Page 1 Aruba 2930F / 2930M Management and Configuration Guide for ArubaOS- Switch 16.08 Part Number: 5200-5486a Published: January 2019 Edition: 2...
Page 2 © Copyright 2019 Hewlett Packard Enterprise Notices The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Page 3: Table Of Contents
Contents Chapter 1 About this guide................Applicable products..........................26 Switch prompts used in this guide......................Chapter 2 Time Protocols................General steps for running a time protocol on the switch................27 TimeP time synchronization......................SNTP time synchronization......................27 NTP time synchronization......................Command........................timesync Selecting a time synchronization protocol....................28 Disabling time synchronization........................
Page 4 show ntp associations......................show ntp authentication......................60 Validation rules........................Event log messages......................Precision Time Protocol (PTP).........................63 ptp..............................63 show ptp............................. Monitoring resources..........................Displaying current resource usage....................65 Viewing information on resource usage..................Policy enforcement engine....................Usage notes for show resources output................67 When insufficient resources are available..................67 Chapter 3 Port Status and Configuration.............69...
Page 5 Configuring UDLD for tagged ports..................Viewing UDLD information (CLI)....................Viewing summary information on all UDLD-enabled ports (CLI)........Viewing detailed UDLD information for specific ports (CLI)..........99 Clearing UDLD statistics (CLI)................... Uplink Failure Detection...........................99 Configuration Guidelines for UFD....................enable/disable........................101 uplink-failure-detection..................... configuration........................uplink-failure-detection track.................101 show uplink-failure-detection................102...
Page 6 Recommendations........................Show commands.........................125 PoE Event Log messages........................127 Chapter 5 Port Trunking................Overview of port trunking........................Port connections and configuration.....................129 Port trunk features and operation......................Fault tolerance ........................... Trunk configuration methods........................130 Dynamic LACP trunk........................130 Using keys to control dynamic LACP trunk configuration..........130 Static trunk..........................
Page 7 Configuring ICMP rate-limiting....................Using both ICMP rate-limiting and all-traffic rate-limiting on the same interface......159 Viewing the current ICMP rate-limit configuration............... Operating notes for ICMP rate-limiting..................160 ICMP rate-limiting trap and Event Log messages...............161 Determining the switch port number used in ICMP port reset commands.......
Page 8 Listing community names and values (CLI)..............SNMP notifications........................194 Supported Notifications....................General steps for configuring SNMP notifications............194 SNMPv1 and SNMPv2c Traps..................SNMP trap receivers......................Overview.......................... SNMP trap when MAC address table changes..............SNMPv2c informs......................198 Configuring SNMPv3 notifications (CLI)................199 Network security notifications...................202 Enabling Link-Change Traps (CLI)...................
Page 9 Basic LLDP per-port advertisement content..............228 Support for port speed and duplex advertisements............230 Port VLAN ID TLV support on LLDP................... Configuring the VLAN ID TLV...................231 Viewing the TLVs advertised.................... SNMP support........................LLDP-MED (media-endpoint-discovery)..................LLDP-MED endpoint support................... LLDP-MED endpoint device classes................LLDP-MED operational support..................
Page 10 dhcp-server........................DHCP address pool name......................dhcp-server pool.......................259 Authoritative........................DHCP client boot file........................bootfile-name ........................261 DHCP client default router......................default-router........................DNS IP servers .......................... dns-server........................Configure a domain name......................262 domain-name........................Configure lease time........................lease..........................262 NetBIOS WINS servers.......................262 NetBIOS node type........................bios-ode-type......................263 Subnet and mask ........................
Page 11 dhcpv6–snooping authorized-server................... ddhcpv6–snooping database file....................275 dhcpv6–snooping max-bindings....................276 dhcpv6–relay option 79....................... snmp-server enable traps dhcpv6-snooping................clear dhcpv6–snooping stats.......................278 debug security dhcpv6–snooping....................278 ipv6 source-lockdown ethernet....................ipv6 source-binding........................snmp-server enable traps dyn-ipv6-lockdown................281 debug security dynamic-ipv6-lockdown..................Show commands for DHCPv6–snooping....................282 show dhcpv6-snooping....................... show dhcpv6 snooping bindings....................
Page 12 show crypto-ipsec sa......................322 show running-configuration....................ZTP with Aruba Central..........................324 LED Blink feature........................Aruba Central Configuration manually..................Activating ArubaOS-Switch Firmware Integration............activate software-update enable..................activate software-update check..................326 activate software-update update..................show activate software-update..................327 Show activate provision....................328 aruba-central........................Troubleshooting...........................331 Show aruba-central......................Error reason for Aruba Central..................
Page 13 Copying diagnostic data.........................357 copy command-log........................357 copy event-log..........................357 Transferring switch configurations......................TFTP: Copying a configuration file to a remote host (CLI)............358 TFTP: Copying a configuration file from a remote host (CLI)............359 TFTP: Copying a customized command file to a switch (CLI)............ USB: Copying a configuration file to a USB device..............360 USB: Copying a configuration file from a USB...
Page 14 Accessing port and trunk group statistics (CLI)..............386 Displaying trunk load balancing statistics.................386 Clearing trunk load balancing statistics................Resetting the port counters....................Viewing the switch's MAC address tables...................387 Accessing MAC address views and searches (CLI)............388 Accessing MSTP Data (CLI)....................... Viewing internet IGMP status (CLI).....................
Page 15 Traffic-direction criteria...........................409 Configure ACL criteria to select inbound....................interface monitor ip access-group....................Configuring a destination switch in a remote mirroring session.............410 Configuring a source switch in a local mirroring session................411 Configuring a source switch in a remote mirroring session..............411 Selecting all traffic on a port interface for mirroring according to traffic direction........412 Selecting all traffic on a VLAN interface for mirroring according to traffic direction.......
Page 16 About selecting inbound traffic using advanced classifier-based mirroring.........435 Classifier-based mirroring configuration....................Classifier-based mirroring restrictions..................437 About applying multiple mirroring sessions to an interface............Mirroring configuration examples....................Maximum supported frame size......................443 Enabling jumbo frames to increase the mirroring path MTU............444 Effect of downstream VLAN tagging on untagged, mirrored traffic............
Page 17 The switch does not receive a response to RADIUS authentication requests....The switch does not authenticate a client even though the RADIUS server is properly configured and providing a response to the authentication request.........465 During RADIUS-authenticated client sessions, access to a VLAN on the port used for the client sessions is lost....................465 The switch appears to be properly configured as a supplicant, but cannot gain access...
Page 18 Event Log......................... Restrictions........................478 Viewing transceiver information......................Viewing information about transceivers (CLI)................480 support..........................480 Viewing transceiver information....................Information displayed with the detail parameter...............481 Viewing transceiver information for copper transceivers with VCT support........... Testing the Cable........................Viewing transceiver information......................Using the Event Log for troubleshooting switch problems..............
Page 19 Saving show tech command output to a text file.............. Customizing show tech command output.................536 Viewing more information on switch operation................538 Searching for text using pattern matching with show command........Displaying the information you need to diagnose problems............541 Restoring the factory-default configuration....................
Page 20 Troubleshooting and support......................... debug cfg-restore........................575 Chapter 16 Virtual Technician..............Cisco Discovery Protocol (CDP)......................Show cdp traffic...........................577 Clear cdp counters........................show cdp neighbors detail......................578 Enable/Disable debug tracing for MOCANA code................. Debug security ........................... User diagnostic crash via Front Panel Security (FPS) button..............579 Front panel security password-clear...................
Page 21 Event log messages..........................603 Interoperability............................IP SLA UDP Jitter and Jitter for VoIP ....................604 Overview............................. Significance of jitter........................Solution components........................605 Measurements........................606 Chapter 18 Dynamic Segmentation............Definition of Terms..........................Overview..............................Benefits of Dynamic Segmentation......................609 Cases............................. Users/Devices and Policy Enforcement Recommendations..............Colorless Ports............................612 Port-Based Tunneling..........................
Page 22 VSF link..............................651 Physical VSF ports..........................651 VSF member ID............................. Interface naming conventions........................ VSF member roles..........................Member priority............................Supported topologies..........................Running-configuration synchronization ....................654 VSF split..............................655 VSF merge.............................655 commands............................. Configuration commands ......................enable......................... disable........................vsf member link ....................... domain........................member........................657 vsf member shutdown...................... vsf member reboot......................
Page 23 configuration..........................Manual configuration of a VSF....................689 Manual configuration with multiple ports bundled in a VSF link........Automatic configuration of a VSF fabric..................695 Port speed..............................701 VSF port LED front panel........................701 VSF port LEDs..........................Diagnostic tips for stacking error....................702 LED 1 and LED 2 display solid green color, whereas, LED 3 displays solid orange..702 LED 1 displays slow flash orange, LED 2 displays solid green, whereas, LED 3 displays different...
Page 24 Requirements............................728 Limitations..............................728 Feature Interactions..........................Profile Manager and 802.1X....................... Profile Manager and LMA/WMA/MAC-AUTH................729 Profile manager and Private VLANs................... MAC lockout and lockdown ......................729 LMA/WMA/802.1X/Port-Security....................730 Troubleshooting............................. Dynamic configuration not displayed when using “show running-config”........730 The show run command displays non-numerical value for untagged-vlan.......730 Show commands.........................731...
Page 25 Overview..............................LACP-MAD Passthrough commands.....................750 interface lacp..........................750 show lacp............................ clear lacp statistics........................Remote Device Deployment (TR-069)............752 Introduction............................Advantages of TR-069........................ Zero-touch configuration process....................753 Zero-touch configuration setup and execution................CLI commands............................756 Configuration setup........................ACS password configuration.......................757 When encrypt-credentials is off..................When encrypt-credentials is on..................
Page 26: Chapter 1 About This Guide
Chapter 1 About this guide This guide provides information on how to configure, manage, and monitor basic switch operation. Applicable products This guide applies to these products: Aruba 2930F Switch Series (JL253A, JL254A, JL255A, JL256A, JL258A, JL259A, JL260A, JL261A, JL262A, JL263A, JL264A, JL557A, JL558A, JL559A) Aruba 2930M Switch Series (JL319A, JL320A, JL321A, JL322A, JL323A, JL324A, R0M67A, R0M68A) Switch prompts used in this guide...
Page 27: Chapter 2 Time Protocols
Chapter 2 Time Protocols NOTE: For successful time protocol setup and specific configuration details, you may need to contact your system administrator regarding your local configuration. General steps for running a time protocol on the switch Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages.
Page 28: Ntp Time Synchronization
security over the Broadcast mode by specifying which time server to use instead of using the first one detected through a broadcast. NTP time synchronization The Network Time Protocol (NTP) synchronizes the time of day among a set of distributed time servers and clients in order to correlate events when receiving system logs and other time-specific events from multiple network devices.
Page 29: Disabling Time Synchronization
The switch retains the parameter settings for both time protocols even if you change from one protocol to the other. Thus, if you select a time protocol, the switch uses the parameters you last configured for the selected protocol. Simply selecting a time synchronization protocol does not enable that protocol on the switch unless you also enable the protocol itself (step 2, above).
Page 30 If you configure the switch with TimeP as the time synchronization method, then enable TimeP in DHCP mode with the default poll interval, show timep lists the following: TimeP configuration when TimeP is the selected Time synchronization method switch(config)# show timep Timep Configuration Time Sync Mode: Timep TimeP Mode [Disabled] : DHCP...
Page 31: Configuring (Enabling Or Disabling) The Timep Mode
Configuring (enabling or disabling) the TimeP mode Enabling the TimeP mode means to configure it for either broadcast or unicast mode. Remember to run TimeP as the switch's time synchronization protocol, you must also select TimeP as the time synchronization method by using the CLI timesync command.
Page 32 Selects TimeP as the time synchronization method. Syntax: ip timep dhcp Configures DHCP as the TimeP mode. For example, suppose: • Time Synchronization is configured for SNTP. • You want to: ◦ View the current time synchronization. ◦ Select TimeP as the synchronization mode. ◦...
Page 33 Configuring TimeP for manual operation switch(config)# timesync timep switch(config)# ip timep manual 10.28.227.141 switch(config)# show timep Timep Configuration Time Sync Mode: Timep TimeP Mode : Manual Server Address : 10.28.227.141 Poll Interval (min) : 720 Changing from one TimeP server to another (CLI) Procedure 1.
Page 34: Sntp: Selecting And Configuring
Disabling the TimeP mode Syntax: no ip timep Disables TimeP by changing the TimeP mode configuration to Disabled and prevents the switch from using it as the time synchronization protocol, even if it is the selected Time Sync Method option. Example: If the switch is running TimeP in DHCP mode, no ip timep changes the TimeP configuration as shown below and disables time synchronization.
Page 35: Viewing And Configuring Sntp (Cli)
SNTP parameter Operation Server Address Used only when the SNTP Mode is set to Unicast. Specifies the IP address of the SNTP server that the switch accesses for time synchronization updates. You can configure up to three servers; one using the menu or CLI, and two more using the CLI. Server Version Specifies the SNTP software version to use and is assigned on a per-server basis.
Page 36: Configuring (Enabling Or Disabling) The Sntp Mode
Priority SNTP Server Address Protocol Version -------- ------------------------------ ---------------- 2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 Syntax: show management This command can help you to easily examine and compare the IP addressing on the switch. It lists the IP addresses for all time servers configured on the switch, plus the IP addresses and default gateway for all VLANs configured on the switch.
Page 37 Syntax: sntp server priority <1-3> Specifies the order in which the configured servers are polled for getting the time. Value is between 1 and 3. Syntax: sntp <30-720> Configures the amount of time between updates of the system clock via SNTP. Default: 720 seconds Enabling SNTP in Broadcast Mode Because the switch provides an SNTP polling interval (default: 720 seconds), you need only these two commands...
Page 38 The commands and output would appear as follows: Figure 1: Enabling SNTP operation in Broadcast Mode switch(config)# show sntp SNTP Configuration Time Sync Mode: Timep SNTP Mode : disabled Poll Interval (sec) [720] :720 switch(config)# timesync sntp switch(config)# sntp broadcast switch(config)# show sntp SNTP Configuration Time Sync Mode: Sntp...
Page 39 version The protocol version of the SNTP server. Allowable values are 1 through 7; default is 3. Syntax: no sntp server priority <1-3> <ip-addr> Deletes the specified SNTP server. NOTE: priority <1-3> value must match what server is configured with. Deleting an SNTP server when only one is configured disables SNTP unicast operation.
Page 40 Specifying the SNTP protocol version number switch(config)# no sntp server 10.28.227.141 switch(config)# sntp server 10.28.227.141 4 switch(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : Broadcast Poll Interval (sec) [720] : 600 IP Address Protocol Version ------------- ----------------- 10.28.227.141 •...
Page 41 Disabling time synchronization without changing the SNTP configuration (CLI) The recommended method for disabling time synchronization is to use the timesync command. Syntax: no timesync Halts time synchronization without changing your SNTP configuration. Example: Suppose SNTP is running as the switch's time synchronization protocol, with broadcast as the SNTP mode and the factory-default polling interval.
Page 42: Sntp Client Authentication
Note that even though the Time Sync Mode is set to Sntp, time synchronization is disabled because no sntp has disabled the SNTP Mode parameter. SNTP client authentication Enabling SNTP authentication allows network devices such as switches to validate the SNTP messages received from an NTP or SNTP server before updating the network time.
Page 43: Configuring A Trusted Key
Syntax: sntp authentication key-id <key-id> authentication-mode <md5> key-value <key-string> [trusted] no sntp authentication key-id <key-id> Configures a key-id, authentication-mode (MD5 only), and key-value, which are required for authentication. The no version of the command deletes the authentication key. Default: No default keys are configured on the switch. key-id A numeric key identifier in the range of 1-4,294,967,295 (2 ) that identifies the unique key value.
Page 44: Associating A Key With An Sntp Server (Cli)
Trusted keys are used during the authentication process. You can configure the switch with up to eight sets of key-id/key-value pairs. One specific set must selected for authentication; this is done by configuring the set as trusted. The key-id itself must already be configured on the switch. To enable authentication, at least one key-id must be configured as trusted.
Page 45: Configuring Unicast And Broadcast Mode For Authentication
Configuring unicast and broadcast mode for authentication To enable authentication, you must configure either unicast or broadcast mode. When authentication is enabled, changing the mode from unicast to broadcast or vice versa is not allowed; you must disable authentication and then change the mode.
Page 46: Saving Configuration Files And The Include-Credentials Command
Viewing all SNTP authentication keys that have been configured on the switch (CLI) Enter the show sntp authentication command, as shown in Show sntp authentication command output on page 46. Show sntp authentication command output switch(config)# show sntp authentication SNTP Authentication Information SNTP Authentication : Enabled Key-ID Auth Mode...
Page 47 sntp broadcast sntp 50 sntp authentication sntp server priority 1 10.10.10.2.3 key-id 55 sntp server priority 2 fe80::200:24ff:fec8:4ca8 4 key-id 55 NOTE: SNTP authentication has been enabled and a key-id of 55 has been created. In this Example:, the include-credentials command has not been executed and is not present in the configuration file.
Page 48: Sntp Unicast Time Polling With Multiple Sntp Servers
If include-credentials is configured, the SNTP authentication configuration is saved in the configuration file. When the show config command is entered, all of the information that has been configured for SNTP authentication displays, including the key-values. Figure 2: Saved SNTP Authentication information when include-credentials is configured SNTP unicast time polling with multiple SNTP servers When running SNTP unicast time polling as the time synchronization method, the switch requests a time update from the server you configured with either the Server Address parameter in the menu interface, or the primary...
Page 49: Adding And Deleting Sntp Server Addresses
Default Gateway : 10.0.9.80 VLAN Name MAC Address | IP Address ------------ ------------------- + ------------------- DEFAULT_VLAN 001279-88a100 | Disabled VLAN10 001279-88a100 | 10.0.10.17 Adding and deleting SNTP server addresses Adding addresses As mentioned earlier, you can configure one SNTP server address using either the Menu interface or the CLI. To configure a second and third address, you must use the CLI.
Page 50: Commands
Before synchronizing, NTP compares the time reported by several network devices and does not synchronize with one that is significantly different, even if it is a stratum 1. The security features of NTP can be used to avoid the accidental or malicious setting of incorrect time. One such mechanism is available: an encrypted authentication mechanism.
Page 51: Ntp Enable
Disable NTP and removes the entire NTP configuration. Options authentication Configure NTP authentication. broadcast Operate in broadcast mode. enable Enable/disable NTP. max-association Maximum number of Network Time Protocol (NTP) associations. server Configure a NTP server to poll for time synchronization. trap Enable/disable NTP traps.
Page 52: Ntp Authentication Key-Id
ntp authentication key-id <KEY-ID> [authentication-mode <MODE> key-value <KEY- STRING>] [trusted] Parameters/Options key-id <id> Sets the key-id for the authentication key. Subcommands authentication-mode Sets the NTP authentication mode key-value <KEY-STRING> Sets the key-value for the authentication key. [trusted] Sets the authentication key as trusted. Example Switch(config)# ntp Authentication...
Page 53: Ntp Max-Association
Description The NTP client authenticates the NTP server. Options authentication-mode Set the NTP authentication mode. • md5: Authenticate using MD5. • sha1: Authenticate using SHA1. trusted Set this authentication key as trusted. ntp max-association This command is used to configure the maximum number of servers associated with this NTP client. Syntax ntp max-association <number>...
Page 54 Syntax [no] ntp server ntp server <IP-ADDR|IPv6-ADDR> [key <key-id>] [oobm] [max-poll <max-poll-val>][min-poll <min-poll-val>][burst | iburst] [version <1-4>] Parameters/Options [no] Removes the unicast NTP configurations on the device. Subcommands IP-ADDR Sets the IPv4 address of the NTP server. IPV6-ADDR Sets the IPv6 address of the NTP server. key <key-id>...
Page 55: Ntp Server Key-Id
switch(config)# ntp server <IP-ADDR> key key-id Max-poll Configure the maximum time intervals in seconds. switch(config)# ntp server <IP-ADDR> key key-id max-poll <4-17> Enter an integer number. Switch(config)# ntp server <IP-ADDR> key key-id Min-poll Configure the minimum time intervals in seconds. switch(config)# ntp server <IP-ADDR>...
Page 56: Ntp Ipv6-Multicast
key-id Set the authentication key to use for this server. max-poll <max-poll-val> Configure the maximum time intervals in seconds. min-poll <min-poll-val> Configure the minimum time intervals in seconds. ntp ipv6-multicast This command is used to configure NTP multicast on a VLAN interface. Syntax ntp ipv6-multicast Description...
Page 57 Syntax ntp trap <trap-name> Description Enable NTP traps. Use [no] to disable NTP traps. Options ntp-mode-change Trap name resulting in send notification when the NTP entity changes mode, including starting and stopping (if possible). ntp-stratum-change Trap name resulting in send notification when stratum level of NTP changes. ntp-peer-change Trap name resulting in send notification when a (new) syspeer has been selected.
Page 58: Show Ntp Statistics
- 'ntpEntNotifConfigChanged' The notification to be sent when the NTP configuration has changed. - 'ntpEntNotifLeapSecondAnnounced' The notification to be sent when a leap second has been announced. - 'ntpEntNotifHeartbeat' The notification to be sent periodically (as defined by ntpEntHeartbeatInterval) to indicate that the NTP entity is still alive. - 'ntpEntNotifAll' The notification to be sent when all traps have been enabled show ntp statistics This command is used to show NTP statistics.
Page 59: Show Ntp Associations
Precision : 2**7 Root Dispersion : 15.91 sec NTP Uptime : 01d 09h 15m Time Resolution : 1 Drift : 0.000000000 sec/sec System Time : Tue Aug 25 04:59:11 2015 Reference Time : Mon Jan 1 00:00:00 1990 show ntp associations Syntax show ntp associations [detail <IP-ADDR>]...
Page 60: Show Ntp Authentication
Filter Delay = 4.23 4.14 2.41 5.95 2.37 2.33 4.26 4.33 Filter Offset = -8.59 -8.82 -9.91 -8.42 -10.51 -10.77 -10.13 -10.11 show ntp authentication Syntax Description Show the authentication status and other information about the authentication key. show ntp authentication Switch(config)# show ntp authentication NTP Authentication Information Key-ID...
Page 61 Validation Error/Warning/Prompt If the username and the key installation user The username in the key being installed does not for that privilege do not match, a message match the username configured on the switch. displays and installation is not allowed. This will also happen when the authentication method is set for two-factor.
Page 62: Event Log Messages
Event log messages Cause Event Message RMON_AUTH_TWO_FACTOR_AUTHEN_STATUS W 01/01/15 18:24:03 03397: auth: %s. Examples: W 01/01/15 18:24:03 03397: auth: Public key and username/password should be configured for the successful two-factor authentication. W 01/01/15 18:24:03 03397: auth: Username and password should be configured for the successful two-factor authentication.
Page 63: Precision Time Protocol (Ptp)
Event Message When NTP found a new broadcast server. A new broadcast server at %s. When system clock was updated with new time. The system clock time was changed by %ld sec %lu nsec. The new time is %s. When NTP stratum was updated. The NTP Stratum was changed from %d to %d.
Page 64: Show Ptp
displays: Port A1 does not support IEEE 1588 end-to-end transparent mode.Use the command show ptp to identify the unsupported ports. • IEEE 1588 end-to-end transparent mode cannot be enabled on a stack. If the user attempts this, an error message like the following displays: IEEE 1588 end-to-end transparent mode cannot be enabled when stacking is enabled.
Page 65: Displaying Current Resource Usage
Displaying current resource usage To display current resource usage in the switch, enter the following command: Syntax: show {<qos | access-list | policy> resources} Displays the resource usage of the policy enforcement engine on the switch by software feature. For each type of resource, the amount still available and the amount used by each software feature is shown.
Page 66: Viewing Information On Resource Usage
Resource usage includes resources actually in use, or reserved for future use by the listed feature. Internal dedicated-purpose resources, such as port bandwidth limits or VLAN QoS priority, are not included. Viewing information on resource usage The switch allows you to view information about the current usage and availability of resources in the Policy Enforcement engine, including the following software features: •...
Page 67: Usage Notes For Show Resources Output
◦ Mirror policies per VLAN through the CLI using monitor service ◦ Jumbo IP-MTU • When the following features are configured per-port, resource usage is applied only to the slot or port group on which the feature is configured: ◦ ACLs or QoS applied per-port or per-user through RADIUS authentication ◦...
Page 68 mirroring policies if a policy has not been applied to an interface. However, sufficient resources must be available when you apply a configured policy to an interface. ◦ Acceptance of new RADIUS-based client authentication requests (displayed as a new resource entry for IDM).Failure to authenticate a client that presents valid credentials may indicate that insufficient resources are available for the features configured for the client in the RADIUS server.
Page 69: Chapter 3 Port Status And Configuration
Chapter 3 Port Status and Configuration Viewing port status and configuring port parameters Connecting transceivers to fixed-configuration devices If the switch either fails to show a link between an installed transceiver and another device or demonstrates errors or other unexpected behavior on the link, check the port configuration on both devices for a speed and/or duplex (mode) mismatch.
Page 70 Status or Description parameter Mode The port's speed and duplex (data transfer operation) setting.10/100/1000Base-T Ports: • Auto-MDIX (default): Senses speed and negotiates with the port at the other end of the link for port operation (MDI-X or MDI).To see what the switch negotiates for the auto setting, use the CLI show interfaces brief command.
Page 71: Viewing Port Status And Configuration (Cli)
Status or Description parameter 10-Gigabit CX4 Copper Ports: 10-Gigabit SC Fiber-Optic Ports (10-GbE SR, 10-GbE LR, 10-GbE ER): Auto: The port operates at 10 gigabits FDx and negotiates flow control. Lower speed settings or half-duplex are not allowed. NOTE: Conditioning patch cord cables are not supported on 10-GbE. Auto-MDIX The switch supports Auto-MDIX on 10Mb, 100Mb, and 1 Gb T/TX (copper) ports.
Page 72: Dynamically Updating The Show Interfaces Command (Cli/Menu)
brief Lists the current operating status for all ports on the switch. config Lists a subset of configuration data for all ports on the switch; that is, for each port, the display shows whether the port is enabled, the operating mode, and whether it is configured for flow control. <port-list>...
Page 73: Customizing The Show Interfaces Command (Cli)
When using the display option in the CLI, the information stays on the screen and is updated every 3 seconds, as occurs with the display using the menu feature. The update is terminated with Cntl-C. You can use the arrow keys to scroll through the screen when the output does not fit in one screen. Figure 3: show interfaces display command with dynamically updating output Customizing the show interfaces command (CLI) You can create show commands displaying the information that you want to see in any order you want by using...
Page 74: Error Messages Associated With The Show Interfaces Command
Parameter column Displays Examples name Friendly port name vlanid The vlan id this port belongs to, or "tagged" if it 4tagged belongs to more than one vlan enabled port is or is not enabled yes or nointrusion intrusion Intrusion alert status bcast Broadcast limit The custom show interfaces command...
Page 75: Show Interface Smartrate
Note on using pattern matching with the show interfaces custom command If you have included a pattern matching command to search for a field in the output of the show int custom command, and the show int custom command produces an error, the error message may not be visible and the output is empty.
Page 76: Operating Notes For Viewing Port Utilization Statistics
Operating notes for viewing port utilization statistics • For each port on the switch, the command provides a real-time display of the rate at which data is received (Rx) and transmitted (Tx) in terms of kilobits per second (KBits/s), number of packets per second (Pkts/s), and utilization (Util) expressed as a percentage of the total bandwidth available.
Page 77: Enabling Or Disabling Ports And Configuring Port Mode (Cli)
• For a non-Aruba switches installed transceiver, no transceiver type, product number, or part information is displayed. In the Serial Number field, non-operational is displayed instead of a serial number. • The following error messages may be displayed for a non-operational transceiver: ◦...
Page 78: Enabling Or Disabling Flow Control (Cli)
If port C8 was disabled, and you wanted to enable it and configure it for 100FDx with flow-control active, you could do so with either of the following command sets: Figure 4: Two methods for changing a port configuration For more on flow control, see Enabling or disabling flow control (CLI) on page 78. Enabling or disabling flow control (CLI) NOTE: You must enable flow control on both ports in a given link.
Page 79 Assuming that flow control is currently disabled on the switch, you would use these commands: Figure 5: Configuring flow control for a series of ports switch(config)# int a1-a6 flow-control switch(config)# show interfaces brief Status and Counters - Port Status | Intrusion Flow Bcast Port Type...
Page 80: Port Shutdown With Broadcast Storm
Port shutdown with broadcast storm A LAN broadcast storm arises when an excessively high rate of broadcast packets flood the LAN. Occurrence of LAN broadcast storm disrupts traffic and degrades network performance. To prevent LAN traffic from being disrupted, an enhancement of fault-finder commands adds new options, and the corresponding MIBs, that trigger a port disablement when a broadcast storm is detected on that port.
Page 81: Snmp Mib
Syntax: show fault-finder broadcast-storm [[ethernet] port-list] Examples: switch# show fault-finder broadcast-storm [A1] Port Bcast Storm Port Status Rising Action Disable Disable Threshold Timer Timer Left Down warn-and- 65535 — disable switch (config)# show fault-finder broadcast-storm Port Bcast Storm Port Status Rising Action Disable...
Page 82 • syntax HpicfFfBcastStormControlPortConfigEntry • max-access: not-accessible • status: current • description: This object provides information about broadcast storm control configuration of each port. • index: {hpicfffbcaststormcontrolportindex}::= {hpicfFfBcastStormControlPortConfigTable 1} hpicfFfBcastStormControlPortConfigEntry ::= Syntax sequence:hpicfFfBcastStormControlPortIndex InterfaceIndex, hpicfFfBcastStormControlMode Integer, hpicfFfBcastStormControlRisingpercent Integer32, hpicfFfBcastStormControlRisingpps Integer32, hpicfFfBcastStormControlAction Integer, hpicfFfBcastStormControlPortDisableTimer Unsigned32 hpicfFfBcastStormControlPortIndex OBJECT-TYPE •...
Page 83: Multicast Storm Control
hpicfFfBcastStormControlRisingpps OBJECT-TYPE • Syntax Integer32 (1..10000000) • max-access: read-write • status: current • description: This object indicates the rising threshold for broadcast storm control. This value is in packets-per- second of received broadcast traffic. hpicfffbcaststormcontrolaction object takes action when broadcast traffic reaches this level.
Page 84: Fault-Finder Multicast-Storm
fault-finder multicast-storm Syntax fault-finder multicast-storm <PORT-LIST> action {warn | warn-and-disable <Seconds>} {percent <Percent> | pps <Rate>} no fault-finder multicast-storm <PORT-LIST> action {warn | warn-and-disable <Seconds>} {percent <Percent> | pps <Rate>} Description Per-port command to configure multicast-storm. The no form of the command disables multicast-storm configuration on the port.
Page 85 switch(config)# fault-finder multicast-storm ethernet 1/1 action warn-and-disable 10 percent <1-100> The percentage that is considered a multicast storm. switch(config)# fault-finder multicast-storm ethernet 1/1 action warn-and-disable 10 percent 40 Per port show fault-finder output: switch(config)# show fault-finder multicast-storm 1/1 Mcast | Port Rising Disable Disable Time...
Page 86: Fault-Finder Multicast-Storm Action
fault-finder multicast-storm action Syntax fault-finder multicast-storm [action {warn | warn-and-disable}] [sensitivity {low | medium |high}] no fault-finder multicast-storm [action {warn | warn-and-disable}] [sensitivity {low | medium |high}] Description Global command to configure multicast-storm. The no form of the command disables multicast-storm configuration on the port.
Page 87: Show Logging
bad-driver medium warn bad-transceiver medium warn bad-cable medium warn too-long-cable medium warn over-bandwidth medium warn broadcast-storm medium warn loss-of-link medium warn duplex-mismatch-hdx medium warn duplex-mismatch-fdx medium warn multicast-storm high warn-and-disable link-flap medium warn show running-config Syntax show running-config Description Displays information about the current configuration. Command context Manager Example...
Page 88: Restrictions
Description Checks the FFI multicast-storm logging message. Command context Manager Example switch# show logging Keys: W=Warning I=Information M=Major D=Debug E=Error ---- Event Log listing: Events Since Boot ---- I 01/07/90 20:22:55 00076 ports: port 3 is now on-line M 01/07/90 20:22:52 02677 FFI: port 3-Port enabled by Fault-finder. I 01/07/90 20:22:33 00077 ports: port 3 is now off-line M 01/07/90 20:22:33 02676 FFI: port 3-Re-enable after 20 seconds.
Page 89: Manual Override
Manual override If you require control over the MDI/MDI-X feature, you can set the switch to either of these non-default modes: • Manual MDI • Manual MDI-X The table below shows the cabling requirements for the MDI/MDI-X settings. Table 5: Cable types for auto and manual MDI/MDI-X settings Setting MDI/MDI-X device type PC or other MDI device type...
Page 90: Using Friendly (Optional) Port Names
• Where a port is linked to another device, this command lists the MDI mode the port is currently using. • In the case of ports configured for Auto ( auto-mdix), the MDI mode appears as either MDI or MDIX, depending upon which option the port has negotiated with the device on the other end of the link.
Page 91: Configuring And Operating Rules For Friendly Port Names
Configuring and operating rules for friendly port names • At either the global or context configuration level, you can assign a unique name to a port. You can also assign the same name to multiple ports. • The friendly port names you configure appear in the output of the show name [port-list], show config, and show interface <port-number >...
Page 92: Configuring The Same Name For Multiple Ports (Cli)
Configuring the same name for multiple ports (CLI) Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group. In this case you might configure ports A5 through A8 with the name "Draft-Server:Trunk." Configuring one friendly port name on multiple ports switch(config)# int a5-a8 name Draft-Server:Trunk switch(config)# write mem...
Page 93: Including Friendly Port Names In Per-Port Statistics Listings (Cli)
Lists the friendly port name with its corresponding port number and port type. The show name command without a port list shows this data for all ports on the switch. Friendly port name data for all ports on the switch switch(config)# show name Port Names Port...
Page 94: Searching The Configuration For Ports With Friendly Port Names (Cli)
Giants Rx Excessive Colln : 0 Total Rx Errors : 0 Deferred Tx Others (Since boot or last clear) : Discard Rx Out Queue Len Unknown Protos Rates (5 minute weighted average) : Total Rx (bps) : 3,028,168 Total Tx (bps) : 1,918,384 Unicast Rx (Pkts/sec) : 5 Unicast Tx (Pkts/sec) : 0...
Page 95: Uni-Directional Link Detection (Udld)
Uni-directional link detection (UDLD) Uni-directional link detection (UDLD) monitors a link between two switches and blocks the ports on both ends of the link if the link fails at any point between the two devices. This feature is particularly useful for detecting failures in fiber links and trunks.
Page 96: Configuring Udld
Configuring UDLD When configuring UDLD, keep the following considerations in mind: • UDLD is configured on a per-port basis and must be enabled at both ends of the link. See the note below for a list of switches that support UDLD. •...
Page 97: Changing The Keepalive Interval (Cli)
Example: To enable UDLD on port a1, enter: switch(config)#interface al link-keepalive To enable the feature on a trunk group, enter the appropriate port range. For example: switch(config)#interface al-a4 link-keepalive NOTE: When at least one port is UDLD-enabled, the switch will forward out UDLD packets that arrive on non-UDLD-configured ports out of all other non-UDLDconfigured ports in the same vlan.
Page 98: Viewing Udld Information (Cli)
NOTE: • You must configure the same VLANs that will be used for UDLD on all devices across the network; otherwise, the UDLD link cannot be maintained. • If a VLAN ID is not specified, UDLD control packets are sent out of the port as untagged packets. •...
Page 99: Viewing Detailed Udld Information For Specific Ports (Cli)
Viewing detailed UDLD information for specific ports (CLI) Enter the show link-keepalive statistics command. Example: Figure 8: Example: of show link-keepalive statistics command Clearing UDLD statistics (CLI) Enter the following command: switch# clear link-keepalive statistics This command clears the packets sent, packets received, and transitions counters in the show link keepalive statistics display (see Figure 8: Example: of show link-keepalive statistics command on page 99 for an Example:).
Page 100 For UFD functionality to work as expected, the NIC teaming must be in Network Fault Tolerance (NFT) mode. Figure 9: Teamed NICs in conjunction with UFD Figure 10: Teamed NICs with a failed uplink NOTE: The state of the LtD is purely governed by the state of the LtM, and is independent of the physical state of the ports in the LtD.
Page 101: Configuration Guidelines For Ufd
Configuration Guidelines for UFD Below is a list of configuration guidelines to be followed for UFD. These are applicable only to blade switches where there is a clear distinction between downlink and uplink ports. 1. UFD is required only when uplink-path redundancy is not available on the blade switches. 2.
Page 102: Show Uplink-Failure-Detection
Command context config Parameters <track_ID> Specifies the track id. <Port-List> Specifies the port list. <delay_value> Specifies the delay value. Examples Configure port A8 as LtM, port A6 as LtD, and delay value as 100 for track 1: Switch(config)# uplink-failure-detection track 1 links-to-monitor A8 links-to-disable A6 delay 100 switch(config)# show running-config Running configuration:...
Page 103: Error Log
Description Shows the uplink failure detection information. Command context manager Examples switch# show uplink-failure-detection Uplink Failure Detection Information UFD Enabled : Yes Track | Monitored Links to Delay | Links Disable State State Lacp Key Lacp Key (sec) ------+---------- ----------- -------- ------- --------- ---------- ------ | Dyn1 Dyn2...
Page 104: Basic Usb Port Commands
Invalid port(s) specified as links-to-monitor. • When a user specifies an invalid LtD port, a message similar to the following is displayed. Invalid port(s) specified as links-to-disable. • When a user specifies an incorrect delay value, an error message similar to the following is displayed: Delay specified does not match with the configured value of <delay value>.
Page 105 switch# show usb-port USB port status: enabled USB port power status: power on (USB device detected in port) Chapter 3 Port Status and Configuration...
Page 106: Chapter 4 Power Over Ethernet (Poe/Poe+) Operation
Chapter 4 Power Over Ethernet (PoE/PoE+) Operation Introduction to PoE PoE technology allows IP telephones, wireless LAN access points, and other appliances to receive power and transfer data over existing ethernet LAN cabling. For more information about PoE technology, see the PoE/PoE+ planning and implementation guide, which is available on the Networking website at http://www.hpe.com/ networking.
Page 107: Applying Security Features To Poe Configurations
Applying security features to PoE configurations You can use the port security features built into the switch to control device or user access to the network through PoE ports in the same way as non-PoE ports. Using Port Security, you can configure each switch port with a unique list of MAC addresses for devices that are authorized to access the network through that port.
Page 108: Pd Support
• Disable or re-enable per-port PoE operation on individual ports to help control power usage and avoid oversubscribing PoE resources. • Configure per-port priority for allocating power in case a PoE device becomes oversubscribed and must drop power for some lower-priority ports to support the demand on other, higher-priority ports. •...
Page 109: How Is Power Allocation Prioritized
priority ports to meet the power demand on other, higher-priority ports. This operation occurs regardless of the order in which PDs connect to the switch’s PoE-enabled ports. How is power allocation prioritized? There are two ways that PoE power is prioritized: •...
Page 110: Configuring The Poe Port Priority
NOTE: The default setting for the pre-std-detect PoE parameter changed. In earlier software the default setting is “on”. The default setting is “off”. Configuring the PoE port priority Syntax: interface <port-list> power-over-ethernet [critical | high | low] Reconfigures the PoE priority level on <port-list>. For a given level, ports are prioritized by port number in ascending order.
Page 111: Manually Configuring Poe Power Levels
Table 7: Power classes and their values Power Value class Depends on cable type and PoE architecture. Maximum power level output of 15.4 watts at the PSE.This is the default class; if there is not enough information about the load for a specific classification, the PSE classifies the load as class 0 (zero).
Page 112: Configuring Poe Redundancy
To view the settings, enter the show power-over-ethernet command, shown in Figure 11: PoE allocation by value and the maximum power delivered on page 112. Figure 11: PoE allocation by value and the maximum power delivered switch(config)# show power-over-ethernet A6 Status and Counters - Port Power Status for port A6 Power Enable : Yes...
Page 113: Changing The Threshold For Generating A Power Notice
Allows you to set the amount of power held in reserve for redundancy. Means that all available power can be allocated to PDs.Default: No PoE redundancy enforced. One of the power supplies is held in reserve for redundancy. If a single power supply fails, no powered devices are shut down.If power supplies with different ratings are used, the highest-rated power supply is held in reserve to ensure full redundancy.
Page 114: Poe/Poe+ Allocation Using Lldp Information
With this setting, if module B is allocated 100 watts of PoE power and is using 68 watts, and then another PD is connected to the module in slot B that uses 8 watts, the 70% threshold of 70 watts is exceeded. The switch sends an SNMP trap and generates this Event Log message: Slot B POE usage has exceeded threshold of 70%.
Page 115: Enabling Or Disabling Ports For Allocating Power Using Lldp
Enabling or disabling ports for allocating power using LLDP Syntax: int <port-list> poe-lldp-detect [enabled | disabled] Enables or disables ports for allocating PoE power based on the link-partner's capabilities via LLDP. Default: Disabled Example: You can enter this command to enable LLDP detection: switch(config) # int A7 poe-lldp-detect enabled or in interface context: switch(eth-A7) # poe-lldp-detect enabled...
Page 116: Viewing Poe When Using Lldp Information
Allows the data link layer to be used for power negotiation between a PD on a PoE port and LLDP. Default: Disabled Example: You can enter this command to enable LLDP detection: switch(config) # int 7 PoE-lldp-detect enabled or in interface context: switch(eth-7) # PoE-lldp-detect enabled NOTE: Detecting PoE information via LLDP affects only power delivery;...
Page 117 LLCP Port Configuration Detail Port : 4 AdminStatus [Tx_Rx] : Tx_Rx NotificationsEnabled [False] : False Med Topology Trap Enabled [False] : False TLVS Advertised: * port_descr * system_name * system_descr * system_cap * capabilities * network_policy * location_id * poe * macphy_config * poeplus_config IpAddress Advertised:...
Page 118: Operating Note
System Descr : Switch 3500-24, revision W.14.xx PortDescr : 23 Pvid : 55 System Capabilities Supported : bridge, router System Capabilities Enabled : bridge Remote Management Address Type : ipv4 Address : 10.0.102.198 Poe Plus Information Detail Poe Device Type : Type2 PD Power Source : Only PSE...
Page 119: Viewing Poe Status On All Ports
Displays PoE information for each port. See Viewing PoE status on all ports on page brief 119. Displays PoE information for the ports in port-list. See Viewing the PoE status on <port-list> specific ports on page 121. Displays PoE information for the selected slots. See Showing the PoE information by <slot-id- slot).Enter the all option to display the PoE information for all slots.
Page 120 The maximum amount of PoE power allocated for that port (expressed in watts).Default: 17 Alloc Power watts for PoE; 33 watts for PoE+. The power actually being used on that port. Actual Power If configured, shows the user-specified identifier for the port. If not configured, this field is Configured Type empty.
Page 121: Viewing The Poe Status On Specific Ports
You can also show the PoE information by slot: Showing the PoE information by slot switch(config)# show power-over-ethernet slot A Status and Counters - System Power Status for slot A Maximum Power : 408 W Operational Status : On Power In Use 9 W +/- 6 W Usage Threshold (%) : 80 Viewing the PoE status on specific ports...
Page 122: 802.3Bt Support
Shows the power class of the PD detected on the indicated port. Classes include: Power Class • 0: 0.44 to 12.95 watts • 1: 0.44 to 3.84 watts • 2: 3.84 to 6.49 watts • 3: 6.49 to 12.95 watts •...
Page 123: Definition Of Terms
IEEE 802.3bt standard devices are backwards compatible with previous PoE standard devices, IEEE 802.3at and IEEE 802.3af, allowing existing PoE devices to deliver or receive power up to their maximum IEEE 802.3 PoE classification. The 2930M switches provide modular stacking, modular 10GbE, 40GbE, or Smart Rate multi-gigabit ports, and hot-swappable power supplies for redundancy, up to 60W PoE per port (up to 1440W PoE total**) for powering APs, cameras, and IoT devices.
Page 124: Configuring The Switch
Table 8: PoE types, classes, standards, power needs for SS PDs Classes Associated PoE types Associated IEEE standard Maximum power at PD port Minimum power at PSE port Class 0 802.3at 13 W / 15.4 W Class 1 1 or 3 802.3at or 802.3bt 3.84 W / 4 W Class 2...
Page 125: Recommendations
• The default switch configuration always power demotes all Class 4-8 SS PDs to Class 3 power and requires successful LLDP dot3Tlv 29 octet power negotiation for Class 5-8 PDs or 12 octet power negotiation for Class 4 PDs before increasing the power delivery to above 16W. •...
Page 126 usage usage 0.0 W 0.0 W Searching usage usage 2.0 W 1.9 W Delivering usage usage 9.0 W 8.4 W Delivering usage lldp 7.3 W 6.9 W Delivering # - Dual signature power delivery ^ - Power demoted ports Example of show pow port Example show command output at a port where LLDP is enabled for a Dual Signature PD.
Page 127: Poe Event Log Messages
PD Requested Power Value : 0.0 W PSE TLV Sent Type : MED MED LLDP Detect : Disabled PD TLV Sent Type : n/a LLDP Dual Signature Information PSE Allocated Power Value A : 25.5 W PSE Allocated Power Value B : 25.5 W PD Requested Power Value A : 0.0 W PD Requested Power Value B...
Page 128 “Switch 2920”, then select the device from the list and click on Product manuals. Click on the “User guide” link under Manuals. Aruba 2930F / 2930M Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 129: Chapter 5 Port Trunking
Chapter 5 Port Trunking Overview of port trunking Port trunking allows you to assign up to eight physical links to one logical link (trunk) that functions as a single, higher-speed link providing dramatically increased bandwidth. This capability applies to connections between backbone devices as well as to connections in other network areas where traffic bottlenecks exist.
Page 130: Port Trunk Features And Operation
Port trunk features and operation The switches covered in this guide offer these options for port trunking: • LACP: IEEE 802.3ad—Trunk group operation using LACP on page 142 • Trunk: Non-Protocol—Trunk group operation using the "trunk" option on page 149 Up to 60 trunk groups are supported on the switches.
Page 131: Static Trunk
Admin and Operational key are usually the same, but using static LACP can alter the Operational key during runtime, in which case the keys would differ. The lacp key command configures both the Admin and Operational keys when using dynamic LACP trunks. It only configures the Admin key if the trunk is a static LACP trunk.
Page 132 Table 11: Trunk configuration protocols Protocol Trunking Options LACP (802.3ad) Provides dynamic and static LACP trunking options. • Dynamic LACP — Use the switch-negotiated dynamic LACP trunk when: ◦ The port on the other end of the trunk link is configured for Active or Passive LACP. ◦...
Page 133 Table 12: General operating rules for port trunks Media: For proper trunk operation, all ports on both ends of a trunk group must have the same media type and mode (speed and duplex). (For the switches, it is recommended to leave the port mode setting at Auto or, in networks using Cat 3 cabling, Auto-10.) Port Configuration: The default port configuration is Auto, which enables a port to sense speed...
Page 134 Spanning Tree: 802.1D (STP) and 802.1w (RSTP) Spanning Tree operate as a global setting on the switch (with one instance of Spanning Tree per switch). 802.1s (MSTP) Spanning Tree operates on a per-instance basis (with multiple instances allowed per switch). For each Spanning Tree instance, you can adjust Spanning Tree parameters on a per-port basis.A static trunk of any type appears in the Spanning Tree configuration display, and you can configure Spanning Tree parameters for a static trunk in the same way that you would...
Page 135: Viewing And Configuring Port Trunk Groups (Cli)
Recommended port mode setting for LACP switch(config)# show interfaces config Port Settings Port Type | Enabled Mode Flow Ctrl MDI ----- --------- + ------- ------------ --------- ---- 10/100TX | Yes Auto Enable Auto 10/100TX | Yes Auto Enable A port trunk in a Spanning Tree listing Port Type Cost Priority State...
Page 136: Viewing Static Lacp And Dynamic Lacp Trunk Data
specifying ports on page 136, the command does not include a port list, so the switch lists all ports having static trunk membership. A show trunk listing without specifying ports switch# show trunks Load Balancing Port | Name Type | Group Type ---- + ----------------------- --------- + ----- ----- | Print-Server-Trunk 10/100TX...
Page 137: Configuring A Static Trunk Or Static Lacp Trunk Group
LACP Trunk Port LACP Admin Oper Port Enabled Group Status Partner Status ---- ------- ----- ------ ------- ------ ---- ----- Active Dyn1 Success Active Dyn1 Success Active Dyn1 Success Active Dyn1 Success Active Dyn1 Success Active Dyn1 Success Active Dyn1 Success Active Dyn1...
Page 138: Enabling A Dynamic Lacp Trunk Group
switch(config)# no trunk c4-c5 Enabling a dynamic LACP trunk group In the default port configuration, all ports on the switch are set to disabled. To enable the switch to automatically form a trunk group that is dynamic on both ends of the link, the ports on one end of a set of links must be LACP Active.
Page 139: Specifying Minimum Active Links For Lacp
Syntax: no interface <port-list> lacp Removes <port-list> from any dynamic LACP trunk and returns the ports in <port-list> to passive LACP. Example: Port C6 belongs to an operating, dynamic LACP trunk. To remove port C6 from the dynamic trunk and return it to passive LACP, do the following: switch(config)# no interface c6 lacp switch(config)# interface c6 lacp passive...
Page 140: Lacp Enable-Timer
Example: eth-Trk Parameters value Sets the threshold value for LACP trunk. The value is an integer that ranges from zero to eight which represents the number of minimum active links. The default value is zero which disables the minimum active links.
Page 141: Show Lacp Min-Active-Links
mad-passthrough Enable or disable MAD passthrough on the LACP trunks. min-active-links Configure the threshold for the minimum number of active member links in a LACP trunk group, for it to be operational. active Enable active LACP. passive Enable passive LACP. static Set the mode of a static LACP port to active or passive.
Page 142: Limitations
lacp enable-timer 356 exit Limitations • Dynamic LACP, static trunks, and distributed trunks will not support this feature. • The command is not available for REST/next Gen UI. • If the LACP trunk is down due to lack of active links with the timer enabled, a dynamic update to the enable- timer by configuration will not take effect immediately as the current timer runs with the previously configured value.
Page 143 In most cases, trunks configured for LACP on the switches operate as described in the following table. Chapter 5 Port Trunking...
Page 144 Table 13: LACP trunk types LACP port trunk Operation configuration Dynamic LACP This option automatically establishes an 802.3ad-compliant trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically assigned value from , depending on how many dynamic and static trunks are currently on the switch.
Page 145: Default Port Operation
LACP port trunk Operation configuration • The port on the other end of the trunk link is configured for a static LACP trunk. • You want to configure non-default Spanning Tree or IGMP parameters on an LACP trunk group. • You want an LACP trunk group to operate in a VLAN other than the default VLAN and GVRP is disabled.
Page 146 Table 14: LACP port status data Status Meaning name Port Numb Shows the physical port number for each port configured for LACP operation (C1, C2, C3 …). Unlisted port numbers indicate that the missing ports that are assigned to a static trunk group are not configured for any trunking.
Page 147: Lacp Notes And Restrictions
LACP notes and restrictions 802.1X (Port-based access control) configured on a port To maintain security, LACP is not allowed on ports configured for 802.1X authenticator operation. If you configure port security on a port on which LACP (active or passive) is configured, the switch removes the LACP configuration, displays a notice that LACP is disabled on the port, and enables 802.1X on that port.
Page 148: Vlans And Dynamic Lacp
VLANs and dynamic LACP A dynamic LACP trunk operates only in the default VLAN (unless you have enabled GVRP on the switch and use Forbid to prevent the ports from joining the default VLAN). If you want to use LACP for a trunk on a non-default VLAN and GVRP is disabled, configure the trunk as a static trunk.
Page 149: Spanning Tree And Igmp
Spanning Tree and IGMP If Spanning Tree, IGMP, or both are enabled in the switch, a dynamic LACP trunk operates only with the default settings for these features and does not appear in the port listings for these features. Half-duplex, different port speeds, or both not allowed in LACP trunks Theports on both sides of an LACP trunk must be configured for the same speed and for full-duplex (FDx).
Page 150: Outbound Traffic Distribution Across Trunked Links
Interface option Dynamic LACP trunk Static LACP trunk group Static non-protocol group CLI show trunk CLI show interfaces CLI show lacp CLI show spanning- tree CLI show igmp CLI show config Outbound traffic distribution across trunked links The two trunk group options (LACP and trunk) use SA/DA pairs for distributing outbound traffic over trunked links. That is, the switch sends traffic from the same source address to the same destination address through the same trunked link, and may also send traffic from the same source address to a different destination address through the same link or a different link, depending on the mapping of path assignments among the links in the trunk.
Page 151: Trunk Load Balancing Using Port Layers
When a new port is added to the trunk, the switch begins sending traffic, either new traffic or existing traffic, through the new link. As links are added or deleted, the switch redistributes traffic across the trunk group. For example, in the figure below showing a three-port trunk, traffic could be assigned as shown in the following table. Figure 17: Example: of port-trunked network Table 15: Example: of link assignments in a trunk group (SA/DA distribution) Source...
Page 152 Syntax: trunk-load-balance L3-based | [L4-based >] This option enables load balancing based on port layer information. The configuration is executed in global configuration context and applies to the entire switch. Default: L3-based load balancing L2-based: Load balance based on Layer 2 information. L3-based: Load balance based on Layer 3 information if present, or Layer 2 information.
Page 153: Chapter 6 Port Traffic Controls
Chapter 6 Port Traffic Controls Rate-limiting CAUTION: Rate-limiting is intended for use on edge ports in a network. It is not recommended for use on links to other switches, routers, or servers within a network, or for use in the network core. Doing so can interfere with applications the network requires to function properly.
Page 154: Displaying The Current Rate-Limit Configuration
NOTE: The granularity of actual limits may vary across different switch models. For more details on configuring rate-limiting, see All traffic rate-limiting on page 153. Notes: • The rate-limit icmp command specifies a rate limit on inbound ICMP traffic only (see ICMP rate-limiting on page 157).
Page 155 All-Traffic Rate Limit Maximum % | Inbound Radius | Outbound Radius Port | Limit Mode Override | Limit Mode Override ------ + --------- -------- ----------- + --------- -------- -------- | Disabled Disabled No-override | 200 kbps No-override | Disabled Disabled No-override | 200 kbps No-override | Disabled...
Page 156: Operating Notes For Rate-Limiting
Operating notes for rate-limiting • Rate-limiting operates on a per-port basis, regardless of traffic priority. Rate-limiting is available on all types of ports (other than trunked ports) and at all port speeds configurable for these switches. • Rate-limiting on a trunk is not allowed for the all, bcast, icmp, and mcast traffic types. Rate-limiting is not supported on ports configured in a trunk group (including mesh ports).
Page 157: Icmp Rate-Limiting
NOTE: Rate-limiting is applied to the available bandwidth on a port and not to any specific applications running through the port. If the total bandwidth requested by all applications is less than the configured maximum rate, then no rate-limit can be applied. This situation occurs with a number of popular throughput-testing applications, as well as most regular network applications.
Page 158: Guidelines For Configuring Icmp Rate-Limiting
NOTE: ICMP rate-limiting does not throttle non-ICMP traffic. In cases where you want to throttle both ICMP traffic and all other inbound traffic on a given interface, you can separately configure both ICMP rate- limiting and all-traffic rate-limiting. The all-traffic rate-limiting command (rate-limit all) and the ICMP rate-limiting command (rate-limit icmp) operate differently: •...
Page 159: Using Both Icmp Rate-Limiting And All-Traffic Rate-Limiting On The Same Interface
(Default: Disabled.) percent <1-100> Values in this range allow ICMP traffic as a percentage of the bandwidth available on the interface. kbps <0-10000000> Specifies the rate at which to forward traffic in kilobits per second. Causes an interface to drop all incoming ICMP traffic and is not recommended. See the caution.
Page 160: Viewing The Current Icmp Rate-Limit Configuration
• Inbound ICMP traffic on port "X" is using 1% of the port's bandwidth, and • Inbound traffic of all types on port "X" demands 61% of the ports's bandwidth, all inbound traffic above 55% of the port's bandwidth, including any additional ICMP traffic, is dropped as long as all inbound traffic combined on the port demands 55% or more of the port's bandwidth.
Page 161: Icmp Rate-Limiting Trap And Event Log Messages
• ICMP percentage-based rate-limits are calculated as a percentage of the negotiated link speed: For example, if a 100 Mbps port negotiates a link to another switch at 100 Mbps and is ICMP rate-limit configured at 5%, the inbound ICMP traffic flow through that port is limited to 5 Mbps. Similarly, if the same port negotiates a 10 Mbps link, it allows 0.5 Mbps of inbound traffic.
Page 162: Determining The Switch Port Number Used In Icmp Port Reset Commands
Syntax: interface <port-list> rate-limit icmp trap-clear On a port configured with ICMP rate-limiting, this command resets the ICMP trap function, which allows the switch to generate a new SNMP trap and an Event Log message if ICMP traffic in excess of the configured limit is detected on the port.
Page 163: Configuring Inbound Rate-Limiting For Broadcast And Multicast Traffic
Configuring inbound rate-limiting for broadcast and multicast traffic You can configure rate-limiting (throttling) of inbound broadcast and multicast traffic on the switch, which helps prevent the switch from being disrupted by traffic storms if they occur on the rate-limited port. The rate-limiting is implemented as a percentage of the total available bandwidth on the port.
Page 164: Operating Notes
Inbound multicast rate-limiting of 20% on port 3 switch(eth-3)# rate-limit mcast in percent 20 switch(eth-3)# show rate-limit mcast Multicast-Traffic Rate Limit Maximum % Port | Inbound Limit Mode Radius Override ----- + ------------- --------- --------------- | Disabled Disabled No-override | Disabled Disabled No-override | 20...
Page 165: Guaranteed Minimum Bandwidth (Gmb)
◦ Transceiver type not supported in this software version. ◦ Not an Switch Transceiver. Guaranteed minimum bandwidth (GMB) GMB provides a method for ensuring that each of a given port's outbound traffic priority queues has a specified minimum consideration for sending traffic out on the link to another device. This can prevent a condition where applications generating lower-priority traffic in the network are frequently or continually "starved"...
Page 166: Impacts Of Qos Queue Configuration On Gmb Operation
Since the switch services outbound traffic according to priority (highest to lowest), the highest-priority outbound traffic on a given port automatically receives the first priority in servicing. Thus, in most applications, it is necessary only to specify the minimum bandwidth you want to allocate to the lower priority queues. In this case, the high-priority traffic automatically receives all unassigned bandwidth without starving the lower-priority queues.
Page 167: Configuring Gmb For Outbound Traffic
Configuring GMB for outbound traffic For any port, group of ports, or static trunk, you can configure either the default minimum bandwidth settings for each outbound priority queue or a customized bandwidth allocation. For most applications, Hewlett Packard Enterprise recommends configuring GMB with the same values on all ports on the switch so that the outbound traffic profile is consistent for all outbound traffic.
Page 168 Queue 8 (high priority) Queue 7 (high priority) Queue 6 (medium priority) Queue 5 (medium priority) Queue 4 (normal priority) Queue 3 (normal priority) Queue 2 (low priority) Queue 1 (low priority) A setting of 0 (zero percent) on a queue means that no bandwidth minimum is specifically reserved for that queue for each of the ports (including trunked ports) in the <port-list|trk_#>...
Page 169: Viewing The Current Gmb Configuration
Priority of Minimum Effect on outbound bandwidth allocation outbound port bandwidth % queue Queue 6 has a GMB of 10% and, if oversubscribed, is subordinate to queues 8 and 7 in priority for any unused outbound bandwidth available on the port. Queue 5 has a GMB of 10% and, if oversubscribed, is subordinate to queues 8, 7, and 6 for any unused outbound bandwidth available on the port.
Page 170: Gmb Operating Notes
Port ------ --- ------ --- ------ --- --- --- ------ strict strict strict strict strict Trk1 strict GMB operating notes Impact of QoS queue configuration on GMB commands Changing the number of queues causes the GMB commands (interface bandwidth-min and show bandwidth output) to operate only on the number of queues currently configured.
Page 171: Rate-Limit Unknown-Unicast In Kbps
mcast Set a rate limit for multicast traffic. queues Set a rate limit for each traffic queue. unknown-unicast Set a rate limit for unicast flood traffic. switch(eth-2)# rate-limit unknown-unicast Set a rate limit for incoming unicast flood traffic. switch(eth-2)# rate-limit unknown-unicast in kbps percent switch(eth-2)# rate-limit unknown-unicast in percent 10...
Page 172: Show Rate-Limit Unknown-Unicast
switch(eth-1)# rate-limit unknown-unicast Set a rate limit for incoming unicast flood traffic. switch(eth-1)# rate-limit unknown-unicast kbps percent switch(eth-1)# rate-limit unknown-unicast in kbps 100 switch(eth-1)# show rate-limit Show total traffic rate limits. bcast Show broadcast traffic rate limits. icmp Show ICMP traffic rate limits. mcast Show multicast traffic rate limits.
Page 173: Jumbo Frames
| 10 kbps | 10 | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled...
Page 174 to 9220 bytes. A port receiving frames exceeding the applicable MTU drops such frames, causing the switch to generate an Event Log message and increment the "Giant Rx" counter (displayed by show interfaces <port-list> ). • The switch allows flow control and jumbo frame capability to co-exist on a port. •...
Page 175: Configuring Jumbo Frame Operation
downstream device must be configured to accept the jumbo traffic. Otherwise, this traffic will be dropped by the downstream device. Configuring jumbo frame operation For detailed information about jumbo frames, see Jumbo frames on page 173. Overview 1. Determine the VLAN membership of the ports or trunks through which you want the switch to accept inbound jumbo traffic.
Page 176: Enabling Or Disabling Jumbo Traffic On A Vlan
If port 1 belongs to VLAN 1, port 2 belongs to VLAN 10, and port 3 belongs to VLAN 15, executing this command with a port-list of 1 - 3 results in a listing of all three VLANs, even though none of the ports belong to all three VLANS.
Page 177: Configuring A Maximum Frame Size
Configuring a maximum frame size You can globally set a maximum frame size for jumbo frames that will support values from 1518 bytes to 9216 bytes for untagged frames. Syntax: jumbo max-frame-size <size> Sets the maximum frame size for jumbo frames. The range is from 1518 bytes to 9216 bytes. (Default: 9216 bytes) NOTE: The jumbo max-frame-size is set on a GLOBAL level.
Page 178: Operating Notes For Maximum Frame Size
switch(config)# show jumbos Jumbos Global Values Configured : MaxFrameSize : 9216 Ip-MTU : 9198 In Use : MaxFrameSize : 9216 Ip-MTU : 9198 For more information about frame size, see Jumbo frames on page 173. Operating notes for maximum frame size •...
Page 179: Fault Finder Thresholds
• Too many undersized/giant packets (bad driver) • Excessive late collisions (cable too long) • High collision or drop rate (over bandwidth) • Excessive broadcast packets (broadcast storm) • Excessive multicast packets (multicast storm) • Duplex mismatch (duplex mismatch HDx - reconfigure to Full Duplex) •...
Page 180 • all: All fault types • bad-driver: Too many undersized/giant packets • bad-transceiver: Excessive jabbering • bad-cable: Excessive CRC/alignment errors • too-long-cable: Excessive late collisions • over-bandwidth: High collision or drop rate • broadcast-storm: Excessive broadcasts • duplex-mismatch-HDx: Duplex mismatch. Reconfigure to Full Duplex •...
Page 181 Table 18: Fault finder sensitivities for supported conditions Condition Sensitivities Units (in Time period Fault finder triggering packets) reacts: fault finder High Medium Bad driver — 1/10,000 20 secs If (undersized/ Too many Incoming total) >= under-sized (sensitivity/ packets or too 10,000)OrIf many giant (giant/total) >=...
Page 182 Condition Sensitivities Units (in Time period Fault finder triggering packets) reacts: fault finder Over 21257 36449 1/10,000 5 mins5 mins If (excessive bandwidth - OutgoingOne collisions/ High collision Packet total) >= rate -High (sensitivity/ drop rate 10,000)The count of dropped packets >= sensitivity during the last...
Page 183 1. CRC errors/total must be >= (sensitivity/10,000) to trigger an alert. 2. CRC errors/total = 15/3500 = .00043 3. Sensitivity/10,000 = 6/10,000 = .0006 4. .00043 is not greater than or equal to .0006, so an alert is not triggered. Chapter 6 Port Traffic Controls...
Page 184: Chapter 7 Configuring For Network Management Applications
Chapter 7 Configuring for Network Management Applications Using SNMP tools to manage the switch SNMP is a management protocol that allows an SNMP client application to retrieve device configuration and status information and to configure the device (get and set). You can manage the switch via SNMP from a network management station.
Page 185: Snmpv1 And V2C Access To The Switch
Click on software updates, then MIBs. SNMPv1 and v2c access to the switch SNMP access requires an IP address and subnet mask configured on the switch. If you are using DHCP/Bootp to configure the switch, ensure that the DHCP/Bootp process provides the IP address. Once an IP address is configured, the main steps for configuring SNMPv1 and v2c access management features are: Procedure...
Page 186: Enabling And Disabling Switch For Access From Snmpv3 Agents
CAUTION: Restricting access to only version 3 messages will make the community named “public” inaccessible to network management applications (such as autodiscovery, traffic monitoring, SNMP trap generation, and threshold setting) from operating in the switch. Enabling and disabling switch for access from SNMPv3 agents This includes the creation of the initial user record.
Page 187: Snmpv3 Users
CAUTION: Restricting access to only version 3 messages makes the community named "public" inaccessible to network management applications (such as autodiscovery, traffic monitoring, SNMP trap generation, and threshold setting) from running on the switch. Example: SNMP version 3 enable command SNMPv3 users NOTE: To create new users, most SNMPv3 management software requires an initial user record to clone.
Page 188 Adding users To configure an SNMPv3 user, you must first add the user name to the list of known users with the snmpv3 user command, as shown in the following image. Figure 23: Adding SNMPv3 users and displaying SNMPv3 configuration SNMPv3 user commands Syntax: [no] snmpv3 user <USER_NAME>...
Page 189 Displays information about the management stations configured on VLAN 1 to access the switch. Display of the management stations configured on VLAN 1 switch# configure terminal switch(config)# vlan 1 switch(vlan-1)# show snmpv3 user Status and Counters - SNMPv3 Global Configuration Information User Name Auth.
Page 190: Group Access Levels
Group access levels The switch supports eight predefined group access levels, shown in the following table. There are four levels for use by version 3 users and four are used for access by version 2c or version 1 management applications. Table 19: Predefined group access levels Group name Group access type...
Page 191: Snmpv3 Communities
◦ vacmContextTable ◦ vacmAccessTable ◦ vacmViewTreeFamilyTable • OperatorReadView – no access to the following: ◦ icfSecurityMIB ◦ hpSwitchIpTftpMode ◦ vacmContextTable ◦ vacmAccessTable ◦ vacmViewTreeFamilyTable ◦ usmUserTable ◦ snmpCommunityTable • Discovery View – Access limited to samplingProbe MIB. NOTE: All access groups and views are predefined on the switch. There is no method to modify or add groups or views to those that are predefined on the switch.
Page 192: Listing Community Names And Values (Cli)
The following image shows the assigning an Operator community on MgrStation1 to the CommunityOperatorReadWrite group. Any other operator has an access level of CommunityOperatorReadOnly. Figure 25: Assigning a community to a group access level SNMP community features Use SNMP communities to restrict access to the switch by SNMP management stations by adding, editing, or deleting SNMP communities.
Page 193 To list the data for only one community, such as the "public" community, use the above command with the community name included. For Example: switch# show snmp-server public Configuring community names and values (CLI) The snmp-server command enables you to add SNMP communities with either default or specific access attributes, and to delete specific communities.
Page 194: Snmp Notifications
switch(config) # no snmp-server community gold-team SNMP notifications The switches: • Default Traps: A switch automatically sends default traps to trap receivers using the configured community name. You have to configure and supply the community name to use in the trap-receiver config, there is no default.
Page 195: Snmpv1 And Snmpv2C Traps
If you want to use SNMPv3 notifications (including traps), you must also configure an SNMPv3 management station. Follow the required configuration procedure in Configuring SNMPv3 notifications (CLI) on page 199. 2. To reconfigure any of the SNMP notifications that are enabled by default to be sent to a management station (trap receiver), see Enabling Link-Change Traps (CLI) on page 204.
Page 196: Overview
Configuring an SNMP trap receiver (CLI) Syntax: snmp-server host {< ipv4-addr | ipv6-addr >} < community name> Configures a destination network management station to receive SNMPv1/v2c traps and (optionally) Event Log messages sent as traps from the switch, using the specified community name and destination IPv4 or IPv6 address.
Page 197: Snmp Trap When Mac Address Table Changes
Use the rmonlog-set-threshold command to set the threshold limit for RMON event log memory. rmonlog-set-threshold Syntax rmonlog-set-threshold <percentage> no rmonlog-set-threshold <percentage> Description Configures the threshold percentage for RMON event logging. The default value is 80. The no form of this command resets RMON event logging threshold to default value. Command context config Parameters...
Page 198: Snmpv2C Informs
The mac-notify trap feature globally enables the generation of SNMP trap notifications on MAC address table changes (learns/moves/removes/ages.) The following command enables trap for aged MAC addresses: Syntax: switch(config)# [no] mac-notify traps [port-list] aged Example: For port 1 the command is: Syntax: switch(config)# mac-notify traps 1 aged show command...
Page 199: Configuring Snmpv3 Notifications (Cli)
Enabling SNMPv2c informs (CLI) For information about enabling SNMPv2c informs, see SNMPv2c informs on page 198. Syntax: [no] snmp-server host {< ipv4-addr | ipv6-addr >} <community name> inform [retries < count >] [timeout < interval >] Enables (or disables) the inform option for SNMPv2c on the switch and allows you to configure options for sending SNMP inform requests.
Page 200 When SNMPv3 is enabled, the switch supports: • Reception of SNMPv3 notification messages (traps and informs) • Configuration of initial users • (Optional) Restriction of non-SNMPv3 messages to "read only" 2. Configure SNMPv3 users by entering the snmpv3 user command. Each SNMPv3 user configuration is entered in the User Table.
Page 201 Name of the SNMPv3 station's parameters file. The params <ASCII-STR> parameters filename configured with params <ASCII- STR> must match the params <ASCII-STR> value entered with the snmpv3 params command in Step 6. The <IP-ADDR> sets the IP address of the destination. Specifies the SNMPv3 notifications (identified by one or taglist <ASCII-STR>...
Page 202: Network Security Notifications
Configures the security model used for SNMPv3 {<sec_model [ver1 | ver2c | ver3>]} notification messages sent to the management station configured with the snmpv3 targetaddress command in Step 5. If you configure the security model as ver3, you must also configure the message processing value as ver3.
Page 203 • Invalid password entered in a login attempt through a direct serial, Telnet, or SSH connection • Manager password changes • Port-security (web, MAC, or802.1X) authentication failure • SNMP authentication failure • Running configuration changes Enabling or disabling notification/traps for network security failures and other security events (CLI) Syntax: [no] snmp-server enable traps [arp-protect | auth-server-fail | dhcp-server...
Page 204: Enabling Link-Change Traps (Cli)
running-config-change Traps for running config change. snmp-authentication [extended | Select RFC-1157 (standard) or ICF-SNMP (extended) standard] traps. Startup-config-change Traps for changes to the startup configuration. Enable traps for the VSF functionality. To determine the specific cause of a security event, check the Event Log in the console interface to see why a trap was sent.
Page 205: Source Ip Address For Snmp Notifications
Enter all to enable or disable link-change traps on all ports on the switch. Readable interface names in traps The SNMP trap notification messages for linkup and linkdown events on an interface includes IfDesc and IfAlias var-bind information. Source IP address for SNMP notifications The switch uses an interface IP address as the source IP address in IP headers when sending SNMP notifications (traps and informs) or responses to SNMP requests.
Page 206 The no form of the command resets the switch to the default behavior (compliant with rfc-1517). (Default: Use the interface IP address in generated trap PDUs) ipv4-addr User-defined interface IPv4 address that is used as the source IP address in generated traps.
Page 207: Viewing Snmp Notification Configuration (Cli)
dstIpOfRequest: The destination IP address of the interface on which an SNMP request is received and used as the source IP address in SNMP replies. Viewing SNMP notification configuration (CLI) Syntax: show snmp-server Displays the currently configured notification settings for versions SNMPv1 and SNMPv2c traps, including SNMP communities, trap receivers, link-change traps, and network security notifications.
Page 208: Event Scenario Matrix
• Authentication failure notifications • Enterprise change notifications • Intrusion alarm notifications Event scenario matrix Different event scenarios for which traps are generated: Event Id Severity Action Message Info Slot Insertion I 06/20/16 09:18:43 00068 chassis: AM1: Slot C Inserted Info Slot Removal I 06/20/16 09:18:50 00067 chassis: AM1: Slot C Removed...
Page 209 Removing a slot module Event Id: 67 Inserting transceiver Event Id: 405 Chapter 7 Configuring for Network Management Applications...
Page 210 Removing a transceiver Aruba 2930F / 2930M Management and Configuration Guide for ArubaOS-Switch 16.08...
Page 211: Configuring The Mac Address Count Option
Inserting a stack-module Configuring the MAC address count option The MAC Address Count feature provides a way to notify the switch management system when the number of MAC addresses learned on a switch port exceeds the permitted configurable number. To enable the mac-count-notify option, enter this command in global config context. Syntax: [no] snmp-server enable traps mac-count-notify Sends a trap when the number of MAC addresses learned on the specified ports exceeds the configured...
Page 212: Displaying Information About The Mac-Count-Notify Option
Configuring mac-count notify traps on ports 5–7 switch (config)# mac-count-notify traps 5-7 50 Displaying information about the mac-count-notify option Use the show mac-count-notify traps [<port-list>] command to display information about the configured value for sending a trap, the current count, and if a trap has been sent. Information displayed for the show mac-count-notify traps command switch(config)# show mac-count-notify traps Mac-count-notify Enabled: Yes...
Page 213: Advanced Management: Rmon
MAC address table changes : Disabled MAC Address Count : Enabled Address Community Events Type Retry Timeout ---------------- ----------- ------- ------ ------ ------- 15.146.194.77 public None trap 15.255.134.252 public None trap 16.181.49.167 public None trap 16.181.51.14 public None trap Excluded MIBs The notify option is enabled.
Page 214: Viewing Sflow Configuration And Status (Cli)
Once an sFlow receiver/destination has been enabled, this command enables flow sampling for that instance. The receiver-instance number is 1, 2, or 3, and the sampling rate is the allowable non-zero skipcount for the specified port or ports. To disable flow-sampling for the specified port-list, repeat the above command with a sampling rate of 0. Syntax: sflow <receiver-instance>...
Page 215: Configuring Udld Verify Before Forwarding
Datagrams Sent Destination Address 10.0.10.41 Receiver Port 6343 Owner Administrator, CLI-owned, Instance 2 Timeout (seconds) 99995530 Max Datagram Size 1400 Datagram Version Support Note the following details: • Destination Address remains blank unless it has been configured. • Datagrams Sent shows the number of datagrams sent by the switch agent to the management station since the switch agent was last enabled.
Page 216: Udld Time Delay
The default mode of a switch is “forward first then verify’’. Enabling UDLD link-up will default to “forward first then verify”. To change the mode to “verify then forward”, you need to configure using the commands found in section 6.72. NOTE: Link-UP data traffic will resumed after probing the link partner completes.
Page 217: Show Commands
Keeps the port in a logically blocked state until the link configured for UDLD has been successfully established in bi-directional communication. Syntax: Switch(config)# link-keepalive mode forward-then-verify Forwards the data then verifies the status of the link. If a unidirectional state is detected, the port is then moved to a blocked state.
Page 218: Lldp
Severity: - Info. LLDP To standardize device discovery on all switches, LLDP is implemented while offering limited read-only support for CDP, as documented in this manual. For the latest information on your switch model, consult the Release Notes (available on the HPE Networking website). If LLDP has not yet been implemented (or if you are running an older version of software), consult a previous version of the Management and Configuration Guide for device discovery details.
Page 219: Packet Boundaries In A Network Topology
Packet boundaries in a network topology • Where multiple LLDP devices are directly connected, an outbound LLDP packet travels only to the next LLDP device. An LLDP-capable device does not forward LLDP packets to any other devices, regardless of whether they are LLDP-enabled.
Page 220: Snmp Notification
• Receive only (rxonly): This setting enables a port to receive and read LLDP packets from LLDP neighbors and to store the packet data in the switch's MIB. However, the port does not transmit outbound LLDP packets. This prevents LLDP neighbors from learning about the switch through that port. •...
Page 221: Remote Management Address
Data type Configuration options Default Description Type Always Enabled Shows the network address type. Address Default or Configured Uses a default address selection method unless an optional address is configured. See Remote management address on page 221. System Name Enable/Disable Enabled Uses the switch's assigned name.
Page 222: Lldp And Lldp-Med Standards Compatibility
• Using the switch's show lldp info command options to display data collected on adjacent LLDP devices— as well as the local data the switch is transmitting to adjacent LLDP devices (Displaying the global LLDP, port admin, and SNMP notification status (CLI) on page 223). •...
Page 223: Spanning-Tree Blocking
Spanning-tree blocking Spanning tree does not prevent LLDP packet transmission or receipt on STP-blocked links. 802.1X blocking Ports blocked by 802.1X operation do not allow transmission or receipt of LLDP packets. Configuring LLDP operation Displaying the global LLDP, port admin, and SNMP notification status (CLI) In the default configuration, LLDP is enabled and in both transmit and receive mode on all active ports.
Page 224: Configuring Global Lldp Packet Controls
Viewing port configuration details (CLI) Syntax: show lldp config <port-list> Displays the LLDP port-specific configuration for all ports in <port-list>, including which optional TLVs and any non-default IP address that are included in the port's outbound advertisements. For information on the notification setting, see Configuring SNMP notification support on page 227. For information on the other configurable settings displayed by this command, see Configuring per-port transmit and receive modes (CLI) on page 228.
Page 225 Enables or disables LLDP operation on the switch. The no form of the command, regardless of individual LLDP port configurations, prevents the switch from transmitting outbound LLDP advertisements and causes the switch to drop all LLDP advertisements received from other devices. The switch preserves the current LLDP configuration when LLDP is disabled.
Page 226 switch(config)# lldp holdtime-multiplier 2 Delay interval between advertisements generated by value or status changes to the LLDP MIB The switch uses a delay-interval setting to delay transmitting successive advertisements resulting from these LLDP MIB changes. If a switch is subject to frequent changes to its LLDP MIB, lengthening this interval can reduce the frequency of successive advertisements.
Page 227: Configuring Snmp Notification Support
Changing the reinitialization delay interval (CLI) Syntax: setmib lldpReinitDelay.0 -i <1-10> Uses setmib to change the minimum time (reinitialization delay interval) an LLDP port will wait before reinitializing after receiving an LLDP disable command followed closely by a txonly or tx_rx command. The delay interval commences with execution of the lldp admin-status port-list disable command.
Page 228: Configuring Per-Port Transmit And Receive Modes (Cli)
switch(config)# setmib lldpnotificationinterval.0 -i 60 lldpNotificationInterval.0=60 Configuring per-port transmit and receive modes (CLI) Syntax: lldp admin-status <port-list> {<txonly | rxonly | tx_rx | disable>} With LLDP enabled on the switch in the default configuration, each port is configured to transmit and receive LLDP packets.
Page 229 If there are no IP addresses configured as management addresses, the IP address selection method returns to the default operation. Default: The port advertises the IP address of the lowest-numbered VLAN (VID) to which it belongs. If there is no IP address configured on the VLANs to which the port belongs, and if the port is not configured to advertise an IP address from any other (static) VLAN on the switch, the port advertises an address of 127.0.0.1.) NOTE: This command does not accept either IP addresses acquired through DHCP or Bootp, or IP...
Page 230: Support For Port Speed And Duplex Advertisements
◦ System capabilities Supported (TLV subelement) ◦ System capabilities Enabled (TLV subelement) • Port speed and duplex (TLV subelement) Optional data types, when enabled, are populated with data internal to the switch; that is, you cannot use LLDP commands to configure their actual content. Support for port speed and duplex advertisements This feature is optional for LLDP operation, but is required for LLDP-MED operation.
Page 231: Configuring The Vlan Id Tlv
Configuring the VLAN ID TLV This TLV advertisement is enabled by default. To enable or disable the TLV, use this command. For more information, see Port VLAN ID TLV support on LLDP Port VLAN ID TLV support on LLDP on page 230. Syntax: [no] lldp config <port-list>...
Page 232: Snmp Support
The VLAN ID TLV is being advertised. Local device LLDP information switch(config)# show lldp config info local-device a1 LLDP Port Configuration Information Detail Port : A1 PortType : local PortId PortDesc : A1 Port VLAN ID : 1 The information that LLDP used in its advertisement. Remote device LLDP information switch(config)# show lldp info remote-device a1 LLDP Remote Device Information Detail...
Page 233: Lldp-Med (Media-Endpoint-Discovery)
LLDP-MED (media-endpoint-discovery) LLDP-MED (ANSI/TIA-1057/D6) extends the LLDP (IEEE 802.1AB) industry standard to support advanced features on the network edge for Voice Over IP (VoIP) endpoint devices with specialized capabilities and LLDP- MED standards-based functionality. LLDP-MED in the switches uses the standard LLDP commands described earlier in this section, with some extensions, and also introduces new commands unique to LLDP-MED operation.
Page 234: Lldp-Med Endpoint Device Classes
• Autonegotiate speed and duplex configuration with the switch • Use the following network policy elements configured on the client port ◦ Voice VLAN ID ◦ 802.1p (Layer 2) QoS ◦ Diffserv codepoint (DSCP) (Layer 3) QoS • Discover and advertise device location data learned from the switch •...
Page 235: Lldp-Med Fast Start Control
NOTE: LLDP-MED operation also requires the port speed and duplex TLV (dot3TlvEnable), which is enabled in the default configuration. Topology change notifications provide one method for monitoring system activity. However, because SNMP normally employs UDP, which does not guarantee datagram delivery, topology change notification should not be relied upon as the sole method for monitoring critical endpoint device connectivity.
Page 236 NOTE: LLDP-MED operation requires the macphy_config TLV subelement (enabled by default) that is optional for IEEE 802.1AB LLDP operation. For more information, see the dot3TlvEnable macphy_config command (Configuring support for port speed and duplex advertisements (CLI) on page 230). Network policy advertisements Network policy advertisements are intended for real-time voice and video applications, and include these TLV subelements: •...
Page 237 Syntax: [no] lldp config <port-list> medTlvEnable <medTlv> Enables or disables advertisement of the following TLVs on the specified ports: • Device capability TLV • Configured network policy TLV • Configured location data TLV (see Configuring location data for LLDP-MED devices on page 238.) •...
Page 238: Location Data For Lldp-Med Devices
PoE advertisements These advertisements inform an LLDP-MED endpoint of the power (PoE) configuration on switch ports. Similar advertisements from an LLDP-MED endpoint inform the switch of the endpoint's power needs and provide information that can be used to identify power priority mismatches. PoE TLVs include the following power data: •...
Page 239 NOTE: The switch allows one medPortLocation entry per port (without regard to type). Configuring a new medPortLocation entry of any type on a port replaces any previously configured entry on that port. civic-addr <COUNTRY-STR> <WHAT> <CA-TYPE> <CA-VALUE> … [< CA-TYPE > < CA-VALUE >] … [< CA-TYPE > < CA-VALUE >] Enables configuration of a physical address on a switch port and allows up to 75 characters of address information.
Page 240 Type/Value Pairs A series of data pairs, each composed of a location data "type" specifier and the (CA-TYPE and CA- corresponding location data for that type. That is, the first value in a pair is expected VALUE) to be the civic address "type" number ( CA-TYPE), and the second value in a pair is expected to be the corresponding civic address data ( CA-VALUE).
Page 241 Configuring coordinate-based locations Latitude, longitude, and altitude data can be configured per switch port using an SNMP management application. For more information, see the documentation provided with the application. A further source of information on this topic is RFC 3825-Dynamic host configuration protocol option for coordinate-based location configuration information.
Page 242: Viewing Switch Information Available For Outbound Advertisements
A civic address configuration switch(config)# lldp config 2 medportlocation civic-addr US 2 1 CA 3 Widgitville 6 Main 19 1433 26 Suite_4—N 27 4 28 N4—3 switch(config)# show lldp config 2 LLDP Port Configuration Detail Port : A2 AdminStatus [Tx_Rx] : Tx_Rx NotificationEnabled [False] : False Med Topology Trap Enabled [False] : False Country Name...
Page 243: Displaying The Current Port Speed And Duplex Configuration On A Switch Port
Displaying the global and per-port information available for outbound advertisements switch(config)# show lldp info local-device LLDP Local Device Information Chassis Type : mac-address Chassis Id : 00 23 47 4b 68 DD System Name : Switch1 System Description : J9091A Switch 3500yl, revision XX.15.06... System Capabilities Supported:bridge System Capabilities Enabled:bridge Management Address...
Page 244: Viewing Advertisements Currently In The Neighbors Mib
Viewing the current port speed and duplex configuration on a switch port Syntax: show interfaces brief <port-list> Includes port speed and duplex configuration in the Mode column of the resulting display. Viewing advertisements currently in the neighbors MIB Syntax: show lldp info remote-device [port-list] Without the [port-list] option, provides a global list of the individual devices it has detected by reading LLDP advertisements.
Page 245: Displaying Lldp Statistics
System Capabilities Supported : bridge, telephone System Capabilities Enabled : bridge, telephone Remote Management Address MED Information Detail EndpointClass :Class3 Media Policy Vlan id Media Policy Priority Media Policy Dscp Media Policy Tagged :False Poe Device Type Power Requested Power Source :Unknown Power Priority :High...
Page 246 Neighbor Entries Dropped The number of valid LLDP neighbors the switch detected, but could not Count add.This can occur, For example, when a new neighbor is detected when the switch is already supporting the maximum number of neighbors. See Neighbor maximum on page 247. Neighbor Entries AgeOut The number of LLDP neighbors dropped on all ports because of Time-to- Count...
Page 247: Lldp Operating Notes
| 97317 97843 | 21 | 446 A per-port LLDP statistics display switch(config)# show lldp stats 1 LLDP Port Statistics Detail PortName : 1 Frames Discarded Frames Invalid Frames Received : 7309 Frames Sent : 7231 TLVs Unrecognized : 0 TLVs Discarded Neighbor Ageouts LLDP Operating Notes...
Page 248: Mandatory Tlvs
refresh-interval is large. See Changing the time-to-live for transmitted advertisements (CLI) on page 225. Mandatory TLVs All mandatory TLVs required for LLDP operation are also mandatory for LLDP-MED operation. LLDP and CDP data management This section describes points to note regarding LLDP and CDP (Cisco Discovery Protocol) data received by the switch from other devices.
Page 249: Cdp Operation And Commands
LLDP data transmission/collection and CDP data collection are both enabled in the switch's default configuration. In this state, an SNMP network management application designed to discover devices running either CDP or LLDP can retrieve neighbor information from the switch regardless of whether LLDP or CDP is used to collect the device-specific information.
Page 250: Viewing The Current Cdp Neighbors Table Of The Switch
Enable CDP [Yes] : Yes (Receive Only) Port CDP ---- -------- enabled enabled enabled Viewing the current CDP neighbors table of the switch Devices are listed by the port on which they were detected. Syntax: show cdp neighbors Lists the neighboring CDP devices the switch detects, with a subset of the information collected from the device's CDP packet.
Page 251: Enabling Or Disabling Cdp Operation On Individual Ports
Enables or disables CDP read-only operation on the switch. (Default: Enabled) Example: To disable CDP read-only on the switch: switch(config)# no cdp run When CDP is disabled: • show cdp neighbors displays an empty CDP Neighbors table • show cdp displaysGlobal CDP informationEnable CDP [Yes]: No Enabling or disabling CDP operation on individual ports In the factory-default configuration, the switch has all ports enabled to receive CDP packets.
Page 252 • VOIP VLAN Reply (type 0xe): voice VLAN ID (same as advertised by LLDPMED) • Trust Bitmap (type 0x12): 0x00 • Untrusted port COS (type 0x13): 0x00 CDP should be enabled and running on the interfaces to which the phones are connected. Use the cdp enable and cdp run commands.
Page 253: Filtering Cdp Information
enabled tx_rx enabled tx_rx When CDP mode is not pre-standard voice, the admin-status column is note displayed. The show cdp output when cdp run and cdp mode rxonly are enabled switch(config)# show cdp Global CDP Information Enable CDP [Yes} : Yes CDP mode [rxonly] : rxonly Port CDP ---- --------...
Page 254: Displaying The Configuration
Configuring the switch to ignore packet MAC address learns for an untagged VLAN switch(config) ignore-untagged-mac 1-2 Displaying the configuration Enter the show running-config command to display information about the configuration. Configuration showing interfaces to ignore packet MAC address learns switch(config) show running-config Running configuration: ;...
Page 255: Overview
Syntax: logging filter [filter-name] enable Overview A command has been written to suppress the IPv4 / IPv6 management address transmission in outgoing LLDP packets. A local LAN device transmits organization-specific information in the form of type, length, and value (TLV). The organization-associated values are stored in the LLDP organizationally defined local device LLDP MIB extensions.
Page 256: Lldp Config
[no] lldp config all basicTlvEnable management_addr lldp config Syntax lldp config <port-number> Description Configure the lldp for the desired port by number. Parameter basicTlvEnable Enables the basic advertised TLV for each port by number. Options <management_addr> Use the option <management_addr> to specify specific devices to enable TLV advertisement. Usage lldp config <port_num>...
Page 257: Chapter 8 Dhcpv4 Server
Chapter 8 DHCPv4 server Overview The Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automate assignment of IP addresses to hosts. A DHCP server can be configured to provide other network information like IP addresses of TFTP servers, DNS server, boot file name and vendor specific options. Commonly there are two types of address assignments, dynamic and manual.
Page 258: Authoritative Pools
Authoritative pools To process the DHCPINFORM packets received from a client within the given IP pool, a DHCP server has to be configured as authoritative for that IP pool. The server is the sole authority for this IP pool so when a client requests an IP address lease where the server is authoritative, and the server has no record of that IP address, the server will respond with DHCPNAK message which indicates that the client should no longer use that IP address.
Page 259: Dhcpv4 Configuration Commands
Table 25: Authoritative and non-authoritative pools Authoritative Pool Non-authoritative pool When a For Own IP For IP Unknown IP For Own IP For IP belonging to Unknown IP DHCP client belonging to falling outside different client falling outside sending.. different the range the range client...
Page 260 pool DHCPv4 server IP address pool. ASCII-STR Enter an ASCII string. authoritative Configure the DHCP server authoritative for a pool. bootfile-name Specify the boot file name which is used as a boot image. default-router List of IP addresses of the default routers. dns-server List of IP addresses of the DNS servers.
Page 261: Authoritative
Trying to delete non existing pool The specified address pool does not exist. Only alphanumeric characters, numerals and Invalid name. Only alphanumeric characters and underscore is allowed in the pool name. Violating hyphen are allowed. this would throw the following error message. Trying to delete existing pool or adding new pool DHCP server should be disabled before changing when DHCP server enabled.
Page 262: Dns-Server
dns-server Syntax [no] dns-server <IP-ADDR> [IP-ADDR2 IP-ADDR8] Description Configure the DHCP pool context to the DNS IP servers that are available to a DHCP client. List of IP addresses of the DNS servers. Two IP addresses must be separated by comma. Maximum of eight DNS servers can be configured.
Page 263: Netbios Node Type
Maximum of 8 NetBIOS (WINS) name servers can be configured. NetBIOS node type net bios-ode-type Syntax [no] netbios-node-type [ broadcast | hybrid | mixed | peer-to-peer ] Description Configure the DHCP pool mode to the NetBIOS node type for a Microsoft DHCP. The NetBIOS node type for Microsoft DHCP clients can be one of four settings: broadcast, peer-to-peer, mixed, or hybrid.
Page 264 Specify hexadecimal string as option code value. Specify one or more IP addresses as option code value. ip-addr-str Specify IP address. ascii-str Enter an ASCII string. hex-str Specify Hexadecimal string. Configure the raw DHCP server options. NOTE: Following DHCP options are not supported: 1,3,6,12,15,44,46,50,52,54,55,57,58,59,61,66,67,82.
Page 265: Ip Address Range
IP address range range Syntax [no] range <IP-ADDR>[<IP-ADDR>] Description Configure the DHCP pool to the range of IP address for the DHCP address pool. Parameters and options range Range of IP addresses for the DHCPv4 server address pool. ip-addr Low IP address. High IP address.
Page 266: Tftp-Server
tftp-server Syntax [no] tftp-server [server-name <server-name> | server-ip < ip-address >] Description Configure the TFTP server domain name for the DHCP address pool. Parameters and options tftp-server Configure a TFTP server for the DHCPv4 server address pool. server-name TFTP server name for the DHCPv4 server address pool. Configure the TFTP server address tftp-server Syntax...
Page 267: Save Dhcp Server Automatic Bindings
timeout <1-10 Ping timeout in the range of 1–10 seconds. Indicates the amount of time the DHCPv4 server must wait before timing out a ping packet. Defaults to one second. Save DHCP server automatic bindings dhcp-server database Syntax [no] dhcp-server database [file ASCII-STR] [delay<15-86400>][timeout <0-86400>] Description Specifies DHCPv4 database agent and the interval between database updates and database transfers.
Page 268: Dhcp-Server Conflict-Logging
dhcp-server conflict-logging Syntax [no] dhcp-server conflict-logging Description Enable conflict logging on a DHCP server. Default is disabled. Parameters and options conflict-logging Enable DHCPv4 server address conflict logging. Enable the DHCP server on a VLAN dhcp-server Syntax dhcp-server Description Enable DHCPv4 server on a VLAN. DHCPv4 client or DHCPv4 relay cannot co-exist with DHCPv4 server on a VLAN.
Page 269: Delete An Automatic Address Binding
Description Reset all DHCP server and BOOTP counters Parameters and options statistics Reset DHCPv4 server and BOOTP counters. Delete an automatic address binding clear dhcp-server statistics Syntax clear dhcp-server statistics Description Delete an automatic address binding from the DHCP server database. Parameters and options binding Reset DHCPv4 server automatic address bindings.
Page 270: Event Log
Event log Event Log Messages Cause Table 26: Event Log Messages Events Debug messages DHCP server is enabled globally. DHCP server is enabled globally. DHCP server is enabled globally.Warning -One or DHCP server is enabled globally. Warnings - more incomplete pool configurations are found One or more incomplete pool configurations during the server startup.
Page 271 Events Debug messages "All IP addresses are removed from the conflict- All IP addresses are removed from the logging database conflict-logging database. Dynamic binding for IP address %s is freed Dynamic binding for a specific IP address is freed. All the dynamic IP bindings are freed All the dynamic IP bindings are freed.
Page 272 Events Debug messages No IP addresses to offer from pool %s No IP addresses available on the specified pool. High threshold reached for pool %s. Active High threshold reached for the specified bindings: %d, Free bindings: %d pool. Count of Active bindings and Free bindings are printed as arguments.
Page 273: Chapter 9 Dhcpv6 Server
Chapter 9 DHCPv6 server DHCPv6 hardware address The incremental deployment of IPv6 to existing IPv4 networks results in dual-stacking network environments. Some devices will act as both DHCPv4 and DHCPv6 clients. For these dual-stack situation, here is a need to associate DHCPv4 and DHCPv6 messages with the same client interface.
Page 274: Dhcpv6 Snooping Trust
Validation rules for DHCPv6 global snooping Validation Error/Warning/Prompt Verify whether entered ipv6 address is valid Invalid Ipv6 address:< ipv6-address> If an invalid server address is configured Invalid IP address. Only IPv6 unicast or link- local addresses are supported. If the limit on configuring the authorized servers had Cannot configure the authorized server as reached.
Page 275: Dhcpv6-Snooping Authorized-Server
Validation Error/Warning/Prompt Verify whether the port exist in the device. Module not present for port or invalid port: <PORT- LIST> If the port is a part of a SVLAN and the Port %s cannot be configured as trusted port as it is bridge mode is mixed mode.
Page 276: Dhcpv6-Snooping Max-Bindings
that the attempt to transfer the DHCPv6 lease file retries indefinitely. The default timeout value is 300 seconds. database Configure the parameters to copy the DHCPv6 Snooping lease file to a TFTP server. delay Configure the number of seconds to wait before copying the DSNOOPv6 lease file to a TFTP server. file Copy the DHCPv6 Snooping lease file to a TFTP server.
Page 277: Dhcpv6-Relay Option 79
Validation rules Validation Error/Warning/Prompt Verify max-bindings value entered is in the range Invalid input: <value> If DHCPv6-Snooping is already configured before Existing bindings %d are more than the max- entering the command and current bindings are bindings being configured, and the maximum greater than the value being set.
Page 278: Clear Dhcpv6-Snooping Stats
Description Configure the traps for DHCPv6 snooping. Parameters and options out-of-resources This trap is sent when the number of bindings exceed the maximum limit of 8192 bindings. errant-reply This trap is sent when a DHCPv6 reply packet is received on an untrusted port or from an un-authorized server.
Page 279 Parameters and options [ethernet] PORT-LIST Specify the ports being configured for Ipv6 source-lockdown. source-lockdown Enable IPv6 source lockdown for a specific port. Validation rules Validation Error/Warning/Prompt Verify whether dhcpv6-snooping is enabled DHCPv6 snooping is disabled. globally Verify whether port configured is in the VLAN Ports <PORT-LIST>...
Page 280: Ipv6 Source-Binding
ipv6 source-binding Syntax [no] ipv6 source-binding VLAN-ID IPV6-ADDR MAC-ADDR PORT-NUM IPV6-ADDR Description Add a DHCPv6 static binding entry into the binding table. Static binding entries will have infinite lifetime. Parameters and options VLAN-ID The VLAN ID of the static binding entry. Ipv6-ADDRESS The Ipv6 address of the static binding entry.
Page 281: Snmp-Server Enable Traps Dyn-Ipv6-Lockdown
Validation Error/Warning/Prompt If DSNOOPV6 is globally disabled when Cannot configure static binding whenDHCPv6 configuring a static binding. Snooping is disabled. While configuring a static binding if the Ipv6 %s has already been assigned to a VID/MAC. address is already present in the Binding table but Delete the existing binding first.
Page 282: Debug Security Dynamic-Ipv6-Lockdown
out-of-resources Dynamic IPv6 Lockdown out of resources. violations Dynamic IPv6 lockdown violations. debug security dynamic-ipv6-lockdown Syntax debug security dynamic-ipv6-lockdown Description Enable debug for DIPLDv6 Show commands for DHCPv6–snooping show dhcpv6-snooping Syntax show dhcpv6-snooping Description Show dhcpv6 snooping configuration. Validaton rules Validation Error/Warning/Prompt If dhcpv6-snooping not enabled...
Page 283: Show Ipv6 Source-Lockdown
show ipv6 source-lockdown Syntax show ipv6 source-lockdown [bindings | status] Description Shows IPv6 source bindings that are configured using the command IPv6 source-bindings. Parameters and options bindings Show source bindings for Dynamic IPv6 Lockdown ports. status Show source bindings for Dynamic IPv6 Lockdown status. Show source bindings Dynamic IPv6 Lockdown status Dynamic IPv6 Lockdown Bindings Port...
Page 284: Show Snmp-Server Traps
show snmp-server traps Syntax show snmp-server traps <COMMUNITY-STR> Description Shows traps controlled. Shows all information on SNMP communities, trap receivers and SNMP response or trap source-ip policy configured on the switch. Parameters and options traps Show all configured traps. <COMMUNITY-STR> Displays information for the specified community only.
Page 285: Show Distributed-Trunking Consistency-Parameters
dhcp-snooping Display

HP Aruba JL253A Management And Configuration Manual

Chapter 1 About this Guide

Chapter 2 Time Protocols

Chapter 3 Port Status and Configuration

Chapter 4 Power over Ethernet (Poe/Poe+) Operation

Chapter 5 Port Trunking

Chapter 6 Port Traffic Controls

Chapter 7 Configuring for Network Management Applications

Quick Links

Troubleshooting

Related Manuals for HP Aruba JL253A

Summary of Contents for HP Aruba JL253A