Page 2
SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice.
Page 3
Preface The H3C S3100V2-52TP documentation set includes 10 configuration guides, which describe the software features for the H3C S3100V2-52TP Switch Release 2101, and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
Page 4
Convention Description Asterisk marked braces enclose a set of required syntax choices separated by vertical { x | y | ... } * bars, from which you select at least one. Asterisk marked square brackets enclose optional syntax choices separated by vertical [ x | y | ...
Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support &...
Technical support customer_service@h3c.com http://www.h3c.com Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
Contents System maintenance and debugging ························································································································· 1 Ping·····················································································································································································1 Introduction ·······························································································································································1 Configuring ping ······················································································································································1 Ping configuration example ····································································································································1 Tracert ················································································································································································3 Introduction ·······························································································································································3 Configuring tracert ···················································································································································4 System debugging ····························································································································································5 Introduction to system debugging···························································································································5 Displaying debugging information·························································································································5 Configuring system debugging·······························································································································6 Ping and tracert configuration example ·························································································································7 NTP configuration ························································································································································...
Page 8
Classification of system information ···················································································································· 35 System information levels ····································································································································· 35 System information channels and output destinations······················································································· 35 Outputting system information by source module······························································································ 36 Default output rules of system information ·········································································································· 36 System information format···································································································································· 37 Configuring information center····································································································································· 40 Information center configuration task list ············································································································...
Page 9
RMON configuration ·················································································································································74 RMON overview ···························································································································································· 74 Introduction ···························································································································································· 74 Working mechanism ············································································································································· 74 RMON groups ······················································································································································· 74 Configuring the RMON statistics function ··················································································································· 76 Configuring the RMON Ethernet statistics function···························································································· 77 Configuring the RMON history statistics function ······························································································ 77 Configuring the RMON alarm function ·······················································································································...
Page 10
Traffic mirroring configuration example ····················································································································111 Traffic mirroring configuration example ···········································································································111 NQA configuration ················································································································································· 114 NQA overview ·····························································································································································114 NQA features ······················································································································································114 NQA concepts·····················································································································································116 NQA probe operation procedure ·····················································································································117 NQA configuration task list ········································································································································117 Configuring the NQA server ······································································································································118 Enabling the NQA client ·············································································································································118 Creating an NQA test group······································································································································119 Configuring an NQA test group ································································································································119 Configuring ICMP echo tests······························································································································119...
Page 11
Troubleshooting sFlow configuration ·························································································································161 IPC configuration····················································································································································· 162 IPC overview·································································································································································162 Node·····································································································································································162 Link ········································································································································································162 Channel ································································································································································162 Packet sending modes ········································································································································163 Enabling IPC performance statistics ···························································································································163 Displaying and maintaining IPC·································································································································164 Cluster management configuration ························································································································ 165 Cluster management overview ···································································································································165 Why cluster management···································································································································165 Roles in a cluster··················································································································································165 How a cluster works············································································································································166 Cluster management configuration task list···············································································································169 Configuring the management switch ·························································································································170...
Page 12
Logging in to the CLI of a slave from the master ······································································································189 Displaying and maintaining stack configuration ······································································································189 Stack configuration example ······································································································································189 CWMP configuration·············································································································································· 191 CWMP overview··························································································································································191 CWMP network framework································································································································191 Basic functions of CWMP ···········································································································································192 Automatic configuration file deployment ··········································································································192 CPE system file management ·····························································································································192 CPE status and performance monitoring···········································································································193 CWMP mechanism ······················································································································································193...
| -s packet-size | -t timeout ] * host [ -i interface-type interface-number ] NOTE: When configuring the ping command for a low-speed network, H3C recommends that you set a larger value for the timeout timer (indicated by the -t parameter in the command). Ping configuration example...
Page 14
Figure 1 Network diagram Configuration procedure # Use the ping command to display whether Device A and Device C can reach each other. <DeviceA> ping 1.1.2.2 PING 1.1.2.2: 56 data bytes, press CTRL_C to break Reply from 1.1.2.2: bytes=56 Sequence=1 ttl=254 time=205 ms Reply from 1.1.2.2: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms...
1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 --- 1.1.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/11/53 ms The principle of ping -r is as shown in...
Enable sending of ICMP timeout packets on the intermediate device (the device between the source • and destination devices). If the intermediate device is an H3C device, execute the ip ttl-expires enable command on the device. For more information about this command, see Layer 3—IP Services Command Reference.
Enable sending of ICMPv6 destination unreachable packets on the destination device. If the • destination device is an H3C device, execute the ipv6 unreachables enable command. For more information about this command, see Layer 3—IP Services Command Reference. Tracert configuration Follow the step below to configure tracert: To do…...
Figure 3 The relationship between the protocol and screen output switch Configuring system debugging Administrators usually use the debugging commands to diagnose network failure. However, output of the debugging information may reduce system efficiency. Therefore, when debugging is completed, disable the debugging function that was used, or use the undo debugging all command to disable all the debugging functions.
To do… Use the command… Remarks display debugging [ interface interface-type interface-number ] Optional Display the enabled [ module-name ] [ | { begin | debugging functions Available in any view exclude | include } regular-expression ] NOTE: You must configure the debugging, terminal debugging and terminal monitor commands before you can display the detailed debugging information on the terminal.
Page 20
* * * * * * * * * <DeviceA> The output shows that Device A and Device C cannot reach other, Device A and Device B can reach each other, and an error has occurred on the connection between Device B and Device C. In this case, use the debugging ip icmp command to enable ICMP debugging on Device A and Device C to check whether the devices send or receive the specified ICMP packets, or use the display ip routing-table command to display whether Device A and Device C can reach each other.
NTP configuration NTP overview Defined in RFC 1305, the Network Time Protocol (NTP) synchronizes timekeeping among distributed time servers and clients. NTP runs over the User Datagram Protocol (UDP), using UDP port 123. The purpose of using NTP is to keep consistent timekeeping among all clock-dependent devices within a network so that the devices can provide diverse applications based on the consistent time.
How NTP works Figure 5 shows the basic workflow of NTP. Device A and Device B are connected over a network. They have their own independent system clocks, which need to be automatically synchronized through NTP. Assume that: Prior to system clock synchronization between Device A and Device B, the clock of Device A is set •...
NTP message format NTP uses two types of messages: clock synchronization messages and NTP control messages. An NTP control message is used in environments where network management is needed. Because it is not essential for clock synchronization, it is not described in this document. NOTE: All NTP messages mentioned in this document refer to NTP clock synchronization messages.
Stratum: An 8-bit integer that indicates the stratum level of the local clock, with the value ranging • from 1 to 16. Clock precision decreases from stratum 1 through stratum 16. A stratum 1 clock has the highest precision. A stratum 16 clock is not synchronized. •...
Page 25
In client/server mode, a client can be synchronized to a server, but a server cannot be synchronized to a client. Symmetric peers mode Figure 8 Symmetric peers mode In symmetric peers mode: Devices that work in symmetric active mode and symmetric passive mode exchange NTP messages with the Mode field 3 (client mode) and 4 (server mode).
Clients listen to the broadcast messages from servers. When a client receives the first broadcast message, the client and the server start to exchange messages with the Mode field set to 3 (client mode) and 4 (server mode), to calculate the network delay between client and the server. Then the client enters broadcast client mode.
Configuring the operation modes of NTP Devices can implement clock synchronization in one of the following modes: Client/server mode • • Symmetric mode Broadcast mode • Multicast mode • For client/server mode or symmetric mode, you need to configure only clients or symmetric-active peers. For broadcast or multicast mode, you need to configure both servers and clients.
NOTE: In the ntp-service unicast-server command, ip-address must be a unicast address. It cannot be a • broadcast address, a multicast address or the IP address of the local clock. When the source interface for NTP messages is specified by the source-interface keyword, the source •...
Configuring a broadcast client To do… Use the command… Remarks Enter system view system-view — Required interface interface-type Enter VLAN interface view Enter the VLAN interface used to interface-number receive NTP broadcast messages. Configure the device to work in ntp-service broadcast-client Required NTP broadcast client mode Configuring the broadcast server...
To do… Use the command… Remarks ntp-service multicast-server Configure the device to work in [ ip-address ] Required NTP multicast server mode [ authentication-keyid keyid | ttl ttl-number | version number ] * NOTE: • A multicast server can synchronize broadcast clients only when its clock has been synchronized. You can configure up to 1024 multicast clients, among which 128 can take effect at the same time.
To do… Use the command… Remarks interface interface-type Enter VLAN interface view — interface-number Required Disable the interface from ntp-service in-interface disable An interface is enabled to receive receiving NTP messages NTP messages by default. Configuring the maximum number of dynamic sessions allowed To do…...
To do… Use the command… Remarks Enter system view system-view — Configure the NTP service ntp-service access { peer | query | Required access-control right for a peer server | synchronization } peer by default device to access the local device acl-number NOTE: The access-control right mechanism provides only a minimum level of security protection for a system...
Page 33
To do… Use the command… Remarks Required Enable NTP ntp-service authentication enable authentication Disabled by default Required Configure an NTP ntp-service authentication-keyid keyid authentication key authentication-mode md5 value No NTP authentication key by default Required Configure the key as ntp-service reliable authentication-keyid By default, no authentication key is a trusted key keyid...
Displaying and maintaining NTP To do… Use the command… Remarks Display information about NTP display ntp-service status [ | { begin | exclude | Available in any service status include } regular-expression ] view Display information about NTP display ntp-service sessions [ verbose ] [ | { begin Available in any sessions | exclude | include } regular-expression ]...
# Specify Device A as the NTP server of Device B so that Device B is synchronized to Device A. <DeviceB> system-view [DeviceB] ntp-service unicast-server 1.0.1.11 # View the NTP status of Device B after clock synchronization. [DeviceB] display ntp-service status Clock status: synchronized Clock stratum: 3 Reference clock ID: 1.0.1.11...
Page 36
Figure 12 Network diagram Device A 3.0.1.31/24 3.0.1.32/24 3.0.1.33/24 Device B Device C Configuration procedure Configure IP addresses for interfaces. (Details not shown) Configure Device B: # Specify Device A as the NTP server of Device B. <DeviceB> system-view [DeviceB] ntp-service unicast-server 3.0.1.31 View the NTP status of Device B after clock synchronization.
Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^18 Clock offset: -21.1982 ms Root delay: 15.00 ms Root dispersion: 775.15 ms Peer dispersion: 34.29 ms Reference time: 15:22:47.083 UTC Sep 19 2005 (C6D95647.153F7CED) The output shows that Device C has been synchronized to Device B and the clock stratum level of Device C is 4.
Page 38
Configure Device C: # Configure Device C to work in broadcast server mode and send broadcast messages through VLAN-interface 2. [DeviceC] interface vlan-interface 2 [DeviceC-Vlan-interface2] ntp-service broadcast-server Configure Device A: # Configure Device A to work in broadcast client mode and receive broadcast messages on VLAN-interface 2.
Configuring NTP multicast mode Network requirements As shown in Figure 14, Device C functions as the NTP server for multiple devices on different network segments and synchronizes the time among multiple devices as follows: Device C’s local clock is to be used as a reference source, with the stratum level of 2. •...
Page 40
Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.30 ms Reference time: 16:01:51.713 UTC Sep 19 2005 (C6D95F6F.B6872B02) As shown above, Device D has been synchronized to Device C, and the clock stratum level of Device D is 3, while that of Device C is 2.
Nominal frequency: 64.0000 Hz Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 40.00 ms Root dispersion: 10.83 ms Peer dispersion: 34.30 ms Reference time: 16:02:49.713 UTC Sep 19 2005 (C6D95F6F.B6872B02) As shown above, Device A has been synchronized to Device C, and the clock stratum level of Device A is 3, while that of Device C is 2.
[DeviceB] ntp-service unicast-server 1.0.1.11 authentication-keyid 42 Before Device B can synchronize its clock to that of Device A, enable NTP authentication for Device A. Perform the following configuration on Device A: # Enable NTP authentication. [DeviceA] ntp-service authentication enable # Set an authentication key. [DeviceA] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey # Specify the key as a trusted key.
Page 43
Figure 16 Network diagram Vlan-int2 3.0.1.31/24 Device C Vlan-int2 3.0.1.30/24 Device A Vlan-int2 3.0.1.32/24 Device B Configuration procedure Set the IP address for each interface as shown in Figure 16. (Details not shown) Configure Device A: # # Configure the Device A to work in the NTP broadcast client mode and receive NTP broadcast messages on VLAN-interface 2.
Page 44
Reference clock ID: 3.0.1.31 Nominal frequency: 64.0000 Hz Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.30 ms Reference time: 16:01:51.713 UTC Sep 19 2005 (C6D95F6F.B6872B02) # View the NTP session information of Device A, which shows that an association has been set up Device A and Device C.
Page 45
Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.30 ms Reference time: 16:01:51.713 UTC Sep 19 2005 (C6D95F6F.B6872B02) # View the NTP session information of Device B, which shows that an association has been set up between Device B and Device C.
Information center configuration Information center overview Introduction to information center The information center classifies and manages system information, offering powerful support for network administrators and developers to monitor network performance and troubleshoot network problems. The following describes the working process of information center: Receives the log, trap, and debugging information generated by each module.
NOTE: By default, the information center is enabled. The information center affects system performance to some degree due to information classification and output. The impact becomes more obvious when the information center processes large amounts of information. Classification of system information The system information of the information center is categorized into three types: Log information •...
Table 2 Information channels and output destinations Information Default channel Default output Description channel number name destination console Console Receives log, trap and debugging information. Receives log, trap and debugging information, monitor Monitor terminal facilitating remote maintenance. Receives log, trap and debugging information loghost Log host and information will be stored in files for future...
If the output destination is the log host, the system information is in one of the following formats: • H3C format <PRI>timestamp sysname %%vvmodule/level/digest: source content For example, if a log host is connected to the device, when a terminal logs in to the device, the following log information is displayed on the log host: <189>Oct...
Page 50
<186>Oct 13 16:48:08 2011 H3C 10IFNET/2/210231a64jx073000020: log_type=port;content=Line protocol on the interface Vlan-interface1 is DOWN. NOTE: • The closing set of angel brackets (< >), the space, the forward slash (/), and the colon are all required in the above format.
Page 51
IP address of the device that generates the system information. In other cases (when the system information is sent to a log host in the format of H3C, or sent to •...
This field indicates the source of the information. It is optional and is displayed only when the system information is sent to a log host in the format of H3C. This field takes one of the following values: •...
To do… Use the command… Remarks Optional Enable information center info-center enable Enabled by default Optional Name the channel with a info-center channel channel-number specified channel number name channel-name Table 2 for default channel names. Optional Configure the channel through which system info-center console channel By default, system information is output information can be output to...
To do… Use the command… Remarks Optional Enable information center info-center enable Enabled by default Optional Name the channel with a info-center channel channel-number specified channel number name channel-name Table 2 for default channel names. Optional Configure the channel through which system info-center monitor channel By default, system information is output to information can be output...
Set the format of the system Optional information sent to a log host info-center format unicom H3C by default. to UNICOM Required By default, the system does not output info-center loghost information to a log host. If you specify to...
To do… Use the command… Remarks Optional Configure the channel info-center trapbuffer [ channel through which system By default, system information is output information can be output { channel-number | channel-name } | to the trap buffer through channel 3 to the trap buffer and size buffersize ] * (known as trapbuffer) and the default...
Outputting system information to the SNMP module NOTE: The SNMP module accepts only the trap information; it discards log and debugging information even if you have configured to output them to the SNMP module. To monitor the device running status of the device, trap information is usually sent to the SNMP network management station system (NMS).
To do… Use the command… Remarks Name the channel with Optional info-center channel channel-number a specified channel name channel-name Table 2 for default channel names. number Configure the channel Optional through which system info-center syslog channel information can be By default, system information is output { channel-number | channel-name } output to the web to the web interface through channel 6.
To do… Use the command… Remarks Configure the maximum Optional info-center logfile size-quota storage space reserved for a size The default value is 2 MB. log file Optional Configure the directory to info-center logfile By default, the log file is saved in the root save the log file switch-directory dir-name directory of the flash.
Page 60
Saving security logs into the security log file With this feature enabled, when the system outputs the system information to a specified destination, it copies the security logs at the same time and saves them into the security log file buffer. Then, the system writes the contents of the security log file buffer into the security log file at a specified frequency (the security log administrator can trigger the saving of security logs into the log file manually).
Page 61
To do… Use the command… Remarks Optional By default, the directory to save the Change the directory where the info-center security-logfile security log file is the seclog security log file is saved switch-directory dir-name directory under the root directory of the storage medium.
NOTE: A port enabled with this feature does not output link up/down log information, and cannot be monitored conveniently. Therefore, H3C recommends that you use the default configuration in normal cases. Displaying and maintaining information center To do…...
To do… Use the command… Remarks Display the information about each display info-center [ | { begin | exclude | Available in any view output destination include } regular-expression ] display logbuffer [ reverse ] [ level severity | Display the state of the log buffer size buffersize | slot slot-number ] * [ | { begin | Available in any view and the log information recorded...
Page 65
# Disable the output of log, trap, and debugging information of all modules on channel loghost. [Sysname] info-center source default channel loghost debug state off log state off trap state off CAUTION: Because the default system configurations for different channels are different, you need to first disable the output of log, trap, and debugging information of all modules on the specified channel (loghost in this example) first.
Outputting log information to a Linux log host Network requirements • Send log information to a Linux log host with an IP address of 1.2.0.1/16; Log information with severity equal to or higher than informational will be output to the log host; •...
In the above configuration, local5 is the name of the logging facility used by the log host to receive logs. info is the information level. The Linux system will record the log information with severity level equal to or more severe than informational to file /var/log/Device/info.log. NOTE: Be aware of the following issues while editing file /etc/syslog.conf: Comments must be on a separate line and begin with the pound sign (#).
CAUTION: Because the default system configurations for different channels are different, you need to first disable the output of log, trap, and debugging information of all modules on the specified channel (console in this example). Then configure the output rule as needed so that unnecessary information will not be output. # Configure the information output rule.
Page 69
[Sysname-ui-vty0-15] quit Configuration performed by the security log administrator # Re-log in to the device as user seclog. C:/> telnet 1.1.1.1 ****************************************************************************** * Copyright (c) 2004-2011 Hangzhou H3C Tech. Co., Ltd. All rights reserved. * Without the owner's prior written consent,...
Page 70
* no decompiling or reverse-engineering shall be allowed. ****************************************************************************** Login authentication Username:seclog Password: <Sysname> # Display the summary of the security log file. <Sysname> display security-logfile summary Security-log is enabled. Security-log file size quota: 1MB Security-log file directory: flash:/seclog Alarm-threshold: 80% Current usage: 0% Writing frequency: 1 hour 0 min 0 sec The above information indicates that the directory for saving the security log file is flash:/seclog.
SNMP configuration SNMP overview The Simple Network Management Protocol (SNMP) is an Internet standard protocol widely used for a management station to access and operate the devices on a network, regardless of their vendors, physical characteristics and interconnect technologies. SNMP enables network administrators to read and set the variables on managed devices for state monitoring, troubleshooting, statistics collection, and other management purposes.
• Inform—The NMS sends alarms to other NMSs. SNMP protocol versions H3C supports SNMPv1, SNMPv2c, and SNMPv3. • SNMPv1 uses community names for authentication. To access an SNMP agent, an NMS must use the same community name as set on the SNMP agent. If the community name used by the NMS is different from the community name set on the agent, the NMS cannot establish an SNMP session to access the agent or receive traps and notifications from the agent.
Page 73
{ contact By default, the contact is Hangzhou Configure system information for sys-contact | location sys-location H3C Tech. Co.,Ltd., the physical the SNMP agent | version { all | { v1 | v2c | location is Hangzhou, China, and v3 }* } } the protocol version is SNMPv3.
By default, the contact is Hangzhou Configure system information sys-contact | location sys-location | H3C Tech. Co.,Ltd., the physical for the SNMP agent version { all |{ v1 | v2c | v3 }* } } location is Hangzhou, China, and the protocol version is SNMPv3.
To do… Use the command… Remarks Optional Configure the maximum size snmp-agent packet max-size By default, the SNMP agent can (in bytes) of SNMP packets for byte-count receive and send the SNMP the SNMP agent packets up to 1,500 bytes. NOTE: view-name oid-tree Each...
the NMS does not support 32-bit NM-specific ifindex values, make sure that NM-specific ifindex values on the device are 16-bit. By default, the device adopts the 16-bit NM-specific ifindex format. For example, you must use the 16-bit format when the device runs the version 5 or version 8 of NetStream, because the two NetStream versions reserve only 16 bits for the ifindex.
NOTE: Disable SNMP logging in normal cases to prevent a large amount of SNMP logs from decreasing device • performance. The total output size for the node field (MIB node name) and the value field (value of the MIB node) in •...
Configuring trap sending parameters Configuration prerequisites • Complete the basic SNMP settings and check that they are the same as on the NMS. If SNMPv1 or SNMPv2 is used, you must configure a community name. If SNMPv3 is used, you must configure an SNMPv3 user and MIB view.
Displaying and maintaining SNMP To do… Use the command… Remarks Display SNMP agent system display snmp-agent sys-info [ contact | information, including the contact, location | version ]* [ | { begin | Available in any view physical location, and SNMP exclude | include } regular-expression ] version display snmp-agent statistics [ | { begin...
Page 80
Figure 25 Network diagram Configuration procedure Configure the SNMP agent # Configure the IP address of the agent and make sure that the agent and the NMS can reach each other. (Details not shown) # Specify SNMPv1 and SNMPv2c, create a read-only community public, and a read and write community private.
1.1.1.1/2934 V1 Trap = authenticationFailure SNMP Version = V1 Community = public Command = Trap Enterprise = 1.3.6.1.4.1.43.1.16.4.3.50 GenericID = 4 SpecificID = 0 Time Stamp = 8:35:25.68 SNMPv3 configuration example Network requirements As shown in Figure 26, the NMS (1.1.1.2/24) uses SNMPv3 to monitor and manage the interface status of the agent (1.1.1.1/24).
Page 82
Configure the SNMP NMS • Specify SNMPv3. Create the SNMPv3 user managev3user. • Enable both authentication and privacy functions. • • Use MD5 for authentication and DES for encryption. Set the authentication key to authenkey and the privacy key to prikey. •...
SNMP logging configuration example Network requirements An SNMP agent (1.1.1.1/24) connects to an NMS (1.1.1.2/24) over Ethernet, as shown in Figure Configure the agent to log the SNMP operations performed by the NMS. Figure 27 Network diagram Configuration procedure NOTE: This configuration example assumes that you have configured all required SNMP settings for the NMS and the agent (see “SNMPv1/SNMPv2c configuration...
Page 84
Table 7 SNMP log message field description Field Description Jan 1 02:49:40:566 2011 Time when the SNMP log was generated. seqNO Serial number automatically assigned to the SNMP log, starting from 0. srcIP IP address of the NMS. SNMP operation type (GET or SET). node MIB node name and OID of the node instance.
MIB is under the enterprise ID 201 1. • In the H3C new MIB style, both the device public MIB and the private MIB are under the H3C’s enterprise ID 25506. These two styles of MIBs implement the same management function. Your device comes with a MIB loaded but the MIB style depends on the switch model.
RMON agent implementations only provide four groups of MIB information, alarm, event, history, and statistics. H3C devices provide the embedded RMON agent function. You can configure your device to collect and report traffic statistics, error statistics, and performance statistics.
Page 87
After the creation of a statistics entry on an interface, the statistics group starts to collect traffic statistics on the interface. The result of the statistics is a cumulative sum. History group The history group defines that the system periodically collects statistics of traffic information on an interface and saves the statistics in the history record table (ethernetHistoryTable) for query convenience of the management device.
Figure 28 Rising and falling alarm events Private alarm group The private alarm group calculates the values of alarm variables and compares the result with the defined threshold, thereby realizing a more comprehensive alarm function. The system handles the prialarm alarm table entry (as defined by the user) in the following ways: Periodically samples the prialarm alarm variables defined in the prialarm formula.
Configuring the RMON Ethernet statistics function Follow these steps to configure the RMON Ethernet statistics function: To do… Use the command… Remarks Enter system view system-view — Enter Layer 2 Ethernet port view interface interface-type interface-number — Create an entry in the RMON rmon statistics entry-number [ owner text ] Required statistics table...
Configuration procedure Follow these steps to configure the RMON alarm function: To do… Use the command… Remarks Enter system view system-view — rmon event entry-number [ description string ] { log | log-trap Create an event entry in log-trapcommunity | none | trap trap-community } [ owner Required the event table text ]...
To do… Use the command… Remarks Display the RMON history display rmon history [ interface-type control entry and history interface-number ] [ | { begin | exclude | include } Available in any view sampling information regular-expression ] Display RMON alarm display rmon alarm [ entry-number ] [ | { begin | Available in any view configuration information...
etherStatsFragments , etherStatsJabbers etherStatsCRCAlignErrors : 0 , etherStatsCollisions etherStatsDropEvents (insufficient resources): 0 Packets received according to length: : 235 65-127 : 67 128-255 256-511: 1 512-1023: 0 1024-1518: 0 • Perform SNMP Get operation on the NMS to obtain the value of the MIB node. History group configuration example Network requirements As shown in...
Perform SNMP Get operation on the NMS to obtain the value of the MIB node. • Alarm group configuration example Network requirements As shown in Figure 31, Agent is connected to a console terminal through its console port and to an NMS across Ethernet.
Page 95
<Sysname> display rmon alarm 1 AlarmEntry 1 owned by null is Valid. Samples type : delta Variable formula : 1.3.6.1.2.1.16.1.1.1.4.1<etherStatsOctets.1> Sampling interval : 5(sec) Rising threshold : 100(linked with event 1) Falling threshold : 50(linked with event 2) When startup enables : risingOrFallingAlarm Latest value # Display statistics for interface Ethernet 1/0/1.
Port mirroring configuration Introduction to port mirroring Port mirroring is the process of copying the packets passing through a port/CPU to the monitor port connecting to a monitoring device for packet analysis. Terminologies of port mirroring Mirroring source The mirroring source can be one or more monitored ports or the CPUs. Packets (called “mirrored packets”) passing through them are copied to a port connecting to a monitoring device for packet analysis.
NOTE: The reflector port is used to enable local mirroring to support multiple monitor ports. Port mirroring classification and implementation According to the locations of the mirroring source and the mirroring destination, port mirroring falls into local port mirroring and remote port mirroring. Local port mirroring In local port mirroring, the mirroring source and the mirroring destination are on the same device.
Page 98
Figure 33 Layer 2 remote port mirroring implementation Mirroring process in the device Eth1/0/1 Eth1/0/2 Source Destination device device Eth1/0/2 Eth1/0/1 Eth1/0/2 Eth1/0/1 Intermediate Remote probe Remote probe Eth1/0/1 Eth1/0/2 device VLAN VLAN Data monitoring Host device Original packets Source port Egress port Mirrored packets Monitor port...
Figure 34 Layer 3 remote port mirroring implementation The source device does the following: Sends one copy of packets received on the source port Ethernet 1/0/1 to the tunnel interface (serving as the monitor port in the local mirroring group created on the source device) Forwards them to the tunnel interface on the destination device through the Generic Routing Encapsulation (GRE) tunnel.
Task Remarks Using the remote probe VLAN to enable local mirroring to support Optional multiple monitor ports Creating a local mirroring group Follow these steps to create a local mirroring group: To do… Use the command… Remarks Enter system view system-view —...
NOTE: A mirroring group can contain multiple source ports. • On the S3100V2-52TP switch, each port, serving as a unidirectional or bidirectional source port, can be • added to up to two mirroring groups. Configuring source CPUs for the local mirroring group Follow these steps to configure source CPUs for a local mirroring group: To do…...
• VLAN, or enable the spanning tree feature on the monitor port. H3C recommends you use a monitor port for port mirroring only. This is to make sure that the data • monitoring device receives and analyzes only the mirrored traffic rather than a mix of mirrored traffic and normally forwarded traffic.
The reflector port of a remote source mirroring group must be an access port and belong to the default • VLAN, VLAN 1. H3C recommends that you configure an unused port as the reflector port of a remote source mirroring • group and disable STP on it.
If an intermediate device exists, allow the remote probe VLAN to pass through the intermediate device. NOTE: H3C recommends you not enable GARP VLAN Registration Protocol (GVRP). If GVRP is enabled, GVRP may register the remote probe VLAN to unexpected ports, resulting in undesired duplicates. For more Layer 2—LAN Switching Configuration Guide...
Page 105
NOTE: A mirroring group can contain multiple source ports. • On the S3100V2-52TP switch, each port, serving as a unidirectional or bidirectional source port, can be • added to up to two mirroring groups. •...
Page 106
Configuring the egress port in system view • Follow these steps to configure the egress port for the remote source group in system view: To do… Use the command… Remarks Enter system view system-view — Required mirroring-group group-id Configure the egress port for the monitor-egress By default, no egress port is configured for remote source group...
NOTE: A VLAN can serve for only one mirroring group. • When a VLAN is configured as a remote probe VLAN, you must remove the remote probe VLAN • configuration before deleting the VLAN. When you remove the configuration of a remote probe VLAN, an active mirroring group becomes •...
Page 108
To make sure that the mirroring function works properly, do not enable the spanning tree feature on the • monitor port. H3C recommends you use a monitor port only for port mirroring. This is to make sure that the data • monitoring device receives and analyzes only the mirrored traffic rather than a mix of mirrored traffic and normally forwarded traffic.
NOTE: For more information about the port access vlan, port trunk permit vlan, and port hybrid vlan Layer 2—LAN Switching Command Reference commands, see Configuring Layer 3 remote port mirroring Layer 3 remote port mirroring configuration task list To configure Layer 3 remote port mirroring, you must create a local mirroring group on the source device as well as on the destination device, and configure source ports/CPUs and the monitor port for each mirroring group.
NOTE: A mirroring group can contain multiple source ports. • On the S3100V2-52TP switch, each port, serving as a unidirectional or bidirectional source port, can be • added to up to two mirroring groups. Configuring source CPUs for a local mirroring group On the source device, configure the CPUs to be monitored as the source CPUs.
• monitor port. H3C recommends that you use a monitor port only for port mirroring. This is to make sure that the data • monitoring device receives and analyzes only the mirrored traffic rather than a mix of mirrored traffic and normally forwarded traffic.
Port mirroring configuration examples Local port mirroring configuration example Network requirements On the network shown in Figure Device A connects to the marketing department through Ethernet 1/0/1 and to the technical • department through Ethernet 1/0/2. It connects to the server through Ethernet 1/0/3. Configure local port mirroring in source port mode to enable the server to monitor the bidirectional •...
status: active mirroring port: Ethernet1/0/1 both Ethernet1/0/2 both mirroring CPU: monitor port: Ethernet1/0/3 After the configurations are completed, you can monitor all the packets received and sent by the marketing department and the technical department on the server. Local port mirroring with multiple monitor ports configuration example Network requirements As shown in...
# Create VLAN 10 and assign the three ports (Ethernet 3/0/1 through Ethernet 3/0/3) connecting the three data monitoring devices to VLAN 10. [SwitchA] vlan 10 [SwitchA-vlan10] port ethernet 3/0/1 to ethernet 3/0/3 [SwitchA-vlan10] quit # Configure VLAN 10 as the remote probe VLAN of remote source mirroring group 1. [SwitchA] mirroring-group 1 remote-probe vlan 10 Layer 2 remote port mirroring configuration example Network requirements...
Page 115
[DeviceA] mirroring-group 1 mirroring-port Ethernet 1/0/1 both [DeviceA] mirroring-group 1 monitor-egress Ethernet 1/0/2 # Configure output port Ethernet 1/0/2 as a trunk port to permit the packets of VLAN 2 to pass through, and disable the spanning tree feature on the port. [DeviceA] interface Ethernet 1/0/2 [DeviceA-Ethernet1/0/2] port link-type trunk [DeviceA-Ethernet1/0/2] port trunk permit vlan 2...
[DeviceC] mirroring-group 1 remote-probe vlan 2 [DeviceC] interface Ethernet 1/0/2 [DeviceC-Ethernet1/0/2] mirroring-group 1 monitor-port [DeviceC-Ethernet1/0/2] undo stp enable [DeviceC-Ethernet1/0/2] port access vlan 2 [DeviceC-Ethernet1/0/2] quit Verify the configurations After the configurations are completed, you can monitor all the packets received and sent by the marketing department on the server.
Page 117
[DeviceA-Tunnel0] destination 30.1.1.2 [DeviceA-Tunnel0] quit # Create service loopback group 1 and set the service type to tunnel. [DeviceA] service-loopback group 1 type tunnel # Add any port (Ethernet 1/0/3 for example) on the device to service loopback group 1. [DeviceA] interface Ethernet 1/0/3 [DeviceA-Ethernet1/0/3] undo stp enable [DeviceA-Ethernet1/0/3] port service-loopback group 1...
Page 118
[DeviceC] interface tunnel 0 [DeviceC-Tunnel0] service-loopback-group 1 [DeviceC-Tunnel0] quit # Configure two static routes. [DeviceC] ip route-static 10.1.1.0 255.255.255.0 30.1.1.1 [DeviceC] ip route-static 20.1.1.0 255.255.255.0 30.1.1.1 # Create local mirroring group 1. [DeviceC] mirroring-group 1 local # Configure Ethernet 1/0/1 as a source port and Ethernet 1/0/2 as the monitor port of local mirroring group 1.
Traffic mirroring configuration Introduction to traffic mirroring Traffic mirroring copies the specified packets to the specified destination for packet analyzing and monitoring. It is implemented through QoS policies. In other words, you define traffic classes and configure match criteria to classify packets to be mirrored and then configure traffic behaviors to mirror packets that fit the match criteria to the specified destination.
To do… Use the command… Remarks Required traffic classifier tcl-name [ operator Create a class and enter class view { and | or } ] By default, no traffic class exists. Required Configure match criteria if-match match-criteria By default, no match criterion is configured in a traffic class.
Configuring a QoS policy Follow these steps to configure a QoS policy: To do… Use the command… Remarks Enter system view system-view — Required Create a policy and enter policy qos policy policy-name view By default, no policy exists. Required Associate a class with a traffic classifier tcl-name behavior By default, no traffic behavior is...
To do… Use the command… Remarks Enter system view system-view — qos vlan-policy policy-name vlan Apply a QoS policy to a VLAN Required vlan-id-list { inbound | outbound } NOTE: ACL and QoS Command Reference For more information about the qos vlan-policy command, see Apply a QoS policy globally You can apply a QoS policy globally to mirror the traffic in a specified direction on all ports.
Remote source mirroring group configuration: configure a remote source mirroring group on the • source device, and configure the destination port in traffic mirroring (that is, Port A) as the egress port. For the detailed configuration procedure, see the chapter “Port mirroring configuration.” NOTE: You should specify an arbitrary port as the source port.
Page 124
Figure 39 Network diagram Configuration procedure Monitor the traffic sent by the technology department to access the Internet. # Create ACL 3000 to allow packets from the technology department (on subnet 192.168.2.0/24) to access the Internet. <DeviceA> system-view [DeviceA] acl number 3000 [DeviceA-acl-adv-3000] rule permit tcp source 192.168.2.0 0.0.0.255 destination-port eq [DeviceA-acl-adv-3000] quit # Create traffic class tech_c, and configure the match criterion as ACL 3000.
Page 125
# Create ACL 3001 to allow packets sent from the technology department (on subnet 192.168.2.0/24) to the marketing department (on subnet 192.168.1.0/24). [DeviceA] acl number 3001 [DeviceA-acl-adv-3001] rule permit source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 time-range work [DeviceA-acl-adv-3001] quit # Create traffic class mkt_c, and configure the match criterion as ACL 3001. [DeviceA] traffic classifier mkt_c [DeviceA-classifier-mkt_c] if-match acl 3001 [DeviceA-classifier-mkt_c] quit...
NQA configuration NQA overview Network Quality Analyzer (NQA) can perform various types of tests and collect network performance and service quality parameters such as delay jitter, time for establishing a TCP connection, time for establishing an FTP connection, and file transfer rate. With the NQA test results, you can diagnose and locate network faults, be aware of network performance in time and take proper actions to correct any problems.
Page 127
The application module takes actions when the tracked object changes its state. • The following describes how a static route is monitored through collaboration. NQA monitors the reachability to 192.168.0.88. When 192.168.0.88 becomes unreachable, NQA notifies the track module of the change. The track module notifies the state change to the static routing module The static routing module sets the static route as invalid.
NOTE: The counting for the average or accumulate threshold type is performed per test, but the counting for the consecutive type is performed since the test group is started. Triggered actions The following actions may be triggered: none—NQA only records events for terminal display; it does not send trap information to the •...
During an ICMP echo or UDP echo test, one probe operation means sending an ICMP echo request • or a UDP packet. • During an SNMP test, one probe operation means sending one SNMPv1 packet, one SNMPv2C packet, and one SNMPv3 packet. NQA client and server A device with NQA test groups configured is an NQA client, and the NQA client initiates NQA tests.
Task Remarks Creating an NQA test group Required Configuring ICMP echo tests Configuring DHCP tests Configuring DNS tests Configuring FTP tests Configuring HTTP tests Required Configuring an NQA test group Configuring UDP jitter tests Use any of the approaches. Configuring SNMP tests Configuring TCP tests Configuring UDP echo tests Configuring voice tests...
To do… Use the command… Remarks Enter system view system-view — Optional Enable the NQA client nqa agent enable Enabled by default. Creating an NQA test group Create an NQA test group before you configure NQA tests. Follow theses steps to create an NQA test group: To do…...
To do… Use the command… Remarks Optional By default, no source interface is configured for probe packets. source interface The requests take the IP address of the Configure the source interface for interface-type source interface as their source IP address ICMP echo requests interface-number when no source IP address is specified.
To do… Use the command… Remarks nqa entry admin-name Enter NQA test group view — operation-tag Configure the test type as type dhcp Required DHCP, and enter test type view Required operation interface By default, no interface is configured to Specify an interface to perform interface-type perform DHCP tests.
NOTE: A DNS test simulates the domain name resolution. It does not save the mapping between the domain name and the IP address. Configuring FTP tests FTP tests of an NQA test group are used to test the connection between the NQA client and an FTP server and the time required for the FTP client to transfer a file to or download a file from the FTP server.
To do… Use the command… Remarks “Configuring Configure optional parameters optional parameters for Optional an NQA test group” NOTE: file-name When you execute the put command, the NQA client creates a file named of fixed size on the • file-name FTP server.
To do… Use the command… Remarks Optional Configure the HTTP version used in http-version v1.0 HTTP tests By default, HTTP 1.0 is used. “Configuring optional Configure optional parameters parameters for an NQA Optional test group” NOTE: The TCP port must be port 80 on the HTTP server for NQA HTTP tests. Configuring UDP jitter tests NOTE: Do not perform NQA UDP jitter tests on known ports, ports from 1 to 1023.
Page 137
To do… Use the command… Remarks Required By default, no destination IP address is Configure the destination address configured. destination ip ip-address of UDP packets The destination IP address must be the same as that of the listening service on the NQA server.
Configuring SNMP tests SNMP tests of an NQA test group are used to test the time the NQA client takes to send an SNMP packet to the SNMP agent and receive a response. Configuration prerequisites Before you start SNMP tests, enable the SNMP agent function on the device that serves as an SNMP agent.
To do… Use the command… Remarks Enter system view system-view — Enter NQA test group nqa entry admin-name — view operation-tag Configure the test type as TCP, and enter test type type tcp Required view Required Configure the destination By default, no destination IP address is configured. address of TCP probe destination ip ip-address The destination address must be the same as the IP...
To do… Use the command… Remarks Required By default, no destination IP address is Configure the destination configured. destination ip ip-address address of UDP packets The destination address must be the same as the IP address of the listening service configured on the NQA server.
Page 141
Calculated Planning Impairment Factor (ICPIF)—Measures impairment to voice quality in a VoIP • network. It is decided by packet loss and delay. A higher value represents a lower service quality. • Mean Opinion Scores (MOS)—A MOS value can be evaluated by using the ICPIF value, in the range of 1 to 5.
To do… Use the command… Remarks Optional Configure the size of the By default, the probe packet size depends on the data field in each probe data-size size codec type. The default packet size is 172 bytes for packet G.711A-law and G.711 μ-law codec type, and 32 bytes for G.729 A-law codec type.
To do… Use the command… Remarks Required Configure the destination destination ip ip-address By default, no destination IP address is address of probe packets configured. Optional By default, no source IP address is specified. Configure the source IP source ip ip-address The source IP address must be the IP address of a address of probe packets local interface.
Page 144
Configuring threshold monitoring Follow these steps to configure threshold monitoring: To do… Use the command… Remarks Enter system view system-view — Enter NQA test group view nqa entry admin-name operation-tag — Enter test type view of the test type { dhcp | dlsw | dns | ftp | http | icmp-echo —...
NOTE: NQA DNS tests do not support the action of sending trap messages. The action to be triggered in DNS • tests can only be the default one, none. Only the test-complete keyword is supported for the reaction trap command in a voice test. •...
The configuration task also allows you to configure the following elements: • Lifetime of the history records—The records are removed when the lifetime is reached. The maximum number of history records that can be saved in a test group—If the number of history •...
To do… Use the command… Remarks Optional By default, the interval between two Configure the interval consecutive tests for a test group is 0 between two consecutive frequency interval milliseconds. Only one test is performed. tests for a test group If the last test is not completed when the interval specified by the frequency command is reached, a new test does not start.
To do… Use the command… Remarks Enter system view system-view — Required nqa schedule admin-name operation-tag start-time now specifies the test group starts testing Configure a schedule for { hh:mm:ss [ yyyy/mm/dd ] immediately. an NQA test group | now } lifetime { lifetime | forever specifies that the tests do not stop unless forever } you use the undo nqa schedule command.
Page 149
Figure 42 Network diagram Device C 10.1.1.2/24 10.2.2.1/24 NQA client 10.1.1.1/24 10.2.2.2/24 10.3.1.1/24 10.4.1.2/24 Device A Device B 10.3.1.2/24 10.4.1.1/24 Device D Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other. # Create an ICMP echo test group, and specify 10.2.2.2 as the destination IP address for ICMP echo requests to be sent.
# Stop the ICMP echo tests after a period of time. [DeviceA] undo nqa schedule admin test # Display the results of the last ICMP echo test. [DeviceA] display nqa result admin test NQA entry (admin admin, tag test) test results: Destination IP address: 10.2.2.2 Send operation times: 10 Receive response times: 10...
Configuration procedure # Create a DHCP test group, and specify interface VLAN-interface 2 to perform NQA DHCP tests. <DeviceA> system-view [DeviceA] nqa entry admin test [DeviceA-nqa-admin-test] type dhcp [DeviceA-nqa-admin-test-dhcp] operation interface vlan-interface 2 # Enable the saving of history records. [DeviceA-nqa-admin-test-dhcp] history-record enable [DeviceA-nqa-admin-test-dhcp] quit # Start DHCP tests.
Page 152
Figure 44 Network diagram DNS server NQA client 10.1.1.1/16 10.2.2.2/16 IP network Device A Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other. # Create a DNS test group. <DeviceA> system-view [DeviceA] nqa entry admin test [DeviceA-nqa-admin-test] type dns # Specify the IP address of the DNS server 10.2.2.2 as the destination address for DNS tests, and specify the domain name that needs to be translated as host.com.
NQA entry (admin admin, tag test) history record(s): Index Response Status Time Succeeded 2011-01-10 10:49:37.3 FTP test configuration example Network requirements As shown in Figure 45, configure NQA FTP tests to test the connection with a specific FTP server and the time required for Device A to upload a file to the FTP server.
NQA entry (admin admin, tag test) test results: Destination IP address: 10.2.2.2 Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 173/173/173 Square-Sum of round trip time: 29929 Last succeeded probe time: 2011-01-22 10:07:28.6 Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0...
# Configure HTTP tests to visit website /index.htm. [DeviceA-nqa-admin-test-http] url /index.htm # Configure the HTTP version 1.0 to be used in HTTP tests. (Version 1.0 is the default version, and this step is optional.) [DeviceA-nqa-admin-test-http] http-version v1.0 # Enable the saving of history records. [DeviceA-nqa-admin-test-http] history-record enable [DeviceA-nqa-admin-test-http] quit # Start HTTP tests.
Page 156
Figure 47 Network diagram Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other. Configure Device B. # Enable the NQA server, and configure a listening service to listen to IP address 10.2.2.2 and UDP port 9000.
Page 157
Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 UDP-jitter results: RTT number: 10 Min positive SD: 4 Min positive DS: 1 Max positive SD: 21 Max positive DS: 28 Positive SD number: 5...
[DeviceB] snmp-agent sys-info version all [DeviceB] snmp-agent community read public [DeviceB] snmp-agent community write private Configure Device A. # Create an SNMP test group, and configure SNMP packets to use 10.2.2.2 as their destination IP address. <DeviceA> system-view [DeviceA] nqa entry admin test [DeviceA-nqa-admin-test] type snmp [DeviceA-nqa-admin-test-snmp] destination ip 10.2.2.2 # Enable the saving of history records.
Page 160
Figure 49 Network diagram Configuration procedure NOTE: Before you make the configuration, make sure the devices can reach each other. Configure Device B. # Enable the NQA server, and configure a listening service to listen to IP address 10.2.2.2 and TCP port 9000.
Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 # Display the history of TCP tests. [DeviceA] display nqa history admin test NQA entry (admin admin, tag test) history record(s): Index Response...
# Start UDP echo tests. [DeviceA] nqa schedule admin test start-time now lifetime forever # Stop UDP echo tests after a period of time. [DeviceA] undo nqa schedule admin test # Display the results of the last UDP echo test. [DeviceA] display nqa result admin test NQA entry (admin admin, tag test) test results: Destination IP address: 10.2.2.2...
Page 163
# Enable the NQA server, and configure a listening service to listen to IP address 10.2.2.2 and UDP port 9000. <DeviceB> system-view [DeviceB] nqa server enable [DeviceB] nqa server udp-echo 10.2.2.2 9000 Configure Device A. # Create a voice test group. <DeviceA>...
Page 164
Negative SD number: 255 Negative DS number: 259 Negative SD sum: 759 Negative DS sum: 1796 Negative SD average: 2 Negative DS average: 6 Negative SD square sum: 53655 Negative DS square sum: 1691776 One way results: Max SD delay: 343 Max DS delay: 985 Min SD delay: 343 Min DS delay: 985...
Max SD delay: 359 Max DS delay: 985 Min SD delay: 0 Min DS delay: 0 Number of SD delay: 4 Number of DS delay: 4 Sum of SD delay: 1390 Sum of DS delay: 1079 Square sum of SD delay: 483202 Square sum of DS delay: 973651 SD lost packet(s): 0 DS lost packet(s): 0...
[DeviceA] display nqa result admin test NQA entry (admin admin, tag test) test results: Destination IP address: 10.2.2.2 Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 19/19/19 Square-Sum of round trip time: 361 Last succeeded probe time: 2011-01-22 10:40:27.7 Extended results: Packet loss in test: 0% Failures due to timeout: 0...
Page 167
On Device A, create an NQA test group. # Create an NQA test group with the administrator name being admin and operation tag being test. [DeviceA] nqa entry admin test # Configure the test type of the NQA test group as ICMP echo. [DeviceA-nqa-admin-test] type icmp-echo # Configure ICMP echo requests to use 10.2.1.1 as their destination IP address.
Page 168
[DeviceB] interface vlan-interface 3 [DeviceB-Vlan-interface3] undo ip address # On Device A, display information about all the track entries. [DeviceA] display track all Track ID: 1 Status: Negative Notification delay: Positive 0, Negative 0 (in seconds) Reference object: NQA entry: admin test Reaction: 1 # Display brief information about active routes in the routing table on Device A.
sFlow configuration sFlow overview Introduction to sFlow Sampled Flow (sFlow) is a traffic monitoring technology mainly used to collect and analyze traffic statistics. As shown in Figure 54, the sFlow system involves an sFlow agent embedded in a device and a remote sFlow collector.
IP address. ipv6-address } sFlow agent NOTE: • H3C recommends configuring an IP address manually for the sFlow agent. • Only one IP address can be specified for the sFlow agent on the device.
To do… Use the command… Remarks Enter Layer 2 Ethernet interface interface interface-type — view interface-number Optional sflow sampling-mode Set the Flow sampling mode { determine | random } random by default. Required Set the interval for flow sampling sflow sampling-rate interval Not set by default.
Page 172
Enable sFlow (including flow sampling and counter sampling) on Ethernet1/0/1 to monitor traffic on the port. The device sends sFlow packets through Ethernet1/0/3 to the sFlow collector, which analyzes the sFlow packets and displays results. Figure 55 Network diagram Configuration procedure Configure the sFlow agent and sFlow collector # Configure the IP address of vlan-interface 1 on Device as 3.3.3.1/16.
IPC configuration IPC overview Inter-Process Communication (IPC) is a reliable communication mechanism among processing units, typically CPUs. It is typically used on a distributed device or in an IRF fabric to provide reliable inter-card or inter-device transmission. The following are the basic IPC concepts. Node An IPC node is an independent IPC-capable processing unit, typically, a CPU.
Figure 56 Relationship between a node, link and channel Packet sending modes IPC supports three packet sending modes: unicast, multicast (broadcast is considered as a special multicast), and mixcast, each having a queue. The upper layer application modules can select a packet sending mode as needed.
Cluster management configuration Cluster management overview Why cluster management Cluster management is an effective way to manage large numbers of dispersed network switches in groups. Cluster management offers the following advantages: Saves public IP address resources. You do not have to assign one public IP address for every cluster •...
Figure 57 Network diagram As shown in Figure 57, the switch configured with a public IP address and performing the management function is the management switch, the other managed switches are member switches, and the switch that does not belong to any cluster but can be added to a cluster is a candidate switch. The management switch and the member switches form the cluster.
Page 179
Specifies the candidate switches of the cluster based on the collected information. • The management switch adds or deletes a member switch and modifies cluster management configuration according to the candidate switch information collected through NTDP. Introduction to NDP NDP is used to discover the information about directly connected neighbors, including the switch name, software version, and connecting port of the adjacent switches.
Page 180
collection request on the first NTDP-enabled port. • Except for its first port, each of a switch’s NTDP-enabled ports wait for a period of time, and then forward the NTDP topology collection request after the previous port forwards it. Cluster management maintenance Adding a candidate switch to a cluster You should specify the management switch before creating a cluster.
receives handshake or management packets from the management switch; otherwise, it changes its state to Disconnect. • If communication between the management switch and a member switch is recovered, the member switch which is in Disconnect state will be added to the cluster, and the state of the member switch locally and on the management switch will be changed to Active.
Task Remarks Manually collecting topology information Optional Enabling the cluster function Optional Establishing a cluster Required Enabling management VLAN auto-negotiation Required Configuring communication between the management switch Optional and the member switches within a cluster Configuring cluster management protocol packets Optional Cluster member management Optional...
NOTE: H3C recommends that you disable NDP on a port which connects with the switches that do not need to join the cluster. This prevents the management switch from adding and collecting topology information from switches which do not need to joint the cluster.
To do… Use the command… Remarks Enter Ethernet interface view or interface interface-type — Layer 2 aggregate interface view interface-number Optional Enable NTDP for the port ntdp enable NTDP is enabled on all ports by default. NOTE: HP recommends that you disable NTDP on a port which connects with the switches that do not need to join the cluster.
Manually collecting topology information The management switch collects topology information periodically after a cluster is created. In addition, you can manually start topology information collection on the management switch or NTDP-enabled switch, thus managing and monitoring switches in real time, regardless of whether a cluster is created. Follow these steps to configure to manually collect topology information: To do…...
To do… Use the command… Remarks Enter cluster view cluster — Required Configure the private IP address range ip-pool ip-address { mask | for member switches mask-length } Not configured by default. Manually establish Required build cluster-name a cluster Establish a Use either approach cluster Automatically...
Configuring communication between the management switch and the member switches within a cluster In a cluster, the management switch and member switches communicate by sending handshake packets to maintain connection between them. You can configure interval of sending handshake packets and the holdtime of a switch on the management switch.
To do… Use the command… Remarks Required The destination MAC address is 0180-C200-000A by default. The following are the configurable MAC Configure the destination addresses: MAC address for cluster cluster-mac mac-address management protocol • 0180-C200-0000 packets • 0180-C200-000A • 0180-C200-0020 through 0180-C200-002F •...
Rebooting a member switch To do… Use the command… Remarks Enter system view system-view — Enter cluster view cluster — reboot member { member-number | Reboot a specified member switch Required mac-address mac-address } [ eraseflash ] Configuring the member switches Enabling NDP ”Enabling NDP globally and for specific ports.”...
To do… Use the command… Remarks cluster switch-to { member-number | Switch from the operation interface of the mac-address mac-address | sysname Required management switch to that of a member switch member-sysname } Switch from the operation interface of a member cluster switch-to administrator Required switch to that of the management switch...
Topology management whitelist (standard topology): A whitelist is a list of topology information • that has been confirmed by the administrator as correct. You can get the information of a node and its neighbors from the current topology. Based on the information, you can manage and maintain the whitelist by adding, deleting or modifying a node.
Member switches send their log information to the management switch The management switch converts the addresses of log information and sends them to the log host. After you configure an NM host for a cluster, the member switches in the cluster send their Trap •...
To do… Use the command… Remarks Enter cluster view cluster — cluster-snmp-agent community Configure the SNMP community { read | write } community-name Required name shared by a cluster [ mib-view view-name ] cluster-snmp-agent group v3 group-name [ authentication | Configure the SNMPv3 group privacy ] [ read-view read-view ] Required...
NOTE: If a cluster is dismissed or the member switches are removed from the whitelist, the configurations of web user accounts are still retained. Displaying and maintaining cluster management To do… Use the command… Remarks Display NDP configuration display ndp [ interface interface-list ] [ | { begin | information exclude | include } regular-expression ] Display NTDP configuration...
Page 195
Add the switch whose MAC address is 000f-e201-0013 to the blacklist. • Figure 60 Network diagram Configuration procedure Configure the member switch Switch A # Enable NDP globally and for port Ethernet 1/0/1. <SwitchA> system-view [SwitchA] ndp enable [SwitchA] interface ethernet 1/0/1 [SwitchA-Ethernet1/0/1] ndp enable [SwitchA-Ethernet1/0/1] quit # Enable NTDP globally and for port Ethernet 1/0/1.
Page 196
[SwitchB-Ethernet1/0/3] ndp enable [SwitchB-Ethernet1/0/3] quit # Configure the period for the receiving switch to keep NDP packets as 200 seconds. [SwitchB] ndp timer aging 200 # Configure the interval to send NDP packets as 70 seconds. [SwitchB] ndp timer hello 70 # Enable NTDP globally and for ports Ethernet 1/0/2 and Ethernet 1/0/3.
Page 197
(Please confirm in 30 seconds, default No). (Y/N) # Enable management VLAN auto-negotiation. [abc_0.SwitchB-cluster] management-vlan synchronization enable # Configure the holdtime of the member switch information as 100 seconds. [abc_0.SwitchB-cluster] holdtime 100 # Configure the interval to send handshake packets as 10 seconds. [abc_0.SwitchB-cluster] timer 10 # Configure the FTP Server, TFTP Server, Log host and SNMP host for the cluster.
Stack configuration This chapter includes these sections: Stack configuration overview • Stack configuration task list • Configuring the master device of a stack • • Configuring stack ports of a slave device Logging in to the CLI of a slave from the master •...
Establishing a stack An administrator can establish a stack as follows: Configure a private IP address pool for a stack and create the stack on the network device which is • desired to be the master device. • Configure ports between the stack devices as stack ports. The master device automatically adds the slave devices into the stack, and assigns a number for •...
Configuring stack ports On the master device, configure ports that connect to slave devices as stack ports. Follow the steps below to configure stack ports: To do… Use the command… Remarks Enter system view system-view — Required Configure the specified ports as stack stack-port stack-port-num By default, a port is not a stack stack ports...
Logging in to the CLI of a slave from the master In a stack, you can log in to the CLI of a slave device from the master device and perform configurations for the slave device. Follow the step below to log in to the CLI of a slave device from the master device: To do…...
Page 202
# Display stack information of the stack members on Switch A. <stack_0.SwitchA> display stack members Number Role : Master Sysname : stack_0. SwitchA Switch type: H3C S3100V2-52TP MAC address: 000f-e200-1000 Number Role : Slave Sysname : stack_1. SwitchB Device type: H3C S3100V2-52TP...
CWMP to remotely configure, manage, and maintain the switches in batches in the data center network. The switch support the CWMP protocol. When starting up for the first time to access the network, an H3C switch functions as a CPE and automatically downloads the configuration file from the ACS. Compared...
ACS—Auto-configuration server. An ACS delivers configurations to CPEs and provides • management services to CPEs. In this document, ACS refers to the server installed with the H3C iMC branch intelligent management system (iMC BIMS). DNS server—Domain name system server. An ACS and a CPE use URLs to identify and access each •...
CPE status and performance monitoring An ACS can monitor the parameters of a CPE connected to it. Different CPEs have different performances and functionalities. Therefore the ACS must be able to identify each type of CPE and monitor the current configuration and configuration changes of each CPE.
The CPE can send connection requests either periodically or at the specified time to the ACS. The ACS can initiate a connection request to the CPE at any time, and can establish a connection with the CPE after passing CPE authentication. Configuration parameter deployment When a CPE logs in to an ACS, the ACS can automatically apply some configurations to the CPE for it to perform auto configuration.
Reboot—This method is used by an ACS to reboot a CPE remotely when the CPE encounters a • failure or software upgrade is needed. Active and standby ACS switchover The following example illustrates how an active and standby ACS switchover is performed. The scenario: There are two ACSs, active and standby in an area.
CPE, the DHCP server sends the ACS parameters in DHCP Option 43 to the CPE. If the DHCP server is an H3C switch that supports DHCP Option 43, you can configure the ACS parameters at the CLI with the command option 43 hex 01length URL username password, where •...
NOTE: For more information about DHCP, DHCP Option 43, the option command, DHCP address pool Layer 3—IP Services Configuration Guide configuration, and DNS server configuration, see Configuring the DNS server On the DNS server, you need to bind the URL address to the IP address of the ACS server to make sure that CPEs can obtain the IP address of the ACS through the DNS function.
Follow these steps to enable CWMP: To do… Use the command… Remarks Enter system view system-view — Enter CWMP view cwmp — Optional Enable CWMP cwmp enable By default, CWMP is enabled. Configuring the ACS server ACS server information includes ACS URL, username and password. The ACS server information is included in the connection request when the CPE sends a connection request to the ACS.
To do… Use the command… Remarks Optional You can specify a username without a password that is used in the authentication. If so, the Configure the ACS password for cwmp acs password password configuration on the ACS and that connection to the ACS on the CPE must be the same.
Configuring the CWMP connection interface A CWMP connection interface is an interface that connects a CPE to the ACS. The CPE sends an Inform message carrying the IP address of the CWMP connection interface, and asks the ACS to establish a connection through this IP address;...
To do… Use the command… Remarks Required Configure the CPE to send an By default, the time is null, that is, Inform message at the specified cwmp cpe inform time time the CPE is not configured to send time an Inform message at a specific time.
CWMP configuration example NOTE: Before configuring the ACS server, make sure that the H3C iMC BIMS software is installed on the server. Along with software updates, the BIMS functions and web interface may change. If your web interface is different from that in this example, see the user manual came with your server.
Table 11 Switches deployed in two equipment rooms Equipment room Switch Serial ID DeviceA 210235AOLNH12000008 DeviceB 210235AOLNH12000010 DeviceC 210235AOLNH12000015 DeviceD 210235AOLNH12000017 DeviceE 210235AOLNH12000020 DeviceF 210235AOLNH12000022 The network administrator has created two configuration files sys.a.cfg and sys_b.cfg for the switches in the two rooms.
Page 216
Figure 67 Add CPE authentication user page Set the username, password, and description, and then click OK. # Add a device group and a device class. In this example, add DeviceA to the Device_A class of the DB_1 group. Click the Resource tab, and select Group Management > Device Group from the navigation tree to enter the device group page.
Page 217
Figure 69 Add device class page After setting the class name, click OK. # Select Add Device from the navigation tree to enter the page for adding a device. Figure 70 Add device page Input the device information and click OK.
Page 218
Figure 71 Adding device succeeded Repeat the previous steps to add information about DeviceB and DeviceC to the ACS server, and the adding operation of switches in equipment room A is completed. # Bind different configuration files to different CPE groups to realize auto-deployment. Select Deployment Guide from the navigation tree.
Page 219
Figure 73 Auto deploy configuration page # Click Select Class and enter the page for selecting device type.
Page 220
Figure 74 Select a device class # Select the Device_A device class and click OK. After that, the auto deploy configuration page is displayed. Click OK to complete the task. Figure 75 Deploying task succeeded Configuration of the switches in room B is the same as that of the switches in room A except that you need to perform the following configuration: •...
Page 221
Configure the DHCP server NOTE: In this example, the DHCP server is an H3C switch supporting the Option 43 function. If your DHCP server is not an H3C switch supporting the Option 43 function, see the user manual came with your server.
Page 222
Figure 76 Device interaction log page Packets received according to length: 65-127 : 413 128-255 : 35 256-511: 0 512-1023: 0 1024-1518: 0 You can now query alarm events on the NMS. On the monitored device, alarm event messages are displayed when events occur.
Index A B C D E H I L N O P R S T Configuring the member switches,177 Configuring the NQA server,1 18 Adding a candidate switch to a cluster,178 Configuring the NQA statistics collection function,133 Alarm group configuration example,82 Configuring the operation modes of NTP,15...
Page 224
Information center overview,34 Introduction to port mirroring,84 RMON overview,74 Introduction to traffic mirroring,107 overview,162 Setting the MIB style,73 sFlow configuration example,159 Logging in to the CLI of a slave from the master,189 sFlow overview,157 SNMP configuration examples,67 SNMP configuration task list,60 NQA configuration examples,136...
Need help?
Do you have a question about the S3100V2-52TP and is the answer not in the manual?
Questions and answers