HP 5500 EI & 5500 SI Switch Series Network Management and Monitoring Configuration Guide Part number: 5998-1722 Software version: Release 2220 Document version: 6W100-20130810...
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Contents Using ping, tracert, and system debugging ··············································································································· 1 Ping ····················································································································································································· 1 Using a ping command to test network connectivity ···························································································· 1 Ping example ···························································································································································· 1 Tracert ················································································································································································ 3 Prerequisites ······························································································································································ 4 Using a tracert command to identify failed or all nodes in a path ····································································· 5 ...
Page 4
Configuring NTP broadcast mode ······················································································································· 27 Configuring NTP multicast mode ························································································································· 28 Configuring NTP client/server mode with authentication ················································································· 31 Configuring NTP broadcast mode with authentication ····················································································· 32 Configuring the information center ··························································································································· 36 Overview ········································································································································································· 36 ...
Page 5
Configuration guidelines ······································································································································ 67 Configuration procedure ······································································································································ 67 Configuring SNMP logging ·········································································································································· 68 Configuring SNMP traps ··············································································································································· 68 Enabling SNMP traps ··········································································································································· 68 Configuring the SNMP agent to send traps to a host ······················································································· 69 ...
Page 6
Configuring traffic mirroring ·································································································································· 105 Introduction to traffic mirroring ··································································································································· 105 Traffic mirroring configuration task list ······················································································································ 105 Configuring match criteria ·········································································································································· 105 Configuring traffic mirroring of different types ········································································································· 106 Mirroring traffic to a port ··································································································································· 106 ...
Page 7
Configuring the history records saving function ······································································································· 133 Configuring optional parameters for an NQA test group ······················································································· 134 Configuring a schedule for an NQA test group ······································································································· 135 Configuration prerequisites ································································································································ 135 Configuration guidelines ···································································································································· 136 ...
Page 8
Configuring PoE ······················································································································································ 166 Overview ······································································································································································· 166 PoE configuration task list ··········································································································································· 166 Enabling PoE for a PoE interface ································································································································ 167 Detecting PDs ································································································································································ 168 Enabling the PSE to detect nonstandard PDs ··································································································· 168 Configuring a PD disconnection detection mode ····························································································...
Page 9
Manually collecting topology information ········································································································ 189 Enabling the cluster function ······························································································································ 189 Deleting a member switch from a cluster ·········································································································· 189 Toggling between the CLIs of the management switch and a member switch ······················································ 189 Adding a candidate switch to a cluster ····················································································································· 190 ...
Page 10
Configuration procedure ···································································································································· 216 Verifying the configuration on the ACS server ································································································· 222 Support and other resources ·································································································································· 224 Contacting HP ······························································································································································ 224 Subscription service ············································································································································ 224 Related information ······················································································································································ 224 Documents ···························································································································································· 224 ...
-vpn-instance vpn-instance-name ] * host [ -i interface-type interface-number ] IMPORTANT: When you configure the ping command for a low-speed network, HP recommends that you set a larger value for the timeout timer (indicated by the -t keyword in the command). Ping example...
Figure 1 Network diagram Test procedure # Use the ping command on Device A to test connectivity to Device C. <DeviceA> ping 1.1.2.2 PING 1.1.2.2: 56 data bytes, press CTRL_C to break Reply from 1.1.2.2: bytes=56 Sequence=1 ttl=254 time=205 ms Reply from 1.1.2.2: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms...
1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 --- 1.1.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/11/53 ms The test procedure with the ping –r command (see...
Enable sending of ICMP timeout packets on the intermediate devices (the devices between the source and destination devices). If the intermediate devices are HP devices, execute the ip ttl-expires enable command on the devices. For more information about this command, see Layer...
• Enable sending of ICMP destination unreachable packets on the destination device. If the destination device is an HP device, execute the ip unreachables enable command. For more information about this command, see Layer 3—IP Services Command Reference. If there is an MPLS network between the source and destination devices and you need to display the •...
• Screen output switch—Controls whether to display the debugging information on a certain screen. As shown in Figure 3, assume that the device can provide debugging for the three modules 1, 2, and 3. The debugging information can be output on a terminal only when both the protocol debugging switch and the screen output switch are turned on.
Step Command Remarks Optional. The terminal monitoring on the Enable the terminal console is enabled by default and monitoring of system terminal monitor the terminal monitoring on the information. monitoring terminal is disabled by default. Available in user view. Disabled by default. Enable the terminal display of terminal debugging debugging information.
Page 18
Use the tracert command to identify failed nodes: # Enable sending of ICMP timeout packets on Device B. <DeviceB> system-view [DeviceB] ip ttl-expires enable # Enable sending of ICMP destination unreachable packets on Device C. <DeviceC> system-view [DeviceC] ip unreachables enable # Execute the tracert command on Device A.
Configuring NTP The term Layer 3 Ethernet port refers to route-mode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). Overview NTP is typically used in large networks to dynamically synchronize time among network devices.
• The local clock of this Switch Series cannot operate as a reference clock. It can serve as an NTP server only after it is synchronized. • NTP supports access control and MD5 authentication. NTP can unicast, multicast, or broadcast protocol messages. •...
• When the NTP message leaves Device B, Device B timestamps it. The timestamp is 1 1:00:02 am (T3). • When Device A receives the NTP message, the local time of Device A is 10:00:03 am (T4). Up to now, Device A can calculate the following parameters based on the timestamps: The roundtrip delay of NTP message: Delay = (T4–T1) –...
• VN (Version Number)—A 3-bit version number that indicates the version of NTP. The latest version is version 4. • Mode—A 3-bit code that indicates the operation mode of NTP. This field can be set to these values: 0—Reserved. 1—Symmetric active. 2—Symmetric passive.
Page 23
client/server or symmetric peers mode, a device is synchronized from the specified server or peer, so clock reliability is enhanced. Client/server mode Figure 7 Client/server mode Client Server Network Automatically works in client/server mode and Clock synchronization (Mode3) sends a reply Performs clock filtering and message selection, and synchronizes its...
Page 24
two devices can synchronize, or be synchronized by, each other. If the clocks of both devices have been synchronized, the device whose local clock has a lower stratum level synchronizes the other device. Broadcast mode Figure 9 Broadcast mode In broadcast mode, a server periodically sends clock synchronization messages to broadcast address 255.255.255.255, with the Mode field in the messages set to 5 (broadcast mode).
listening to multicast messages, and synchronizes its local clock based on the received multicast messages. In symmetric peers mode, broadcast mode, and multicast mode, the client (or the symmetric active peer) and the server (the symmetric passive peer) can operate in the specified NTP operation mode only after they exchange NTP messages with the Mode field 3 (client mode) and the Mode field 4 (server mode).
Step Command Remarks By default, no NTP server is specified. Only the HP 5500 EI supports the vpn-instance keyword. ntp-service unicast-server [ vpn-instance vpn-instance-name ] In this command, the ip-address { ip-address | server-name } argument must be a unicast...
Step Command Remarks By default, no symmetric-passive peer is specified. Only the HP 5500 EI supports the vpn-instance keyword. The ip-address argument must be a unicast address, rather than a broadcast address, a multicast ntp-service unicast-peer [ vpn-instance vpn-instance-name ]...
VLAN interface-number You can configure an Ethernet port interface view. as a Layer 3 Ethernet port only on the HP 5500 EI switch. A broadcast server can Configure the device to ntp-service broadcast-server synchronize broadcast clients only...
Step Command Remarks ntp-service multicast-server Configure the device to A multicast server can synchronize [ ip-address ] operate in NTP multicast broadcast clients only when its [ authentication-keyid keyid | ttl server mode. clock has been synchronized. ttl-number | version number ] * Configuring optional parameters This section explains how to configure the optional parameters of NTP.
VLAN as a Layer 3 Ethernet port only on interface-number interface view. the HP 5500 EI switch. Disable the interface from By default, an interface is enabled ntp-service in-interface disable receiving NTP messages. to receive NTP messages.
Step Command Remarks Enter system view. system-view Configure the Differentiated Service Code Point (DSCP) ntp-service dscp dscp-value The default setting is 16. value for NTP messages. Configuring access-control rights From the highest to lowest, the NTP service access-control rights are peer, server, synchronization, and query.
Step Command Remarks Configure the NTP service ntp-service access { peer | query | access-control right for a peer server | synchronization } The default is peer. device to access the local acl-number device. Configuring NTP authentication Enable NTP authentication for a system running NTP in a network where there is a high security demand. NTP authentication enhances network security by using client-server key authentication, which prohibits a client from synchronizing with a device that fails authentication.
Enter Layer 3 Ethernet port interface interface-type as a Layer 3 Ethernet port only on view or VLAN interface view. interface-number the HP 5500 EI switch. • Broadcast server mode: You can associate a non-existing ntp-service broadcast-server key with an NTP server. To enable...
Task Command Remarks Display brief information display ntp-service trace [ | { begin | about the NTP servers from the exclude | include } Available in any view. local device back to the regular-expression ] primary reference source. NTP configuration examples This section provides configuration examples for NTP.
Clock status: synchronized Clock stratum: 3 Reference clock ID: 1.0.1.11 Nominal frequency: 64.0000 Hz Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 1.05 ms Peer dispersion: 7.81 ms Reference time: 14:53:27.371 UTC Sep 19 2005 (C6D94F67.5EF9DB22) The output shows that Device B has synchronized to Device A because it has a higher stratum than Device A.
Page 36
Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure Device B: # Specify Device A as the NTP server of Device B. <DeviceB> system-view [DeviceB] ntp-service unicast-server 3.0.1.31 Display the NTP status of Device B after clock synchronization. [DeviceB] display ntp-service status Clock status: synchronized Clock stratum: 3...
[DeviceC] display ntp-service sessions source reference stra reach poll now offset delay disper ******************************************************************************** [12345] 3.0.1.32 3.0.1.31 -6.4 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured Total associations : The output shows that an association has been set up between Device B and Device C. Configuring NTP broadcast mode Network requirements •...
<SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ntp-service broadcast-client Configure Switch B: # Configure Switch B to operate in broadcast client mode and receive broadcast messages on VLAN-interface 2. <SwitchB> system-view [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ntp-service broadcast-client Switch A and Switch B get synchronized upon receiving a broadcast message from Switch C. # Take Switch A as an example.
Page 39
NOTE: In this example, Switch B must be a Layer 3 switch that supports multicast routing. Figure 14 Network diagram Configuration procedure Set the IP address for each interface as shown in Figure 14. (Details not shown.) Configure Device C: # Configure Device C to operate in multicast server mode and send multicast messages through VLAN-interface 2.
Page 40
Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.30 ms Reference time: 16:01:51.713 UTC Sep 19 2005 (C6D95F6F.B6872B02) The output shows that Device D has synchronized to Device C because it has a higher stratum than Device C. # Display NTP session information for Device D.
Nominal frequency: 64.0000 Hz Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 40.00 ms Root dispersion: 10.83 ms Peer dispersion: 34.30 ms Reference time: 16:02:49.713 UTC Sep 19 2005 (C6D95F6F.B6872B02) The output shows that Device A has synchronized to Device C because it has a higher stratum than Device C.
[DeviceB] ntp-service unicast-server 1.0.1.11 authentication-keyid 42 Before Device B can synchronize to Device A, enable NTP authentication for Device A. Configure Device A: # Enable NTP authentication. [DeviceA] ntp-service authentication enable # Set an authentication key. [DeviceA] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey # Specify the key as a trusted key.
Page 43
Figure 16 Network diagram Configuration procedure Set the IP address for each interface as shown in Figure 16. (Details not shown.) Configure Device A: # Configure the Device A to operate in NTP broadcast client mode and receive NTP broadcast messages on VLAN-interface 2.
Page 44
Clock stratum: 4 Reference clock ID: 3.0.1.31 Nominal frequency: 64.0000 Hz Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.30 ms Reference time: 16:01:51.713 UTC Sep 19 2005 (C6D95F6F.B6872B02) The output shows that Device A has synchronized to Device C because it has a higher stratum than Device C.
Page 45
Clock status: synchronized Clock stratum: 4 Reference clock ID: 3.0.1.31 Nominal frequency: 64.0000 Hz Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.30 ms Reference time: 16:01:51.713 UTC Sep 19 2005 (C6D95F6F.B6872B02) The output shows that Device B has synchronized to Device C because it has a higher stratum than Device C.
Configuring the information center This chapter describes how to configure the information center. Overview The information center collects and classifies system information as follows: Receives system information including log, trap, and debug information from source modules. • • Outputs the information to different information channels, according to output rules. Outputs information to different destinations, based on channel-to-destination associations.
By default, the information center is enabled. It affects system performance to some degree when it is processing large amounts of information. If the system resources are insufficient, disable the information center to save resources. Classification of system information System information is divided into the following types: •...
Table 2 Information channels and output destinations Information Default channel Default output Description channel number name destination console Console Receives log, trap and debug information. Receives log, trap and debug information, monitor Monitor terminal facilitating remote maintenance. Receives log, trap and debug information and loghost Log host information will be stored in files for future...
Table 3 Default output rules for different output destinations Trap Debug Source Destination modules State Severity State Severity State Severity supported Console Enabled Informational Enabled Debug Enabled Debug modules Monitor supported Enabled Informational Enabled Debug Enabled Debug terminal modules Log host supported Enabled Informational...
Page 50
<189>Oct 9 14:59:04 201 MyDevice %%10SHELL/5/SHELL_LOGIN(l): • HP format: VTY logged in from 192.168.1.21 <PRI>timestamp • UNICOM format: Sysname %%vvmodule/level <186>Oct 13 16:48:08 201 1 HP /digest: source content Log host 10IFNET/2/210231a64jx073000020: • UNICOM format: log_type=port;content=Vlan-interface1 <PRI>timestamp Sysname link status is DOWN.
Page 51
IP address of the device that generates the system information. If the system information is sent to other destinations, or is sent to a log host in the HP format, the •...
Page 52
UNICOM. source This optional field identifies the source of the information. It is displayed only when the system information is sent to a log host in HP format. It can take one of the following values: IRF member ID •...
FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Information center configuration task list Task Remarks Outputting system information to the console...
Step Command Remarks Optional. Configure the timestamp info-center timestamp { debugging By default, the timestamp format for format. | log | trap } { boot | date | none } log, trap and debug information is date. Return to user view. quit Enable system Optional.
{ date | information output to a iso | no-year-date | none } date by default. log host. Set the format of the Optional. system information sent info-center format unicom to a log host to HP by default. UNICOM.
Otherwise, the log host cannot local-number ] * receive system information. Only the HP 5500 EI switches support the vpn-instance keyword. Outputting system information to the trap buffer The trap buffer only receives trap information, and discards log and debug information.
To output system information to the log buffer: Step Command Remarks Enter system view. system-view Optional. Enable the information info-center enable center. Enabled by default. Name the channel Optional. info-center channel channel-number with a specified name channel-name Table 2 for default channel names. channel number.
Managing security logs and the security log file Security logs are very important for locating and troubleshooting network problems. Generally, security logs are output together with other logs. It is difficult to identify security logs among all logs. To solve this problem, you can save security logs into a security log file without affecting the current log output rules.
Step Command Remarks Optional. Enable the information info-center enable center. Enabled by default. Enable the saving of the info-center security-logfile security logs into the Disabled by default. enable security log file. Set the interval for saving Optional. info-center security-logfile security logs to the frequency freq-sec The default saving interval is 600 seconds.
Page 61
Security sha1 | sha1-96 } | prefer-kex Command Reference. { dh-group-exchange | dh-group1 | Only the HP 5500 EI switches dh-group14 } | prefer-stoc-cipher { 3des | support the vpn-instance aes128 | des } | prefer-stoc-hmac { md5 | keyword.
Enabling synchronous information output The output of system logs interrupts ongoing configuration operations, and you have to find the previously input commands before the logs. Synchronous information output can show the previous input after log output and a command prompt in command editing mode, or a [Y/N] string in interaction mode so you can continue your operation from where you were stopped.
Step Command Remarks By default, all interfaces generate Disable the interface from link up and link down logging generating link up or link undo enable log updown information when the interface down logging information. state changes. Displaying and maintaining information center Task Command Remarks...
Page 64
Configuration procedure Before the configuration, make sure the device and the log host can reach each other. Configure the device: # Enable the information center. <Sysname> system-view [Sysname] info-center enable # Specify the host 1.2.0.1/16 as the log host. Use channel loghost to output log information (optional, loghost by default), and use local4 as the logging facility.
Display the process ID of syslogd, kill the syslogd process and then restart syslogd by using the –r option to make the modified configuration take effect. # ps -ae | grep syslogd # kill -HUP 147 # syslogd -r & Now, the system can record log information into the log file.
# mkdir /var/log/Device # touch /var/log/Device/info.log Edit the file /etc/syslog.conf and add the following contents. # Device configuration messages local5.info /var/log/Device/info.log In this configuration, local5 is the name of the logging facility that the log host uses to receive logs. The information level is info.
# Use channel console to output log information to the console. (This step is optional because it is the default setting.) [Sysname] info-center console channel console # To avoid outputting unnecessary information, disable the output of log, trap, and debug information of all modules on channel console.
Configuration considerations The configuration in this example includes two parts: Log in to the device as the system administrator: Enable saving the security logs into the security log file and set the saving interval to one hour. Create a local user seclog with the password 123123123123, and authorize this user as the security log administrator.
Page 69
C:/> telnet 1.1.1.1 ****************************************************************************** * Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** Login authentication Username:seclog Password: <Sysname> # Display the summary of the security log file. <Sysname>...
Page 70
%@158 Nov 2 16:12:01:750 2011 Sysname SHELL/5/SHELL_LOGIN:Console logged in from aux0. The content of other logs is not shown.
Configuring SNMP This chapter provides an overview of the Simple Network Management Protocol (SNMP) and guides you through the configuration procedure. Overview SNMP is an Internet standard protocol widely used for a management station to access and operate the devices on a network, regardless of their vendors, physical characteristics and interconnect technologies. SNMP enables network administrators to read and set the variables on managed devices for state monitoring, troubleshooting, statistics collection, and other management purposes.
The device supports only traps. SNMP protocol versions HP supports SNMPv1, SNMPv2c, and SNMPv3. An NMS and an SNMP agent must use the same SNMP version to communicate with each other. SNMPv1—Uses community names for authentication. To access an SNMP agent, an NMS must use •...
SNMP configuration task list Task Remarks Configuring SNMP basic parameters Required. Switching the NM-specific interface index format Optional. Configuring SNMP logging Optional. Configuring SNMP traps Optional. Configuring SNMP basic parameters SNMPv3 differs from SNMPv1 and SNMPv2c in many ways. Their configuration procedures are described in separate sections.
Step Command Remarks Optional. By default, the MIB view ViewDefault is predefined and its OID is 1. Each view-name oid-tree pair snmp-agent mib-view { excluded | represents a view record. If you Create or update a MIB view. included } view-name oid-tree specify the same record with [ mask mask-value ] different MIB subtree masks...
Page 75
Step Command Remarks Enter system view. system-view Optional. By default, the SNMP agent is disabled. You can also enable the SNMP Enable the SNMP agent service by using any snmp-agent agent. command that begins with snmp-agent except for the snmp-agent calculate-password and snmp-agent ifmib long-ifindex enable commands.
Figure 24 32-bit NM-specific ifindex Offset Interface Type Slot ID Chassis ID Offset—This field is 16 bits long and distinguishes different interfaces of the same type on the same interface card. Interface type—This field is 7 bits long and contains the enumerated value specific to the interface type.
Configuring SNMP logging IMPORTANT: Disable SNMP logging in normal cases to prevent a large amount of SNMP logs from decreasing device performance. The SNMP logging function logs Get requests, Set requests, and Set responses, but does not log Get responses. •...
The v1 and v2c keywords are [ vpn-instance vpn-instance-name ] supported only in non-FIPS mode. params securityname Only the HP 5500 EI switches security-string [ v1 | v2c | v3 support the vpn-instance keyword. [ authentication | privacy ] ] Optional.
Task Command Remarks display snmp-agent group [ group-name ] [ | Display SNMP group information. { begin | exclude | include } Available in any view. regular-expression ] Display basic information about display snmp-agent trap queue [ | { begin | Available in any view.
Page 82
# Specify SNMPv1 and SNMPv2c, and create a read-only community public and a read and write community private. <Agent> system-view [Agent] snmp-agent sys-info version v1 v2c [Agent] snmp-agent community read public [Agent] snmp-agent community write private # Configure contact and physical location information for the agent. [Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306 [Agent] snmp-agent sys-info location telephone-closet,3rd-floor # Enable SNMP traps, set the NMS at 1.1.1.2 as an SNMP trap destination, and use public as the...
SNMPv3 configuration example Network requirements As shown in Figure 26, the NMS (1.1.1.2/24) uses SNMPv3 to monitor and manage the interface status of the agent (1.1.1.1/24), and the agent automatically sends traps to report events to the NMS. The NMS and the agent perform authentication when they set up an SNMP session. The authentication algorithm is MD5 and the authentication key is authkey.
Use MD5 for authentication and DES for encryption. Set the authentication key to authkey and the privacy key to prikey. Set the timeout time and maximum number of retries. For information about configuring the NMS, see the NMS manual. NOTE: The SNMP settings on the agent and the NMS must match.
Page 85
Figure 27 Network diagram Configuration procedure This example assumes you have configured all required SNMP settings for the NMS and the agent (see "SNMPv1/SNMPv2c configuration example" or "SNMPv3 configuration example"). # Enable displaying log messages on the configuration terminal. (This function is enabled by default. Skip this step if you are using the default.) <Agent>...
Page 86
Field Description srcIP IP address of the NMS. SNMP operation type (GET or SET). node MIB node name and OID of the node instance. errorIndex Error index, with 0 meaning no error. errorStatus Error status, with noError meaning no error. Value set by the SET operation.
RMON groups Among the RFC 2819 defined RMON groups, HP implements the statistics group, history group, event group, and alarm group supported by the public MIB. HP also implements a private alarm group, which enhances the standard alarm group.
Ethernet statistics group The statistics group defines that the system collects traffic statistics on interfaces (only Ethernet interfaces are supported) and saves the statistics in the Ethernet statistics table (ethernetStatsTable). The interface traffic statistics include network collisions, CRC alignment errors, undersize/oversize packets, broadcasts, multicasts, bytes received, and packets received.
Figure 28 Rising and falling alarm events Private alarm group The private alarm group calculates the values of alarm variables and compares the results with the defined threshold for a more comprehensive alarming function. The system handles the private alarm entry (as defined by the user) in the following ways: •...
You can configure multiple history control entries for one interface, but must make sure their entry numbers and sampling intervals are different. On the HP 5500 SI switch, up to 100 history entries can be created. On the HP 5500 EI switch, up •...
Configuring the RMON alarm function Follow these guidelines when you configure the RMON alarm function: To send traps to the NMS when an alarm is triggered, configure the SNMP agent as described in • "Configuring SNMP" before configuring the RMON alarm function. If the alarm variable is a MIB variable defined in the history group or the Ethernet statistics group, •...
Maximum number of Entry Parameters to be compared entries Alarm variable formula (alarm-variable), sampling interval (sampling-interval), sampling type (absolute, changeratio or Prialarm delta), rising threshold (threshold-value1) and falling threshold (threshold-value2) Displaying and maintaining RMON Task Command Remarks display rmon statistics [ interface-type Display RMON statistics.
Configuration procedure # Configure the RMON statistics group on the RMON agent to gather statistics for GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] rmon statistics 1 owner user1 # Display statistics collected by the RMON agent for GigabitEthernet 1/0/1. <Sysname>...
Page 94
# Display the history data collected for GigabitEthernet 1/0/1. [Sysname-GigabitEthernet1/0/1] display rmon history HistoryControlEntry 2 owned by null is VALID Samples interface : GigabitEthernet1/0/1<ifIndex.3> Sampling interval : 10(sec) with 8 buckets max Sampled values of record 1 : dropevents , octets : 834 packets , broadcast packets...
Configuring port mirroring Introduction to port mirroring Port mirroring is the process of copying the packets passing through a port to the monitor port connecting to a monitoring device for packet analysis. Terminologies of port mirroring Mirroring source The mirroring source can be one or more monitored ports. Packets (called "mirrored packets") passing through them are copied to a port connecting to a monitoring device for packet analysis.
and egress port reside on a source device and send mirrored packets to the remote probe VLAN. The egress port must belong to the remote probe VLAN while the reflector port may not. For more information about the source device, destination device, reflector port, egress port, and remote probe VLAN, see "Port mirroring classification and implementation."...
Page 99
Layer 2 remote port mirroring Figure 33 Layer 2 remote port mirroring implementation On the network shown in Figure The source device does the following: Copies the packets received on the source port GigabitEthernet 1/0/1 to the egress port GigabitEthernet 1/0/2. Forwards the packets to the intermediate device, which then broadcasts the packets in the remote probe VLAN.
disable MAC address learning of the remote probe VLAN. For more information about the mac-address mac-learning disable command, see Layer 2—LAN Switch Command Reference. Configuring local port mirroring Local port mirroring configuration task list Configure a local mirroring group and then configure one or more source ports and a monitor port for the local mirroring group.
• VLAN, or enable the spanning tree feature on the monitor port. HP recommends you use a monitor port for port mirroring only. This is to make sure that the data • monitoring device receives and analyzes only the mirrored traffic rather than a mix of mirrored traffic and normally forwarded traffic.
• default VLAN, VLAN 1. • HP recommends that you configure an unused port as the reflector port of a remote source mirroring group and disable STP on it. Do not configure a combo interface as a reflector port. •...
Page 103
A VLAN can serve as the remote probe VLAN for only one remote source mirroring group. HP • recommends you use the remote probe VLAN for port mirroring exclusively. Do not create a VLAN interface for the VLAN or configure any other features for the VLAN.
If an intermediate device exists, allow the remote probe VLAN to pass through the intermediate device. NOTE: HP recommends you not enable GARP VLAN Registration Protocol (GVRP). If GVRP is enabled, GVRP may register the remote probe VLAN to unexpected ports, resulting in undesired duplicates. For more Layer 2—LAN Switching Configuration Guide...
To make sure that the mirroring function works properly, do not enable the spanning tree feature on the monitor port. HP recommends you use a monitor port only for port mirroring. This is to make sure that the data monitoring device receives and analyzes only the mirrored traffic rather than a mix of mirrored traffic and normally forwarded traffic.
Configuring the remote probe VLAN for the remote destination group Configuration restrictions and guidelines: A VLAN can serve for only one mirroring group. When a VLAN is configured as a remote probe VLAN, use the remote probe VLAN for port mirroring exclusively.
Page 107
Step Command Remarks Create a remote source By default, no remote source mirroring-group group-id remote-source group. group exists on a device. Configuring source ports for the remote source group If you use system view, you can use a list to configure multiple source ports for a mirroring group at one time.
Page 108
Step Command Remarks mirroring-group group-id Configure the egress port for By default, no egress port is configured for monitor-egress the remote source group. a remote source group. monitor-egress-port To configure the egress port for the remote source group in interface view: Step Command Remarks...
Displaying and maintaining port mirroring Task Command Remarks display mirroring-group { group-id | all | local | Display the configuration of remote-destination | remote-source } [ | { begin | Available in any view mirroring groups. exclude | include } regular-expression ] Port mirroring configuration examples Local port mirroring configuration example Network requirements...
# Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as source ports and port GigabitEthernet 1/0/3 as the monitor port. [DeviceA] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 GigabitEthernet 1/0/2 both [DeviceA] mirroring-group 1 monitor-port GigabitEthernet 1/0/3 # Disable the spanning tree feature on the monitor port GigabitEthernet 1/0/3. [DeviceA] interface GigabitEthernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] undo stp enable [DeviceA-GigabitEthernet1/0/3] quit...
Page 111
Figure 35 Network diagram Configuration procedure # Create remote source mirroring group 1. <DeviceA> system-view [DeviceA] mirroring-group 1 remote-source # Configure GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 as source ports of remote source mirroring group 1. [DeviceA] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 to gigabitethernet 1/0/3 both # Configure an unused port (GigabitEthernet 1/0/5 for example) of Device A as the reflector port of remote source mirroring group 1.
Layer 2 remote port mirroring configuration example Network requirements On the Layer 2 network shown in Figure Device A connects to the marketing department through GigabitEthernet 1/0/1 and connects to • the trunk port GigabitEthernet 1/0/1 of Device B through the trunk port GigabitEthernet 1/0/2. Device C connects to the server through GigabitEthernet 1/0/2 and connects to the trunk port GigabitEthernet 1/0/2 of Device B through the trunk port GigabitEthernet 1/0/1.
Page 113
# Configure VLAN 2 as the remote probe VLAN of the mirroring group and GigabitEthernet 1/0/2 as the monitor port of the mirroring group, disable the spanning tree feature on GigabitEthernet 1/0/2, and assign the port to VLAN 2. [DeviceC] mirroring-group 1 remote-probe vlan 2 [DeviceC] interface GigabitEthernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] mirroring-group 1 monitor-port [DeviceC-GigabitEthernet1/0/2] undo stp enable...
Page 114
# Configure output port GigabitEthernet 1/0/2 as a trunk port to permit the packets of VLAN 2 to pass through, and disable the spanning tree feature on the port. [DeviceA] interface GigabitEthernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-type trunk [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 2 [DeviceA-GigabitEthernet1/0/2] undo stp enable [DeviceA-GigabitEthernet1/0/2] quit Verify the configurations.
Configuring traffic mirroring Introduction to traffic mirroring Traffic mirroring copies the specified packets to the specified destination for packet analyzing and monitoring. It is implemented through QoS policies. In other words, you define traffic classes and configure match criteria to classify packets to be mirrored and then configure traffic behaviors to mirror packets that fit the match criteria to the specified destination.
Step Command Remarks Create a class and enter class traffic classifier tcl-name [ operator By default, no traffic class exists. view. { and | or } ] By default, no match criterion is Configure match criteria. if-match match-criteria configured in a traffic class. For more information about the traffic classifier and if-match commands, see ACL and QoS Command Reference.
Configuring a QoS policy Step Command Remarks Enter system view. system-view Create a policy and enter qos policy policy-name By default, no policy exists. policy view. Associate a class with a traffic classifier tcl-name behavior By default, no traffic behavior is behavior in the QoS policy.
Step Command Enter system view. system-view qos vlan-policy policy-name vlan vlan-id-list { inbound | Apply a QoS policy to a VLAN. outbound } For more information about the qos vlan-policy command, see ACL and QoS Command Reference. Apply a QoS policy globally You can apply a QoS policy globally to mirror the traffic in a specific direction on all ports.
Task Command Remarks display qos policy user-defined [ policy-name Display user-defined QoS policy [ classifier tcl-name ] ] [ | { begin | exclude | Available in any view configuration information. include } regular-expression ] For more information about the display traffic behavior and display qos policy commands, see ACL and QoS Command Reference.
Page 120
[DeviceA] acl number 3000 [DeviceA-acl-adv-3000] rule permit tcp source 192.168.2.0 0.0.0.255 destination-port eq www [DeviceA-acl-adv-3000] quit # Create traffic class tech_c, and configure the match criterion as ACL 3000. [DeviceA] traffic classifier tech_c [DeviceA-classifier-tech_c] if-match acl 3000 [DeviceA-classifier-tech_c] quit # Create traffic behavior tech_b, and configure the action of mirroring traffic to port GigabitEthernet 1/0/3.
Page 121
[DeviceA-qospolicy-mkt_p] quit # Apply QoS policy mkt_p to the outgoing packets of GigabitEthernet 1/0/2. [DeviceA] interface GigabitEthernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] qos apply policy mkt_p outbound Verify the configurations. After completing the configurations, through the server, you can monitor all traffic sent by the technology department to access the Internet and the IP traffic that the technology department sends to the marketing department during working hours.
Configuring NQA Overview Network Quality Analyzer (NQA) can perform various types of tests and collect network performance and service quality parameters such as delay jitter, time for establishing a TCP connection, time for establishing an FTP connection, and file transfer rate. With the NQA test results, you can diagnose and locate network faults, be aware of network performance in time and take proper actions to correct any problems.
Page 123
The collaboration comprises the following parts: the application modules, the track module, and the detection modules. • A detection module monitors objects, such as the link status, and network performance, and informs the track module of detection results. Upon the detection results, the track module changes the status of the track entry and informs the •...
• Threshold types The following threshold types are supported: average—Monitors the average value of monitored data in a test. If the average value in a test exceeds the upper threshold or goes below the lower threshold, a threshold violation occurs. For example, you can monitor the average probe duration in a test.
Test and probe After the NQA test group starts, tests are performed at a specific interval. During each test, a specific number of probe operations are performed. Both the test interval and the number of probe operations per test are configurable. But only one probe operation is performed during one voice test. In different test types, probe operation has the following different meanings: During a TCP or DLSw test, one probe operation means setting up one connection.
The NQA client computes the network performance and service quality parameters, such as the packet loss rate and round-trip time based on the received responses. NQA configuration task list Task Remarks Configuring the NQA server Required for TCP, UDP echo, UDP jitter, and voice tests To perform NQA tests successfully, perform the following configurations on the NQA client: Enable the NQA client.
Configuring the NQA server To perform TCP, UDP echo, UDP jitter, or voice tests, configure the NQA server on the peer device. The NQA server responds to the probe packets sent from the NQA client by listening to the specified destination address and port number.
By default, the string is the hexadecimal ICMP echo request. number 00010203040506070809. Optional. By default, ICMP echo tests apply to the Apply ICMP echo tests to the vpn-instance public network. specified VPN. vpn-instance-name Only the HP 5500 EI Switch Series supports VPN instances.
Step Command Remarks Optional. By default, no source interface is configured for probe packets. source interface The requests take the IP address of the Configure the source interface interface-type source interface as their source IP address for ICMP echo requests. interface-number when no source IP address is specified.
Step Command Remarks Enter NQA test group nqa entry admin-name view. operation-tag Configure the test type as DHCP, and enter test type type dhcp view. By default, no interface is configured to operation interface perform DHCP tests. Specify an interface to interface-type perform DHCP tests.
Configuring FTP tests FTP tests of an NQA test group are used to test the connection between the NQA client and an FTP server and the time required for the FTP client to transfer a file to or download a file from the FTP server. Before you start FTP tests, configure the FTP server.
Step Command Remarks Optional. Set the data transmission mode { active | passive } mode for FTP tests. active by default. "Configuring optional Configure optional parameters for an NQA Optional. parameters. test group" Configuring HTTP tests HTTP tests of an NQA test group are used to test the connection between the NQA client and an HTTP server, and the time required to obtain data from the HTTP server.
Configuring UDP jitter tests IMPORTANT: Do not perform NQA UDP jitter tests on known ports, ports from 1 to 1023. Otherwise, UDP jitter tests might fail or the corresponding services of this port might be unavailable. Real-time services such as voice and video have high requirements on delay jitters. UDP jitter tests of an NQA test group obtain uni/bi-directional delay jitters.
Step Command Remarks Optional. Specify the source port source port port-number By default, no source port number is number of UDP packets. specified. Optional. Configure the size of the data data-size size field in each UDP packet. 100 bytes by default. Optional.
Step Command Remarks Enter system view. system-view Enter NQA test group nqa entry admin-name view. operation-tag Configure the test type as SNMP, and enter test type snmp type view. Configure the By default, no destination IP address is destination address of destination ip ip-address configured.
Step Command Remarks By default, no destination port number is Configure the configured. destination port destination port of port-number The destination port number must be the same as TCP probe packets. that of the listening service on the NQA server. Optional.
Step Command Remarks Optional. Configure the string to be filled in the data field of data-fill string By default, the string is the hexadecimal number each UDP packet. 00010203040506070809. Optional. Specify the source port of source port port-number UDP packets. By default, no source port number is specified.
Page 138
Configuration prerequisites • Voice tests require cooperation between the NQA server and the NQA client. Before you start voice tests, configure a UDP listening service on the NQA server. For more information about UDP listening service configuration, see "Configuring the NQA server."...
Step Command Remarks Optional. Configure the string to be filled in the data field of data-fill string By default, the string is the hexadecimal each probe packet. number 00010203040506070809. Configure the number of Optional. probe packets to be sent probe packet-number during each voice probe packet-number 1000 by default.
Configuring the collaboration function Collaboration is implemented by establishing reaction entries to monitor the detection results of a test group. If the number of consecutive probe failures reaches the threshold, the configured action is triggered. To configure the collaboration function: Step Command Remarks...
Configuration procedure To configure threshold monitoring: Step Command Remarks Enter system system-view view. Enter NQA test nqa entry admin-name operation-tag group view. Enter test type type { dhcp | dlsw | dns | ftp | http | icmp-echo | snmp | tcp view of the test | udp-echo | udp-jitter | voice } group.
Page 142
Step Command Remarks • Enable sending traps to the network management server under specified conditions: reaction trap { probe-failure consecutive-probe-failures | test-complete | test-failure cumulate-probe-failures } • Configure a reaction entry for monitoring the probe duration of a test (not supported in UDP jitter and voice tests): reaction item-number checked-element probe-duration threshold-type { accumulate accumulate-occurrences | average | consecutive consecutive-occurrences }...
Configuring the NQA statistics collection function NQA groups tests completed in a time period for a test group, and calculates the test result statistics. The statistics form a statistics group. To view information about the statistics groups, use the display nqa statistics command.
• The maximum number of history records that can be saved in a test group—If the number of history records in a test group exceeds the maximum number, the earliest history records are removed. To configure the history records saving function of an NQA test group: Step Command Remarks...
Step Command Remarks Optional. By default, the interval between two consecutive tests for a test group is Configure the interval between 0 milliseconds. Only one test is two consecutive tests for a test frequency interval performed. group. If the last test is not completed when the interval specified by the frequency command is reached, a new test does not start.
• Configure the NQA server for tests that require cooperation with the NQA server. Configuration guidelines Follow these guidelines when you schedule an NQA test group: After an NQA test group is scheduled, you cannot enter the test group view or test type view. •...
NQA configuration examples ICMP echo test configuration example Network requirements As shown in Figure 40, configure NQA ICMP echo tests to test whether the NQA client (Device A) can send packets through a specific next hop to the specified destination (Device B) and test the round-trip time of the packets.
Page 148
[DeviceA-nqa-admin-test-icmp-echo] probe timeout 500 [DeviceA-nqa-admin-test-icmp-echo] frequency 5000 # Enable the saving of history records and configure the maximum number of history records that can be saved for a test group. [DeviceA-nqa-admin-test-icmp-echo] history-record enable [DeviceA-nqa-admin-test-icmp-echo] history-record number 10 [DeviceA-nqa-admin-test-icmp-echo] quit # Start ICMP echo tests. [DeviceA] nqa schedule admin test start-time now lifetime forever # Stop the ICMP echo tests after a period of time.
DHCP test configuration example Network requirements As shown in Figure 41, configure NQA DHCP tests to test the time required for Device A to obtain an IP address from the DHCP server (Device B). Figure 41 Network diagram Configuration procedure # Create a DHCP test group, and specify interface VLAN-interface 2 to perform NQA DHCP tests.
[DeviceA] display nqa history admin test NQA entry (admin admin, tag test) history record(s): Index Response Status Time Succeeded 2011-01-22 09:56:03.2 DNS test configuration example Network requirements As shown in Figure 42, configure NQA DNS tests to test whether Device A can translate the domain name host.com into an IP address through the DNS server and test the time required for resolution.
Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 # Display the history of DNS tests.
[DeviceA-nqa-admin-test-ftp] operation put [DeviceA-nqa-admin-test-ftp] filename config.txt # Enable the saving of history records. [DeviceA-nqa-admin-test-ftp] history-record enable [DeviceA-nqa-admin-test-ftp] quit # Start FTP tests. [DeviceA] nqa schedule admin test start-time now lifetime forever # Stop the FTP tests after a period of time. [DeviceA] undo nqa schedule admin test # Display the results of the last FTP test.
Page 153
Configuration procedure Before you make the configuration, make sure the devices can reach each other. # Create an HTTP test group. <DeviceA> system-view [DeviceA] nqa entry admin test [DeviceA-nqa-admin-test] type http # Specify the IP address of the HTTP server 10.2.2.2 as the destination IP address for HTTP tests. [DeviceA-nqa-admin-test-http] destination ip 10.2.2.2 # Configure the device to get data from the HTTP server for each HTTP probe operation.
NQA entry (admin admin, tag test) history record(s): Index Response Status Time Succeeded 2011-01-22 10:12:47.9 UDP jitter test configuration example Network requirements As shown in Figure 45, configure NQA UDP jitter tests to test the delay jitter of packet transmission between Device A and Device B.
Page 155
Destination IP address: 10.2.2.2 Send operation times: 10 Receive response times: 10 Min/Max/Average round trip time: 15/32/17 Square-Sum of round trip time: 3235 Last succeeded probe time: 2011-01-29 13:56:17.6 Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0...
Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 UDP-jitter results: RTT number: 410 Min positive SD: 3 Min positive DS: 1...
Page 157
Figure 46 Network diagram Configuration procedure Before you make the configuration, make sure the devices can reach each other. Enable the SNMP agent service and set the SNMP version to all, the read community to public, and the write community to private on Device B. <DeviceB>...
Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 # Display the history of SNMP tests. [DeviceA] display nqa history admin test NQA entry (admin admin, tag test) history record(s): Index Response Status Time Timeout 2011-01-22 10:24:41.1...
# Stop the TCP tests after a period of time. [DeviceA] undo nqa schedule admin test # Display the results of the last TCP test. [DeviceA] display nqa result admin test NQA entry (admin admin, tag test) test results: Destination IP address: 10.2.2.2 Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 13/13/13...
Configure Device A: # Create a UDP echo test group. <DeviceA> system-view [DeviceA] nqa entry admin test [DeviceA-nqa-admin-test] type udp-echo # Configure UDP packets to use 10.2.2.2 as the destination IP address and port 8000 as the destination port. [DeviceA-nqa-admin-test-udp-echo] destination ip 10.2.2.2 [DeviceA-nqa-admin-test-udp-echo] destination port 8000 # Enable the saving of history records.
Page 161
Figure 49 Network diagram Configuration procedure Before you make the configuration, make sure the devices can reach each other. Enable the NQA server, and configure a listening service to listen to IP address 10.2.2.2 and UDP port 9000 on Device B. <DeviceB>...
[DeviceA-nqa-admin-test] type dlsw [DeviceA-nqa-admin-test-dlsw] destination ip 10.2.2.2 # Enable the saving of history records. [DeviceA-nqa-admin-test-dlsw] history-record enable [DeviceA-nqa-admin-test-dlsw] quit # Start DLSw tests. [DeviceA] nqa schedule admin test start-time now lifetime forever # Stop the DLSw tests after a period of time. [DeviceA] undo nqa schedule admin test # Display the result of the last DLSw test.
Figure 51 Network diagram Configuration procedure Assign each interface an IP address. (Details not shown.) Configure a static route, whose destination address is 10.2.1.1, and associate the static route with track entry 1 on Device A. <DeviceA> system-view [DeviceA] ip route-static 10.1.1.2 24 10.2.1.1 track 1 On Device A, create an NQA test group: # Create an NQA test group with the administrator name being admin and operation tag being test.
Page 166
Status: Positive Notification delay: Positive 0, Negative 0 (in seconds) Reference object: NQA entry: admin test Reaction: 1 # Display brief information about active routes in the routing table on Device A. [DeviceA] display ip routing-table Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto...
Configuring sFlow Both Layer 2 and Layer 3 Ethernet interfaces support the sFlow function. The term "interface" in this chapter collectively refers to these two types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2 LAN Switching Configuration —...
Use the display sflow command to display the sFlow collector. | datagram-size size | description parameters of the preset sFlow collectors. text | port port-number | time-out Only the HP 5500 EI supports the vpn-instance seconds } * keyword. Specify the Optional...
Step Command Remarks Enter system view. system-view Enter Layer 2 interface interface interface-type Only the HP 5500 EI switch series supports view/Layer 3 Ethernet interface-number Layer 3 Ethernet interface view. interface view. Set the interval for sflow counter interval seconds Counter sampling is disabled by default.
sFlow configuration example Network requirements As shown in Figure 53, Host A is connected with the server through the device (sFlow agent). Enable sFlow (including flow sampling and counter sampling) on GigabitEthernet 1/0/1 to monitor traffic on the interface. The device sends sFlow packets through GigabitEthernet 1/0/3 to the sFlow collector, which analyzes the sFlow packets and displays results.
• No IP address is configured for the Layer 3 interface on the device, or the IP address is configured, but the UDP packets with the IP address being the source cannot reach the sFlow collector. • The physical link between the device and the sFlow collector fails. Solution Check whether sFlow is correctly configured by displaying sFlow configuration with the display sflow command.
Configuring IPC This chapter provides an overview of Inter-Process Communication (IPC) and describes the IPC monitoring commands. Overview IPC provides a reliable communication mechanism among processing units, typically CPUs. IPC is typically used on a distributed device or in an IRF fabric to provide reliable inter-card or inter-device transmission.
Figure 54 Relationship between a node, link and channel Packet sending modes IPC uses one of the following modes to send packets for upper layer application modules: Unicast—One node sends packets to another node. • Multicast—One node sends packets to multiple nodes. This mode includes broadcast, a special •...
Configuring PoE Overview IEEE 802.3af/802.3at-compliant power over Ethernet (PoE) enables a power sourcing equipment (PSE) to supply power to powered devices (PDs) through Ethernet interfaces over straight-through twisted pair cables. Examples of PDs include IP telephones, wireless APs, portable chargers, card readers, Web cameras, and data collectors.
PoE profile enables you to apply a set of PoE settings to multiple interfaces instead of configuring the interfaces one by one. When configuring, removing, or deleting a PoE parameter on a PoE interface, you can use either method but not both. Before configuring PoE, make sure the PoE power supply and PSE are operating correctly so you •...
The PSE supplies power over category 3/5 twisted pair cable for a PoE interface in the following modes: Over signal wires—The PSE uses data pairs (pins 1, 2 and 3, 6) to supply DC power to PDs. • Over spare wires—The PSE uses spare pairs (pins 4, 5 and 7, 8) to supply DC power to PDs. •...
Configuring a PD disconnection detection mode CAUTION: If you change the PD disconnection detection mode while the device is running, the connected PDs are powered off. To detect the PD connection with a PSE, PoE provides two detection modes: AC detection and DC detection.
• If the priority-based power management policy is enabled for PoE interfaces, low-priority PoE interfaces are disconnected to guarantee power for high-priority and critical-priority PoE interfaces. The guaranteed remaining PoE power is the maximum PoE power minus the power allocated to the critical PoE interface, regardless of whether PoE is enabled for the PoE interface.
Configuring PSE power monitoring When the PSE power exceeds or drops below the specified threshold, the system sends trap messages. To configure a power alarm threshold for the PSE: Step Command Remarks Enter system view. system-view poe utilization-threshold Configure a power alarm Optional.
through PoE profile), the latter configuration fails and the original one is still effective. To make the latter configuration effective, you must cancel the original one first. To configure a PoE profile: Step Command Remarks Enter system view. system-view Create a PoE profile, and poe-profile profile-name [ index ] enter PoE profile view.
• Refresh mode—Enables you to update the PSE processing software without deleting it. Normally, you can upgrade the PSE processing software in the refresh mode through the command line. • Full mode—Deletes the PSE processing software and reloads it. If the PSE processing software is damaged (in this case, you can execute none of PoE commands successfully), you can upgrade the PSE processing software in full mode to restore the PSE function.
PoE configuration example Network requirements As shown in Figure 56, the device supplies power to PDs through its PoE interfaces: GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are connected to IP • telephones. GigabitEthernet 1/0/1 1 and GigabitEthernet 1/0/12 are connected to APs. •...
[Sysname] interface gigabitethernet 1/0/11 [Sysname-GigabitEthernet1/0/11] poe enable [Sysname-GigabitEthernet1/0/11] quit [Sysname] interface gigabitethernet 1/0/12 [Sysname-GigabitEthernet1/0/12] poe enable [Sysname-GigabitEthernet1/0/12] poe max-power 9000 Troubleshooting PoE Setting the priority of a PoE interface to critical fails Analysis • The guaranteed remaining power of the PSE is lower than the maximum power of the PoE interface. The priority of the PoE interface is already set.
Configuring cluster management Cluster management is supported only in non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Overview Cluster management is an effective way to manage large numbers of dispersed switches in groups. Cluster management offers the following advantages: Saves public IP address resources.
Figure 57 Network diagram As shown in Figure 57, the switch configured with a public IP address and performing the management function is the management switch, the other managed switches are member switches, and the switch that does not belong to any cluster but can be added to a cluster is a candidate switch. The management switch and the member switches form the cluster.
Page 188
version, host name, MAC address and port number. The management switch uses NTDP to collect data on the switches within user-specified hops and • their topology data, and identifies candidate switches based on the topology data. The management switch adds or deletes a member switch and modifies the cluster management •...
Page 189
to all the switches within specified hops. To avoid concurrent responses to an NTDP topology-collection request causing congestion and deny of service on the management switch, a delay mechanism was introduced. You configure the delay parameters for NTDP on the management switch. As a result: Each requested switch waits for a period of time before forwarding an NTDP topology-collection •...
sending a response. If the management switch does not receive handshake packets from a member switch within a • period that is three times the handshake interval, it changes the status of the member switch from Active to Connect. Likewise, if a member switch fails to receive handshake packets within a period that is three times the handshake interval, its state changes from Active to Connect.
manage the switches connected to it. For more information about HABP, see Security Configuration Guide. • Before you establish a cluster or add a switch to the cluster, verify that: The management switch's routing table can accommodate routes destined for the candidate switches.
Task Remarks • Configuring topology management Optional. • Configuring interaction for a cluster Optional. • Configuring the SNMP configuration synchronization function Optional. • Configuring Web user accounts in batches Optional. Configuring the management switch Perform the tasks in this section on the management switch. Enabling NDP globally and for specific ports For NDP to work normally, enable NTDP both globally and on specific ports.
Step Command Remarks Enter system view. system-view Configure the interval for sending Optional. ndp timer hello hello-time NDP packets. The default interval is 60 seconds. Configure the period for the Optional. receiving switch to keep the NDP ndp timer aging aging-time The default setting is 180 seconds.
The delay settings are conveyed in topology requests sent to the requested switches. They help avoid concurrent responses to an NTDP topology-collection request causing congestion and deny of service on the management switch. To configure NTDP parameters: Step Command Remarks Enter system view.
Establishing a cluster To successfully establish a cluster: Make sure UDP port 40000 is not used by any application. This port will be used by the cluster • management module for exchanging handshake packets. Perform the following tasks before establishing the cluster: •...
port that directly connects the switch to the management switch and its cascade ports are in the management VLAN. Management VLAN autonegotiation enables a cluster management switch to add ports directly connected to it and cascades ports between cluster candidate switches to a management VLAN. Enabling management VLAN autonegotiation can cause the following changes to ports connecting member switches: Access ports change to hybrid ports.
Step Command Remarks Configure the handshake Optional. timer interval interval. The default interval is 10 seconds. Configure the holdtime of a Optional. holdtime hold-time switch. The default setting is 60 seconds. Configuring cluster management protocol packets By default, the destination MAC address of cluster management protocol packets (including NDP, NTDP and HABP packets) is a multicast MAC address 0180-C200-000A, which IEEE reserved for later use.
Cluster member management You can manually add a candidate switch to a cluster, or remove a member switch from a cluster. If a member switch needs to be rebooted for software upgrade or configuration update, you can remotely reboot it through the management switch. Adding a member switch Step Command...
When a candidate switch is added to the cluster, its super password for level-3 commands changes • to be the same as that on the management switch. To avoid authentication failures, HP recommends you not modify the super password settings of any member (including the management switch and member switches) in the cluster.
Task Command Remarks You can use this command Access the CLI of the management only if you're not logged in to cluster switch-to administrator switch from a member switch. the member switch from the CLI of the management switch. Adding a candidate switch to a cluster Step Command Enter system view.
VLAN interface of the access NM switch (including FTP/TFTP server, NM host and log host) as the NM interface. To isolate cluster management and control packets from the external networks for security, HP recommends you configure the ports connected to the external networks as not allowing the management VLAN to pass through.
network management interface for communicating with these devices. Otherwise, communication failure will occur. To configure the interaction for a cluster: Step Command Remarks Enter system view. system-view Enter cluster view. cluster ftp-server ip-address [ user-name Configure the FTP server By default, no FTP server is username password { simple | shared by the cluster.
Step Command Remarks cluster-snmp-agent usm-user v3 user-name group-name Add a user to the SNMPv3 [ authentication-mode { md5 | group shared by a cluster. sha } auth-password ] [ privacy-mode des56 priv-password ] Configuring Web user accounts in batches Configuring Web user accounts in batches enables you to do the following: Through the Web interface, configure, on the management switch, the username and password •...
Task Command Remarks Display information about the display cluster [ | { begin | exclude | cluster to which the current Available in any view. include } regular-expression ] switch belongs. display cluster base-topology [ mac-address Display the standard mac-address | member-id member-number ] Available in any view.
Figure 60 Network diagram Configuration procedure Configure the member switch Switch A: # Enable NDP globally and for port GigabitEthernet 1/0/1. <SwitchA> system-view [SwitchA] ndp enable [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] ndp enable [SwitchA-GigabitEthernet1/0/1] quit # Enable NTDP globally and for port GigabitEthernet 1/0/1. [SwitchA] ntdp enable [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] ntdp enable...
Page 206
[SwitchB-GigabitEthernet1/0/2] ndp enable [SwitchB-GigabitEthernet1/0/2] quit [SwitchB] interface gigabitethernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] ndp enable [SwitchB-GigabitEthernet1/0/3] quit # Configure the period for the receiving switch to keep NDP packets as 200 seconds. [SwitchB] ndp timer aging 200 # Configure the interval to send NDP packets as 70 seconds. [SwitchB] ndp timer hello 70 # Enable NTDP globally and for ports GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3.
Page 207
[SwitchB-cluster] ip-pool 172.16.0.1 255.255.255.248 # Configure the current switch as the management switch, and establish a cluster named abc. [SwitchB-cluster] build abc Restore topology from local flash file,for there is no base topology. (Please confirm in 30 seconds, default No). (Y/N) # Enable management VLAN autonegotiation.
CLI switchover command. Hardware compatibility and other restrictions Only the HP 5500 SI switches support stack management. Link aggregation is not supported on stack ports. Every two stack member can have only one physical stack link between them.
Task Remarks Logging in to the CLI of a member from the master Required. Configuring the stack master device Perform the tasks in this section to configure the master device. After you complete the stack configuration, the master automatically adds member devices to the stack. Always start configuring the master device with assigning a private IP address pool to the stack.
To create a stack: Step Command Enter system view. system-view Create a stack. stack role master After you configure a device as a stack master device, its CLI prompt changes to <stack_0.Sysname>, where Sysname is the system name of the device. Configuring stack ports on a member device To add a device to a stack, you must configure the ports that connect the device to other stack members (including the master) as stack ports.
Stack configuration example Network requirements Create a stack on Switch A for Switch B, Switch C, and Switch D so an administrator can access them from Switch A for easy management, as shown in Figure Figure 62 Network diagram Switch A: Master switch GE1/0/1 GE1/0/2 Stack...
Page 212
Number Role : Master Sysname : stack_0. SwitchA Device type: HP A5500-24G SI Switch with 2 Interface Slots MAC address: 000f-e200-1000 Number Role : Slave Sysname : stack_1. SwitchB Device type: HP A5500-24G SI Switch with 2 Interface Slots MAC address: 000f-e200-1001...
Configuring CWMP Hardware compatibility The CWMP feature is available only on the HP 5500 EI switches. Overview CPE WAN Management Protocol (CWMP), also called "TR-069," is a DSL Forum technical specification for remote management of home network devices. It defines the general framework, message format, management method, and data model for managing and configuring home network devices.
ACS—Autoconfiguration server, the management device in the network. In this document, ACS • refers to the server installed with the HP IMC BIMS system. DNS server—Domain name system server. An ACS and a CPE use URLs to identify and access each •...
monitor parameters and get the parameter values through an ACS, so as to get the CPE status and statistics. The status and performance that can be monitored by an ACS include: • Manufacture name (Manufacturer) ManufacturerOUI • SerialNumber • HardwareVersion •...
Page 216
The CPE can send connection requests either periodically or at the specified time to the ACS. The ACS can initiate a connection request to the CPE at any time, and can establish a connection with the CPE after passing CPE authentication. Configuration parameter deployment When a CPE logs in to an ACS, the ACS can automatically apply some configurations to the CPE for it to perform auto configuration.
Page 217
• Reboot—The ACS remotely reboots the CPE when the CPE encounters a failure or completes a software upgrade. How CWMP works The following example illustrates how CWMP works. Suppose there are two ACSs in an area: main and backup. The main ACS must restart for a system upgrade. To ensure a continuous CPE monitoring, the main ACS switch all CPEs in the area to the backup ACS.
CPE, the DHCP server sends the ACS parameters in DHCP Option 43 to the CPE. If the DHCP server is an HP switch that supports DHCP Option 43, you can configure the ACS parameters at the CLI with the command option 43 hex 01length URL username password, where: length is a hexadecimal string that indicates the total length of the URL, username, and password •...
• 27 indicates that the length of the subsequent hexadecimal strings is 39 characters. 68747470 3A2F2F31 36392E32 35342E37 362E3331 3A373534 372F6163 73 corresponds to • the ACS address http://169.254.76.31/acs. 3132 3334 corresponds to the username 1234. • 35 3637 38 corresponds to the password 5678. •...
Task Remarks • Specifying an SSL client policy for HTTPS connection to ACS Optional. Enabling CWMP CWMP configurations can take effect only after you enable CWMP. To enable CWMP: Step Command Remarks Enter system view. system-view Enter CWMP view. cwmp Optional.
Step Command Remarks Enter CWMP view. cwmp By default, no ACS URL is Configure the ACS URL. cwmp acs url url configured. Configuring the ACS username and password To pass ACS authentication, make sure the configured username and password are the same as those configured for the CPE on the ACS.
Step Command Remarks Enter CWMP view. cwmp By default, no CPE username is Configure the CPE username cwmp cpe username username configured for connection to the for connection to the CPE. CPE. Optional. You can specify a username without a password for authentication, but make sure that Configure the CPE password cwmp cpe password [ cipher |...
Step Command Remarks Enter CWMP view. cwmp Enable the periodic sending cwmp cpe inform interval enable By default, the function is disabled. of Inform messages. Optional. Configure the interval between sending the Inform cwmp cpe inform interval seconds By default, the CPE sends an Inform messages.
• After a connection is established: If there is no packet interaction between the CPE and the ACS within the configured close-wait timeout, the CPE considers the connection to be invalid and disconnects the connection. To configure the close wait timer of a CPE: Step Command Remarks...
CWMP configuration example Configuration guidelines Before configuring the ACS server, make sure the HP IMC BIMS software is installed on the server. The BIMS functions and Web interface might change along with software updates. If your Web interface is different from that in this example, see the user manual came with your server.
Figure 65 Network diagram DHCP server DNS server 10.185.10.41 10.185.10.52 10.185.10.60 DeviceA DeviceB DeviceC DeviceD DeviceE DeviceF Room A Room B Table 10 Switches deployed in two equipment rooms Equipment room Switch Serial ID DeviceA 210235AOLNH12000008 DeviceB 210235AOLNH12000010 DeviceC 210235AOLNH12000015 DeviceD 210235AOLNH12000017 DeviceE...
Page 227
Click the System Management tab. Select CPE Authentication Users from the navigation tree to enter the CPE authentication user configuration page. Figure 66 CPE Authentication User page Click Add to enter the page for adding a CPE authentication user. Figure 67 Add CPE Authentication User page Set the username, password, and description, and then click OK.
Page 228
Figure 68 Add Device Group page Set the group name and click OK. Add a device class: Select Device Class from the navigation tree, and the device class page appears. Click Add. Figure 69 Add Device Class page Set the class name, and click OK. Add a device: Select Add Device from the navigation tree to enter the page for adding a device.
Page 229
Figure 70 Add Device page Enter device information and click OK. Figure 71 Adding device succeeded Repeat the previous steps to add information about DeviceB and DeviceC to the ACS server. Bind different configuration files to different CPE groups to realize auto-deployment: Select Deployment Guide from the navigation tree.
Page 230
Figure 72 Deployment Guide page Select the configuration file to be deployed and set it as the startup configuration as the deployment strategy on the Auto Deploy Configuration page. Figure 73 Auto Deploy Configuration page Click Select Class and enter the page for selecting device type.
Page 231
Figure 74 Selecting a device class Select the Device_A device class and click OK. The auto deploy configuration page is displayed. Click OK to complete the task. Figure 75 Deploying task succeeded Configure the switches in room B in the same way as you configure the switches in room A except that you must change the device class settings, as follows: Create device class Device_B for switches in room B.
• Configuring the DHCP server In this example, the DHCP server is an Option 43-aware HP switch. If your DHCP server is not an Option 43-aware HP switch, see the user manual came with your server. Configure a DHCP address pool. Assign IP addresses to CPEs and the DNS server. In this example, the addresses are in the network segment 10.185.10.0/24.
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals • For related documentation, navigate to the Networking section, and select a networking category.
• HP Networking http://www.hp.com/go/networking HP manuals http://www.hp.com/support/manuals • HP download drivers and software http://www.hp.com/support/downloads • HP software depot http://www.software.hp.com • • HP Education http://www.hp.com/learn Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.
Page 236
Convention Description An alert that contains additional or supplementary information. NOTE An alert that provides helpful information. Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Configuring advanced cluster management Configuring threshold monitoring,130 functions,190 Configuring traffic mirroring of different types,106 Configuring an NQA test group,1 18 Contacting HP,224 Configuring counter sampling,159 Conventions,225 Configuring CPE attributes,21 1 Creating an NQA test group,1 17 Configuring flow sampling,158...
Page 238
Displaying and maintaining port mirroring,99 Outputting system information to a log host,45 Displaying and maintaining RMON,82 Outputting system information to the console,43 Displaying and maintaining sFlow,159 Outputting system information to the log buffer,46 Displaying and maintaining SNMP,70 Outputting system information to the monitor terminal,44 Displaying and maintaining stack configuration,200...