Summary of Contents for Hewlett Packard Enterprise Aruba 2920
Page 1
Aruba 2920 Management and Configuration Guide for ArubaOS- Switch 16.05 Part Number: 5200-4205a Published: April 2018 Edition: 2...
Page 2
Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website. Acknowledgments ®...
Contents Chapter 1 About this guide................Applicable products..........................24 Switch prompts used in this guide......................Chapter 2 Time Protocols................General steps for running a time protocol on the switch................25 TimeP time synchronization......................SNTP time synchronization......................25 NTP time synchronization......................Command........................timesync Selecting a time synchronization protocol....................26 Disabling time synchronization........................
Page 4
Changing the keepalive retries (CLI)..................93 Configuring UDLD for tagged ports..................Viewing UDLD information (CLI)....................Viewing summary information on all UDLD-enabled ports (CLI)........Viewing detailed UDLD information for specific ports (CLI)..........95 Clearing UDLD statistics (CLI)................... Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 5
Uplink failure detection..........................96 Configuration guidelines for UFD....................enable/disable........................98 UFD track data configuration......................UFD minimum uplink threshold configuration................show uplink-failure-detection......................99 UFD operating notes........................Error log............................Invalid port error messages......................100 Chapter 4 Power Over Ethernet (PoE/PoE+) Operation......101 Introduction to PoE..........................terminology..........................101 Planning and implementing a PoE configuration...................
Page 6
Dynamic/static LACP interoperation.................156 Trunk group operation using the "trunk" option..................156 How the switch lists trunk data.......................156 Outbound traffic distribution across trunked links.................. Trunk load balancing using port layers....................Enabling trunk load balancing..................... Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 7
Chapter 6 Port Traffic Controls..............Rate-limiting............................All traffic rate-limiting........................Configuring in/out rate-limiting..................161 Displaying the current rate-limit configuration..............Operating notes for rate-limiting..................ICMP rate-limiting..........................Guidelines for configuring ICMP rate-limiting................166 Configuring ICMP rate-limiting....................Using both ICMP rate-limiting and all-traffic rate-limiting on the same interface......167 Viewing the current ICMP rate-limit configuration...............
Page 8
Viewing sFlow Configuration and Status (CLI)..............Configuring UDLD Verify before forwarding...................227 UDLD time delay......................... Restrictions........................228 UDLD configuration commands....................Show commands.........................229 RMON generated when user changes UDLD mode..............LLDP..............................General LLDP operation......................LLDP-MED........................Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 9
Packet boundaries in a network topology................... LLDP operation configuration options..................Enable or disable LLDP on the switch................231 Enable or disable LLDP-MED..................Change the frequency of LLDP packet transmission to neighbor devices....... Change the Time-To-Live for LLDP packets sent to neighbors........Transmit and receive mode....................
Page 10
Display the DHCPv4 server IP pool information...............283 Display DHCPv4 server global configuration information..........283 Event log............................. Event Log Messages......................284 LLDP Management TLV Transmission disablement................Overview............................. Commands..........................286 [no] lldp config basicTlvEnable management_addr............286 lldp config......................... Show commands.........................287 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 11
Chapter 9 Captive Portal for ClearPass............. Requirements............................289 Best Practices............................Limitations..............................290 Features..............................290 High Availability...........................290 Load balancing and redundancy....................Captive Portal when disabled........................ Disabling Captive Portal......................291 Configuring Captive Portal on CPPM.....................291 Import the HP RADIUS dictionary....................Create enforcement profiles......................292 Create a ClearPass guest self-registration.................
Page 12
Troubleshooting............................. Dynamic configuration not displayed when using “show running-config”........340 Switch does not detect the rogue AP TLVs................. The show run command displays non-numerical value for untagged-vlan.......340 Show commands.........................341 Validation Rules...........................341 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 13
Chapter 12 Device Profile for custom device types........344 Procedure for creating a device identity and associating a device type..........Chapter 13 Dynamically detecting LLDP device profiles......device-profile..........................345 device-profile type-device........................device-profile device-type enable..................346 Associating a profile with a device......................device-profile device-type associate...............347 show device-profile status.......................347 show device-profile config........................348...
Page 14
Using the menu to view and search MAC addresses............398 Finding the port connection for a specific device on a VLAN........... Viewing and searching port-level MAC addresses............Determining whether a specific device is connected to the selected port......Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 15
MSTP data............................. show spanning-tree........................400 IP IGMP status............................401 show ip igmp..........................VLAN information...........................403 show vlan............................ Configuring a source switch in a local mirroring session............... Selecting all traffic on a port interface for mirroring according to traffic direction........405 Viewing all mirroring sessions configured on the switch................
Page 16
An attempt to copy a client public-key file into the switch has failed and the switch lists one of the following messages..................440 Client ceases to respond ("hangs") during connection phase..........440 TACACS-related problems......................Event Log......................... All users are locked out of access to the switch...............440 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 17
No communication between the switch and the TACACS+ server application....Access is denied even though the username/password pair is correct......441 Unknown users allowed to login to the switch..............441 System allows fewer login attempts than specified in the switch configuration....442 TimeP, SNTP, or Gateway problems...................
Page 18
Switching to a new configuration....................526 Rolling back to a stable configuration using job scheduler............Commands used in switch configuration restore without reboot............528 Configuration backup..........................cfg-backup..........................529 show config files........................529 Configuration restore without reboot .....................531 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 19
cfg-restore..........................531 Force configuration restore....................cfg-restore non-blocking..................534 cfg-restore recovery-mode................... cfg-restore verbose....................cfg-restore config_bkp..................Configuration restore with force option..................System reboot commands....................540 Configuration restore without force option.................. show cfg-restore status....................541 Viewing the differences between a running configuration and a backup configuration....543 Show commands to show the SHA of a configuration................
Page 20
Overview............................. [no] aaa authentication captive-portal profile................Validation rules......................... Policy commands...........................590 Overview............................. policy user........................... [no] policy user..........................policy resequence........................Commands in the policy-user context..................(policy-user)# class......................User role configuration...........................592 aaa authorization user-role......................Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 21
Error log..........................593 captive-portal-profile........................594 policy............................reauth-period..........................594 Validation rules......................... VLAN commands........................vlan-id..........................595 vlan-name.........................595 VLAN range commands.........................596 Applying a UDR............................. aaa port-access local-mac apply user-role................. VXLAN show commands........................show captive-portal profile......................show user-role..........................598 show port-access clients......................Chapter 27 Port QoS Trust Mode..............Overview..............................Configuration commands........................
Page 22
TR-069........................ Zero-touch configuration process....................643 Zero-touch configuration setup and execution................CLI commands............................646 Configuration setup........................ACS password configuration.......................647 When encrypt-credentials is off..................When encrypt-credentials is on..................ACS URL configuration ......................ACS username configuration...................... Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 23
configuration........................CPE password configuration.......................649 When encrypt-credentials is on..................When encrypt-credentials is off..................CPE username configuration...................... Enable/disable CWMP........................ Show commands.........................650 CWMP configuration and status query................650 Event logging............................System logging..........................651 Status/control commands......................652 Network Out-of-Band Management (OOBM)..........654 Concepts..............................654 Example:............................. OOBM and switch applications....................OOBM configuration..........................
This guide provides information on how to configure, manage, and monitor basic switch operation. Applicable products This guide applies to these products: Aruba 2920 Switch Series (J9726A, J9727A, J9728A, J9729A, J9836A) Switch prompts used in this guide Examples in this guide are representative and may not match your particular switch/environment. Examples use...
In the factory-default configuration, time synchronization is disabled by default. NOTE: Because the Aruba 2920 Switch Series does not contain an RTC (real time clock) chip, Hewlett Packard Enterprise recommends configuring one of the time synchronization protocols supported.
Update the system clock using TIMEP or SNTP. Update the system clock using NTP. Selecting a time synchronization protocol Procedure 1. Select the time synchronization protocol: TimeP, SNTP, or NTP. 2. Enable the protocol; the choices are: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
a. TimeP: DHCP or Manual b. SNTP: Broadcast or Unicast c. NTP: Broadcast or Unicast 3. Configure the remaining parameters for the time protocol you selected. The switch retains the parameter settings for both time protocols even if you change from one protocol to the other.
Move the cursor to the System Name field. 3. Use the Space bar to move the cursor to the Time Sync Method field. 4. Use the Space bar to select SNTP, then move to the SNTP Mode field. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 29
If you are unsure which version to use, Hewlett Packard Enterprise recommends leaving this value at the default setting of 3 and testing SNTP operation to determine whether any change is necessary.
This command can help you to easily examine and compare the IP addressing on the switch. It lists the IP addresses for all time servers configured on the switch, plus the IP addresses and default gateway for all VLANs configured on the switch. Display showing IP addressing for all configured time servers and VLANs switch(config)# show management Status and Counters - Management Address Information...
Page 32
Procedure 1. View the current time synchronization. 2. Select SNTP as the time synchronization mode. 3. Enable SNTP for Broadcast mode. 4. View the SNTP configuration again to verify the configuration. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 33
The commands and output would appear as follows: Figure 4: Enabling SNTP operation in Broadcast Mode switch(config)# show sntp SNTP Configuration Time Sync Mode: Timep SNTP Mode : disabled Poll Interval (sec) [720] :720 switch(config)# timesync sntp switch(config)# sntp broadcast switch(config)# show sntp SNTP Configuration Time Sync Mode: Sntp...
Page 34
If the SNTP server you specify uses SNTP v4 or later, use the sntp server command to specify the correct version number. For example, suppose you learned that SNTP v4 was in use on the server you specified above Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 35
(IP address 10.28.227.141). You would use the following commands to delete the server IP address , re-enter it with the correct version number for that server. Specifying the SNTP protocol version number switch(config)# no sntp server 10.28.227.141 switch(config)# sntp server 10.28.227.141 4 switch(config)# show sntp SNTP Configuration Time Sync Mode: Sntp...
Page 36
Disabling time synchronization by disabling the SNTP mode switch(config)# no sntp switch(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : disabled Poll Interval (sec) [720] : 600 IP Address Protocol Version ------------- ----------------- 10.28.227.141 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Note that even though the Time Sync Mode is set to Sntp, time synchronization is disabled because no sntp has disabled the SNTP Mode parameter. SNTP client authentication Enabling SNTP authentication allows network devices such as HPE switches to validate the SNTP messages received from an NTP or SNTP server before updating the network time.
When authentication succeeds, the time in the packet is used to update the time on the switch. Configuring a key-id as trusted (CLI) Enter the following command to configure a key-id as trusted. Syntax: sntp authentication key-id <key-id> trusted no sntp authentication key-id <key-id> trusted Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Trusted keys are used during the authentication process. You can configure the switch with up to eight sets of key-id/key-value pairs. One specific set must selected for authentication; this is done by configuring the set as trusted. The key-id itself must already be configured on the switch. To enable authentication, at least one key-id must be configured as trusted.
Viewing all SNTP authentication keys that have been configured on the switch (CLI) Enter the show sntp authentication command, as shown in Show sntp authentication command output on page 41. Show sntp authentication command output switch(config)# show sntp authentication SNTP Authentication Information SNTP Authentication : Enabled Key-ID Auth Mode...
Page 42
50 sntp server priority 1 10.10.10.2.3 sntp server priority 2 fe80::200:24ff:fec8:4ca8 4 NOTE: The SNTP authentication line and the Key-ids are not displayed. You must reconfigure SNTP authentication. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
If include-credentials is configured, the SNTP authentication configuration is saved in the configuration file. When the show config command is entered, all of the information that has been configured for SNTP authentication displays, including the key-values. Figure 5: Saved SNTP Authentication information when include-credentials is configured TimeP: Selecting and configuring The following table shows TimeP parameters and their operations.
TIMEP TimeP Mode [Disabled] : DHCP Poll Interval (min) [720] : 720 Time Zone [0] : Daylight Time Rule [None] : None • Use the Spacebar to select the Manual mode. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
◦ Move the cursor to the Server Address field. ◦ Enter the IP address of the TimeP server you want the switch to use for time synchronization. NOTE: This step replaces any previously configured TimeP server IP address. ◦ Move the cursor to the Poll Interval field, then go to step 6. 6.
Like DHCP mode, configuring TimeP for manual mode enables TimeP. However, for manual operation, you must also specify the IP address of the TimeP server. (The switch allows only one TimeP server.) Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 47
Syntax: timesync timep Selects TimeP. Syntax: ip timep manual <ip-addr> Activates TimeP in manual mode with a specified TimeP server. Syntax: no ip timep Disables TimeP. Enabling TimeP in DHCP Mode Because the switch provides a TimeP polling interval (default:720 minutes), you need only these two commands for a minimal TimeP DHCP configuration: Syntax: timesync timep...
Page 48
Specifies how long the switch waits between time polling intervals. The default is 720 minutes and the range is 1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.) Example: To change the poll interval to 60 minutes: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
switch(config)# ip timep interval 60 Disabling time synchronization without changing the TimeP configuration (CLI) Syntax: no timesync Disables time synchronization by changing the Time Sync Mode configuration to Disabled. This halts time synchronization without changing your TimeP configuration. The recommended method for disabling time synchronization is to use the timesync command.
CLI to replace one of the existing addresses with a new one, you must delete the unwanted address before you configure the new one. Deleting addresses Syntax: no sntp server <ip-addr> Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Deletes a server address. If there are multiple addresses and you delete one of them, the switch re-orders the address priority. Example: To delete the primary address in the above Example: and automatically convert the secondary address to primary: switch(config)# no sntp server 10.28.227.141 Operating with multiple SNTP server addresses configured (Menu) When you use the Menu interface to configure an SNTP server IP address, the new address writes over the...
Enable/disable NTP. max-association Maximum number of Network Time Protocol (NTP) associations. server Configure a NTP server to poll for time synchronization. trap Enable/disable NTP traps. unicast Operate in unicast mode. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Example switch(config)# no ntp This will delete all NTP configurations on this device. Continue [y/n]? ntp enable This command is used to enable or disable NTP on the switch. Syntax ntp enable Example switch(config)# ntp enable Enable/disable NTP. Description Enable or disable NTP. Use [no] to disable NTP. Restrictions Validation Error/Warning/Prompt...
Authenticate using SHA1. trusted Set this authentication key as trusted. ntp max-association This command is used to configure the maximum number of servers associated with this NTP client. Syntax ntp max-association <number> Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Options max-association <number> Sets the maximum number of NTP associations. Description Configure maximum number of servers associated with the client. Up to eight servers can be configured as the maximum. Restrictions The range for a maximum number of NTP associations is 1–8. Example Switch(config)# ntp max-associations...
Page 56
<IP-ADDR> key key-id min-poll <4-17> Enter an integer number. switch(config)# ntp server <IP-ADDR> key key-id prefer max-poll <max-poll-val> min-poll <min-poll-val> iburst Enable initial burst (iburst) mode. burst Enable burst mode. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Switch(config)# ntp server IP-ADDR key key-id prefer maxpoll <number> minpoll <number> iburst Restrictions Validation Error/Warning/Prompt Authentication key-id has not been If authentication key-id not configured configured. Key-id is not trusted. If Key-id is not marked as trusted NTP max poll value should be more than When min poll value is more than max poll value min poll value.
Trap name resulting in send notification when stratum level of NTP changes. ntp-peer-change Trap name resulting in send notification when a (new) syspeer has been selected. ntp-new-association Trap name resulting in send notification when a new association is mobilized. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
ntp-remove-association Trap name resulting in send notification when an association is demobilized. ntp-config-change Trap name resulting in send notification when the NTP configuration has changed. ntp-leapsec-announced Trap name resulting in send notification when a leap second has been announced. ntp-alive-heartbeat Trap name resulting in send notification periodically (as defined by ntpEntHeartbeatInterval) to indicate that the NTP entity is still alive.
1 00:00:00 1990 show ntp associations Syntax show ntp associations [detail <IP-ADDR>] Description Show the status of configured NTP associations. Options detail Show the detailed status of NTP associations configured for the system. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
"none", a message displays. If the authentication method is anything other Not legal combination of authentication methods. than two-factor and the two-factor authentication method options are set, a message displays. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 63
Validation Error/Warning/Prompt If two-factor authentication is set and user SSH client is not supported when the two-factor tries to SSH into another system using ssh authentication is enabled. <ip | hostname> command, a message displays. If timeSync is in SNTP or Timep when NTP Timesync is not configured to NTP.
W 01/01/15 18:24:03 03398: ssh: The two-factor authentication for SSH session failed as “ssh-server” certificate is not installed. When NTP client enabled. NTP client is enabled. When NTP client disabled. NTP client is disabled. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Event Message When NTP found a new broadcast server. A new broadcast server at %s. When system clock was updated with new time. The system clock time was changed by %ld sec %lu nsec. The new time is %s. When NTP stratum was updated. The NTP Stratum was changed from %d to %d.
Resource usage in the policy enforcement engine is based on how these features are configured on the switch: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• Resource usage by dynamic port ACLs is determined as follows: Dynamic port ACLs configured by a RADIUS server for an authenticated client determine the current resource consumption for this feature on a specified slot. When a client session ends, the resources in use for that client become available for other uses.
Throttling or blocking of newly detected clients with high rate-of-connection requests (as defined by the current VT configuration).The switch continues to generate Event Log notifications (and SNMP trap notification, if configured) for new instances of high-connection-rate behavior detected by the VT feature. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 3 Port Status and Configuration Viewing port status and configuring port parameters Connecting transceivers to fixed-configuration devices If the switch either fails to show a link between an installed transceiver and another device or demonstrates errors or other unexpected behavior on the link, check the port configuration on both devices for a speed and/or duplex (mode) mismatch.
Page 70
Auto-10: Allows the port to negotiate between half-duplex (HDx) and full-duplex (FDx) while keeping speed at 10 Mbps. Also negotiates flow control (enabled or disabled). Hewlett Packard Enterprise recommends auto-10 for links between 10/100 auto-sensing ports connected with Cat 3 cabling. (Cat 5 cabling is required for 100 Mbps links.).
Status or Description parameter 10-Gigabit CX4 Copper Ports: Auto: The port operates at 10 gigabits FDx and negotiates flow control. Lower speed settings or half-duplex are not allowed. 10-Gigabit SC Fiber-Optic Ports (10-GbE SR, 10-GbE LR, 10-GbE ER): Auto: The port operates at 10 gigabits FDx and negotiates flow control. Lower speed settings or half-duplex are not allowed.
Auto Disable 1000T | Yes Auto Disable 1000T | Yes Auto Disable 1000T | Yes Auto Disable Trk1 Trunk 1000T | Yes Auto Disable Trk2 Trunk Actions-> Cancel Edit Save Help Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Cancel changes and return to previous screen. Use arrow keys to change action selection and <Enter> to execute action. 2. Press [E] (for Edit). The cursor moves to the Enabled field for the first port. For further information on configuration options for these features, see the online help provided with this screen.
You can create show commands displaying the information that you want to see in any order you want by using the custom option. Syntax: show interfaces custom [port-list] column-list Select the information that you want to display. Supported columns are shown in the table below. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 75
Table 4: Supported columns, what they display, and examples: Parameter column Displays Examples port Port identifier type Port type 100/1000T status Port status up or down speed Connection speed and duplex 1000FDX mode Configured mode auto, auto-100, 100FDX MDI mode auto, MDIX flow Flow control...
Operating notes for viewing port utilization statistics • For each port on the switch, the command provides a real-time display of the rate at which data is received (Rx) and transmitted (Tx) in terms of kilobits per second (KBits/s), number of packets per second (Pkts/s), and utilization (Util) expressed as a percentage of the total bandwidth available.
For example, to enter the context level for port C6 and then configure that port for 100FDx: switch(config)# int e c6 switch(eth-C6)# speed-duplex 100-full Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
If port C8 was disabled, and you wanted to enable it and configure it for 100FDx with flow-control active, you could do so with either of the following command sets: Figure 8: Two methods for changing a port configuration For more on flow control, see Enabling or disabling flow control (CLI) on page 79. Enabling or disabling flow control (CLI) NOTE: You must enable flow control on both ports in a given link.
Page 80
10GigFD 10GbE-T | No Down 10GigFD 10GbE-T | No Down 10GigFD 10GbE-T | No Down 10GigFD 10GbE-T | No Down 10GigFD 10GbE-T | No Down 10GigFD 10GbE-T | No Down 10GigFD Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Port shutdown with broadcast storm A LAN broadcast storm arises when an excessively high rate of broadcast packets flood the LAN. Occurrence of LAN broadcast storm disrupts traffic and degrades network performance. To prevent LAN traffic from being disrupted, an enhancement of fault-finder commands adds new options, and the corresponding MIBs, that trigger a port disablement when a broadcast storm is detected on that port.
:: = { hpicfFaultFinder 5 } hpicfFfBcastStormControlPortConfigTable OBJECT-TYPE • syntax sequence: HpicfFfBcastStormControlPortConfigEntry • max-access: not-accessible • status: current • description: This table provides information about broadcast storm control configuration of all ports.::= {hpicfFfBcastStormControlPortConfig 1} hpicfFfBcastStormControlPortConfigEntry OBJECT-TYPE Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 83
• syntax HpicfFfBcastStormControlPortConfigEntry • max-access: not-accessible • status: current • description: This object provides information about broadcast storm control configuration of each port. • index: {hpicfffbcaststormcontrolportindex}::= {hpicfFfBcastStormControlPortConfigTable 1} hpicfFfBcastStormControlPortConfigEntry ::= Syntax sequence:hpicfFfBcastStormControlPortIndex InterfaceIndex, hpicfFfBcastStormControlMode Integer, hpicfFfBcastStormControlRisingpercent Integer32, hpicfFfBcastStormControlRisingpps Integer32, hpicfFfBcastStormControlAction Integer, hpicfFfBcastStormControlPortDisableTimer Unsigned32 hpicfFfBcastStormControlPortIndex OBJECT-TYPE •...
Page 84
This time period is specified in seconds. The default value is zero which means that the port remains disabled and is not enabled again. • DEFVAL {0} ::= {hpicfFfBcastStormControlPortConfigEntry 6} Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Configuring auto-MDIX Copper ports on the switch can automatically detect the type of cable configuration (MDI or MDI-X) on a connected device and adjust to operate appropriately. This means you can use a "straight-through" twisted-pair cable or a "crossover" twisted-pair cable for any of the connections—the port makes the necessary adjustments to accommodate either one for correct operation.
10GbE-T | Yes Auto Disable Auto 10GbE-T | Yes Auto Disable Auto 10GbE-T | Yes Auto Disable Auto 10GbE-T | Yes Auto Disable Auto Displaying the current MDI operating mode switch(config)# show interfaces brief Status and Counters - Port Status | Intrusion Flow Bcast Port...
Name : Draft-Server:Trunk Port : A8 Type : 10GbE-T Name : Draft-Server:Trunk Displaying friendly port names with other port data (CLI) You can display friendly port name data in the following combinations: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Syntax: show name Displays a listing of port numbers with their corresponding friendly port names and also quickly shows you which ports do not have friendly name assignments. (show name data comes from the running-config file.) Syntax: show interface <port-number> Displays the friendly port name, if any, along with the traffic statistics for that port.
A1 with a friendly port name. Notice that the command sequence saves the friendly port name for port A1 in the startup-config file. The name entered for port A2 is not saved because it was executed after write memory. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Listing of the startup-config file with a friendly port name configured (and saved) switch(config)# int A1 name Print_Server@10.25.101.43 switch(config)# write mem switch(config)# int A2 name Herbert's_PC switch(config)# show config Startup configuration: ; J9091A Configuration Editor; Created on release xx.15.05.xxxx hostname "HPSwitch" interface AQ name "Print_Server@10.25.101.43 exit...
Determines the maximum number of retries to send UDLD control packets. The num parameter specifies the maximum number of times the port will try the health check. You can specify a value from 3 to 10. Default: 5 Syntax: [no] interface <port-list> link-keepalive vlan <vid> Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Assigns a VLAN ID to a UDLD-enabled port for sending tagged UDLD control packets.Under default settings, untagged UDLD packets can still be transmitted and received on tagged only ports; however, a warning message is logged. The no form of the command disables UDLD on the specified ports. Default: UDLD packets are untagged;...
Clears UDLD statistics. This command clears the packets sent, packets received, and transitions counters in the show link-keepalive statistics display. Viewing summary information on all UDLD-enabled ports (CLI) Enter the show link-keepalive command. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Example: Figure 11: Example: of show link-keepalive command Viewing detailed UDLD information for specific ports (CLI) Enter the show link-keepalive statistics command. Example: Figure 12: Example: of show link-keepalive statistics command Clearing UDLD statistics (CLI) Enter the following command: switch# clear link-keepalive statistics Chapter 3 Port Status and Configuration...
For an example of teamed NICs in conjunction with UFD, see Figure 13: Teamed NICs in conjunction with UFD on page 97.) For an example of teamed NICs with a failed uplink, see Figure 14: Teamed NICs with a failed uplink on page 97. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 97
NOTE: For UFD functionality to work as expected, the NIC teaming must be in Network Fault Tolerance (NFT) mode. Figure 13: Teamed NICs in conjunction with UFD Figure 14: Teamed NICs with a failed uplink Chapter 3 Port Status and Configuration...
Used to configure ports given as LtM and ports given as LtD for track-id. This command will also accept trunk interfaces. Options [no] ufd track-id <track-id> From within track-id context: [no] links-to-monitor <port-list> [no] links-to-disable <port-list> Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
uplink-failure-detection-track switch(config)# uplink-failure-detection-track 10 links-to-monitor 18,19,20 links-to-disable 1,2,3 The above command is used to configure ports 18,19,20 as LtM and ports 1,2,3 as LtD for track-id 10. switch(config)# no uplink-failure-detection-track 10 This command will remove any track data associated with track-id 10. switch(config)# no uplink-failure-detection-track 10 links-to-monitor 18 links-to-disable 1 This command will remove port 18 as LtM and port 1 as LtD from track-id 10.
Invalid port(s) specified as links-to-disable. • When a user specifies an invalid LtD port an error message similar to the following is displayed.Invalid port(s) specified as links-to-disable. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 4 Power Over Ethernet (PoE/PoE+) Operation Introduction to PoE PoE technology allows IP telephones, wireless LAN access points, and other appliances to receive power and transfer data over existing ethernet LAN cabling. For more information about PoE technology, see the PoE/PoE+ planning and implementation guide, which is available on the HPE Networking website at http://www.hpe.com/ networking.
"searching". If the PSE cannot supply the required amount of power, it does not supply any power. For PoE using a Type 1 device, a PSE will not supply any power to a PD unless the PSE has at least 17 watts available. For Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
example, if a PSE has a maximum available power of 382 watts and is already supplying 378 watts, and is then connected to a PD requiring 10 watts, the PSE will not supply power to the PD. For PoE+ using Type 2 devices, the PSE must have at least 33 watts available. Configuration options In the default configuration, all ports in a switch covered in this guide are configured to support PoE operation.
The no form of the command disables PoE operation on <port-list>. Default: All PoE ports are initially enabled for PoE operation at Low priority. If you configure a higher priority, this priority is retained until you change it. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Enabling support for pre-standard devices The HPE switches covered in this guide also support some pre-802.3af devices. For a list of the supported devices, see the FAQ for your switch model. Syntax: [no] power-over-ethernet pre-std-detect Detects and powers pre-802.3af standard devices. NOTE: The default setting for the pre-std-detect PoE parameter changed.
# int A6 poe-allocate-by value or in interface context: switch(eth-A6) # poe-allocate-by value 2. Select a value: switch(config) # int A6 poe-value 15 or in interface context: switch(eth-A6) # poe-value 15 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
To view the settings, enter the show power-over-ethernet command, shown in Figure 15: PoE allocation by value and the maximum power delivered on page 107. Figure 15: PoE allocation by value and the maximum power delivered switch(config)# show power-over-ethernet A6 Status and Counters - Port Power Status for port A6 Power Enable : Yes...
Suppose slots A, B, and C each have a PoE module installed. In this case, executing the following command sets the global notification threshold to 70% of available PoE power: switch(config)# power-over-ethernet threshold 70 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
With this setting, if module B is allocated 100 watts of PoE power and is using 68 watts, and then another PD is connected to the module in slot B that uses 8 watts, the 70% threshold of 70 watts is exceeded. The switch sends an SNMP trap and generates this Event Log message: Slot B POE usage has exceeded threshold of 70%.
If the PD goes into power-saving mode, the power supplied is reduced; if the need for power increases, the amount supplied is increased. PoE and LLDP interact to meet the current power demands. Syntax: int <port-list> poe-lldp-detect [enabled | disabled] Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Allows the data link layer to be used for power negotiation between a PD on a PoE port and LLDP. Default: Disabled Example: You can enter this command to enable LLDP detection: switch(config) # int 7 PoE-lldp-detect enabled or in interface context: switch(eth-7) # PoE-lldp-detect enabled NOTE: Detecting PoE information via LLDP affects only power delivery;...
Page 112
A3 LLCP Remote Device Information Detail Local Port : A3 ChassisType : mac-address ChassisId : 00 16 35 ff 2d 40 PortType : local PortId : 23 SysName : HPSwitch Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
System Descr : HP Switch 3500-24, revision W.14.xx PortDescr : 23 Pvid : 55 System Capabilities Supported : bridge, router System Capabilities Enabled : bridge Remote Management Address Type : ipv4 Address : 10.0.102.198 Poe Plus Information Detail Poe Device Type : Type2 PD Power Source : Only PSE...
Power Priority Lists the power priority (Low, High, and Critical) configured on ports enabled for PoE. (For more information on this topic, see Configuring PoE operation on page 104.) Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 115
Alloc by Displays how PoE is allocated (usage, class, value). Alloc Power The maximum amount of PoE power allocated for that port (expressed in watts).Default: 17 watts for PoE; 33 watts for PoE+. Actual Power The power actually being used on that port. Configured Type If configured, shows the user-specified identifier for the port.
Shows the number of times PDs requesting power on the port have been denied because of insufficient power available. Each occurrence generates an Event Log message. Voltage The total voltage, in volts, being delivered to PDs. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 117
Power The total power, in watts, being delivered to PDs. LLDP Detect Port is enabled or disabled for allocating PoE power, based on the link-partner's capabilities via LLDP. Configured Type If configured, shows the user-specified identifier for the port. If not configured, the field is empty.
575W (combined system and PoE power). • HPE X3312 165W PSU (J9739) is a 12V power supply unit providing non-PoE power. It is not accepted in PoE switches. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Figure 17: HPE 640 RPS/EPS with supported power supplies on page 119 shows an Example: of the three PSUs installed in the XPS zones and the power that they provide. Figure 17: HPE 640 RPS/EPS with supported power supplies In addition to the voltage and power differences between the three PSUs, the non-PoE J9739A PSU has a mechanical key that is different from the PoE PSUs.
Page 120
As shown in Maximum PoE power available with 575W PSU in 640 RPS/EPS, though, when a 575W PSU is installed in Zone 1 and all four ports are enabled, there is redundancy protection, but zero watts of external PoE power from the XPS. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
The following table illustrates three basic setups for 2920 Switches and using an 640 RPS/EPS for extra PoE power. Table 10: Example: basic setups for switches using the XPS Power Total power # of Switches/ Switch PSU RPS/EPS PSU Description Available per Zone Model...
Auto search on “640”, select the device in the list, and click on Display selected. Then click on the links that have “manuals” in them to get to the web page that lists the available manuals. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Configuring the HPE 2920 PoE switches to use the XPS To configure the HPE 2920 PoE Switches to use the PoE power from the XPS, you will issue external-power- supply commands to the switches. By default, all the available PoE power is shared equally by all the switches connected to a given XPS zone.
This will reset the external power supply to factory default configurations. This might shutdown powered PoE ports on the connected switches. Continue (y/n)? y Configuring external power supply, this might take up to a minute... Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Distributing power to specified ports Syntax: external-power-supply [member < member-id >] power-share <xps ports> [force] Configures the XPS to distribute power to the ports specified. The amount of XPS power received by each XPS port depends on the number of ports that have been specified. NOTE: This command is not available in stacking member context.
IPS, will retain their power. The lowered number switch ports have a higher PoE priority. Hewlett Packard Enterprise recommends that you should not use the force option at times when PoE power to the PDs must be maintained. Use the external-power-supply allow and external-power-supply <xps ports>...
Non-PoE configuration If the non-PoE switch and the XPS are in their default configurations, run the show external-power-supply briefcommand to verify that there is adequate XPS power to provide redundancy power to the switch. If the non-PoE switch has auto-recovery disabled and the XPS is not providing redundancy support to the switch, execute the commands as shown in Enabling an XPS for a non-PoE switch configuration on page 127.
External Power Supply PSU Module : J9737A Voltage / Wattage : 54V / 1050W Current Zone Zone State : Powered Zone Record Version Cable Port Connection Ext. Mbr System Name Allow Status Enabled Power Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
----- ----- ------------ ------- ------- --- ----------- Available 700 W HP-2920-48G-POE+ Unavailable HP-2920-48G-POE+ Unavailable HP-2920-24G-PoEP Unavailable HP-2920-24G-PoEP Output displaying PoE power available switch(config)# show power-over-ethernet Status and Counters - System Power Status System Power Status : Full redundancy PoE Power Status : No redundancy Chassis power-over-ethernet: Total Available Power...
Page 130
This would change allocated power for XPS port 1A,1B,1C,1D to 60W. This might result in PoE powered ports connected in system 1A to be shutdown. Continue (y/n) y For more information, see Example: of using the force option on page 125. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Viewing power information Syntax: show external-power-supply [member < member-id >] {<brief | detail | info>} Displays information about the XPS operational and configuration parameters. If the switch is a member of a stack of switches, the member-id must be specified to obtain information about the zone to which the member is connected.
: 54V / 1050W Current Zone Zone State : Powered Zone Record Version Cable Port Connection Ext. Mbr System Name Allow Status Enabled Power ----- ----- ------------ ------- ------- --- ----------- Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 133
Available HP-Stack-2920 Available HP-Stack-2920 Available HP-Stack-2920 Available HP-Stack-2920 The output varies depending on the switch from which the command is executed. An asterisk next to the port ID indicates where the command was executed. In Output when command is executed from PoE switch 1C connected to a PoE zone on page 133 the command is executed from a non-Stack PoE switch connected to XPS port 1C in a PoE zone.
Page 134
: J9727A MAC Address : 0021f7-78c6c1 Software Version : WB.15.13.0000x Serial Number : SG2ZFLX099 Internal Power Supply Rating : 54V / 575W External Power : 0 W Connection Status : Available Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Auto Recovery : Yes Cable Record Version Supported Zone Record Version: 3 Examples for show power-over-ethernet commands Output showing both internal and external power supplies connected switch(config)# show power-over-ethernet Status and Counters - System Power Status for member 1 System Power Status : Full redundancy PoE Power Status : No redundancy...
"public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" no untagged 5-6 untagged 1-4,7-24,A1-A2,B1-B2 ip address dhcp-bootp exit vlan 2 name "VLAN2" untagged 5-6 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
no ip address ipv6 enable ipv6 mld enable exit external-power-supply member 1 auto disable PoE Event Log messages Please see the event log message reference guide for information about Event Log messages. To see these manuals, go to http://www.hpe.com/networking. Auto search the model number for your switch, for Example: “HPE Switch 2920”, then select the device from the list and click on Product manuals.
Port security does not operate on a trunk group. If you configure port security on one or more ports that are later added to a trunk group, the switch resets the port security parameters for those ports to the factory-default configuration. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
For most installations, Hewlett Packard Enterprise Switch recommends that you leave the port Mode settings at Auto (the default). LACP also operates with Auto-10, Auto-100, and Auto-1000 (if negotiation selects FDx), and 10FDx, 100FDx, and 1000FDx settings.
The switch uses the links you configure with the Port/Trunk Settings screen in the menu interface or the trunk command in the CLI to create a static port trunk. The switch offers two types of static trunks: LACP and Trunk. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 141
Table 11: Trunk types used in static and dynamic trunk groups Trunking method LACP Trunk Dynamic Static The following table describes the trunking options for LACP and Trunk protocols. Table 12: Trunk configuration protocols Protocol Trunking Options LACP (802.3ad) Provides dynamic and static LACP trunking options. •...
Page 142
All of the switch trunk protocols use the SA/DA (source address/destination address) method of distributing traffic across the trunked links. See Outbound traffic distribution across trunked links on page 157. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 143
Spanning Tree: 802.1D (STP) and 802.1w (RSTP) Spanning Tree operate as a global setting on the switch (with one instance of Spanning Tree per switch). 802.1s (MSTP) Spanning Tree operates on a per-instance basis (with multiple instances allowed per switch). For each Spanning Tree instance, you can adjust Spanning Tree parameters on a per-port basis.A static trunk of any type appears in the Spanning Tree configuration display, and you can configure Spanning Tree parameters for a static trunk in the same way that you would...
This procedure uses the Port/Trunk Settings screen to configure a static port trunk group on the switch. Procedure 1. Follow the procedures in the preceding IMPORTANT note. 2. From the Main Menu, select: 2. Switch Configuration… 2. Port/Trunk Settings Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 145
3. Press [E] (for Edit) and then use the arrow keys to access the port trunk parameters. Figure 20: Example: of the menu screen for configuring a port trunk group 4. In the Group column, move the cursor to the port you want to configure. 5.
146, the command does not include a port list, so the switch lists all ports having static trunk membership. A show trunk listing without specifying ports switch# show trunks Load Balancing Port | Name Type | Group Type Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
---- + ----------------------- --------- + ----- ----- | Print-Server-Trunk 10/100TX | Trk1 Trunk | Print-Server-Trunk 10/100TX | Trk1 Trunk 10/100TX | Trk2 Trunk 10/100TX | Trk2 Trunk Viewing static LACP and dynamic LACP trunk data Syntax: show lacp Lists data for only the LACP-configured ports. Example: Ports A1 and A2 have been previously configured for a static LACP trunk.
Syntax: no trunk <port-list> Removes the specified ports from an existing trunk group. Example: To remove ports C4 and C5 from an existing trunk group: switch(config)# no trunk c4-c5 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Unless spanning tree is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, Hewlett Packard Enterprise recommends that you first disable the port or disconnect the link on that port.
Thus, to display a listing of dynamic LACP trunk ports, you must use the show lacp command. In most cases, trunks configured for LACP on the switches operate as described in the following table. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 151
Table 14: LACP trunk types LACP port trunk Operation configuration Dynamic LACP This option automatically establishes an 802.3ad-compliant trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically assigned value from 1 to 60, depending on how many dynamic and static trunks are currently on the switch.
The following table lists the elements of per-port LACP operation. To display this data for a switch, execute the following command in the CLI: switch# show lacp Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Table 15: LACP port status data Status Meaning name Port Numb Shows the physical port number for each port configured for LACP operation (C1, C2, C3 …). Unlisted port numbers indicate that the missing ports that are assigned to a static trunk group are not configured for any trunking.
VLANs and dynamic LACP A dynamic LACP trunk operates only in the default VLAN (unless you have enabled GVRP on the switch and use Forbid to prevent the ports from joining the default VLAN). Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
If you want to use LACP for a trunk on a non-default VLAN and GVRP is disabled, configure the trunk as a static trunk. Blocked ports with older devices Some older devices are limited to four ports in a trunk. When eight LACP-enabled ports are connected to one of these older devices, four ports connect, but the other four ports are blocked.
Appears in the output from the CLI show lacp command. Interface option Dynamic LACP trunk Static LACP trunk group Static non-protocol group Menu interface CLI show trunk CLI show interfaces Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Interface option Dynamic LACP trunk Static LACP trunk group Static non-protocol group CLI show lacp CLI show spanning- tree CLI show igmp CLI show config Outbound traffic distribution across trunked links The two trunk group options (LACP and trunk) use SA/DA pairs for distributing outbound traffic over trunked links. That is, the switch sends traffic from the same source address to the same destination address through the same trunked link, and may also send traffic from the same source address to a different destination address through the same link or a different link, depending on the mapping of path assignments among the links in the trunk.
3. L2-based: If the packet protocol is an IP packet use Layer 2 information. 4. For all options, if the packet is not an IP packet, use Layer 2 information. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Enabling trunk load balancing Enter the following command to enable load balancing. Syntax: trunk-load-balance L3-based | [L4-based >] This option enables load balancing based on port layer information. The configuration is executed in global configuration context and applies to the entire switch. Default: L3-based load balancing L2-based: Load balance based on Layer 2 information.
Page 160
EDP exit snmp-server community "public" unrestricted Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 6 Port Traffic Controls Rate-limiting CAUTION: Rate-limiting is intended for use on edge ports in a network. It is not recommended for use on links to other switches, routers, or servers within a network, or for use in the network core. Doing so can interfere with applications the network requires to function properly.
0 (zero) on a port blocks all traffic on that port. However, if this is the desired behavior on the port, Hewlett Packard Enterprise recommends using the <port-list> disable command instead of configuring a rate limit of 0.
Page 163
Listing the rate-limit configuration switch# show rate-limit all 1-6 All-Traffic Rate Limit Maximum % | Inbound Radius | Outbound Radius Port | Limit Mode Override | Limit Mode Override ------ + --------- -------- ----------- + --------- -------- -------- | Disabled Disabled No-override | 200 kbps No-override...
: Operation is not allowed for a trunked port. NOTE: Rate-limiting on a trunk is allowed for the queues traffic type on the Aruba 2920 switches. See Configuring egress per-queue rate-limiting (2920 and 5400R switches only).
NOTE: Rate-limiting is applied to the available bandwidth on a port and not to any specific applications running through the port. If the total bandwidth requested by all applications is less than the configured maximum rate, then no rate-limit can be applied. This situation occurs with a number of popular throughput-testing applications, as well as most regular network applications.
Configures inbound ICMP traffic rate-limiting. You can configure a rate limit from either the global configuration level (as shown above) or from the interface context level. The no form of the command disables ICMP rate- limiting on the specified interfaces. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
(Default: Disabled.) percent <1-100> Values in this range allow ICMP traffic as a percentage of the bandwidth available on the interface. kbps <0-10000000> Specifies the rate at which to forward traffic in kilobits per second. Causes an interface to drop all incoming ICMP traffic and is not recommended. See the caution.
Rate-limiting on a trunk is not allowed for the all, bcast, icmp, and mcast traffic types. Neither all- traffic nor ICMP rate-limiting are supported on ports configured in a trunk group. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
NOTE: Rate-limiting on a trunk is allowed for the queues traffic type on the HPE 2920 switches. See Configuring egress per-queue rate-limiting (2920 and 5400R switches only). • ICMP percentage-based rate-limits are calculated as a percentage of the negotiated link speed: For example, if a 100 Mbps port negotiates a link to another switch at 100 Mbps and is ICMP rate-limit configured at 5%, the inbound ICMP traffic flow through that port is limited to 5 Mbps.
| Disabled Disabled No-override | Disabled Disabled No-override Operating Notes The following information is displayed for each installed transceiver: • Port number on which transceiver is installed. • Type of transceiver. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• Product number — Includes revision letter, such as A, B, or C. If no revision letter follows a product number, this means that no revision is available for the transceiver. • Part number — Allows you to determine the manufacturer for a specified transceiver and revision number. •...
show rate-limit queues Syntax: show rate-limit queues <port-list> Using the show rate-limit command with the queues option added in software release 15.18 enables you to specify both individual ports and port trunk names to display the output. If nothing is specified, all physical ports and any static, non-DT trunks are displayed with their current settings previously configured with the rate- limit queues command.
Set a rate limit for unicast flood traffic. switch(eth-2)# rate-limit unknown-unicast Set a rate limit for incoming unicast flood traffic. switch(eth-2)# rate-limit unknown-unicast in kbps percent switch(eth-2)# rate-limit unknown-unicast in percent 10 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
switch(eth-2)# show rate-limit bcast Show broadcast traffic rate limits. icmp Show ICMP traffic rate limits. mcast Show multicast traffic rate limits. queues Show limits for outgoing queue traffic. unknown-unicast Show unicast flood traffic rate limits. switch(eth-2)# show rate-limit unknown-unicast [ethernet] PORT-LIST The ports to show information for.
| Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled | Disabled Disabled Rate-limiting Unknown Unicast Traffic Unknown unicast traffic consists of unicast packets with unknown destination MAC addresses. The switch floods the unicast packets to all interfaces that are members of the VLAN.
Set a rate limit for incoming unicast flood traffic. switch(eth-1)# rate-limit unknown-unicast kbps percent switch(eth-1)# rate-limit unknown-unicast in kbps 100 switch(eth-1)# show rate-limit Show total traffic rate limits. bcast Show broadcast traffic rate limits. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
1 (low) 2 (low) 0 (normal) 3 (normal) 4 (medium) 5 (medium) 6 (high) 7 (high) The switch processes outbound traffic from an untagged port at the "0" (normal) priority level. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
You can use GMB to reserve a specific percentage of each port's available outbound bandwidth for each of the eight priority queues. This means that regardless of the amount of high-priority outbound traffic on a port (including each port in a static trunk), you can ensure that there will always be bandwidth reserved for lower- priority traffic.
You must specify a bandwidth percent value for all except the highest priority queue, which may instead be set to "strict" mode. The sum of the bandwidth percentages below the top queue cannot exceed 100%. (0 is a value for a queue percentage setting.) Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 185
Configuring a total of less than 100% across the eight queues results in unallocated bandwidth that remains harmlessly unused unless a given queue becomes oversubscribed. In this case, the unallocated bandwidth is apportioned to oversubscribed queues in descending order of priority. For example, if you configure a minimum of 10% for queues 1 to 7 and 0% for queue 8, the unallocated bandwidth is available to all eight queues in the following prioritized order: Queue 8 (high priority)
HP Switch(interface 1–5) # bandwidth-min output 2 3 30 10 10 10 15 strict Viewing the current GMB configuration This command displays the per-port GMB configuration in the running-config file. Syntax: show bandwidth output <port-list|trk_#> Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Without <port-list|trk_#> , this command lists the GMB configuration for all ports and static trunks on the switch. With <port-list|trk_#> , this command lists the GMB configuration for the specified ports and static trunks. This command operates the same way in any CLI context. If the command lists Disabled for a port or trunk, there are no bandwidth minimums configured for any queue on the port or trunk.
VLANs. This can occur in situations where a non-jumbo VLAN includes some ports that do not belong to another, jumbo-enabled VLAN and some ports that do belong Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
to another, jumbo-enabled VLAN. In this case, ports capable of receiving jumbo frames can forward them to the ports in the VLAN that do not have jumbo capability, as shown in Figure 27: Forwarding jumbo frames through non-jumbo ports on page 189. Figure 27: Forwarding jumbo frames through non-jumbo ports Jumbo frames can also be forwarded out non-jumbo ports when the jumbo frames received inbound on a jumbo-enabled VLAN are routed to another, non-jumbo VLAN for outbound transmission on ports that have no...
Page 190
VLANS. (See Figure 29: Listing the VLAN memberships for a range of ports on page 190.) Figure 29: Listing the VLAN memberships for a range of ports Syntax: show vlans <vid> Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Shows port membership and jumbo configuration for the specified vid . (See Figure 30: Example: of listing the port membership and jumbo status for a VLAN on page 191.) Figure 30: Example: of listing the port membership and jumbo status for a VLAN Enabling or disabling jumbo traffic on a VLAN Syntax: vlan <vid>...
• The original way to configure jumbo frames remains the same, which is per-VLAN, but you cannot set a maximum frame size per-VLAN. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• Jumbo support must be enabled for a VLAN from the CLI or through SNMP. • Setting the maximum frame size does not require a reboot. • When you upgrade to a version of software that supports setting the maximum frame size from a version that did not, the max-frame-size value is set automatically to 9216 bytes.
Re-enable the port after waiting for the specified number of seconds. The default value is 0, which indicates that the port will not be automatically enabled. sensitivity Indicate the sensitivity of the link-flap control threshold within a 10-second interval. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 195
• Low indicates 10 link-flaps. • Medium indicates 6 link-flaps. • High indicates 3 link-flaps. Parameters action Configure the action taken when a fault is detected. ethernet PORT-LIST Enable link-flap control on a list of ports. warn Warn about faults found. warn-and-disable Warn and disable faulty component.
Left ------ ----- + ------ ----------- ------------------ ---------- ------------ Down warn-and-disable 65535 45303 switch# show fault-finder link-flap Link | Port Disable Disable Time Port Flap | Status Sensitivity Action Timer Left Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
------ ----- + ------ ----------- ------------------- ---------- ------------ Down warn-and-disable 65535 45303 None None Down warn-and-disable Down High warn-and-disable NOTE: This example displays only the list of ports configured via the above per-port config commands, does not include the global configuration ports. Event Log Cause Message...
1. Type a model number of your switch (For example, 8212) or product number in the Auto Search text box. 2. Select an appropriate product from the drop down list. 3. Click the Display selected button. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
If you want to restrict access to one or more specific nodes, you can use the switch's IP Authorized Manager feature. (See the access security guide for your switch.) CAUTION: If network management security is a concern, Hewlett Packard Enterprise recommends that you change the write access for the "public" community to "Restricted."...
The initial user record can be downgraded and provided with fewer features, but not upgraded by adding new features. For this reason, Hewlett Packard Enterprise recommends that when you enable SNMPv3, you also create a second user with SHA authentication and DES privacy.
Page 202
Listing Users To display the management stations configured to access the switch with SNMPv3 and view the authentication and privacy protocols that each station uses, enter the show snmpv3 user command. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 203
Syntax: show snmpv3 user Display of the management stations configured on VLAN 1 on page 203 displays information about the management stations configured on VLAN 1 to access the switch. Display of the management stations configured on VLAN 1 switch# configure terminal switch(config)# vlan 1 switch(vlan-1)# show snmpv3 user Status and Counters - SNMPv3 Global Configuration Information...
◦ vacmAccessTable ◦ vacmViewTreeFamilyTable ◦ usmUserTable ◦ snmpCommunityTable • Discovery View – Access limited to samplingProbe MIB. NOTE: All access groups and views are predefined on the switch. There is no method to modify or add groups or views to those that are predefined on the switch. SNMPv3 communities SNMP commuities are supported by the switch to allow management applications that use version 2c or version 1 to access the switch.
If you need information on the options in each field, press [Enter] to move the cursor to the Actions line, then select the Help option. When you are finished with Help, press [E] (for Edit) to return the cursor to the parameter fields. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
3. Enter the name you want in the Community Name field, and use the Space bar to select the appropriate value in each of the other fields. (Use the [Tab] key to move from one field to the next.) 4. Press [Enter] , then [S] (for Save ). Listing community names and values (CLI) This command lists the data for currently configured SNMP community names (along with trap receivers and the setting for authentication traps—see SNMP notifications on page 208).
• SNMPv2c informs • SNMP v3 notification process, including traps This section describes how to configure a switch to send network security and link-change notifications to configured trap receivers. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Supported Notifications By default, the following notifications are enabled on a switch: • Manager password changes • SNMP authentication failure • Link-change traps: when the link on a port changes from up to down (linkDown) or down to up (linkUp) •...
IPv4 or IPv6 address. You can specify up to ten trap receivers (network management stations). (The default community name is public.) Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
An SNMP trap is generated when a laptop/PC is removed from the back of an IP phone and the laptop/PC MAC address ages out of the MAC table for the Aruba 2920 switch. The mac-notify trap feature globally enables the generation of SNMP trap notifications on MAC address table changes (learns/moves/removes/ages.)
[no] snmp-server host {< ipv4-addr | ipv6-addr >} <community name> inform [retries < count >] [timeout < interval >] Enables (or disables) the inform option for SNMPv2c on the switch and allows you to configure options for sending SNMP inform requests. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
retries Maximum number of times to resend an inform request if no SNMP response is received. (Default: 3) timeout Number of seconds to wait for an acknowledgement before resending the inform request. (Default: 15 seconds) NOTE: The retries and timeout values are not used to send trap requests. To verify the configuration of SNMPv2c informs, enter the show snmp-server command, as shown in Display of SNMPv2c inform configuration on page 213 (note indication of inform Notify Type in bold below): Display of SNMPv2c inform configuration...
Page 214
Syntax: [no] snmpv3 targetaddress {< ipv4-addr | ipv6-addr >} <name> Configures the IPv4 or IPv6 address, name, and configuration filename of the SNMPv3 management station to which notification messages are sent. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 215
Name of the SNMPv3 station's parameters file.The params <parms_name> parameters filename configured with params params_name must match the params params_name value entered with the snmpv3 params command in Step 6. Specifies the SNMPv3 notifications (identified by one or taglist <tag_name> [tag_name] … more tag_name values) to be sent to the IP address of the SNMPv3 management station.
ARP protection events • Inability to establish a connection with the RADIUS or TACACS+ authentication server • DHCP snooping events • Dynamic IP Lockdown hardware resources consumed • Link change notification Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 217
• Invalid password entered in a login attempt through a direct serial, Telnet, or SSH connection • Manager password changes • Port-security (web, MAC, or802.1X) authentication failure • SNMP authentication failure • Running configuration changes Enabling or disabling notification/traps for network security failures and other security events (CLI) For more information, see Network security notifications on page 216.
By default, a switch is enabled to send a trap when the link state on a port changes from up to down (linkDown) or down to up (linkUp). To reconfigure the switch to send link-change traps to configured trap receivers, enter the snmp-server enable traps link-change command. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Syntax: [no] snmp-server enable traps link-change <port-list> [all] Enables or disables the switch to send a link-change trap to configured trap receivers when the link state on a port goes from up to down or down to up. Enter all to enable or disable link-change traps on all ports on the switch. Readable interface names in traps The SNMP trap notification messages for linkup and linkdown events on an interface includes IfDesc and IfAlias var-bind information.
Page 220
Display of source IP address configuration switch(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- ------------ public Manager Unrestricted Trap Receivers Link-Change Traps Enabled on Ports [All] : All Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Excluded MIBs Snmp Response Pdu Source-IP Information Selection Policy : dstIpOfRequest Trap Pdu Source-IP Information Selection Policy : Configured IP dstIpOfRequest: The destination IP address of the interface on which an SNMP request is received i s used as the source IP address in SNMP replies. Viewing SNMP notification configuration (CLI) Syntax: show snmp-server...
------------ The interface context can be used to configure the value for sending a trap. Configuring mac-count-notify traps from the interface context switch(config)# interface 5 HP Switch (eth-5)# mac-count-notify traps 35 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
The show snmp-server traps command displays whether the MAC Address Count feature is enabled or disabled. Information about SNMP traps, including MAC address count being Enabled/Disabled switch(config)# show snmp-server traps Trap Receivers Link-Change Traps Enabled on Ports [All] : All Traps Category Current Status ____________________________...
The command enables an sFlow receiver/destination. The receiver-instance number must be a 1, 2, or 3. By default, the udp destination port number is 6343. To disable an sFlow receiver/destination, enter no sflow <receiver-instance> oobm: Use the OOBM port to reach the specified sFlow receiver. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
sFlow destination is OOBM port switch (config#) sflow 1 destination 192.168.2.3 6000 oobm Output showing OOBM support enabled switch# show sflow 1 destination Destination Instance sflow : Enabled Datagrams Sent Destination Address : 192.168.2.3 Receiver Port : 6343 Owner : Administrator, CLI-Owned, Instance 1 Timeout (seconds) : 2147479533 Max Datagram Size...
Page 226
Max Datagram Size shows the currently set value (typically a default value, but this can also be set by the management station). Syntax: show sflow <receiver instance> sampling-polling <port-list/range> Displays status information about sFlow sampling and polling. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
The show sflow instance sampling-polling [port-list] command displays information about sFlow sampling and polling on the switch, as shown in Figure 38: Example: of viewing sFlow sampling and polling information on page 227. You can specify a list or range of ports for which to view sampling information. Figure 38: Example: of viewing sFlow sampling and polling information NOTE: The sampling and polling instances (noted in parentheses) coupled to a specific receiver instance are assigned dynamically, and so the instance numbers may not always match.
Configure the interval for link-keepalive. The link-keepalive interval is the time between sending two UDLD packets. The time interval is entered in deciseconds (1/10 sec). The default keepalive interval is 50 deciseconds. Example: A value of 10 is 1 sec., 11 is 1.1 sec. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Syntax: HP Switch(config)# link-keepalive retries <number> Maximum number of sending attempts for UDLD packets before declaring the link as faulty. Default keepalive attempt is 4. Show commands Syntax: switch(config)# show link-keepalive Sample output: Total link-keepalive enabled ports: 8 Keepalive Retries : 4 Keepalive Interval: 5 sec Keepalive Mode : verify-then-forward Physical Keepalive Adjacent UDLD...
The commands in the LLDP sections affect both LLDP and LLDP-MED operation. For information on operation and configuration unique to LLDP-MED, see LLDP-MED (media-endpoint-discovery) on page 245. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Enable or disable LLDP on the switch In the default configuration, LLDP is globally enabled on the switch. To prevent transmission or receipt of LLDP traffic, you can disable LLDP operation. Enable or disable LLDP-MED In the default configuration for the switches, LLDP-MED is enabled by default. (Requires that LLDP is also enabled.) For more information, see LLDP-MED (media-endpoint-discovery) on page 245.
Page 232
Uses the switch's assigned name. System Description Enable/Disable Enabled Includes switch model name and running software version, and ROM version. Port Description Enable/Disable Enabled Uses the physical port identifier. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Data type Configuration options Default Description System capabilities Enable/Disable Enabled Identifies the switch's supported primary capabilities (bridge, router). System capabilities Enable/Disable Enabled Identifies the primary 3,66 3 enabled switch functions that are enabled, such as routing. The Packet Time-to-Live value is included in LLDP data packets. Subelement of the Chassis ID TLV.
The commands in this section affect both LLDP and LLDP-MED operation. for information on operation and configuration unique to LLDP-MED, refer to “LLDP-MED (Media-Endpoint-Discovery)”. Syntax: show lldp config Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 235
Displays the LLDP global configuration, LLDP port status, and SNMP notification status. For information on port admin status, see Configuring per-port transmit and receive modes (CLI) on page 240. show lldp config produces the following display when the switch is in the default LLDP configuration: Viewing the general LLDP configuration switch(config)# show lldp config LLDP Global Configuration...
The switch preserves the current LLDP configuration when LLDP is disabled. After LLDP is disabled, the information in the LLDP neighbors database remains until it times-out. (Default: Enabled) Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 237
Disabling LLDP switch(config)# no lldp run Changing the packet transmission interval (CLI) This interval controls how often active ports retransmit advertisements to their neighbors. Syntax: lldp refresh-interval <5-32768> Changes the interval between consecutive transmissions of LLDP advertisements on any given port. (Default: 30 seconds) NOTE: The refresh-interval must be greater than or equal to (4 x delay-interval).
Page 238
Extending the reinitialization-delay interval delays the ability of the port to reinitialize and generate LLDP traffic following an LLDP disable/enable cycle. Changing the reinitialization delay interval (CLI) Syntax: setmib lldpReinitDelay.0 -i <1-10> Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Uses setmib to change the minimum time (reinitialization delay interval) an LLDP port will wait before reinitializing after receiving an LLDP disable command followed closely by a txonly or tx_rx command. The delay interval commences with execution of the lldp admin-status port-list disable command. (Default: 2 seconds;...
The no form of the command deletes the specified IP address. If there are no IP addresses configured as management addresses, the IP address selection method returns to the default operation. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 241
Default: The port advertises the IP address of the lowest-numbered VLAN (VID) to which it belongs. If there is no IP address configured on the VLANs to which the port belongs, and if the port is not configured to advertise an IP address from any other (static) VLAN on the switch, the port advertises an address of 127.0.0.1.) NOTE: This command does not accept either IP addresses acquired through DHCP or Bootp, or IP...
Using SNMP to compare local and remote information can help in locating configuration mismatches. (Default: Enabled) NOTE: For LLDP operation, this TLV is optional. For LLDP-MED operation, this TLV is mandatory. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Port VLAN ID TLV support on LLDP The port-vlan-id option enables advertisement of the port VLAN ID TLV as part of the regularly advertised TLVs. This allows discovery of a mismatch in the configured native VLAN ID between LLDP peers. The information is visible using show commands and is logged to the Syslog server.
MIB object lldpXdot1ConfigPortVlanTxEnable in the lldpXdot1ConfigPortVlanTable. The port VLAN ID TLV local information can be obtained from the MIB object lldpXdot1LocPortVlanId in the local information table lldpXdot1LocTable. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
The port VLAN ID TLV information about all the connected peer devices can be obtained from the MIB object lldpXdot1RemPortVlanId in the remote information table lldpXdot1RemTable. LLDP-MED (media-endpoint-discovery) LLDP-MED (ANSI/TIA-1057/D6) extends the LLDP (IEEE 802.1AB) industry standard to support advanced features on the network edge for Voice Over IP (VoIP) endpoint devices with specialized capabilities and LLDP- MED standards-based functionality.
IP media and offer all Class 1 and Class 2 features, plus location identification and emergency 911 capability, Layer 2 switch support, and device information management. LLDP-MED operational support The switches offer two configurable TLVs supporting MED-specific capabilities: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• medTlvEnable (for per-port enabling or disabling of LLDP-MED operation) • medPortLocation (for configuring per-port location or emergency call data) NOTE: LLDP-MED operation also requires the port speed and duplex TLV (dot3TlvEnable), which is enabled in the default configuration. Topology change notifications provide one method for monitoring system activity. However, because SNMP normally employs UDP, which does not guarantee datagram delivery, topology change notification should not be relied upon as the sole method for monitoring critical endpoint device connectivity.
Page 248
Web browser.) The QoS and voice VLAN policy elements can be statically configured with the following CLI commands: vlan <vid> voice vlan <vid> {<tagged | untagged> <port-list>} int <port-list> qos priority <0-7> vlan <vid> qos dscp <codepoint> Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 249
NOTE: A codepoint must have an 802.1p priority before you can configure it for use in prioritizing packets by VLAN-ID. If a codepoint you want to use shows No Override in the Priority column of the DSCP policy table (display with show qos-dscp map, then use qos-dscp map <codepoint>...
You can configure a switch port to advertise location data for the switch itself, the physical wall-jack location of the endpoint (recommended), or the location of a DHCP server supporting the switch, endpoint, or both. You also have the option of configuring these different address types: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 251
• Civic address: physical address data such as city, street number, and building information • ELIN (Emergency Location Identification Number): an emergency number typically assigned to MLTS (Multiline Telephone System) Operators in North America • Coordinate-based location: attitude, longitude, and altitude information (Requires configuration via an SNMP application.) Configuring location data for LLDP-MED devices Syntax:...
Page 252
An ELIN is a valid NANP format telephone number assigned to MLTS operators in North America by the appropriate authority. The ELIN is used to route emergency (E911) calls to a PSAP. (Range: 1-15 numeric characters) Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 253
Configuring coordinate-based locations Latitude, longitude, and altitude data can be configured per switch port using an SNMP management application. For more information, see the documentation provided with the application. A further source of information on this topic is RFC 3825-Dynamic host configuration protocol option for coordinate-based location configuration information.
<port-list> command to change the selection of information that is included in actual outbound advertisements. In the default LLDP configuration, all information displayed by this command is transmitted in outbound advertisements. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
In the default configuration, the switch information currently available for outbound LLDP advertisements appears similar to the display in the following example. Displaying the global and per-port information available for outbound advertisements switch(config)# show lldp info local-device LLDP Local Device Information Chassis Type : mac-address Chassis Id : 00 23 47 4b 68 DD System Name : HP Switch1...
An LLLDP-MED listing of an advertisement received from an LLDP-MED (VoIP telephone) source switch(config)# show lldp info remote-device 1 LLDP Remote Device Information Detail Local Port : A2 ChassisType : network-address ChassisId : 0f ff 7a 5c PortType : mac-address Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
PortId : 08 00 0f 14 de f2 SysName : HP Switch System Descr : HP Switch, revision xx.15.06.0000x PortDescr : LAN Port System Capabilities Supported : bridge, telephone System Capabilities Enabled : bridge, telephone Remote Management Address MED Information Detail EndpointClass :Class3 Media Policy Vlan id...
Page 258
The number of LLDP neighbors dropped on the port because of Time-to- Live expiring. Examples: A global LLDP statistics display switch(config)# show lldp stats LLDP Device Statistics Neighbor Entries List Last Updated : 2 hours Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 262
This command shows LLDP information about a local device for the specified oobm ports. Syntax show lldp info local-device oobm Example switch(config)# show lldp info local-device oobm LLDP Local Port Information Detail Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 263
Port : OOBM PortType : local PortId : 4000 PortDesc : OOBM Pvid : n/a show lldp info remote-device oobm This command shows LLDP information about a remote device for the specified oobm ports. Syntax show lldp info remote-device oobm Example switch(config)# show lldp info remote-device oobm LLDP Remote Device Information Detail...
LLDP advertises only one IP address per port, even if multiple IP addresses are configured by lldp config port-list ipAddrEnable on a given port. 802.1Q VLAN Information LLDP packets do not include 802.1Q header information and are always handled as untagged packets. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Effect of 802.1X Operation If 802.1X port security is enabled on a port, and a connected device is not authorized, LLDP packets are not transmitted or received on that port. Any neighbor data stored in the neighbor MIB for that port prior to the unauthorized device connection remains in the MIB until it ages out.
MIB, see the documentation provided with the particular SNMP utility. Viewing the current CDP configuration of the switch CDP is shown as enabled/disabled both globally on the switch and on a per-port basis. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Syntax: show cdp Lists the global and per-port CDP configuration of the switch. The following example shows the default CDP configuration. Default CDP configuration switch(config)# show cdp Global CDP information Enable CDP [Yes] : Yes (Receive Only) Port CDP ---- -------- enabled enabled enabled...
VLAN ID in a reply packet to the phone using the VLAN Reply TLV (type 0x0e). The phone then begins tagging all packets with the advertised voice VLAN ID. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 269
NOTE: A voice VLAN must be configured before the voice VLAN can be advertised. For example, to configure VLAN 10 as a voice VLAN tagged for ports 1 through 10, enter these commands: switch(config)# vlan 10 switch(vlan-10)# tagged 1-10 switch(vlan-10)# voice switch(vlan-10)# exit The switch CDP packet includes these TLVs: •...
MAC address learns from untagged VLAN traffic from IP phones. This means that normal protocol processing occurs for the packets, but the addresses associated with these packets is not learned or reported by the software Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
address management components. This enhancement also filters out the MAC address learns from LLDP and 802.1x EAPOL packets on untagged VLANs. The feature is configured per-port. Configuring the switch to filter untagged traffic Enter this command to configure the switch not to learn CDP, LLDP, or EAPOL traffic for a set of interfaces. Syntax: [no] ignore-untagged-mac <port-list>...
On a DHCP server, an IP pool is configured with various options. These options signify additional information about the network. Options are supported with explicit commands such as boot-file. Option codes that Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
correspond to explicit commands can not be configured with a generic option command; the generic option command requires an option code and TLV. NOTE: RFC 2132 defines various network information that a client may request when trying to get the lease. BootP support The DHCP server also functions as BootP server.
DHCP pool context. A maximum of 128 pools are supported. Syntax [no] dhcp-server pool < pool-name> Configure the DHCPv4 server IP address pool with either a static IP or a network IP range. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 275
pool DHCPv4 server IP address pool. ASCII-STR Enter an ASCII string. authoritative Configure the DHCP server authoritative for a pool. bootfile-name Specify the boot file name which is used as a boot image. default-router List of IP addresses of the default routers. dns-server List of IP addresses of the DNS servers.
Configure the DHCP pool context to the DNS IP servers that are available to a DHCP client. List of IP addresses of the DNS servers. Two IP addresses must be separated by comma. A maximum of eight DNS servers can be configured. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Configure a domain name Syntax [no] domain-name <name> Configure the DNS domain name for translation of hostnames to IP addresses. Configure lease time Syntax [no] lease [DD:HH:MM | infinite] DD:HH:MM Enter lease period. Lease Lease period of an IP address. Configure the lease time for an IP address in the DHCP pool.
Range of IP addresses for the DHCPv4 server address pool. ip-addr Low IP address. High IP address. Configure the DHCP pool to the range of IP address for the DHCP address pool. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Configure the static binding information Syntax [no] static-bind ip<IP-ADDR/MASK-LENGTH> mac <MAC-ADDR> Specify client IP address. static-bind Static binding information for the DHCPv4 server address pool. ip-addr / mask-length Interface IP address or mask. Specify client MAC address. mac-addr Enter a MAC address. Configure static binding information for the DHCPv4 server address pool.
URL Format: "tftp://<ip-address>/<filename>". database Specifies DHCPv4 database agent and the interval between database updates and database transfers. timeout Seconds to wait for the transfer before failing. ascii-str Database URL. <15-86400> Delay in seconds. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
<0-86400> Timeout in seconds. Specifies DHCPv4 database agent and the interval between database updates and database transfers. Configure a DHCP server to send SNMP notifications Syntax [no] snmp-server enable traps dhcp-server dhcp-server Traps for DHCP-Server. Configure a DHCP server to send SNMP notifications to the SNMP entity. This command enables or disables event traps sent by the switch.
Show DHCPv4 server conflicts information for the device. Display address conflicts found by a DHCPv4 server when addresses are offered by a client. Display DHCPv4 server database agent Syntax show dhcp-server database Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Database Show DHCPv4 server database information for the device. Display DHCPv4 server database agent information. Display DHCPv4 server statistics Syntax show dhcp-server statistics statistics Show DHCPv4 server statistics information for the device. Display DHCPv4 server statistics. Display the DHCPv4 server IP pool information Syntax show dhcp-server pool <pool-name>...
Dynamic binding for IP address %s is freed Dynamic binding for a specific IP address is freed. All the dynamic IP bindings are freed All the dynamic IP bindings are freed. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 285
Events Debug messages Remote binding database is configured at %s Remote binding database is configured for a specific URL. Remote binding database is disabled Remote biding database is disabled. Binding database read from %s at %s Binding database is read from the specified URL at the specified time Failed to read the remote binding database at %s Failed to read the remote binding from the...
The command [no] lldp config <PORT NO> basicTlvEnable management_addr suppresses the IP address to be advertised. Commands [no] lldp config basicTlvEnable management_addr Syntax In the configure context: [no] lldp config <PORT_NUM> basicTlvEnable management_addr Description Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
The feature suppresses the IPv4 or IPv6 address as well as suppresses the MAC address if the [no] ip address is configured. By default this management address TLV is enabled in switch. No other TLV (except management address TLV) suppression will occur when this command is used. Parameters Management_addr Management TLV...
Page 288
* management_addr IpAddress Advertised: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 9 Captive Portal for ClearPass The Captive Portal feature allows the support of the ClearPass Policy Manager (CPPM) into the ArubaOS-Switch product line. The switch provides configuration to allow you to enable or disable the Captive Portal feature. By default, Captive Portal is disabled to avoid impacting existing installations as this feature is mutually exclusive with the following web-based authentication mechanisms: Web Authentication, EWA, MAFR, and BYOD Redirect.
Replication of client data is only done when MAC or 802.1X authentication has resulted in a successful authentication. Load balancing and redundancy The following options are available to create load balancing and provide redundancy for CPPM: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• Virtual IP use for a CPPM server cluster • CPPM servers configured in the switch RADIUS server group • External load balancer Captive Portal when disabled By default, Captive Portal is disabled. If the Captive Portal feature is disabled and the switch receives a redirect URL attribute from the RADIUS server as part of the Access-Accept, it will view the redirect as an error.
URL, replacing the IP address with your CPPM address. This will cause the client to be redirected to the Captive Portal on CPPM. You can add other attributes, such as a VLAN to isolate onboarding clients, or a rate limit to help prevent DoS attacks. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
NOTE: The HPE-Captive-Portal-URL value must be a URL normalized string. The scheme and host must be in lower case, for example http://www.example.com/. Create a ClearPass guest self-registration Procedure 1. From the Customize Guest Registration window, select Server-initiated as the Login Method. 2.
By default, Captive Portal is disabled. Once enabled, you are redirected to the URL supplied via the HPE- Captive-Portal-URL VSA. Captive Portal is enabled on a global/switch wide basis. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Configure the URL key You can optionally configure a URL hash key to provide some security for the Captive Portal exchange with CPPM. The key is a shared secret between CPPM and the switch. When configured, the switch generates a HMAC-SHA1 hash of the entire redirect URL, and appends the hash to the URL to be sent to CPPM as part of the HTTP redirect.
Cause The failure is due to a mutual exclusion restriction. Action 1. Check which one of the following are enabled: BYOD redirect, MAC authentication failure redirect, or web- based authentication. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
2. Disabled the enabled authentication method found in step 1. 3. Run the aaa authentication captive-portal enable command. Unable to enable feature Symptom One of the following messages is displayed: • BYOD redirect cannot be enabled when captive portal is enabled. •...
Use the following show commands to view the various configurations and certificates. Command Description show running-config Shows the running configuration. show config Shows the saved configuration. show ip Shows the switch IP addresses. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Command Description show captive-portal Captive portal configuration. show port-access clients [port] Consolidated client view; the detailed option shows [detailed] the Access Policy that is applied. The IP address is only displayed if dhcp-snooping is enabled. For the summary view (without the detailed option), only the untagged VLAN is displayed.
ZTP. If an Enterprise network spans multiple campuses and branches using WAN to communicate, use Activate-based ZTP. DHCP-based ZTP with AirWave Configuring DHCP-based ZTP with AirWave ZTP auto-configures your switches as follows: Procedure 1. The switch boots up with the factory default configuration. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 301
2. The switch sends out a DHCP discovery from the primary VLAN interface. a. The preferred configuration method uses DHCP option 43 value as a string to parse AirWave configuration. Switch would expect a DHCP option 60 with value ArubaInstantAP along with DHCP option 43 to parse AirWave details b.
Configure AirWave details in DHCP (preferred method) To configure a DHCP server for AirWave, from a Windows Server 2008, do the following steps: Procedure From the Start menu, select Server Manager. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 303
Select Roles -> DHCP -> Server -> w2k8 -> IPv4. Right-click IPv4 and select Set Predefined Options... Chapter 10 Zero Touch Provisioning with AirWave and Central...
Page 304
The Predefined Options and Values screen is displayed. Click Add..Enter the desired Name (any), Data type (select String), Code (enter 60), and Description (any). Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 305
Click OK. From the Predefined Options and Values screen, under Value, enter the String ArubaInstantAP. The string is case-sensitive and must be ArubaInstantAP. Click OK. Under IPv4, expand Scope. Right-click Scope Options and select Configure Options... Chapter 10 Zero Touch Provisioning with AirWave and Central...
Page 306
The ASCII value has the following format: <Group>:<Topfolder>,<AMP IP>,<shared secret> 11. To add sub-folders, use the following format:<Group>:<Topfolder>:<folder1>,<AMP IP>,<shared secret> 12. Under the General tab, select 060 AirWave. Click OK. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
NOTE: No changes are required to the 060 option. 13. You can verify the AirWave details as follows: switch# show amp-server switch# show run Configure AirWave details in DHCP (alternative method) To configure a DHCP server for ZTP and AirWave, from a Windows Server 2008, do the following steps: NOTE: Use these steps to configure ZTP for every switch by selecting a different Vendor Class for each type of switch.
Page 308
Select Roles -> DHCP -> Server -> w2k8 -> IPv4. Right-click IPv4 and select Define Vendor Classes... Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 309
The DHCP Vendor Classes window is displayed. Click Add..To get the vendor-specific value of a switch, go to the switch console and enter: switch# show dhcp client vendor-specific In our example, the command returns the following value: Processing of Vendor Specific Configuration is enabled Vendor Class Id = HP J9729A 2920-24G-PoE+ Switch dslforum.org Chapter 10 Zero Touch Provisioning with AirWave and Central...
Page 310
From the New Class window, enter the desired Display name (any) and the Description (any). For the ASCII field, enter the exact value that you got by executing the show command performed in the previous step. In this example, Hewlett Packard Enterprise J9729A 2920-24G-PoE+ Switch dslforum.org. Click OK.
Page 311
10. From the Predefined Options and Values window, select Option class. The Option Class displayed is the one that you configured under DHCP Vendor Class. In this example, the Option Class is switch. 11. Click Add..12. From the Option Type window, enter the desired Class (any), the Data type (select string), the Code (enter 146), and the Description (any).
Page 312
14. Under the Predefined Options and Values window, enter the Value String. In this example, we enter hpeSwitch:hp2920,90.1.1.10, admin. The String has the following format: <Group>:<Topfolder>,<AMP IP>,<shared secret> 15. To add sub-folders, use the following format:<Group>:<Topfolder>:<folder1>,<AMP IP>,<shared secret> 16. Click OK. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 313
17. Under IPv4, expand Scope. Right-click Scope Options and select Configure Options... 18. From the Scope Options window: a. Select the Advanced tab. b. Under Vendor class, select the desired switch. In this example, switch. c. Select the 146 hpswitch option. d.
In any of the above scenarios, you need to manually configure to reach the AirWave server using the amp- server command. This command helps you configure the AirWave IP address, group, folder, and shared secret. You must have the manager role to execute this command. For example: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
switch(config)# amp-server ip 192.168.1.1 group "group" folder "folder" secret "branch1024" The show amp-server command shows the configuration details: AirWave Configuration details AMP Server IP : 192.168.1.1 AMP Server Group : GROUP AMP Server Folder : folder AMP Server Secret : branch1024 AMP Server Config Status: Configured amp-server Syntax...
To upgrade with nonminimal configuration set from any 15.xx version to version 16.01, see Image Upgrade. • Once DHCP server or Activate offers Airwave/Central details, ZTP is disabled. If the details are offered again, it is ignored. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Image Upgrade If you upgrade from any 15.xx version to version 16.xx, the following minimal set of configuration is validated to enable or disable the ZTP process: • If the switch has any other VLAN apart from the default VLAN, ZTP gets disabled. •...
Internet), the communication between the switch and AirWave server can be protected. You can configure IPsec tunnel using any of the following methods: • Activate ZTP • DHCP ZTP with option 138 • Manual configuration Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
IPsec Tunnel Establishment • IPsec tunnel for AirWave is auto-configured. The switch decides to create IPsec tunnel only when an Aruba controller IP is present in the device before establishing the connection to AirWave. • If the controller IP is not provided, the switch will try to establish a direct connection to AirWave. •...
Configure Remote Access VPN session to protect specific switch generated traffic. It also supports secure ZTP of Airwave Management Platform (AMP) server. Configure Remote Access VPN session to protect specific switch generated traffic. Secure ZTP is not supported. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
<ip-addr> IP address of the VPN. Usage switch(config)# aruba-vpn type switch(config)# aruba-vpn type amp switch(config)# aruba-vpn type amp peer-ip switch(config)# aruba-vpn type any NOTE: • When you configure aruba-vpn type as any, the switch creates a tunnel and updates the inner-ip.
Display brief configuration and status for all tunnels. Usage show interfaces tunnel aruba-vpn show interfaces tunnel brief show interfaces [tunnel] [<TUNNEL-LIST> | <TUNNEL-NAME> | brief | type] switch(config)# show interfaces tunnel aruba-vpn Tunnel Configuration : Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Central will automatically program the Activate portal with the required switch details and the group to which the switch must check in. The following diagram illustrates the working of Central ZTP: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 325
Switch being provisioned Branch 1 Activate Router/ WAN Router Firewall Internet WAN Router Corporate Aruba Central Servers Branch 2 Switch being provisioned The workflow is as follows: 1. The switches being provisioned in branches boot and connect to the Activate on the cloud. 2.
ZTP and Airwave registration. Authorize the new switch and then push the Golden Configuration template from Airwave. Example Enable Aruba Central server support switch(config)# aruba-central enable Disable Aruba Central server support Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
switch(config)# aruba-central disable Enter support mode to enable all CLI configuration commands switch(config)# aruba-central support-mode enable This mode will enable all CLI configuration commands, including those normally reserved by the Aruba Central service. Use of this mode may invalidate the configuration provisioned through Aruba Central server. Continue (y/n)? aruba-central support-mode Syntax...
NOTE: This switch is not connected to Activate, hence communication error is shown in “Server Software Version” and “Server Software Image URL” field. activate software-update update Syntax switch#(config) activate software-update update Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Description Updates the software for Activate. Options primary Update primary software image using the Aruba Activate server. secondary Update secondary software image using the Aruba Activate server. Example switch# activate software-update update This command will save the current configuration, update the selected software image, and reboot the system to the selected partition.
The ZTP process for stacked switches with Central is similar to the one for a standalone switch, with the exception that only the commander in the stack checks in with Central. For switches supported on Central when stacking is ON, refer to the Aruba Central Switch Configuration Guide. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Egress rate limiting is not supported on the Aruba 2530 Switch Series. • The egress-bandwidth is only supported for devices running on: ◦ Aruba 2920 Switch Series ◦ Aruba 2930F Switch Series ◦ Aruba 5400R zl2 Switch Series v2 & v3 modules •...
2 To remove device from switch: switch(config)# no device-identity name abc 3. Show device identity configuration: switch(config)# show device-identity lldp Device Identity Configuration Index Device name Subtype Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
◦ Aruba 2930F Switch Series • The egress-bandwidth is only supported for Aruba 2920 and Aruba 5400R Switch Series v2 & v3. • The egress-bandwidth option is not supported and not displayed in the CLI for the Aruba 2530 switch.
Enables automatic profile association. disable Disables automatic profile association. Options Removes the device type association and disables the feature for the device type. By default, this feature is disabled. Restrictions Only one device type is supported, aruba-ap, and it is used to identify all the Aruba access points. Rogue AP Isolation The Rogue AP Isolation feature detects and blocks any unauthorized APs in the network.
If rogue-ap-isolation blocks a MAC before it is configured to be authorized, packets from such MACs will be dropped until one of the following happens: • Rogue action is changed to LOG. • Rogue-AP isolation feature is disabled. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• The MAC is not detected as rogue anymore. • LLDP is disabled on the port (or globally). Once a MAC has been authorized by one of these features, it will not be blocked by Rogue AP isolation. A RMON will be logged to indicate the failure to block.
Configures the action to take for the rogue AP packets. This function is disabled by default. Parameters action Configure the action to take for rogue AP packets. By default, the rogue AP packets are blocked. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Options Logs traffic to or from any rogue access points. block Blocks and logs traffic to or from any rogue access points. rogue-ap-isolation whitelist syntax [no] rogue-ap-isolation whitelist <MAC-ADDRESS> Description Configures the rogue AP Whitelist MAC addresses for the switch. Use this command to add to the whitelist the MAC addresses of approved access points or MAC addresses of clients connected to the rogue access points.
The show run command displays one of the following values for untagged-vlan: • no untagged-vlan • untagged-vlan : None Cause The no device-profile or the no rogue-ap-isolation whitelist command is executed to configure untagged-vlan to 0. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Action No action is required. Show commands Use the following show commands to view the various configurations and status. Command Description show device-profile Shows the device profile configuration and status. show device-profile config Shows the device profile configuration details for a single profile or all profiles.
Page 342
The maximum number of whitelist MACs allowed is 128. rogue-ap-whitelist <MAC> Cannot add the whitelist entry because the specified MAC address is already configured as a lock-out MAC. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 343
Validation Error/Warning/Prompt lock-out <MAC> Cannot add the lock-out entry because the specified MAC address is already configured as a whitelist MAC. Cannot add an entry for the MAC address <MAC- lockout-mac <MAC-ADDRESS>ORstatic-mac <MAC-ADDRESS> vlan <vlan-id> interface ADDRESS> because it is already blocked by rogue- <interface>ORvlan <vlan-id>...
To remove device from switch: switch(config)# no device-identity name abc 3. Show device identity configuration: switch(config)# show device-identity lldp Device Identity Configuration Index Device name Subtype ------ ---------------------- ---------- ------- a1b2c3 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 13 Dynamically detecting LLDP device profiles LLDP device profile detection dynamically uses organization-specific TLV to detect and apply profiles to devices. Organizational Unique Identifiers (OUI) and subtypes are detected based on the configuration of the switch. A maximum of 16 devices can be detected and defined using LLDP. Requirements The device-identity must be configured with a name.
Associating a profile with a device Associate a profile with a device by using the command device-profile device-type <DEVICE-NAME> associate <PROFILE-NAME>. Associated devices can be Aruba Access Points, ArubaOS-Switch Switches, scs-wan-cpe, or association can be by the device profile. The feature is disabled by default. device-profile device-type associate Syntax device-profile device-type <DEVICE-NAME>...
Chapter 14 LACP-MAD LACP-MAD commands Configuration command The following command defines whether LACP is enabled on a port, and whether it is in active or passive mode when enabled. When LACP is enabled and active, the port sends LACP packets and listens to them. When LACP is enabled and passive, the port sends LACP packets only if it is spoken to.
Page 352
These devices simply forward LACP-MAD TLVs received on one interface to the other interfaces on the trunk. LACP-MAD passthrough can be enabled for 24 LACP trunks. By default, LACP-MAD passthrough is disabled. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 15 Scalability IP Address VLAN and Routing Maximum Values The following table lists the switch scalability values for the areas of VLANs, ACLs, hardware, ARP, and routing. Subject Maximum IPv4 ACLs total named (extended or standard) Up to 2048 (minus any IPv4 numeric standard or extended ACL assignments and any RADIUS-assigned ACLs) total numbered standard Up to 99...
Page 354
DHCPv6 Helper Addresses 32 unique addresses; multiple instances of same address counts as 1 towards maximum Actual availability depends on combined resource usage on the switch. See Monitoring resources on page 65. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 16 Static IP Visibility Only IP addresses assigned by the DHCP server are visible in RADIUS accounting on an ArubaOS-Switch. Visibility of statically assigned IP addresses in RADIUS accounting is available with a command that enables and disables static IP visibility for an authenticated client. IP client-tracker Syntax ip client-tracker [trusted | untrusted]...
Page 356
Port : 22 Authentication Type : mac-based Client Status : authenticated Session Time : 64 seconds Client Name : 0000005daa34 Session Timeout : 0 seconds MAC Address : 000000-5daa34 : n/a Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 357
Access Policy Details : COS Map : Not Defined In Limit Kbps : Not Set Untagged VLAN : 20 Out Limit Kbps : Not Set Tagged VLANs : No Tagged VLANs Port Mode : 1000FDx RADIUS ACL List : No Radius ACL List IPV6 Address : 2000::10 Chapter 16 Static IP Visibility...
The switch is properly connected to your network and has already been configured with a compatible IP address and subnet mask. • The TFTP server is accessible to the switch via IP. Before you use the procedure, do the following: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• Obtain the IP address of the TFTP server in which the software file has been stored. • If VLANs are configured on the switch, determine the name of the VLAN in which the TFTP server is operating. • Determine the name of the software file stored in the TFTP server for the switch (For example, E0820.swi). NOTE: If your TFTP server is a UNIX workstation, ensure that the case (upper or lower) that you specify for the filename is the same case as the characters in the software filenames on the server.
Page 360
From the Main Menu, select 2. Switch Configuration... 2. Port/Trunk Settings b. Check the Firmware revision line. For troubleshooting information on download failures, see Troubleshooting TFTP download failures on page 361. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Troubleshooting TFTP download failures Cause When using the menu interface, if a TFTP download fails, the Download OS (Operating System, or software) screen indicates the failure as seen in the following figure. Figure 44: Example: of message for download failure Some of the causes of download failures include: •...
NOTE: If you use auto-tftp to download a new image in a redundant management system, the active management module downloads the new image to both the active and standby modules. Rebooting after the auto-tftp process completes reboots the entire system. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Enabling TFTP (CLI) TFTP is enabled by default on the switch. If TFTP operation has been disabled, you can re-enable it by specifying TFTP client or server functionality with the tftp [client|server] command at the global configuration level. Syntax: [no] tftp [client | server] Disables/re-enables TFTP for client or server functionality so that the switch can: •...
You can use SFTP just as you would TFTP to transfer files to and from the switch, but with SFTP, your file transfers are encrypted and require authentication, so they are more secure than they would be using TFTP. SFTP works only with SSH version 2 (SSH v2). Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
NOTE: SFTP over SSH version 1 (SSH v1) is not supported. A request from either the client or the switch (or both) using SSH v1 generates an error message. The actual text of the error message differs, depending on the client software in use. Some examples are: Protocol major versions differ: 2 vs.
Page 366
While SFTP is enabled, TFTP and auto-TFTP cannot be enabled from the CLI. Attempting to enable either non-secure TFTP option while SFTP is enabled produces one of the following messages in the CLI: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
SFTP must be disabled before enabling tftp. SFTP must be disabled before enabling auto-tftp. Similarly, while SFTP is enabled, TFTP cannot be enabled using an SNMP management application. Attempting to do so generates an "inconsistent value" message. (An SNMP management application cannot be used to enable or disable auto-TFTP.) •...
+---mgr_keys authorized_keys \---oper_keys authorized_keys \---core port_1-24.cor core-dump for ports 1-24 (stackable switches only) port_25-48.cor core-dump for ports 25-48 (stackable switches only) Once you have configured your switch for secure file transfers with SCP and SFTP, files can be copied to or from the switch in a secure (encrypted) environment and TFTP is no longer necessary.
5. Press [Enter] and then execute the terminal emulator commands to begin Xmodem binary transfer. For example, using HyperTerminal: a. Click on Transfer, then Send File. b. Enter the file path and name in the Filename field. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
c. In the Protocol field, select Xmodem. d. Click on the [Send] button. The download then commences. It can take several minutes, depending on the baud rate set in the switch and in your terminal emulator. 6. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software.
Some USB flash drives may not be supported on your switch. Consult the latest Release Notes for information on supported devices. Downloading switch software using USB (CLI) This procedure assumes that: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 373
Procedure 1. A software version for the switch has been stored on a USB flash drive. (The latest software file is typically available from the HPE Switch Networking website at http://www.hpe.com 2. The USB device has been plugged into the switch's USB port. Before you use the procedure: •...
Where two switches in your network belong to the same series, you can download a software image between them by initiating a copy tftp command from the destination switch. The options for this CLI feature include: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• Copy from primary flash in the source to either primary or secondary in the destination. • Copy from either primary or secondary flash in the source to either primary or secondary flash in the destination. Downloading from primary only (CLI) Syntax: copy tftp flash <ip-addr>...
To use this method, a USB flash memory device must be connected to the switch's USB port. Syntax: copy flash usb <filename> Uses the USB port to copy the primary flash image from the switch to a USB flash memory device. Example: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
To copy the primary image to a USB flash drive: Procedure 1. Insert a USB device into the switch's USB port. 2. Execute the following command: switch# copy flash usb k0800.swi 3. where k0800.swi is the name given to the primary flash image that is copied from the switch to the USB device.
Xmodem: Copying a configuration file to a serially connected PC or UNIX workstation (CLI) To use this method, the switch must be connected via the serial port to a PC or UNIX workstation. You will need Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• Determine a filename to use • Know the directory path you will use to store the configuration file. Syntax: copy {<startup-config | running-config>} xmodem {<pc | unix>} copy config <filename> xmodem {<pc | unix>} Uses Xmodem to copy a designated configuration file from the switch to a PC or UNIX workstation. For more information, see "Multiple Configuration Files"...
To use this method, the switch must be connected via the USB port to a USB flash drive on which is stored the configuration file you want to copy. To execute the command, you will need to know the name of the file to copy. Syntax: copy usb startup-config <filename> Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Copies a configuration file from a USB device to the startup configuration file on the switch. Example: To copy a configuration file from a USB device to the switch: Procedure 1. Insert a USB device into the switch's USB port. 2.
Uses Xmodem to copy and execute an ACL command from a PC or UNIX workstation. Depending on the ACL commands used, this action does one of the following in the running-config file: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• Creates a new ACL. • Replaces an existing ACL. (See "Creating an ACL Offline" in the "Access Control Lists (ACLs)" in the latest access security guide for your switch.) • Adds to an existing ACL. Single copy command When a switch crashes, five files relating to the crash; core-dump, crash-data, crash-log, fdr-log, and event-log are created and should be copied for review.
Page 384
USB or xmodem terminal. flash Copy the switch system image file. SFTP server Copy data from a SFTP server. startup-config Copy in-flash configuration file. ssh-client-known-hosts Copy the known hosts file. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 385
Data file Operation note ssh-server-pub-key Copy the switch's SSH server public key. running-config Copy running configuration file. TFTP Copy data from a TFTP server. Copy data from a USB flash drive. xmodem Use xmodem on the terminal as the data source. Destination Specify the copy target.
Copies and executes the named text file from a USB flash drive and executes the ACL commands in the file. <filename.txt> A text file containing ACL commands and stored in the USB flash drive The type of workstation used to create the text file. {<unix | pc>} Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Depending on the ACL commands used, this action does one of the following in the running-config file: Procedure 1. Creates a new ACL. 2. Replaces an existing ACL. (See "Creating an ACL Offline" in the "Access Control Lists (ACLs)" chapter in the latest Access Security Guide for your switch.) 3.
<ip-address> <filepath_filename> copy event-log usb <filename> copy event-log xmodem <filename> These commands copy the Event Log content to a remote host, or to a serially connected PC or UNIX workstation. Example: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
To copy the event log to a PC connected to the switch: Figure 49: Sending event log content to a file on an attached PC Copying Command Log output to a destination device (CLI) Syntax: copy command-log [sftp | smm | tftp | usb | xmodem] Description This command copies the Command Log content to a remote host or to a serially-connected PC or UNIX workstation.
Copies all the log files from both management modules and all slots. mm-active Copies the active management module's log. mm-standby Copies the standby management module's log. slot Retrieves the crash log from the module in the identified slots. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 18 Monitoring and Analyzing Switch Operation Overview The switches have several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: • Status: Includes options for displaying general switch information, management address data, port status, port and trunk group statistics, MAC addresses detected on each port or VLAN, and STP, IGMP, and VLAN data. •...
This command clears all counters and statistics for all interfaces except SNMP. Parameters and options <PORT-LIST> Clears the counters and statistics for specific ports. global Clears all counters and statistics for all interfaces except SNMP. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Accessing port and trunk statistics (Menu) Procedure 1. From the Main Menu, select 1. Status and Counters ... , and then select 4. Port Counters. Figure 50: Example of port counters on the menu interface 2. To view details about the traffic on a particular port, use the ↓ key to highlight that port number, and then select Show Details .
Vxlan Tunnels. stack-Switch# show mac-address detail Status and Counters - Port Address Table MAC Address Port VLAN Age (d:h:m:s.ms) ------------- ------ ---- ---------------- 009c02-d80f28 1/2 0000:00:00:30.18 3464a9-abe500 1/2 0030:07:01:20.23 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
show mac-address <MAC-ADDRESS> detail Syntax Syntax show mac-address <MAC-ADDRESS> detail Description Specifies the age and existing details of the specific mac address given. manager Parameters <MAC-ADDRESS> Specifies the mac-address being requested in detail. Examples Show mac-address detail for f0921c-b6e97e. switch# show mac-address f0921c-b6e97e detail Status and Counters - Port Address Table MAC Address Port...
1. From the Main Menu, select 1. Status and Counters ... , and then select 5. VLAN Address Table. 2. Use the arrow keys to scroll to the VLAN you want, and then press Enter on the keyboard to select it. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
The switch then displays the MAC address table for that VLAN (Figure 52: Example of the address table on page 399.) Figure 52: Example of the address table 3. To page through the listing, use Next page and Prev page . Finding the port connection for a specific device on a VLAN This feature uses a device's MAC address that you enter to identify the port used by that device.
Displays the global and regional spanning-tree status for the switch, and displays the per-port spanning-tree operation at the regional level. Values for the following parameters appear only for ports connected to active devices: Designated Bridge, Hello Time, PtP, and Edge. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
show spanning-tree command output Figure 54: show spanning-tree command output IP IGMP status show ip igmp Syntax show ip igmp <VLAN-ID> [config] [group <IP-ADDR>|groups] [statistics] Description Global command that lists IGMP status for all VLANs configured in the switch, including: Chapter 18 Monitoring and Analyzing Switch Operation...
Page 402
IGMP Service Statistics Total VLANs with IGMP enabled Current count of multicast groups joined IGMP Joined Groups Statistics VLAN ID VLAN Name Filtered Flood ------- -------------------------------- ------------ ------------ VLAN2 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
VLAN information show vlan Syntax show vlan <VLAN-ID> Description Lists the maximum number of VLANs to support, existing VLANS, VLAN status (static or dynamic), and primary VLAN. Parameters and options <VLAN-ID> Lists the following for the specified VLAN: • Name, VID, and status (static/dynamic) •...
Enter the mirror port command on the source switch to configure an exit port on the same switch. To create the mirroring session, use the information gathered in High-level overview of the mirror configuration process on page 408. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Syntax mirror 1 - 4 port exit-port-# [name name-str] no mirror 1- 4 Assigns the exit port to use for the specified mirroring session and must be executed from the global configuration level. 1 - 4 Identifies the mirroring session created by this command. (Multiple sessions on the switch can use the same exit port.) name name-str Optional alphanumeric name string used to identify the session...
IPv6 traffic for mirroring. If a remote mirroring endpoint is configured on the switch, the following information is displayed. Otherwise, the output displays: There are no Remote Mirroring endpoints currently assigned. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Type Indicates whether the mirroring session is local (port), remote (IPv4), or MAC-based (mac) for local or remote sessions. UDP Source Addr The IP address configured for the source VLAN or subnet on which the monitored source interface exists. In the configuration of a remote session, the same UDP source address must be configured on the source and destination switches.
2. Create an IPv4 or IPv6 traffic class using the class command to select the packets that you want to mirror in a session on a preconfigured local or remote destination device. A traffic class consists of match criteria, which consist of match and ignore commands. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 409
• match commands define the values that header fields must contain for a packet to belong to the class and be managed by policy actions. • ignore commands define the values which, if contained in header fields, exclude a packet from the policy actions configured for the class.
For this reason, Hewlett Packard Enterprise strongly recommends that you first configure the exit switch in a remote mirroring session before you apply a mirroring service policy on a port or VLAN interface.
◦ You can configure only one mirroring session (destination) for each class. ◦ You can configure the same mirroring session for different classes. • If a mirroring session is configured with a classifier-based mirroring policy on a port or VLAN interface, no other traffic-selection criteria (MAC-based or all inbound and/or outbound traffic) can be added to the session.
(The MTU on the switches covered by this manual is 9220 bytes for frames having an 802.1Q VLAN tag, and 9216 bytes for untagged frames.) Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Table 26: Maximum frame sizes for mirroring Frame type Maximum VLAN tag Frame Frame mirrored to remote configuration frame size mirrored port to local port Data Data IPv4 header Untagged Non-jumbo (default 1518 1518 1464 config.) Jumbo on all VLANs 9216 9216 9162...
Effect of IGMP on mirroring If both inbound and outbound mirroring is operating when IGMP is enabled on a VLAN, two copies of mirrored IGMP frames may appear at the mirroring destination. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 415
• Mirrored traffic not encrypted Mirrored traffic undergoes IPv4 encapsulation, but mirrored encapsulated traffic is not encrypted. • IPv4 header added The IPv4 encapsulation of mirrored traffic adds a 54-byte header to each mirrored frame. If a resulting frame exceeds the maximum MTU allowed in the network, it is dropped or truncated (according to the setting of the [truncation] parameter in the mirror command.) To reduce the number of dropped frames, enable jumbo frames in the mirroring path, including all intermediate switches and/or routers.
This procedure describes configuring the switch for monitoring when monitoring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) From the console Main Menu, select: 2. Switch Configuration... Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
3. Network Monitoring Port In the Actions menu, press [E] (for Edit). If monitoring is currently disabled (the default) then enable it by pressing the Space bar (or [Y]) to select Yes. Press the down arrow key to display a screen similar to the following and move the cursor to the Monitoring Port parameter.
Elements in the monitor list can include port numbers and static trunk names at the same time. For example, with a port such as port 5 configured as the monitoring (mirror) port, you would use either of the following commands to select these interfaces for monitoring: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 419
• Ports 6-9, and 14 • Trunk 2 Selecting ports and static trunks as monitoring sources switch(config)# int 6-9, 14 trk2, monitor To monitor a VLAN: Configuring VLAN monitoring switch(config)# vlan 20 monitor switch(config)# show monitor Network Monitoring Port Mirror Port: 5 Monitoring sources ------------------ VLAN_20...
To show chassis power supply and settings, see show system power-supply • To show system fans for VSF members, see show system fans vsf Examples Locating the system chassis by LED blink using the show system chassislocate command. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Showing the general switch system information by using the show system command. show system fans Syntax show system fans Description Shows the state, status, and location of system fans. Command context manager and operator Usage Command can be executed using various command contexts. See examples for use of command context PoEP and VSF.
Page 422
| Chassis Sys-4 | Fan OK | PS 1 Sys-5 | Fan OK | PS 2 0 / 5 Fans in Failure State 0 / 5 Fans have been in Failure State Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
The state of all VSF switch members system fans is shown by using the command show system fans from within the VSF context. VSF-Switch# show system fans Fan Information VSF-Member | State | Failures | Location -------+-------------+----------+--------- Sys-1 | Fan OK | Fan Tray Sys-2 | Fan OK...
Page 424
Not Present J9830A IN43G4G05H Powered AC Power Consumption : 90 Watts AC MAIN/AUX Voltage : 210/118 Volts Power Supplied : 16 Watts Power Capacity : 2750 Watts Inlet Temp (C/F) : 30.9C/86.0F Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 425
Internal Temp (C/F) : 65.6C/149.0F Fan 1 Speed : 2000 RPM (37%) Fan 2 Speed : 1950 RPM (36%) 4 supply bays delivering power. Currently supplying 68 W / 4150 W total power. Use of the command show system power-supply fahrenheit shows the power supply status in Fahrenheit for all active switches.
Page 426
Two voltages are displayed for PS#4, as the J9830A includes two AC input IEC connectors. • Most power-supplies contain a single AC Input IEC connector and are labeled MAIN. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Field Description Power Supplied Actual voltage being supplied from the power-supply to the switch for general power and PoE. Power Capacity The maximum power that the power-supply can provide to the switch. Inlet Temp (C/F) The thermal sensor at the inlet of the power-supply - shown in both Celsius and Fahrenheit Internal Temp The thermal sensor internal to the power-supply (will vary depending...
Use the Port Utilization Graph and Alert Log in the WebAgent included in the switch to help isolate problems. These tools are available through the WebAgent: ◦ Port Utilization Graph ◦ Alert log Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
◦ Port Status and Port Counters screens ◦ Diagnostic tools (Link test, Ping test, configuration file browser) • For help in isolating problems, use the easy-to-access switch console built into the switch or Telnet to the switch console. For operating information on the Menu and CLI interfaces included in the console, see chapters 3 and 4.
Invalid ARP source: IP address on IP address where both instances of IP address are the same address, indicating that the switch's IP address has been duplicated somewhere on the network. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Duplicate IP addresses in a DHCP network If you use a DHCP server to assign IP addresses in your network, and you find a device with a valid IP address that does not appear to communicate properly with the server or other devices, a duplicate IP address may have been issued by the server.
• Correct. • Incorrect. No mask needed to specify a single host. • Incorrect. No mask needed to specify a single host. Apparent failure to log all "deny" matches Where the log statement is included in multiple ACEs configured with a "deny" option, a large volume of "deny" matches generating logging messages in a short period of time can impact switch performance.
1. Configure gateway security first for routing with specific permit and deny statements. 2. Permit authorized traffic. 3. Deny any unauthorized traffic that you have not already denied in step 1. IGMP-related problems Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Removing a port from a trunk without first disabling the port can create a traffic loop that can slow down or halt your network. Before removing a port from a trunk, Hewlett Packard Enterprise recommends that you either disable the port or disconnect it from the LAN.
Port Access Authenticator Status Port-access authenticator activated [No] : No Access Authenticator Authenticator Port Status Control State Backend State ---- ------ -------- -------------- -------------- Open Force Auth Idle Switch(config)# show port-access authenticator active Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Switch(config)# show port-access authenticator e 9 Port Access Authenticator Status Port-access authenticator activated [No] : Yes Access Authenticator Authenticator Port Status Control State Backend State ---- ------ -------- -------------- -------------- Closed FU Force Unauth Idle Port A9 shows an “Open” status even though Access Control is set to Unauthorized (Force Auth). This is because the port-access authenticator has not yet been activated.
Dynamic Authorization UDP Port : 3799 Auth Acct DM/ Time Server IP Addr Port Port CoA Window Encryption Key --------------- ---- ---- --- ------ --------------- 10.33.18.119 1812 1813 119-only-key • Global RADIUS Encryption Key • Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
MSTP and fast-uplink problems CAUTION: If you enable MSTP, Hewlett Packard Enterprise recommends that you leave the remainder of the MSTP parameter settings at their default values until you have had an opportunity to evaluate MSTP performance in your network. Because incorrect MSTP settings can adversely affect network performance, you should avoid making changes without having a strong understanding of how MSTP operates.
If the switch is functioning properly, but no username/password pairs result in console or Telnet access to the switch, the problem may be caused by how the TACACS+ server and/or the switch are configured. Use one of the following methods to recover: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• Access the TACACS+ server application and adjust or remove the configuration parameters controlling access to the switch. • If the above method does not work, try eliminating configuration changes in the switch that have not been saved to flash (boot-up configuration) by causing the switch to reboot from the boot-up configuration (which includes only the configuration changes made prior to the last write memory command.) If you did not use write memory to save the authentication configuration to flash, pressing the Reset button reboots the switch with the boot-up configuration.
VLAN_2 use the same link between switch "X" and switch "Y," as shown in Figure 65: Example: of correct VLAN port assignments on a link on page 442. Figure 65: Example: of correct VLAN port assignments on a link Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• If VLAN_1 (VID=1) is configured as "Untagged" on port 3 on switch "X," it must also be configured as "Untagged" on port 7 on switch "Y." Make sure that the VLAN ID (VID) is the same on both switches. •...
Page 445
Hewlett Packard Enterprise does not recommend automatic disabling of a port at the core or distribution layers when excessive broadcasts are detected, because of the potential to disable large parts of the network that may be uninvolved and for the opportunity to create a denial-of-service attack.
Alert Log. Enabling fault finder using the CLI Enter this CLI command to enable fault detection: Syntax: [no] fault-finder [fault][sensitivity <low|medium|high>][action <warn|warn-and-disable>] Enables or disables Fault Finder and sets sensitivity. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 447
When the warn-and-disable action option is configured, Fault Finder may also shut down a bad port in addition to sending an alert to the Alert Log. Default setting: fault-finder sensitivity medium action warn [fault]: Supported values are: • all: All fault types •...
Page 448
Too Long 1/10,000 20 secs If (late Cable — Outgoing collisions/ Excessive late total) >= collisions (a (sensitivity/ late collision 10,000) error occurs after the first 512 bit times) Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 449
Condition Sensitivities Units (in Time period Fault finder triggering packets) reacts: fault finder Over 21257 36449 1/10,000 5 mins5 mins If (excessive bandwidth - OutgoingOne collisions/ High collision Packet total) >= rate -High (sensitivity/ drop rate 10,000)The count of dropped packets >= sensitivity during the last...
10GbE SFP+ ER Transceiver J9144A 10GbE X2-SC LRM Transceiver J8438A 10Gbe X2-SC ER Transceiver Support indicators: • V - Validated to respond to DOM requests • N - No support of DOM Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• D - Documented by the component suppliers as supporting DOM • NA - Not applicable to the transceiver (copper transceiver) NOTE: Not all transceivers support Digital Optical Monitoring. If DOM appears in the Diagnostic Support field of the show interfaces transceiver detail command, or the hpicfTransceiverMIB hpicfXcvrDiagnostics MIB object, DOM is supported for that transceiver.
Wavelength For an optical transceiver: the central wavelength of the laser sent, in nm. If the transceiver supports multiple wavelengths, the values will be separated by a comma. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 453
Parameter Description Transfer Link-length supported by the transceiver in meters. The corresponding transfer medium is Distance shown in brackets following the transfer distance value, For example, 50um multimode fiber. If the transceiver supports multiple transfer media, the values are separated by a comma. Diagnostic Shows whether the transceiver supports diagnostics: Support...
Page 454
TX fault TX fault PMA/PMD transmitter local fault PMA/PMD transmitter local fault PCS Transmit local fault PCS transmit local fault PHY XS transmit local fault PHY SX transmit local fault Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 455
Alarm Description TX bias high TX bias current is high TX bias low TX bias current is low TX power high TX power is high TX power low TX power is low Temp high Temperature is high Temp low Temperature is low An Example: of the output for the show interfaces transceiver [port-list] detail for a 1000SX transceiver is shown below.
Status to Fault Skew Polarity Mode ----- ----- ---------- --------- ----- --------- ------ 6 ns Normal MDIX 0 ns Normal 6 ns Normal MDIX 6 ns Normal Short Impedance Impedance Open Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 457
Copper cable diagnostic test results switch# show interfaces transceiver a23 detail Transceiver in A23 Interface Index : 23 Type : 1000T-sfp Model : J8177C Connector Type : RJ45 Wavelength : n/a Transfer Distance : 100m (copper), Diagnostic Support : VCT Serial Number : US051HF099 Link Status...
The contents of the Event Log are not erased if you: • Reboot the switch by choosing the Reboot Switch option from the menu interface. • Enter the reload command from the CLI. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Event Log entries As shown in Figure 69: Format of an event log entry on page 459, each Event Log entry is composed of six or seven fields, depending on whether numbering is turned on or not: Figure 69: Format of an event log entry Item Description Severity...
Page 460
Access Security Guide auth Authorization: A connected client must receive authorization through web, AMC, RADIUS-based, TACACS+-based, or 802.1X authentication before it can send traffic to the switch. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 461
System module Description Documented in HPE Switch hardware/software guide Management and Configuration Cisco Discovery Protocol: Supports Guide reading CDP packets received from neighbor devices, enabling a switch to learn about adjacent CDP devices. HPE does not support the transmission of CDP packets to neighbor devices.
Page 462
Runtime logs are written to FDR memory while the switch is running, and crashtime logs are collected and stored in the FDR buffer during a switch crash. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 463
System module Description Documented in HPE Switch hardware/software guide Installation and Getting Started Find, Fix, and Inform: Event or alert Guide log messages indicating a possible topology loop that causes excessive Management and Configuration network activity and results in the Guide network running slow.
Page 464
The switch meshing feature provides redundant links, improved bandwidth use, and support for different port types and speeds. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 465
System module Description Documented in HPE Switch hardware/software guide lldp Link-Layer Discovery Protocol: Management and Configuration Supports transmitting LLDP packets Guide to neighbor devices and reading LLDP packets received from neighbor devices, enabling a switch to advertise itself to adjacent devices and to learn about adjacent LLDP devices.
Page 466
Rate-limiting: Enables a port to limit Management and Configuration the amount of bandwidth a user or Guide device may utilize for inbound traffic on the switch. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 467
System module Description Documented in HPE Switch hardware/software guide sflow Flow sampling: sFlow is an industry Management and Configuration standard sampling technology, Guide defined by RFC 3176, used to continuously monitor traffic flows on all ports providing network-wide visibility into the use of the network. snmp Simple Network Management Management and Configuration...
Page 468
IP Guide and is used to set up connections. telnet Session established on the switch Basic Operation Guide from a remote device through the Telnet virtual terminal protocol. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 469
System module Description Documented in HPE Switch hardware/software guide tftp Trivial File Transfer Protocol: Basic Operation Guide Supports the download of files to the switch from a TFTP network server. timep Time Protocol: Synchronizes and Management and Configuration ensures a uniform time among Guide interoperating devices.
I 10/25/13 17:42:51 00128 tftp: Enable succeeded I 10/25/13 17:42:51 00417 cdp: CDP enabled ---- Log events stored in memory 1-751. Log events on screen 690-704. Actions-> Back Next page Prev page Help Return to previous screen. Use up/down arrow to scroll one line, left/right arrow keys to change action selection, and <Enter>...
As a result, the Event Log and any configured SNMP trap receivers may be flooded with excessive, exactly identical messages. To help reduce this problem, the switch uses log throttle periods to regulate (throttle) Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
duplicate messages for recurring events, and maintains a counter to record how many times it detects duplicates of a particular event since the last system reboot. When the first instance of a particular event or condition generates a message, the switch initiates a log throttle period that applies to all recurrences of that event.
SNMP trap receivers.) Table 34: How the duplicate message counter increments Instances during 1st log Instances during 2nd log Instances during 3rd log Duplicate message throttle period throttle period throttle period counter Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
This value always comprises the first instance of the duplicate message in the current log throttle period plus all previous occurrences of the duplicate message occurring since the switch last rebooted. Reporting information about changes to the running configuration Syslog can be used for sending notifications to a remote syslog server about changes made to the running configuration.
Use the logging origin-id command to specify the content for the hostname field. Syntax: logging origin-id [ip-address|hostname|none] [no] logging origin-id [ip-address|hostname|none] To reset the hostname field content back to default (IP-address), use the no form of the command. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 477
filter Creates a filter to restrict which events are logged. IP-ADDR Adds an IPv4 address to the list of receiving syslog servers. IPV6-ADDR Adds an IPv6 address to the list of receiving syslog servers. origin-id Sends the Syslog messages with the specified origin-id. notify Notifies the specified type sent to the syslog server(s).
When hostname or none is configured using logging origin-id, the same displays as part of the show running-config command. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 479
Syntax: show debug Default option is ip-address. The following shows the output of the show debug command when configured without loggin origin-id. Output of the show debug command when configured without login origin-id Debug Logging Origin identifier: Outgoing Interface IP Destination: None Enabled debug types:...
A debug/syslog destination device can be a syslog server and/or a console session. You can configure debug and logging messages to be sent to: • Up to six syslog servers • A CLI session through a direct RS-232 console connection, or a Telnet or SSH session Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Debug/syslog configuration commands Event notification logging — Automatically sends switch-level event messages to the switch's Event Log. Debug and syslog do not affect this operation, but add the capability of directing Event Log messaging to an external device. <syslog-ip-addr> logging command Enables syslog messaging to be sent to the specified IP address.
Page 482
Sends standard Event Log messages to configured debug destinations. (The same messages are also sent to the switch's Event Log, regardless of whether you enable this option.) Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 483
fib: Displays IP Forwarding Information Base messages and events.forwarding: Sends IPv4 forwarding messages to the debug destinations.ospf: Sends OSPF event logging to the debug destinations.ospfv3: Enables debug messages for OSPFv3.packet: Sends IPv4 packet messages to the debug destinations. pim [packet [filter {source <...
Display the current Syslog server list when Syslog logging is disabled. Configuring debug/syslog operation Procedure 1. To use a syslog server as the destination device for debug messaging, follow these steps: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 485
a. Enter the logging <syslog-ip-addr> command at the global configuration level to configure the syslog server IP address and enable syslog logging. Optionally, you may also specify the destination subsystem to be used on the syslog server by entering the logging facility command.If no other syslog server IP addresses are configured, entering the logging command enables both debug messaging to a syslog server and the event debug message type.
In the following Example:, no syslog servers are configured on the switch (default setting). When you configure a syslog server, debug logging is enabled to send Event Log messages to the server. To limit the Event Log Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 487
messages sent to the syslog server, specify a set of messages by entering the logging severity and logging system-module commands. Figure 72: Syslog configuration to receive event log messages from specified system module and severity levels As shown at the top of Figure 72: Syslog configuration to receive event log messages from specified system module and severity levels on page 487, if you enter the show debug command when no syslog server IP address is configured, the configuration settings for syslog server facility, Event Log severity level, and system module are not displayed.
By default, no debug destination is enabled and only Event Log messages are enabled to be sent. NOTE: To configure a syslog server, use the logging <syslog-ip-addr> command. For more information, see Configuring a syslog server on page 492. Debug messages Syntax: [no] debug <debug-type> Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 489
When a match occurs on an ACL "deny" ACE (with log configured), the switch sends an ACL message to configured debug destinations. For information on ACLs, see the "Access Control Lists (ACLs)" in the latest version of the following guides: •...
Use the debug destination command to enable (and disable)syslog messaging on a syslog server or to a CLI session for specified types of debug and Event Log messages. Syntax: [no] debug destination {<logging | session | buffer>} Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
logging Enables syslog logging to configured syslog servers so that the debug message types specified by the debug <debug-type> command (see Debug messages on page 488) are sent.(Default: Logging disabled)To configure a syslog server IP address, see Configuring a syslog server on page 492. NOTE: Debug messages from the switches covered in this guide have a debug severity level.
Deleting syslog addresses in the startup configuration Enter a no logging command followed by the write memory command. Verifying the deletion of a syslog server address Display the startup configuration by entering the show config command. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 493
Blocking the messages sent to configured syslog servers from the currently configured debug message type Enter the no debug <debug-type> command. (See Debug messages on page 488.) Disabling syslog logging on the switch without deleting configured server addresses Enter the no debug destination logging command. Note that, unlike the case in which no syslog servers are configured, if one or more syslog servers are already configured and syslog messaging is disabled, configuring a new server address does not re-enable syslog messaging.
[no] logging facility <facility-name> The logging facility specifies the destination subsystem used in a configured syslog server. (All configured syslog servers must use the same subsystem.) Hewlett Packard Enterprise recommends the default (user) subsystem unless your application specifically requires another subsystem. Options include:...
Syntax: logging <ip-addr> [control-descr ZZZZTRISHZZZZ <text_string>] no logging <ip-addr> [control-descr] An optional user-friendly description that can be associated with a server IP address. If no description is entered, this is blank. If <text_string> contains white space, use quotes around the string. IPv4 addresses only. Use the no form of the command to remove the description.
NOTE: This setting has no effect on event notification messages that the switch normally sends to the Event Log. Enabling local command logging Use this command to enable local command logging. This satisfies the NDcPP certification requirement that: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• All administrative actions (commands) are logged locally. • Local command log storage can be enabled and disabled. • The identity of the user causing an event is logged. • When the command log is exhausted by 80% and wraparound occurs, the event is logged and a trap is generated.
To start a ping or link test in the WebAgent: 1. In the navigation pane, click Troubleshooting. 2. Click Ping/Link Test. 3. Click Start. 4. To halt a link or ping test before it concludes, click Stop. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
For an Example: of the text screens, see Figure 74: Ping test and link test screen on the WebAgent on page 499. Figure 74: Ping test and link test screen on the WebAgent Destination IP Address is the network address of the target, or destination, device to which you want to test a connection with the switch.
Page 500
10.10.10.10 is alive, iteration 1, time = 15 ms 10.10.10.10 is alive, iteration 1, time = 15 ms 10.10.10.10 is alive, iteration 1, time = 15 ms switch# ping 10.10.10.10 timeout 2 10.10.10.10 is alive, time = 10 ms Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
switch# ping 10.11.12.13 The destination address is unreachable. Halting a ping test To halt a ping test before it concludes, press [Ctrl] [C]. NOTE: To use the ping (or traceroute) command with host names or fully qualified domain names, see DNS resolver on page 516.
Page 502
3) The source IPv4 address, VLAN ID, or Loopback address. [source {< ip- addr | vid | loopback <0-7> >}] Destination port. [dstport < 1-34000 >] Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Source port. [srcport < 1-34000 >] Specify an IP option, such as loose or strict source routing, or an include-timestamp [ip-option] option:[include-timestamp]: Adds the timestamp option to the IP header. The timestamp displays the amount of travel time to and from a host.Default: 9[include-timestamp-and-address]: Records the intermediate router's timestamp and IP address.Default: 4[loose-source-route <IP-addr>] : Prompts for the IP address of each source IP on the path.It allows you to specify the...
CLI using the commands described in this section. Viewing the startup or running configuration file Syntax: write terminal Displays the running configuration. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
show config Displays the startup configuration. show running-config Displays the running-config file. For more information and examples of how to use these commands, see “Switch Memory and Configuration” in the basic operation guide. Viewing the configuration file (WebAgent) To display the running configuration using the WebAgent: 1.
(In this case, Microsoft Word provides the data in an easier-to-read format.) The following example uses the Microsoft Windows terminal emulator. If you are using a different terminal emulator application, see the documentation provided with the application. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Procedure 1. In Hyperterminal, click on Transfer|Capture Text…. Figure 79: Capture text window of the Hyperterminal application 2. In the File field, enter the path and file name in which you want to store the show tech output. Figure 80: Entering a path and filename for saving show tech output 3.
Page 508
Includes the contents of the running configuration file in show tech command output startup-config Includes the contents of the startup configuration file in show tech command output. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
tftp config {<startup-config | Downloads the contents of a configuration file from a remote running-config} <ip-addr> <remote- host to show tech command output, where: file> {<pc | unix>} <ip-addr>: Specifies the IP address of the remote host device. <remote-file>: Specifies the pathname on the remote host for the configuration file whose contents you want to include in the command output.
Following are examples of what portions of the running config file display depending on the option chosen. Pattern matching with include option switch(config)# show run | include ipv6 ipv6 enable ipv6 enable Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 511
ipv6 access-list "EH-01" switch(config)# Displays only lines that contain “ipv6”. Pattern matching with exclude option switch(config)# show run | exclude ipv6 Running configuration: ; J9299A Configuration Editor; Created on release #WB.15.XX hostname "HP Switch" snmp-server community "notpublic" Unrestricted vlan 1 name "DEFAULT_VLAN"...
Repeatedly executes one or more commands so that you can see the results of multiple commands displayed over a period of time. To halt the command execution, press any key on the keyboard. Syntax: setup Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• • Clear/Reset button combination NOTE: Hewlett Packard Enterprise recommends that you save your configuration to a TFTP server before resetting the switch to its factory-default configuration. You can also save your configuration via Xmodem to a directly connected PC.
For Example: a. Change the switch baud rate to 115,200 Bps. => sp 115200 b. Change the terminal emulator baud rate to match the switch speed: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 515
In HyperTerminal, select Call|Disconnect. Select File|Properties. III. Click on Configure. Change the baud rate to 115200. Click on [OK], then in the next window, click on [OK] again. Select Call|Connect. VII. Press [Enter] one or more times to display the => prompt. 4.
DNS server in this same domain. This time, the operator wants to use the switch to trace the route to a host named "remote-01" in a different domain named common.group.net. Assuming this second domain is Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
accessible to the DNS server already configured on the switch, a traceroute command using the target's fully qualified DNS name should succeed. Figure 83: Example: using the fully qualified domain name for an accessible target in another domain Configuring and using DNS resolution with DNS-compatible commands The DNS-compatible commands include ping and traceroute.) Procedure 1.
Configuring switch "A" with the domain name and the IP address of a DNS server for the domain enables the switch to use host names assigned to IP addresses in the domain to perform ping and traceroute actions on the devices in the domain. To summarize: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 519
Entity Identity DNS server IP address 10.28.229.10 Domain name (and domain suffix for hosts in the pubs.outdoors.com domain) Host name assigned to 10.28.229.219 by the DNS docservr server Fully qualified domain name for the IP address used by docservr.pubs.outdoors.com the document server (10.28.229.219) Switch IP address 10.28.192.1 Document server IP address...
The DNS servers and domain configured on the switch must be accessible to the switch, but it is not necessary for any intermediate devices between the switch and the DNS server to be configured to support DNS operation. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• When multiple DNS servers are configured on the switch, they can reside in the same domain or different domains. • A DNS configuration must include the IP address for a DNS server that is able to resolve host names for the desired domain.
Specify the number of times the job should run. delay Specify the delay before running the job. enable Enable a job that is disabled or expired. disable Disable a job. By default, a job is enabled. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Usage job <JOB NAME> at <([DD:]HH:]MM on <WEEKDAY-LIST>)> config-save <COMMAND> count <1-1000> job <JOB NAME> at <[HH:]MM on [MM/]DD> config-save <COMMAND> count <1-1000> job <JOB NAME> at <EVENT> config-save <COMMAND> job <JOB NAME> delay <([DD:]HH:]MM> config-save <COMMAND> count <1-1000> job <JOB NAME> enable | disable [no] job <JOB NAME>...
Page 524
Job Information Job Name : foo Runs At : 17:00 SxTWTxS Config Save : Yes Repeat Count: -- Run Count Error Count : 0 Command : savepower led Job Status : Enabled Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 22 Configuration backup and restore without reboot Overview The traditional way of restoring a configuration from a backup configuration file required a switch reboot for the new configurations to be effective. There were network outages and a planned downtime for even minor changes. The switch configuration can now be restored from a backup configuration without reboot.
Time Taken : 3 Seconds Last Run : Tue Nov 28 18:24:09 2017 Recovery Mode : Enabled Failure Reason Number of Add Commands : 14 Number of Remove Commands : 0 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Time Taken for Each Phase : Calculating diff : 1 Seconds Adding commands : 2 Seconds Removing commands : 0 Seconds Rolling back to a stable configuration using job scheduler Procedure 1. Configure the job using alias with the required configuration. alias <name>...
The configuration backup creates a backup of the running or startup configuration of ArubaOS-Switch on-demand to the flash storage on the switch. The maximum number of backup files supported has increased from three to five. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
NOTE: When you downgrade configuration backup files from five to three, and if the current number of files is either a four or five, an error message Configuration file <name> stored in config index 5 is not supported in lower image versions is displayed. cfg-backup Syntax cfg-backup {running-config | startup-config} config <FILE-NAME>...
Page 530
1 type jl255a snmp-server community "public" unrestricted vlan 1 name "DEFAULT_VLAN" no untagged 3-10 untagged 1-2,11-28 ip address dhcp-bootp exit vlan 100 name "VLAN100" untagged 3-5 no ip address exit Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
vlan 200 name "VLAN200" untagged 6-10 no ip address exit Configuration restore without reboot The cfg-restore without reboot command restores the configuration without reboot from a backup configuration to the running configuration of the switch. The details about the difference between a running and a backup configuration can be displayed using cfg- restore {flash | tftp | sftp} <FILE-NAME>...
Page 532
10.100.0.12 config_file diff Provide the list of changes that will be applied on the running configuration. force Apply the configuration with reboot if the configuration has reboot required commands or Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
system-wide change commands present. non-blocking Config restoration in non-blocking mode. recovery-mode To enable/disable recovery-mode. verbose Provide the details of config restore status and the list of commands to be added or deleted. switch(config)# cfg-restore flash add non-blocking diff Provide the list of changes that will be applied on the running configuration.
Performs restore in non-blocking mode. Command context config Example switch(config)# cfg-restore flash add non-blocking Current running-configuration will be replaced with 'add'. Continue (y/n)? y Configuration restore is in progress, configuration changes are temporarily disabled. switch(config)# Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
switch(config)# show cfg-restore status Status : Success Config File Name : add Source : Flash Time Taken : 2 Seconds Last Run : Sun Oct 22 22:09:02 2017 Recovery Mode : Enabled Failure Reason Number of Add Commands Number of Remove Commands : 10 Time Taken for Each Phase : Calculating diff : 1 Seconds...
Page 536
Partially applied configuration 'modify' to running configuration. Aruba-2930F-24G-PoEP-4SFPP(config)# show running-config Running configuration: ; JL255A Configuration Editor; Created on release #WC.16.05.0000x ; Ver #12:08.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:ba hostname "Aruba-2930F-24G-PoEP-4SFPP" module 1 type jl255a Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
ip routing snmp-server community "public" unrestricted vlan 1 name "DEFAULT_VLAN" untagged 1-28 ip address dhcp-bootp exit vlan 100 name "VLAN100" no ip address exit cfg-restore verbose Syntax cfg-restore {flash | tftp | sftp} <FILE-NAME> verbose Description Provides the details of configuration restore status and the list of commands to be added or deleted along with cfg-restore.
: TFTP Time Taken : 4 Seconds Last Run : Wed Nov 8 21:11:10 2017 Recovery Mode : Enabled Failure Reason Number of Add Commands Number of Remove Commands : 7 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Time Taken for Each Phase : Calculating diff : 1 Seconds Adding commands : 0 Seconds Removing commands : 0 Seconds switch(config)# show config files Configuration files: id | act pri sec | name ---+-------------+--------- | config Configuration restore with force option Prerequisites Back up the configuration using traditional copy config or cfg-backup commands.
Configuration restore without force option If the two configuration files backed up are file1 and file2: Prerequisites Backup the configuration using either the traditional copy config or the cfg-backup commands. Procedure 1. Execute the show config files command. By default, the config file provides all the associations. switch(config)# show config files Configuration files: id | act pri sec | name...
Page 542
Failed to remove commands: Line: 12 vlan 10 Line: 15 no ipv6 nd snooping mac-check Failed to add commands: Line: 10 icmp 10.100.0.12 source-inter vlan 1 Line: 20 udp-echo 10.100.0.12 source vlan 1 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
NOTE: The number of add and delete commands is calculated excluding the exit commands in the configuration file. Viewing the differences between a running configuration and a backup configuration Prerequisites Use the cfg-restore {flash | tftp | sftp} <FILE-NAME> diff command to view the list of configuration changes that are removed, modified, or added to the running configuration.
Page 544
Show configuration restoration status. switch(config)# show cfg-restore latest-diff Configuration delete list: ip default-gateway 172.20.0.1 vlan 100 name "VLAN100" no ip address exit Configuration add list: vlan 10 name "VLAN10" no ip address Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
exit switch(config)# Show commands to show the SHA of a configuration The show commands provide SHA details of the running and startup configurations. show hash Syntax show {config | running-config} hash {recalculate} Description Shows SHA ID of startup or running configuration. Command context config Examples...
Only read operation is allowed. Attempts to use write operation results in the Configuration restore is in progress, configuration changes are temporarily disabled error. The following show commands are blocked during a configuration restoration process: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• show-tech • show config • show running-config • show startup-config Troubleshooting and support Switch configuration restore without reboot feature provides CLI support to: • display the number of commands with line number that failed to restore. • display the delta between running configuration and the configuration to be restored. More information Viewing the differences between a running configuration and a backup configuration on page 543 show cfg-restore status on page 541...
Enable/Disable debug tracing for MOCANA code Debug security Syntax debug security ssl Description Enables the debug tracing for MOCANA code. Use the [no] parameter to disable debug tracing. Display all SSL messages. User diagnostic crash via Front Panel Security (FPS) button Allows the switch’s front panel Clear button to manually initiate a diagnostic reset.
Disables the diagnostic reset feature so that the user is prevented from capturing diagnostic data and performing a diagnostic reset on the switch. Both the sub-options reset-via-serial-console and reset-via-clear- button will be disabled. This is necessary if the switch becomes unresponsive (hangs) for unknown reasons. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
No front-panel-security diagnostic-reset no front-panel-security diagnostic-reset Clear Password - Enabled Reset-on-clear - Disabled Factory Reset - Enabled Password Recovery - Enabled Diagnostic Reset - Disabled CAUTION: Disabling the diagnostic reset prevents the switch from capturing diagnostic data on those rare events where the switch becomes unresponsive to user input because of unknown reasons.
Press and release the Reset button Same as a standalone switch, except: switch) • If the Commander, the Standby switch will become Commander. • If the Standby, a new Standby will be elected. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
To accomplish this Do this Result Hard Reset (Stacked Press and hold the Reset button for Same as a standalone switch, except: switch) more than 5 seconds (until all LEDs turn on), then release. • If the Commander, the Standby switch will become Commander.
SMM: User has initiated diagnostic reset via the serial console. Sw_panic() message when triggered via RMON_BOOT_CRASH_RECORD1 STKM: User has initiated diagnostic reset via the serial console. Sw_panic() message when triggered via non- commander Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Event Message Console print STKM: HA Sync in progress; user initiated diagnostic request via the serial console rejected. Retry after sometime. Printed on the device console. When standby is in sync state, we don’t want to crash the commander. So we report to the user to retry later Console print STKM: Member is booting;...
STKM: HA Sync in progress; user initiated diagnostic request via the serial console rejected. Retry after sometime. Console print STKM: Member is booting; user initiated diagnostic request via the serial console rejected. Retry after sometime. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 24 IP Service Level Agreement Overview IP Service Level Agreement (IP SLA) is a feature that helps administrators collect information about network performance in real time. With increasing pressure on maintaining agreed-upon Service Level Agreements on Enterprises and ISPs alike, IP SLA serves as a useful tool. Any IP SLA test involves a source node and a destination node.
Page 558
The maximum number of Jitter responder sessions (UDP Jitter + Jitter For VoIP) supported is 10. The maximum number of Jitter initiator sessions (UDP Jitter + Jitter For VoIP) supported is 5. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• IMC (Intelligent Management Center) supports below IP SLA: ◦ DHCP • Measurement of RTT and jitter values is in milliseconds. • IPv6 SLA for UDP jitter and VoIP is not supported. • UDP jitter and UDP jitter for VoIP tests are not supported over Tunnel, Trunk, and OOBM interfaces. •...
<ID> clear Description Clear history records, message statistics, and threshold counters of a particular SLA entry. Options records Clear history records, message statistics, and threshold counters of particular SLA entry. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
[no] ip-sla <ID> history-size Syntax [no] ip-sla <ID> history-size Description Configure the number of history records to be stored for the IP SLA. The maximum supported size is 50 and the default value for history-size is 25. [no] ip-sla <ID> icmp-echo Syntax [no] ip-sla <ID>...
Take no action. [no] ip-sla <ID> monitor test-completion Syntax [no] ip-sla <ID> monitor test-completion action-type [trap | log | trap-log | none] Description Configure action to be taken when test gets completed. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• trap: Send snmp-trap when configured threshold is hit. • log: Only log the event when configured threshold is hit. • trap-log: Send snmp-trap and log the event when configured threshold is hit. • none: Take no action. [no] ip-sla <ID> schedule Syntax [no] ip-sla <ID>...
: 2008-05-29 13:56:17.6 Extended Results: Packet Loss in Test : 0% UDP-Jitter Results: RTT Number : 10 Min Positive SD Min Positive DS Max Positive SD : 21 Max Positive DS : 28 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Positive SD Number Positive DS Number Positive SD Sum : 52 Positive DS Sum : 38 Positive SD Average : 10 Positive DS Average : 10 Positive SD Square Sum : 754 Positive DS Square Sum : 460 Min Negative SD Min Negative DS Max Negative SD : 13...
Show the IP SLA responder statistics details. Options udp-jitter Show the IP SLA responder statistics for UDP Jitter SLA type. udp-jitter-voip Show the IP SLA responder statistics for UDP Jitter VoIP SLA type. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
show ip-sla responder statistics IP SLA Responder : Active Number of packets received : 31 Number of error packets received : 0 Number of packets sent Recent Sources : 10.12.80.100 [07:23:49.085 UTC Sun Oct 25 2015] UDP 10.12.80.100 [07:22:49.003 UTC Sun Oct 25 2015] TCP 10.12.80.100 [07:20:48.717 UTC Sun Oct 25 2015] TCP 10.12.80.100 [07:18:48.787 UTC Sun Oct 25 2015] TCP 10.12.80.100 [07:17:48.871 UTC Sun Oct 25 2015] TCP...
Page 570
Mon Jun 13 10:42:05 2016 Passed Mon Jun 13 10:42:52 2016 Passed Mon Jun 13 10:43:52 2016 Passed Mon Jun 13 10:44:52 2016 Passed Mon Jun 13 10:45:52 2016 Passed ICMP ID hash walk: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
========== IP SLA show tech END ============== ======== IP SLA Server show tech BEGIN ============ Responder not active IP SLA Responder: Inactive ======== IP SLA Server show tech END ============ === The command has completed successfully. === clear ip-sla responder statistics Syntax clear ip-sla responder statistics <SLA-TYPE>...
SLA type with a value of ‘number of IP SLA type. packets per probe’ and ‘packet interval’ which is not satisfying the condition frequency > number of packets per probe * packet interval. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 573
Validation Error/Warning/Prompt Configuring IP SLA with invalid values. Invalid configuration for IP SLA. Change the IP SLA configuration when the SLA Configuration changes not allowed when IP SLA is enabled. is enabled. When IP address vs port number configured for Error: Socket for configured address, port is already in use, an SLA is already in use choose different port number...
100, Action Type: Trap and Log. Actual Threshold: User adds DNS IP-SLA configuration I 08/09/16 02:47:12 05029 ipsla: The IP SLA 1 of SLA Type: DNS, Name server IPv4 Address: 10.0.0.1, Target Hostname: a.hp.com added Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Event Message User removes DNS IP-SLA configuration I 08/09/16 02:47:12 05030 ipsla: The IP SLA 1 of SLA Type: DNS, Name server IPv4 Address: 10.0.0.1, Target Hostname: a.hp.com removed. The packet loss threshold for the SLA has reached I 08/09/16 02:47:12 05023 ipsla: The IP SLA 1 of SLA Type: DNS, Packet loss is observed.
The initiator timestamps the frame at a pre-defined location before sending the frame out to the configured destinations and re-timestamps the frame at a different location once it receives the same back from the responder. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
IP SLA measurement engine This is an application running on the initiator. It processes response frames received from the IP SLA responder and computes one-way delay, jitter and RTT based on the timestamps present in the packet. This application aggregates this computed information across multiple probe samples and stores this for consumption by an NMS via SNMP or via the device CLI.
Page 578
This requires the Initiator and the Responder to be time synchronized with the same clock server. This is explained in the illustration below: Round trip time RTT is measured at the initiator on a per packet basis and is as illustrated below: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 25 Easing Wired/Wireless Deployment feature integration Overview Auto device detection The command device-profile enables the user to define profiles and configure the associations of profiles to each device type. By creating a device profile, parameters will be defined for a connection interface by device type.
Configure this port as an untagged member of specified VLAN. tagged-vlan <VLAN-LIST> Configure this port as a tagged member of the specified VLANs. cos <COS-VALUE> Configure the Class of Service (CoS) priority for traffic from the device. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
ingress-bandwidth <PERCENTAGE> Configure ingress maximum bandwidth for the device port. egress-bandwidth <PERCENTAGE> Configure egress maximum bandwidth for the device port. poe-max-power <WATTS> Configure the maximum PoE power for the device port (in watts). poe-priority Configure the PoE priority for the device port. Usage [no] device-profile name <PROFILE-NAME>...
Configures rogue AP Whitelist MAC addresses for the switch. This option is used to add MAC addresses of approved access points to the whitelist. <MAC-ADDR> Specify the MAC address of the device to be moved from the Rogue AP list to the whitelist. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Usage rogue-ap-isolation [enable | disable] rogue-ap-isolation action [log | block] [no] rogue-ap-isolation whitelist <MAC-ADDRESS> VXLAN show commands VXLAN show commands include commands to display the status of a VXLAN feature, tunnels, and tunnel statistics. show device-profile Syntax Within the configure context: show device-profile Description Show device profile configuration and status.
Device Type Applied Device Profile ---- ----------- ---------------------- aruba-ap profile1 aruba-ap profile1 Show rogue-ap-isolation Syntax show rogue-ap-isolation Description Show rogue access point information. Options whitelist Show rogue access point whitelist information. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 585
Usage show rogue-ap-isolation whitelist show rogue-ap-isolation Switch# show rogue-ap-isolation Rogue AP Isolation Rogue AP Status : Enable Rogue AP Action : Block Rogue AP MAC Neighbor Device ----------------- ----------------- 11:22:33:44:55:66 00:12:34:56:67:89 aa:bb:cc:dd:ee:ff 00:98:45:56:67:89 show rogue-ap-isolation whitelist Switch# show rogue-ap-isolation whitelist Rogue AP Whitelist Configuration Rogue AP MAC -----------------...
If configured, untagged VLAN specified in the user role (VSA Derived Role, UDR, or Initial Role). ◦ Statically configured untagged and/or tagged VLANs of the port the user is on. Operational notes Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 587
• When user roles are enabled, all users that are connecting on ports where authentication is configured will have a user role applied. User role application happens even if the user fails to authenticate. If the user cannot be authenticated, the “Initial Role” will be applied to that user. •...
Create a captive-portal profile. Profiles are used in user roles to direct the user to a designated captive portal server. When the profile includes a web address, that web address is always used to contact the server. When no web address is specified, it is obtained from the RADIUS VSA. NOTE: A profile does not have to be pre-existing in the switch for it to be configured to a user role.
Create and enter newly created user policy context. Usage Switch (config)# policy user employee [no] policy user Syntax [no] policy user <POLICYNAME> Description Delete and remove specified user policy from switch configuration. Operating notes Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• The user policy will include implicit “deny all” rules for both IPv4 and IPv6 traffic. • ipv4 or ipv6 classes must specify source address as any. Specifying host addresses or subnets will result in the following error message: Switch (policy-user)# class ipv4 class25 action priority 0 User policies cannot use classes that have a source IP address specified.
• The user role feature is enabled with RADIUS authentication, but no user role VSA is returned. • User role does not exist. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• Not enough TCAM resource available. • Access-Reject from RADIUS. • User role VSA is sent along with invalid attributes. • RADIUS not reachable. • VLAN configured on the user role does not exist. • Captive Portal profile does not exist. •...
Set the reauthentication period for the user role. Use [0] to disable reauthentication. For RADIUS-based authentication methods, it will override the RADIUS session timeout. It also overrides any port-based reauth- period configuration with the exception that LMA does not support a reauth-period. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Options <VALUE> Valid values are 0 – 999,999,999; a required configuration in user roles and it defaults to 0. (user-role)# reauth-period 100 Set the reauthentication value for the current user role: (user-role)# reauth-period 100 (user-role)# reauth-period 0 0 is used to disable reauthentication, and it is the default value. (user-role)# reauth-period 0 Validation rules Validation...
Applying a UDR UDR can be used to assign user roles locally (that is, without RADIUS). LMA has been extended to allow applying a user role to a MAC address, MAC group, MAC mask, or MAC OUI. aaa port-access local-mac apply user-role Syntax [no] aaa port-access local-mac apply user-role <Role-Name>...
Employee local Guest predefined denyall show user-role <ROLE-NAME> Switch# show user-role captivePortalwithVSA User Role Information Name : captivePortalwithVSA Type : local Reauthentication Period (seconds) : 0 Untagged VLAN : 610 Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Captive Portal Profile : use-radius-vsa Policy : cppolicy show user-role detailed The example shows how to configure user roles to use Clearpass as a Captive Portal. The Captive Portal URL is specified in a RADIUS VSA. Switch# show user-role captivePortalwithVSA detailed User Role Information Name : captivePortalwithVSA...
Page 600
Statements for policy "policyIxia1" policy user "policyIxia1" 10 class ipv4 "classIxia1" action rate-limit kbps 11000 exit Statements for class IPv4 "classIxia1" class ipv4 "classIxia1" 10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 exit Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 27 Port QoS Trust Mode Overview The Port QoS Trust feature restricts which packet QoS information may be used to determine inbound queue servicing and any priority information to be permitted into the local hop. Port QoS Trust Mode configuration allows preservation or removal of the inbound QoS priorities carried in Layer 2 (the VLAN cos or Priority CodePoint (PCP) value, known as the 802.1p priority tag) and/or in Layer 3 (the IP-ToS byte, in IP-Precedence or IP-Diffserv mode).
Description Shows port-based QoS trust configuration Options device Show list of trusted devices per-port. <port> Show trusted devices on a single port. Usage show qos trust [device | [ethernet <PORT-LIST> ] Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 603
show qos trust switch# show qos trust Port-based qos Trust Configuration Port Trust Mode | Device Trust State ---- --- ---- Default Default Device** | Trusted IP-Prec Dot1p None DSCP Device** Dot1p ** For a list of trusted devices per-port, use the command show qos trust device. To show trusted devices on a single port, use the command show qos trust device <PORT>.
QoS trust mode. QoS trust device when any port QoS The port QoS priority feature must be disabled priority is enabled. before configuring this port QoS trust mode. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 28 Tunneled node Overview The tunneled node feature encapsulates incoming packets from end-hosts in Generic Routing Encapsulation (GRE) and forwards them to a Mobility Controller for additional processing. The Mobility Controller strips the GRE header and processes the packet for authentication and stateful firewall, which enables centralized security policy, authentication, and access control.
Trying to delete the nonexisting profile. Record not found. Trying to delete the existing profile which is Cannot delete the tunneled node profile as applied on ports. one or more ports are using it. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
tunneled-node-server From within the interface context: Syntax [no] tunneled-node-server Description Apply the tunneled node server on the port. Options tunneled-node-server Apply the tunneled node server on the port. Usage [no] tunneled-node-server Validation rules Validation Error/Warning/Prompt If meshing is configured, tunneled node Cannot apply tunneled node profile on a port profile is not allow applied on a port.
Page 608
It is mutually exclusive. this port. Tunneled node profile cannot be applied on Cannot apply tunneled node profile on the the trunks. Trunks. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Validation Error/Warning/Prompt If DHCP Client is enabled on a VLAN, Cannot apply tunneled node profile on the tunneled node profile applied on the ports port because the port is part of the DHCP part of a VLAN is not allowed. It is mutually client enabled VLAN.
Configure the keepalive timeout for the tunneled node in seconds. Keepalive timeout seconds [1-40]. Default: 8 seconds. Options keepalive Configure the keepalive timeout for the tunneled node in seconds. backup-controller-ip From within the tunneled-node-profile context: Syntax [no] backup-controller-ip <IP-ADDR> Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Description Configure the backup controller IP address for the tunneled node. Options backup-controller-ip Configure the backup controller IP address for the tunneled node. Usage [no] backup-controller-ip <IP-ADDR> fallback-local-switching From within the interface context: Syntax fallback-local-switching Description To switch traffic locally upon losing connectivity to the controller, you must configure the fallback option before connectivity fails.
Options state Display the tunneled node port state. statistics Display the tunneled node statistics. show tunneled-node-server state Tunneled node Port State Active Controller IP Address Port State ------ ------------------------- Port down Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
The packets from nontunneled node ports (in the same VLAN as tunnel-node port) will not be bridged to the tunneled-node ports and conversely. Features not allowed on a tunneled node port/VLAN with tunneled node ports/globally: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Feature Blocked globally/per port/ VLAN with tunneled- node-ports IP multicast routing Global Openflow Global Q-in-Q Global Distributed Trunking Global Mesh Global VXLAN Global IP address: manual and dhcp VLAN 802.1x, mac auth, webauth, LMA, port port security DIPLD (IPv4/IPv6) port DSNOOP (IPv4/IPv6) VLAN ARP protect...
Minimum key-value length allowed is 10 characters and maximum allowed is 64 characters. Usage Switch(config)# papi-security key-value <KEY-VALUE> Switch(config)# [no] papi-security <KEY-VALUE> papi-security key-value HP-2920-24G(config)# papi-security key-value TestKey12345678 HP-2920-24G(config)# no papi-security key-value Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 617
HP-2920-24G(config)# papi-security key-value Test Minimum key-value length allowed is 10 characters and maximum allowed is 64 characters. show run with encrypted key Switch(config)# sh run Running configuration: ;J9576A Configuration Editor ;Created on release #KA.16.02.0000x ;Ver #0e:01.f0.92.34.5f.3c.6b.fb.ff.fd.ff.ff.3f.ef:78 ;encrypt-cred +NXT3w7ky2IXNXadlJblS/1ZRi/o73Qq28XXcLkSCZq9PU30Kl+KMLMva8rQri5g hostname "HP-3810-48G-4SFPP" module 1 type j9576y module 2 type j9576x encrypt-credentials...
Configure the maximum PoE power for the device port. poe-priority Configure the PoE priority for the device port. speed-duplex Configure the speed and duplex for the device port. tagged-vlan Configure this port as a tagged member of the specified Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 619
VLANs. untagged-vlan Configure this port as an untagged member of specified VLAN. Execute show run command to display the tunneled mode configuration in an enabled or disabled state: switch(config)# show run ; J9625A Configuration Editor; Created on release #KB.16.05.0000x ; Ver #0f:02.43.18.82.34.61.1c.28.f3.84.9c.63.ff.37.2f:da hostname "switch"...
Page 620
Configuration for device-profile : test untagged-vlan tagged-vlan : None ingress-bandwidth : 100% egress-bandwidth : 100% : None speed-duplex : auto poe-max-power : Class/LLDP poe-priority : critical allow-jumbo-frames : Disabled allow-tunneled-node: Enabled When tunneled-node is disabled: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 621
switch(config)# show device-profile config Device Profile Configuration Configuration for device-profile : default-ap-profile untagged-vlan tagged-vlan : None ingress-bandwidth : 100% egress-bandwidth : 100% speed-duplex : auto poe-max-power : Class/LLDP poe-priority : critical allow-jumbo-frames : Disabled allow-tunneled-node: Disabled Device Profile Configuration Configuration for device-profile : test untagged-vlan tagged-vlan : None...
Use the ‘show cable-diagnostics’ command to view the results. Continue (y/n)? Y switch# show cable-diagnostics 1/1-1/10 Cable Diagnostic Status - Copper Ports Cable Cable Length or Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 623
Port Pair Status Distance to Fault ---- ------ ----------- --------------------- 1/10 1-2 Good cable tests switch# test cable-diagnostics 51 This command will cause a loss of link on all tested ports and will take several seconds per port to complete. Use the 'show cable-diagnostics' command to view the results.
Page 624
Cable Diagnostic Status - Transceiver Ports Cable Distance Pair Pair Port Pair Status to Fault Skew Polarity Mode ---- ------ ----------- ---------- ------ ---------- ------ Open 0 ns Open 0 ns Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Open 0 ns Open 0 ns Error message Error Message Cause The transceiver on port 1/A1 • usage of invalid(fiber-SFP+) port does not support cable diagnostics. • The selected range includes an entry for an invalid port. show cable-diagnostics Syntax show cable-diagnostics <PORT-LIST>...
Page 626
– J9995A — Aruba 8-port 1/2.5/5/10GBASE-T PoE+ MACsec v3 zl2 Module ◦ 3810M (JL076A — Aruba 3810M 40G 8 HPE Smart Rate PoE+ 1-slot Switch) • Not supported on v2 zl modules • Valid only on 100BASE-TX and 1000BASE-T ports Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 30 Link Layer Discovery Protocol bypass authentication Overview The Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol in the Internet Protocol Suite used by Aruba network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired ethernet.
If lldp-bypass is enabled on the port: is configured on the port: Cannot apply mesh or manual trunks on the port A1 when lldp-bypass is enabled on that port. Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Validation Error/Warning/Prompt When MAC-lockdown is enabled on the If lldp-bypass is enabled on the port: port: Cannot apply MAC lock-enable on the port A1 when lldp-bypass is enabled on that port. Security Warning when enabling lldp- bypass on the port. Enabling lldp-bypass on the port may give access to any Aruba-AP that sends a special LLDP TLV without...
Syntax show port-access lldp-bypass config Description Displays the lldp-bypass configuration applied on all switch ports. show port-access lldp-bypass config switch#show port-access lldp-bypass config Port Access lldp-bypass Configuration Port Enabled ------ ---------- Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Stackable switch: show port-access lldp-bypass config switch(config)#show port-access lldp-bypass config Port Access lldp-bypass Configuration Port Enabled ------ ---------- 1/52 2/26 3/26 Error Log Event Message CLIERR_CANNOT_ENABLE_LLDP_BYPASS_MA lldp-bypass is not allowed on the port where MAC- C_LOCKDOWN_ENABLED lockdown is enabled. lldp-bypass cannot be enabled on a port with MAC lock-enabled.
0000:00:13:57.64 PSEC mPORTSECMCtrl: Received PROFMGR_DEVICE_CONNECTED event for 40e3d6-c6d492 on port A1. enabled port: When already connected Aruba-AP is 0000:00:13:07.96 PSEC mPORTSECMCtrl: Received PROFMGR_DEVICE_DISCONNECTED event for 40e3d6-c6d492 on port A1. disconnected/removed on lldp-bypass enabled port. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Chapter 31 Net-destination and Net-service Net-service Overview Net-service names are used as alias in defining ACL rules for defined lists. An alias of net-service will configure a list of hosts, networks, or subnets. Extended ACL can have both source IP, destination IP and port number along with protocol in its ACE. An alias- based ACE for an extended ACL therefore allows the use of an alias of net-service protocol and destination port.
The use of net-service will also restrict the operators that can be specified for port number to equalsand range. Example - extended HP-Switch-5406Rzl2(config)# ip access-list extended aext1 HP-Switch-5406Rzl2(config-ext-nacl)# Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
permit tcp host 10.100.12.1 gt 23 16.90.0.0 /16 range 200 400 HP-Switch-5406Rzl2(config-ext-nacl)# exit Limitations • Limited to IPv4 addresses per syntax. • Any changes made to an existing net-destination that is used by an ACL, will be applied on the ACL only when the rule is reapplied to it or when switch is rebooted.
Syntax show net-destination <NAME-STR> Description Show a host-specific net-destination. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
• For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: http://www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: http://www.hpe.com/support/hpesc Information to collect • Technical support registration number (if applicable) •...
Customer self repair Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at your convenience. Some parts do not qualify for CSR.
Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edition, and publication date located on the front cover of the document.
Appendix A Remote Device Deployment (TR-069) Remote Device Deployment (TR-069) Introduction TR-069 is a technical specification created by the Broadband Forum. The TR-069 protocol specifies client and server requirements to manage devices across the Internet by using a client server architecture to provide communication between the CPE (Customer Premises Equipment) and the ACS (Auto Configuration Server).
The zero-configuration mechanism is defined in the TR-069 specification. • TR-069 is suitable for large-scale device management. TR-069 support distributed architecture. The ACS can be distributed to multiple servers, each ACS can manage part of devices. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Zero-touch configuration process Auto configuration or “zero-touch” deployment is a recurring customer requirement, especially for remote-office deployments. New devices introduced inside a private network require management tools be co-located to configure them or update firmware, or require manual intervention to do configuration. TR-069 allows managing devices that reside in a private network via HTTP(S), enabling a new set of deployment and management models today, not possible using SNMP.
Page 644
In this example, the following steps to configure CPEs for a Campus Network environment. 1. Pre-configuration for all CPEs in BIMS. 2. CPEs get BIMS parameters from DHCP server. 3. CPEs initiate a connection to BIMS, then BIMS deploys the pre-configuration to CPEs. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 645
Zero-touch configuration for Branch networks In this example, the following steps to configure CPEs for a Branch network environment. 1. Create the basic configuration for your spoke device manually, using the username/password from ISP and BIMS URL. 2. The IPSec VPN configuration is generated by IVM and deployed by BIMS. 3.
Configure Auto Configuration Server (ACS) access. Configure Customer Premises Equipment (CPE) access. disable Disable the CPE WAN Management Protocol. NOTE: CWMP is automatically enabled. To conserve resources, reconfigure this setting using the cwmp disable command. enable Enable the CPE WAN Management Protocol. Syntax: [no] cwmp Configure Auto Configuration Server (ACS) access.
USERNAME-STR A username for ACS authentication (maximum length: 256 characters). CPE configuration Syntax: cwmp cpe password Configure the password used for authentication when the ACS connects to the switch. Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
username Configure the username used for authentication when the ACS connects to the switch. CPE password configuration When encrypt-credentials is on Syntax: cwmp cpe password encrypted-key An encrypted password generated with the 'encrypt-credentials' command. plaintext Configure the password used for authentication when the ACS connects to the switch. Syntax: cwmp cpe password encrypted-key ASCII-STR...
: Disconnected Data Transfer Status : None Last ACS Connection Time : Wed Apr 9 16:56:00 2014 Time to Next Connection : 00:00:36 When CWMP is disabled Syntax: show cwmp status Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
CWMP status CWMP Status CWMP Status : Disabled CWMP configuration show cwmp configuration CWMP Configuration CWMP Status : Disabled Event logging The TR-069 client offers some tools to diagnose problems: • System logging • Status/control commands System logging The CPE implements the following system log notification codes and sample messages: •...
W 11/19/13 08:06:13 04200 http: Upload of SourceFile to http://10.0.11.240:9876/path canceled because of inexistent file. Status/control commands The following commands help assess the general state of TR–069 and control the source of the ACS configuration record: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 653
Table 35: Status/control commands Command Result show cwmp status CWMP is Enabled ACS URL : https://16.93.62.32:9443 ACS URL is set by : Config ACS Username : bims Connection status : Disconnected Data transfer status : None Time of last successful connection : Thu Feb 20 01:16:59 2014 Interval upon to next connection : Null show cwmp...
Table 36: Switch management ports In band Out of band Networked Directly connected Networked Management interface Command line (CLI), Command line (CLI), Command line (CLI), menu, Web menu menu Communication plane Data plane Management plane Management plane Connection port Any data port Dedicated serial or USB Dedicated networked console port...
OOBM configuration commands can be issued from the global configuration context (config) or from a specific OOBM configuration context (oobm). Entering the OOBM configuration context from the general configuration context Syntax: oobm Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Enters the OOBM context from the general configuration context. Example: switch(config)# oobm HP Switch (oobm)# Enabling and disabling OOBM From the OOBM context: Syntax: enable disable From the general configuration context: Syntax: oobm enable oobm disable Enables or disables networked OOBM on the switch. OOBM is not compatible with a management VLAN.
Configuring an IPv4 address for the OOBM interface is similar to VLAN IP address configuration, but it is accomplished within the OOBM context. From the OOBM context: Syntax: [no] ip address [dhcp-bootp|ip-address/mask-length] From the general configuration context: Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Syntax: [no] oobm ip address [dhcp-bootp|ip-address/mask-length] Configures an IPv4 address for the switch's OOBM interface. You can configure an IPv4 address even when global OOBM is disabled; that address will become effective when OOBM is enabled. Example: HP Switch (oobm)# ip address 10.1.1.17/24 Configuring an OOBM IPv4 default gateway Configuring an IPv4 default gateway for the OOBM interface is similar to VLAN default gateway configuration, but it is accomplished within the OOBM context.
Syntax ipv6 nd ra router-preference {low | medium | high} no ipv6 nd ra router-preference Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Description Sets the router-preference configuration for communicating default router preferences from routers to hosts. Improves the ability of hosts to pick the appropriate router for an off-link destination by providing options at the operator level which set the router preference value as low, medium, or high. Depending on the router preference value set, the host receives the value as part of the IPv6 neighbor discovery router advertisement and chooses the best router for communication.
Description Shows the IPv6 service status for OOBM interfaces. Command context operator Example Shows the IPv6 service status for OOBM interfaces. switch# show oobm ipv6 Internet (IPv6) Service for OOBM Interface Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
IPv6 Status : Enabled IPv6 Default Gateway : 1000::2 Address Intf Member IP Config IP Address/Prefix Length Status Status ------ ---------- ------------------------------------------- --------- ------ Global manual 1000::1/64 Global autoconfig fe80::42a8:f0ff:fe9e:901/64 show oobm ipv6 (for stacked switches) Syntax show oobm ipv6 Description Shows the OOBM IPv6 interface for a stacked switch.
Default value is both for all servers. management and configuration Telnet: guide telnet-server [listen {<oobm | data | both>}] access security guide SSH: ip ssh [listen {<oobm | data | both>}] Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
management and configuration SNMP: guide snmp-server [listen {<oobm | data | both>}] management and configuration TFTP: guide tftp server [listen {<oobm | data | both>}] management and configuration HTTP: guide web-management [listen {<oobm | data | both>}] In all cases, show running-config displays the server configurations. Use the no form of the command to prevent the server from running on either interface.
Page 666
Assume that you are configuring the switch in the left-hand rack to communicate on both the data and management networks. You might do the following: • Configure an IP address on the data network. • Verify that out-of-band management is enabled. (It is enabled by default.) Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 667
• Configure an IP address on the management network. • Verify that the switch can communicate on both networks. The CLI commands that follow would accomplish those tasks. (The first time through the process you might easily make the omission shown near the end of the example.) switch 41# config switch 41(config)# vlan 1 switch 41(vlan-1)# ip address 10.1.129.7/20...
Multicast Filtering LLDP-MED Power over Ethernet (PoE and PoE+) Loop Protection Protocol Filters MAC Address Management RADIUS Authentication and Accounting Management VLAN RADIUS-Based Configuration Passwords and Password Clear Protection/include- credentials Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 669
Encrypted-password QoS: Strict-Priority Queuing Port Monitoring QoS: Turn on/off VLAN Precedence Port Status QoS: Egress Queue Rate-limiting Rate-Limiting Syslog System Parameters (hostname, Banner) System Information Front-panel-security Telnet Access DLDP Traffic/Security Filters OOBM VLAN Mirroring (1 static VLAN)/Port mirroring Switch interconnect Voice VLAN Airwave Controller IP configuration Web Authentication RADIUS Support...
Enhanced Web Authentication Internet Protocol High Availability HMAC-SHA1 Hash-based Message Authentication Code used with the SHA-1 cryptographic hash function. HTTP Hypertext Transfer Protocol HTTPS Secure Hypertext Transfer Protocol Identifier Internet Protocol Table Continued Aruba 2920 Management and Configuration Guide for ArubaOS-Switch 16.05...
Page 671
Acronym Definition The third, or routing, layer of the open systems interconnection (OSI) model. The network layer routes data to different LANs and Wide Area Networks (WANs) based on network addresses. Local Area Network Media Access Control MAFR MAC Authentication Failure Redirect Management Interface Specification Network Management System PVOS...
Need help?
Do you have a question about the Aruba 2920 and is the answer not in the manual?
Questions and answers