integer that ranges from zero to eight which represents the number of minimum active links. The default value is zero which disables the minimum active links.
Page 182: Show Lacp Min-Active-Links
"Switch-2" mirror 1 port 1/16 mirror 2 port 1/32 trunk 1/35-1/36,2/35-2/36 trk1 lacp trunk 1/A1,1/A2,2/A1,2/A2 trk3 lacp trunk 1/1-1/2,2/1-2/2,3/1-3/3 trk11 lacp trunk 3/13-3/14,3/A1-3/A2 trk12 lacp interface Trk11 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 183: Limitations
lacp min-active-links 5 lacp enable-timer 120 exit interface Trk12 lacp min-active-links 3 lacp enable-timer 356 exit Limitations • Dynamic LACP, static trunks, and distributed trunks will not support this feature. • The command is not available for REST/next Gen UI. •...
Page 184 Trunk (the default type if you do not specify a type) All ports in the same trunk group on the same switch must have the same Type (LACP or Trunk.) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 185: Enable L4-Based Trunk Load Balancing
7. When you are finished assigning ports to the trunk group, press [Enter], then [S] (for Save) and return to the Main Menu. (It is not necessary to reboot the switch.) During the Save process, traffic on the ports configured for trunking is delayed for several seconds. If the Spanning Tree Protocol is enabled, the delay may be up to 30 seconds.
Page 186: Viewing Trunk Load Balancing
<dest-addr> <src-tcp-port> <src-upd-port> <dest-tcp-port> <dest-udp-port> inbound-port <port-num> Description Displays the port on which the information will be forwarded out for the specified traffic flow with the specified source and destination address. Options Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 187: Operating Notes
trunk-id The trunk id (trk1, trk2, etc.) mac src-addr dest-addr The source MAC address and the destination MAC address. ip src-addr dest-addr The source IPv4 /IPv6 address and the destination IPv4/IPv6 address. [src-tcp-port|src-udp-port] The source TCP port or the source UDP port. [dest-tcp-port|dest-udp-port] The destination TCP port or the destination UDP port.
Page 188: Configuring Distributed Trunking Ports
Figure 34: Configuring distributed trunking on page 188 shows an ISC port being configured for the local switch and the remote switch. Figure 34: Configuring distributed trunking Configuring peer-keepalive links Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 189: Distributed-Trunking
distributed-trunking Syntax distributed-trunking [hold-timer3-10|peer-keepalive <DESTINATION> ip-address|vlan <VID> [interval <400–10000>][timeout <3–20>] [udp-port <1024–49151>] Description Distributed trunking uses a VLAN interface between DT peers to transmit periodic peer-keepalive messages. This command configures the peer-keepalive parameters for distributed trunking. Parameters and options The no form of the command removes the distributed trunking configuration on the switch. hold-timer Configures the hold time in seconds.
Page 190: Show Distributed-Trunk
Allowed VLANs on Local : 1-10, 100-110, 501 ,600 610 ,800 Allowed VLANs on Peer : 1-10, 100-110, 501 ,600 610 ,800 Name Local Value Peer Value ---------------------- --------------------------------- ------------------------ Loop-protect Enabled Enabled Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 191: Viewing Peer-Keepalive Configuration
Viewing peer-keepalive configuration Viewing switch interconnect Syntax show switch-interconnect Description Displays information about switch interconnect settings. Figure 35: Switch-interconnect settings Port trunk operations The switches covered in this guide offer these options for port trunking: • LACP: IEEE 802.3ad— • Trunk: Non-Protocol—...
Page 192: Dynamic Lacp Standby Links
LACP Peer Information. System ID: 001871-b98500 Local Local Port Oper LACP Port Trunk System ID Port Priority Mode Timer ------ ------ -------------- ----- --------- ------- -------- ----- Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 193: Viewing Lacp Counters
123456-654321 Passive Fast 234567-456789 Passive Fast Viewing LACP Counters Use the show lacp counters command to display statistical information about LACP ports. Note on the Marker Protocol. Data traffic can be dynamically redistributed in port channels. This may occur when a link is added or removed, or there is a change in load-balancing.
Page 194: Operating Port Trunks
Otherwise, you must manually ensure that the mode setting for each port in a trunk is compatible with the other ports in the trunk. Recommended port mode setting for LACP switch# show interfaces config Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 195 Port Settings Port Type | Enabled Mode Flow Ctrl MDI ----- --------- + ------- ------------ --------- ---- 10/100TX | Yes Auto Enable Auto 10/100TX | Yes Auto Enable All of the following operate on a per-port basis, regardless of trunk membership: •...
Page 196: Show Port-Security Log
A trunk cannot be a monitor port. A monitor port can monitor a static trunk but cannot monitor a dynamic LACP trunk. Show port-security log Syntax show port-security intrusion-log Description Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 197: Static Or Dynamic Trunk Group Overview
show port-security intrusion-log switch(config)# sh port-security intrusion-log Status and Counters - Intrusion Log Port MAC Address Date / Time ------ ------------- -------------------------- 000087-c78b49 11/19/14 11:09:30 000087-c78041 11/19/14 11:12:29 000087-c781c1 11/19/14 11:14:08 Static or dynamic trunk group overview Configure port trunking before you connect the trunked links between switches. IMPORTANT: Failure to configure port trunking before connecting the trunked links between switches can result in a broadcast storm.
Page 198: Dynamic Lacp Standby Links
Active Dyn1 Success Active Dyn1 Success Active Dyn1 Success Active Dyn1 Success Active Dyn1 Success Active Dyn1 Success Active Dyn1 Success Active Dyn1 Standby Success Viewing LACP local information Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 199: Viewing Lacp Peer Information
Example of LACP local information switch# show lacp local LACP Local Information. System ID: 001871-b98500 LACP Rx Timer Port Trunk Mode Aggregated Timer Expired ---- ------ -------- ----------- ------ -------- Active Fast Active Fast Viewing LACP peer information Use the show lacp peer command to display information about LACP peers. The System ID represents the MAC address of a partner switch.
Page 200: Trunk Group Operation Using Lacp
Thus, to display a listing of dynamic LACP trunk ports, you must use the show lacp command. In most cases, trunks configured for LACP on the switches operate as follows: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 201 Table 11: LACP trunk types LACP port trunk configuration Operation Dynamic LACP This option automatically establishes an 802.3ad-compliant trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically assigned value from 1 to 144, depending on how many dynamic and static trunks are currently on the switch.
Page 202: Default Port Operation
To display this data for a switch, execute the following command in the CLI: switch# show lacp Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 203 Table 12: LACP port status data Status name Meaning Port Numb Shows the physical port number for each port configured for LACP operation (C1, C2, C3 ….) Unlisted port numbers indicate that the missing ports that are assigned to a static trunk group are not configured for any trunking.
Page 204: Lacp Operating Notes And Restrictions
Doing so disables dynamic LACP on that port, which means you must manually configure both ends of the trunk. NOTE: Static LACP allows ports with different speed to be part of the same trunk. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 205: Dynamic Lacp Trunks
Dynamic LACP trunks You can configure a port for LACP-active or LACP-passive, but on a dynamic LACP trunk you cannot configure the other options that you can on static trunks. If you want to manually configure a trunk, use the trunk command.
Page 206: Spanning Tree And Igmp
Spanning Tree operation (even if Spanning Tree is currently disabled.) This appears in the running-config file as spanning-tree Trkn priority 4. Executing write memory after configuring the trunk places the same entry in the startup-config file. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 207: Viewing Trunk Data On The Switch
Use the trunk option to establish a trunk group between a switch and another device, where the other device's trunking operation fails to operate properly with LACP trunking configured on the switches. Viewing trunk data on the switch Static trunk group Appears in the menu interface and the output from the CLI show trunk and show interfaces commands.
Page 208: Trunk Load Balancing Using Layer 4 Ports
The IEEE standard 802.3ad requires that all links in a trunk group originate from the same switch. Distributed trunking uses a proprietary protocol that allows two or more port trunk links distributed across two switches to Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 209 The DT ports are grouped dynamically after the configuration of distributed trunking. NOTE: Before you configure the switch, Hewlett Packard Enterprise recommends that you review the Distributed trunking restrictions on page 217 for a complete list of operating notes and restrictions.
Page 210: Distributed Trunking Interconnect Protocol
The ISC link must have a VLAN interface configured for the same VLAN on both DT switches. • VLAN membership for all DT trunk ports should be the same on both DT switches in a DT pair. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 211: Configuring Peer-Keepalive Links
• IGMP-snooping or DHCP-snooping configuration on a DT VLAN should be the same on both DT switches. For example, for a DT, if IGMP-snooping or DHCP-snooping is enabled on a VLAN that has a DT port as a member port of the VLAN, the same must be configured on the peer DT on the same VLAN. •...
Page 212: Maximum Dt Trunks And Links Supported
Maximum number of physical links that can be aggregated in a single switch from a server (that is, maximum number of ports that can be in a trunk connected to a single switch) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 213: Forwarding Traffic With Distributed Trunking And Spanning Tree
From the server perspective, this means that there could be a maximum total of 60 servers connected to two DT switches. Each server can have up to four physical links aggregated in a single switch, meaning that a single server could have a maximum of eight links (that is, four on each DT switch) in a DT trunk. Forwarding traffic with distributed trunking and spanning tree Refer to Figure 45: Distributed trunking with STP forwarding unicast, broadcast, and multicast traffic on page 213 for the following discussion about forwarding traffic when spanning tree is enabled.
Page 214: Forwarding Broadcast, Multicast, And Unknown Traffic
ISC port, but not on the port that the traffic was received on. The peer DT switch (B or C) that receives broadcast/ multicast/unknown traffic over the ISC port does not forward the packets to any of the DT trunks; the packet is Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 215: Ip Routing And Distributed Trunking
sent only over the non-DT ports. The one exception is if the DT trunk on the peer aggregation device is down, then traffic received over the ISC is forwarded to the corresponding DT trunk. Figure 47: Broadcast/multicast/unknown traffic flow access DT switches IP routing and distributed trunking In switch-to-switch distributed trunking, the peer DT switches behave like independent Layer 3 devices with their own IP addresses in each active VLAN.
Page 216 5. DT_SW_2 determines that the packet needs to be sent over the ISC link to DT_SW_1 based on the MAC address. 6. DT_SW_1 performs a lookup and determines that the packet goes to Switch A. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 217: Distributed Trunking Restrictions
The packet is only forwarded if the outgoing interface is not a DT port, or if the outgoing DT port does not have an active interface on the peer switch. Figure 49: Layer 3 forwarding (IP unicast) in DT topology Distributed trunking restrictions There are several restrictions with distributed trunking: •...
Page 218: Updating Software Versions With Dt
2. Configure one of the existing uplink VLANs as a keepalive VLAN, and then configure the destination keepalive IP address (peer’s keepalive IP address) on both switches at bootup. switch# distributed-trunking peer-keepalive vlan 2 switch# distributed-trunking peer-keepalive destination 20.0.0.2 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 219 3. Ping the keepalive destination address to make sure that there is connectivity between the two DT switches (keepalive VLANs.) 4. Enable the ISC link on both switches and then execute write memory. Assume a2 is configured as switch- interconnect. switch# int a2 enable switch# write mem From no DT Keepalive support to dedicated point-to-point DT Keepalive support...
Page 220 (keepalive VLANs.) • Enable the ISC link on both switches, and then execute write memory. Assume a2 is configured as switch- interconnect. switch# int a2 enable switch# write mem Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 221: Chapter 8 Port Traffic Controls
Chapter 8 Port Traffic Controls ICMP rate-limiting In IP networks, ICMP messages are generated in response to either inquiries or requests from routing and diagnostic functions. These messages are directed to the applications originating the inquiries. In unusual situations, if the messages are generated rapidly with the intent of overloading network circuits, they can threaten network availability.
Page 222: Configuring Icmp Rate-Limiting
Either of the following commands configures an inbound rate limit of 1% on ports A3 to A5, which are used as network edge ports: switch(config) # int a3-a5 rate-limit icmp 1 switch(eth-A3-A5) # rate-limit icmp 1 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 223: Using Both Icmp Rate-Limiting And All-Traffic Rate-Limiting On The Same Interface
NOTE: When using kbps-mode ICMP rate-limiting, the rate-limiting only operates on the IP payload part of the ICMP packet (as required by metering RFC 2698). This means that effective metering is at a rate greater than the configured rate, with the disparity increasing as the packet size decreases (the packet to payload ratio is higher).
Page 224: Operating Notes For Icmp Rate-Limiting
In another type of situation, an outbound interface can become oversubscribed by traffic received from multiple ICMP rate-limited interfaces. In this case, the actual rate for traffic on the rate-limited interfaces may be lower Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 225: Icmp Rate-Limiting Trap And Event Log Messages
than configured because the total traffic load requested to the outbound interface exceeds the interface's bandwidth, and thus some requested traffic may be held off on inbound. • Monitoring (mirroring) ICMP rate-limited interfaces: If monitoring is configured, packets dropped by ICMP rate-limiting on a monitored interface are still forwarded to the designated monitor port.
Page 226: Configuring Inbound Rate-Limiting For Broadcast And Multicast Traffic
3 rate-limit bcast in percent 10 switch(config)# interface 3 switch(eth-3)# rate-limit bcast in percent 10 Syntax: rate-limit {< bcast | mcast >} in percent < 0-100 > Option in percent <0-100> Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 227 Also supports configuring limit in kbps [no] rate-limit {<bcast | [mcast >]} in Enables rate-limiting and sets limits for the specified inbound broadcast or multicast traffic. Only the amount of traffic specified by the percent is forwarded. Default: Disabled If you want to set a limit of 50% on inbound broadcast traffic for port 3, you can first enter interface context for port 3 and then execute the rate-limit command, as shown in Inbound broadcast rate-limiting of 50% on port 3 on page 227.
Page 228: Operating Notes
By default, each port (including each port in a static trunk) offers eight prioritized, outbound traffic queues. Tagged VLAN traffic is prioritized according to the 802.1p priority the traffic carries. Untagged VLAN traffic is assigned a priority of 0 (normal). Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 229: Impacts Of Qos Queue Configuration On Gmb Operation
Table 15: Per-port outbound priority queues 802.1p Priority settings in tagged VLAN packets Outbound priority queue for a given port 1 (low) 2 (low) 0 (normal) 3 (normal) 4 (medium) 5 (medium) 6 (high) 7 (high) The switch processes outbound traffic from an untagged port at the "0" (normal) priority level. You can use GMB to reserve a specific percentage of each port's available outbound bandwidth for each of the eight priority queues.
Page 230: Configuring Gmb For Outbound Traffic
0 (zero), a high level of higher-priority traffic can starve lower-priority queues, which can slow or halt lower-priority traffic in the network. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 231 You can configure bandwidth minimums from either the global configuration level (as shown above) or from the port or static trunk context level. For information on outbound port queues, see Per-port outbound priority queues. Syntax: [no] int <<port-list|trk_#>> bandwidth-min output [0-100|strict] [0-100] Select a minimum bandwidth.
Page 232: Viewing The Current Gmb Configuration
Switch(interface 1–5) # bandwidth-min output 2 3 30 10 10 10 15 strict Viewing the current GMB configuration This command displays the per-port GMB configuration in the running-config file. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 233: Gmb Operating Notes
Syntax: show bandwidth output <port-list|trk_#> Without <port-list|trk_#> , this command lists the GMB configuration for all ports and static trunks on the switch. With <port-list|trk_#> , this command lists the GMB configuration for the specified ports and static trunks. This command operates the same way in any CLI context. If the command lists Disabled for a port or trunk, there are no bandwidth minimums configured for any queue on the port or trunk.
Page 234: Rate-Limit Unknown-Unicast In Kbps
----- + ------------- --------- | 10 rate-limit unknown-unicast in kbps Syntax interface port-list rate-limit unknown-unicast in kbps rate Description Sets a rate limit for unicast flood traffic. Command context interface Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 235: Show Rate-Limit Unknown-Unicast
Parameters Sets a rate limit for incoming unicast flood traffic. percent Specifies the rate limit as a percentage of the total available bandwidth. kbps Specifies the rate limit in Kb/s. Examples switch(config)# int 1 switch(eth-1)# rate-limit Set a rate limit for all traffic. bcast Set a rate limit for broadcast traffic.
Page 236: Jumbo Frames
Port adds and moves: If you add a port to a VLAN that is already configured for jumbo traffic, the switch enables that port to receive jumbo traffic. If you remove a port from a jumbo-enabled VLAN, the switch Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 237: Jumbo Traffic-Handling
disables jumbo traffic capability on the port only if the port is not currently a member of another jumbo-enabled VLAN. This same operation applies to port trunks. • Jumbo traffic sources: A port belonging to a jumbo-enabled VLAN can receive inbound jumbo frames through any VLAN to which it belongs, including non-jumbo VLANs.
Page 238: Configuring Jumbo Frame Operation
Lists the static VLANs configured on the switch and includes a Jumbo column to indicate which VLANs are configured to support inbound jumbo traffic. All ports belonging to a jumbo-enabled VLAN can receive jumbo Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 239 traffic. (For more information, see Configuring a maximum frame size on page 240.) See Figure Figure 52: Example: listing of static VLANs to show jumbo status per VLAN on page 239. Figure 52: Example: listing of static VLANs to show jumbo status per VLAN Syntax: show vlans ports <port-list>...
Page 240: Enabling Or Disabling Jumbo Traffic On A Vlan
Sets the maximum frame size for jumbo frames. The range is from 1518 bytes to 9216 bytes. (Default: 9216 bytes) NOTE: The jumbo max-frame-size is set on a GLOBAL level. Default: 9216 bytes Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 241: Configuring Ip Mtu
Configuring IP MTU NOTE: The following feature is available on the switches covered in this guide. jumbos support is required for this feature. On switches that do not support this command, the IP MTU value is derived from the maximum frame size and is not configurable. You can set the IP MTU globally by entering this command.
Page 242: Troubleshooting
Duplex mismatch (duplex mismatch HDx - reconfigure to Full Duplex) • Duplex mismatch (duplex mismatch FDx - reconfigure port to Auto) • Rapid detection of link faults and recoveries (link flap) • Link loss detection (loss of link) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 243: Fault Finder Thresholds
NOTE: Fault finder is also known as FFI (find-fix-inform). Fault Finder thresholds Switches feature automatic fault detection, which helps protect against network loops and defective equipment. The fault detection sensitivity setting determines the types of alerts reported to the Alert Log based on their level of severity or sensitivity.
Page 244 - 10,000)Or If Jabbers: fragment (Jabbers are count in the packets last 20 longer than seconds >= the MTU) - sensitivity Fragments: (packets shorter than they should Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 245 Condition Sensitivities Units (in Time period Fault finder triggering packets) reacts: fault finder Bad cable — 1/10,000 20 secs If (CRC and Excessive Incoming alignment CRC/ errors/ total) alignment >= (sensitivity/ errors 10,000) Too Long 1/10,000 20 secs If (late Cable —...
Page 246 2. CRC errors/total = 15/3500 = .00043 3. Sensitivity/10,000 = 6/10,000 = .0006 4. .00043 is not greater than or equal to .0006, so an alert is not triggered. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 247: Chapter 9 Configuring For Network Management Applications
Chapter 9 Configuring for Network Management Applications Configuring the switch to filter untagged traffic Enter this command to configure the switch not to learn CDP, LLDP, or EAPOL traffic for a set of interfaces. ignore-untagged-mac Syntax ignore-untagged-mac <PORT-LIST> Description Prevents MAC addresses from being learned on the specified ports when the VLAN is untagged and the destination MAC address is one of the following: •...
Page 248 Configuration change output Figure 55: Output for running configuration changes history for all ports Figure 56: Example of output for running config changes history with detail Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 249: Minimal Interval For Successive Data Change Notifications
Current status of SNMP trap type Figure 57: SNMP trap configuration status information Minimal interval for successive data change notifications setmib Syntax setmib lldpnotificationinterval.0 -i 1 - 3600 Description Change the minimum interval for successive data change notifications for the same neighbor. Globally changes the interval between successive traps generated by the switch.
Page 250: Show Interfaces
Status and Counters - Port Counters Flow Bcast Port Total Bytes Total Frames Errors Rx Drops Tx Ctrl Limit ------ -------------- -------------- ------------ ------------ ---- ----- 419,179 1555 4217 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 251: Viewing The Configuration
3846 3855 MACsec Port Counters: Port Errors Rx Drops Tx ------ ------------ ------------ Viewing the configuration show running-config Syntax show running-config Description Displays information about the configuration. Example show running-config Configuration showing interfaces to ignore packet MAC address learns. switch(config) show running-config Running configuration: ;...
Page 252: Rmon Alarm
If the absolute option is used for alarm variables of counter-type, an RMON trap is generated only once, when the threshold limit is reached. The RMON trap is never generated again. Hewlett Packard Enterprise recommends using the delta option instead when using a counter- type alarm variable.
Page 253 rising-threshold <threshold-value> An integer value for the upper threshold for the sampled statistic. A single event is generated when the current sampled value of the specified statistic becomes greater than or equal to this threshold, and if the value at the last sampling intervals was less than this threshold. The value of the rising-threshold must be greater than the value of the falling-threshold.
Page 254 Figure 60: Show Command Output for a Specific Alarm Figure 61: Display Command Output for a Specific Alarm Figure 62: Output of the running-config File Displaying the Configured RMON Alarm Parameters Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 255: Configuring Udld Verify Before Forwarding
Configuring UDLD verify before forwarding When an UDLD enabled port transitions to link-up, the port will begin with a UDLD blocking state. UDLD will probe via protocol packet exchange to determine the bidirectional state of the link. Until UDLD has completed the probe, all data traffic will be blocked.
Page 256 000000-000000 untagged down off-line 000000-000000 untagged down off-line 000000-000000 untagged down off-line 000000-000000 untagged down off-line 000000-000000 untagged down off-line 000000-000000 untagged down off-line 000000-000000 untagged down off-line 000000-000000 untagged Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 257 RMON generated when user changes UDLD mode RMON events are generated when UDLD is configured. The first time you configure the mode, the UDLD states will be re-initialized. An event log entry is initiated to include the reason for the initial UDLD blocking state during link up.
Page 258 The switch captures learned or removed events on the selected ports, but does not send an SNMP trap unless you have enabled mac-notify with the snmp-server enable traps mac-notify command. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 259 IMPORTANT: When this command is executed without the learned or removed option, it enables or disables the capture of both learned and removed MAC address table changes for the selected ports in <PORT- LIST>. Parameters learned Enables the capture of learned MAC address table changes on the selected ports. removed Enables the capture of removed MAC address table changes table on the selected ports.
Page 260 Community Events Type Retry Timeout ---------------------- ---------------------- -------- ------ ------- ------- 15.146.194.77 public None trap 15.255.134.252 public None trap 16.181.49.167 public None trap 16.181.51.14 public None trap Excluded MIBs Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 261 Viewing mac-notify traps configuration show mac-notify traps Syntax show mac-notify traps <PORT-LIST> Description Displays information about SNMP trap configuration for MAC Address Table changes. Output of SNMP trap configuration Displays SNMP trap information for all ports, or each port in the <PORT-LIST>. switch# show mac-notify traps Mac Notify Trap Information Mac-notify Enabled : Yes...
Page 262 Port or list of ports on which to enable polling. To disable counter-polling for the specified <PORT-LIST> use a polling interval of 0. <POLLING INTERVAL> An allowable non-zero value to enable polling on the specified port or ports. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 263 Usage [no] sflow <RECEIVER-INSTANCE> destination <IP-ADDRESS> <UDP-PORT-NUM> sflow <RECEIVER-INSTANCE> sampling <PORT-LIST> <SAMPLING RATE> sflow <RECEIVER-INSTANCE> polling <PORT-LIST> <POLLING INTERVAL> [no] sflow <RECEIVER-INSTANCE> destination [ipv4 | ipv6] <UDP-PORT-NUM> oobm sFlow Destination is OOBM port Switch (Config)# sflow 1 destination 192.168.2.3 6000 oobm Figure 63: Output showing OOBM Support Enabled Figure 64: Output of the running-config File showing the sFlow Destination is the OOBM Port sFlow Configuring multiple instances...
Page 264 (this is set by the management station and decrements with time.) • Max Datagram Size shows the currently set value (typically a default value, but this can also be set by the management station.) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 265 show sflow sampling-polling Syntax show sflow <RECEIVER INSTANCE> sampling-polling <PORT-LIST/RANGE> Description Displays status information about sFlow sampling and polling on the switch as shown in Figure 67: Viewing sFlow sampling and polling information on page 265. Options <RECEIVER INSTANCE> The receiver-instance number is 1, 2, or 3. <PORT-LIST/RANGE>...
Page 266 The trap will be generated for changes made from any of these interfaces: • • Menu • SNMP (remote SNMP set requests.) The SNMP trap contains the following information. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 267 Information Description Event ID An assigned number that identifies a specific running configuration change event. Method Method by which the change was made—CLI, Menu, or remote SNMP.For configuration changes triggered by internal events, the term "Internal-Event" is used as the source of the change. IP Address Type Indicates the source address type of the network agent that made a change.
Page 268 Manager Read View – access to all managed objects • Manager Write View – access to all managed objects except the following: ◦ vacmContextTable ◦ vacmAccessTable ◦ vacmViewTreeFamilyTable • OperatorReadView – no access to the following: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 269 ◦ icfSecurityMIB ◦ hpSwitchIpTftpMode ◦ vacmContextTable ◦ vacmAccessTable ◦ vacmViewTreeFamilyTable ◦ usmUserTable ◦ snmpCommunityTable • Discovery View – Access limited to samplingProbe MIB. NOTE: All access groups and views are predefined on the switch. There is no method to modify or add groups or views to those that are predefined on the switch.
Page 270 Default Traps: A switch automatically sends default traps to trap receivers using the configured community name. You have to configure and supply the community name to use in the trap-receiver config, there is no Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 271 default. Use the snmp-server host <IP_ADDRESS> community "<COMMUNITY_NAME>" command to configure a community name and the snmp-server host <IP_ADDRESS> community "<COMMUNITY_NAME>" trap-level [all | critical | not-info | debug | none] command to set the level of traps to send to the community. •...
Page 272 Output of show mac-notify traps Mac Notify Trap Information Mac-notify Enabled : No Mac-move Enabled : No Trap-interval : 30 Port MAC Addresses trap learned/removed/aged ------ --------------------------------------- Learned, Removed & Aged Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 273 Removed & Aged Learned & Aged Learned & Removed Aged Learned Removed show mac-notify for port 1 show mac-notify traps 1 1 Aged Physical hardware removal/insertion trap generation The specific events related to a physical module insertion or removal are being added to the default trap list. Aruba 3810M Switch Series (JL071A, JL072A, JL073A, JL074A, JL075A, JL076A) Aruba 5400Rzl2 Switch Series (J8698A, J8700A, J9823A-J9824A, J9825A, J9826A, J9868A, J9447A, J9448A)
Page 274 NOTE: If the event is configured to disable a trap, then the trap will not be sent for that particular event. In all other scenarios, a trap is generated for the listed events. SNMP trap captures examples Inserting a slot module Event Id: 68 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 275 Removing a slot module Event Id: 67 Inserting a transceiver Event Id: 405 Chapter 9 Configuring for Network Management Applications...
Page 276 Removing a transceiver Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 277 For this reason, Hewlett Packard Enterprise recommends that when you enable SNMPv3, you also create a second user with SHA authentication and DES privacy.
Page 278 Security via configuration of SNMP communities (SNMPv3 communities on page 269) • Security via authentication and privacy for SNMPv3 access • Event reporting via SNMP ◦ Version 1 traps ◦ RMON: groups 1, 2, 3, and 9 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 279 • Standard MIBs, such as the Bridge MIB (RFC 1493), Ethernet MAU MIB (RFC 1515), and others. The switch SNMP agent also uses certain variables that are included in a Hewlett Packard Enterprise proprietary MIB (management information base) file. Downloading the latest MIB file Procedure 1.
Page 280 Restricting access to only version 3 messages makes the community named "public" inaccessible to network management applications (such as autodiscovery, traffic monitoring, SNMP trap generation, and threshold setting) from operating in the switch. SNMP version 3 enable command Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 281 Configuring users in SNMPv3 snmpv3 user Syntax [no] snmpv3 user <USER_NAME> [auth md5|sha] <AUTH_PASS> [priv des|aes] <PRIV_PASS> [no] snmpv3 remote-engine-id <engineid> user <username> [auth {md5| sha} <authentication password>] [priv {des|aes} <privacy password>] Description Adds or deletes a user entry for SNMPv3. Authorization and privacy are optional, but to use privacy, you must use authorization.
Page 282 Syntax show snmpv3 restricted-access Description Shows the status of non-SNMPv3 write messages. Viewing and configuring non-version-3 SNMP communities (Menu) Procedure 1. From the Main Menu, select: 2. Switch Configuration… Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 283 6. SNMP Community Names Figure 69: SNMP Communities screen (default values) 2. Press [A] (for Add ) to display the following screen: Figure 70: SNMP add or edit screen If you need information on the options in each field, press [Enter] to move the cursor to the Actions line, then select the Help option.
Page 284 [no] snmp-server host [ipv4–addr|ipv6–addr] <COMMUNITY NAME> inform [retries <COUNT>][timeout <INTERVAL>] Description Enables (or disables) the inform option for SNMPv2c on the switch and allows you to configure options for sending SNMP inform requests. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 285 Parameters and options IMPORTANT: The retries and timeout values are not used to send trap requests. retries Maximum number of times to resend an inform request if no SNMP response is received. Defaults to 3. timeout Number of seconds to wait for an acknowledgement before resending the inform request. Defaults to 15 seconds.
Page 286 (Optional) Configures the type of messages sent to a [filter {<none | debug | all | not- management station.(Default: none.) info | critical>}] (Optional) Specifies the UDP port to use.(Default: 162.) [udp-port < port >] Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 287 (Optional) Specifies a range of UDP ports. (Default: 0.) [port-mask < mask >] (Optional) Specifies a range of IP addresses as [addr-mask < mask >] destinations for notification messages.(Default: 0.) (Optional) Number of times a notification is retransmitted if [retries < value >] no response is received.
Page 288 The group level to which the community is being mapped. tag <TAG_VALUE> This is used to specify which target address may have access by way of this index reference. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 289 Assign a community to a group Figure 72: Assigning a community to a group access level on page 289 shows the assigning of the Operator community on MgrStation1 to the CommunityOperatorReadWrite group. Any other Operator has an access level of CommunityOperatorReadOnly. Figure 72: Assigning a community to a group access level Running configuration changes and SNMP traps Syntax...
Page 290 The number that displays when show config is executed is global for the switch and represents the startup configuration sequence number. Figure 73: Notification of changes to the Startup Configuration file Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 291 Fields in the trap when making a change Fields in the trap when a change is made via SNMP (station ip=0xAC161251 (172.22.18.81), no username is set, and the new sequence number is 16.) Figure 74: Fields when the SNMP trap is set Source IP address for SNMP notifications When you use the snmp-server response-source and snmp-server trap-source commands, note the following behavior:...
Page 292 IP address configured for the specified loopback interface that is used as the source IP address in a generated trap PDU. If multiple loopback IP addresses are configured, the lowest alphanumeric address is used. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 293 SNMP replies and traps configuration To verify the configuration of the interface IP address used as the source IP address in IP headers for SNMP replies and traps sent from the switch, enter the show snmp-server command to display the SNMP policy configuration, as shown in Figure 75: Display of source IP address configuration on page 293.
Page 294 Identifies the group that has the privileges that will be assigned to the user. user <USER_NAME> Identifies the user to be added to the access group. This must match the user name added with the snmpv3 user command. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 295 sec-model <aver1|ver2|ver3> Defines which security model to use for the added user. An SNMPv3 access group should use only the ver3 security model. snmpv3 group Figure 77: Using snmpv3 group snmp-server community Syntax [no] snmp-server community community-name Description Configures a new community name. •...
Page 296 Syntax show snmp-server <COMMUNITY-STRING> Description This command lists the data for currently configured SNMP community names along with trap receivers and the setting for authentication traps. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 297 show snmp-server Lists the data for all communities in a switch; that is, both the default "public" community name and another community named "blue-team." Figure 78: SNMP community listing with two communities show snmp-server public To list the data for only one community, such as the "public" community, use the above command with the community name included.
Page 298 Traps Category Current Status ------------------------------ -------------------------- SNMP Authentication : Extended Password change : Enabled Login failures : Enabled Port-Security : Enabled Authorization Server Contact : Enabled DHCP Snooping : Enabled Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 299 Dynamic ARP Protection : Enabled Dynamic IP Lockdown : Enabled Address Community Events Sent Notify Type Retry Timeout ---------------------- ---------- ----------- ----------- ----- ------- 15.255.5.225 public trap 2001:0db8:0000:0001 :0000:0000:0000:0121 user_1 trap Excluded MIBs Link-Change Traps snmp-server enable traps link-change Syntax [no] snmp-server enable traps link-change<PORT-LIST>...
Page 300 Disables inbound SNMP access. listen Available only on switches that have a separate out-of-band management port. Defaults to both. oobm Inbound SNMP access is enabled only on the out-of-band management port. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 301 data Inbound SNMP access is enabled only on the data ports. both Inbound SNMP access is enabled on both the out-of-band management port and on the data ports. CDP configuration CDP mode cdp moden Syntax [no] cdp moden[pass-through|rxonly] Description Sets the selected mode of CDP processing. Use this command to set the CDP mode to pass-through or receive only.
Page 302 Switch(config)# show cdp Global CDP information Enable CDP [yes] : no show cdp with cdp run and sdp show cdp output when cdp run and sdp mode are enabled. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 303 Switch# show cdp Global CDP Information Enable CDP [Yes] : Yes CDP mode [rxonly] : pre-standard-voice CDP Hold Time [180] : 180 CDP Transmit Interval [60] : 60 Port CDP admin-status ---- --------- ------------ enabled rxonly enabled tx_rx enabled tx_rx show cdp with cdp run and cdp mode rxonly show cdp output when cdp run and cdp mode rxonly are enabled.
Page 304 Syntax show cdp Description Lists the global and per-port CDP configuration of the switch. CDP is shown as enabled/disabled both globally on the switch and on a per-port basis. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 305 Show CDP with the default CDP configuration This example shows the default CDP configuration. switch# show cdp Global CDP information Enable CDP [Yes] : Yes (Receive Only) Port CDP ---- -------- enabled enabled enabled CDP neighbors switch table view show cdp neighbors Syntax show cdp neighbors Description...
Page 306 LLDP data transmission/collection and CDP data collection are both enabled in the switch's default configuration. In this state, an SNMP network management application designed to discover devices running either CDP or Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 307 LLDP can retrieve neighbor information from the switch regardless of whether LLDP or CDP is used to collect the device-specific information. Protocol state Packet Inbound data Inbound packet generation management forwarding CDP Enabled Store inbound CDP No forwarding of inbound data.
Page 308 In the default configuration for the switches, LLDP-MED is enabled by default which requires that LLDP is also enabled. LLDP packet transmissions to neighbor devices On a global basis, you can increase or decrease the frequency of outbound LLDP advertisements. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 309 Time-To-Live for LLDP packets sent to neighbors On a global basis, you can increase or decrease the time that the information in an LLDP packet outbound from the switch will be maintained in a neighbor LLDP device. Transmit and receive mode With LLDP enabled, the switch periodically transmits an LLDP advertisement (packet) out each active port enabled for outbound LLDP transmissions and receives LLDP advertisements on each active port enabled to receive LLDP traffic (Configuring per-port transmit and receive modes on page 316.) Per-port configuration...
Page 310 The switch always includes an IP address in its LLDP advertisements. This can be either an address selected by a default process or an address configured for inclusion in advertisements. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 311 Debug logging You can enable LLDP debug logging to a configured debug destination (Syslog server, a terminal device, or both) by executing the debug lldp command. Note that the switch's Event Log does not record usual LLDP update messages. Options for reading LLDP information collected by the switch You can extract LLDP information from the switch to identify adjacent LLDP devices.
Page 312 LLDP MIB changes. If a switch is subject to frequent changes to its LLDP MIB, lengthening this interval can reduce the frequency of successive advertisements. You can change the delay-interval by using either an SNMP network management application or the CLI setmib command. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 313 Re-initialize delay interval In the default configuration, a port receiving a disable command followed immediately by a txonly, rxonly, or tx_rx command delays re-initializing for two seconds, during which LLDP operation remains disabled. If an active port is subjected to frequent toggling between the LLDP disabled and enabled states, LLDP advertisements are more frequently transmitted to the neighbor device.
Page 314 Automatic deployment of convergence network policies (voice VLANs, Layer 2/CoS priority, and Layer 3/QoS priority) • Configurable endpoint location data to support the Emergency Call Service (ECS) (such as Enhanced 911 service, 999, 112) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 315 • Detailed VoIP endpoint data inventory readable via SNMP from the switch • Power over Ethernet (PoE) status and troubleshooting support via SNMP • support for IP telephony network troubleshooting of call quality issues via SNMP This section describes how to configure and use LLDP-MED features in the switches to support VoIP network edge devices (media endpoint devices) such as: •...
Page 316 SNMP normally employs UDP, which does not guarantee datagram delivery, topology change notification should not be relied upon as the sole method for monitoring critical endpoint device connectivity. Configuring per-port transmit and receive modes Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 317 lldp admin-status Syntax lldp admin-status <PORT-LIST> [txonly|rxonly|tx_rx|disable] Description With LLDP enabled on the switch in the default configuration, each port is configured to transmit and receive LLDP packets. The options allow you to control which ports participate in LLDP traffic and whether the participating ports allow LLDP traffic in only one direction or in both directions.
Page 318 1-24 basicTlvEnable system_name lldp config To reinstate the system name TLV on ports 1-5, use this command: switch# lldp config 1-5 basicTlvEnable system_name Port speed and duplex advertisement support Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 319 lldp config dot3TlvEnable Syntax [no] lldp config <PORT-LIST> dot3TlvEnable macphy_config Description For outbound advertisements, this TLV includes the (local) switch port's current speed and duplex settings, the range of speed and duplex settings the port supports, and the method required for reconfiguring the speed and duplex settings on the device (autonegotiation during link initialization, or manual configuration.) Using SNMP to compare local and remote information can help in locating configuration mismatches.
Page 320 Multiple type/value pairs can be entered in any order, although Hewlett Packard Enterprise recommends that multiple pairs be entered in ascending order of the CA-TYPE. When an emergency call is placed from a properly configured class 3 endpoint device to an appropriate PSAP, the country code, device type, and type/value pairs configured on the switch port are included in the transmission.
Page 321 Enables or disables each port in <PORT-LIST> for sending notification to configured SNMP trap receivers if an LLDP data change is detected in an advertisement received on the port from an LLDP neighbor. Defaults to disabled. Enable SNMP notification on ports 1 - 5 switch# lldp enable-notification 1-5 LLDP operation on the switch lldp run...
Page 322 30 seconds. switch# lldp holdtime-multiplier 2 Delay interval To change the delay interval between advertisements generated by value or status changes to the LLDP MIB, use the following command. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 323 set mib lldpTxDelay.0 Syntax setmib lldpTxDelay.0 -i <1 - 8192> Uses setmib to change the minimum time (delay-interval) any LLDP port will delay advertising successive LLDP advertisements because of a change in LLDP MIB content. Defaults to 2. The LLDP refresh-interval (transmit interval) must be greater than or equal to (4 x delay-interval.) The switch does not allow increasing the delay interval to a value that conflicts with this relationship.
Page 324 <PORT-LIST> Description Displays the LLDP port-specific configuration for all ports in <PORT-LIST>, including which optional TLVs and any non-default IP address that are included in the port's outbound advertisements. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 325 show lldp config Figure 82: Per-port configuration display Available switch information available outbound advertisements show lldp info local-device Syntax show lldp info local-device<PORT-LIST> Description Displays global switch information and per-port information currently available for populating outbound LLDP advertisements. This command displays the information available on the switch. Use the lldp config <PORT- LIST>...
Page 326 Figure 83: Displaying the global and per-port information available for outbound advertisements Default per-port information content for ports 1 and 2 switch# show lldp info local 1-2 LLDP Local Port Information Detail Port PortType : local Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 327 PortId PortDesc : 1 ---------------------------------------- Port PortType : local PortId PortDesc : 2 LLDP statistics show lldp stats Syntax show lldp stats<PORT-LIST> Description Displays (globally) an overview of neighbor detection activity on the switch, plus data on the number of frames sent, received, and discarded per-port.
Page 328 | NumFramesRecvd NumFramesSent NumFramesDiscarded ------ + -------------- ------------- ------------------ | 97317 97843 | 21 | 446 A per-port LLDP statistics display switch# show lldp stats 1 LLDP Port Statistics Detail Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 329 PortName : 1 Frames Discarded Frames Invalid Frames Received : 7309 Frames Sent : 7231 TLVs Unrecognized : 0 TLVs Discarded Neighbor Ageouts Global LLDP, port admin, and SNMP notification status In the default configuration, LLDP is enabled and in both transmit and receive mode on all active ports. The LLDP configuration includes global settings that apply to all active ports on the switch, and per-port settings that affect only the operation of the specified ports.
Page 330 802.1AB LLDP operation. For more information, see the dot3TlvEnable macphy_config command. Network policy advertisements Network policy advertisements are intended for real-time voice and video applications, and include these TLV sub-elements: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 331 • Layer 2 (802.1p) QoS • Layer 3 DSCP (diffserv code point) QoS • Voice VLAN ID (VID) VLAN operating rules These rules affect advertisements of VLANs in network policy TLVs: • The VLAN ID TLV subelement applies only to a VLAN configured for voice operation ( vlan vid voice .) •...
Page 332 Table 21: Some location codes used in CA-TYPE fields Location element Code Location element Code national subdivision street number regional subdivision additional location data city or township unit or apartment city subdivision floor Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 333 Location element Code Location element Code street room number street suffix Example Suppose a system operator wants to configure the following information as the civic address for a telephone connected to her company's network through port A2 of a switch at the following location: Description CA-type CA-VALUE...
Page 334 Disables lldp on OOBM port. lldp enable-notification oobm Syntax [no] lldp enable-notification oobm Description This command enables or disables notification on the OOBM port. Parameters and options oobm Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 335 Enables notification on the OOBM port. Disables notification. Enable-notification switch(config)#lldp enable-notification ? oobm Enable or disable notification on the OOBM port. [ethernet] PORT-LIST Enable notification on the specified ports. show lldp config Syntax show lldp config [[ethernet] PORT-LIST | oobm] Description This command shows LLDP configuration information.
Page 336 The following are next level parameters of a local-or remote-device. [ethernet] PORT-LIST Shows port-list configuration information. oobm Shows oobm LLDP configuration information. show lldp info local-device Syntax show lldp info local-device Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 337 Description This command shows LLDP information about a local device. show lldp info local-device Switch(config)# show lldp info local-device LLDP Local Device Information Chassis Type : mac-address Chassis Id : 08 2e 5f 69 8c 00 System Name : Switch System Description : Switch, revision XX.15.15.000...
Page 338 : all802 Address : b4 b5 2f a8 84 00 show lldp stats Syntax show lldp stats [[ethernet] PORT-LIST | oobm] Description This command shows LLDP statistics. Parameters and options Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 339 oobm Shows statistics for the specified ports. show lldp stats switch(config)# show lldp stats LLDP Device Statistics Neighbor Entries List Last Updated : 45 mins New Neighbor Entries Count : 2 Neighbor Entries Deleted Count : 0 Neighbor Entries Dropped Count : 0 Neighbor Entries AgeOut Count : 0 LLDP Port Statistics Port...
Page 340 Multiple devices listed for a single port indicates that such devices are connected to the switch through a hub. Discovering the same device on multiple ports indicates that the remote device may be connected to the switch in one of the following ways: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 341 • Through different VLANS using separate links. (This applies to switches that use the same MAC address for all configured VLANs.) • Through different links in the same trunk. • Through different links using the same VLAN. (In this case, spanning-tree should be invoked to prevent a network topology loop.
Page 342 The command [no] lldp config <PORT NO> basicTlvEnable management_addr suppresses the IP address to be advertised. Commands [no] lldp config basicTlvEnable management_addr Syntax In the configure context: [no] lldp config <PORT_NUM> basicTlvEnable management_addr Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 343 Description The feature suppresses the IPv4 or IPv6 address as well as suppresses the MAC address if the [no] ip address is configured. By default this management address TLV is enabled in switch. No other TLV (except management address TLV) suppression will occur when this command is used. Parameters Management_addr Management TLV...
Page 344 Parameters and options Disables the TLV advertisement. Enabling the VLAN ID TLV switch# lldp config a1 dot1TlvEnable port-vlan-id Advertised TLVs show lldp config Syntax show lldp config <PORT_NAME> Description Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 345 The show commands display the configuration of the TLVs. The command show lldp config lists the TLVs advertised for each port. Figure 86: Displaying the TLVs for a port Figure 87: Example of local device LLDP information Figure 88: Example of remote device LLDP information Chapter 9 Configuring for Network Management Applications...
Page 346 Defaults to enabled. If disabled, this TLV cannot be enabled unless the capability TLV is already enabled. This TLV enables the switch port to advertise its current PoE state and to read the PoE requirements advertised by the LLDP-MED endpoint device connected to the port. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 347 Defaults to enabled. If disabled, this TLV cannot be enabled unless the capability TLV is already enabled. Generic header ID in configuration file DHCP auto deployment Auto deployment relies on DHCP options and the current DHCP auto-configuration function. Auto deployment is platform independent, avoiding the J-number validation of the downloaded configuration file when downloaded using DHCP option 66/67.
Page 348 The IGNORE tag is not an available option when using external SCP, SFTP or TFTP clients such as PuTTY, Open SSH, WinSCP and SSH Secure Shell to transfer configuration files out of the switch. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 349 Chapter 10 DHCPv4 server Overview The Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automate assignment of IP addresses to hosts. A DHCP server can be configured to provide other network information like IP addresses of TFTP servers, DNS server, boot file name and vendor specific options. Commonly there are two types of address assignments, dynamic and manual.
Page 350 Making the server authoritative for an IP pool changes how the server processes DHCP REQUEST packets. The following table exhibits the behavior on the receiving DHCP REQUEST and DHCP inform packets from DHCP clients residing on either authoritative and non-authoritative pools. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 351 Table 22: Authoritative and non-authoritative pools Authoritative Pool Non-authoritative pool When a For Own IP For IP Unknown IP For Own IP For IP belonging to Unknown IP DHCP client belonging to falling outside different client falling outside sending.. different the range the range client...
Page 352 Maximum number of pools (128) has already been already configured. reached Configuring Pool with a name that exceeds the String %s too long. Allowed length is 32 characters. maximum length requirement. Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 353 Trying to delete non existing pool The specified address pool does not exist. Only alphanumeric characters, numerals and Invalid name. Only alphanumeric characters and underscore is allowed in the pool name. Violating hyphen are allowed. this would throw the following error message. Trying to delete existing pool or adding new pool DHCP server should be disabled before changing when DHCP server enabled.
Page 354 Microsoft DHCP clients use to correlate host names to IP addresses within a general grouping of networks. Two IP addresses must be separated by a comma. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 355 Maximum of 8 NetBIOS (WINS) name servers can be configured. NetBIOS node type net bios-ode-type Syntax [no] netbios-node-type [ broadcast | hybrid | mixed | peer-to-peer ] Description Configure the DHCP pool mode to the NetBIOS node type for a Microsoft DHCP. The NetBIOS node type for Microsoft DHCP clients can be one of four settings: broadcast, peer-to-peer, mixed, or hybrid.
Page 356 NOTE: DHCP server raw Option 43 is supported and it is used for AirWave ZTP. DHCP server raw Option 60 is supported from 16.06. DHCP server raw Option 138 is supported and it is used for IPsec tunnel configuration in DHCP client. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 357 IP address range range Syntax [no] range <IP-ADDR>[<IP-ADDR>] Description Configure the DHCP pool to the range of IP address for the DHCP address pool. Parameters and options range Range of IP addresses for the DHCPv4 server address pool. ip-addr Low IP address. High IP address.
Page 358 The default is two packets. Parameters and options ping Specify DHCPv4 ping parameters. packets <0-10> Specify number of ping packets in the range of 0 to 10. 0 disables ping. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 359 timeout <1-10 Ping timeout in the range of 1–10 seconds. Indicates the amount of time the DHCPv4 server must wait before timing out a ping packet. Defaults to one second. Save DHCP server automatic bindings dhcp-server database Syntax [no] dhcp-server database [file ASCII-STR] [delay<15-86400>][timeout <0-86400>] Description Specifies DHCPv4 database agent and the interval between database updates and database transfers.
Page 360 Clears theDHCPv4 server information. ip-addr Specify the IP address whose conflict is to be cleared. Reset all DHCP server and BOOTP counters clear dhcp-server statistics Syntax clear dhcp-server statistics Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 361 Description Reset all DHCP server and BOOTP counters Parameters and options statistics Reset DHCPv4 server and BOOTP counters. Delete an automatic address binding clear dhcp-server statistics Syntax clear dhcp-server statistics Description Delete an automatic address binding from the DHCP server database. Parameters and options binding Reset DHCPv4 server automatic address bindings.
Page 362 Conflict-logging is disabled. Conflict-logging is disabled. IP address %s is removed from the conflict- A specific IP address is removed from the logging database. conflict logging database. Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 363 Events Debug messages "All IP addresses are removed from the conflict- All IP addresses are removed from the logging database conflict-logging database. Dynamic binding for IP address %s is freed Dynamic binding for a specific IP address is freed. All the dynamic IP bindings are freed All the dynamic IP bindings are freed.
Page 364 No active Vlan with an IP address available to No active VLAN with an IP address is read binding database available to read binding database from the configured URL. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 365 Chapter 11 DHCPv6 server DHCPv6 hardware address The incremental deployment of IPv6 to existing IPv4 networks results in dual-stacking network environments. Some devices will act as both DHCPv4 and DHCPv6 clients. For these dual-stack situation, here is a need to associate DHCPv4 and DHCPv6 messages with the same client interface.
Page 366 Configure trusted interfaces. The system forwards server packets received on trusted interfaces only. Parameters and options Marks the specified interfaces as untrusted. Port state defaults to untrusted. Validation rules Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 367 Validation Error/Warning/Prompt Verify whether the port exist in the device. Module not present for port or invalid port: <PORT- LIST> If the port is a part of a SVLAN and the Port %s cannot be configured as trusted port as it is bridge mode is mixed mode.
Page 368 Current bindings are lesser than that of the value entered, the configuration will be immediately applied. <PORT-LIST 1-8192> Specify the ports on which max-bindings need to be applied in the range of 1–8192. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 369 Validation rules Validation Error/Warning/Prompt Verify max-bindings value entered is in the range Invalid input: <value> If DHCPv6-Snooping is already configured before Existing bindings %d are more than the max- entering the command and current bindings are bindings being configured, and the maximum greater than the value being set.
Page 370 Syntax [no] ipv6 source-lockdown ethernet <PORT-LIST> Description Used to configure DIPv6LD lockdown globally and on specific ports which can be configured on per-port basis using the PORT-LIST option. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 371 Parameters and options [ethernet] PORT-LIST Specify the ports being configured for Ipv6 source-lockdown. source-lockdown Enable IPv6 source lockdown for a specific port. Validation rules Validation Error/Warning/Prompt Verify whether dhcpv6-snooping is enabled DHCPv6 snooping is disabled. globally Verify whether port configured is in the VLAN Ports <PORT-LIST>...
Page 372 If an invalid MAC address is being added into the Cannot add a %s MAC address to the table. binding table. If an invalid port is used for configuring a static Port %s is invalid. binding Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 373 Validation Error/Warning/Prompt If DSNOOPV6 is globally disabled when Cannot configure static binding whenDHCPv6 configuring a static binding. Snooping is disabled. While configuring a static binding if the Ipv6 %s has already been assigned to a VID/MAC. address is already present in the Binding table but Delete the existing binding first.
Page 374 Show dhcpv6 snooping binding entries. This would show both dynamic and static binding entries. Validation rules Validation Error/Warning/Prompt If dhcpv6-snooping not enabled DHCPv6 snooping is disabled show dhcpv6 snooping statistics Syntax show dhcpv6-snooping stats Description Show dhcpv6-snooping statistics. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 375 show ipv6 source-lockdown Syntax show ipv6 source-lockdown [bindings | status] Description Shows IPv6 source bindings that are configured using the command IPv6 source-bindings. Parameters and options bindings Show source bindings for Dynamic IPv6 Lockdown ports. status Show source bindings for Dynamic IPv6 Lockdown status. Show source bindings Dynamic IPv6 Lockdown status Dynamic IPv6 Lockdown Bindings Port...
Page 376 : Disabled Address Community Events Type Retry Timeout Excluded MIBs switch(config)# Alignment change – right shifted show distributed-trunking consistency-parameters Syntax show distributed-trunking consistency-parameters global feature Description Parameters and options Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 377 dhcp-snooping Display DHCP snooping peer consistency details. IGMP Display IGMP peer consistency details. loop-protect Display Loop protect peer consistency details. Display MLD peer consistency details. pim-dm Display PIM-DM peer consistency details. pim-sm Display PIM-SM peer consistency details. Display PIM-SM peer consistency details. show distributed-trunking consistency-parameters global feature pim-sm PIM-SM Enabled VLANs on Local : 20,30 PIM-SM Enabled VLANs on Peer : 20,30...
Page 378 Description Displays the DHCPv6 relay configuration. Cannot be configured from the WebUI or Menu. Sample output show dhcpv6-relay DHCPV6 Relay Agent : Enabled Option 79 : Disabled Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 379 DHCPv6 event log Cause Event Message RMON_DSNOOPV6_UNTRUSTED_PORT_SERVER_RELAY %s: %s message received on the untrusted port %s from RMON_DSNOOPV6_UNTRUSTED_PORT_SERVER_SUSP %s: Ceasing the log messages for the server packets received on an untrusted port for %s. RMON_DSNOOPV6_UNTRUSTED_PORT_CLIENT_DEST %s: Client packet destined to the untrusted port %s is dropped.
Page 380 RMON_DSNOOPV6_READ_LEASES_SUSP %s: Ceasing remote server lease file read status logs for RMON_DSNOOPV6_WRITE_LEASES_ERROR %s: Writing %s/%s %s RMON_DSNOOPV6_WRITE_LEASES_SUSP %s: Ceasing remote server lease file write status logs for Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 381 Event Message RMON_DSNOOPV6_TABLE_FULL_REM_LEASE %s: The dynamic binding for %s on port %s was replaced with a manual binding. RMON_DSNOOPV6_TABLE_FULL_REM_LEASE_SUSP %s: Ceasing removed lease logs for %s. RMON_DSNOOPV6_BAD_IP_REQ %s: Illegal IPv6 request from %02X%02X%02X-%02X%02X %02X on port %s; %s. RMON_DSNOOPV6_BAD_IP_REQ_SUSP %s: s: Ceasing the log messages for illegal IPv6 requests for %s RMON_DSNOOPV6_BAD_IP_OFFER...
Page 382 %s: The IPv6 address %s provided by the DHCPv6 server to the client %s is already assigned to another client %s. RMON_DSNOOPV6_CONFLICT_IN_BST_SUSP %s: Ceasing status logs for Conflicts in BST for %s Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 383 DHCPv6 event messages Cause Events Debug messages When the BST becomes full, to indicate that lease Unable to add binding for %x, %02x%02x%02x-%02x bindings are being dropped. %02x%02x on port %s. BST is full. When DHCPv6 packet validation fails (packets are Dropping packet as validation failed, reason %s received on which they are not expected to).
Page 384 When DIPLDv6 violations are detected on a VLAN Access was denied on VLAN %d, %d packets received since last log. When max-binding limit is reached on a Port Max-binding limit reached on Port %s. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 385 Chapter 12 Zero Touch Provisioning with AirWave and Central Aruba offers on-premise and cloud-based management solutions for switches, access points, and controllers. AirWave is an award-winning on-premise Network Management Solution (NMS) that manages both Aruba and third-party network devices. AirWave is ideal for Campus networks and for organizations which prefer to have complete control over the hardware and software and have their NMS within premises (for example: either in the head office or data center or one of the large campuses).
Page 386 7. If DHCP does not provide AirWave details, the switch connects to Activate (Activate ZTP starts) for AirWave or Aruba Central details. If the DHCP options are not configured for AirWave, the switch is left in its default state for manual configuration. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 387 Switch being provisioned Corporate Network Branch 1 DHCP Server WAN Router AirWave Internet Router/ Server WAN Router Firewall Corporate Branch 2 DHCP Switch being Server provisioned In the preceding illustration, the workflow is as follows: 1. The switches being provisioned in the branches are booted obtaining the IP address from the DHCP server. 2.
Page 388 Select Roles -> DHCP -> Server -> w2k8 -> IPv4. Right-click IPv4 and select Set Predefined Options... Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 389 The Predefined Options and Values screen is displayed. Click Add..Enter the Name (any), Data type (select String), Code (enter 60), and Description (any). Chapter 12 Zero Touch Provisioning with AirWave and Central...
Page 390 From the Predefined Options and Values screen, under Value, enter the String ArubaInstantAP. The string is case-sensitive and must be ArubaInstantAP. Click OK. Under IPv4, expand Scope. Right-click Scope Options and select Configure Options... Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 391 10. Under the General tab, select 043 Vendor Specific Info. The Data entry data appears. Under ASCII, enter hpeSwitch:hp2920,90.1.1.10, admin. The ASCII value has the following format: <Group>:<Topfolder>,<AMP IP>,<shared secret> 11. To add subdirectories, use the following format: <Group>:<Topfolder>:<folder1>,<AMP IP>,<shared secret> 12.
Page 392 192.168.20.0 netmask 255.255.255.0 { option tftp-server-name "192.168.20.5"; option routers 192.168.20.31; option ntp-servers 192.168.20.5; option domain-name "Airport"; option domain-name-servers 192.168.20.5; option CAPWAP 171.0.0.3; #option 43 "171.0.0.100"; range 192.168.20.10 192.168.20.30; Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 393 Configure AirWave details in Linux DHCP server for IPv6 To configure the AirWave details in Linux DHCP server for IPv6, enter the following information: default-lease-time 900; preferred-lifetime 600; option dhcp-renewal-time 300; option dhcp-rebinding-time 600; allow leasequery; option dhcp6.info-refresh-time 800; dhcpv6-lease-file-name "/root/dhcpd6.leases"; host myclient { # The entry is looked up by this host-identifier option...
Page 394 • This method is not applicable for ZTP through OOBM. Procedure From the Start menu, select Server Manager. Select Roles -> DHCP -> Server -> w2k8 -> IPv4. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 395 Right-click IPv4 and select Define Vendor Classes..The DHCP Vendor Classes window is displayed. Click Add..Chapter 12 Zero Touch Provisioning with AirWave and Central...
Page 396 From the New Class window, enter the desired Display name (any) and the Description (any). For the ASCII field, enter the exact value that you got by executing the show command performed in the previous step. In this example, Hewlett Packard Enterprise J9729A 2920-24G-PoE+ Switch dslforum.org. Aruba 3810 / 5400R Management and Configuration Guide for...
Page 397 Click OK. Right-click IPv4 and select Set Predefined Options..10. From the Predefined Options and Values window, select Option class. The Option Class displayed is the one that you configured under DHCP Vendor Class. In this example, the Option Class is switch. Chapter 12 Zero Touch Provisioning with AirWave and Central...
Page 398 14. Under the Predefined Options and Values window, enter the Value String. In this example, enter hpeSwitch:hp2920,90.1.1.10, admin. The String has the following format: <Group>:<Topfolder>,<AMP IP>,<shared secret> 15. To add sub-folders, use the following format: <Group>:<Topfolder>:<folder1>,<AMP IP>,<shared secret> Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 399 16. Click OK. 17. Under IPv4, expand Scope. Right-click Scope Options and select Configure Options... 18. From the Scope Options window: a. Select the Advanced tab. b. Under Vendor class, select the desired switch. In this example, switch. c. Select the 146 switch option. d.
Page 400 CAPWAP code 138 = array of ip-address; ddns-update-style ad-hoc; subnet 192.168.20.0 netmask 255.255.255.0 { option tftp-server-name "192.168.20.5"; option routers 192.168.20.31; option ntp-servers 192.168.20.5; option domain-name "Airport"; option domain-name-servers 192.168.20.5; Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 401 option CAPWAP 171.0.0.3, 192.168.20.31; class "vendor-class" { match substring (option vendor-class-identifier,0,2); #match option vendor-class-identifier; subclass "vendor-class" "HP" { vendor-option-space ArubaInstantAP; #option ArubaInstantAP.cfg "runningConfig_5400R.txt"; #option ArubaInstantAP.img "KB_16_01_0004.swi"; option ArubaInstantAP.org "aw_group:fold,171.0.0.100,secret1234"; subclass "vendor-class" "Ar" { vendor-option-space ArubaInstantAP; #option ArubaInstantAP.cfg "runningConfig_5400R.txt"; #option ArubaInstantAP.img "KB_16_01_0004.swi"; option ArubaInstantAP.org "aw_group:fold,171.0.0.100,secret1234";...
Page 402 Command context config Parameters IP-ADDR AMP server IPv4 address. IPv6-ADDR AMP server IPv6 address. GROUP AMP server group name. FOLDER AMP server folder name. SECRET AMP server shared secret string. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 403 Example Switch(config)# amp-server Configure AMP server IP address. Switch(config)# amp-server ip IP-ADDR Enter an IP address. IPV6-ADDR Enter an IPv6 address. Switch(config)# amp-server ip 192.168.1.1 group AMP server group name. Switch(config)# amp-server ip 192.168.1.1 group GROUPNAME-STR AMP server group name. Switch(config)# amp-server ip 192.168.1.1 group grp11 folder AMP server folder name.
Page 404 When device is upgraded from any 15.xx version to 16.01, see Image Upgrade. • Once DHCP server or Activate offers Airwave/Central details, ZTP is disabled. If the details are offered again, it is ignored. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 405 Image Upgrade If you upgrade from any 15.xx version to version 16.xx, the following minimal set of configuration is validated to enable or disable the ZTP process: • If the switch has any other VLAN apart from the default VLAN, ZTP gets disabled. •...
Page 406 Internet), the communication between the switch and AirWave server can be protected. NOTE: • IPsec tunnel is not supported with IPv6. • IPsec tunnel is not supported through OOBM. You can configure IPsec tunnel using any of the following methods: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 407 • Activate ZTP • DHCP ZTP with option 138 1. To assign controller IP addresses, select DHCP option 138. 2. Define the controller IP addresses for both the primary and secondary controllers. • Manual configuration IPsec Tunnel Establishment • IPsec tunnel for AirWave is auto-configured. The switch decides to create IPsec tunnel only when an Aruba controller IP is present in the device before establishing the connection to AirWave.
Page 408 3. Switch initiates a new IPsec session with either primary or backup controller once "Dead Peer Detection" event is triggered for existing IPsec session. 4. Switch retries establishing IPsec session with both primary and backup controllers alternatively until a successful IPsec handshake. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 409 5. Switch tries to establish the IPsec tunnel with the same controller when the following events occur: • Switch IP change • Vlan ID change • Redundancy switch over 6. If aruba-vpn type is amp, after five consecutive AirWave check-in failures, the existing tunnel is destroyed and an IPsec tunnel is established with the other controller.
Page 410 3. Failover to the other (either primary or secondary) controller results in data loss. All the existing application sessions in the switch will be terminated. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 411 NOTE: The failover will take up to three minutes. 4. The events such as time change and port flap, breaks the existing IPsec session and triggers a failover. The new IPsec session is established with a backup controller. In such scenario, switch does not perform any reachability test before selecting a controller to retry.
Page 412 For example: ip route 2.0.0.0 255.255.255.0 tunnel aruba-vpn Show commands show aruba-vpn Syntax show aruba-vpn type <VPN-TYPE> Description Show Aruba-VPN configuration information. show aruba-vpn show aruba-vpn Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 413 Aruba VPN details Aruba VPN Type : amp Aruba VPN Peer IP : 171.0.0.1 Aruba VPN Backup Peer IP : 171.0.0.3 Aruba VPN Config Status : Configured Aruba VPN tos : Value from IPv4 header Aruba VPN ttl : 64 show aruba-vpn type amp show aruba-vpn type amp Aruba VPN details...
Page 414 : IPsec IPv4 Source Address : 192.168.20.10 Destination Address : 171.0.0.3 Configured Tunnel Status : Enabled Current Tunnel State : Up show crypto-ipsec sa Syntax show crypto ipsec sa Description Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 415 Show crypto-IPsec statistics. switch# show crypto ipsec sa Crypto IPSec Status Interface Source Address : 192.168.20.10 Destination Address : 171.0.0.3 Source Port Destination Port : 3767553536 Encapsulation Protocol : ESP Encryption : AES Hash : SHA1 PFS Group Mode : tunnel Key Life : 3600 Remaining key Life : 3303...
Page 416 For more information on Aruba Central configuration, refer to the Aruba Central Configuration Guide. After the switch successfully checks-in with Aruba Central, the following management interfaces on the switch are disabled: • WebUI • REST • SNMP Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 417 • TR-69 • Menu There is a restriction on executing the following commands over CLI: • boot • recopy • erase • reload • startup-default • upgrade-software • setup • delete • reboot • restore • menu • write memory •...
Page 418 A system software update is available to version WB.16.02.0012. activate software-update check Syntax activate software-update check Description Check the Activate software update manually. Example switch(config)$# activate software-update check Configuration and Status - Activate Software Update Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 419 Activate Server Address : device.arubanetworks.com Activate Server Polling : Enabled Installed Software Version : WB.16.04.0000x Server Software Version : Not available - server communication error. Server Software Image URL : Not available - server communication error. switch(config)$ NOTE: This switch is not connected to Activate, hence communication error is shown in “Server Software Version”...
Page 420 Activate Server Address : device.arubanetworks.com Activation Key : ZAELQSRB NTP/HTP Time Sync Status : Time sync from NTP Activate DNS Lookup : Success Proxy Server DNS Lookup : NA Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 421 Activate Connection Status : Success Error Reason : NA Unsuccessful Activate connection when device entry not present in Activate switch(config)# show activate provision Configuration and Status - Activate Provision Service Activate Provision Service : Enabled Activate Server Address : device.arubanetworks.com Activation Key : Not Available NTP/HTP Time Sync Status...
Page 422 CAUTION: To avoid broadcast storm or loops in your network while configuring ZTP, do not have redundant links after you complete ZTP and Airwave registration. Authorize the new switch and then push the Golden Configuration template from Airwave. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 423 Example Enable Aruba Central server support switch(config)# aruba-central enable Disable Aruba Central server support switch(config)# aruba-central disable Enter support mode to enable all CLI configuration commands switch(config)# aruba-central support-mode enable This mode will enable all CLI configuration commands, including those normally reserved by the Aruba Central service.
Page 424 TLS mutual UTHENTICATION_FA authentication has ILED failed. CLOUD_TLS_MUTUAL_AUTH_NOT_REQ_ERR ERR_SSL_MUTUAL_A Client authentication UTHENTICATION_NO is not requested by T_REQUESTED server. CLOUD_TLS_MUTUAL_AUTH_REQ_IGNORE_ERR ERR_SSL_MUTUAL_A TLS mutual UTHENTICATION_RE authentication QUEST_IGNORED request is ignored. Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 425 Preprocessor Directive Mocana Error Error Reason Enum CLOUD_TLS_INVALID_SIG_ERR ERR_SSL_INVALID_ Unable to verify the SIGNATURE signature on a certificate. ERR_SSL_NO_DATA_ No data received CLOUD_TLS_NO_DATA_RECV_ERR TO_RECEIVE from server. Check the server reachability. CLOUD_CERT_ERR ERR_CERT System certificate is invalid. CLOUD_CERT_EXPIRE_ERR ERR_CERT_EXPIRED System certificate expired.
Page 426 Device fails to reach Activate server with error: %s. ACTIVATE_FAIL_PROV_NO_DEVICE_ENTRY Device is not registered with Activate server. ACTIVATE_NON_TPM_CODE_MISSING EST provision with activate server fails because of invalid response received from Activate server. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 427 Stacking support The ZTP process for stacked switches with Central is similar to the one for a standalone switch, with the exception that only the commander in the stack checks in with Central. For switches supported on Central when stacking is ON, refer to the Aruba Central Switch Configuration Guide. Fault finder switch events Fault finder switch events supported by Aruba Central EVENT_FF_BAD_DRIVER_NIC...
Page 428 When configuring the proxy server, the following applications will be taking the proxy route to reach the destination. You can configure the proxy server as indicated in DHCP or proxy server command. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 429 • Aruba AirWave • Aruba Activate • Firmware download through MNP • Aruba ClearPass connectivity • Aruba Central connectivity • TR69 support Support for Aruba AirWave AirWave is used to manage the ArubaOS-Switches and its communication to the switch is over HTTPS. When AirWave is deployed with Aruba controller, an IPsec tunnel is created between the switch and the controller.
Page 430 3. Add Displayed name and Description for the New Vendor Class in the ASCII field, add J9854A 2530-24G-PoE+-2SFP+ Switch value exactly obtained from the switch, otherwise the option may not work. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 431 4. Right-click IPv4 and select Set Predefined Options. Select option class as the newly defined vendor class, click ADD and enter the following information for Proxy details: a. Name - Proxy b. Data Type - String c. Code - 148 d.
Page 432 Check 148 and add Proxy details in string value field, in the format as mentioned: <http://web-proxy.in.ABCcorp.net:8080> or <http://192.168.50.18:3128> Check 144 and add configuration filename in string value field (optional). Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 433 6. Click Apply and OK and the proxy option is added in the Server options. 7. Now restart the DHCP service and download new DHCP attributes in the switch, you can check that the proxy details are correctly downloaded in the switch using the show proxy config command. Chapter 12 Zero Touch Provisioning with AirWave and Central...
Page 434 The no form of this command removes the proxy exception for the specified entry (IPv4 address/host name). Command context config Parameters ip-addr/mask-length | hostname Specifies IPv4 address/mask length and host name. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 435 Example switch(config)# proxy exception ip 192.168.0.10/12 switch(config)# proxy exception host "http://web-proxy.au.abdcorp.net:3128" show proxy config Syntax show proxy config Description Shows the proxy configuration. Command context config Examples switch(config)# show proxy config Http Proxy Configuration details Server URL : http://web-proxy.au.abccorp.net:3128 Manually configured exceptions Exception ------- ----------------------------------------- 192.168.0.10/12...
Page 436 Downloading switch software To download a switch software file named K.0800.swi from a TFTP server with the IP address of 10.28.227.103 to primary flash: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 437 Procedure 1. Execute copy tftp flash on page 437 as shown below: Figure 91: Download command for an OS (switch software) 2. When the switch finishes downloading the software file from the server, it displays this progress message: 3. Validating and Writing System Software to FLASH ... 4.
Page 438 TFTP client and server functionality. After enabling ip ssh file transfer, you cannot re- enable TFTP and auto-TFTP from the CLI. show running-configuration switch(config)# show running-config Running configuration: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 439 ; J8693A Configuration Editor; Created on release #K.15.15.0000x ; Ver #04:7f.ff.3f.ef:54 hostname "Switch" no tftp client no tftp server Enable TFTP client switch(config)# tftp client ip ssh filetransfer The command ip ssh filetransfer disables the TFTP Client and TFTP Server, and the user can re-enable them.
Page 440 In the Remote File Name field, enter the name of the software file (if you are using a UNIX system, remember that the filename is case-sensitive.) Press [Enter], then [X] (for eXecute ) to begin the software download. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 441 The screen shown in Figure 93: Download OS (software) screen during a download on page 441 appears: Figure 93: Download OS (software) screen during a download A "progress" bar indicates the progress of the download. When the entire software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH...
Page 442 1. The TFTP feature is enabled by default, and can be enabled or disabled through the CLI, the Menu interface (see Figure 95: Using the Menu interface to disable TFTP on page 443 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 443 ), or an SNMP application. Auto-TFTP is disabled by default and must be configured through the CLI. Figure 95: Using the Menu interface to disable TFTP 2. While SFTP is enabled, TFTP and auto-TFTP cannot be enabled from the CLI. Attempting to enable either non-secure TFTP option while SFTP is enabled produces one of the following messages in the CLI: SFTP must be disabled before enabling tftp.
Page 444 " crash-data-f "" crash-data-g 8212zl only crash-data-h " " crash-data-I "" crash-data-J "" crash-data-K "" crash-data-L " " crash-log crash-log-a crash-log-b crash-log-c crash-log-d 8212zl only crash-log-e "" crash-log-f "" Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 445 crash-log-g 8212zl only crash-log-h " " crash-log-I " " crash-log-J " " crash-log-K " " crash-log-L " " event log +---os primary secondary \---ssh +---mgr_keys authorized_keys \---oper_keys authorized_keys \---core (this directory is not available on the 8212zl) mm1.cor management module or management function im_a.cor interface module (chassis switches only) im_b.cor...
Page 446 Use USB to transfer files to and from the switch The switch's USB port (labeled as Aux Port) allows the use of a USB flash drive for copying configuration files to and from the switch. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 447 Operating rules and restrictions: • Unformatted USB flash drives must first be formatted on a PC (Windows FAT format.) For devices with multiple partitions, only the first partition is supported. Devices with secure partitions are not supported. • If they already exist on the device, subdirectories are supported. When specifying a filename , you must enter either the individual file name (if at the root) or the full path name (for example, /subdir/filename.) •...
Page 448 SCP is used to copy files to and from the switch when security is required. SCP works with both SSH v1 and SSH v2. Be aware that the most third-party software application clients that support SCP use SSHv1. Xmodem Downloading software using Xmodem Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 449 Prerequisites Procedure 1. Connect the switch via the Console RS-232 port to a PC operating as a terminal. (For information on connecting a PC as a terminal and running the switch console interface, see the installation and getting started guide you received with the switch.) 2.
Page 450 11. Continue reboot of system? : No 12. Press the space bar once to change No to Yes, then press [Enter] to begin the reboot. 13. To confirm that the software downloaded correctly: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 451 a. From the Main Menu, select 1. Status and Counters, and the select 1. General System Information b. Check the Firmware revision line. Downloading switch software using USB Enable or disable the USB port This feature allows configuration of the USB port using either the CLI or SNMP. Prerequisites Procedure 1.
Page 452 Copy from primary flash in the source to either primary or secondary in the destination. • Copy from either primary or secondary flash in the source to either primary or secondary flash in the destination. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 453 copy tftp flash Syntax copy tftp flash <IP-ADDR> flash [primary|secondary][oobm] Description When executed in the destination switch, downloads the software flash in the source switch's primary flash to either the primary or secondary flash in the destination switch. Parameters and options primary If you do not specify either a primary or secondary flash location for the destination, the download automatically goes to primary flash.
Page 454 To copy the primary flash image to a serially connected PC, execute the copy xmodem flash command: switch# copy xmodem flash Press 'Enter' and start XMODEM on your host... Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 455 At the prompt, press Enter on the keyboard, and then execute the terminal emulator commands to begin the file transfer. Copying using USB To copy the primary image to a USB flash drive: Procedure 1. Insert a USB device into the switch's USB port. 2.
Page 456 OOBM port. Copy the event log to a PC connected to the switch Figure 99: Sending event log content to a file on an attached PC Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 457 copy crash-data Syntax copy crash-data [<SLOT-ID>|master] tftp <IP-ADDRESS> <FILENAME> [oobm] copy crash-data [<SLOT-ID>|mm] usb <FILENAME> copy crash-data [<SLOT-ID>|mm] xmodem Description These commands copy the crash data content to a remote host, attached USB device, or to a serially connected PC or UNIX workstation using TFTP, USB, or Xmodem. You can copy individual slot information or the management module’s switch information.
Page 458 Copy the crash log for slot C to a file in a PC connected to the switch Figure 101: Sending a crash log for slot C to a file on an attached PC copy crash-log (redundant management) Syntax copy crash-log [<SLOT-ID>|mm] tftp <IP-ADDRESS> <FILENAME> [oobm] Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 459 Description Copies the crash logs of both the active and standby management modules to a user-specified file. If no parameter is specified, files from all modules (management and interface) are concatenated. Parameters and options <SLOT-ID> Retrieves the crash log or crash log from the module in the specified slot. Retrieves the crash data from both management modules and concatenates them.
Page 460 The destination device and copy method options include: • Remote Host using TFTP. • Physically connected USB flash drive using the USB port on the switch. • Serially connected PC or UNIX workstation using Xmodem. Transferring Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 461 Switch configuration transfer Using CLI commands you can copy switch configurations to and from a switch, or copy a software image to configure or replace an ACL in the switch configuration. For greater security, you can perform all TFTP operations using SFTP. You can also use the include-credentials command to save passwords, secret keys, and other security credentials in the running config file.
Page 462 If no custom file is found, a message displays stating "No SHOW-TECH file found." (No custom file was uploaded with the copy tftp show-tech command.) switch# show tech custom No SHOW-TECH file found. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 463 copy tftp config Syntax copy tftp config <SOURCE CONFIG FILE NAME> <DESTINATION_IP-ADDRESS> <DESTINATION CONFIG FILE> [detail|oobm|pc|unix] Description Displays the progress, in lines and percentages, of the configuration file copied to or from the switch. A large configuration file takes several minutes to transfer. This feature allows the customer to watch the progress. Parameters and options detail Display copy progress.
Page 464 Be sure to connect a USB flash memory device to the USB port on the switch. copy startup-config Syntax copy startup-config usb <FILENAME> copy running-config usb <FILENAME> Description Copies the startup configuration or the running configuration to a USB flash drive. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 465 copy startup-config switch# copy startup-config usb Switch-config Switch-config is the name given to the configuration file that you copy from the switch to the USB device. copy usb startup-config Syntax copy usb startup-config <FILENAME> Description Copies a configuration file from a USB device to the startup configuration file on the switch. To execute the command, you must know the name of the file to copy.
Page 466 Uses Xmodem to copy and execute an ACL command from a PC or UNIX workstation. Depending on the ACL commands used, this action does one of the following in the running-config file: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 467 • Creates a new ACL. • Replaces an existing ACL. • Adds to an existing ACL. copy usb command-file Syntax copy usb command-file <FILENAME.TXT> [unix|pc] Description Copies and executes the named text file from a USB flash drive and executes the ACL commands in the file. Depending on the ACL commands used, this action does one of the following in the running-config file: •...
Page 468 Another console session (through either a direct connection to a terminal device or through Telnet) was already running when you started the session in which the download was attempted. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 469 Action Single copy command When a switch crashes, five files relating to the crash; core-dump, crash-data, crash-log, fdr-log, and event-log are created and should be copied for review. All five files (core-dump, crash-data, crash-log, fdr-log, and event- log) should be copied to a destination specified under a directory by file name. TFTP A destination directory and files can be created for all crash files (core-dump, crash-data, crash-log, fdr-log, and event-log) on an TFTP server (with write permissions).
Page 470 Copy in-flash configuration file. ssh-client-known-hosts Copy the known hosts file. ssh-server-pub-key Copy the switch's SSH server public key. running-config Copy running configuration file. TFTP Copy data from a TFTP server. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 471 Copy data from a USB flash drive. xmodem Use xmodem on the terminal as the data source. <DESTINATION > Specify the copy target. SFTP TFTP xmodem <DATA_FILES> Specify the data file name at the target. command file config default-config flash pub-key-file show-tech startup-config...
Page 472 Syntax copy crash-files member [management|interfaces} Description Copies stacking or standalone switches. Parameters and options management Copy stack member crash files to SFTP, TFTP, USB, and Xmodem. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 473 interfaces Copy stack member crash files to SFTP, TFTP, USB, and Xmodem. copy crash-files crash-file-options Syntax copy crash-files crash-file-options <HOST-NAME-STR> <IP-ADDR> <IPv6-ADDR> <SFTP> <DIRNAME-STRX> [oobm] <DESTINATION> Description Copies crash files using various options. Parameters and options <HOST-NAME-STR> Specify hostname of the SFTP server. <IP-ADDR>...
Page 474 Shows the chassis locator LED status. Possible values are ON, Off, and Blink. When the status is On or Blink, the number of minutes that the Locator LED will continue to be on or to blink is displayed. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 475 information Displays global system information and operational parameters for the switch. temperature Shows system temperature and settings. Usage • To show system fans, see show system fans • To show chassis power supply and settings, see show system power-supply • To show system fans for VSF members, see show system fans vsf Examples Locating the system chassis by LED blink using the show system chassislocate command.
Page 476 Displays the current status of the chassislocate settings. Display locator LED status Locator LED Status Current Time Member State Remaining Configuration ------ ------- --------- ------------- blink 00:27:05 blink 30 at startup Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 477 01:05:27 Collecting processor data with the task monitor The task monitor feature allows you to enable or disable the collection of processor utilization data. The task- monitor cpu command is equivalent to the existing debug mode command taskusage -d. (The taskUsageShow command is also available.) When the task-monitor command is enabled, the show cpu command summarizes the processor usage by protocol and system functions.
Page 478 Additionally, this command displays the part number (J number) and serial number of the chassis. (See Figure 107: The show modules details command for the 8212zl, showing SSM and mini-GBIC information on page 479.) show modules command Figure 106: The show modules command output Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 479 show modules details command Figure 107: The show modules details command for the 8212zl, showing SSM and mini-GBIC information Compatibility mode for v2 zl and zl modules In the following context, v2 zl modules are the second version of the current zl modules. Both v2 zl and zl modules are supported in the 5400zl series chassis switches.
Page 480 Shows the current operating status for all ports or trunk groups on the switch in brief detail. config Shows the configuration data for all ports or trunk groups on the switch. <PORT-LIST> Specifies the list of ports for which status information will be shown. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 481 <TRUNK-GROUP> Specifies the trunk group for which status information will be shown. The status information shown consists of total transmit and receive counters and weighted average rate for the trunk group specified. The weighted average rate is calculated in 5 minute intervals. Usage Both external and internal ports are supported on the same module.
Page 482 : 00.76 % Utilization Tx : 00.76 % show interfaces trunk-utilization Syntax show interfaces trunk-utilization Description Shows the bandwidth utilization calculations for all trunk members. Command context operator or manager Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 483 Example Show bandwidth utilization for trunks. Switch(config)# show interfaces trunk-utilization Status and Counters - Port Utilization Port | --------------------------- | --------------------------- | Kbits/sec Pkts/sec Util | Kbits/sec Pkts/sec Util -------- ---------- ----- + ---------- ---------- --------- ----- Trk1 Trk2 Trk10 Statistic interactions of interface counters Table 24: Statistic interactions Interface counters are cleared using the command clear statistics.
Page 484 IMPORTANT: Once cleared, statistics cannot be reintroduced. clear statics Syntax clear statistics [<PORT-LIST> | global | <TRUNK-LIST>] Description Clears all interface counters and statistics for specified ports, specified trunks or clears statistics globally for all. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 485 Command context manager Parameters <PORT-LIST> Specifies the list of ports. global Specifies all counters and statistics for all interfaces. <TRUNK-LIST>] Specifies the list of trunks. Usage The clear statistics command does not clear SNMP. MAC address tables MAC address views and searches You can view and search MAC addresses using the CLI or the menu.
Page 486 ----------------- ------------------------------- ---- ---------------- f0921c-b6e940 0000:00:23:26.93 0180c2-00000f 0000:00:00:00.00 d18cc2-00000f 0001:21:43:59.92 e18dd2-00000f 0000:18:23:24.22 show mac-add detail for platforms not supporting Vxlan Tunnels. stack-Switch# show mac-address detail Status and Counters - Port Address Table Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 487 MAC Address Port VLAN Age (d:h:m:s.ms) ------------- ------ ---- ---------------- 009c02-d80f28 1/2 0000:00:00:30.18 3464a9-abe500 1/2 0030:07:01:20.23 show mac-address <MAC-ADDRESS> detail Syntax Syntax show mac-address <MAC-ADDRESS> detail Description Specifies the age and existing details of the specific mac address given. manager Parameters <MAC-ADDRESS>...
Page 488 1. Proceeding from Figure 110: Example of the address table on page 488, press [S] (for Search ), to display the following prompt: Enter MAC address: _ 2. Enter the MAC address you want to locate and press [Enter]. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 489 3. The address and port number are highlighted if found (Figure 111: Example of menu indicating located MAC address on page 489.) If the switch does not find the MAC address on the currently selected VLAN, it leaves the MAC address listing empty. Figure 111: Example of menu indicating located MAC address 4.
Page 490 Displays the global and regional spanning-tree status for the switch, and displays the per-port spanning-tree operation at the regional level. Values for the following parameters appear only for ports connected to active devices: Designated Bridge, Hello Time, PtP, and Edge. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 491 show spanning-tree command output Figure 113: show spanning-tree command output IP IGMP status show ip igmp Syntax show ip igmp <VLAN-ID> [config] [group <IP-ADDR>|groups] [statistics] Description Global command that lists IGMP status for all VLANs configured in the switch, including: Chapter 14 Monitoring and Analyzing Switch Operation...
Page 492 IGMP Service Statistics Total VLANs with IGMP enabled Current count of multicast groups joined IGMP Joined Groups Statistics VLAN ID VLAN Name Filtered Flood ------- -------------------------------- ------------ ------------ VLAN2 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 493 VLAN information show vlan Syntax show vlan <VLAN-ID> Description Lists the maximum number of VLANs to support, existing VLANS, VLAN status (static or dynamic), and primary VLAN. Parameters and options <VLAN-ID> Lists the following for the specified VLAN: • Name, VID, and status (static/dynamic) •...
Page 494 Figure 114: Listing the VLAN ID (vid) and status for specific ports Figure 115: Example of VLAN listing for the entire switch Figure 116: Port listing for an individual VLAN Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 495 Exit port (any port on the switch except a monitored interface used to mirror traffic) IMPORTANT: Hewlett Packard Enterprise strongly discourages connecting a mirroring exit port to a network because doing so can result in serious network performance problems. Only connect an exit port to a network analyzer, IDS, or other network edge device that has no connection to other network resources.
Page 496 Traffic-direction criteria interface monitor all Syntax [no] [interface <PORT> |<TRUNK>] monitor ACL criteria for inbound traffic — deprecated NOTE: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 497 interface monitor ip Syntax [no] [interface <PORT> |<TRUNK> |<MESH>]|vlan <VID-#>] monitor ip access-group <ACL-NAME> in mirror session [session ...] Mirror policy for inbound traffic class [ipv4|ipv6] Syntax class [ipv4|ipv6] <CLASSNAME> [no] [seq-number] [match|ignore] <IP-PROTOCOL> <SOURCE-ADDRESS> <DESTINATION-ADDRESS>][precedence <PRECEDENCE-VALUE>][tos <TOS- VALUE>][ip-dscp <CODEPOINTS>][vlan <VLAN-ID>] Description Configures the mirroring policy for inbound traffic on the switch.
Page 498 In release K.14.01 and greater, the use of ACLs to select inbound traffic in a mirroring session interface | vlan monitor ip access-group in mirror command has been deprecated and is replaced with classifier-based mirroring policies. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 499 interface Syntax interface <PORT/TRUNK/MESH> Description Parameters and options monitor all Syntax monitor all [in|out|both] mirror <SESSION> [no-tag-added] monitor ip access-group ACL-NAME in mirror <SESSION> monitor mac <MAC-ADDR> [src|dest|both] mirror show monitor [endpoint|<SESSION-NUMBER>|name <SESSION-NAME> service-policy Syntax service-policy <mirror-policy-name> in Configuring local mirroring (Menu) If mirroring has already been enabled on the switch, the Menu screens appear different from the one shown in this section.
Page 500 11. Use the down arrow key to move the cursor to the Action column for the individual port interfaces and position the cursor at a port, trunk, or mesh you want to mirror. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 501 12. Press the Space bar to select Monitor for the ports, trunks, mesh, or any combination of these that you want mirrored. 13. Use the down arrow key to move from one interface to the next in the Action column. (If the mesh or any trunks are configured, they appear at the end of the port listing.) 14.
Page 502 [no] [interface <PORT> <TRUNK> <MESH>|vlan <VID-#>] monitor ip access—group <ACL—NAME> inmirror [1–4|<NAME-STR>] [1 — 4|<NAME-STR . . .>] Mirror policy for inbound traffic class [ipv4|ipv6] Syntax class [ipv4|ipv6] <CLASSNAME> [no] [seq-number] [match|ignore] <IP-PROTOCOL> <SOURCE-ADDRESS> <DESTINATION-ADDRESS>][precedence <PRECEDENCE-VALUE>][tos <TOS- VALUE>][ip-dscp <CODEPOINTS>][vlan <VLAN-ID>] Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 503 Description Configures the mirroring policy for inbound traffic on the switch. Parameters and options policy mirror Syntax policy mirror <POLICY-NAME> [no] <SEQ-NUMBER> [class [ipv4|ipv6] <CLASSNAME> action mirror <SESSION>] [action mirror <SESSION>] [no] default-class action mirror <SESSION> [no] [interface <PORT/TRUNK>| vlan <VID-#>] service-policy <MIRROR- POLICY-NAME>...
Page 504 (If multiple remote sessions use the same source and destination IP addresses, each session must use a unique UDP port value.) When you execute this command, the following message is displayed: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 505 Caution: Please configure destination switch first. Do you want to continue [y/n]? • If you have not yet configured the session on the remote destination switch, follow the configuration procedure in Configure a mirroring destination on a remote switch on page 528 before using this command. •...
Page 506 [no-tag-added] Prevents a VLAN tag from being added to the mirrored copy of an outbound packet sent to a local or remote mirroring destination. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 507 The no form of the command removes a mirroring source assigned to the session, but does not remove the session itself. This enables you to repurpose a session by removing an unwanted mirroring source and adding another in its place. Selecting all traffic on a VLAN interface for mirroring according to traffic direction Syntax...
Page 508 Configuring classifier-based mirroring For more information and a list of general steps for the process beginning with this command, see the information about restrictions on classifier-based mirroring. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 509 Context: Global configuration Syntax [no] class [ipv4 | ipv6 classname] Defines the name of a traffic class and specifies whether a policy is to be applied to IPv4 or IPv6 packets, where classname is a text string (64 characters maximum.) After you enter the class command, you enter the class configuration context to specify match criteria.
Page 510 [ipv4 class-name | ipv6 class-name | config] Syntax show policy [policy-name | config] Syntax show policy resources Syntax show statistics policy [policy-name] [interface port-num | vlan vid in] Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 511 Viewing all mirroring sessions configured on the switch Syntax show monitor If a monitored source for a remote session is configured on the switch, the following information is displayed. Otherwise, the output displays: Mirroring is currently disabled. Sessions Lists the four configurable sessions on the switch. Status Displays the current status of each session: •...
Page 512 In the configuration of a remote session, the same UDP destination address must be configured on the source and destination switches. Dest Port fies the exit port for a remote session on a remote destination switch. Example Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 513 In Figure 121: Displaying the configuration of remote mirroring endpoints on the switch on page 513, the show monitor endpoint output shows that the switch is configured as the remote endpoint (destination) for two remote sessions from the same monitored source interface. Figure 121: Displaying the configuration of remote mirroring endpoints on the switch Viewing the mirroring configuration for a specific session Syntax...
Page 514 (Figure 123: Displaying the Configuration of a Remote Mirroring Session on page 514.) Figure 122: Configuring a remote mirroring session and monitored source Figure 123: Displaying the Configuration of a Remote Mirroring Session Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 515 Viewing a MAC-based mirroring session After you configure a MAC-based mirroring session (Figure 124: Configuring a MAC-based mirroring session on page 515), you can enter the show monitor 3 command to verify the configuration (Figure 125: Displaying a MAC-based mirroring session on page 515.) Figure 124: Configuring a MAC-based mirroring session Figure 125: Displaying a MAC-based mirroring session Viewing a local mirroring session...
Page 516 Lists the statements that make up the IPv6 class identified by classname . config Displays all classes, both IPv4 and IPv6, and lists the statements that make up each class. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 517 Additional variants of the show class … command provide information on classes that are members of policies that have been applied to ports or VLANs. Figure 128: show class output for a mirroring policy Viewing information about a classifier-based mirroring configuration Syntax show policy policy-name show policy config...
Page 518 Displays the number of hardware resources (rules, meters, and application port ranges) used by classifier-based mirroring policies (local and remote) that are currently applied to interfaces on the switch, as well as QoS policies and other software features. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 519 NOTE: The information displayed is the same as the output of the show qos resources and show access-list resources commands. Figure 131: Displaying the hardware resources used by currently configured mirroring policies Viewing the mirroring configurations in the running configuration file Use the show run command to view the current mirroring configurations on the switch.
Page 520 ZL modules are not allowed to power up. and zl up. Any v2 zl modules are limited to the zl modules configuration capacities.If compatibility mode is disabled, the zl modules go down. Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 521 Modules Compatibility mode enabled Compatibility mode disabled ZL modules Same as exists already.If a v2 zl module is The Management Module is the only module only inserted, it operates in the same mode as the zl that powers up. module, but with performance increases. In Compatibility Mode, no v2 zl features are If Compatibility Mode is disabled and then allowed, whether the modules are all v2 zl or...
Page 522 You can map multiple mirroring sessions to the same exit port, which provides flexibility in distributing hosts, such as traffic analyzers or an IDS. In a remote mirroring endpoint, the IP address of the exit port and the remote destination switch. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 523 Mirroring sessions can have the same or a different destination. You can configure an exit port on the local (source) switch and/or on a remote switch as the destination in a mirroring session. When configuring a mirroring destination, consider the following options: You can segregate traffic by type, direction, or source.
Page 524 Using the CLI, you can configure all mirroring options on a switch. You can use the CLI can configure sessions 1 to 4 for local or remote mirroring in any combination, and override a Menu configuration of session 1. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 525 You can also use SNMP configure sessions 1 to 4 for local or remote mirroring in any combination and override a Menu configuration of session 1, except that SNMP cannot be used to configure a classifier-based mirroring policy. Remote mirroring endpoint and intermediate devices The remote mirroring endpoint that is used in a remote mirroring session must be an switch that supports the mirroring functions described in this chapter.
Page 526 Using the Menu to configure local mirroring Menu and WebAgent limits You can use the Menu and WebAgent to quickly configure or reconfigure local mirroring and allow one of the following two mirroring source options: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 527 • Any combination of source ports, trunks, and a mesh. • One static, source VLAN interface. Remote mirroring overview To configure a remote mirroring session in which the mirroring source and destination are on different switches, follow these general steps: After you complete 6.b on page 527, the switch begins mirroring traffic to the remote destination (endpoint) configured for the session.
Page 528 High-level overview of the mirror configuration process on page 528. NOTE: A remote destination switch can support up to 32 remote mirroring endpoints (exit ports connected to a destination device in a remote mirroring session.) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 529 For this reason, Hewlett Packard Enterprise strongly recommends that you configure the endpoint switch in a remote mirroring session, as described on the previous page in the section titled "For a remote mirroring session", before using the mirror remote ip command in...
Page 530 VLAN of the packet, it is sometimes desirable to have mirrored packets look exactly like the original packet. The no-tag-added parameter gives you the option of not tagging mirrored copies of outbound packets, Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 531 as shown in Figure 137: Mirroring commands with the no-tag-added option on page 531 and Figure 138: Displaying a mirror session configuration with the no-tag-added option on page 531. Figure 137: Mirroring commands with the no-tag-added option Figure 138: Displaying a mirror session configuration with the no-tag-added option About using SNMP to configure no-tag-added The MIB object hpicfBridgeDontTagWithVlan is used to implement the no-tag-added option, as shown below: hpicfBridgeDontTagWithVlan OBJECT-TYPE...
Page 532 Inbound and/or outbound traffic from each host to a different destination device. • Inbound and outbound traffic from all monitored hosts separately on two destination devices: mirroring all inbound traffic to one device and all outbound traffic to another device. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 533 Restrictions The following restrictions apply to MAC-based mirroring: • Up to 320 different MAC addresses are supported for traffic selection in all mirroring sessions configured on the switch. • A destination MAC address is not supported as mirroring criteria for routed traffic, because in routed packets, the destination MAC address is changed to the next-hop address when the packet is forwarded.
Page 534 The following match criteria are supported in match/ignore statements for inbound IPv4/IPv6 traffic: a. IP source address (IPv4 and IPv6) b. IP destination address (IPv4 and IPv6) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 535 c. IP protocol (such as ICMP or SNMP) d. Layer 3 IP precedence bits e. Layer 3 DSCP codepoint f. Layer 4 TCP/UDP application port (including TCP flags) g. VLAN ID 3. Enter one or more match or ignore commands from the class configuration context to filter traffic and determine the packets on which policy actions will be performed.
Page 536 You can enter multiple class action mirror statements in a policy. ◦ You can configure only one mirroring session (destination) for each class. ◦ You can configure the same mirroring session for different classes. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 537 • If a mirroring session is configured with a classifier-based mirroring policy on a port or VLAN interface, no other traffic-selection criteria (MAC-based or all inbound and/or outbound traffic) can be added to the session. Figure 139: Mirroring configuration in which only a mirroring policy is supported •...
Page 538 Configure the local mirroring session, including the exit port. • Configure the monitored source interfaces for the session. Figure 142: Local mirroring topology Figure 143: Configuring a local mirroring session for all inbound and outbound port traffic Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 539 Remote mirroring using a classifier-based policy In the network shown in Figure 144: Sample topology in a remote mirroring session on page 539, an administrator has connected a traffic analyzer to port A15 (in VLAN 30) on switch C to monitor the TCP traffic to the server at 10.10.30.153 from workstations connected to switches A and B.
Page 540 B. b. Configure a classifier-based mirroring policy to select inbound TCP traffic destined to the server at 10.10.30.153, and apply the policy to a VLAN interface for VLAN 20. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 541 Because the remote session has mirroring sources on different switches, you can use the same session number (1) for both sessions. Figure 147: Configuring a classifier-based policy on source switch B Remote mirroring using traffic-direction criteria In the network shown in Figure 148: Sample topology for remote mirroring from a port interface on page 541, the administrator connects another traffic analyzer to port B10 (in VLAN 40) on switch C to monitor all traffic entering switch A on port C12.
Page 542 (The MTU on the switches covered by this manual is 9220 bytes for frames having an 802.1Q VLAN tag, and 9216 bytes for untagged frames.) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 543 Table 27: Maximum frame sizes for mirroring Frame type Maximum VLAN tag Frame Frame mirrored to remote configuration frame size mirrored port to local port Data Data IPv4 header Untagged Non-jumbo (default 1518 1518 1464 config.) Jumbo on all VLANs 9216 9216 9162...
Page 544 A switch configured as a remote destination switch can also be configured to mirror traffic to one of its own ports (local mirroring) or to a destination on another switch (remote mirroring.) • Monitor command note Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 545 If session 1 is already configured with a destination, you can enter the [no] vlan <VID>monitor or [no] interface <PORT> monitor command without mirroring criteria and a mirror session number. In this case, the switch automatically configures or removes mirroring for inbound and outbound traffic from the specified VLAN or ports to the destination configured for session 1.
Page 546 Chapter 15 Virtual Technician The Hewlett Packard Enterprise Virtual Technician is a set of tools aimed at aiding network switch administrators in diagnosing and caring for their networks. VT provides tools for switch diagnoses when faced with unforeseen issues. To improve the Virtual Technician features of our devices, Hewlett Packard Enterprise has added the following tools: •...
Page 547 show cdp neighbors detail Syntax show cdp neighbors detail Description Shows CDP neighbors on specified port only. show cdp neighbor detail CDP neighbors information Port : 1/13 Device ID : 0.0.0.0 Address Type : IP Address : 0.0.0.0 Platform Capability : Switch Device Port : 00 1b 4f 49 e7 76...
Page 548 When enabled (and the front panel buttons disabled), contact Hewlett Packard Enterprise customer support to recover a lost password. When disabled, there is no way to access a device after losing a password with the front panel buttons disabled.
Page 549 • To initiate diagnostic reset via the clear button, press the clear button for at least 30 seconds but not more than 40 seconds. • To initiate diagnostic switch reset via the serial console, enter the diagnostic reset sequence on the serial console.
Page 550 2. While continuing to press Clear, release Reset. 3. When the Test LED begins blinking (after approximately 25 seconds), release Clear. Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 551 To accomplish this Do this Result Diagnostic reset This initiates diagnostic reset, collects 1. Press Clear to 30–40 seconds. diagnostic information, and reboots the 2. When the test LED begins blinking switch. (approximately after 30 seconds), release Clear. NOTE: Releasing the Clear button when TEST LED is not blinking (approximately after 40...
Page 552 When the member is till booting, it doesn’t have the commander member number, thus we can’t issue UIDC on the commander. So we report to the user to retry later. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 553 User initiated diagnostic crash via the serial console Remotely triggers a diagnostic reset of the switch via a serial console. This reset reboots the switch and collects diagnostic data for debugging an application hang, a system hang or any other rare occurrence. Diagnostic reset is controlled via FPS options.
Page 554 STKM: HA Sync in progress; user initiated diagnostic request via the serial console rejected. Retry after sometime. Console print STKM: Member is booting; user initiated diagnostic request via the serial console rejected. Retry after sometime. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 555 Chapter 16 Troubleshooting Overview This chapter addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, see the installation guide you received with the switch.) NOTE: Switch software updates are periodically places on the Switch Networking website.
Page 556 • The switch may not have the correct IP address, subnet mask, or gateway. Verify by connecting a console to the switch's Console port and selecting: 2. Switch Configuration Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 557 5. IP Configuration • If you are using DHCP to acquire the IP address for the switch, the IP address "lease time" may have expired so that the IP address has changed. For more information on how to "reserve" an IP address, see the documentation for the DHCP application that you are using.
Page 558 10.10.20.20 0.0.0.0 10.10.10.100 0.0.0.0 eq 20 log deny tcp 10.10.20.43 0.0.0.0 10.10.10.100 0.0.0.0 eq 20 log permit ip 10.10.20.1 0.0.0.255 10.10.10.100 0.0.0.0 deny ip 10.10.30.1 0.0.0.255 10.10.10.100 0.0.0.0 permit ip 10.10.30.1 0.0.0.255 10.10.10.1 0.0.0.255 exit Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 559 Indicates that routing is enabled, a requirement for ACL operation. (There is an exception. Refer to the Note, below.) NOTE: If an ACL assigned to a VLAN includes an ACE referencing an IP address on the switch itself as a packet source or destination, the ACE screens traffic to or from this switch address regardless of whether IP routing is enabled.
Page 560 10 Net's 10.0.8.1 router gateway needed by the 20 Net (Subnet mask is 255.255.255.0).See: example Figure 152: Inadvertently blocking a gateway To avoid inadvertently blocking the remote gateway for authorized traffic from another network (such as the 20 Net in this Example:): Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 561 Procedure 1. Configure an ACE that specifically permits authorized traffic from the remote network. 2. Configure narrowly defined ACEs to block unwanted IP traffic that would otherwise use the gateway; such ACEs might deny traffic for a particular application, particular hosts, or an entire subnet. 3.
Page 562 CAUTION: Removing a port from a trunk without first disabling the port can create a traffic loop that can slow down or halt your network. Before removing a port from a trunk, Hewlett Packard Enterprise recommends that you either disable the port or disconnect it from the LAN.
Page 563 The switch appears to be properly configured as a supplicant, but cannot gain access to the intended authenticator port on the switch to which it is connected If aaa authentication port-access is configured for Local, ensure that you have entered the local login (operator-level) username and password of the authenticator switch into the identity and secret parameters of the supplicant configuration.
Page 564 Verify that the switch has the correct IP address for the RADIUS server. • Ensure that the radius-server timeout period is long enough for network conditions. • Verify that the switch is using the same UDP port number as the server. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 565 MSTP and fast-uplink problems CAUTION: If you enable MSTP, Hewlett Packard Enterprise recommends that you leave the remainder of the MSTP parameter settings at their default values until you have had an opportunity to evaluate MSTP performance in your network. Because incorrect MSTP settings can adversely affect network performance, you should avoid making changes without having a strong understanding of how MSTP operates.
Page 566 Download failed: overlength key in key file. Download failed: too many keys in key file. Download failed: one or more keys is not a valid RSA public key. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 567 The public key file you are trying to download has one of the following problems: • A key in the file is too long. The maximum key length is 1024 characters, including spaces. This could also mean that two or more keys are merged together instead of being separated by a <CR> <LF>. •...
Page 568 If the monitor port is not a member of the same VLAN as the traffic from the monitored ports, traffic from the monitored ports does not go out the monitor port. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 569 None of the devices assigned to one or more VLANs on an 802.1Q-compliant switch are being recognized If multiple VLANs are being used on ports connecting 802.1Q-compliant devices, inconsistent VLAN IDs may have been assigned to one or more VLANs. For a given VLAN, the same VLAN ID must be used on all connected 802.1Q-compliant devices.
Page 570 When the link-flap threshold is met for a port configured for warn (For example, fault-finder link-flap sensitivity medium action warn), the following message is seen in the switch event log. 02672 FFI: port <number>-Excessive link state transitions Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 571 Hewlett Packard Enterprise does not recommend automatic disabling of a port at the core or distribution layers when excessive broadcasts are detected, because of the potential to disable large parts of the network that may be uninvolved and for the opportunity to create a denial-of-service attack.
Page 572 Medium Bad driver — 1/10,000 20 secs If (undersized/ Too many Incoming total) >= under-sized (sensitivity/ packets or too 10,000)OrIf many giant (giant/total) >= packets (sensitivity/ 10,000) Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 573 Condition Sensitivities Units (in Time period Fault finder triggering packets) reacts: fault finder 2110 3614 1/10,000 20 secs20 If (jabbers/ transceiver — IncomingOne secs total) >= Excessive Fragments (sensitivity/ jabbering - 10,000)Or If Jabbers: fragment (Jabbers are count in the packets last 20 longer than...
Page 574 Viewing transceiver information This features provides the ability to view diagnostic monitoring information for transceivers with Diagnostic Optical Monitoring (DOM) support. The following table indicates the support level for specific transceivers: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 575 Product # Description Support J8436A 10GbE X2–SC SR Optic J8437A 10GbE X2–SC LR Optic V J8440B 10GbE X2-CX4 Xcver J8440C 10GbE X2-CX4 Xcver J4858A Gigabit-SX-LC Mini- GBIC J4858B Gigabit-SX-LC Mini- GBIC J4858C Gigabit-SX-LC Mini- V (some) GBIC J9054B 100-FX SFP-LC Transceiver J8177C Gigabit 1000Base-T...
Page 576 When no ports are specified, information for all transceivers found is displayed. Output when no ports are specified switch(config)# show interfaces transceiver Transceiver Technical information: Product Serial Part Port Type Number Number Number ------- ----------- ------------ ------------------ ---------- Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 577 1000SX J4858C MY050VM9WB 1990-3657 1000SX J4858B P834DIP2 You can specify all for port-list as shown below. Output when “all” is specified switch(config)# show interfaces transceiver all No Transceiver found on interface 1 No Transceiver found on interface 2 No Transceiver found on interface 24 Transceiver Technical information: Product Serial...
Page 578 TX fault Transmit (TX) fault TX bias high TX bias current is high TX bias low TX bias current is low TX power high TX power is high Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 579 Alarm Description TX power low TX power is low Temp high Temperature is high Temp low Temperature is low Voltage High Voltage is high Voltage Low Voltage is low The alarm information for XENPAK transceivers is shown in this table. Table 32: Alarm and error information (XENPAK transceivers) Alarm Description...
Page 580 Transfer distance : 10000m (SM) Diagnostic support: DOM Serial number : ED456SS987 Status Temperature : 32.754C TX Bias : 42.700mA TX Power : 0.5192mW, -2.847dBm RX Power : 0.0040mW, -23.979dBm Recent Alarms: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 581 Rx power low alarm Rx power low warning Recent errors: Receive optical power fault PMA/PMD receiver local fault PMA/PMD transmitter local fault PCS receive local fault PHY XS transmit local fault Time stamp : Mon Mar 7 16:26:06 2013 Viewing transceiver information for copper transceivers with VCT support This feature provides the ability to view diagnostic monitoring information for copper transceivers with Virtual Cable Test (VCT) support.
Page 582 If the transceiver supports multiple transfer media, the values are separated by a comma. Diagnostic Shows whether the transceiver supports diagnostics: Support None Supported Supported Supported Serial Number Serial number of the transceiver Link Status Link up or down Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 583 Parameter Description Speed Speed of transceiver in Mbps Duplex Type of duplexing Cable Status Values are OK, Open, Short, or Impedance Distance to Fault The distance in meters to a cable fault (accuracy is +/- 2 meters); displays 0 (zero) if there is no fault Pair Skew Difference in propagation between the fastest and slowest wire pairs...
Page 584 Back Next page Prev page Help Return to previous screen. Use up/down arrow to scroll one line, left/right arrow keys to change action selection, and <Enter> to execute action. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 585 The log status line below the recorded entries states the total number of events stored in the event log and which logged events are currently displayed. To scroll to other entries in the Event Log, either preceding or following the currently visible portion, press the keys indicated at the bottom of the display (Back,Nextpage, Prev page, or End) or the keys described in the following table.
Page 586 The switch manages messages to SNMP trap receivers in the same way. Log throttle periods The length of the log throttle period differs according to an event's severity level: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 587 Severity level Log throttle period I (Information) 6000 Seconds W (Warning) 600 Seconds D (Debug) 60 Seconds M (Major) 6 Seconds Example: Suppose that you configure VLAN 100 on the switch to support PIM operation, but do not configure an IP address.
Page 588 Enables sending the running configuration change notifications to the syslog server. The no form of the command disables sending the running configuration changes to the syslog server. Default: Disabled Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 589 <running-config-change > Mandatory option for the notify parameter. Specifies the type of notification to send. transmission-interval Specifies the time interval (in seconds) between the <0-4294967295> transmission of two consecutive notifications. Running config changes occurring within the specified interval will not generate syslog notifications.
Page 590 Specify filtering rules. • Specify severity for event messages to be filtered to the syslog server with the option <severity>. The command no logging <severity> sets the severity back to default. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 591 • Event messages of specified system module will be sent to the syslog server. Using no sends messages from all system modules. Messages are first filtered by selected severity. • Specify syslog server transport layer with options [udp]|[tcp]|[tls]. • Specify syslog server port number with options [udp PORT-NUM]|[tcp PORT-NUM]|[tls PORT-NUM]. •...
Page 592 Syslog message for logging origin-id none Debug Logging Origin identifier: none Destination: None Enabled debug types: None are enabled. Syntax: show running-config The following example shows the output of the show running-config command. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 593 Output of the show running-config command The command logging origin-id hostname will display the following: logging origin-id hostname The command logging origin-id none will display as the following: logging origin-id none SNMP MIB SNMP support will be provided through the following MIB objects. HpicfSyslogOriginId = textual-convention Description This textual convention enumerates the origin identifier of syslog message.
Page 594 Repeat this step if necessary to enable multiple debug message types. By default, Event Log messages are sent to configured debug destination devices. To block Event Log messages from being sent, enter the no debug event command. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 595 4. If necessary, enable a subset of Event Log messages to be sent to configured syslog servers by specifying a severity level, a system module, or both using the following commands: switch(config)# logging severity <debug | major | error | warning | info> switch(config)# logging system-module <system-module>...
Page 596 Display of these messages in the CLI session of your terminal device's management access to the switch. • Blocking Event Log messages from being sent from the switch to the syslog server and a CLI session. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 597 To configure syslog operation in these ways with the debug/syslog feature disabled on the switch, enter the commands shown in Figure 159: Debug/syslog configuration for multiple debug types and multiple destinations on page 597. Figure 159: Debug/syslog configuration for multiple debug types and multiple destinations Debug command At the manager level, use the debug command to perform two main functions: •...
Page 598 By specifying both a severity level and system module, you can use both configured settings to filter the Event Log messages you want to use to troubleshoot switch or network error conditions. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 599 CAUTION: After you configure a syslog server and a severity level and/or system module to filter the Event Log messages that are sent, if you save these settings to the startup configuration file by entering the write memory command, these debug and logging settings are automatically re-activated after a switch reboot or power recycle.
Page 600 You can configure the destination port that is used for the transmission of the logging messages. Configuring TCP for logging message transmission using the default port switch(config)# logging 192.123.4.5 tcp (Default TCP port 1470 is used.) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 601 [no] logging facility <facility-name> The logging facility specifies the destination subsystem used in a configured syslog server. (All configured syslog servers must use the same subsystem.) Hewlett Packard Enterprise recommends the default (user) subsystem unless your application specifically requires another subsystem. Options include:...
Page 602 You can associate a user-friendly description with each of the IP addresses (IPv4 only) configured for syslog using the CLI or SNMP. NOTE: The Hewlett Packard Enterprise MIB hpicfSyslog.mib allows the configuration and monitoring of syslog for SNMP (RFC 3164 supported). CAUTION: Entering the no logging command removes ALL the syslog server addresses without a verification prompt.
Page 603 NOTE: A notification is sent to the SNMP agent if there are any changes to the syslog parameters, either through the CLI or with SNMP. Configuring the severity level for Event Log messages sent to a syslog server Event Log messages are entered with one of the following severity levels (from highest to lowest): Major A fatal error condition has occurred on the switch.
Page 604 If no syslog server is configured, the sending of Event Log messages is disabled. IP (debug type) Disabled. • Debug commands do not affect normal message output to the Event Log. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 605 Using the debug event command, you can specify that Event Log messages are sent to the debug destinations you configure (CLI session, syslog servers, or both) in addition to the Event Log. • Ensure that your syslog servers accept debug messages. All syslog messages resulting from a debug operation have a "debug"...
Page 606 10.10.10.10 is alive, iteration 1, time = 15 ms 10.10.10.10 is alive, iteration 1, time = 15 ms switch# ping 10.10.10.10 timeout 2 10.10.10.10 is alive, time = 10 ms Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 607 switch# ping 10.11.12.13 The destination address is unreachable. Halting a ping test To halt a ping test before it concludes, press [Ctrl] [C]. NOTE: To use the ping (or traceroute) command with host names or fully qualified domain names, see DNS resolver on page 617.
Page 608 Common reasons for traceroute failing to reach a destination include: • Timeouts (indicated by one asterisk per probe, per hop) • Unreachable hosts • Unreachable networks • Interference from firewalls • Hosts configured to avoid responding Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 609 Executing traceroute where the route becomes blocked or otherwise fails results in an output marked by timeouts for all probes beyond the last detected hop. For example, with a maximum hop count of 7 (maxttl = 7), where the route becomes blocked or otherwise fails, the output appears similar to this: Figure 164: Traceroute failing to reach the destination address Viewing switch configuration and operation In some troubleshooting scenarios, you may need to view the switch configuration to diagnose a problem.
Page 610 You can use your terminal emulator's text capture features to save the show tech data to a text file for viewing, printing, or sending to an associate to diagnose a problem. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 611 ® ® For example, if your terminal emulator is the Hyperterminal application available with Microsoft Windows software, you can copy the show tech output to a file and then use either Microsoft Word or Notepad to display the data. (In this case, Microsoft Word provides the data in an easier-to-read format.) The following example uses the Microsoft Windows terminal emulator.
Page 612 Following are examples of what portions of the running config file display depending on the option chosen. Pattern matching with include option switch(config)# show run | include ipv6 ipv6 enable ipv6 enable Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 613 ipv6 access-list "EH-01" switch(config)# Displays only lines that contain “ipv6”. Pattern matching with begin option switch(config)# show run | begin ipv6 ipv6 enable no untagged 21-24 exit vlan 20 name "VLAN20" untagged 21-24 ipv6 enable no ip address exit policy qos "michael" exit ipv6 access-list "EH-01"...
Page 614 • • Clear/Reset button combination NOTE: Hewlett Packard Enterprise recommends that you save your configuration to a TFTP server before resetting the switch to its factory-default configuration. You can also save your configuration via Xmodem to a directly connected PC.
Page 615 Syntax: erase startup-configuration Deletes the startup-config file in flash so that the switch will reboot with its factory-default configuration. NOTE: The erase startup-config command does not clear passwords unless include- credentials has been set, at which time this command does erase username/password information and any other credentials stored in the config file.
Page 616 Select Transfer|File in HyperTerminal. c. Enter the appropriate filename and path for the OS image. d. Select the Xmodem protocol (and not the 1k Xmodem protocol). e. Click on [Send]. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 617 If you are using HyperTerminal, you will see a screen similar to the following to indicate that the download is in progress: Figure 167: Example: of Xmodem download in progress When the download completes, the switch reboots from primary flash using the OS image you downloaded in the preceding steps, plus the most recent startup-config file.
Page 618 The domain name for an accessible domain in which there are hosts you want to reach with a DNS- compatible command. (This is the domain suffix in the fully qualified domain name for a given host Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 619 operating in the selected domain. See Basic operation on page 617.) Note that if a domain suffix is not configured, fully qualified domain names can be used to resolve DNS-compatible commands. d. The host names assigned to target IP addresses in the DNS server for the specified domain. 2.
Page 620 10.28.229.219. Configuring switch "A" in Example: network domain to support DNS resolution switch(config)# ip dns server-address 10.28.229.10 switch(config)# ip dns domain-name pbs.outdoors.com Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 621 Ping and traceroute execution for the network in Example: network domain switch(config)# ping docservr 10.28.229.219 is alive, time = 1 ms switch# traceroute docservr traceroute to 10.28.229.219 1 hop min, 30 hops max, 5 sec. timeout, 3 probes 1 10.28.192.2 1 ms 0 ms 0 ms...
Page 622 The DNS server address must be manually input. It is not automatically determined viaDHCP. Event Log messages Please see the Event Log Message Reference Guide for information about Event Log messages. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 623 Chapter 17 Job Scheduler Supported Platforms Aruba 3810M Switch Series (JL071A, JL072A, JL073A, JL074A, JL075A, JL076A) Aruba 5400Rzl2 Switch Series (J8698A, J8700A, J9823A-J9824A, J9825A, J9826A, J9868A, J9447A, J9448A) Aruba 5406R Switch Series (JL002A, JL003A, JL095A,J9850A) Aruba 5406zl Switch Series (J9821A, J9822A) ) Aruba 5412R Switch Series (J9851A, JL001A) Job Scheduler The Job Scheduler feature enables the user to schedule commands or jobs on the switch for one time or multiple...
Page 624 12:00 Yes sh time Every 2:14:30 days Yes vlan 3 Every 00:00:25 days 1 vlan 4 NOTE: Caution The scheduler does not run until the system time is set. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 625 Show job <Name> Syntax show job <JOB NAME> Description Show the job by name. Chapter 17 Job Scheduler...
Page 626 This restores the current configuration to the switch, without rebooting it. More information Switching to a new configuration on page 627 Rolling back to a stable configuration using job scheduler on page 628 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 627 Switching to a new configuration Procedure 1. Back up the configuration using cfg-backup running-config config <config_name> command. In the following example, the configuration name used is “stable”. cfg-backup running-config config stable 2. Check the backup configuration using show config files command. switch(config)# show config files Configuration files: id | act pri sec | name...
Page 628 Job Information Job Name : cfg_stable Runs At : Every 00:00:15 days:hours:minutes Config Save : No Repeat Count Job Status : Enabled Running Status : Active Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 629 Run Count Error Count Skip Count Command : cfg_rollback switch(config)# show cfg-restore status Status : Success Config File Name : stable Source : Flash Time Taken : 9 Seconds Last Run : Tue Nov 28 20:50:00 2017 Recovery Mode : Enabled Failure Reason Number of Add Commands : 27...
Page 630 {running-config | startup-config} config ASCII-STR Enter an ASCII string. show config files Syntax show config files Description Shows a list of configuration files available in the flash. Command context config Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 631 Examples switch# show config files Configuration files: id | act pri sec | name ---+-------------+--------- | config | add | modify | golden_config | poe2 To show the details of saved configuration files: switch(config)# show config files details Show details of saved configuration files. switch(config)#show config files details Backup Configuration files: File Name...
Page 632 IP address of the TFTP server. <FILE-NAME> Name of the backup configuration file to restore into the running configuration. diff Provides the list of changes that will be applied on the running configuration. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 633 force Forces a reboot if configuration in restored configuration requires a reboot. Applies the configuration with reboot if the configuration has reboot required commands or system-wide change commands. After a forced reboot, the name of the configuration changes. non-blocking Configuration restoration in non-blocking mode, where actual process happens in the background. recovery-mode Enables or disables recovery-mode.
Page 634 (y/n)? Current running-configuration will be replaced with 'golden_config'. Continue (y/n)? Configuration restore is in progress, configuration changes are temporarily disabled. Successfully applied configuration 'golden_config' to running configuration. Rebooting switch... Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 635 In the preceding output, Command : console terminal none shows that cfg-restore failed because a reboot is required. After the switch reboots and comes up, the golden_config becomes the active configuration. NOTE: In case of a switch reboot, the switch comes up with the configuration associated with the primary or secondary.
Page 636 "Aruba-2930F-24G-PoEP-4SFPP" module 1 type jl255a ip routing snmp-server community "public" unrestricted vlan 1 name "DEFAULT_VLAN" untagged 1-28 ip address dhcp-bootp exit vlan 10 name "VLAN10" no ip address Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 637 exit switch(config)# show config modify ; JL255A Configuration Editor; Created on release #WC.16.05.0000x ; Ver #12:08.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:ba hostname "Aruba-2930F-24G-PoEP-4SFPP" module 1 type jl255a ip default-gateway 172.20.0.1 ip routing snmp-server community "public" unrestricted vlan 1 name "DEFAULT_VLAN" untagged 1-28 ip address dhcp-bootp exit vlan 100 name "VLAN100"...
Page 638 : 2 Seconds Adding commands : 0 Seconds Removing commands : 0 Seconds Configuration delete list: vlan 2 name "VLAN2" no ip address exit vlan 3 name "VLAN3" no ip address Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 639 exit vlan 4 name "VLAN4" no ip address exit vlan 5 name "VLAN5" no ip address exit Successfully applied configuration 'config' to running configuration. cfg-restore config_bkp Syntax cfg-restore {tftp <ip-address> | sftp <ip-address>} config_bkp Description Downloads and restores a configuration from the TFTP or SFTP server, without rebooting the switch. NOTE: The commands from the restored configuration will be executed on the running configuration.
Page 640 | file2 NOTE: During a configuration restore with reboot, the association changes. To make the configuration as a default configuration for subsequent system reboots, use startup-default [<primary|secondary>] config FILENAME command. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 641 For startup-default config file1: switch(config)# show config files Configuration files: id | act pri sec | name --+-------------+--------- | config | file1 | file2 System reboot commands Following commands require a system reboot: • secure-mode standard • secure-mode enhanced • mesh id [0-9] •...
Page 642 • whether a flash file was used from SFTP or TFTP server • the total time taken to restore • the time when last restore was initiated Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 643 • whether a recovery-mode was enabled • the number of add and delete commands • reboot commands present (if any), and • the split time taken for each phase Examples switch(config)# show cfg-restore latest-diff Shows the difference between running and back-up configuration.
Page 644 ; Ver #12:08.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:ba hostname "Aruba-2930F-24G-PoEP-4SFPP" module 1 type jl255a 3. Execute the cfg-restore flash golden_config diff command to view the differences that will be applied. switch# cfg-restore flash golden_config diff Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 645 Configuration delete list: vlan 1 no untagged 11-13,15-18 untagged 3-10 exit vlan 100 untagged 11-13 exit vlan 300 name "VLAN300" untagged 15-18 no ip address exit Configuration add list: vlan 1 no untagged 3-10 untagged 11-13,15-18 exit vlan 100 untagged 3-5 exit vlan 200 name "VLAN200"...
Page 646 This hash is only valid for comparison to a baseline hash if the configuration has not been explicitly changed (such as with a CLI command) or implicitly changed (such as by the removal of a hardware module). Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 647 To display the hash calculated for the running configuration: switch(config)# show running-config hash The hash must be calculated. This may take several minutes. Continue (y/n)? y Calculating hash... Running configuration hash: 6d88 0880 98af e8a8 b564 15cd 368e 4269 9d61 4bfa This hash is only valid for comparison to a baseline hash if the configuration has not been explicitly changed (such as with a CLI command) or implicitly changed (such as by the...
Page 648 0000:01:39:56.65 CFG mCfgRestoreMgr:Command deleted = vlan 4 tagged 9. 0000:01:39:56.65 CFG mCfgRestoreMgr:cfg-restore iteration count = 2. 0000:01:39:59.38 CFG mCfgRestoreMgr:Successfully applied configuration 'backup_conif' to running configuration. ** Total debug messages = 22 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 649 Chapter 19 Virtual Switching Framework (VSF) Supported devices Code Switch Aruba 5400R Switch Series NOTE: VSF is supported only on V3 blades. Once VSF is enabled, the switch will reboot in V3-only mode. Overview of VSF Aruba Virtual Switching Framework (VSF) technology virtualizes two physical devices in the same layer into one Virtual Fabric which provides high availability and scalability.
Page 650 The Offline MM (MM2) of the old Commander boots to join the stack as the new Standby. MM2 of the new Standby is now Active and MM1 is Offline Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 651 VSF member ID VSF uses member IDs to uniquely identify and manage its members. The first part of the interface module number is the Member ID information, which identifies interfaces in a VSF fabric. The device that wins election and becomes Commander will keep its member ID while the other will automatically be assigned a different unassigned member ID from the pool and reboot.
Page 652 VSF link is not allowed since it would result in a stack split. Using a port reserved for internal use as a VSF Cannot use stolen/reserved ports as VSF ports. port. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 653 Physical VSF ports VSF ports connect VSF member devices and must be assembled using a VSF link. These VSF ports forward VSF protocol packets and data traffic. VSF domain ID VSF uses VSF domain IDs to uniquely identify VSF fabrics and prevent VSF fabrics from interfering with one another.
Page 654 NOTE: Changing the priority does not affect the commander immediately. It is only used at the next election, which will be at the next stack reboot Interface naming conventions An interface is named in the following format: Interface name <MEMBER-ID>/<interface-module><port-index> Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 655 Example 1/A1, 2/L24 Parameters <MEMBER-ID> VSF member ID of the switch. The VSF member ID always takes effect, whether or not the device has formed a VSF fabric with other devices. If the device is alone, the device is considered to be a standalone VSF fabric. This argument defaults to 1.
Page 656 Enter the single slot identifier. copy crash-files Syntax copy crash-files vsf member <MEMBER-ID> [<SLOT-ID-RANGE> | mm-active sftp | tftp | usb | xmodem] <HOST-NAME-STR> | <IP-ADDR> | <IPV6-ADDR> <FILENAME-STR> Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 657 Description Copy the switch crash files from the specific VSF member Parameters <MEMBER-ID> The VSF member-ID for the member command or parameter. Member ID value can be in the range from 1 to <SLOT-ID-RANGE> Enter single slot identifier. mm-active Copy active management module crash files. Usage Switch(config)# copy crash-files vsf member Switch(config)# copy crash-files vsf member 1...
Page 658 Threshold level in the range from 1 to 99. Usage power-over-ethernet vsf member <MEMBER-ID> redundancy [n+1 | full] [no] power-over-ethernet vsf member <MEMBER-ID> redundancy [n+1 | full] power-over-ethernet vsf member <MEMBER-ID> slot <SLOT-ID-RANGE> threshold <THRESHOLD-LEVEL> Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 659 redundancy switchover Redundancy configuration for management modules. Syntax redundancy switchover Description The command causes the VSF Commander switch to immediately switch over to the standby switch. snmp-server enable traps vsf Syntax [no] snmp-server enable traps vsf Description Enable traps for the VSF functionality. Validation rules Validation Error/Warning/Prompt...
Page 660 The VSF member-ID for the member command or parameter. Member ID value can be in the range from 1 to Restriction This command will not be available until VSF is enabled. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 661 vsf member remove This command removes the entire configuration for a specified member. After issuing the command, the specified member-ID is available for re-use and may be provisioned or assigned to another device. If the member physically exists, its configuration will be erased. It will then be powered down by default. Syntax vsf member <MEMBER-ID>...
Page 662 Shutting down this VSF virtual chassis member is not allowed since it would result in a VSF virtual chassis split. If VSF not enabled, this command is not allowed. VSF is not enabled. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 663 vsf member priority Syntax [no] vsf member <MEMBER-ID> priority <PRIORITY> Description Assign a priority to the specified VSF virtual chassis member. The higher the priority, the more likely that the virtual chassis member will become the commander at the next virtual chassis reboot. The default priority value is 128.
Page 664 3464a9-b24300 J9850A Switch 5406Rzl2 255 Commander 288023-98ae00 J9850A Switch 5406Rzl2 100 Standby Switch(config)# show vsf detail VSF Domain ID : 44444 MAC Address : 3464a9-b2533f VSF Topology : Chain Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 665 VSF Status : Active Uptime : 32d 4h 28m VSF Oobm-MAD : Enabled VSF Lldp-MAD : Disabled Software Version : KB.16.01.0004 Name : VSF-Switch Contact Location Member ID MAC Address : 3464a9-b2533f Type : J9850A Model : J9850A Switch 5406Rzl2 Priority : 255 Status...
Page 666 Switch# show vsf member 1 Member ID MAC Address : a01d48-8f6700 Type : J9850A Model : J9850A Switch 5406Rzl2 Priority : 128 Status : Standby ROM Version : KB.16.01.0005 Serial Number : SG4ZG95321 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 667 Uptime : 21d 19h 5m CPU Utilization : 2% Memory - Total : 698,957,824 bytes Free : 528,240,524 bytes VSF Links - #1 : Active, Peer member 2 show vsf member 2 Switch# show vsf member 2 Member ID Mac Address : 288023-98ae00 Type : J9850A...
Page 668 Syntax show system chassislocate [vsf member <MEMBER-ID>] Description Show locator LED information. If VSF is enabled, this shows locator LED information for all the VSF members. Parameters Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 669 <MEMBER-ID> The VSF member-ID for the member command or parameter. Member ID value can be in the range from 1 to show system chassislocate Switch# show system chassislocate Locator LED Status Current Time Member State Remaining Configuration ------ ------- --------- ------------- blink 00:29:10...
Page 670 | Fan OK Sys-2 | Fan OK Sys-3 | Fan OK Sys-4 | Fan OK 0 / 4 Fans in Failure state 0 / 4 Fans have been in Failure state Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 671 VSF-Member | State | Failures -------+-------------+---------- Sys-1 | Fan OK Sys-2 | Fan OK Sys-3 | Fan OK Sys-4 | Fan OK 0 / 4 Fans in Failure state 0 / 4 Fans have been in Failure state show system fans vsf member 1 show system fans VSF member 1 Fan Information VSF-Member...
Page 672 <SLOT-LIST> refresh <COUNT> show cpu process slot all Switch# show cpu process slot all VSF slot 1/A: ------------- Process tracker state: ACTIVE Process tracking time: 30 seconds Total Time Since Times Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 673 Process Name Priority Time Last Ran Time ----------------+----------+------+-----+-----------+-------+------- Hardware Mgmt-3 234 ms 35 ms System Services-2 55 ms 50 ms Idle-3 12 s 731 us 245918 193 us Idle-1 25 s 770 us 123627 319 us Idle-0 459 us 122921 170 us VSF slot 2/F: -------------...
Page 674 J9991A 20p PoE+ / 4p 1/2.5/5/XGT... SG5ZGPH190 Switch# show modules details vsf member 2 Status and Counters - Module Information Chassis: 5406Rzl2 J9850A Serial Number: SG4BG491BL Allow V2 Modules: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 675 Core Slot Module Description Serial Number Status Dump ----- -------------------------------------- -------------- -------- ----- --- 2/MM1 J9827A Management Module 5400Rzl2 SG45G4C0VZ Active Core Slot Module Description Serial Number Status Dump ----- -------------------------------------- -------------- -------- ----- --- J9992A 20p PoE+ / 1p 40GbE QSFP+... H123456789 Core Slot...
Page 676 Celsius. Command context manager and operator Parameters detailed Shows detailed switch power supply sensor information. fahrenheit Shows detailed switch power supply sensor information with temperatures in degrees Fahrenheit. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 677 Usage • The show system power-supply detailed command shows detailed information for the local power supplies only. • The show system power-supply detailed command shows detailed information for power supplies in the powered state only. Examples Use of the command show system power-supply shows the power supply status for all active switches. Switch# show system power-supply Power Supply Status: Model...
Page 678 Use of the command show system power-supply detailed shows the power supply status all active switches including a nonpowered J9830A PSU. switch# show system power-supply detailed Status and Counters - Power Supply Detailed Information Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 679 PS# Model Serial State Status --- ------- ----------- ------------ ------------------------------------- J9828A IN30G4D009 Powered AC Power Consumption : 44 Watts AC MAIN Voltage : 209 Volts Power Supplied : 31 Watts Power Capacity : 700 Watts Inlet Temp (C/F) : 27.0C/80.6F Internal Temp (C/F) : 30.5C/86.0F Fan 1 Speed...
Page 680 This command is used to configure the IPV4 address for the VSF OOBM. Parameters <MEMBER-ID> The VSF member-ID for the member command or parameter. Member ID value can be in the range from 1 to Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 681 <IP-ADDR>/<MASK-LENGTH> Interface IP address/mask. oobm vsf member <MEMBER-ID> ip default-gateway IP-ADDR Specify the default gateway using this form of the command. Configure the IPv4 default gateway address, which will be used when routing is not enabled on the switch. The <IP-ADDR> must be specified if the command is not preceded by [no].
Page 682 Interface VSF-member | IP Config IP Address/Prefix Length Status Status ---------- + --------- ------------------------- -------- --------- Global | dhcp 120.93.49.9/24 Active | dhcp 120.93.49.9/24 Active | disabled Inactive Down Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 683 show oobm ip vsf member 1 Switch# show oobm ip vsf member 1 IPv4 Status : Enabled IPv4 Default Gateway : 15.212.178.1 Address Interface VSF-member | IP Config IP Address/Prefix Length Status Status ---------- + --------- ------------------------- -------- --------- | dhcp 15.212.178.244/24 Active show oobm ip vsf member 1,2...
Page 684 VSF links to the other member only when local links of a trunk are down. show vsf trunk designated forwarder Switch(config)# show vsf trunk-designated-forwarder Trunk Designated Forwarders NAME TYPE Member ----- ----- ------ Trk1 Trk2 LACP Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 685 Trk3 Trk10 TRK Validation rules Validation Error/Warning/Prompt Downloading a non-VSF config on a VSF The configuration file for this VSF device is switch or downloading an invalid VSF- incorrect. config for a current VSF must be blocked. Upon enabling VSF, the hostname of the 5406R-VSF virtual chassis would change to a different string than it is when VSF is disabled.
Page 686 The SNMP community string for the MAD (Multi-Active Detection) device. Usage Switch(config)# vsf lldp-mad ipv4 Switch(config)# vsf lldp-mad ipv4 <IPv4_ADDR> Switch(config)# vsf lldp-mad ipv4 <MAD-IP-ADDRESS> v2c Switch(config)# vsf lldp-mad ipv4 210.10.0.12 v2c <COMMUNITY-STR> Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 687 Validation rules Validation Error/Warning/Prompt This command cannot be executed if VSF is not VSF is not enabled. enabled. Cannot configure VSF LLDP MAD IP address because the specified IP address is a multicast IP address. Cannot configure VSF LLDP MAD IP address because the specified IP address is a link-local IP address.
Page 688 Rebooting the entire stack for all members to boot with the newly upgraded SW image. The down-time of links is longer because when the whole stack reboots, all IMs, on all members, are down during the time of reboot and stack formation. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 689 NOTE: FSU is supported only on two member VSF stacks based on 5400R devices. Upgrading the VSF stack software Upgrading the software on a VSF stack consists of two basic steps: Procedure 1. Copy the new software image into primary or secondary bank in flash. 2.
Page 690 Software image synchronization to the VSF standby is and if sequenced-reboot command is executed, the in progress; try to execute the command later. command will fail with an error message. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 691 Chapter 20 Simplifying Wireless and IoT Deployments Overview To simplify the deployment of mobility and IoT devices, Aruba switches have a mechanism to automatically detect devices based on their LLDP signatures and apply configuration to the port to which they are connected. This reduces the time needed to add, move, or change devices on the network and also eliminates potential misconfigurations on the port.
Page 692 The ingress maximum bandwidth for the device port. egress-bandwidth The egress maximum bandwidth for the device port. poe-priority The PoE priority for the device port. speed-duplex The speed and duplex for the device port. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 693 poe-max-power The maximum PoE power for the device port. The value is set based on PD Class detection and/or LLDP negotiation. poe-max-power will have class appropriate value depending on the class of your AP. (Example: class4 = 25.5W, class 3=13W, class2=6.49W, class1=3.84W, class0=13W) Options Removes the user-defined profiles.
Page 694 Show device profile configuration and status. config Show the device profile configuration details for a single, or all, profiles. status Show currently applied device profiles. Usage show device-profile config <PROFILE-NAME> show device-profile status Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 695 show device-profile config Switch# Show device-profile config Device Profile Configuration Configuration for device-profile : default-ap-profile untagged-vlan tagged-vlan : None ingress-bandwidth : 100% egress-bandwidth : 100% : None speed-duplex : auto poe-max-power : Class/LLDP poe-priority : critical allow-jumbo-frames : Disabled allow-tunneled-node: Enabled show device-profile config profile1 Switch(device-profile)# show device-p config test Device Profile Configuration...
Page 696 Configuration for device-profile : default-aos-profile untagged-vlan tagged-vlan : None ingress-bandwidth : 100% egress-bandwidth : 100% : None speed-duplex : auto poe-max-power : Class/LLDP poe-priority : critical allow-jumbo-frames : Disabled allow-tunneled-node: Enabled Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 697 Configuration for device-profile : default-scs-profile untagged-vlan tagged-vlan : None ingress-bandwidth : 100% egress-bandwidth : 100% : None speed-duplex : auto poe-max-power : Class/LLDP poe-priority : critical allow-jumbo-frames : Disabled allow-tunneled-node: Enabled Configuration for device-profile : default-device-profile untagged-vlan tagged-vlan : None ingress-bandwidth : 100% egress-bandwidth...
Page 698 The default OUI "000000" indicates that device-identity will not use LLDP to identify device: switch(config)# device-identity name <DEVICE-NAME> lldp oui <MAC_OUI> sub-type <SUBTYPE> To add new device on switch: switch(config)# device-identity name abc lldp oui a1b2c3 sub 2 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 699 To remove device from switch: switch(config)# no device-identity name abc 3. Show device identity configuration: switch(config)# show device-identity lldp Device Identity Configuration Index Device name Subtype ------ ---------------------- ---------- ------- a1b2c3 NOTE: The maximum devices that can be configured using device-identity are 16. The maximum devices that can be associated using device-profile are 19.
Page 700 <DEVICE_NAME> lldp oui <OUI> subtype <SUBTYPE>. Example device-p device-type avayaPhone associate avaya NOTE: The device types supported are aruba-ap and arubaos-switch. show device-profile config Syntax show device-profile config Description Shows the device profile configuration. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 701 Command context config Examples Use the command show device-profile config to display the device profile configuration. switch(device-profile)# show device-p con avaya Device Profile Configuration Configuration for device-profile : avaya untagged-vlan tagged-vlan : None ingress-bandwidth : 100% egress-bandwidth : 100% : None speed-duplex : auto poe-max-power...
Page 702 Rogue AP Action : Block Rogue MAC Address Neighbour MAC Address ----------------- --------------------- 3. Change the action type from block to log: switch# rogue-ap-isolation action log switch# show rogue-ap-isolation Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 703 Rogue AP Isolation Rogue AP Status : Enabled Rogue AP Action : Log Rogue MAC Address Neighbour MAC Address ----------------- --------------------- 4. List the current whitelist entries: switch# show rogue-ap-isolation whitelist Rogue AP Whitelist Configuration Rogue AP MAC ------------------ 5. Add a new whitelist entry: switch# rogue-ap-isolation whitelist 005056-00326a switch# show rogue-ap-isolation whitelist Rogue AP Whitelist Configuration...
Page 704 Clears all MAC addresses from the rogue AP list. Restrictions The MAC addresses cleared using this option will be added back to the rogue list under the following cases: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 705 1. The LLDP administrator status of the port on which the AP that reported the MAC is disabled and enabled back. 2. The data that is in the rogue AP TLV sent from the AP that informed the rogue MAC has changed. 3.
Page 706 Only one device type is supported, aruba-ap, and it is used to identify all the Aruba APs. • You can modify the configuration parameters of the default profile, default-ap-profile, but you cannot delete it or change its name. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 707 • If the port was part of any protocol VLANs prior to the device profile application, those VLANs will not be removed while applying the device profile. • Enabling jumbo frame support in a profile affects other ports with different profiles. When a profile has jumbo frames enabled and is applied to any port, all other ports that are members of any VLAN listed in the profile will also have jumbo frame support.
Page 708 The show run command displays one of the following values for untagged-vlan: • no untagged-vlan • untagged-vlan : None Cause The no device-profile or the no rogue-ap-isolation whitelist command is executed to configure untagged-vlan to 0. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 709 Action No action is required. Show commands Use the following show commands to view the various configurations and status. Command Description show device-profile Shows the device profile configuration and status. show device-profile config Shows the device profile configuration details for a single profile or all profiles.
Page 710 TCP Connect, including connectivity testing of transport layer (TCP) services, and handshake time measurement. • DHCP, which measures the round-trip time taken to discover a DHCP Server and obtain a leased IP address from it. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 711 • DNS, which measures the time taken for a DNS resolution. This measures the difference between the time taken to send a request to the DNS server and the time the IP SLA source receives a reply. • User Datagram Protocol (UDP) Jitter, which measures RTT, one way jitter and one way delays. •...
Page 712 Configure the IP Service Level Agreement (SLA) parameters. The value of ID can range from 1-255. Options clear Clear history records, message statistics, and threshold counters of particular SLA entry. dhcp Configure DHCP as the IP SLA test mechanism. disable Disable the IP SLA. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 713 Configure DNS as the IP SLA test mechanism. enable Enable the IP SLA. history-size Configure the number of history records to be stored for the IP SLA. icmp-echo Configure ICMP echo as the IP SLA test mechanism. monitor Configure monitoring parameters and respective threshold-action values. schedule Configure the start time, stop time, lifetime, and frequency of run for the IP SLA.
Page 714 [no] ip-sla <ID> monitor threshold-config [rtt | srcTodstTime | dstToSrcTime] threshold-type [immediate | consecutive <COUNT>] threshold-value <UPPER-LIMIT> <LOWER-LIMIT> action-type [trap | log | trap-log | none] Description Set upper and lower threshold parameters. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 715 • threshold-type immediate: Take action immediately when the monitored parameters cross the threshold upper limit (subsequent notifications for upper thresholds are not generated until the parameter values go lower than the configured lower threshold value). • threshold-type consecutive: Take action after threshold is hit consecutively for number of times. •...
Page 716 Num-of-packets: Number of packets sent in one probe. Default is 10. Allowed range: 10-1000. • Packet-interval: Inter packet gap in milliseconds.Time between consecutive packets within a probe. Default is 20ms. Allowed range: 10-60000 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 717 [no] ip-sla <ID> udp-jitter-voip Syntax [no] ip-sla <ID> udp-jitter-voip destination [<IP-ADDR> | <HOST-NAME>] <PORT-NUM> source [<IP-ADDR> | <VLAN-ID>] [codec-type <CODEC-TYPE> advantage-factor <ADV- FACTOR>] Description Configures the UDP Jitter for VoIP test. • Codec-type: Codec to be used to encode the test VoIP packets. Available codecs: g711a, g711u, g729a. Default is g711a.
Page 718 Show the IP SLA message statistics. show ip-sla <ID> message-statistics SLA ID : 1 Status : Running SLA Type : UDP-Echo Destination Address : 10.0.0.2 Source Address : 10.0.0.1 Destination Port : 2000 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 719 History Bucket Size : 25 Payload Size : 500 TOS : 0 Messages: Destination Address Unreachable : 0 Probes Skipped Awaiting DNS Resolution : 0 DNS Resolution Failed : 0 No Route to Target : 0 Internal Error : 0 Local Interface is Down : 0 No Response from Target : 0 Successful Probes Sent : 3...
Page 720 : 38 Negative DS Sum : 52 Negative SD Average : 10 Negative DS Average : 10 Negative SD Square Sum : 460 Negative DS Square Sum : 754 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 721 One-way Results: Max SD Delay : 15 Max DS Delay : 16 Min SD Delay Min DS Delay Number of SD Delays : 10 Number of DS Delay : 10 Sum of SD Delays : 78 Sum of DS Delays : 85 Square Sum of SD Delays: 666 Square Sum of DS Delays...
Page 722 Next Scheduled Run Time : Mon Jun 13 10:46:52 2016 Threshold-Monitor is : Enabled Threshold Config : RTT Threshold Type : Immediate Upper Threshold : 10 Lower Threshold Action Type : Log Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 723 SLA ID: 1 Status: Running SLA mechanism: ICMP-Echo Destination address: 192.168.1.2 Source address: 192.168.1.1 History bucket size: 25 Payload size: 0 TOS: 0 Messages: Destination address unreachable Probes skipped awaiting DNS resolution : 0 DNS resolution failed No route to target Internal error Local interface is down No response from target...
Page 724 Configure the SLA type with a source IP which Destination IP cannot be configured as the same as one of the is configured in the same switch. local interface IP addresses. Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 725 Validation Error/Warning/Prompt Configure threshold with invalid value. Invalid threshold count value. For threshold type 'Immediate', count must be 1 and for 'Consecutive', count must be greater than or equals to 2. Configure threshold value for 'PacketLoss' or Configuration is not applicable when threshold is configured 'TestCompletion' for 'PacketLoss' or 'TestCompletion'.
Page 726 Configure UDP Jitter/VoIP IPSLA Initiator Cannot enable IP SLA: The source VLAN cannot be a service session with a source IP same as a service tunnel endpoint. tunnel endpoint. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 727 Event log messages Cause Event Message User adds IP SLA endpoint configuration. I 10/28/15 02:47:12 05020 ipsla: The IP SLA 1 of SLA Type: UDP-Echo, Source IPv4 Address: 10.0.0.1, Destination IPv4 Address: 10.0.0.5, Destination Port: 54563 added. User removes the endpoint configuration. I 10/28/15 02:47:12 05021 ipsla: The IP SLA 1 of SLA Type: UDP-Echo, Source IPv4 Address: 10.0.0.1, Destination IPv4 Address: 10.0.0.5,...
Page 728 Parameters like RTT, Jitter and one way delay are a good indicator of network health which assist a network administrator to diagnose latency related issues in the network. VoIP traffic is generally sensitive to delays in the network. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 729 Jitter stands for inter-packet delay variance. If the inter-packet delay increases between successive probe packets, jitter is said to be positive. If the inter-packet delay decreases, jitter is said to be negative. Positive jitter values are undesirable for a network as they indicate increased latencies. A value of 0 jitter is desirable. Significance of jitter Consider a media player which plays video streams from a server.
Page 730 This requires the Initiator and the Responder to be time synchronized with the same clock server. This is explained in the illustration below: Round trip time RTT is measured at the initiator on a per packet basis and is as illustrated below: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 731 Chapter 21 IP Service Level Agreement...
Page 732 Port-Based Tunneling. Tunneling is enabled in the Aruba user role and can be combined with the Downloadable User Role (DUR) feature for dynamic and flexible policy enforcement and segmentation. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 733 NOTE: Maximum supported user tunnels per switch or stack: 1024 Maximum supported user tunnels per port: 32 Benefits of Dynamic Segmentation The benefits of dynamic segmentation are: • Colorless ports / client flexibility • Client isolation • Same policy for wired or wireless clients •...
Page 734 The Dynamic Segmentation feature supports segmenting wired guest traffic on the network. This is achieved by creating the secondary role as a guest role on the Aruba Mobility Controller and assigning a specific guest VLAN. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 735 Access and firewall policy is then implemented on the controller to isolate guest access to the rest of the campus network. Figure 178: Wired Guest Traffic Segmentation ClearPass Policy Manager RADIUS/Local Mac Authentication Primary Mobility Controller Back Back Back Back LED Mode LED Mode Reset Clear Status Console...
Page 736 An ArubaOS-switch can be configured with a main and a backup tunnel termination controller called “tunneled-node server”. • Port-Based Tunneling does not support HA and load balancing over an Aruba Mobility Controller Cluster compared to User-Based Tunneling. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 737 Configuring Port-Based Tunneling Jumbo frames must be enabled on all devices between the access switch and the controller to support the L2 GRE tunnels. Follow the steps below to configure port-based tunneling: Prerequisites It is recommended to create a specific VLAN for tunneled node operation. The VLAN: •...
Page 738 The controller cluster cannot have mix of IPv4 and IPv6 nodes. • IPv6 addresses are not allowed for both Primary and Backup controllers when in Port-Based Tunnels. Interaction table Features enabled with tunneled node: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 739 Feature Mirrors (MAC, VLAN, port) PVST/RPVST/STP DLDP UDLD LLDP/CDP GVRP/MVRP LACP Uplink Failure Detection sFlow Loop protect Smartlink Global QoS (VLAN, port, rate limit) MAC lockout/lockdown ACL/Classifiers (ingress/egress) IGMP/MLD Broadcast-limit Energy Efficient Ethernet Flow Control • poe-allocate-by • poe-lldp-detect Rogue MAC detection LLDP auto provisioning Restrictions •...
Page 740 When an Aruba Access Point (AP) is connected to a port on which Port-Based Tunneling is configured, there are two tunnels from that port to the Controller - one for the AP and another for the tunneled node. To improve Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 741 performance of APs connected to tunneled node ports, the following configuration parameter under the device profile feature prevents double tunneling. The parameter decides whether to allow or not, a tunneled node to be configured on the port on which the device- profile is applied.
Page 742 "ram" exit device-profile name "test" no allow-tunneled-node exit device-profile type “scs-wan-cpe” associate "ram" enable exit device-profile type-device "cpe" associate "ram" enable exit device-profile type-device "phone" associate "default-device-profile" exit Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 743 show device-profile config Syntax show device-profile config Description Displays device profile configuration. Command context config Usage To verify whether tunneled-node is allowed (when “test” is device-profile name): switch(device-profile)# show device-profile config test To verify the output when tunneled-node is disabled: switch(device-profile)# no allow-tunneled-node switch(device-profile)# show device-profile config test Example...
Page 744 The flowchart below depicts user authentication workflow for User-Based Tunneling: 1. Authenticate user 2. Apply user role to authenticated user 3. Redirect user traffic to controller 4. Apply secondary user role to user traffic on controller Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 745 User Connects Authenticate User User Specify Secondary Apply Intial Role Authenticated? Role Redirect Switch Apply User Role Traffic to Traffic Locally Controller Apply Secondary Role to Controller Traffic Switch Traffic to Destination How it works The functionality of User-Based Tunneling starts with the tunneled-node server information being discovered on the Aruba switch.
Page 746 RF Protect Licenses 2048 PEF Licenses 2048 MM Licenses 2048 Controller License True Overall AP License Limit 2048 AP Usage -------- Type Count ---- ----- Active CAPs Active RAPs Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 747 Supported Deployments • Standalone controller • Clustered controller Switch Platform and Firmware Support • Aruba 3810 Switch Series • Aruba 2930F Switch Series and Aruba 2930M Switch Series • Aruba 5400R Switch Series (v3 blades only) • ArubaOS-Switch 16.04 or later...
Page 748 • Controller segregates tunneled client traffic based on assigned secondary role and unicasts the multicast/ broadcast traffic to individual clients through UAC tunnel. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 749 • SAC multicast tunnels are no longer used in reserved VLAN mode. • The reserved VLAN configuration on the controller is optional. • The default VLAN cannot be configured as a reserved VLAN. • Migration from Port-Based Tunneling to User-Based Tunneling requires a disable and then, a re-enable of tunneling.
Page 750 Controller. With the Reserved VLAN mode introduced in 16.08, this is not required. class ipv4 "testclass" 10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 20 match tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 exit policy user "testpolicy" 10 class ipv4 "testclass" action permit Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 751 exit aaa authorization user-role name "testrole" policy "testpolicy" vlan-id 100 tunneled-node-server-redirect secondary-role "authenticated" exit NOTE: When the reserved-vlan option is used, the applied VLAN ID under the user-role "testrole" will not be considered. This is because the traffic will be redirected to the controller using reserved-vlan, and not the one configured on the switch.
Page 752 Configure VLAN to be created and reserved for tunneled-node clients. switch(tunneled-node-server)# mode role-based reserved-vlan <VLAN-ID> show tunneled-node-server output: switch(config)# show tunneled-node-server Tunneled Node Server Information State : Enabled Primary Controller : 10.0.0.1 Backup Controller Keepalive Interval (seconds) Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 753 Mode : Role-based Vlan-Mode : no-vlan/vlan-extend Reserved-VLAN : reserved-VID/0 switch(config)# show vlan <reserved-vid> VLAN ID Name | Status | Voice | Jumbo -------------------------------------------------------------------- <VID> PUTN-ReservedVLAN | Port-based | No | No Show commands show user-role Syntax show user-role <role-name> Description Displays the user role information for the specified user role name.
Page 754 Specifies tunneled-node-server information, node-list, and the bucket map information. statistics <controller> Specifies the data plane statistics with respect to a controller for each port. state <controller> Specifies the data plane state with respect to a controller. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 755 Example switch(config)# show tunneled-node-server Tunneled Node Server Information State : Enabled Primary Controller : 10.10.10.148 Backup Controller : 10.10.10.149 Keepalive Interval (seconds) : 1 Mode : Role-based Vlan-Mode : vlan-extend-disable Reserved-Vlan : 1111 switch# show tunneled-node-server state Local Master Server (LMS) State LMS Type IP Address State...
Page 756 When the controller is a cluster: switch$ show tunneled-node-server information SAC Information SAC : 10.10.10.147 Standby-SAC : 10.10.10.146 UAC List Information Cluster Name : 3NodeProfile Cluster Status : Enabled Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 757 [0] :: 10.10.10.147 10.10.10.146 0.0.0.0 0.0.0.0 [4] :: 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 [8] :: 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Bucket Map Information Bucket Name : TUNNELED_NODE_ESSID Bucket Map Active : [0 .. 255] 0] :: (0, 1, 1) (1, 0, 1) (0, 1, 1) (1, 0, 1) (0, 1, 1) (1, 0, 1) 6] :: (0, 1, 1) (1, 0, 1) (0, 1, 1) (1, 0, 1) (0, 1, 1) (1, 0, 1) [ 12] :: (0, 1, 1) (1, 0, 1) (0, 1, 1) (1, 0, 1) (0, 1, 1) (1, 0, 1) [ 18] :: (0, 1, 1) (1, 0, 1) (0, 1, 1) (1, 0, 1) (0, 1, 1) (1, 0, 1)
Page 758 Show the detailed port-access clients for port 1/7. switch# show port-access clients detailed 1/7 Port Access Client Status Detail Client Base Details : Port : 1/7 Authentication Type : mac-based Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 759 Client Status : authenticated Session Time : 18972 seconds Client Name : 2c41387f35b9 Session Timeout : 0 seconds MAC Address : 2c4138-7f35b9 : n/a Downloaded user roles are preceded by * User Role Information Name : Voice_HPE Type Reauthentication Period (seconds) : 0 Untagged VLAN : 171 Tagged VLANs...
Page 760 ClearPass to dynamically send policies to both the switch and controller using Downloadable User Roles along with User-Based Tunneling. • There are two roles required when using Downloadable User Roles with User-Based Tunneling: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 761 Primary user role: Configured on switch Secondary user role: Configured on controller • Both primary and secondary role can be either statically configured or downloaded from the ClearPass. NOTE: This feature is only available for: • ClearPass 6.7.0 onward • Aruba Controller Version 8.3.0 onward ◦...
Page 762 Aruba controller, see the Aruba Networks Controller Configuration Manual. PAPI configurable secret key To support enhanced PAPI security, a command is available to configure a MD5 secret key. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 763 papi-security Syntax switch(config)# papi-security Description Configure MD5 key for enhanced PAPI security. Parameters enhanced-security The enhanced-security CLI must be enabled in Aruba controller for the connection to be truly secured. <KEY-STR> Configure MD5 key for enhanced PAPI security using a key-string parameter. <KEY-VALUE>...
Page 764 Heartbeat is over a GRE tunnel with a specific GRE key (0xDEED). This is initiated with SAC and s-SAC immediately after a switch bootstrap is complete. What happens when heartbeat to SAC fails? Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 765 A heartbeat failure triggers the switch to: • Remove users anchored to the SAC. • Fail over to the s-SAC (Example: s-SAC now becomes the new SAC). What happens when the keepalive to a UAC fails? The users anchored to the UAC are removed and a message is logged to the same effect in the event log. Why should jumbo frames be enabled at the switch? Jumbo frames have to be enabled at the controller uplink VLAN as well as the client VLAN.
Page 766 A packet trace of traffic sent from and received at the switch uplink to the controller can also be useful, GRE encapsulated packets are what will be of interest. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 767 Chapter 23 Cable Diagnostics The Time Domain Reflectometry (TDR) or Cable Diagnostics is a new port feature supported on Aruba 3810M switches and Aruba 5400R v3 blades. TDR is introduced to detect cable faults on 100BASE-TX and 1000BASE-T ports. Supported Platforms Aruba 2930F switches Aruba 3810M switches Aruba 5400R v3 blades (J9986A, J9987A, J9989A, J9990A, J9991A [applicable only for ports 1–20, rest of the...
Page 768 This command will cause a loss of link on all tested ports and will take several seconds per port to complete. Use the 'show cable-diagnostics' command to view the results. Continue (y/n)? Y switch# show cable-diagnostics 51 Cable Diagnostic Status - Transceiver Ports Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 769 Cable Distance Pair Pair Port Pair Status to Fault Skew Polarity Mode ---- ------ --------- -------- ----- ------- ----- 8 ns Normal 8 ns Normal 8 ns Normal MDIX 0 ns Normal switch# test cable-diagnostics 52 This command will cause a loss of link on all tested ports and will take several seconds per port to complete.
Page 770 TDR has the following limitations: • TDR length accuracy is ± 5 m • Does not work on Smart Rate Interfaces with 10GBASE-T and NGBASE-T (2.5G, 5G copper) ports available ◦ v3 blades Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 771 – J9991A — Aruba 20-port 10/100/1000BASE-T PoE+ / 4-port 1/2.5/5/10GBASE-T PoE+ MACsec v3 zl2 Module – J9995A — Aruba 8-port 1/2.5/5/10GBASE-T PoE+ MACsec v3 zl2 Module ◦ 3810M (JL076A — Aruba 3810M 40G 8 HPE Smart Rate PoE+ 1-slot Switch) •...
Page 772 IP client tracker can be used to keep these clients in the network. The customer must always configure the ip arp-age value to less than the configured logoff period, to avoid being de- authenticated due to inactivity. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 773 • When the ip client-tracker command is executed more than once, it takes the last command's behavior. For example when the command ip client-tracker trusted is run after the command ip client- tracker, the behavior will follow the last command, ip client-tracker trusted. ◦...
Page 774 15 exit Configures the delay in the client tracking for 250 seconds. switch# ip client-tracker probe-delay 250 switch# show run ip client-tracker ip client-tracker probe-delay 250 exit Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 775 Chapter 25 Network Out-of-Band Management (OOBM) OOBM concepts Management communications with a managed switch can be: • In band—through the networked data ports of the switch • Out of band—through a dedicated management port (or ports) separate from the data ports Out-of-band ports have typically been serial console ports using DB-9 or specially wired 8-pin modular (RJ-style) connectors.
Page 776 This allows network administrators to manage the switches even if operation on the data network is disrupted. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 777 In Figure 179: Network OOBM in a data center on page 777, the switches face the hot aisle of the data center, allowing easy connection to the network ports on the backs of the servers. Figure 179: Network OOBM in a data center For even more control, the serial console ports of the switches can be connected to the management network through a serial console server (essentially, a networked serial switch), allowing the network administrators to view the CLI activity of each switch at boot time and to control the switches through the console ports (as well as...
Page 778 The OOBM port operates at 10 Mbps or 100 Mbps, half or full duplex. These can be set explicitly or they can be automatically negotiated using the auto setting. From the OOBM context: Syntax interface speed-duplex [10-half | 10-full | 100-half | 100-full | auto] From the general configuration context: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 779 Syntax oobm interface speed-duplex [10-half | 10-full | 100-half | 100-full | auto] Enables or disables the networked OOBM interface (port.) Available settings are: 10-half 10 Mbps, half-duplex 10-full 10-Mbps, full-duplex 100-half 100-Mbps, half-duplex 100-full 100-Mbps, full-duplex auto auto negotiate for speed and duplex Example Switch (oobm)# interface speed-duplex auto Configuring an OOBM IPv4 address...
Page 780 <MEMBER-ID> ipv6 default-gateway Description Configures the IPv6 default gateway address for an OOBM member using their unique identifier and the IPv6 address of the default gateway. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 781 When no proceeds the command, the default gateway address is deleted. Command context config Parameters <MEMBER-ID> Specifies the unique member-id which allows the OOBM device access to the IPv6 default-gateway. <IPV6-ADDR> Specifies the IPv6 address of the default gateway for a member OOBM interface. Example Configuring and deleting the OOBM member from a specific IPv6 gateway.
Page 782 Summarizes the IP configuration of the OOBM interface. This command displays the status of IPv4 (enabled/ disabled), the IPv4 default gateway, and the IPv4 address configured for the interface. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 783 You can issue this command from any context. Example Switch# show oobm ip Showing OOBM ARP information Syntax show oobm arp Summarizes the ARP table entries for the OOBM interface. You can issue this command from any context. Example Switch# show oobm arp show oobm ipv6 Syntax show oobm ipv6...
Page 784 Internet (IPv6) Service for OOBM Interface IPv6 Status : Enabled IPv6 Default Gateway : 1000::1 Address Intf Member IP Config IP Address/Prefix Length Status Status ------ ---------- ------------------------------------------- --------- ------ manual 1000::2/64 Active Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 785 show oobm ip detail (for stacked switches) Syntax show oobm ip detail Description Shows the OOBM IP detail for a stacked switch. Command context operator Example Show the OOBM IP detail for a stacked switch. stack-switch# show oobm ip detail Internet (IP) Service for OOBM Interface Global Configuration IPv4 Status...
Page 786 OOBM interface. If you do not specify the oobm keyword, the request will be issued from the appropriate in-band data interface. Command syntax is: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 787 Telnet: telnet ip-address [oobm] TFTP: copy tftp ... ip-address filename... [oobm] SNTP: [no] sntp server priority priority ip-address [oobm] [version] TIMEP: [no] ip timep [dhcp | manual ip-address | [oobm]] RADIUS: [no] radius-server host ip-address [oobm] TACACS+: [no] tacacs-server host ip-address [oobm] DNS: [no] ip dns server-address priority priority ip-address [oobm] Syslog:...
Page 788 Oops! It’s on the management network. Switch 41# ping source oobm 10.255.255.42 Go through the management port 10.255.255.42 is alive, time = 2 ms and it works fine. Switch 41# Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 789 Chapter 26 Websites Networking Websites Hewlett Packard Enterprise Networking Information Library www.hpe.com/networking/resourcefinder Hewlett Packard Enterprise Networking Software www.hpe.com/networking/software Hewlett Packard Enterprise Networking website www.hpe.com/info/networking Hewlett Packard Enterprise My Networking website www.hpe.com/networking/support Hewlett Packard Enterprise My Networking Portal www.hpe.com/networking/mynetworking Hewlett Packard Enterprise Networking Warranty www.hpe.com/networking/warranty...
Page 790 • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: http://www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: http://www.hpe.com/support/hpesc Information to collect • Technical support registration number (if applicable) •...
Page 791 Customer self repair Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at your convenience. Some parts do not qualify for CSR.
Page 792 Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edition, and publication date located on the front cover of the document.
Page 793 Appendix A Chassis Redundancy (5400R Switches) Chassis Redundancy (5400R Switches) Overview of chassis management redundancy Some switches provide high availability through the use of hot-swappable, redundant management modules. In the event of a failure on the active management module, management module redundancy allows a quick and unattended transition from the active management module to the standby management module.
Page 794 In the case of a failure of a preferred-active-module, the Standby management module takes over and becomes new Active management module. • The preferred-active-module is seen as configured in the show running config command. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 795 redundancy active-management Syntax redundancy active-management {management-module1 | management-module2 | standby} Description Specifies the management module that will become active at the next boot. Command context config Parameters management-module <1> | <2> Specifies the redundant management module to enable. standby Specifies the standby management module. Restrictions The redundancy active-management command will fail if the other module is in a failed state or if VSF is enabled.
Page 796 ; Ver #0f:7f.ff.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:45 hostname "Switch" module B type j9993a module G type j9987a redundancy preferred-active-management management-module1 snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged B1-B8,G1-G24 Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 797 ip address dhcp-bootp exit CLI warnings in response to preferred-active-management command CLI Warnings Scenario Active-management The command active-management is mutually cannot be set when exclusive with existing redundancy active- preferred-active- management command. management is enabled. Unconfigure before attempting to set active- management.
Page 798 7. If none of the above conditions are applicable, the module in the lowest slot becomes the active management module. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 799 Diagram of the decision process Figure 181: Active module decision flow chart at boot Hotswapping management modules Appendix A Chassis Redundancy (5400R Switches)
Page 800 The MM Shutdown button on the active management module is pressed • The boot or boot active command is executed • The reload command is executed • There is a hardware failure on the active management module Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 801 In all of these cases, the standby management module takes control and performs the actual switchover. The reason for the switchover is entered in log messages on the newly active management module and to any configured Syslog servers. What happens when switchover occurs When a switchover occurs, the features that support nonstop switching continue to operate in an uninterrupted manner.
Page 802 Other software version mismatch conditions The following steps describe the behavior that may when a new software image is installed in secondary flash of the AMM and a redundancy switchover command is executed. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 803 1. A new software image, K.15.04.0002 containing ROM upgrade K.15.12 is installed in secondary flash of the AMM/MM1. 2. The AMM/MM1 automatically syncs the images to the secondary flash in the SMM/MM2. Now both AMM/MM1 and SMM/MM2 have identical software and ROM in secondary flash. 3.
Page 804 All other CLI commands will not be executed until after the initial syncing completes. During initial syncing, no SNMP set requests are executed, except the SNMP request for ping. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 805 Operator commands menu traceroute6 enable ping dbgstack exit ping6 wireless-services link-test show services logout traceroute Manager commands boot system copy running-config page boot active copy startup-config print boot standby copy event-log redo configure copy core-dump reload copy command-output recopy repeat copy config tftp display task-monitor...
Page 806 Do you want to continue [y/n]?". Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 807 Example The redundancy management-module command in Figure 185: Enabling warm-standby redundancy on page 807 shows warm-standby redundant management being enabled. The show redundancy command displays "Mgmt Redundancy" as warm-standby redundancy enabled . Management Module 1 (MM1) is the active management module and Management Module 2 (MM2) is the standby management module. Figure 185: Enabling warm-standby redundancy The redundancy management-module command in Figure Figure 186: Enabling nonstop-switching redundancy on page 807 shows Non-stop switching redundant management being enabled.
Page 808 MM1 is now offline. The management module in slot MM2 remains the active management module. NOTE: Hewlett Packard Enterprise recommends that you leave management module redundancy enabled. If the active management module has a hardware failure, the standby module may take over and may have an old configuration since file synchronization has not occurred when management module redundancy was disabled.
Page 809 Nonstop switching disabled. The standby management module in slot MM1 is now offline. The management module in slot MM2 remains the active management module. NOTE: Hewlett Packard Enterprise recommends that you leave management module redundancy enabled. If the active management module has a hardware failure, the standby module may take over and may have an old configuration since file synchronization has not occurred when management module redundancy was disabled.
Page 810 An example of the redundancy switchover command when the switch is in Nonstop switching mode is shown in the example below. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 811 Example Redundancy switchover command when in nonstop switching mode. switch# redundancy switchover A nonstop switching failover will occur; L2 operations will not be interrupted. This management module will now reboot and will become the standby module! You will need to use the other management module's console interface. Do you want to continue [y/n]? y This management module will now boot from the primary image and will become the standby module! You will need to used the other management module’s...
Page 812 If the specified management module is not there or is in failed mode, this message displays: The specified module is not present or is in failed state. Example Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 813 Figure 189: Setting a management module to be active on the next boot on page 813 shows an example of setting management module 2 to be the active management module. Figure 189: Setting a management module to be active on the next boot If management module redundancy has been disabled and you specify the standby module with the active- management command, upon rebooting, the offline module becomes the standby module.
Page 814 The active management module remains in control. If management module redundancy is disabled, the active management module reboots and remains in control, as long as it passes selftest. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 815 CAUTION: Hewlett Packard Enterprise does not recommend using the MM Reset button to trigger a switchover. Files being copied over at the time of the reset will be aborted. Figure 191: The MM Reset button on the management module Viewing management information...
Page 816 The show redundancy command with the detail option displays information about the redundancy role of each management module, as well as statistical information such as how long the module has been up. Example Figure 193: show redundancy detail command Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 817 Viewing which software version is in each flash image The show flash command displays which software version is in each flash image. The Default Boot field displays which flash image will be used for the next boot. Example Figure 194: show flash command Viewing system software image information for both management modules The show version command displays system software image information for both management modules, as well as which module is the active management module and which is the standby management module.
Page 818 198: show redundancy command for standby module on page 819. This command displays the flash image last booted from, even if the boot set-default command has been set to change the flash booted from on the next boot. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 819 Example Figure 198: show redundancy command for standby module Viewing the flash information on the standby module Use the show flash command to display the flash information on the standby module, as shown in Figure 199: show flash command for standby module on page 819. The Default Boot field displays which flash image will be used for the next boot.
Page 820 NOTE: The reload command is a "warm" reboot; it skips the Power on Self Test routine. Syntax reload <cr> Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 821 Boots (warm reboot) the active management module. Switchover to the standby management module occurs if management module redundancy is enabled. If redundancy is disabled or if there is no standby management module, the reload command boots the system. NOTE: If the running config file is different from the stored config file, you are prompted to save the config file.
Page 822 822. If you make no selection, the boot defaults to the image displayed as the default choice (shown in parentheses.) Figure 203: The management module rebooting, showing boot profiles to select Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 823 An example of the boot command with the default flash set to secondary is shown in Figure 204: Showing boot command with default flash set to secondary on page 823. Figure 204: Showing boot command with default flash set to secondary CAUTION: For a given reboot, the switch automatically reboots from the startup-config file assigned to the flash (primary or secondary) being used for the current reboot.
Page 824 Erases the software version on the active and standby modules. If redundancy has been disabled, or if the standby module has not passed selftest, the flash is not erased on the standby module. Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 825 Command Action erase config Erases the config file on the active and standby modules. If redundancy has been disabled, or if the standby module has not passed selftest, the config file is not erased on the standby module. erase startup-config Affects both modules if the second module is in standby mode.
Page 826 Copies the crash data of both the active and standby management modules to a user-specified file. If no parameter is specified, files from all modules (management and interface) are concatenated. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 827 slot-id Retrieves the crash data from the module in the specified slot. Retrieves the crash data from both management modules and concatenates them. Viewing saved crash information Syntax show boot-history Displays the system boot log. Example Figure 206: The system boot log file Enabling and disabling fabric modules The fabric modules can be enabled or disabled even if they are not present in the switch.
Page 828 Before this command is executed, the command redundancy management nonstop- switching should be configured. Any prerequisites required for VRRP configuration commands, such as IP routing being enabled, remain as required prerequisites. Default: Disabled Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 829 Example Example of enabling nonstop switching for VRRP and then displaying the output This example shows nonstop VRRP being enabled. The show vrrp config command output displays the enabled status (see bold line below.) switch(vlan-10-vrid-1)# nonstop switch(vlan-10-vrid-1)# show vrrp config VRRP Global Configuration Information VRRP Enabled : Yes...
Page 830 LSAs as long as the network topology remains unchanged. The neighbors run in “helper mode” while the routing switch restarts. Graceful restart will fail under these conditions: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 831 • There is a topology change during the graceful restart period. The helper switches exit helper mode and adjacencies are lost until the restarting switch rebuilds the adjacencies. • The neighbor switches do not support helper mode. NOTE: • Configure router-id or IPv4 loopback address for OSPFv3 Non-Stop Forwarding to work on the switch.
Page 832 When enabled, this operation halts Helper mode support if a change in LSAs (topology change) is detected during the neighbor’s restart period. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 833 The no form of this command disables strict LSA operation. Default: Strict LSA operation enabled Viewing OSPFv3 nonstop forwarding information To display the status of Nonstop forwarding information, enter the show ipv6 ospf3 general command. Example of output showing status of nonstop forwarding for OSPFv3 switch# show ipv6 ospf3 general OSPFv3 General Status OSPFv3 protocol...
Page 834 Additionally, if a switchover occurs, or if you reboot to make the standby module become the active module, any configuration file changes made may not work on the active module if it has a different software version from the standby module. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 835 When you enter the show redundancy command and a software version mismatch exists, a warning message is displayed, as shown at the bottom of Figure 210: Example of a software version mismatch between the active and standby modules on page 835. Figure 210: Example of a software version mismatch between the active and standby modules Downloading a software version serially if the management module is corrupted...
Page 836 Usage: [no] process-tracking [slot[SLOT-LIST] [<time>]] [<time>] Description: Enable/disable module process-tracking functionality. show cpu help Usage: show cpu [<CHASSIS_MIN_CPU_UTIL_INDEX-CHASSIS_MAX_CPU_UTIL_INDEX>] [slot <SLOT-LIST> [<CHASSIS_MIN_CPU_UTIL_INDEX- CHASSIS_MODULE_MAX_CPU_UTIL_INDEX>] ] [process [[slot <SLOT-LIST>] [refresh <iterations>]] Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 837 [refresh <iterations>] Description: Show average CPU utilization over the last 1, 5, and 60 seconds, or the number of seconds specified. Use the 'slot' argument to display CPU utilization for the specified modules, rather than the chassis CPU. Use the 'process' argument to display module process usages. show cpu process help Usage: show cpu process [slot [SLOT-LIST][refresh <iterations>]] [refresh <iterations>]...
Page 838 Sessions & I/O-24 | 171 | 926 ms | 1 ms | 150 | 335 ms show cpu process slot <SLOT-LIST> Switch# show cpu process slot A slot a: Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 839 | Recent | | Time Since| Times Process Name | Priority | Time | CPU | Last Ran Time --------------------+----------+--------+-----+-----------+----------+------- System Services-2 | 156 | 253 ms | 767 ms | 12 | 35 ms Idle-3 | 28 | 13 ms | 101309 | 150 us Hardware Mgmt-2 | 192 | 282 ms |...
Page 840 'active' is assumed. During dynamic link aggregation using LACP, ports with the same key are aggregated as a single trunk. MAD passthrough applies only to trunks and not to physical ports. Parameters mad-passthrough Applies only to trunks and not to physical ports. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 841 enable Allows the port to send LACP packets. disable When LACP is disabled, the port ignores LACP packets. active When LACP is enabled and active, the port sends LACP packets and listens to them. Defaults to active. passive When LACP is enabled and passive, the port sends LACP packets only if it is spoken to. key <KEY>...
Page 842 LDPC 4 iterations: LDPC 5 iterations: LDPC 6 iterations: LDPC 7 iterations: LDPC 8 iterations: Number of fast retrains requested by Local Device. Number of fast retrains requested by Link Partner. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 843 150 Accumulated time (ms) spent in fast retrain since last AN. Number of RFI Training Link Recovery Events since last AN. Number of Link Recover Events since last AN. Established link speed : 5000Mbps Number of attempts to establish link Uptime since link was last established (ms) : 5099 Local port advertised speeds 1000Mbps 2500Mbps...
Page 844 2%. NOTE: This limitation only applies to the 5Gbps ports. Ports running at 2.5Gbps have a 1% granularity in port speeds. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 845 Error messages • On ports that do not support the respective speed-duplex option, the command will fail with an error message similar to the following: Value auto-10 is not applicable to port E1. • The following speed-duplex options are not available on switch platforms that do not have Smart Rate ports. ◦...
Page 846 Uptime since link was established : 30 seconds Local Port advertised capabilities 100MBT | 1.0GBT | 2.5G NBT | 5.0G NBT | 2.5GBT | 5.0GBT | 10GBT Link Partner advertised capabilities Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 847 100MBT | 1.0GBT | 2.5G NBT | 5.0G NBT | 2.5GBT | 5.0GBT | 10GBT show interface config Syntax show interface config Description Displays port settings. Example switch#(config)show interface config Port Settings Port Type | Enabled Mode Flow Ctrl MDI ----- ---------- + ------- ------------ --------- ---- 10GbE-T | Yes...
Page 848 The port status is displayed as down. 2. Save the configuration and again reboot. The preconfigured auto-100 restores the Smart Rate port to auto mode, thus restoring its functionality. Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 849 Appendix D Networking 6th Generation Switch ASIC Networking 6th Generation Switch ASIC Introduction The Networking 6th Generation Switch ASIC based module creates compatibility between v2 and v3 blades on the 5400R Chassis Switches. When the 5400R Chassis Switch platform detects a mix of v2 and v3 blades, the v3 feature will default the platform to v2 behavior.
Page 850 Provides a list of V3-native configurations present in the current configuration. show running-config v3-specific enable domain 40 member 1 type "J9850A" mac-address 645106-8a0400 priority 200 link 1 1/A24 link 1 name "I-Link1_1" Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 851 exit member 2 type "J9850A" mac-address 40a8f0-9e6600 priority 150 link 1 2/A24 link 1 name "I-Link2_1" exit exit oobm vsf member 1 ip address dhcp-bootp exit vsf member 2 ip address dhcp-bootp exit exit VSF-Switch# Show commands The show module command shows the configuration status of allowed V2 modules. The output will be available only for the 5400R Chassis Switches.
Page 852 A type j9987a module F type j9993a no allow-v2-modules snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A1-A24,F1-F8 ip address dhcp-bootp exit Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 853 Event logging Table 37: Interoperability messages Event Message M 05/23/14 05:50:15 00064 system: When switch is rebooting after V2/V3 interoperability message Rebooting the device because the a change in the interoperability module compatibility mode has mode. changed. M 05/23/14 05:50:15 00064 system: V1/V2 Interoperability message Rebooting for for reference...
Page 854 Status and Counters - General System Information System Name : 5406zl2 System Contact System Location Allow V2 Modules : Yes Event Log Event Message Compatibility Mode disabled – ‘allow-v2-modules’ Rebooting for interOperabilityMode change Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 855 Appendix E MAC Address Management MAC Address Management Overview The switch assigns MAC addresses in these areas: • For management functions, one Base MAC address is assigned to the default VLAN (VID = 1.) (All VLANs on the switches covered in this guide use the same MAC address.) •...
Page 856 If the switch has only the default VLAN, the following screen appears. If the switch has multiple static VLANs, each is listed with its address data. Figure 211: Example of the Management Address Information screen Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 857 Viewing the port and VLAN MAC addresses The MAC address assigned to each switch port is used internally by such features as Flow Control and the spanning-tree protocol. Using the walkmib command to determine the MAC address assignments for individual ports can sometimes be useful when diagnosing switch operation.
Page 858 1. If the switch is at the CLI Operator level, use the enable command to enter the Manager level of the CLI. 2. Enter the following command to display the MAC address for each port on the switch: Switch# walkmib ifPhysAddress Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 859 NOTE: The above command is not case-sensitive. Appendix E MAC Address Management...
Page 860 Power over Ethernet (PoE and PoE+) Loop Protection Protocol Filters MAC Address Management RADIUS Authentication and Accounting Management VLAN RADIUS-Based Configuration Passwords and Password Clear Protection/include- credentials Table Continued Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 861 Encrypted-password QoS: Strict-Priority Queuing Port Monitoring QoS: Turn on/off VLAN Precedence Port Status QoS: Egress Queue Rate-limiting Rate-Limiting Syslog System Parameters (hostname, Banner) System Information Front-panel-security Telnet Access DLDP Traffic/Security Filters OOBM VLAN Mirroring (1 static VLAN)/Port mirroring Switch interconnect Voice VLAN Airwave Controller IP configuration Web Authentication RADIUS Support...

This manual is also suitable for:

Aruba 5400r

Save PDF