HPE FlexFabric 5700 Series Network Management And Monitoring Configuration Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. FlexFabric 5700 Series
  6. Network management and monitoring configuration manual

HPE FlexFabric 5700 Series Network Management And Monitoring Configuration Manual

Hide thumbs Also See for FlexFabric 5700 Series:
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual
HPE FlexFabric 5700 Switch Series
Network Management and Monitoring Configuration
Guide
Part number: 5998-5594R
Software version: Release 2422P01 and later
Document version: 6W100-20160331

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FlexFabric 5700 Series and is the answer not in the manual?

Questions and answers

Related Manuals for HPE FlexFabric 5700 Series

Summary of Contents for HPE FlexFabric 5700 Series

  • Page 1 HPE FlexFabric 5700 Switch Series Network Management and Monitoring Configuration Guide Part number: 5998-5594R Software version: Release 2422P01 and later Document version: 6W100-20160331...
  • Page 2 © Copyright 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Using ping, tracert, and system debugging ····················································· 1     Ping ···································································································································································· 1   Using a ping command to test network connectivity ·················································································· 1   Ping example ············································································································································· 1   Tracert ································································································································································ 3   Prerequisites ·············································································································································· 4   Using a tracert command to identify failed or all nodes in a path ······························································· 4  ...
  • Page 4   Displaying and maintaining SNTP ··················································································································· 45   SNTP configuration example ··························································································································· 45 Configuring PTP ···························································································· 47     Overview ·························································································································································· 47   Basic concepts ········································································································································· 47   Synchronization mechanism ···················································································································· 49   Protocols and standards ·························································································································· 51   Configuring clock nodes ··································································································································· 51  ...
  • Page 5   Enabling synchronous information output ········································································································ 76   Enabling duplicate log suppression ················································································································· 77   Disabling an interface from generating link up or link down logs ····································································· 77   Displaying and maintaining information center ································································································ 77   Setting the minimum storage time for logs ······································································································· 78  ...
  • Page 6   Configuring the SNMP operation ··········································································································· 117   Configuring the TCP operation ··············································································································· 117   Configuring the UDP echo operation ····································································································· 118   Configuring the UDP tracert operation ··································································································· 119   Configuring the voice operation ············································································································· 120   Configuring the DLSw operation ············································································································ 122  ...
  • Page 7 Configuring flow mirroring ··········································································· 180     Overview ························································································································································ 180   Flow mirroring configuration task list ·············································································································· 180   Configuring match criteria ······························································································································ 180   Configuring a traffic behavior ························································································································· 181   Configuring a QoS policy ······························································································································· 181   Applying a QoS policy ···································································································································· 181  ...
  • Page 8   Enabling CWMP from the CLI ························································································································ 209   Configuring ACS attributes ···························································································································· 209   Configuring the preferred ACS attributes ······························································································· 209   Configuring the default ACS attributes from the CLI ·············································································· 210   Configuring CPE attributes ···························································································································· 211   Configuring ACS authentication parameters ··························································································...
  • Page 9 Appendix ····································································································· 254     Appendix A Supported NETCONF operations ······························································································· 254 Configuring the packet capture ··································································· 262     Overview ························································································································································ 262   Filter elements ········································································································································ 262   Building a capture filter ··························································································································· 267   Building a display filter ··························································································································· 268  ...

  • Page 10: Using Ping, Tracert, And System Debugging

    Using ping, tracert, and system debugging This chapter covers ping, tracert, and information about debugging the system. Ping Use the ping utility to determine if a specific address is reachable. Ping sends ICMP echo requests (ECHO-REQUEST) to the destination device. Upon receiving the requests, the destination device responds with ICMP echo replies (ECHO-REPLY) to the source device.
  • Page 11 Figure 1 Network diagram Configuration procedure # Use the ping command on Device A to test connectivity to Device C. <DeviceA> ping 1.1.2.2 Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break 56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms 56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms 56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms 56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=1.963 ms...

  • Page 12: Tracert

    The source device (Device A) sends an ICMP echo request to the destination device (Device C) with the RR option blank. The intermediate device (Device B) adds the IP address of its outbound interface (1.1.2.1) to the RR option of the ICMP echo request, and forwards the packet. Upon receiving the request, the destination device copies the RR option in the request and adds the IP address of its outbound interface (1.1.2.2) to the RR option.

  • Page 13: Prerequisites

    Enable sending of ICMP timeout packets on the intermediate devices (devices between the source and destination devices). If the intermediate devices are HPE devices, execute the ip ttl-expires enable command on the devices. For more information about this command, see Layer 3—IP Services Command Reference.

  • Page 14: System Debugging

    Configure a static route on Device A. <DeviceA> system-view [DeviceA] ip route-static 0.0.0.0 0.0.0.0 1.1.1.2 [DeviceA] quit Use the ping command to test connectivity between Device A and Device C. <DeviceA> ping 1.1.2.2 Ping 1.1.2.2(1.1.2.2): 56 -data bytes, press CTRL_C to break Request time out Request time out Request time out...

  • Page 15: Debugging Information Control Switches

    Debugging information control switches The following switches control the display of debugging information: • Module debugging switch—Controls whether to generate the module-specific debugging information. • Screen output switch—Controls whether to display the debugging information on a certain screen. Use terminal monitor and terminal logging level commands to turn on the screen output switch.

  • Page 16: Configuring Ntp

    Configuring NTP Synchronize your device with a trusted time source by using the Network Time Protocol (NTP) or changing the system time before you run it on a live network. Various tasks, including network management, charging, auditing, and distributed computing depend on an accurate system time setting, because the timestamps of system messages and logs use the system time.

  • Page 17: Ntp Architecture

    Device A sends Device B an NTP message, which is timestamped when it leaves Device A. The time stamp is 10:00:00 am (T1). When this NTP message arrives at Device B, Device B adds a timestamp showing the time when the message arrived at Device B. The timestamp is 11:00:01 am (T2). When the NTP message leaves Device B, Device B adds a timestamp showing the time when the message left Device B.

  • Page 18: Association Modes

    If the devices in a network cannot synchronize to an authoritative time source, you can select a device that has a relatively accurate clock from the network, and use the local clock of the device as the reference clock to synchronize other devices in the network. Association modes NTP supports the following association modes: •...

  • Page 19: Ntp Security

    Mode Working process Principle Application scenario broadcast message, the client population. and the server start to exchange The broadcast mode has messages to calculate the a lower time accuracy network delay between them. than the client/server and Then, only the broadcast server symmetric active/passive sends clock synchronization modes because only the...

  • Page 20: Protocols And Standards

    device discards the message. This function makes sure the device does not synchronize to an unauthorized time server. Figure 7 NTP authentication Key value Message Message Sends to the Message receiver Key ID Compute the Digest digest Compute the Digest Key ID digest Digest...

  • Page 21: Enabling The Ntp Service

    Tasks at a glance (Optional.) Configuring access control rights (Optional.) Configuring NTP authentication (Optional.) Configuring NTP optional parameters Enabling the NTP service Step Command Remarks Enter system view. system-view By default, the NTP service is not Enable the NTP service. ntp-service enable enabled.

  • Page 22: Configuring Ntp In Symmetric Active/Passive Mode

    Step Command Remarks interface-type interface-number ] * Configuring NTP in symmetric active/passive mode When the device operates in symmetric active/passive mode, specify on a symmetric-active peer the IP address for a symmetric-passive peer. Follow these guidelines when you configure a symmetric-active peer: •...

  • Page 23: Configuring Ntp In Multicast Mode

    Step Command Remarks By default, the device does not operate in broadcast client mode. Configure the device to After you execute the command, operate in broadcast client ntp-service broadcast-client the device receives NTP mode. broadcast messages from the specified interface. Configuring the broadcast server Step Command...

  • Page 24: Configuring Access Control Rights

    Step Command Remarks interface interface-type Enter the interface for sending Enter interface view. interface-number NTP multicast message. • Configure the device to operate in multicast server mode: ntp-service multicast-server [ ip-address ] By default, the device does not [ authentication-keyid operate in multicast server mode.
  • Page 25 • Configure an authentication key. • Set the key as a trusted key on both client and server. • Associate the key with the NTP server on the client. The key IDs and key values configured on the server and client must be the same. Otherwise, NTP authentication fails.

  • Page 26: Configuring Ntp Authentication In Symmetric Active/Passive Mode

    Table 2 NTP authentication results Client Server Configure Configure Associate Authentication Enable NTP a key and Enable NTP a key and the key with result authenticatio configure authenticatio configure an NTP it as a it as a server trusted key trusted key Succeeded.
  • Page 27 Step Command Remarks Enter system view. system-view ntp-service authentication By default, NTP authentication is Enable NTP authentication. enable disabled. ntp-service Configure an NTP authentication-keyid keyid By default, no NTP authentication authentication key. authentication-mode md5 key is configured. { cipher | simple } value Configure the key as a ntp-service reliable By default, no authentication key...

  • Page 28: Configuring Ntp Authentication In Broadcast Mode

    Active peer Passive peer Configur e a key Associat Configure a Authentication Enable NTP e the key Enable NTP key and result authenticatio configure with a authenticatio configure it it as a passive as a trusted trusted peer correctly. Failed. NTP messages cannot be sent and received correctly.
  • Page 29 • Configure an authentication key. • Set the key as a trusted key on both the broadcast client and server. • Configure an NTP authentication key on the broadcast server. The key IDs and key values configured on the broadcast server and client must be the same. Otherwise, NTP authentication fails.

  • Page 30: Configuring Ntp Authentication In Multicast Mode

    Broadcast server Broadcast client Configur e a key Associat Configure Authentication Enable NTP e the key Enable NTP a key and result authenticatio configure with a authenticatio configure it as a broadcas it as a trusted t server trusted key and received correctly.
  • Page 31 Step Command Remarks ntp-service Configure an NTP authentication-keyid keyid By default, no NTP authentication authentication key. authentication-mode md5 key is configured. { cipher | simple } value Configure the key as a ntp-service reliable By default, no authentication key trusted key. authentication-keyid keyid is configured as a trusted key.

  • Page 32: Configuring Ntp Optional Parameters

    Multicast server Multicast client Configure Configure Associate Authentication Enable NTP a key and Enable NTP a key and the key with result authenticatio configure authenticatio configure a multicast it as a it as a server trusted key trusted key received correctly.

  • Page 33: Disabling An Interface From Receiving Ntp Messages

    interface so that any interface status change on the device will not cause NTP messages to be unable to be received. When the device responds to an NTP request, the source IP address of the NTP response is always the IP address of the interface that has received the NTP request. Follow these guidelines when you specify the source interface for NTP messages: •...

  • Page 34: Setting A Dscp Value For Ntp Packets

    The following describes how an association is established in different association modes: • Client/server mode—After you specify an NTP server, the system creates a static association on the client. The server simply responds passively upon the receipt of a message, rather than creating an association (static or dynamic).

  • Page 35: Displaying And Maintaining Ntp

    Step Command Remarks By default, the device does not Configure the local clock as a ntp-service refclock-master use the local clock as a reference reference source. [ ip-address ] [ stratum ] source. Displaying and maintaining NTP Execute display commands in any view. Task Command Display information about IPv6 NTP associations.

  • Page 36: Ipv6 Ntp Client/Server Mode Configuration Example

    [DeviceB] ntp-service enable # Specify Device A as the NTP server of Device B so that Device B is synchronized to Device A. [DeviceB] ntp-service unicast-server 1.0.1.11 Verify the configuration: # Verify that Device B has synchronized to Device A, and the clock stratum level is 3 on Device B and 2 on Device A.

  • Page 37: Ntp Symmetric Active/Passive Mode Configuration Example

    [DeviceA] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2. [DeviceA] ntp-service refclock-master 2 Configure Device B: # Enable the NTP service. <DeviceB> system-view [DeviceB] ntp-service enable # Specify Device A as the IPv6 NTP server of Device B so that Device B is synchronized to Device A.
  • Page 38 Figure 10 Network diagram Configuration procedure Set the IP address for each interface, and make sure Device A and Device B can reach each other, as shown in Figure 10. (Details not shown.) Configure Device B: # Enable the NTP service. <DeviceB>...

  • Page 39: Ipv6 Ntp Symmetric Active/Passive Mode Configuration Example

    IPv6 NTP symmetric active/passive mode configuration example Network requirements As shown in Figure • Configure the local clock of Device A as a reference source, with the stratum level 2. • Configure Device A to operate in symmetric-active mode and specify Device B as the IPv6 passive peer of Device A.

  • Page 40: Ntp Broadcast Mode Configuration Example

    [DeviceB] display ntp-service ipv6 sessions Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured. Source: [1234]3000::35 Reference: 127.127.1.0 Clock stratum: 2 Reachabilities: 15 Poll interval: 64 Last receive time: 19 Offset: 0.0 Roundtrip delay: 0.0 Dispersion: 0.0 Total sessions: 1 NTP broadcast mode configuration example Network requirements As shown in...
  • Page 41 [SwitchC] ntp-service refclock-master 2 # Configure Switch C to operate in broadcast server mode and send broadcast messages through VLAN-interface 2. [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] ntp-service broadcast-server Configure Switch A: # Enable the NTP service. <SwitchA> system-view [SwitchA] ntp-service enable # Configure Switch A to operate in broadcast client mode and receive broadcast messages on VLAN-interface 2.

  • Page 42: Ntp Multicast Mode Configuration Example

    NTP multicast mode configuration example Network requirements As shown in Figure 13, Switch C functions as the NTP server for multiple devices on different network segments and synchronizes the time among multiple devices. • Configure Switch C's local clock as a reference source, with the stratum level 2. •...
  • Page 43 Verify the configuration: Switch D and Switch C are on the same subnet, so Switch D can do the following: Receive the multicast messages from Switch C without being enabled with the multicast functions. Synchronize to Switch C. # Verify that Switch D has synchronized to Switch C, and the clock stratum level is 3 on Switch D and 2 on Switch C.

  • Page 44: Ipv6 Ntp Multicast Mode Configuration Example

    Configure Switch A: # Enable the NTP service. <SwitchA> system-view [SwitchA] ntp-service enable # Configure Switch A to operate in multicast client mode and receive multicast messages on VLAN-interface 3. [SwitchA] interface vlan-interface 3 [SwitchA-Vlan-interface3] ntp-service multicast-client Verify the configuration: # Verify that Switch A has synchronized to Switch C, and the clock stratum level is 3 on Switch A and 2 on Switch C.
  • Page 45 Figure 14 Network diagram NOTE: In this example, Switch B must be a switch that supports IPv4 multicast routing. Configuration procedure Set the IP address for each interface, and make sure the switches can reach each other, as shown in Figure 14.
  • Page 46 Clock stratum: 3 System peer: 3000::2 Local mode: bclient Reference clock ID: 165.84.121.65 Leap indicator: 00 Clock jitter: 0.000977 s Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.00000 ms Root dispersion: 8.00578 ms Reference time: d0c60680.9754fb17 Wed, Dec 29 2010 19:12:00.591 # Verify that an IPv6 NTP association has been established between Switch D and Switch C.

  • Page 47: Configuration Example For Ntp Client/Server Mode With Authentication

    # Configure Switch A to operate in IPv6 multicast client mode and receive IPv6 multicast messages on VLAN-interface 3. [SwitchA] interface vlan-interface 3 [SwitchA-Vlan-interface3] ntp-service ipv6 multicast-client ff24::1 Verify the configuration: # Verify that Switch A has synchronized to Switch C, and the clock stratum level is 3 on Switch A and 2 on Switch C.
  • Page 48 Configuration procedure Set the IP address for each interface, and make sure Device A and Device B can reach each other, as shown in Figure 15. (Details not shown.) Configure Device A: # Enable the NTP service. <DeviceA> system-view [DeviceA] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2.

  • Page 49: Configuration Example For Ntp Broadcast Mode With Authentication

    Reference time: d0c62687.ab1bba7d Wed, Dec 29 2010 21:28:39.668 # Verify that an IPv4 NTP association has been established between Device B and Device A. [DeviceB] display ntp-service sessions source reference stra reach poll now offset delay disper ******************************************************************************** [1245]1.0.1.11 127.127.1.0 -0.0 0.0065 Notes: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured.
  • Page 50 [SwitchA] ntp-service authentication enable [SwitchA] ntp-service authentication-keyid 88 authentication-mode md5 simple 123456 [SwitchA] ntp-service reliable authentication-keyid 88 # Configure Switch A to operate in NTP broadcast client mode and receive NTP broadcast messages on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ntp-service broadcast-client Configure Switch B: # Enable the NTP service.
  • Page 51 Verify the configuration: After NTP authentication is enabled on Switch C, Switch A and Switch B can synchronize their local clocks to Switch C. # Verify that Switch B has synchronized to Switch C, and the clock stratum level is 4 on Switch B and 3 on Switch C.

  • Page 52: Configuring Sntp

    Configuring SNTP SNTP is a simplified, client-only version of NTP specified in RFC 4330. SNTP supports only the client/server mode. An SNTP-enabled device can receive time from NTP servers, but cannot provide time services to other devices. SNTP uses the same packet format and packet exchange procedure as NTP, but provides faster synchronization at the price of time accuracy.

  • Page 53: Configuring Sntp Authentication

    Step Command Remarks • For IPv4: sntp unicast-server { server-name | ip-address } [ authentication-keyid By default, no NTP server is keyid | source interface-type specified for the device. interface-number | version Repeat this step to specify number ] * Specify an NTP server for multiple NTP servers.

  • Page 54: Displaying And Maintaining Sntp

    Step Command Remarks • For IPv4: sntp unicast-server { server-name | ip-address } authentication-keyid keyid Associate the SNTP By default, no NTP server is • authentication key with an For IPv6: specified. NTP server. sntp ipv6 unicast-server { server-name | ipv6-address } authentication-keyid keyid Displaying and maintaining SNTP...
  • Page 55 # Configure an NTP authentication key, with the key ID of 10 and key value of aNiceKey. Input the key in plain text. [DeviceA] ntp-service authentication-keyid 10 authentication-mode md5 simple aNiceKey # Specify the key as a trusted key. [DeviceA] ntp-service reliable authentication-keyid 10 Configure Device B: # Enable the SNTP service.

  • Page 56: Configuring Ptp

    Configuring PTP Overview Precision Time Protocol (PTP) synchronizes time among devices. It provides greater accuracy than other time synchronization protocols such as NTP. It can also be used for frequency synchronization. For more information about NTP, see "Configuring NTP." Basic concepts PTP profile A PTP profile defines two PTP standards: IEEE 1588 version 2 and IEEE 802.1AS.
  • Page 57 Figure 18 Clock nodes in a PTP domain Besides the three basic types of clock nodes, PTP introduces some hybrid clock nodes. For example, a TC+OC has multiple PTP ports in a PTP domain: one port is the OC type, and the others are the TC type.

  • Page 58: Synchronization Mechanism

    The master node periodically sends announce messages to member nodes. If the member nodes do not receive announce messages from the master node, they consider the master node invalid and start to elect another GM. Clock source type A clock node of a device can use one of the following clock sources: local clock source and BITS clock source (BITS1 and BITS2) that connects the device.
  • Page 59 The member clock sends a Delay_Req message to calculate the transmission delay in the reverse direction, and records the sending time t3. Upon receiving the message, the master clock records the receiving time t4. The master clock returns a Delay_Resp message carrying time t4. From the above process, the member clock collects four timestamps, t1 to t4, and obtains the round-trip delay to the master clock by using the following calculation: •...

  • Page 60: Protocols And Standards

    After sending the Pdelay_Resp message, the master clock sends a Pdelay_Resp_Follow_Up message carrying time t5 immediately. From the above process, the member clock collects six timestamps, t1 to t6, and obtains the round-trip delay to the master clock by using the following calculation: •...
  • Page 61 Tasks at a glance The PTP standard is IEEE 1588 version 2: (Required.) Specifying a clock node type (Optional.) Specifying a PTP domain (Optional.) Configuring an OC to operate only as a member clock (Optional.) Configuring the role of a PTP port (Optional.) Configuring the mode for carrying timestamps (Optional.)

  • Page 62: Specifying A Ptp Standard

    Specifying a PTP standard Before configuring PTP, specify a PTP standard first. Otherwise, PTP cannot operate. Changing the PTP standard for the device clears all PTP configurations defined by the standard. To specify a PTP standard: Step Command Remarks Enter system view. system-view By default, no PTP standard is Specify a PTP standard.

  • Page 63: Configuring The Role Of A Ptp Port

    If an OC is operating as only a member clock, you can also use the ptp force-state command to configure its PTP port as a master port or passive port. To configure an OC to operate as only a member clock: Step Command Remarks...

  • Page 64: Specifying A Delay Measurement Mechanism For A Bc Or An Oc

    Step Command Remarks Configure the mode for ptp clock-step { one-step | By default, two-step mode is carrying timestamps. two-step } adopted. Specifying a delay measurement mechanism for a BC or an PTP defines two transmission delay measurement mechanisms: Request_Response and Peer Delay.

  • Page 65: Messages

    Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view. interface-number By default: • The interval is 2 (2 ) seconds if the PTP standard is IEEE Set the interval for sending ptp announce-interval value 1588 version 2. announce messages. •...

  • Page 66: Setting The Minimum Interval For Sending Delay_Req Messages

    Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view. interface-number By default: • The interval is 1 (2 ) second if the PTP standard is IEEE Set the interval for sending ptp syn-interval value 1588 version 2. Sync messages. •...

  • Page 67: Specifying The Protocol For Encapsulating Ptp Messages As Udp (Ipv4)

    Specifying the protocol for encapsulating PTP messages as UDP (IPv4) PTP messages can be encapsulated in IEEE 802.3/Ethernet packets or UDP packets. To configure the protocol for encapsulating PTP messages as UDP (IPv4): Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view.

  • Page 68: Setting The Correction Date Of The Utc

    Step Command Remarks Enter system view. system-view Set the cumulative offset ptp utc offset utc-offset The default is 0 seconds. between the UTC and TAI. Setting the correction date of the UTC This task allows you to adjust the UTC at the last minute (23:59) of the specified date. To set the correction date of the UTC: Step Command...

  • Page 69: Configuring A Priority Of The Clock

    Configuring a priority of the clock Step Command Remarks Enter system view. system-view By default: • If the PTP profile is IEEE 1588 version 2, the default ptp priority clock-source { bits1 value for both priority 1 and Configure priority 1 of the | bits2 | local } { priority1 priority 2 is 128.

  • Page 70: Ptp Configuration Examples

    Task Command Display the delay correction history. display ptp corrections display ptp foreign-masters-record [ interface Display information about foreign master nodes. interface-type interface-number ] display ptp interface [ interface-type Display PTP information on an interface. interface-number | brief ] display ptp [ brief | interface interface-type Display PTP statistics.

  • Page 71: Verify The Configuration

    [DeviceA-Ten-GigabitEthernet1/0/1] quit Configure Device B: # Specify the PTP standard as IEEE 1588 version 2. <DeviceB> system-view [DeviceB] ptp profile 1588v2 # Specify the clock node type as P2PTC. [DeviceB] ptp mode p2ptc # Enable PTP for Ten-GigabitEthernet 1/0/1. [DeviceB] interface ten-gigabitethernet 1/0/1 [DeviceB-Ten-GigabitEthernet1/0/1] ptp enable [DeviceB-Ten-GigabitEthernet1/0/1] quit # Enable PTP for Ten-GigabitEthernet 1/0/2.

  • Page 72: Ptp Configuration Example (Ieee 802.1As)

    # Display brief PTP statistics on Device A. [DeviceA] display ptp interface brief Name State Delay mechanism Clock step Asymmetry correction XGE1/0/1 Master # Display PTP clock information on Device B. [DeviceB] display ptp clock PTP profile : IEEE 1588 Version 2 PTP mode : P2PTC Slave only...
  • Page 73 Configuration procedure Configure Device A: # Specify the PTP standard as IEEE 802.1AS. <DeviceA> system-view [DeviceA] ptp profile 802.1AS # Specify the clock node type as OC. [DeviceA] ptp mode oc # Enable PTP on Ten-GigabitEthernet 1/0/1. [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] ptp enable [DeviceA-Ten-GigabitEthernet1/0/1] quit Configure Device B:...
  • Page 74 Clock domain Number of PTP ports : 1 Priority1 : 246 Priority2 : 248 Clock quality : Class : 248 Accuracy : 254 Offset (log variance) : 16640 Offset from master : 0 (ns) Mean path delay : 0 (ns) Steps removed Local clock time : Sun Jan 15 20:57:29 2011...

  • Page 75: Configuring The Information Center

    Configuring the information center The information center on a device classifies and manages logs for all modules so that network administrators can monitor network performance and troubleshoot network problems. Overview The information center receives logs generated by source modules and outputs logs to different destinations according to user-defined output rules.

  • Page 76: Log Destinations

    Severit Level Description y value Error Error condition. For example, the link state changes. Warning condition. For example, an interface is disconnected, or the memory Warning resources are used up. Normal but significant condition. For example, a terminal logs in to the device, Notification or the device reboots.

  • Page 77: Default Output Rules For Hidden Logs

    %Nov 24 14:21:43:502 2010 Sysname Console, monitor Prefix Timestamp Sysname SYSLOG/6/SYSLOG_RESTART: terminal, log buffer, or Module/Level/Mnemonic: Content System restarted –- log file HPE Comware Software. • • Standard format: Standard format: <PRI>Timestamp <190>Nov 24 16:22:21 2010 Sysname %%vvModule/Level/Mnem Sysname %%10SYSLOG/6/SYS onic: Source;...
  • Page 78 IP address) log. You can use the sysname command to modify the name of the device. Indicates that the information was generated by an HPE device. %% (vendor ID) This field exists only in logs sent to the log host.

  • Page 79: Fips Compliance

    Field Description • IRF member ID. • IP address of the log sender. Content Provides the content of the log. Table 14 Timestamp precisions and configuration commands Destined to the console, monitor Item Destined to the log host terminal, log buffer, and log file Precision Seconds Milliseconds...

  • Page 80: Information Center Configuration Task List

    Information center configuration task list Task at a glance Perform at least one of the following tasks: • Outputting logs to the console • Outputting logs to the monitor terminal • Outputting logs to a log host • Outputting logs to the log buffer •...

  • Page 81: Outputting Logs To A Log Host

    To output logs to the monitor terminal: Step Command Remarks Enter system view. system-view Enable the information By default, the information center info-center enable center. is enabled. info-center source { module-name | default } For information about default Configure an output rule for { console | monitor | logbuffer | output rules, see "Default output...

  • Page 82: Outputting Logs To The Log Buffer

    Step Command Remarks receive logs. The device supports a maximum of 20 log hosts. Outputting logs to the log buffer Step Command Remarks Enter system view. system-view Enable the information By default, the information center info-center enable center. is enabled. Enable log output to the log By default, log output to the log info-center logbuffer...

  • Page 83: Managing Security Logs

    Step Command Remarks To ensure normal operation, set the size argument to a value between 1 MB and 10 MB. The default log file directory is flash:/logfile. (Optional.) Specify the info-center logfile directory The configuration made by this directory to save the log file. dir-name command cannot survive an IRF reboot or a master/subordinate...

  • Page 84: Managing The Security Log File

    Step Command Remarks By default, the system saves Set the interval at which the info-center security-logfile security logs to the security log file system saves security logs. frequency freq-sec every 86400 seconds. (Optional.) Set the maximum info-center security-logfile By default, the maximum size of size of the security log file.

  • Page 85: Configuring The Maximum Size Of The Trace Log File

    Step Command Remarks enabled. By default, the maximum size is 10 MB. (Optional.) Configure the info-center diagnostic-logfile maximum size of the To ensure normal operation, set quota size diagnostic log file. the size argument to a value between 1 MB and 10 MB. The default diagnostic log file directory is flash:/diagfile.

  • Page 86: Enabling Duplicate Log Suppression

    Enabling duplicate log suppression The output of consecutive duplicate logs at an interval of less than 30 seconds wastes system and network resources. With this feature enabled, the system starts a suppression period upon outputting a log: • During the suppression period, the system does not output logs that have the same module name, level, mnemonic, location, and text as the previous log.

  • Page 87: Setting The Minimum Storage Time For Logs

    Task Command Display the diagnostic log file configuration. display diagnostic-logfile summary Display the information of each output destination. display info-center Display the state and the log information of the log display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] * buffer.

  • Page 88: Configuration Example For Outputting Logs To A Unix Log Host

    # Configure an output rule to output to the console FTP logs that have a severity level of at least warning. [Device] info-center source ftp console level warning [Device] quit # Enable the display of logs on the console. By default, the display of logs on the console is enabled. <Device>...

  • Page 89: Configuration Example For Outputting Logs To A Linux Log Host

    # Device configuration messages local4.info /var/log/Device/info.log In this configuration, local4 is the name of the logging facility that the log host uses to receive logs. info is the informational level. The UNIX system records the log information that has a severity level of at least informational to the file /var/log/Device/info.log. NOTE: Follow these guidelines while editing the file /etc/syslog.conf: •...
  • Page 90 # Configure an output rule to enable output to the log host FTP logs that have a severity level of at least informational. [Device] info-center source ftp loghost level informational Configure the log host: The following configurations were performed on Solaris. Other UNIX operating systems have similar configurations.

  • Page 91: Configuring Snmp

    Configuring SNMP This chapter provides an overview of the Simple Network Management Protocol (SNMP) and guides you through the configuration procedure. Overview SNMP is an Internet standard protocol widely used for a management station to access and operate the devices on a network, regardless of their vendors, physical characteristics, and interconnect technologies.

  • Page 92: Snmp Operations

    Figure 28 MIB tree A MIB view represents a set of MIB objects (or MIB object hierarchies) with certain access privileges and is identified by a view name. The MIB objects included in the MIB view are accessible while those excluded from the MIB view are inaccessible. A MIB view can have multiple view records each identified by a view-name oid-tree pair.

  • Page 93: Snmp Silence

    • View-based Access Control Model—The VACM mode controls access to MIB objects by assigning MIB views to SNMP communities or users. • Role based access control—The RBAC mode controls access to MIB objects by assigning user roles to SNMP communities or users. An SNMP community or user with a predefined user role network-admin or level-15 has read and write access to all MIB objects.
  • Page 94 Step Command Remarks Enter system view. system-view By default, the SNMP agent is disabled. The SNMP agent is enabled when (Optional.) Enable the snmp-agent you use any command that begins SNMP agent. with snmp-agent except for the snmp-agent calculate-password command. (Optional.) Configure snmp-agent sys-info contact By default, no system contact is...

  • Page 95: Configuring Snmpv3 Basic Parameters

    Step Command Remarks v2c } user-name group-name [ acl acl-number | acl ipv6 ipv6-acl-number ] * (Optional.) Create an By default, no SNMP context is snmp-agent context context-name SNMP context. configured on the device. By default, no mapping between 10. (Optional.) Map an snmp-agent community-map an SNMP community and an SNMP community to...
  • Page 96 Step Command Remarks Enter system view. system-view By default, the SNMP agent is disabled. The SNMP agent is enabled (Optional.) Enable the SNMP snmp-agent when you use any command that agent. begins with snmp-agent except for the snmp-agent calculate-password command. (Optional.) Configure the snmp-agent sys-info contact By default, no system contact is...
  • Page 97 Step Command Remarks group-name [ authentication | privacy ] [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • In FIPS mode: snmp-agent group v3 group-name { authentication | privacy } [ read-view read-view ] [ write-view write-view ] [ notify-view...

  • Page 98: Configuring Snmp Logging

    Step Command Remarks In VACM mode: snmp-agent usm-user v3 user-name group-name [ remote { ip-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] { cipher | simple } authentication-mode sha auth-password [ privacy-mode aes128 priv-password ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * In RBAC mode: snmp-agent usm-user v3...

  • Page 99: Configuring Snmp Notifications

    • Authentication failures from the NMS to the agent—The agent logs the IP address of the NMS. To configure SNMP logging: Step Command Remarks Enter system view. system-view (Optional.) Enable SNMP snmp-agent log { all | authfail | By default, SNMP logging is logging.

  • Page 100: Configuring The Snmp Agent To Send Notifications To A Host

    Configuring the SNMP agent to send notifications to a host You can configure the SNMP agent to send notifications as traps or informs to a host, typically an NMS, for analysis and management. Traps are less reliable and use fewer resources than informs, because an NMS does not send an acknowledgment when it receives a trap.

  • Page 101: Displaying The Snmp Settings

    Step Command Remarks securityname security-string { v2c | v3 [ authentication | privacy ] } In FIPS mode: snmp-agent target-host inform address udp-domain { target-host | ipv6 target-host } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string v3 { authentication | privacy } By default, SNMP uses the IP (Optional.) Configure a...

  • Page 102: Snmpv1/Snmpv2C Configuration Example

    Task Command display snmp-agent mib-view [ exclude | include | Display MIB view information. viewname view-name ] display snmp-agent mib-node [ details | Display SNMP MIB node information. index-node | trap-node | verbose ] Display an SNMP context. display snmp-agent context [ context-name ] SNMPv1/SNMPv2c configuration example SNMPv1 configuration procedure is the same as the SNMPv2c configuration procedure.

  • Page 103: Snmpv3 In Vacm Mode Configuration Example

    NOTE: The SNMP settings on the agent and the NMS must match. Verify the configuration: # Try to get the MTU value of NULL0 interface from the agent. The attempt succeeds. Send request to 1.1.1.1/161 ... Protocol version: SNMPv1 Operation: Get Request binding: 1: 1.3.6.1.2.1.2.2.1.4.135471 Response binding:...
  • Page 104 [Agent] undo snmp-agent mib-view ViewDefault [Agent] snmp-agent mib-view included test ifTable [Agent] snmp-agent group v3 managev3group privacy read-view test write-view test # Add the user managev3user to the SNMPv3 group managev3group, and set the authentication algorithm to sha, authentication key to 123456TESTauth&!, encryption algorithm to aes128, and privacy key to 123456TESTencr&!.

  • Page 105: Snmpv3 In Rbac Mode Configuration Example

    # Execute the shutdown or undo shutdown command on an idle interface on the agent. You can see the link state change traps on the NMS: 1.1.1.1/3374 V3 Trap = linkdown SNMP Version = V3 Community = managev3user Command = Trap 1.1.1.1/3374 V3 Trap = linkup SNMP Version = V3 Community = managev3user...
  • Page 106 [Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306 [Agent] snmp-agent sys-info location telephone-closet,3rd-floor # Enable notifications, specify the NMS at 1.1.1.2 as a notification destination, and set the username to managev3user for the notifications. [Agent] snmp-agent trap enable [Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname managev3user v3 privacy Configure the SNMP NMS: Specify SNMPv3.
  • Page 107 Bindings (4) Binding #1: sysUpTime.0 *** (timeticks) 0 days 08h:03m:43s.37th Binding #2: snmpTrapOID.0 *** (oid) hh3cLogIn Binding #3: hh3cTerminalUserName.0 *** (octets) testuser [74.65.73.74.75.73.65.72 hex)] Binding #4: hh3cTerminalSource.0 *** (octets) VTY [56.54.59 (hex)]...

  • Page 108: Configuring Rmon

    For more information about SNMP notifications, see "Configuring SNMP." HPE devices provide an embedded RMON agent as the RMON monitor. An NMS can perform basic SNMP operations to access the RMON MIB. RMON groups Among standard RMON groups, Hewlett Packard Enterprise implements the statistics group, history group, event group, alarm group, probe configuration group, and user history group.
  • Page 109 • Log—Logs event information (including event time and description) in the event log table so the management device can get the logs through SNMP. • Trap—Sends an SNMP notification when the event occurs. • Log-Trap—Logs event information in the event log table and sends an SNMP notification when the event occurs.

  • Page 110: Sample Types For The Alarm Group And The Private Alarm Group

    crosses the rising threshold multiple times before it crosses the falling threshold, only the first crossing triggers a rising alarm event. Sample types for the alarm group and the private alarm group The RMON agent supports the following sample types: •...

  • Page 111: Configuring The Rmon Alarm Function

    To create an RMON history control entry: Step Command Remarks Enter system view. system-view Enter Ethernet interface interface-type interface view. interface-number By default, no RMON history control entries exist. You can create multiple RMON history rmon history entry-number Create an RMON control entries for an Ethernet interface.

  • Page 112: Displaying And Maintaining Rmon Settings

    Step Command Remarks security-string } [ owner text ] event table. contain entries. • Create an entry in the alarm table: rmon alarm entry-number alarm-variable sampling-interval { absolute | delta } [ startup-alarm { falling | rising | By default, the RMON rising-falling } ] rising-threshold alarm table and the threshold-value1 event-entry1...

  • Page 113: History Group Configuration Example

    Configuration procedure # Create an RMON Ethernet statistics entry for Ten-GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] rmon statistics 1 owner user1 # Display statistics collected by the RMON agent for Ten-GigabitEthernet 1/0/1. <Sysname> display rmon statistics ten-gigabitethernet 1/0/1 EtherStatsEntry 1 owned by user1 is VALID.
  • Page 114 undersize packets : 0 , oversize packets fragments , jabbers collisions , utilization Sampling record 2 : dropevents , octets : 962 packets : 10 , broadcast packets multicast packets : 6 , CRC alignment errors : 0 undersize packets : 0 , oversize packets fragments , jabbers...

  • Page 115: Alarm Function Configuration Example

    multicast packets : 6 , CRC alignment errors : 0 undersize packets : 0 , oversize packets fragments , jabbers collisions , utilization # Get the traffic statistics from the NMS through SNMP. (Details not shown.) Alarm function configuration example Network requirements As shown in Figure...
  • Page 116 <Sysname> display rmon alarm 1 AlarmEntry 1 owned by user1 is VALID. Sample type : delta Sampled variable : 1.3.6.1.2.1.16.1.1.1.4.1<etherStatsOctets.1> Sampling interval (in seconds) Rising threshold : 100(associated with event 1) Falling threshold : 50(associated with event 1) Alarm sent upon entry startup : risingOrFallingAlarm Latest value # Display statistics for Ten-GigabitEthernet 1/0/1.

  • Page 117: Configuring Nqa

    Configuring NQA Overview Network quality analyzer (NQA) allows you to measure network performance, verify the service levels for IP services and applications, and troubleshoot network problems. It provides the following types of operations: • ICMP echo. • DHCP. • DNS. •...

  • Page 118: Collaboration

    • A DHCP operation gets an IP address through DHCP. • A DNS operation translates a domain name to an IP address. • An ICMP echo operation sends an ICMP echo request. • A UDP echo operation sends a UDP packet. •...

  • Page 119: Nqa Configuration Task List

    Table 18 Performance metrics and NQA operation types NQA operation types that can gather the Performance metric metric All NQA operation types except UDP jitter, path Probe duration jitter, and voice All NQA operation types except UDP jitter, path Number of probe failures jitter, and voice Round-trip time UDP jitter and voice...

  • Page 120: Enabling The Nqa Client

    Step Command Remarks port-number [ tos tos ] packets sent by the NQA • server. The default ToS UDP listening service: value is 0. nqa server udp-echo ip-address port-number [ tos tos ] Enabling the NQA client Step Command Remarks Enter system view.

  • Page 121: Configuring The Dhcp Operation

    between the source and destination devices, you can specify the next hop for the ICMP echo operation. The ICMP echo operation is not supported in IPv6 networks. To test the reachability of an IPv6 address, use the ping ipv6 command. For more information about the command, see Network Management and Monitoring Command Reference.

  • Page 122: Configuring The Dns Operation

    The NQA client simulates the DHCP relay agent to forward DHCP requests for IP address acquisition from the DHCP server. The interface that performs the DHCP operation does not change its IP address. When the DHCP operation completes, the NQA client sends a packet to release the obtained IP address.

  • Page 123: Configuring The Ftp Operation

    Step Command Remarks Specify the IP address of the DNS server as the By default, no destination IP destination ip ip-address destination address of DNS address is specified. packets. Specify the domain name By default, no domain name is resolve-target domain-name that needs to be translated.

  • Page 124: Configuring The Http Operation

    Step Command Remarks simple } password configured. By default, no file is specified. (Optional.) Specify the name of a file to be filename file-name This step is required if you perform the put transferred. operation. 10. Set the data transmission mode { active | passive } The default mode is active.

  • Page 125: Configuring The Udp Jitter Operation

    Configuring the UDP jitter operation CAUTION: To ensure successful UDP jitter operations and avoid affecting existing services, do not perform the operations on well-known ports from 1 to 1023. Jitter means inter-packet delay variance. A UDP jitter operation measures unidirectional and bidirectional jitters.

  • Page 126: Configuring The Snmp Operation

    Step Command Remarks interval for sending UDP packet-interval milliseconds. packets. 11. (Optional.) Specify how long the NQA client waits for a probe packet-timeout The default setting is 3000 response from the server packet-timeout milliseconds. before it regards the response times out. By default, no source IP address is specified.

  • Page 127: Configuring The Udp Echo Operation

    The TCP operation requires both the NQA server and the NQA client. Before you perform a TCP operation, configure a TCP listening service on the NQA server. For more information about the TCP listening service configuration, see "Configuring the NQA server."...

  • Page 128: Configuring The Udp Tracert Operation

    Before you configure the UDP tracert operation, perform the following tasks: • Enable sending ICMP time exceeded messages on the intermediate devices between the source and destination devices. If the intermediate devices are HPE devices, use the ip ttl-expires enable command. •...

  • Page 129: Configuring The Voice Operation

    Step Command Remarks By default, the destination port number is 33434. (Optional.) Specify the The destination port number must destination port of the UDP destination port port-number be an unused port number on the packets. destination device, so that the destination device can reply with ICMP port unreachable messages.
  • Page 130 G.729 A-law. The destination device takes a time stamp to each voice packet it receives and sends it back to the source. Upon receiving the packet, the source device calculates the jitter and one-way delay based on the time stamp. The following parameters that reflect VoIP network performance can be calculated by using the metrics gathered by the voice operation: •...

  • Page 131: Configuring The Dlsw Operation

    Step Command Remarks no voice packets can be sent out. (Optional.) Specify the By default, no source port number is source port number of voice source port port-number specified. packets. By default, the voice packet size varies by codec type. The default 10.

  • Page 132: Configuring The Path Jitter Operation

    Before you configure the path jitter operation, perform the following tasks: • Enable sending ICMP time exceeded messages on the intermediate devices between the source and the destination devices. If the intermediate devices are HPE devices, use the ip ttl-expires enable command. •...

  • Page 133: Configuring Optional Parameters For The Nqa Operation

    Step Command Remarks requests to each hop on the LSR. 12. (Optional.) Perform the path By default, the path jitter operation is jitter operation only on the target-only performed on each hop on the path destination address. to the destination. Configuring optional parameters for the NQA operation Unless otherwise specified, the following optional parameters apply to all types of NQA operations.

  • Page 134: Configuring The Collaboration Feature

    Step Command Remarks DHCP and path jitter operations. Specify the ToS value in the IP header for probe tos value The default setting is 0. packets. By default, the routing table bypass feature is disabled. 10. Enable the routing table route-option bypass-route bypass feature.
  • Page 135 • consecutive—If the number of consecutive times that the monitored performance metric is out of the specified value range reaches or exceeds the specified threshold, a threshold violation occurs. Threshold violations for the average or accumulate threshold type are determined on a per NQA operation basis.
  • Page 136 Step Command Remarks • The probe-failure consecutive-probe-failure s option. • ccumulate-probe-failures argument. • Monitor the operation duration (not supported in the UDP jitter and voice operations): reaction item-number checked-element probe-duration threshold-type { accumulate accumulate-occurrences | average | consecutive consecutive-occurrences } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]...

  • Page 137: Configuring The Nqa Statistics Collection Feature

    Step Command Remarks lower-threshold [ action-type { none | trap-only } ] Configuring the NQA statistics collection feature NQA forms statistics within the same collection interval as a statistics group. To display information about the statistics groups, use the display nqa statistics command. NQA does not generate any statistics group for the operation that runs once.

  • Page 138: Scheduling The Nqa Operation On The Nqa Client

    Step Command Remarks The default setting is 120 (Optional.) Set the minutes. lifetime of history history-record keep-time keep-time A record is deleted when its records. lifetime is reached. The default setting is 50. (Optional.) Specify the If the maximum number of maximum number of history records for an NQA history-record number number...

  • Page 139: Configuring The Dns Template

    Step Command Remarks Enter system view. system-view Create an ICMP template and nqa template icmp name enter its view. • IPv4 address: destination ip ip-address (Optional.) Specify the By default, no destination IP • destination IPv4 or IPv6 IPv6 address: address is configured.

  • Page 140: Configuring The Tcp Template

    Step Command Remarks • address of DNS packets. address is specified. IPv6 address: destination ipv6 ipv6-address (Optional.) Configure the By default, the destination port destination port number for destination port port-number number is 53. the operation. Specify the domain name that By default, no domain name is resolve-target domain-name needs to be translated.

  • Page 141: Configuring The Udp Template

    Step Command Remarks configured on the NQA server. By default, no destination port number is configured. (Optional.) Configure the The destination port number destination port number for destination port port-number must be the same as the port the operation. number of the listening service on the NQA server.

  • Page 142: Configuring The Http Template

    Step Command Remarks same as the port number of the listening service on the NQA server. (Optional.) Specify the The default payload fill string is payload fill string for the data-fill string hexadecimal number probe packets. 00010203040506070809. (Optional.) Set the payload size for the data-size size The default setting is 100 bytes.

  • Page 143: Configuring The Ftp Template

    Step Command Remarks raw } is get, which means obtaining data type. from the HTTP server. In the HTTP raw operation, use the raw-request command to specify the content of the GET request to be sent to the HTTP server. Specify the HTTP version.

  • Page 144: Configuring Optional Parameters For The Nqa Template

    Step Command Remarks operation, the file name is required. When you perform the put operation, the filename argument does not take effect, even if it is specified. The file name for the put operation is determined by the filename command. By default, the FTP operation type is (Optional.) Specify the operation { get | put }...

  • Page 145: Displaying And Maintaining Nqa

    Step Command Remarks successful operation. the NQA client notifies the feature that uses the template of the successful operation event. The default setting is 3. Configure the number of If the number of consecutive probe consecutive probe reaction trigger probe-fail failures for an NQA operation is reached, failures that lead to an count...

  • Page 146: Nqa Configuration Examples

    NQA configuration examples ICMP echo operation configuration example Network requirements As shown in Figure 38, configure an ICMP echo operation from the NQA client Device A to Device B to test the round-trip time. The next hop of Device A is Device C. Figure 38 Network diagram Configuration procedure # Assign each interface an IP address.

  • Page 147: Dhcp Operation Configuration Example

    # Enable saving history records. [DeviceA-nqa-admin-test1-icmp-echo] history-record enable # Configure the maximum number of history records that can be saved as 10. [DeviceA-nqa-admin-test1-icmp-echo] history-record number 10 [DeviceA-nqa-admin-test1-icmp-echo] quit # Start the ICMP echo operation. [DeviceA] nqa schedule admin test1 start-time now lifetime forever # After the ICMP echo operation runs for a period of time, stop the operation.

  • Page 148: Dns Operation Configuration Example

    Figure 39 Network diagram Configuration procedure # Create a DHCP operation. <SwitchA> system-view [SwitchA] nqa entry admin test1 [SwitchA-nqa-admin-test1] type dhcp # Specify the DHCP server IP address 10.1.1.2 as the destination address. [SwitchA-nqa-admin-test1-dhcp] destination ip 10.1.1.2 # Enable the saving of history records. [SwitchA-nqa-admin-test1-dhcp] history-record enable [SwitchA-nqa-admin-test1-dhcp] quit # Start the DHCP operation.
  • Page 149 Figure 40 Network diagram Configuration procedure # Assign each interface an IP address. (Details not shown.) # Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) # Create a DNS operation. <DeviceA>...

  • Page 150: Ftp Operation Configuration Example

    FTP operation configuration example Network requirements As shown in Figure 41, configure an FTP operation to test the time required for Device A to upload a file to the FTP server. The login username and password are admin and systemtest, respectively. The file to be transferred to the FTP server is config.txt.

  • Page 151: Http Operation Configuration Example

    Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to internal error: 0 Failures due to other errors: 0 # Display the history records of the FTP operation. [DeviceA] display nqa history admin test1 NQA entry (admin admin, tag test1) history records: Index...

  • Page 152: Udp Jitter Operation Configuration Example

    [DeviceA] undo nqa schedule admin test1 # Display the most recent result of the HTTP operation. [DeviceA] display nqa result admin test1 NQA entry (admin admin, tag test1) test results: Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 64/64/64 Square-Sum of round trip time: 4096 Last succeeded probe time: 2011-11-22 10:12:47.9 Extended results:...
  • Page 153 [DeviceA] nqa entry admin test1 [DeviceA-nqa-admin-test1] type udp-jitter # Configure 10.2.2.2 as the destination IP address and port 9000 as the destination port. [DeviceA-nqa-admin-test1-udp-jitter] destination ip 10.2.2.2 [DeviceA-nqa-admin-test1-udp-jitter] destination port 9000 # Configure the operation to repeat at an interval of 1000 milliseconds. [DeviceA-nqa-admin-test1-udp-jitter] frequency 1000 [DeviceA-nqa-admin-test1-udp-jitter] quit # Start the UDP jitter operation.

  • Page 154: Snmp Operation Configuration Example

    # Display the statistics of the UDP jitter operation. [DeviceA] display nqa statistics admin test1 NQA entry (admin admin, tag test1) test statistics: NO. : 1 Start time: 2011-05-29 13:56:14.0 Life time: 47 seconds Send operation times: 410 Receive response times: 410 Min/Max/Average round trip time: 1/93/19 Square-Sum of round trip time: 206176 Extended results:...
  • Page 155 Figure 44 Network diagram Configuration procedure Assign each interface an IP address. (Details not shown.) Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) Configure the SNMP agent (Device B): # Set the SNMP version to all.

  • Page 156: Tcp Operation Configuration Example

    Index Response Status Time Succeeded 2011-11-22 10:24:41.1 The output shows that it took Device A 50 milliseconds to receive a response from the SNMP agent. TCP operation configuration example Network requirements As shown in Figure 45, configure a TCP operation to test the time required for Device A and Device B to establish a TCP connection.

  • Page 157: Udp Echo Operation Configuration Example

    Square-Sum of round trip time: 169 Last succeeded probe time: 2011-11-22 10:27:25.1 Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to internal error: 0 Failures due to other errors: 0 # Display the history records of the TCP operation.

  • Page 158: Udp Tracert Operation Configuration Example

    [DeviceA-nqa-admin-test1-udp-echo] history-record enable [DeviceA-nqa-admin-test1-udp-echo] quit # Start the UDP echo operation. [DeviceA] nqa schedule admin test1 start-time now lifetime forever # After the UDP echo operation runs for a period of time, stop the operation. [DeviceA] undo nqa schedule admin test1 # Display the most recent result of the UDP echo operation.
  • Page 159 [DeviceA-nqa-admin-test1] type udp-tracert # Specify 10.2.2.2 as the destination IP address. [DeviceA-nqa-admin-test1-udp-tracert] destination ip 10.2.2.2 # Set the destination port number to 33434. [DeviceA-nqa-admin-test1-udp-tracert] destination port 33434 # Configure Device A to perform three probes to each hop. This step is optional because the default probe count is 3.

  • Page 160: Voice Operation Configuration Example

    3.1.1.1 Succeeded 2013-09-09 14:46:03.2 3.1.1.1 Succeeded 2013-09-09 14:46:02.2 3.1.1.1 Succeeded 2013-09-09 14:46:01.2 Voice operation configuration example Network requirements As shown in Figure 48, configure a voice operation to test jitters, delay, MOS, and ICPIF between Device A and Device B. Figure 48 Network diagram Configuration procedure Assign each interface an IP address.
  • Page 161 Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 Voice results: RTT number: 1000 Min positive SD: 1 Min positive DS: 1 Max positive SD: 204 Max positive DS: 1297 Positive SD number: 257...

  • Page 162: Dlsw Operation Configuration Example

    RTT number: 4000 Min positive SD: 1 Min positive DS: 1 Max positive SD: 360 Max positive DS: 1297 Positive SD number: 1030 Positive DS number: 1024 Positive SD sum: 4363 Positive DS sum: 5423 Positive SD average: 4 Positive DS average: 5 Positive SD square-sum: 497725 Positive DS square-sum: 2254957 Min negative SD: 1...

  • Page 163: Path Jitter Operation Configuration Example

    [DeviceA-nqa-admin-test1-dlsw] history-record enable [DeviceA-nqa-admin-test1-dlsw] quit # Start the DLSw operation. [DeviceA] nqa schedule admin test1 start-time now lifetime forever # After the DLSw operation runs for a period of time, stop the operation. [DeviceA] undo nqa schedule admin test1 # Display the most recent result of the DLSw operation. [DeviceA] display nqa result admin test1 NQA entry (admin admin, tag test1) test results: Send operation times: 1...
  • Page 164 [DeviceA] nqa entry admin test1 [DeviceA-nqa-admin-test1] type path-jitter # Specify 10.2.2.2 as the destination IP address of ICMP echo requests. [DeviceA-nqa-admin-test1-path-jitter] destination ip 10.2.2.2 # Configure the path jitter operation to repeat at an interval of 10000 milliseconds. [DeviceA-nqa-admin-test1-path-jitter] frequency 10000 [DeviceA-nqa-admin-test1-path-jitter] quit # Start the path jitter operation.

  • Page 165: Nqa Collaboration Configuration Example

    Jitter number: 9 Min/Max/Average jitter: 1/10/4 Positive jitter number: 6 Min/Max/Average positive jitter: 1/9/4 Sum/Square-Sum positive jitter: 25/173 Negative jitter number: 3 Min/Max/Average negative jitter: 2/10/6 Sum/Square-Sum positive jitter: 19/153 NQA collaboration configuration example Network requirements As shown in Figure 51, configure a static route to Switch C with Switch B as the next hop on Switch A.
  • Page 166 On Switch A, create track entry 1, and associate it with reaction entry 1 of the NQA operation. [SwitchA] track 1 nqa entry admin test1 reaction 1 Verifying the configuration # Display information about all the track entries on Switch A. [SwitchA] display track all Track ID: 1 State: Positive...

  • Page 167: Icmp Template Configuration Example

    [SwitchA] display ip routing-table Destinations : 12 Routes : 12 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 10.2.1.2 Vlan3 10.2.1.0/32 Direct 0 10.2.1.2 Vlan3 10.2.1.2/32 Direct 0 127.0.0.1 InLoop0 10.2.1.255/32 Direct 0 10.2.1.2 Vlan3 127.0.0.0/8 Direct 0 127.0.0.1...

  • Page 168: Dns Template Configuration Example

    # Create ICMP template icmp. <DeviceA> system-view [DeviceA] nqa template icmp icmp # Specify 10.2.2.2 as the destination IP address of ICMP echo requests. [DeviceA-nqatplt-icmp-icmp] destination ip 10.2.2.2 # Set the probe timeout time for the ICMP echo operation to 500 milliseconds. [DeviceA-nqatplt-icmp-icmp] probe timeout 500 # Configure the ICMP echo operation to repeat at an interval of 3000 milliseconds.

  • Page 169: Tcp Template Configuration Example

    # Configure the NQA client to notify the feature of the operation failure if the number of consecutive failed probes reaches 2. [DeviceA-nqatplt-dns-dns] reaction trigger probe-fail 2 TCP template configuration example Network requirements As shown in Figure 54, configure a TCP template for a feature to perform the TCP operation. The operation tests whether Device A can establish a TCP connection to Device B.

  • Page 170: Http Template Configuration Example

    Figure 55 Network diagram Configuration procedure Assign IP addresses to interfaces, as shown in Figure 55. (Details not shown.) Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) Configure Device B: # Enable the NQA server.

  • Page 171: Ftp Template Configuration Example

    # Create HTTP template http. <DeviceA> system-view [DeviceA] nqa template http http # Specify the URL of the server. [DeviceA-nqatplt-http-http] url http://10.2.2.2/index.htm # Configure the HTTP operation to get data from the HTTP server. [DeviceA-nqatplt-http-http] operation get # Configure the NQA client to notify the feature of the successful operation event if the number of consecutive successful probes reaches 2.
  • Page 172 # Configure the NQA client to notify the feature of the successful operation event if the number of consecutive successful probes reaches 2. [DeviceA-nqatplt-ftp-ftp] reaction trigger probe-pass 2 # Configure the NQA client to notify the feature of the operation failure if the number of consecutive failed probes reaches 2.

  • Page 173: Configuring Port Mirroring

    Configuring port mirroring Overview Port mirroring copies the packets passing through a port to the monitor port connecting to a data monitoring device for packet analysis. Terminology The following terms are used in port mirroring configuration. Mirroring source The mirroring sources can be one or more monitored ports, which are called source ports. Packets passing through mirroring sources are copied to a port connecting to a data monitoring device for packet analysis.

  • Page 174: Port Mirroring Classification And Implementation

    NOTE: On port mirroring devices, all ports except source, destination, reflector, and egress ports are called common ports. Port mirroring classification and implementation Port mirroring includes local port mirroring and remote port mirroring. • Local port mirroring—The mirroring sources and the mirroring destination are on the same device.

  • Page 175: Configuring Local Port Mirroring

    In Layer 2 remote port mirroring, the mirroring source and the mirroring destination are located on different devices on a same Layer 2 network. The source device copies packets received on the source port to the egress port. The egress port forwards the packets to the intermediate devices.

  • Page 176: Creating A Local Mirroring Group

    Creating a local mirroring group Step Command Remarks Enter system view. system-view Create a local mirroring By default, no local mirroring mirroring-group group-id local group. group exists. Configuring source ports for the local mirroring group To configure source ports for a local mirroring group, use one of the following methods: •...

  • Page 177: Configuring The Monitor Port For The Local Mirroring Group

    Configuring the monitor port for the local mirroring group To configure the monitor port for a mirroring group, use one of the following methods: • Configure the monitor port for the mirroring group in system view. • Assign a port to the mirroring group as the monitor port in interface view. Configuration restrictions and guidelines When you configure the monitor port for a local mirroring group, follow these restrictions and guidelines:...
  • Page 178 Configuration restrictions and guidelines When you configure local port mirroring with multiple monitor ports, follow these restrictions and guidelines: • Configure an unused port on the device as the reflector port. Do not connect a network cable to the reflector port. •...

  • Page 179: Configuring Layer 2 Remote Port Mirroring

    Step Command Remarks Configure the VLAN above as the remote mirroring-group group-id By default, no remote probe VLAN probe VLAN for the remote-probe vlan rprobe-vlan-id is configured for a mirroring group. remote source group. Configuring Layer 2 remote port mirroring To configure Layer 2 remote port mirroring, perform the following tasks: •...
  • Page 180 Step Command Remarks Create a remote destination mirroring-group group-id By default, no remote destination group. remote-destination group exists on a device. Configuring the monitor port for a remote destination group To configure the monitor port for a mirroring group, use one of the following methods: •...

  • Page 181: Configuring A Remote Source Group On The Source Device

    Step Command Remarks Enter system view. system-view Configure the remote probe By default, no remote probe VLAN mirroring-group group-id VLAN for the specified is configured for a remote remote-probe vlan vlan-id remote destination group. destination group. Assigning the monitor port to the remote probe VLAN Step Command Remarks...
  • Page 182 • When you configure a TRILL hybrid port as a source port, both TRILL-encapsulated and non-TRILL-encapsulated packets can be mirrored. Configuring source ports for a remote source group in system view Step Command Remarks Enter system view. system-view Configure source ports for mirroring-group group-id By default, no source port is the specified remote source...

  • Page 183: Displaying And Maintaining Port Mirroring

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Configure the port as the By default, a port does not act as mirroring-group group-id egress port for the specified the egress port for any remote monitor-egress remote source group.
  • Page 184 Figure 60 Network diagram Configuration procedure # Create local mirroring group 1. <Device> system-view [Device] mirroring-group 1 local # Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as source ports for local mirroring group 1. [Device] mirroring-group 1 mirroring-port ten-gigabitethernet 1/0/1 ten-gigabitethernet 1/0/2 both # Configure Ten-GigabitEthernet 1/0/3 as the monitor port for local mirroring group 1.

  • Page 185: Layer 2 Remote Port Mirroring Configuration Example

    Layer 2 remote port mirroring configuration example Network requirements As shown in Figure 61, configure Layer 2 remote port mirroring so the server can monitor the bidirectional traffic of the Marketing department. Figure 61 Network diagram Source Intermediate Destination device device device Device A...
  • Page 186 # Create VLAN 2. <DeviceB> system-view [DeviceB] vlan 2 # Disable MAC address learning for VLAN 2. [DeviceB-vlan2] undo mac-address mac-learning enable [DeviceB-vlan2] quit # Configure Ten-GigabitEthernet 1/0/1 as a trunk port to permit the packets from VLAN 2 to pass through.

  • Page 187: Local Port Mirroring With Multiple Monitor Ports Configuration Example

    Monitor port: Ten-GigabitEthernet1/0/2 Remote probe VLAN: 2 # Display information about all mirroring groups on Device A. [DeviceA] display mirroring-group all Mirroring group 1: Type: Remote source Status: Active Mirroring port: Ten-GigabitEthernet1/0/1 Both Monitor egress port: Ten-GigabitEthernet1/0/2 Remote probe VLAN: 2 The output shows that you can monitor all packets received and sent by the Marketing department on the server.
  • Page 188 [DeviceA] mirroring-group 1 reflector-port ten-gigabitethernet 1/0/5 This operation may delete all settings made on the interface. Continue? [Y/N]:y # Create VLAN 10, and assign ports Ten-GigabitEthernet 1/0/11 through Ten-GigabitEthernet 1/0/13 to VLAN 10. [DeviceA] vlan 10 [DeviceA-vlan10] port ten-gigabitethernet 1/0/11 to ten-gigabitethernet 1/0/13 [DeviceA-vlan10] quit # Configure VLAN 10 as the remote probe VLAN of the remote source group.

  • Page 189: Configuring Flow Mirroring

    Configuring flow mirroring Overview Flow mirroring copies packets matching a class to a destination for analyzing and monitoring. It is implemented through QoS policies. To configure flow mirroring, perform the following tasks: • Define traffic classes and configure match criteria to classify packets to be mirrored. Flow mirroring allows you to flexibly classify packets to be analyzed by defining match criteria.

  • Page 190: Configuring A Traffic Behavior

    Configuring a traffic behavior Step Command Remarks Enter system view. system-view Create a traffic behavior and By default, no traffic behavior traffic behavior behavior-name enter traffic behavior view. exists. • Mirror traffic to an interface: mirror-to interface interface-type By default, no mirroring action is interface-number configured for a traffic behavior.

  • Page 191: Applying A Qos Policy To A Vlan

    Applying a QoS policy to a VLAN You can apply a QoS policy to a VLAN to mirror the traffic in the specified direction on all ports in the VLAN. To apply the QoS policy to a VLAN: Step Command Enter system view.

  • Page 192: Configuration Procedure

    Figure 63 Network diagram Configuration procedure # Create a working hour range work, in which the working hour is from 8:00 to 18:00 on weekdays. <DeviceA> system-view [DeviceA] time-range work 8:00 to 18:00 working-day # Create ACL 3000 to allow packets from the Technical department to access the Internet and to the Marketing department during working hours.

  • Page 193: Verifying The Configuration

    Verifying the configuration # Verify that the server can monitor the following traffic: • All traffic sent by the Technical department to access the Internet. • The IP traffic that the Technical department sends to the Marketing department during working hours on weekdays.

  • Page 194: Configuring Sflow

    Configuring sFlow sFlow is a traffic monitoring technology. As shown in Figure 64, the sFlow system involves an sFlow agent embedded in a device and a remote sFlow collector. The sFlow agent collects interface counter information and packet information and encapsulates the sampled information in sFlow packets. When the sFlow packet buffer is full, or the aging timer (fixed to 1 second) expires, the sFlow agent performs the following tasks: •...

  • Page 195: Configuring The Sflow Agent And Sflow Collector Information

    Configuring the sFlow agent and sFlow collector information Step Command Remarks Enter system view. system-view By default, no IP address is configured for the sFlow agent. The device periodically checks whether the sFlow agent has an IP address. If not, the device automatically selects an IPv4 address for the sFlow agent but does not save (Optional.) the IPv4 address in the configuration file.

  • Page 196: Configuring Counter Sampling

    Step Command Remarks Enable flow sampling and specify the number of By default, no flow sampling rate packets out of which flow sflow sampling-rate rate is configured. sampling samples a packet on the interface. (Optional.) Set the maximum The default setting is 128 bytes. number of bytes (starting from the packet header) that sflow flow max-header length...

  • Page 197: Configuration Procedure

    • Configure flow sampling in random mode and counter sampling on Ten-GigabitEthernet 1/0/1 of the device to monitor traffic on the port. • Configure the device to send sampled information in sFlow packets through Ten-GigabitEthernet 1/0/3 to the sFlow collector. Figure 65 Network diagram Configuration procedure Configure the IP addresses and subnet masks for interfaces, as shown in...

  • Page 198: Troubleshooting Sflow Configuration

    Agent IP: 3.3.3.1(CLI) Source address: Collector information: Port Aging Size VPN-instance Description 3.3.3.2 6343 1400 netserver Port information: Interface Interval(s) FID MaxHLen Rate Mode Status XGE1/0/1 4000 Random Active Troubleshooting sFlow configuration The remote sFlow collector cannot receive sFlow packets Symptom The remote sFlow collector cannot receive sFlow packets.

  • Page 199: Monitoring And Maintaining Processes

    Monitoring and maintaining processes HPE Comware 7 is a full-featured, modular, and scalable network operating system based on the Linux kernel. Comware 7 software features run the following types of independent processes: • User process—Runs in user space. Most Comware 7 software features run user processes.

  • Page 200: Monitoring Kernel Threads

    Task Command offset-size ] [ slot slot-number [ cpu cpu-number ] ] blocks with a specified size used by a user process. Display memory content starting display process memory heap job job-id address starting-address from a specified memory block for length memory-length [ slot slot-number [ cpu cpu-number ] ] a user process.

  • Page 201: Configuring Kernel Thread Starvation Detection

    Configuring kernel thread starvation detection CAUTION: Inappropriate configuration of kernel thread starvation detection can cause service problems or system breakdown. Make sure you understand the impact of this configuration on your network before you configure kernel thread starvation detection. Starvation occurs when a thread is unable to access shared resources. Kernel thread starvation detection enables the system to detect and report thread starvation.
  • Page 202 Task Command reset kernel reboot [ slot slot-number [ cpu Clear kernel thread reboot information. cpu-number ] ] reset kernel starvation [ slot slot-number [ cpu Clear kernel thread starvation information. cpu-number ] ]...

  • Page 203: Configuring Eaa

    Configuring EAA Overview Embedded Automation Architecture (EAA) is a monitoring framework that enables you to self-define monitored events and actions to take in response to an event. It allows you to create monitor policies by using the CLI or Tcl scripts. EAA framework EAA framework includes a set of event sources, a set of event monitors, a real-time event manager (RTM), and a set of user-defined monitor policies, as shown in...

  • Page 204: Elements In A Monitor Policy

    You can configure EAA monitor policies by using the CLI or Tcl. A monitor policy contains the following elements: • One event. • A minimum of one action. • A minimum of one user role. • One running time setting. For more information, see "Elements in a monitor policy."...

  • Page 205: Eaa Environment Variables

    Action You can create a series of order-dependent actions to take in response to the event specified in the monitor policy. The following are available actions: • Executing a command. • Sending a log. • Enabling an active/standby switchover. • Executing a reboot without saving the running configuration.

  • Page 206: Configuring A User-Defined Eaa Environment Variable

    Variable name Description _event_type Event type. _event_type_string Event type description. _event_time Time when the event occurs. _event_severity Severity level of an event. CLI: _cmd Commands that are matched. Syslog: _syslog_pattern Log message content. Hotplug: _slot ID of the IRF member device where a hot swap event occurs. Interface: _ifname Interface name.

  • Page 207: Configuring A Monitor Policy

    Configuring a monitor policy You can configure a monitor policy by using the CLI or Tcl. Configuration restrictions and guidelines When you configure monitor policies, follow these restrictions and guidelines: • Make sure the actions in different policies do not conflict. Policy execution result will be unpredictable if policies that conflict in actions are running concurrently.

  • Page 208: Configuring A Monitor Policy By Using Tcl

    Step Command Remarks • Configure a reboot action: Repeat this step to add a action number reboot [ slot maximum of 232 actions to the slot-number ] policy. • Configure a logging action: When you define an action, you action number syslog priority level can specify a value or specify a facility local-number msg msg variable name in...

  • Page 209: Suspending Monitor Policies

    Step Command Remarks cannot execute a Tcl-defined policy if you edit its Tcl script without suspending policies. Write a Tcl script in two lines for a monitor policy, as shown in Table Table 21 Tcl script requirements Line Content Requirements This line must take the following format: Event, user roles, and policy ::comware::rtm::event_register eventname arg1...

  • Page 210: Eaa Configuration Examples

    EAA configuration examples CLI-defined policy configuration example Network requirements Configure a policy from the CLI to monitor the event that occurs when a question mark (?) is entered at the command line that contains letters and digits. When the event occurs, the system executes the command and sends the log message "hello world" to the information center.

  • Page 211: Cli-Defined Policy With Eaa Environment Variables Configuration Example

    <Sysname>d%May 7 02:10:03:218 2013 Sysname RTM/4/RTM_ACTION: "hello world" %May 7 02:10:04:176 2013 Sysname RTM/6/RTM_POLICY: CLI policy test is running successfully. CLI-defined policy with EAA environment variables configuration example Network requirements Define an environment variable to match the IP address 1.1.1.1. Configure a policy from the CLI to monitor the event that occurs when a command line that contains loopback0 is executed.

  • Page 212: Tcl-Defined Policy Configuration Example

    # Execute the loopback0 command. Verify that the system displays the loopback0 message and a policy successfully executed message on the terminal screen. <Sysname> loopback0 <Sysname> %Jan 3 09:46:10:592 2014 Sysname RTM/0/RTM_ACTION: loopback0 %Jan 3 09:46:10:613 2014 Sysname RTM/6/RTM_POLICY: CLI policy test is running successfully.
  • Page 213 <Sysname> display this return <Sysname>%Jun 4 15:02:30:354 2013 Sysname RTM/1/RTM_ACTION: rtm_tcl_test is running %Jun 4 15:02:30:382 2013 Sysname RTM/6/RTM_POLICY: TCL policy test is running successfully.

  • Page 214: Configuring Cwmp

    Configuring CWMP Overview CPE WAN Management Protocol (CWMP), also called "TR-069," is a DSL Forum technical specification for remote management of home network devices. The protocol was initially designed to provide remote autoconfiguration through a server for large numbers of dispersed end-user devices in DSL networks. However, it has been increasingly used on other types of networks, including Ethernet, for remote autoconfiguration.

  • Page 215: How Cwmp Works

    The following are methods available for the ACS to issue configuration to the CPE: • Transfers the configuration file to the CPE, and specifies the file as the next-startup configuration file. At a reboot, the CPE starts up with the ACS-specified configuration file. •...
  • Page 216 Table 23 RPC methods RPC method Description The ACS obtains the values of parameters on the CPE. The ACS modifies the values of parameters on the CPE. The CPE sends an Inform message to the ACS for the following purposes: •...

  • Page 217: Configuration Task List

    Figure 2 CWMP message interaction procedure (1) Open TCP connection (2) SSL initiation (3) HTTP post (Inform) (4) HTTP response (Inform response) (5) HTTP post (empty) (6) HTTP response (GetParameterValues request) (7) HTTP post (GetParameterValues response) (8) HTTP response (SetParameterValues request) (9) HTTP post (SetParameterValues response) (10) HTTP response (empty) (11) Close connection...

  • Page 218: Enabling Cwmp From The Cli

    You can use DHCP option 43 to assign the ACS URL and ACS login authentication username and password. If the DHCP server is an HPE device, you can configure DHCP option 43 by using the option 43 hex 01length URL username password command.

  • Page 219: Configuring The Default Acs Attributes From The Cli

    The following example configures the ACS address as http://169.254.76.31:7547/acs, username as 1234, and password as 5678: <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] option 43 hex 0127687474703A2F2F3136392E3235342E37362E33313A373534372F61637320313233342035363738 Table 24 Hexadecimal forms of the ACS attributes Attribute Attribute value Hexadecimal form Length 39 characters 687474703A2F2F3136392E3235342E37362E33313A3735...

  • Page 220: Configuring Cpe Attributes

    Step Command Remarks (Optional.) Configure the By default, no password has been cwmp acs default password password for authentication configured for authentication to { cipher | simple } password to the default ACS URL. the default ACS URL. Configuring CPE attributes You can assign CPE attribute values to the CPE from the CPE's CLI or the ACS.

  • Page 221: Configuring The Cwmp Connection Interface

    Configuring the CWMP connection interface The CWMP connection interface is the interface that the CPE uses to communicate with the ACS. To establish a CWMP connection, the CPE sends the IP address of this interface in the Inform messages, and the ACS replies to this IP address. Typically, the CPE selects the CWMP connection interface automatically.

  • Page 222: Enabling Nat Traversal For The Cpe

    Configuring the maximum number of connection retries The CPE retries a connection automatically when one of the following events occurs: • The CPE fails to connect to the ACS. • The connection is disconnected before the session on the connection is completed. The CPE considers a connection attempt as having failed when the close-wait timer expires.

  • Page 223: Specifying An Ssl Client Policy For Https Connection To Acs

    As shown in Figure 3, use HPE IMC BIMS as the ACS to bulk-configure the devices (CPEs), and assign ACS attributes to the CPEs from the DHCP server. The configuration files for the devices in equipment rooms A and B are configure1.cfg and...

  • Page 224: Configuration Procedure

    Figure 3 Network diagram DHCP Server DNS Server 10.185.10.41 10.185.10.52 10.185.10.60 Device A Device B Device C Device D Device E Device F Room A Room B Table 25 shows the ACS attributes for the CPEs to connect to the ACS. Table 25 ACS attributes Item Setting...
  • Page 225 a. Launch a Web browser on the ACS configuration terminal. b. In the address bar of the Web browser, enter the ACS URL and port number. This example uses http://10.185.10.41:8080/imc. c. On the login page, enter the ACS login username and password, and then click Login. Create a CPE user account: a.
  • Page 226 Figure 6 Adding a device group d. Select Service > Resource > Device Class from the top navigation bar. e. Click Add. f. On the Add Device Class page, enter a device class name for devices in equipment room A, and then click OK. In this example, the device class for devices in equipment room A is Device_A.
  • Page 227 Figure 8 Adding a CPE After the CPE is added successfully, a success message is displayed, as shown in Figure Figure 9 CPE added successfully Configure the system settings of the ACS, as shown in Figure...
  • Page 228 Figure 10 Configuring the system settings of the ACS Add configuration templates and software library entries for the two classes of devices: a. Select Service > BIMS > Configuration Management > Configuration Templates from the navigation tree. Figure 11 Configuring templates page b.
  • Page 229 Figure 12 Importing configuration template After the configuration template is added successfully, a success message is displayed, as shown in Figure Figure 13 Configuration templates...
  • Page 230 e. Select Service > BIMS > Configuration Management > Software Library from the top navigation bar. Figure 14 Configuring software library f. On the Software Library page, click Import…. g. On the Import CPE Software page, select the software images for the Device_A device class, add the Device_A class to the Applicable CPEs pane, and then click OK.
  • Page 231 Figure 16 Deployment Guide c. On the Auto Deploy Configuration page, click Select Class. Figure 17 Configuring auto deployment d. On the Device Class page, select Device_A, and then click OK.
  • Page 232 A. Configuring the DHCP server In this example, an HPE device is operating as the DHCP server. Configure an IP address pool to assign IP addresses and DNS server address to the CPEs.

  • Page 233: Verifying The Configuration

    # Enable DHCP server on VLAN-interface 1. [DHCP_server] interface vlan-interface 1 [DHCP_server-Vlan-interface1] dhcp select server global-pool [DHCP_server-Vlan-interface1] quit # Exclude the DNS server address 10.185.10.60 and the ACS IP address 10.185.10.41 from dynamic allocation. [DHCP_server] dhcp server forbidden-ip 10.185.10.41 [DHCP_server] dhcp server forbidden-ip 10.185.10.60 # Create DHCP address pool 0.

  • Page 234: Configuring Netconf

    Configuring NETCONF Overview Network Configuration Protocol (NETCONF) is an XML-based network management protocol with filtering capabilities. It provides programmable mechanisms to manage and configure network devices. Through NETCONF, you can configure device parameters, retrieve parameter values, and get statistics information. In NETCONF messages, each data item is contained in a fixed element.

  • Page 235: Netconf Message Format

    NETCONF message format NETCONF IMPORTANT: When configuring NETCONF in XML view, you must add the end mark "]]>]]>" at the end of an XML message. Otherwise, the device cannot identify the message. Examples in this chapter do not have this end mark. Do add it in actual operations. All NETCONF messages are XML-based and comply with RFC 4741.

  • Page 236: How To Use Netconf

    <rpc message-id ="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-bulk> <filter type="subtree"> <top xmlns="http://www.h3c.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface/> </Interfaces> </Ifmgr> </top> </filter> </get-bulk> </rpc> </env:Body> </env:Envelope> How to use NETCONF You can use NETCONF to manage and configure the device by using the methods in Table Table 28 NETCONF methods for configuring the device Configuration tool Login method...

  • Page 237: Fips Compliance

    FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode (see Security Configuration Guide) and non-FIPS mode. NETCONF configuration task list Task at a glance (Optional.) Enabling NETCONF over SOAP (Optional.)

  • Page 238: Enabling Netconf Over Ssh

    packets. NETCONF over SOAP over packets. HTTP packets: netconf soap http dscp dscp-value • Set the DSCP value for NETCONF over SOAP over HTTPS packets: netconf soap https dscp dscp-value Enabling NETCONF over SSH This feature allows users to use a client to perform NETCONF operations on the device through a NETCONF over SSH connection.

  • Page 239: Entering Xml View

    Entering xml view Task Command Remarks Enter XML view. Available in user view. Exchanging capabilities After you enter XML view, the client and the device exchange their capabilities before you can perform subsequent operations. The device automatically advertises its NETCONF capabilities to the client in a hello message as follows: <?xml version="1.0"...

  • Page 240: Example For Subscribing To Event Notifications

    <filter> <event xmlns="http://www.h3c.com/netconf/event:1.0"> <Code>code</Code> <Group>group</Group> <Severity>severity</Severity> </event> </filter> <startTime>start-time</startTime> <stopTime>stop-time</stopTime> </create-subscription> </rpc> The <stream> parameter represents the event stream type supported by the device. Only NETCONF is supported. The <event> parameter represents an event to which you have subscribed. The <code> parameter represents a mnemonic symbol. The <group>...
  • Page 241 # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> </capabilities> </hello> # Subscribe to all events with no time limitation. <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <create-subscription xmlns ="urn:ietf:params:xml:ns:netconf:notification:1.0"> <stream>NETCONF</stream> </create-subscription> </rpc> Verifying the configuration # If the client receives the following response, the subscription is successful: <?xml version="1.0"...

  • Page 242: Locking/Unlocking The Configuration

    Locking/unlocking the configuration The device supports a maximum of 32 NETCONF sessions. A maximum of 32 users can simultaneously manage and monitor the device using NETCONF. During device configuration and maintenance or network troubleshooting, a user can lock the configuration to prevent other users from changing it.

  • Page 243: Example For Locking The Configuration

    Example for locking the configuration Network requirements Lock the device configuration so that other users cannot change the device configuration. Configuration procedure # Enter XML view. <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> </capabilities> </hello> # Lock the configuration. <?xml version="1.0"...

  • Page 244: Performing Service Operations

    The output shows that the lock operation failed because the client with session ID 1 held the lock, and only the client holding the lock can release the lock. Performing service operations You can use NETCONF to perform service operations on the device, such as retrieving and modifying the specified information.

  • Page 245: Performing The / Operation

    <get-bulk> <filter type="subtree"> <top xmlns="http://www.h3c.com/netconf/data:1.0" xmlns:base="http://www.h3c.com/netconf/base:1.0"> <Syslog> <Logs xc:count="5"> <Log> <Index>10</Index> </Log> </Logs> </Syslog> </top> </filter> </get-bulk> </rpc> The count attribute complies with the following rules: • The count attribute can be placed in the module node and table node. In other nodes, it cannot be resolved.

  • Page 246: Performing The Operation

    </get-config> </rpc> Verifying the configuration After receiving the get-config request, the device returns a response in the following format if the operation is successful: <?xml version="1.0"?> <rpc-reply message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> All data matching the specified filter </data> </rpc-reply> Performing the <edit-config> operation The <edit-config>...
  • Page 247 <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> </capabilities> </hello> # Retrieve configuration data for all modules. <rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> </get-config> </rpc> Verifying the configuration If the client receives the following text, the <get-config> operation is successful: <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"...

  • Page 248: Syslog Configuration Data Retrieval Example

    </Interface> </Interfaces> </Ifmgr> <Syslog> <LogBuffer> <BufferSize>120</BufferSize> </LogBuffer> </Syslog> <System> <Device> <SysName>H3C</SysName> <TimeZone> <Zone>+11:44</Zone> <ZoneName>beijing</ZoneName> </TimeZone> </Device> </System> </top> </data> </rpc-reply> Syslog configuration data retrieval example Network requirements Retrieve configuration data for the Syslog module. Configuration procedure # Enter XML view. <Sysname>...

  • Page 249: Example For Retrieving A Data Entry For The Interface Table

    </top> </filter> </get-config> </rpc> Verifying the configuration If the client receives the following text, the <get-config> operation is successful: <?xml version="1.0" encoding="UTF-8"?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <data> <top xmlns="http://www.h3c.com/netconf/config:1.0"> <Syslog> <LogBuffer> <BufferSize>120</BufferSize> </LogBuffer> </Syslog> </top> </data> </rpc-reply> Example for retrieving a data entry for the interface table Network requirements Retrieve a data entry for the interface table.

  • Page 250: Example For Changing The Value Of A Parameter

    Verifying the configuration If the client receives the following text, the <get-bulk> operation is successful: <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:web="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <data> <top xmlns="http://www.h3c.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface> <IfIndex>3</IfIndex> <Name>Ten-GigabitEthernet1/0/2</Name> <AbbreviatedName>XGE1/0/2</AbbreviatedName> <PortIndex>3</PortIndex> <ifTypeExt>22</ifTypeExt> <ifType>6</ifType> <Description>Ten-GigabitEthernet 1/0/2 Interface</Description> <AdminStatus>2</AdminStatus> <OperStatus>2</OperStatus> <ConfigSpeed>0</ConfigSpeed> <ActualSpeed>100000</ActualSpeed> <ConfigDuplex>3</ConfigDuplex> <ActualDuplex>1</ActualDuplex> </Interface>...

  • Page 251: Saving, Rolling Back, And Loading The Configuration

    <running/> </target> <config> <top xmlns="http://www.h3c.com/netconf/config:1.0" web:operation="merge"> <Syslog> <LogBuffer> <BufferSize>512</BufferSize> </LogBuffer> </Syslog> </top> </config> </edit-config> </rpc> Verifying the configuration If the client receives the following text, the <edit-config> operation is successful: <?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply> Saving, rolling back, and loading the configuration Use NETCONF to save, roll back, or load the configuration.

  • Page 252: Rolling Back The Configuration

    Rolling back the configuration # Copy the following text to the client to roll back the configuration: <?xml version="1.0" encoding="UTF-8"?> <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <rollback> <file>Specify the configuration file name</file> </rollback> </rpc> The name of the specified configuration file must start with the storage media name and end with the extension .cfg.

  • Page 253: Filtering Data

    Configuration procedure # Enter XML view. <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> </capabilities> </hello> # Save the configuration of the device to the configuration file my_config.cfg. <?xml version="1.0" encoding="UTF-8"?> <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <save> <file> my_config.cfg</file> </save>...
  • Page 254 </top> </filter> </get> </rpc> You can also specify an attribute name that is the same as a column name of the current table at the row to implement full match. The system returns only configuration data that matches this attribute name. The XML message equivalent to the above element-value-based full match is as follows: <rpc message-id ="101"...
  • Page 255 To implement a complex data filtering with digits and character strings, you can add a match attribute for a specific element. Table 29 lists the conditional match operators. Table 29 Conditional match operators Operation Operator Remarks More than the specified value. The supported data types More than match="more:value"...

  • Page 256: Example For Filtering Data With Regular Expression Match

    Example for filtering data with regular expression match Network requirements Retrieve all data including colons in the Description column of the Interfaces table under the Ifmgr module. Configuration procedure # Enter XML view. <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities>...

  • Page 257: Example For Filtering Data By Conditional Match

    <Description>Ten-GigabitEthernet1/0/1 Interface</Description> </Interface> <Interface> <IfIndex>2682</IfIndex> <Description>Ten-GigabitEthernet1/0/2 Interface</Description> </Interface> <Interface> <IfIndex>2683</IfIndex> <Description>Ten-GigabitEthernet1/0/3 Interface</Description> </Interface> <Interface> <IfIndex>2684</IfIndex> <Description>Ten-GigabitEthernet1/0/4 Interface</Description> </Interface> <Interface> </Ifmgr> </top> </data> </rpc-reply> Example for filtering data by conditional match Network requirements Retrieve data in the Name column with the ifindex value not less than 5000 in the Interfaces table under the Ifmgr module.

  • Page 258: Performing Cli Operations Through Netconf

    <Name/> </Interface> </Interfaces> </Ifmgr> </top> </filter> </get> </rpc> Verifying the configuration If the client receives the following text, the operation is successful: <?xml version="1.0" encoding="UTF-8"?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="http://www.h3c.com/netconf/base:1.0" message-id="100"> <data> <top xmlns="http://www.h3c.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface> <IfIndex>7241</IfIndex> <Name>NULL0</Name> </Interface> </Interfaces> </Ifmgr> </top>...

  • Page 259: Cli Operation Example

    <CLI> <Execution> <![CDATA[Responses to the commands]]> </Execution> </CLI> </rpc-reply> CLI operation example Configuration requirements Send the display current-configuration command to the device. Configuration procedure # Enter XML view. <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> </capabilities> </hello>...

  • Page 260: Retrieving Netconf Session Information

    undo irf link-delay irf member 1 priority 1 ]]> </Execution> </CLI> </rpc-reply> Retrieving NETCONF session information You can use the <get-sessions> operation to retrieve NETCONF session information of the device. # Copy the following message to the client to retrieve NETCONF session information from the device: <?xml version="1.0"...

  • Page 261: Terminating Another Netconf Session

    If the client receives a message as follows, the operation is successful: <?xml version="1.0" encoding="UTF-8"?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <get-sessions> <Session> <SessionID>1</SessionID> <Line>vty0</Line> <UserName></UserName> <Since>2013-01-05T00:24:57</Since> <LockHeld>false</LockHeld> </Session> </get-sessions> </rpc-reply> The output shows an existing NETCONF session with session ID as 1. The login user type is vty0, the login time is 2013-01-05T00:24:57, and the user does not hold the lock of the configuration.

  • Page 262: Returning To The Cli

    urn:ietf:params:netconf:base:1.0 </capability> </capabilities> </hello> # Terminate the session with session ID 2. <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <kill-session> <session-id>2</session-id> </kill-session> </rpc> Verifying the configuration If the client receives the following text, the NETCONF session with session ID 2 has been terminated, and the client with session ID 2 has returned from XML view to user view: <?xml version="1.0"...

  • Page 263: Appendix

    Appendix Appendix A Supported NETCONF operations Table 30 lists the NETCONF operations available with Comware 7. Table 30 NETCONF operations Operation Description XML example To retrieve device configuration and state information for the Syslog module: <rpc message-id ="101" xmlns="urn:ietf:params:xml:ns:netconf:base :1.0" xmlns:xc="http://www.h3c.com/netconf/base: 1.0">...
  • Page 264 Operation Description XML example To retrieve device configuration and state information for all interface: <rpc message-id ="100" xmlns="urn:ietf:params:xml:ns:netconf:base :1.0"> <get-bulk> <filter type="subtree"> <top xmlns="http://www.h3c.com/netconf/data:1.0 Retrieves a number of data "> entries (including device configuration and state <Ifmgr> get-bulk information) starting from the <Interfaces xc:count=”5”...
  • Page 265 Operation Description XML example • xmlns="http://www.h3c.com/netconf/config:1 If the specified target does .0" xc:operation="merge"> not exist and it cannot be created, an error message <LogBuffer> is returned. <BufferSize>120</BufferSize> </LogBuffer> </Syslog> </top> </config> </edit-config> </rpc> Creates a specified target. To use the create attribute in an <edit-config>...
  • Page 266 Operation Description XML example • If the specified target does not exist, or the XML message does not specify any target, a success message is returned. Deletes the specified configuration. • If the specified target has only the table index, the operation removes all configuration of the specified target, and the...
  • Page 267 Operation Description XML example the schema verification is passed, a successful message is returned. Otherwise, an error message is returned. To issue the configuration for two interfaces with the error-option element value as continue-on-error: <rpc message-id ="101" xmlns="urn:ietf:params:xml:ns:netconf:base :1.0"> <edit-config> <target>...
  • Page 268 Operation Description XML example validation test before <target> attempting to set. If the <running/> validation test fails, the <edit-config> operation is </target> not performed. This is the <test-option>test-only</test-option> default test-option value. <config • set—Directly performs the xmlns:xc="urn:ietf:params:xml:ns:netconf:b set operation without the ase:1.0">...
  • Page 269 Operation Description XML example </target> </lock> </rpc> To unlock the configuration: <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base Unlocks the configuration, so :1.0"> NETCONF sessions can change device configuration. <unlock> unlock <target> When a NETCONF session is terminated, the related locked <running/> configuration is also unlocked. </target>...
  • Page 270 Operation Description XML example To save the running configuration to the file test.cfg: Saves the running configuration. You can use the <file> element <rpc message-id="101" to specify a file for saving the xmlns="urn:ietf:params:xml:ns:netconf:base configuration. If the file column save :1.0"> <save> does not exist, the running <file>test.cfg</file>...

  • Page 271: Configuring The Packet Capture

    Configuring the packet capture To use the packet capture feature, you must install the feature image by using the boot-loader, install, or issu command. For more information about the commands, see Fundamentals Command Reference. Overview The packet capture feature captures incoming packets that are to be forwarded in CPU. The feature displays the captured packets on the terminal in real time, and allows you to save the captured packets to a .pcap file for future analysis.
  • Page 272 Category Description Examples • src—Matches the source IP address field. • dst—Matches the destination IP address Matches packets based on its field. source or destination location (an • IP address or port number). src or dst—Matches the source or Direction destination IP address field.
  • Page 273 Capture filter operators Capture filters support logical operators (Table 33), arithmetic operators (Table 34), and relational operators (Table 35). Logical operators can use both alphanumeric and nonalphanumeric symbols. The arithmetic and relational operators can use only nonalphanumeric symbols. Logical operators are left associative. They group from left to right. The not operator has the highest priority.
  • Page 274 Table 35 Relational operators for capture filters Nonalphanumeric Description symbol Equal to. For example, ip[6]=0x1c matches an IPv4 packet if its seventh byte of payload is equal to 0x1c. Not equal to. For example, len!=60 matches a packet if its length is not equal to 60 bytes. Greater than.
  • Page 275 Variable Description type • ip.len le 1500. • ip.len le 02734. • ip.len le 0x436. This variable type has two values: true or false. This variable type applies if you use a packet field string alone to identify the presence of a field in a packet.

  • Page 276: Building A Capture Filter

    Nonalphanumeri Alphanumeric Description symbol symbol Joins two conditions. Use this operator to display traffic that matches either of the conditions. Table 39 Relational operators for display filters Nonalphanumeric Alphanumeric Description symbol symbol Equal to. For example, ip.src==10.0.0.5 displays packets with the source IP address as 10.0.0.5.

  • Page 277: Building A Display Filter

    This expression contains keywords, arithmetic operators (expr), and relational operators (relop). For example, len+100>=200 captures packets that are greater than or equal to 100 bytes. The proto [ expr:size ] expression Use this type of expression to capture packets that match the result of arithmetic operations on a number of bytes relative to a protocol layer.

  • Page 278: Configuring Packet Capture

    This type of expression contains the following elements: • proto—Specifies a protocol layer or packet field. • […]—Matches a number of bytes relative to a protocol layer or packet field. Values for the bytes to be matched must be a hexadecimal integer string. The expression in brackets can use the following formats: [n:m]—Matches a total of m bytes after an offset of n bytes from the beginning of the specified protocol layer or field.

  • Page 279: Displaying The Contents In A Packet File

    Displaying the contents in a packet file Task Command Remarks Display the contents in a packet-capture read filepath [ display-filter To stop displaying the disp-expression ] [ raw | { brief | verbose } ] * contents, press Ctrl+C. packet file. Packet capture configuration examples Filtering packet data to display configuration example Network requirements...

  • Page 280: Saving Captured Packets To A File Configuration Example

    0.024449 192.168.56.1 -> 192.168.56.2 TELNET 78 Telnet Data ... 0.025766 192.168.56.1 -> 192.168.56.2 TELNET 65 Telnet Data ... 0.035096 192.168.56.1 -> 192.168.56.2 TELNET 60 Telnet Data ... 0.047317 192.168.56.1 -> 192.168.56.2 TCP 60 6325 > telnet [ACK] Seq=42 Ac k=434 Win=65102 Len=0 0.050994 192.168.56.1 ->...

  • Page 281: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.

  • Page 282: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 283: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 284: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 285 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 286: Index

    Index port mirroring monitor port to remote probe VLAN, access control associating SNMP MIB, IPv6 NTP client/server association mode, SNMP view-based MIB, IPv6 NTP symmetric active/passive association accessing mode, NTP access control, NMM IPv6 NTP multicast association mode, NTP access control rights, NMM NTP broadcast association mode, SNMP access control mode, NMM NTP broadcast association mode with...
  • Page 287 NMM NTP broadcast association mode with NQA DHCP operation configuration, authentication, NQA DLSw operation configuration, NTP broadcast association mode, 9, 13, NQA DNS operation configuration, NTP broadcast client configuration, NQA echo operation configuration (ICMP), NTP broadcast mode dynamic associations NQA echo operation configuration (UDP), max, NQA enable, NTP broadcast server configuration,...
  • Page 288 capture filter operator, local port mirroring group source ports (system view), display filter expression, local port mirroring with multiple monitor display filter operator, ports, comparison operator NMM IPv6 NTP multicast association mode, capture filter, NMM NETCONF, 225, conditional match NETCONF data NMM NTP broadcast association mode, filtering, 244, NMM NTP broadcast mode with...
  • Page 289 NQA operation (UDP tracert), remote port mirroring destination group, NQA path jitter operation, remote port mirroring source group, NQA server, remote port mirroring source group egress port, NQA SNMP operation, remote port mirroring source group remote probe NQA TCP operation, VLAN, NQA template (DNS), remote port mirroring source group source...
  • Page 290 ACS connection interface, NMM NETCONF filtering (regex match), 244, ACS provision code, deadloop detection (Linux kernel PMM), attribute type, debugging CWMP ACS autoconnect parameters, feature module, NAT traversal, system maintenance, CPE WAN Management Protocol. Use CWMP default information center log default output rules, flow mirroring configuration, 180, 180, system information diagnostic log output rules, creating...
  • Page 291 NMM NETCONF session information packet capture, retrieval, display filter operator NMM NETCONF session termination, packet capture, NMM NTP broadcast association mode, displaying NMM NTP broadcast mode with contents in a packet file, authentication, CWMP settings, NMM NTP multicast association mode, EAA settings, NMM SNMPv3 configuration (RBAC information center,...
  • Page 292 event monitor policy runtime, establishing event monitor policy user role, NMM NETCONF session, event source, Ethernet how it works, CWMP configuration, 205, 208, monitor policy, Layer 2 remote port mirroring configuration, monitor policy configuration, port mirroring configuration, 164, monitor policy configuration (CLI), RMON Ethernet statistics entry, monitor policy configuration RMON Ethernet statistics group...
  • Page 293 configuration, 180, 180, SNMP agent host notification, match criteria configuration, HTTP QoS policy application, NMM NETCONF over SOAP (HTTP-based), QoS policy application (control plane), NMM NETCONF over SOAP (HTTPS-based), QoS policy application (global), NQA, QoS policy application (interface), NQA client HTTP operation, QoS policy application (VLAN), NQA client template (HTTP), QoS policy configuration,...
  • Page 294 security log default output rules, NQA client statistics collection, 128, 163, security log file management, NQA client TCP operation, security log management, NQA client template (DNS), security log save (log file), NQA client template (FTP), synchronous log output, NQA client template (HTTP), system information log types, NQA client template (ICMP), system log destinations,...
  • Page 295 PMM starvation detection, information center hidden logs, keyword information center interface link up/link down log generation, capture filter, information center log default output rules, information center log output (console), 71, Layer 2 information center log output (Linux log host), port mirroring configuration, 164, information center log output (log buffer), remote port mirroring, information center log output (log host),...
  • Page 296 information center security log file, NMM NETCONF data entry retrieval (interface table), information center security logs, monitor terminal master information center log output, PTP master-member/subordinate relationship, monitoring matching configuring local mirroring to support multiple monitor ports, flow mirroring match criteria, EAA configuration, NMM NETCONF data filtering (conditional match), 244,...
  • Page 297 NETCONF over SSH enable, local port mirroring group monitor port, over SOAP, local port mirroring group source port, over SOAP enable, Network Configuration Protocol. Use NETCONF parameter value change, NQA client DHCP operation, protocols and standards, NQA client DLSw operation, service operations, NQA client DNS operation, session establishment,...
  • Page 298 port mirroring remote source group, port mirroring remote source group egress captured packet saving, port, CWMP ACS attributes, port mirroring remote source group remote CWMP ACS attributes (default)(CLI), probe VLAN, CWMP ACS attributes (preferred), port mirroring remote source group source CWMP ACS autoconnect parameters, ports, CWMP ACS HTTPS SSL client policy,...
  • Page 299 information center configuration, 66, 71, NETCONF configuration data retrieval (all modules), information center diagnostic log save (log file), NETCONF configuration data retrieval (Syslog module), information center display, NETCONF configuration load, information center duplicate log suppression, NETCONF configuration lock/unlock, 233, information center interface link up/link down NETCONF configuration rollback, log generation, NETCONF configuration save,...
  • Page 300 NQA client UDP jitter operation, NTP message source interface specification, NQA client voice operation, NTP multicast association mode, NQA collaboration configuration, NTP multicast association mode configuration, NQA configuration, 108, 110, NTP multicast mode authentication configuration, NQA DHCP operation configuration, NTP optional parameter configuration, NQA display, NTP packet DSCP value setting, NQA DLSw operation configuration,...
  • Page 301 PTP standard, system information security log default output rules, PTP Sync message send interval, system information trace log default output PTP synchronization, rules, PTP system time source, system maintenance, PTP TC+OC port type configuration, 55, tracert, 3, PTP timestamp, tracert node failure identification, PTP UDP packet source IP address, troubleshooting sFlow, PTP UTC correction date,...
  • Page 302 client template configuration, client/server association mode configuration, 12, client template optional parameters, client/server mode authentication client threshold monitoring, configuration, client Track collaboration client/server mode dynamic associations max, feature, 125, 163, client/server mode+authentication, client UDP jitter operation, configuration, 7, 11, client voice operation, configuration restrictions, collaboration configuration, display,...
  • Page 303 information center logs (UNIX log host), SNMPv2c basics configuration, information center synchronous log output, SNMPv3 basics configuration, information logs (console), 71, path information logs (log host), NQA client path jitter operation, information logs (monitor terminal), NQA path jitter, NQA path jitter operation configuration, Pdelay_Req message, packet peer...
  • Page 304 flow mirroring QoS policy application (control local configuration, plane), local group creation, flow mirroring QoS policy application local group monitor port, (global), local group monitor port configuration flow mirroring QoS policy application restrictions, (interface), local group source port, flow mirroring QoS policy application local group source port configuration (VLAN), restrictions,...
  • Page 305 configuring CWMP ACS connection retry max configuring NMM IPv6 NTP multicast association number, mode, configuring CWMP ACS periodic Inform configuring NMM NETCONF, feature, configuring NMM NTP broadcast association configuring CWMP CPE ACS authentication mode, parameters, configuring NMM NTP broadcast mode with configuring CWMP CPE ACS connection authentication, interface,...
  • Page 306 configuring NQA DHCP operation, configuring PMM kernel thread deadloop detection, configuring NQA DLSw operation, configuring PMM kernel thread starvation configuring NQA DNS operation, detection, configuring NQA echo operation (ICMP), configuring port mirroring monitor port to remote configuring NQA echo operation (UDP), probe VLAN assignment, configuring NQA FTP operation, configuring port mirroring remote destination...
  • Page 307 configuring SNTP, 43, filtering packet data to display, configuring SNTP authentication, identifying node failure with tracert, 4, creating local port mirroring group, loading NMM NETCONF configuration, 242, creating port mirroring remote destination locking NMM NETCONF configuration, 233, group, maintaining information center, creating port mirroring remote source maintaining PMM, group,...
  • Page 308 setting log minimum storage time, BC delay measurement, setting NMM PTP announce message send BITS clock parameters, interval, clock node, setting NTP packet DSCP value, clock node configuration, setting PTP cumulative offset (UTC\TAI), clock node type, setting PTP delay correction value, clock priority, setting PTP Delay_Req message send clock source type,...
  • Page 309 flow mirroring QoS policy application NMM NETCONF configuration data (all (interface), modules), flow mirroring QoS policy application NMM NETCONF configuration data (Syslog (VLAN), module), flow mirroring traffic behavior, NMM NETCONF data entry (interface table), NMM NETCONF session information, returning real-time NMM NETCONF CLI return, event manager.
  • Page 310 EAA configuration, 194, PTP Sync message send interval, rule server information center log default output rules, NQA, SNMP access control (rule-based), NTP broadcast server configuration, system information default diagnostic log NTP multicast server configuration, output rules, SNTP configuration, 43, 43, system information default hidden log SNTP NTP server specification, output,...
  • Page 311 troubleshoot remote collector cannot receive protocol version, packets, SNMPv3 silence agent host notification, SNMP, basic parameter configuration, Simple Network Management Protocol. configuration (RBAC mode ), Use SNMP configuration (VACM mode ), Simplified NTP. See SNTP Notification operation, SNMP protocol version, access control mode, SNTP agent,...
  • Page 312 sFlow configuration, 185, 185, information center log output (monitor terminal), sFlow counter sampling configuration, information center log output (UNIX log host), sFlow flow sampling configuration, information center log save (log file), subordinate information center log types, PTP master-member/subordinate relationship, information center security log file management, subscribing information center security log management,...
  • Page 313 NQA template configuration (DNS), RMON configuration, 99, NQA template configuration (FTP), sFlow agent configuration, NQA template configuration (HTTP), sFlow collector information configuration, NQA template configuration (ICMP), sFlow configuration, 185, 185, NQA template configuration (TCP), sFlow counter sampling configuration, NQA template configuration (UDP), sFlow flow sampling configuration, terminating transparency...
  • Page 314 PTP message encapsulation protocol (UDP IPv4), NMM NETCONF capability exchange, sFlow configuration, 185, 185, NMM NETCONF configuration, 225, UNIX NMM NETCONF data filtering, information center log host output, NMM NETCONF data filtering (conditional unlocking match), NMM NETCONF configuration, 233, NMM NETCONF data filtering (regex match), user NMM NETCONF message format, PMM Linux user,...

Table of Contents

Save PDF