manualshive.com logo in svg

H3C SR6600-X, Configuration Manual, Page: 272 / 282

Share
Download
H3C SR6600-X Configuration Manual Download Page 272

 

258 

# Configure an output rule to enable output to the log host FTP logs that have a severity level of at 

least 

informational

[Device] info-center source ftp loghost level informational 

2.

 

Configure the log host: 
The following configurations were performed on Solaris. Other UNIX operating systems have 
similar configurations. 

a.

 

Log in to the log host as a root user. 

b.

 

Create a subdirectory named 

Device

 in the directory 

/var/log/

, and create file 

info.log

 in the 

Device

 directory to save logs of 

Device

# mkdir /var/log/Device 

# touch /var/log/Device/info.log 

c.

 

Edit the file 

syslog.conf

 in directory 

/etc/ 

and add the following contents. 

# Device configuration messages 

local5.info /var/log/Device/info.log 

In the above configuration, 

local5

 is the name of the logging facility used by the log host to 

receive logs. 

info

 is the informational level. The Linux system will store the log information with 

a severity level equal to or higher than 

informational

 to the file 

/var/log/Device/info.log

 

 

NOTE: 

Follow these guidelines while editing the file 

/etc/syslog.conf

 

Comments must be on a separate line and must begin with a pound sign (#). 

 

No redundant spaces are allowed after the file name. 

 

The logging facility name and the severity level specified in the 

/etc/syslog.conf

 file must be 

identical to those configured on the device by using the 

info

-

center loghost

 and 

info-center 

source

 commands. Otherwise, the log information might not be output properly to the log host. 

 

d.

 

Display the process ID of 

syslogd

, kill the 

syslogd

 process, and then restart

 syslogd 

by using the

 

-r

 option to apply the new configuration. 

Make sure the 

syslogd

 process is started with the 

-r

 option on a Linux log host. 

# ps -ae | grep syslogd 

147 

# kill -9 147 

# syslogd -r & 

Now, the system can record log information to the specified file. 
 

Summary of Contents for SR6600-X

Page 1: ... Network Management and Monitoring Configuration Guide V7 Hangzhou H3C Technologies Co Ltd http www h3c com Software version SR6602X CMW710 R7103 SR6600X CMW710 R7103 RSE3 SR6600 CMW710 R7103 RPE3 Document version 20150715 6PW100 ...

Page 2: ...ngine SecPath SecCenter SecBlade Comware ITCMM and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensure accuracy of the contents but all stateme...

Page 3: ...for Network planners Field technical support and servicing engineers Network administrators working with the routers Conventions This section describes the conventions used in this documentation set Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown Italic Italic text represents arguments that you replace with actual val...

Page 4: ...llowed can result in data loss data corruption or damage to hardware or software IMPORTANT An alert that calls attention to essential information NOTE An alert that contains additional or supplementary information TIP An alert that provides helpful information Network topology icons Represents a generic network device such as a router switch or firewall Represents a routing capable device such as ...

Page 5: ...uals Provide the hardware specifications of cards H3C N68 Cabinet Installation and Remodel Introduction Guides you through installing and remodeling H3C N68 cabinets Software configuration Configuration guides Describe software features and configuration procedures Command references Provide a quick reference to all available commands Operations and maintenance H3C SR6602 Release notes Provide inf...

Page 6: ...nload Provides the documentation released with the software version Technical support service h3c com http www h3c com Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments ...

Page 7: ...ion 14 Configuring the HTTP operation 15 Configuring the UDP jitter operation 16 Configuring the SNMP operation 18 Configuring the TCP operation 18 Configuring the UDP echo operation 19 Configuring the UDP tracert operation 20 Configuring the voice operation 22 Configuring the DLSw operation 24 Configuring the path jitter operation 24 Configuring optional parameters for the NQA operation 25 Config...

Page 8: ...strictions and guidelines 71 Configuration task list 71 Enabling the NTP service 72 Configuring NTP association modes 72 Configuring NTP in client server mode 72 Configuring NTP in symmetric active passive mode 73 Configuring NTP in broadcast mode 74 Configuring NTP in multicast mode 75 Configuring access control rights 76 Configuring NTP authentication 76 Configuring NTP authentication in client ...

Page 9: ...ort 122 Configuring the mode for carrying timestamps 122 Specifying a delay measurement mechanism for a BC or an OC 123 Configuring the port type for a TC OC 123 Configuring the interval for sending announce messages 124 Specifying the number of announcement intervals before the receiving node stops receiving announce messages 124 Configuring the interval for sending Pdelay_Req messages 125 Config...

Page 10: ...n default MDC 148 Displaying and maintaining network clock monitoring module configuration 149 Network synchronization configuration example 150 Network requirements 150 Configuration procedure 150 Verifying the configuration 150 Configuring synchronous Ethernet 151 Overview 151 Quality levels of clocks 151 Clock reference selection and timing distribution 151 Input QL updating on SyncE ports 152 ...

Page 11: ...edure 177 History group configuration example 178 Network requirements 178 Configuration procedure 178 Alarm function configuration example 179 Network requirements 179 Configuration procedure 180 Configuring EAA 182 Overview 182 EAA framework 182 Elements in a monitor policy 183 EAA environment variables 184 Configuring a user defined EAA environment variable 185 Configuring a monitor policy 186 ...

Page 12: ...tecture 207 Flow aging 208 NetStream data export 208 NetStream filtering and sampling 211 NetStream configuration task list 211 Enabling NetStream 212 Configuring NetStream filtering 213 Configuring NetStream sampling 213 Configuring attributes of the NetStream data export 213 Configuring the NetStream data export format 213 Configuring the refresh rate for NetStream version 9 templates 215 Config...

Page 13: ... diagnostic logs 242 Default output rules for security logs 243 Default output rules for hidden logs 243 Default output rules for trace logs 243 Default output rules for custom logs 243 Log formats 244 FIPS compliance 246 Information center configuration task list 246 Outputting logs to the console 247 Outputting logs to the monitor terminal 247 Outputting logs to a log host 248 Outputting logs to...

Page 14: ...guring the timestamp of flow logs 262 Specifying a flow log export destination 263 Specifying a log host as the flow log export destination 263 Specifying the information center as the flow log export destination 263 Displaying and maintaining flow log 263 Flow log configuration example 264 Network requirements 264 Configuration procedure 264 Verifying the configuration 264 Index 266 ...

Page 15: ...y view Task Command Determine if an address in an IP network is reachable When you configure the ping command for a low speed network set a larger value for the timeout timer indicated by the t keyword in the command For IPv4 networks ping ip a source ip c count f h ttl i interface type interface number m interval n p pad q r s packet size t timeout tos tos v topology topo name vpn instance vpn in...

Page 16: ...ce A sends five ICMP packets to Device C and Device A receives five ICMP packets No ICMP packet is lost The route is reachable Get detailed information about routes from Device A to Device C DeviceA ping r 1 1 2 2 Ping 1 1 2 2 1 1 2 2 56 data bytes press CTRL_C to break 56 bytes from 1 1 2 2 icmp_seq 0 ttl 254 time 4 685 ms RR 1 1 2 1 1 1 2 2 1 1 1 2 1 1 1 1 56 bytes from 1 1 2 2 icmp_seq 1 ttl 25...

Page 17: ...eived ICMP error messages to get the IP addresses of devices Tracert works as shown in Figure 2 1 The source device sends a UDP packet with a TTL value of 1 to the destination device The destination UDP port is not used by any application on the destination device 2 The first hop Device B the first Layer 3 device that receives the packet responds by sending a TTL expired ICMP error message to the ...

Page 18: ...n the intermediate devices devices between the source and destination devices If the intermediate devices are H3C devices execute the ipv6 hoplimit expires enable command on the devices For more information about this command see Layer 3 IP Services Command Reference Enable sending of ICMPv6 destination unreachable packets on the destination device If the destination device is an H3C device execut...

Page 19: ...ess CTRL_C to break Request time out Request time out Request time out Request time out Request time out Ping statistics for 1 1 2 2 5 packet s transmitted 0 packet s received 100 0 packet loss The output shows that Device A and Device C cannot reach each other 4 Use the tracert command to identify failed nodes Enable sending of ICMP timeout packets on Device B DeviceB system view DeviceB ip ttl e...

Page 20: ...ebugging switch Controls whether to generate the module specific debugging information Screen output switch Controls whether to display the debugging information on a certain screen Use terminal monitor and terminal logging level commands to turn on the screen output switch For more information about these two commands see Network Management and Monitoring Command Reference As shown in Figure 4 as...

Page 21: ...tion When debugging is complete use the undo debugging all command to disable all the debugging functions To debug a feature module Step Command Remarks 1 Enable debugging for a module in user view debugging all timeout time module name option By default all debugging functions are disabled 2 Optional Display the enabled debugging in any view display debugging module name N A ...

Page 22: ...rk performance The obtained performance metrics include the one way latency jitter packet loss voice quality application performance and server response time All types of NQA operations require the NQA client but only the TCP UDP echo UDP jitter and voice operations require the NQA server The NQA operations for services that are already provided by the destination device such as FTP do not need th...

Page 23: ...h from the source to the destination The number of the probes to each hop is set by using the probe count command Collaboration NQA can collaborate with the Track module to notify application modules of state or performance changes so that the application modules can take predefined actions Figure 6 Collaboration The following describes how a static route destined for 192 168 0 88 is monitored thr...

Page 24: ...r ICPIF see Configuring the voice operation Voice Mean Opinion Scores MOS see Configuring the voice operation Voice NQA configuration task list Tasks at a glance Remarks Configuring the NQA server Required for TCP UDP echo UDP jitter and voice operations Required Enabling the NQA client N A Required Perform at least one of the following tasks Configuring NQA operations on the NQA client Configurin...

Page 25: ...s 1 Enter system view system view N A 2 Enable the NQA client nqa agent enable By default the NQA client is enabled Configuring NQA operations on the NQA client NQA operation configuration task list Tasks at a glance Required Perform at least one of the following tasks Configuring the ICMP echo operation Configuring the DHCP operation Configuring the DNS operation Configuring the FTP operation Con...

Page 26: ...nd Reference To configure the ICMP echo operation Step Command Remarks 1 Enter system view system view N A 2 Create an NQA operation and enter NQA operation view nqa entry admin name operation tag By default no NQA operation is created 3 Specify the ICMP echo type and enter its view type icmp echo N A 4 Specify the destination address of ICMP echo requests destination ip ip address By default no d...

Page 27: ...equests DHCP also measures the amount of time it takes the NQA client to obtain an IP address from a DHCP server The NQA client simulates the DHCP relay agent to forward DHCP requests for IP address acquisition from the DHCP server The interface that performs the DHCP operation does not change its IP address When the DHCP operation completes the NQA client sends a packet to release the obtained IP...

Page 28: ...try To configure the DNS operation Step Command Remarks 1 Enter system view system view N A 2 Create an NQA operation and enter NQA operation view nqa entry admin name operation tag By default no NQA operation is created 3 Specify the DNS type and enter its view type dns N A 4 Specify the IP address of the DNS server as the destination address of DNS packets destination ip ip address By default no...

Page 29: ...address By default no source IP address is specified The source IP address must be the IP address of a local interface and the interface must be up Otherwise no FTP requests can be sent out 6 Specify the FTP operation type operation get put By default the FTP operation type is get which means obtaining files from the FTP server 7 Specify an FTP login username username username By default no FTP lo...

Page 30: ... get post raw By default the HTTP operation type is get which means obtaining data from the HTTP server 9 Specify the HTTP version version v1 0 v1 1 By default HTTP 1 0 is used 10 Optional Enter raw request view raw request Every time you enter raw request view the previously configured content of the HTTP request is removed 11 Optional Specify the content of a GET request for the HTTP operation E...

Page 31: ...the IP address of the listening service on the NQA server 5 Specify the destination port of UDP packets destination port port number By default no destination port number is specified The destination port number must be the same as the port number of the listening service on the NQA server 6 Optional Specify the source port number of UDP packets source port port number By default no source port nu...

Page 32: ... operation is created 3 Specify the SNMP type and enter its view type snmp N A 4 Specify the destination address of SNMP packets destination ip ip address By default no destination IP address is specified 5 Optional Specify the source port of SNMP packets source port port number By default no source port number is specified 6 Optional Specify the source IP address of SNMP packets source ip ip addr...

Page 33: ... IP address must be the IP address of a local interface and the interface must be up Otherwise no TCP packets can be sent out Configuring the UDP echo operation The UDP echo operation measures the round trip time between the client and a UDP port on the NQA server The UDP echo operation requires both the NQA server and the NQA client Before you perform a UDP echo operation configure a UDP listenin...

Page 34: ...om the source device to the destination device Before you configure the UDP tracert operation perform the following tasks Enable sending ICMP time exceeded messages on the intermediate devices between the source and destination devices If the intermediate devices are H3C devices use the ip ttl expires enable command Enable sending ICMP destination unreachable messages on the destination device If ...

Page 35: ...l ttl The default setting is 1 10 Optional Specify an output interface for UDP packets out interface interface type interface number By default the output interface for UDP packets is not specified The NQA client determines the output interface based on the routing table lookup 11 Optional Specify the source port of UDP packets source port port number By default no source port number is specified ...

Page 36: ...ecided by packet loss and delay A higher value represents a lower service quality Mean Opinion Scores MOS A MOS value can be evaluated by using the ICPIF value in the range of 1 to 5 A higher value represents a higher service quality The evaluation of voice quality depends on users tolerance for voice quality For users with higher tolerance for voice quality use the advantage factor command to con...

Page 37: ...9 Optional Specify the source port number of voice packets source port port number By default no source port number is specified 10 Optional Specify the payload size in each voice packet data size size By default the voice packet size varies by codec type The default packet size is 172 bytes for G 711A law and G 711 μ law codec type and 32 bytes for G 729 A law codec type 11 Optional Specify the s...

Page 38: ...ositive jitters from the NQA client to each hop on the path to the destination Before you configure the path jitter operation perform the following tasks Enable sending ICMP time exceeded messages on the intermediate devices between the source and destination devices If the intermediate devices are H3C devices use the ip ttl expires enable command Enable sending ICMP destination unreachable messag...

Page 39: ... regards the response times out probe packet timeout packet timeout The default setting is 3000 milliseconds 11 Optional Specify an LSR path lsr path ip address 1 8 By default no LSR path is specified The path jitter operation uses the tracert to detect the LSR path to the destination and sends ICMP echo requests to each hop on the LSR 12 Optional Perform the path jitter operation only on the dest...

Page 40: ...tions 8 Specify the maximum number of hops that the probe packets can traverse ttl value The default setting is 30 for probe packets of the UDP tracert operation and is 20 for probe packets of other types of operations This command is not available for the DHCP and path jitter operations 9 Specify the ToS value in the IP header of probe packets tos value The default setting is 0 10 Enable the rout...

Page 41: ...either exceeds the upper threshold or goes below the lower threshold a threshold violation occurs accumulate If the total number of times that the monitored performance metric is out of the specified value range reaches or exceeds the specified threshold a threshold violation occurs consecutive If the number of consecutive times that the monitored performance metric is out of the specified value r...

Page 42: ...ee Network Management and Monitoring Command Reference To configure threshold monitoring Step Command Remarks 1 Enter system view system view N A 2 Create an NQA operation and enter NQA operation view nqa entry admin name operation tag By default no NQA operation is created 3 Enter NQA operation view type dhcp dlsw dns ftp http icmp echo snmp tcp udp echo udp jitter udp tracert voice Path jitter d...

Page 43: ...ower threshold action type none trap only Monitor packet loss only for the UDP jitter and voice operations reaction item number checked element packet loss threshold type accumulate accumulate occurrences action type none trap only Monitor the one way jitter only for the UDP jitter and voice operations reaction item number checked element jitter ds jitter sd threshold type accumulate accumulate oc...

Page 44: ...ion function 4 Optional Specify the interval for collecting the statistics statistics interval interval The default setting is 60 minutes 5 Optional Specify the maximum number of statistics groups that can be saved statistics max group number The default setting is two groups To disable collecting NQA statistics set the maximum number to 0 When the maximum number of statistics groups is reached to...

Page 45: ...m time use the display clock command When you schedule an NQA operation follow these restrictions and guidelines You cannot enter the operation type view or the operation view of a scheduled NQA operation A system time adjustment does not affect started or completed NQA operations It affects only the NQA operations that have not started To schedule the NQA operation on the NQA client Step Command ...

Page 46: ...ource IP address is specified The requests use the primary IP address of the output interface as their source IP address The specified source interface must be up If you configure the source interface command with the source ip or source ipv6 command the most recent configuration takes effect 7 Optional Specify the source IPv4 or IPv6 address for the probe packets IPv4 address source ip ip address...

Page 47: ...ied The source IP address must be the IP address of a local interface and the interface must be up Otherwise no probe packets can be sent out 8 Optional Configure the source port for probe packets source port port number By default no source port number is configured 9 Optional Specify the IPv4 or IPv6 address that is expected to be returned IPv4 address expect ip ip address IPv6 address expect ip...

Page 48: ...e source IP address must be the IP address of a local interface and the interface must be up Otherwise no probe packets can be sent out 7 Optional Configure the expected data expect data expression offset number By default no expected data is configured The expected data is checked only when you configure both the data fill and expect data commands Configuring the HTTP template A feature that uses...

Page 49: ...Every time you enter the raw request view the previously configured content of the GET request is removed 8 Optional Enter or paste the content of the GET request for the HTTP operation N A This step is required for the raw operation By default no contents are specified 9 Optional Save the input and exit to HTTP template view quit N A 10 Optional Specify the source IPv4 or IPv6 address for the pro...

Page 50: ...peration get put By default the FTP operation type is get which means obtaining files from the FTP server 5 Specify an FTP login username username username By default no FTP login username is specified 6 Specify an FTP login password password cipher simple password By default no FTP login password is specified 7 Optional Specify the name of a file to be transferred filename filename This step is r...

Page 51: ...o a successful operation reaction trigger probe pass count The default setting is 3 If the number of consecutive successful probes for an NQA operation is reached the NQA client notifies the feature that uses the template of the successful operation event 10 Configure the number of consecutive probe failures that lead to an operation failure reaction trigger probe fail count The default setting is...

Page 52: ...r Details not shown Create an ICMP echo operation DeviceA system view DeviceA nqa entry admin test1 DeviceA nqa admin test1 type icmp echo Specify the destination IP address of ICMP echo requests as 10 2 2 2 DeviceA nqa admin test1 icmp echo destination ip 10 2 2 2 Configure 10 1 1 2 as the next hop The ICMP echo requests are sent through Device C to Device B DeviceA nqa admin test1 icmp echo next...

Page 53: ...age round trip time 2 5 3 Square Sum of round trip time 96 Last succeeded probe time 2011 08 23 15 00 01 2 Extended results Packet loss ratio 0 Failures due to timeout 0 Failures due to internal error 0 Failures due to other errors 0 Display the history records of the ICMP echo operation DeviceA display nqa history admin test1 NQA entry admin admin tag test history records Index Response Status Ti...

Page 54: ... operation runs for a period of time stop the operation RouterA undo nqa schedule admin test1 Display the most recent result of the DHCP operation RouterA display nqa result admin test1 NQA entry admin admin tag test test results Send operation times 1 Receive response times 1 Min Max Average round trip time 512 512 512 Square Sum of round trip time 262144 Last succeeded probe time 2007 11 22 09 5...

Page 55: ...ame to be translated as host com DeviceA nqa admin test1 dns resolve target host com Enable the saving of history records DeviceA nqa admin test1 dns history record enable DeviceA nqa admin test1 dns quit Start the DNS operation DeviceA nqa schedule admin test1 start time now lifetime forever After the DNS operation runs for a period of time stop the operation DeviceA undo nqa schedule admin test1...

Page 56: ...otocol to make sure the devices can reach each other Details not shown Create an FTP operation DeviceA system view DeviceA nqa entry admin test1 DeviceA nqa admin test1 type ftp Specify the URL of the FTP server DeviceA nqa admin test ftp url ftp 10 2 2 2 Specify 10 1 1 1 as the source IP address DeviceA nqa admin test1 ftp source ip 10 1 1 1 Configure the device to upload file config txt to the F...

Page 57: ...ration DeviceA display nqa history admin test1 NQA entry admin admin tag test1 history records Index Response Status Time 1 173 Succeeded 2011 11 22 10 07 28 6 The output shows that it took Device A 173 milliseconds to upload a file to the FTP server HTTP operation configuration example Network requirements As shown in Figure 1 1 configure an HTTP operation on the NQA client to test the time requi...

Page 58: ...ration times 1 Receive response times 1 Min Max Average round trip time 64 64 64 Square Sum of round trip time 4096 Last succeeded probe time 2011 11 22 10 12 47 9 Extended results Packet loss ratio 0 Failures due to timeout 0 Failures due to disconnect 0 Failures due to no connection 0 Failures due to internal error 0 Failures due to other errors 0 Display the history records of the HTTP operatio...

Page 59: ...al of 1000 milliseconds DeviceA nqa admin test1 udp jitter frequency 1000 DeviceA nqa admin test1 udp jitter quit Start the UDP jitter operation DeviceA nqa schedule admin test1 start time now lifetime forever After the UDP jitter operation runs for a period of time stop the operation DeviceA undo nqa schedule admin test1 Display the most recent result of the UDP jitter operation DeviceA display n...

Page 60: ...tics NO 1 Start time 2011 05 29 13 56 14 0 Life time 47 seconds Send operation times 410 Receive response times 410 Min Max Average round trip time 1 93 19 Square Sum of round trip time 206176 Extended results Packet loss ratio 0 Failures due to timeout 0 Failures due to internal error 0 Failures due to other errors 0 Packets out of sequence 0 Packets arrived late 0 UDP jitter results RTT number 4...

Page 61: ... 3 Configure the SNMP agent Device B Set the SNMP version to all DeviceB system view DeviceB snmp agent sys info version all Set the read community to public DeviceB snmp agent community read public Set the write community to private DeviceB snmp agent community write private 4 Configure Device A Create an SNMP operation DeviceA system view DeviceA nqa entry admin test1 DeviceA nqa admin test1 typ...

Page 62: ...22 10 24 41 1 The output shows that it took Device A 50 milliseconds to receive a response from the SNMP agent TCP operation configuration example Network requirements As shown in Figure 14 configure a TCP operation to test the time required for Device A and Device B to establish a TCP connection Figure 14 Network diagram Configuration procedure 1 Assign each interface an IP address Details not sh...

Page 63: ...imes 1 Receive response times 1 Min Max Average round trip time 13 13 13 Square Sum of round trip time 169 Last succeeded probe time 2011 11 22 10 27 25 1 Extended results Packet loss ratio 0 Failures due to timeout 0 Failures due to disconnect 0 Failures due to no connection 0 Failures due to internal error 0 Failures due to other errors 0 Display the history records of the TCP operation DeviceA ...

Page 64: ...o history record enable DeviceA nqa admin test1 udp echo quit Start the UDP echo operation DeviceA nqa schedule admin test1 start time now lifetime forever After the UDP echo operation runs for a period of time stop the operation DeviceA undo nqa schedule admin test1 Display the most recent result of the UDP echo operation DeviceA display nqa result admin test1 NQA entry admin admin tag test1 test...

Page 65: ...ination port 33434 Configure Device A to perform three probes to each hop DeviceA nqa admin test1 udp tracert probe count 3 Configure the probe timeout time as 500 milliseconds DeviceA nqa admin test1 udp tracert probe timeout 500 Configure the UDP tracert operation to repeat at an interval of 5000 milliseconds DeviceA nqa admin test1 udp tracert frequency 5000 Specify the output interface for UDP...

Page 66: ...n test1 NQA entry admin admin tag test1 history records Index TTL Response Hop IP Status Time 1 2 2 10 2 2 2 Succeeded 2013 09 09 14 46 06 2 1 2 1 10 2 2 2 Succeeded 2013 09 09 14 46 05 2 1 2 2 10 2 2 2 Succeeded 2013 09 09 14 46 04 2 1 1 1 3 1 1 1 Succeeded 2013 09 09 14 46 03 2 1 1 2 3 1 1 1 Succeeded 2013 09 09 14 46 02 2 1 1 1 3 1 1 1 Succeeded 2013 09 09 14 46 01 2 Voice operation configurati...

Page 67: ...n times 1000 Receive response times 1000 Min Max Average round trip time 31 1328 33 Square Sum of round trip time 2844813 Last packet received time 2011 06 13 09 49 31 1 Extended results Packet loss ratio 0 Failures due to timeout 0 Failures due to internal error 0 Failures due to other errors 0 Packets out of sequence 0 Packets arrived late 0 Voice results RTT number 1000 Min positive SD 1 Min po...

Page 68: ... RTT number 4000 Min positive SD 1 Min positive DS 1 Max positive SD 360 Max positive DS 1297 Positive SD number 1030 Positive DS number 1024 Positive SD sum 4363 Positive DS sum 5423 Positive SD average 4 Positive DS average 5 Positive SD square sum 497725 Positive DS square sum 2254957 Min negative SD 1 Min negative DS 1 Max negative SD 360 Max negative DS 1297 Negative SD number 1028 Negative D...

Page 69: ...lsw history record enable DeviceA nqa admin test1 dlsw quit Start the DLSw operation DeviceA nqa schedule admin test1 start time now lifetime forever After the DLSw operation runs for a period of time stop the operation DeviceA undo nqa schedule admin test1 Display the most recent result of the DLSw operation DeviceA display nqa result admin test1 NQA entry admin admin tag test1 test results Send ...

Page 70: ...h jitter operation DeviceA system view DeviceA nqa entry admin test1 DeviceA nqa admin test1 type path jitter Specify 10 2 2 2 as the destination IP address of ICMP echo requests DeviceA nqa admin test1 path jitter destination ip 10 2 2 2 Configure the path jitter operation to repeat at an interval of 10000 milliseconds DeviceA nqa admin test1 path jitter frequency 10000 DeviceA nqa admin test1 pa...

Page 71: ... 15 40 28 Square Sum of round trip time 4493 Extended Results Failures due to timeout 0 Failures due to internal error 0 Failures due to other errors 0 Packets out of sequence 0 Packets arrived late 0 Path Jitter Results Jitter number 9 Min Max Average jitter 1 10 4 Positive jitter number 6 Min Max Average positive jitter 1 9 4 Sum Square Sum positive jitter 25 173 Negative jitter number 3 Min Max...

Page 72: ...erval of 100 milliseconds RouterA nqa admin test1 icmp echo frequency 100 Create reaction entry 1 If the number of consecutive probe failures reaches 5 collaboration is triggered RouterA nqa admin test1 icmp echo reaction 1 checked element probe fail threshold type consecutive 5 action type trigger only RouterA nqa admin test1 icmp echo quit Start the ICMP echo operation RouterA nqa schedule admin...

Page 73: ...th the next hop 10 2 1 1 is active and the status of the track entry is positive Remove the IP address of GigabitEthernet 2 0 1 on Router B RouterB system view RouterB interface gigabitethernet 2 0 1 RouterB GigabitEthernet2 0 1 undo ip address On Router A display information about all the track entries RouterA display track all Track ID 1 State Negative Duration 0 days 0 hours 0 minutes 0 seconds...

Page 74: ...rom Device A to Device B Figure 21 Network diagram Configuration procedure Assign each interface an IP address Details not shown Configure static routes or a routing protocol to make sure the devices can reach each other Details not shown Create ICMP template icmp DeviceA system view DeviceA nqa template icmp icmp Specify 10 2 2 2 as the destination IP address of ICMP echo requests DeviceA nqatplt...

Page 75: ... routes or a routing protocol to make sure the devices can reach each other Details not shown Create DNS template dns DeviceA system view DeviceA nqa template dns dns Specify the IP address of the DNS server 10 2 2 2 as the destination IP address DeviceA nqatplt dns dns destination ip 10 2 2 2 Specify the domain name to be translated as host com DeviceA nqatplt dns dns resolve target host com Spec...

Page 76: ...evice A Create TCP template tcp DeviceA system view DeviceA nqa template tcp tcp Configure 10 2 2 2 as the destination IP address and port 9000 as the destination port DeviceA nqatplt tcp tcp destination ip 10 2 2 2 DeviceA nqatplt tcp tcp destination port 9000 If the number of consecutive successful probes reaches 2 the operation succeeds The NQA client notifies the feature of the successful oper...

Page 77: ... reaction trigger probe pass 2 If the number of consecutive probe failures reaches 2 the operation fails The NQA client notifies the feature of the operation failure DeviceA nqatplt http http reaction trigger probe fail 2 FTP template configuration example Network requirements As shown in Figure 25 configure an FTP template for a feature to perform the FTP operation The operation tests whether Dev...

Page 78: ...in as admin DeviceA nqatplt ftp ftp username admin Specify the password for the FTP server login as systemtest DeviceA nqatplt ftp ftp password simple systemtest If the number of consecutive successful probes reaches 2 the operation succeeds The NQA client notifies the feature of the successful operation event DeviceA nqatplt ftp ftp reaction trigger probe pass 2 If the number of consecutive probe...

Page 79: ...ou can keep time synchronized among devices by changing their system clocks one by one NTP runs over UDP and uses UDP port 123 NOTE NTP is supported only on the following Layer 3 interfaces Layer 3 Ethernet interfaces Layer 3 Ethernet subinterfaces Layer 3 aggregate interfaces VLAN interfaces Tunnel interfaces How NTP works Figure 26 shows how NTP synchronizes the system time between two devices D...

Page 80: ... the NTP message the local time of Device A is 10 00 03 am T4 Up to now Device A can calculate the following parameters based on the timestamps The roundtrip delay of the NTP message Delay T4 T1 T3 T2 2 seconds Time difference between Device A and Device B Offset T2 T1 T3 T4 2 1 hour Based on these parameters Device A can be synchronized to Device B This is only a rough description of the work mec...

Page 81: ...ptimal NTP server as the clock source based on parameters such as stratum The clock that the device selects is called the reference source For more information about clock selection see the related protocols and standards If the devices in a network cannot synchronize to an authoritative time source you can perform the following tasks Select a device that has a relatively accurate clock from the n...

Page 82: ...On the symmetric active peer specify the IP address of the symmetric passive peer A symmetric active peer periodically sends clock synchronization messages to a symmetric passive peer The symmetric passive peer automatically operates in symmetric passive mode and sends a reply If the symmetric active peer can be synchronized to multiple time servers it selects an optimal clock and synchronizes its...

Page 83: ... according to the received messages A multicast client can synchronize to a multicast server but a multicast server cannot synchronize to a multicast client A multicast server can provide time synchronization for clients in the same subnet or in different subnets The multicast mode has a lower time accuracy than the client server and symmetric active passive modes In this document an NTP server or...

Page 84: ...d by a key ID Then it sends the calculated digest together with the NTP message and key ID to the receiver 2 Upon receiving the message the receiver performs the following actions a Finds the key according to the key ID in the message b Uses the MD5 algorithm to calculate the digest c Compares the digest with the digest contained in the NTP message If they are the same the receiver accepts the mes...

Page 85: ...t The NTP service and SNTP service are mutually exclusive You can only enable either NTP service or SNTP service at a time To ensure time synchronization accuracy H3C recommends not specifying more than one reference source Doing so might cause frequent time changes or even synchronization failures Make sure you use the clock protocol command to specify the time protocol as NTP on an MDC For more ...

Page 86: ...ient server mode specify the IP address for the server on the client Follow these guidelines when you configure an NTP client A server must be synchronized by other devices or use its local clock as a reference source before synchronizing an NTP client Otherwise the client will not be synchronized to the NTP server If the stratum level of a server is higher than or equal to a client the client wil...

Page 87: ...ive mode When the device operates in symmetric active passive mode specify on a symmetric active peer the IP address for a symmetric passive peer Follow these guidelines when you configure a symmetric active peer Execute the ntp service enable command on a symmetric passive peer to enable NTP Otherwise the symmetric passive peer will not process NTP messages from a symmetric active peer Either the...

Page 88: ...efore synchronizing a broadcast client Otherwise the broadcast client will not be synchronized to the broadcast server Configure NTP in broadcast mode on both broadcast server and client Configuring a broadcast client Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface interface type interface number Enter the interface for receiving NTP broadcast messages 3 C...

Page 89: ...iguring a multicast client Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface interface type interface number Enter the interface for receiving NTP multicast messages 3 Configure the device to operate in multicast client mode Configure the device to operate in multicast client mode ntp service multicast client ip address Configure the device to operate in IPv...

Page 90: ...ss the local device Configure the NTP service access control right for a peer device to access the local device ntp service access peer query server synchronization acl number Configure the IPv6 NTP service access control right for a peer device to access the local device ntp service ipv6 peer query server synchronization acl acl number By default the NTP service access control right for a peer de...

Page 91: ...rver server name ip address vpn instance vpn instance name authentication keyid keyid Associate the specified key with an IPv6 NTP server ntp service ipv6 unicast server server name ipv6 address vpn instance vpn instance name authentication keyid keyid By default the trusted key is not associated with an NTP server To configure NTP authentication for a server Step Command Remarks 1 Enter system vi...

Page 92: ... Failed NTP messages cannot be sent and received correctly Yes N A No N A N A No authentication NTP messages can be sent and received correctly No N A N A N A N A No authentication NTP messages can be sent and received correctly Configuring NTP authentication in symmetric active passive mode When you configure NTP authentication in symmetric peers mode Enable NTP authentication Configure an authen...

Page 93: ...er To configure NTP authentication for a passive peer Step Command Remarks 1 Enter system view system view N A 2 Enable NTP authentication ntp service authentication enable By default NTP authentication is disabled 3 Configure an NTP authentication key ntp service authentication keyid keyid authentication mode md5 cipher simple value By default no NTP authentication key is configured 4 Configure t...

Page 94: ...A No No N A No authentication NTP messages can be sent and received correctly No N A N A Yes N A Failed NTP messages cannot be sent and received correctly No N A N A No N A No authentication NTP messages can be sent and received correctly The active peer has a higher stratum than the passive peer Yes No Yes N A N A Failed NTP messages cannot be sent and received correctly The passive peer has a hi...

Page 95: ...e NTP authentication for a broadcast server Step Command Remarks 1 Enter system view system view N A 2 Enable NTP authentication ntp service authentication enable By default NTP authentication is disabled 3 Configure an NTP authentication key ntp service authentication keyid keyid authentication mode md5 cipher simple value By default no NTP authentication key is configured 4 Configure the key as ...

Page 96: ...o N A No authentication NTP messages can be sent and received correctly Yes N A No Yes N A Failed NTP messages cannot be sent and received correctly Yes N A No No N A No authentication NTP messages can be sent and received correctly No N A N A Yes N A Failed NTP messages cannot be sent and received correctly No N A N A No N A No authentication NTP messages can be sent and received correctly Config...

Page 97: ...cation key ntp service authentication keyid keyid authentication mode md5 cipher simple value By default no NTP authentication key is configured 4 Configure the key as a trusted key ntp service reliable authentication keyid keyid By default no authentication key is configured as a trusted key 5 Enter interface view interface interface type interface number N A 6 Associate the specified key with th...

Page 98: ... cannot be sent and received correctly Yes No Yes Yes N A Failed NTP messages cannot be sent and received correctly Yes No Yes No N A No authentication NTP messages can be sent and received correctly Yes N A No Yes N A Failed NTP messages cannot be sent and received correctly Yes N A No No N A No authentication NTP messages can be sent and received correctly No N A N A Yes N A Failed NTP messages ...

Page 99: ...lticast server command the source interface for the broadcast or multicast NTP messages is the interface configured with the respective command To specify the source interface for NTP messages Step Command Remarks 1 Enter system view system view N A 2 Specify the source interface for NTP messages Specify the source interface for NTP messages ntp service source interface type interface number Speci...

Page 100: ...er and dynamic associations are created on the client A single device can have a maximum of 128 concurrent associations including static associations and dynamic associations Perform this task to restrict the number of dynamic associations to prevent dynamic associations from occupying too many system resources To configure the maximum number of dynamic associations Step Command Remarks 1 Enter sy...

Page 101: ...reference source Displaying and maintaining NTP Execute display commands in any view Task Command Display information about IPv6 NTP associations display ntp service ipv6 sessions verbose Display information about IPv4 NTP associations display ntp service sessions verbose Display information about NTP service status display ntp service status Display brief information about the NTP servers from th...

Page 102: ...cal mode client Reference clock ID 1 0 1 11 Leap indicator 00 Clock jitter 0 000977 s Stability 0 000 pps Clock precision 2 10 Root delay 0 00383 ms Root dispersion 16 26572 ms Reference time d0c6033f b9923965 Wed Dec 29 2010 18 58 07 724 Verify that an IPv4 NTP association has been established between Device B and Device A DeviceB display ntp service sessions source reference stra reach poll now ...

Page 103: ...pv6 unicast server 3000 34 4 Verify the configuration Verify that Device B has synchronized to Device A and the clock stratum level is 3 on Device B and 2 on Device A DeviceB display ntp service status Clock status synchronized Clock stratum 3 System peer 3000 34 Local mode client Reference clock ID 163 29 247 19 Leap indicator 00 Clock jitter 0 000977 s Stability 0 000 pps Clock precision 2 10 Ro...

Page 104: ...d make sure Device A and Device B can reach each other as shown in Figure 32 Details not shown 2 Configure Device B Enable the NTP service DeviceB system view DeviceB ntp service enable 3 Configure Device A Enable the NTP service DeviceA system view DeviceA ntp service enable Specify the local clock as the reference source with the stratum level 2 DeviceA ntp service refclock master 2 Configure De...

Page 105: ...hown in Figure 33 perform the following tasks Configure the local clock of Device A as a reference source with the stratum level 2 Configure Device A to operate in symmetric active mode and specify Device B as the IPv6 passive peer of Device A Figure 33 Network diagram Configuration procedure 1 Assign an IP address to each interface and make sure Device A and Device B can reach each other as shown...

Page 106: ...lay ntp service ipv6 sessions Notes 1 source master 2 source peer 3 selected 4 candidate 5 configured Source 1234 3000 35 Reference 127 127 1 0 Clock stratum 2 Reachabilities 15 Poll interval 64 Last receive time 19 Offset 0 0 Roundtrip delay 0 0 Dispersion 0 0 Total sessions 1 NTP broadcast mode configuration example Network requirements As shown in Figure 34 Router C functions as the NTP server ...

Page 107: ...e broadcast server 3 Configure Router A Enable the NTP service RouterA system view RouterA ntp service enable Configure Router A to operate in broadcast client mode and receive broadcast messages on GigabitEthernet 2 0 1 RouterA interface gigabitethernet 2 0 1 RouterA GigabitEthernet2 0 1 ntp service broadcast client 4 Configure Router B Enable the NTP service RouterB system view RouterB ntp servi...

Page 108: ... and Router C RouterA GigabitEthernet2 0 1 display ntp service sessions source reference stra reach poll now offset delay disper 1245 3 0 1 31 127 127 1 0 2 1 64 519 0 0 0 0022 4 1257 Notes 1 source master 2 source peer 3 selected 4 candidate 5 configured Total sessions 1 NTP multicast mode configuration example Network requirements As shown in Figure 35 Router C functions as the NTP server for mu...

Page 109: ...terD ntp service enable Configure Router D to operate in multicast client mode and receive multicast messages on GigabitEthernet 2 0 1 RouterD interface gigabitethernet 2 0 1 RouterD GigabitEthernet2 0 1 ntp service multicast client 4 Verify the configuration Router D and Router C are on the same subnet so Router D can do the following Receive multicast messages from Router C without being enabled...

Page 110: ...eive multicast messages from Router C Enable the IP multicast function RouterB system view RouterB multicast routing RouterB mrib quit RouterB interface gigabitethernet 2 0 1 RouterB GigabitEthernet2 0 1 igmp enable RouterB GigabitEthernet2 0 1 igmp static group 224 0 1 1 RouterB GigabitEthernet2 0 1 quit RouterB interface gigabitethernet 2 0 2 RouterB GigabitEthernet2 0 2 pim dm 6 Configure Route...

Page 111: ...v6 NTP multicast mode configuration example Network requirements As shown in Figure 36 Router C functions as the NTP server for multiple devices on different network segments and synchronizes the time among multiple devices Configure Router C s local clock as a reference source with the stratum level 2 Configure Router C to operate in IPv6 multicast server mode and send IPv6 NTP multicast messages...

Page 112: ... D can do the following Receive the IPv6 multicast messages from Router C without being enabled with the IPv6 multicast functions Synchronize to Router C Verify that Router D has synchronized to Router C and the clock stratum level is 3 on Router D and 2 on Router C RouterD GigabitEthernet2 0 1 display ntp service status Clock status synchronized Clock stratum 3 System peer 3000 2 Local mode bclie...

Page 113: ...Ethernet 2 0 1 RouterA interface gigabitethernet 2 0 1 RouterA GigabitEthernet2 0 1 ntp service ipv6 multicast client ff24 1 7 Verify the configuration Verify that Router A has synchronized to Router C and the clock stratum level is 3 on Router A and 2 on Router C RouterA GigabitEthernet2 0 1 display ntp status Clock status synchronized Clock stratum 3 System peer 3000 2 Local mode bclient Referen...

Page 114: ...vice A Enable the NTP service DeviceA system view DeviceA ntp service enable Specify the local clock as the reference source with the stratum level 2 DeviceA ntp service refclock master 2 3 Configure Device B Enable the NTP service DeviceB system view DeviceB ntp service enable Enable NTP authentication on Device B DeviceB ntp service authentication enable Set an authentication key and input the k...

Page 115: ...687 ab1bba7d Wed Dec 29 2010 21 28 39 668 Verify that an IPv4 NTP association has been established between Device B and Device A DeviceB display ntp service sessions source reference stra reach poll now offset delay disper 1245 1 0 1 11 127 127 1 0 2 1 64 519 0 0 0 0065 0 0 Notes 1 source master 2 source peer 3 selected 4 candidate 5 configured Total sessions 1 Configuration example for NTP broadc...

Page 116: ...d receive NTP broadcast messages from GigabitEthernet 2 0 1 RouterA interface gigabitethernet 2 0 1 RouterA GigabitEthernet2 0 1 ntp service broadcast client 3 Configure Router B Enable the NTP service RouterB system view RouterB ntp service enable Enable NTP authentication on Router B Configure an NTP authentication key with the key ID of 88 and key value of 123456 Input the key in plain text and...

Page 117: ... the key ID of 88 and key value of 123456 Input the key in plain text and specify it as a trusted key RouterC ntp service authentication enable RouterC ntp service authentication keyid 88 authentication mode md5 simple 123456 RouterC ntp service reliable authentication keyid 88 Specify Router C as an NTP broadcast server and associate the key 88 with Router C RouterC interface gigabitethernet 2 0 ...

Page 118: ...and VPN 2 CE 1 and CE 3 are devices in VPN 1 To synchronize time between PE 2 and CE 1 in VPN 1 perform the following tasks Configure CE 1 s local clock as a reference source with the stratum level 2 Configure CE 1 to operate in client server mode Specify VPN 1 as the target VPN Figure 39 Network diagram Device Interface IP address Device Interface IP address CE 1 S2 1 0 10 1 1 1 24 PE 1 S2 1 0 10...

Page 119: ... PE 2 has synchronized to CE 1 with the stratum level 3 PE2 display ntp service status Clock status synchronized Clock stratum 3 System peer 10 1 1 1 Local mode client Reference clock ID 10 1 1 1 Leap indicator 00 Clock jitter 0 005096 s Stability 0 000 pps Clock precision 2 10 Root delay 0 00655 ms Root dispersion 1 15869 ms Reference time d0c62687 ab1bba7d Wed Dec 29 2010 21 28 39 668 Verify tha...

Page 120: ...VPN Figure 40 Network diagram Device Interface IP address Device Interface IP address CE 1 S2 1 0 10 1 1 1 24 PE 1 S2 1 0 10 1 1 2 24 CE 2 CE 3 S2 1 0 S2 1 0 10 2 1 1 24 10 3 1 1 24 S2 1 1 S2 1 2 172 1 1 1 24 10 2 1 2 24 CE 4 S2 1 0 10 4 1 1 24 PE 2 S2 1 0 10 3 1 2 24 P S2 1 0 172 1 1 2 24 S2 1 1 172 2 1 2 24 S2 1 1 172 2 1 1 24 S2 1 2 10 4 1 2 24 Configuration procedure Before you perform the fol...

Page 121: ...ndicator 00 Clock jitter 0 005096 s Stability 0 000 pps Clock precision 2 10 Root delay 0 00655 ms Root dispersion 1 15869 ms Reference time d0c62687 ab1bba7d Wed Dec 29 2010 21 28 39 668 Verify that an IPv4 NTP association has been established between PE 1 and CE 1 PE1 display ntp service sessions source reference stra reach poll now offset delay disper 1245 10 1 1 1 127 127 1 0 2 1 64 519 0 0 0 ...

Page 122: ...ected Configuration restrictions and guidelines When you configure SNTP follow these restrictions and guidelines You cannot configure both NTP and SNTP on the same device Make sure you use the clock protocol command to specify the time protocol as NTP on an MDC You can configure SNTP only on one MDC Configuration task list Tasks at a glance Required Enabling the SNTP service Required Specifying an...

Page 123: ...the client does not synchronize with the NTP server Configuring SNTP authentication SNTP authentication makes sure an SNTP client is synchronized only to an authenticated trustworthy NTP server Follow these guidelines when you configure SNTP authentication Enable authentication on both the NTP server and the SNTP client Configure the SNTP client with the same authentication key ID and key value as...

Page 124: ...lt no NTP server is specified Displaying and maintaining SNTP Execute display commands in any view Task Command Display information about all IPv6 SNTP associations display sntp ipv6 sessions Display information about all IPv4 SNTP associations display sntp sessions SNTP configuration example Network requirements As shown in Figure 41 perform the following tasks Configure the local clock of Device...

Page 125: ...NTP service DeviceB system view DeviceB sntp enable Enable SNTP authentication on Device B DeviceB sntp authentication enable Configure an SNTP authentication key with the key ID of 10 and key value of aNiceKey Input the key in plain text DeviceB sntp authentication keyid 10 authentication mode md5 simple aNiceKey Specify the key as a trusted key DeviceB sntp reliable authentication keyid 10 Speci...

Page 126: ... A PTP clock with a single PTP port in a PTP domain for time synchronization It synchronizes time from its upstream clock node through the port If a clock node works as the clock source and sends synchronization time through a single PTP port to its downstream clock node it is also called an OC Boundary Clock BC A clock with more than one PTP port in a PTP domain for time synchronization A BC uses...

Page 127: ...member clock Master Subordinate port A master port sends a synchronization message and a subordinate port receives the synchronization message The master and subordinate ports can be on a BC or an OC A port that neither receives nor sends synchronization messages is a passive port Grandmaster clock In Figure 42 all clock nodes are organized into a master member hierarchy where the grandmaster cloc...

Page 128: ...side the clock monitoring module ToD clock Clock signals generated by a ToD clock The signals are sent to the clock monitoring module through a ToD interface ToD0 or ToD1 on the MPU and then sent to all cards by the clock monitoring module The clock node determines which type of clock source to use Synchronization mechanism PTP sends synchronization messages between the master and member nodes to ...

Page 129: ...this procedure the member clock collects all four timestamps and obtains the round trip delay to the master clock by using the following calculation t2 t1 t4 t3 The member clock also obtains the one way delay by using the following calculation t2 t1 t4 t3 2 The offset between the member and master clocks is obtained by using the following calculations t2 t1 t2 t1 t4 t3 2 t2 t1 t4 t3 2 Peer Delay T...

Page 130: ...time t4 and records the sending time t5 Upon receiving the message the member clock records the receiving time t6 5 After sending the Pdelay_Resp message the master clock immediately sends a Pdelay_Resp_Follow_Up message that carries time t5 After this procedure the member clock collects all six timestamps and obtains the round trip delay to the master clock by using the following calculation t4 t...

Page 131: ... No SR6604 SR6608 SR6616 Yes SR6604 X SR6608 X SR6616 X Yes Configuring clock nodes Before performing the following configurations define the scope of the PTP domain and the role of every clock node Configuration task list Tasks at a glance Required Specifying a PTP standard ...

Page 132: ...eq messages Optional Configuring the interval for sending Sync messages Optional Configuring the minimum interval for sending Delay_Req messages Optional Configuring the MAC address for non pdelay messages Optional Specifying the protocol for encapsulating PTP messages as UDP IPv4 Optional Configuring the source IP address for multicast PTP message transmission over UDP IPv4 Optional Configuring t...

Page 133: ...g ToD clock parameters Optional Configuring a priority for a clock Optional Specifying the system time source as PTP Required Enabling PTP on a port Specifying a PTP standard Before you configure PTP specify a PTP standard Otherwise PTP cannot operate Changing the PTP standard for the device clears all PTP configurations defined by the standard To specify a PTP standard Step Command Remarks 1 Ente...

Page 134: ...ation messages or as a member clock to receive synchronization messages This task allows you to configure an OC to operate only as a member clock This task is applicable only to OCs This configuration is automatically cleared after you change the clock node type for the device If an OC is operating only as a member clock you can also use the ptp force state command to configure its PTP port as a m...

Page 135: ...lay time output delay output delay time By default The device receives signals from an external ToD clock The delay correction value for a ToD clock is 0 nanoseconds Configuring ToD clock parameters The following matrix shows the ToD clock parameters and hardware compatibility Hardware ToD clock parameters compatibility SR6602 X No SR6604 SR6608 SR6616 No SR6604 X SR6608 X SR6616 X Yes To configur...

Page 136: ...To configure the PTP port role on an OC BC E2ETC OC or P2PTC OC Step Command Remarks 1 Enter system view system view N A 2 Enter Layer 3 Ethernet interface view interface interface type interface number N A 3 Configure the role of the PTP port ptp force state master passive slave By default the PTP port role is automatically specified through BMC 4 Quit interface view quit N A 5 Activate the port ...

Page 137: ...nd OCs If the PTP standard is IEEE 802 1AS only Peer Delay mode is supported To specify a delay measurement mechanism for a BC or an OC Step Command Remarks 1 Enter system view system view N A 2 Enter Layer 3 Ethernet interface view interface interface type interface number N A 3 Specify a delay measurement mechanism for a BC or an OC ptp delay mechanism e2e p2p By default the delay measurement me...

Page 138: ...messages A master node periodically sends announce messages to the member nodes If a member node does not receive any announce messages from the master node within the specified interval it considers the master node invalid If the PTP standard is IEEE 1588 version 2 the interval is the announce message sending interval multiple value If the PTP standard is IEEE 802 1AS the interval is the announce...

Page 139: ... interface number N A 3 Configure the interval for sending Sync messages ptp syn interval value By default The interval is 1 20 second if the PTP standard is IEEE 1588 version 2 The interval is 1 8 2 3 seconds if the PTP standard is IEEE 802 1AS Configuring the minimum interval for sending Delay_Req messages Step Command Remarks 1 Enter system view system view N A 2 Enter Layer 3 Ethernet interfac...

Page 140: ...tp destination mac mac address The default is 011B 1900 0000 This command takes effect only if PTP messages are encapsulated in IEEE 802 3 Ethernet packets Specifying the protocol for encapsulating PTP messages as UDP IPv4 PTP messages can be encapsulated in IEEE 802 3 Ethernet packets or UDP IPv4 packets To configure the protocol for encapsulating PTP messages as UDP IPv4 Step Command Remarks 1 E...

Page 141: ...ast destination ip address By default no destination IP address is configured for unicast PTP message transmission You must use this command on the current interface and make sure the interface and the peer PTP interface can reach each other This command takes effect only when unicast PTP messages are transmitted over UDP IPv4 This command has precedence over the ptp source command Configuring the...

Page 142: ...w N A 2 Configure the cumulative offset between the UTC and TAI ptp utc offset utc offset The default is 0 seconds Configuring the correction date of the UTC This task allows you to adjust the UTC at the last minute 23 59 of the specified date To configure the correction date of the UTC Step Command Remarks 1 Enter system view system view N A 2 Configure the correction date of the UTC ptp utc leap...

Page 143: ...PTP port An OC can have only one PTP port To enable PTP on a port Step Command Remarks 1 Enter system view system view N A 2 Enter Layer 3 Ethernet interface view interface interface type interface number N A 3 Enable PTP on the port ptp enable By default PPP is disabled on a port Displaying and maintaining PTP Execute display commands in any view and the reset command in user view Task Command Di...

Page 144: ...he clock node type of Device A and Device C as OC and that of Device B as E2ETC All clock nodes elect a GM through BMC based on their respective default GM attributes Figure 45 Network diagram Configuration procedure 1 Configure Device A Specify the PTP standard as IEEE 1588 version 2 DeviceA system view DeviceA ptp profile 1588v2 Specify the clock node type as OC DeviceA ptp mode oc Specify the s...

Page 145: ...as OC DeviceC ptp mode oc Specify the system time source as PTP DeviceC clock protocol ptp Enable PTP on GigabitEthernet 2 0 1 DeviceC interface gigabitethernet 2 0 1 DeviceC GigabitEthernet2 0 1 ptp enable DeviceC GigabitEthernet2 0 1 quit 4 Verify the configuration When the network is stable perform the following tasks Use the display ptp clock command to display PTP clock information Use the di...

Page 146: ...s removed N A Local clock time Sun Jan 15 20 57 29 2011 Display brief PTP statistics on Device B DeviceB display ptp interface brief Name State Delay mechanism Clock step Asymmetry correction GE2 0 1 N A E2E Two 0 GE2 0 2 N A E2E Two 0 PTP configuration example IEEE 1588 version 2 multicast transmission Network requirements As shown in Figure 46 a PTP domain contains Device A Device B and Device C...

Page 147: ...2 0 1 ptp enable DeviceA GigabitEthernet2 0 1 quit 2 Configure Device B Specify the PTP standard as IEEE 1588 version 2 DeviceB system view DeviceB ptp profile 1588v2 Specify the clock node type as P2PTC DeviceB ptp mode p2ptc Configure the source IP address for multicast PTP message transmission over UDP IPv4 DeviceB ptp source 10 10 10 2 Specify the system time source as PTP DeviceB clock protoc...

Page 148: ...ing tasks Use the display ptp clock command to display PTP clock information Use the display ptp interface brief command to display brief PTP statistics on an interface Display PTP clock information on Device A DeviceA display ptp clock PTP profile IEEE 1588 Version 2 PTP mode OC Slave only No Clock ID 000FE2 FFFE FF0000 Clock type Local Clock domain 0 Number of PTP ports 1 Priority1 128 Priority2...

Page 149: ...e 47 a PTP domain contains Device A Device B and Device C Device A is the GM and receives the ToD clock signals Device C sends ToD clock signals to the base station through its ToD interface Configure all devices to use PTP standard IEEE 1588 version 2 Configure the destination IP address for unicast PTP messages transmission over UDP IPv4 Configure the clock node type as OC for Device A and Devic...

Page 150: ...P DeviceB clock protocol ptp On GigabitEthernet 2 0 1 configure the destination IP address for unicast PTP message transmission over UDP IPv4 and enable PTP DeviceB interface gigabitethernet 2 0 1 DeviceB GigabitEthernet2 0 1 ptp transport protocol udp DeviceB GigabitEthernet2 0 1 ptp unicast destination 10 10 10 1 DeviceB GigabitEthernet2 0 1 ptp enable DeviceB GigabitEthernet2 0 1 quit On Gigabi...

Page 151: ...an interface Display PTP clock information on Device A DeviceA display ptp clock PTP profile IEEE 1588 Version 2 PTP mode OC Slave only No Clock ID 000FE2 FFFE FF0000 Clock type ToD0 Clock domain 0 Number of PTP ports 1 Priority1 0 Priority2 128 Clock quality Class 6 Accuracy 32 Offset log variance 65535 Offset from master 0 ns Mean path delay 0 ns Steps removed 0 Local clock time Sun Jan 15 20 57...

Page 152: ...type as OC for Device A and Device C and P2PTC for Device B All clock nodes elect a GM through BMC based on their respective default GM attributes Configure the delay measurement mechanism for Device A and Device C as p2p Figure 48 Network diagram Configuration procedure 1 Configure Device A Specify the PTP standard as IEEE 802 1AS DeviceA system view DeviceA ptp profile 802 1AS Specify the clock ...

Page 153: ...ew DeviceC ptp profile 802 1AS Specify the clock node type as OC DeviceC ptp mode oc Specify the system time source as PTP DeviceC clock protocol ptp Enable PTP on GigabitEthernet 2 0 1 DeviceC interface gigabitethernet 2 0 1 DeviceC GigabitEthernet2 0 1 ptp enable DeviceC GigabitEthernet2 0 1 quit 4 Verify the configuration When the network is stable perform the following tasks Use the display pt...

Page 154: ... DeviceB display ptp clock PTP profile IEEE 802 1AS PTP mode P2PTC Slave only No Clock ID 000FE2 FFFE FF0001 Clock type Local Clock domain 0 Number of PTP ports 2 Priority1 246 Priority2 248 Clock quality Class 248 Accuracy 254 Offset log variance 16640 Offset from master N A Mean path delay N A Steps removed N A Local clock time Sun Jan 15 20 57 29 2011 Display brief PTP statistics on Device B De...

Page 155: ... cards Performs phase lock to maintain a deterministic relationship between the input and output signals in frequency and phase Clock sources The device supports the following clock sources BITS Building integrated timing supply BITS clock The MPU has BITS ports to receive timing signals from external BITS clocks Line clock Timing signal extracted from the signal received on a port from a higher l...

Page 156: ... sources have the same priority the module selects the clock source that has the lowest slot number subslot number port number sequence After selecting the best reference the network clock monitoring module distributes the selected timing signal to all interface cards and locks the timing to the reference signal When the traced timing signal is lost the network clock monitoring module selects the ...

Page 157: ...act the timing signal from the incoming traffic on the port Feature and hardware compatibility Hardware Network synchronization compatibility SR6602 X No SR6604 SR6608 SR6616 No SR6604 X SR6608 X SR6616 X Yes Network synchronization configuration task list Tasks at a glance Remarks Required Configuring clock reference selection Enable automatic clock reference selection or specify a clock referenc...

Page 158: ...arks 1 Optional Verify that the clock source you want to select is in Normal state display network clock source Skip this step if you are enabling automatic reference selection 2 Enter system view system view N A 3 Enable automatic reference selection or manually select a reference In standalone mode network clock work mode auto manual source bits0 bits1 lpuport port type port number In IRF mode n...

Page 159: ...ing from an external clock reference or provide timing for external devices To configure the timing direction of a BITS clock Step Command Remarks 1 Enter system view system view N A 2 Configure the timing direction of a BITS clock In standalone mode network clock source bits0 bits1 direction in out In IRF mode network clock chassis chassis number source bits0 bits1 direction in out The default ti...

Page 160: ...face interface type interface number N A 3 Set the clock mode to slave clock slave By default slave clock mode is enabled on ports 4 Return to system view quit N A 5 Specify the port as a line clock input port network clock lpuport port type port number By default no ports are configured as line clock input ports Configuring automatic reference selection parameters Configuring the method to set th...

Page 161: ...vel you specify for a clock source takes effect only when manual SSM quality level assignment is enabled To specify an SSM quality level for a clock source Step Command Remarks 1 Enter system view system view N A 2 Assign an SSM quality level to a clock source In standalone mode network clock source bits0 bits1 ptp lpuport port type port number ssm dnu prc sec ssua ssub unknown In IRF mode network...

Page 162: ...rity of a clock source In an automatic reference selection process the network clock monitoring module selects the optimal clock as a reference from all available clock sources The lower the priority value the better the clock source For the BITS clocks and PTP you must perform this task on the default MDC For a line clock you must perform this task on the MDC that contains the clock input port To...

Page 163: ... standalone mode display network clock self test result Display the self test result of the network clock monitoring module in IRF mode display network clock self test result chassis chassis number Display the operating state of the network clock monitoring module in standalone mode display network clock status Display the operating state of the network clock monitoring module in IRF mode display ...

Page 164: ...t port DeviceB system view DeviceB network clock source lpuport pos 2 2 0 Specify the slave clock mode on the POS interface DeviceB interface pos 2 2 0 DeviceB Pos2 2 0 clock slave DeviceB Pos2 2 0 quit Specify the interface as the source to provide clock reference DeviceB network clock work mode manual source lpuport pos 2 2 0 DeviceB quit Verifying the configuration Verify that the POS interface...

Page 165: ...l SSU SSU B G 812 second level SSU SEC SDH equipment clock DNU Do not use for synchronization UNK Synchronization quality unknown DNU clock sources cannot participate in clock reference selection Clock reference selection and timing distribution The system clock uses the clock reference selected with the highest QL from the following sources If these sources have the same QL the system clock selec...

Page 166: ...ks ITU T G 8262 Timing Characteristics of a Synchronous Ethernet Equipment Slave Clock EEC ITU T G 8264 Y 1364 Distribution of Timing Information through Packet Networks Feature and hardware compatibility Hardware Synchronous Ethernet compatibility SR6602 X No SR6604 SR6608 SR6616 No SR6604 X SR6608 X SR6616 X Yes Configuring SyncE on an Ethernet interface Step Command Remarks 1 Enter system view ...

Page 167: ... interface view interface interface type interface number N A 3 Set the clock mode synce state master slave By default the clock mode is automatically negotiated Displaying and maintaining SyncE Execute display commands in any view Task Command Display ESMC information display esmc interface interface type interface number SyncE configuration example Network requirements As shown in Figure 50 conf...

Page 168: ...is exchanged correctly The sample output on Device A shows that the clock QLs of Device A and Device B are QL PRC and QL SEC respectively Device A provides more precise timing than Device B DeviceA display esmc Interface GigabitEthernet2 0 1 Mode Synchronous ESMC status Enable Port status Up Duplex mode Full QL received QL SEC QL sent QL PRC ESMC information packets received 2195 ESMC information ...

Page 169: ...e SNMP capable devices in the network SNMP agent Works on a managed device to receive and handle requests from the NMS and sends notifications to the NMS when events such as an interface state change occur Management Information Base MIB Specifies the variables for example interface status and CPU usage maintained by the SNMP agent for the SNMP manager to read and set Figure 51 Relationship betwee...

Page 170: ...SNMP agent an NMS must use the same community name as set on the SNMP agent If the community name used by the NMS differs from the community name set on the agent the NMS cannot establish an SNMP session to access the agent or receive traps from the agent SNMPv2c Uses community names for authentication SNMPv2c is compatible with SNMPv1 but supports more operation types data types and error codes S...

Page 171: ...trong Cryptography feature license This feature provides stronger cryptography additional IPsec tunnels and higher encryption performance For more information about obtaining the Strong Cryptography feature license see the release notes or contact HP Support Support for features commands and parameters varies by the cryptography capability Configuring SNMP basic parameters SNMPv3 differs from SNMP...

Page 172: ... for the four sub trees in the default MIB view you can create up to 16 unique MIB view records 8 Configure the SNMP access right Method 1 Create an SNMP community In VACM mode snmp agent community read write simple cipher community name mib view view name acl acl number acl ipv6 ipv6 acl number In RBAC mode snmp agent community simple cipher community name user role role name acl acl number acl i...

Page 173: ...o implement a security model for a user and avoid SNMP communication failures make sure the security model configuration for the group and the security key settings for the user are compliant with Table 7 and match the settings on the NMS Table 7 Basic security setting requirements for different security models Security model Security model keyword for the group Security key settings for the user ...

Page 174: ...ange the local engine ID the existing SNMPv3 users and encrypted keys become invalid and you must reconfigure them 7 Optional Configure a remote engine ID snmp agent remote ip address ipv6 ipv6 address vpn instance vpn instance name engineid engineid By default no remote engine ID is configured To send informs to an SNMPv3 NMS you must configure the SNMP engine ID of the NMS 8 Optional Create or u...

Page 175: ...tication privacy read view view name write view view name notify view view name acl acl number acl ipv6 ipv6 acl number By default no SNMP group exists 10 Optional Calculate a digest for the ciphertext key converted from a plaintext key High encryption in non FIPS mode snmp agent calculate password plain password mode 3desmd5 3dessha md5 sha local engineid specified engineid engineid High encrypti...

Page 176: ...cl acl number acl ipv6 ipv6 acl number High encryption in FIPS mode in RBAC mode snmp agent usm user v3 user name user role role name remote ip address ipv6 ipv6 address vpn instance vpn instance name cipher simple authentication mode sha auth password privacy mode aes128 priv password acl acl number acl ipv6 ipv6 acl number Low encryption in VACM mode snmp agent usm user v3 user name group name r...

Page 177: ...peration The agent logs the IP address of the NMS name of the accessed node and node OID Set operation The agent logs the NMS IP address name of accessed node node OID variable value and error code and index for the Set operation Notification tracking The agent logs the SNMP notifications after sending them to the NMS The SNMP module sends these logs to the information center as informational mess...

Page 178: ...em view system view N A 2 Enable notifications globally snmp agent trap enable configuration protocol standard authentication coldstart linkdown linkup warmstart system By default SNMP configuration notifications standard notifications and system notifications are enabled Whether other SNMP notifications are enabled varies by modules 3 Enter interface view interface interface type interface number...

Page 179: ...stem view system view N A 2 Configure a target host High encryption in non FIPS mode Send traps to the target host snmp agent target host trap address udp domain ip address ipv6 ipv6 address udp port port number vpn instance vpn instance name params securityname security string v1 v2c v3 authentication privacy High encryption in FIPS mode Send traps to the target host snmp agent target host trap a...

Page 180: ... info contact location version Display SNMP agent statistics display snmp agent statistics Display the local engine ID display snmp agent local engineid Display SNMP group information display snmp agent group group name Display remote engine IDs display snmp agent remote ip address vpn instance vpn instance name ipv6 ipv6 address vpn instance vpn instance name Display basic information about the n...

Page 181: ... Agent snmp agent community read public Agent snmp agent community write private Configure contact and physical location information for the agent Agent snmp agent sys info contact Mr Wang Tel 3306 Agent snmp agent sys info location telephone closet 3rd floor Enable SNMP notifications specify the NMS at 1 1 1 2 as an SNMP trap destination and use public as the community name To make sure the NMS c...

Page 182: ... 50 GenericID 4 SpecificID 0 Time Stamp 8 35 25 68 SNMPv3 configuration example Network requirements As shown in Figure 54 the NMS 1 1 1 2 24 uses SNMPv3 to monitor and manage the interface status of the agent 1 1 1 1 24 The agent automatically sends notifications to report events to the NMS The default UDP port 162 is used for SNMP notifications The NMS and the agent perform authentication when t...

Page 183: ...tion information for the agent Agent snmp agent sys info contact Mr Wang Tel 3306 Agent snmp agent sys info location telephone closet 3rd floor Enable notifications specify the NMS at 1 1 1 2 as a notification destination and set the username to managev3user for the notifications Agent snmp agent trap enable Agent snmp agent target host trap address udp domain 1 1 1 2 params securityname managev3u...

Page 184: ...r the agent Agent snmp agent sys info contact Mr Wang Tel 3306 Agent snmp agent sys info location telephone closet 3rd floor Enable notifications specify the NMS at 1 1 1 2 as a trap destination and set the username to managev3user for the traps Agent snmp agent trap enable Agent snmp agent target host trap address udp domain 1 1 1 2 params securityname managev3user v3 privacy 2 Configure the SNMP...

Page 185: ...NMP_SETDENY IPAddr 1 1 1 2 SecurityName managev3user SecurityModel SNMPv3 OP SET Node sysName 1 3 6 1 2 1 1 5 0 Value h3c Permission denied Log in to the agent You can see a notification on the NMS hh3cLogIn inform received from 192 168 41 41 at 2013 8 14 17 36 16 Time stamp 0 days 08h 03m 43s 37th Agent address 1 1 1 1 Port 62861 Transport IP UDP Protocol SNMPv2c Inform Manager address 1 1 1 2 Po...

Page 186: ...rd RMON groups H3C implements the statistics group history group event group alarm group probe configuration group and user history group H3C also implements a private alarm group which enhances the standard alarm group The probe configuration group and user history group are not configurable from the CLI To configure these two groups you must access the MIB For more information about MIB settings...

Page 187: ...monitored variable is greater than or equal to the rising threshold a rising alarm event is triggered If the value of the monitored variable is smaller than or equal to the falling threshold a falling alarm event is triggered The event group defines the action to take on the alarm event If an alarm entry crosses a threshold multiple times in succession the RMON agent generates an alarm event only ...

Page 188: ... from the current value and then compares the difference with the rising and falling thresholds Protocols and standards RFC 4502 Remote Network Monitoring Management Information Base Version 2 RFC 2819 Remote Network Monitoring Management Information Base Status of this Memo Configuring the RMON statistics function RMON implements the statistics function through the Ethernet statistics group and t...

Page 189: ...Ethernet interface view interface interface type interface number N A 3 Create an entry for the interface in the RMON history control table rmon history entry number buckets number interval sampling interval owner text By default the RMON history control table does not contain entries You can create a maximum of 100 history control entries Configuring the RMON alarm function When you configure the...

Page 190: ...able sampling interval absolute delta startup alarm falling rising rising falling rising threshold threshold value1 event entry1 falling threshold threshold value2 event entry2 owner text Create an entry in the private alarm table rmon prialarm entry number prialarm formula prialarm des sampling interval absolute delta startup alarm falling rising rising falling rising threshold threshold value1 e...

Page 191: ... Sysname system view Sysname interface gigabitethernet 2 0 1 Sysname GigabitEthernet1 0 1 rmon statistics 1 owner user1 Display statistics collected for GigabitEthernet 2 0 1 Sysname display rmon statistics gigabitethernet 2 0 1 EtherStatsEntry 1 owned by user1 is VALID Interface GigabitEthernet2 0 1 ifIndex 3 etherStatsOctets 21657 etherStatsPkts 307 etherStatsBroadcastPkts 56 etherStatsMulticast...

Page 192: ...or GigabitEthernet 2 0 1 Sysname GigabitEthernet2 0 1 display rmon history HistoryControlEntry 1 owned by user1 is VALID Sampled interface GigabitEthernet2 0 1 ifIndex 3 Sampling interval 60 sec with 8 buckets max Sampling record 1 dropevents 0 octets 834 packets 8 broadcast packets 1 multicast packets 6 CRC alignment errors 0 undersize packets 0 oversize packets 0 fragments 0 jabbers 0 collisions...

Page 193: ...0 octets 766 packets 7 broadcast packets 0 multicast packets 6 CRC alignment errors 0 undersize packets 0 oversize packets 0 fragments 0 jabbers 0 collisions 0 utilization 0 Sampling record 8 dropevents 0 octets 1154 packets 13 broadcast packets 1 multicast packets 6 CRC alignment errors 0 undersize packets 0 oversize packets 0 fragments 0 jabbers 0 collisions 0 utilization 0 Get the traffic stati...

Page 194: ...cations when the delta sample for 1 3 6 1 2 1 16 1 1 1 4 1 exceeds 100 or drops below 50 Sysname rmon event 1 trap public owner user1 Sysname rmon alarm 1 1 3 6 1 2 1 16 1 1 1 4 1 5 delta rising threshold 100 1 falling threshold 50 1 owner user1 NOTE The string 1 3 6 1 2 1 16 1 1 1 4 1 is the object instance for GigabitEthernet 2 0 1 The digits before the last digit 1 3 6 1 2 1 16 1 1 1 4 represen...

Page 195: ...g packets by size 64 7 65 127 413 128 255 35 256 511 0 512 1023 0 1024 1518 0 Query alarm events on the NMS Details not shown On the device alarm event messages are displayed when events occur The following is a sample alarm event message Sysname Apr 6 09 23 53 357 2013 sysname SNMP 6 SNMP_NOTIFY Notification fallingA larm 1 3 6 1 2 1 16 0 2 with alarmIndex 1 3 6 1 2 1 16 3 1 1 1 1 1 alarmVariab l...

Page 196: ... manager RTM and a set of user defined monitor policies as shown in Figure 59 Figure 59 EAA framework Event sources Event sources are software or hardware modules that create events see Figure 59 For example the CLI module creates an event when you enter a command The Syslog module the information center produces an event when it receives a log message Event monitors EAA creates one event monitor ...

Page 197: ...y the EAA RTM does not trigger the monitor policy to run Process Process event occurs in response to a state change of the monitored process such as an exception shutdown start or restart Both manual and automatic state changes can cause the event to occur Hotplug Hotplug event occurs when the monitored card is inserted or removed while the device is operating Interface Each interface event is ass...

Page 198: ...user roles see RBAC in Fundamentals Configuration Guide Runtime Policy runtime limits the amount of time that the monitor policy can run from the time it is triggered This setting prevents system resources from being occupied by incorrectly defined policies EAA environment variables EAA environment variables decouple the configuration of action arguments from the monitor policy so you can modify a...

Page 199: ...bslot ID of the subslot where a hot swap event occurs Interface _ifname Interface name SNMP _oid OID of the MIB variable where an SNMP operation is performed _oid_value Value of the MIB variable SNMP Notification _oid OID that is included in the SNMP notification Process _process_name Process name User defined variables You can use user defined variables for all types of events User defined variab...

Page 200: ...ctions in different policies do not conflict Policy execution result will be unpredictable if policies that conflict in actions are running concurrently You can assign the same policy name to a CLI defined policy and a Tcl defined policy However you cannot assign the same name to policies that are the same type The system executes the actions in a policy in ascending order of action IDs When you a...

Page 201: ...standalone mode event process exception restart shutdown start name process name instance instance id slot slot number Configure a process event in IRF mode event process exception restart shutdown start name process name instance instance id chassis chassis number slot slot number Configure an SNMP event event snmp oid oid monitor obj get next start op start op start val start val restart op rest...

Page 202: ... value or specify a variable name in variable_name format for an argument 5 Optional Assign a user role to the policy user role role name By default a monitor policy contains user roles that its creator had at the time of policy creation A monitor policy supports a maximum of 64 valid user roles User roles added after this limit is reached do not take effect 6 Optional Configure the policy runtime...

Page 203: ... comware rtm event_register eventname arg1 arg2 arg3 user role rolename1 user role rolename2 running time running time The arg1 arg2 arg3 arguments represent event matching rules If an argument value contains spaces use double quotation marks to enclose the value For example a b c Line 2 Actions You may reference a variable name in the variable_name format instead of specifying a value for an argu...

Page 204: ... test Add a CLI event that occurs when a question mark is entered at any command line that contains letters and digits Sysname rtm test event cli async mode help pattern a zA Z0 9 Add an action that sends the message hello world with a priority of 4 from the logging facility local3 when the event occurs Sysname rtm test action 0 syslog priority 4 facility local3 msg hello world Add an action that ...

Page 205: ...nvironment variables configuration example Network requirements Define an environment variable to match the IP address 1 1 1 1 Configure a policy from the CLI to monitor the event that occurs when a command line that contains loopback0 is executed In the policy use the environment variable for IP address assignment When the event occurs the system performs the following tasks Creates the Loopback ...

Page 206: ...ation center to output log messages to the current monitoring terminal Sysname terminal monitor Execute the loopback0 command Verify that the system displays the loopback0 message and a policy successfully executed message on the terminal screen Sysname loopback0 Sysname Jan 3 09 46 10 592 2014 Device001 RTM 0 RTM_ACTION MDC 1 loopback0 Jan 3 09 46 10 613 2014 Device001 RTM 6 RTM_POLICY MDC 1 CLI ...

Page 207: ...ed policy test and bind it to the Tcl script file Sysname system view Sysname rtm tcl policy test rtm_tcl_test tcl Sysname quit Verifying the configuration Display information about the policy Sysname display rtm policy registered Total number 1 Type Event TimeRegistered PolicyName TCL TCL Aug 29 14 54 50 2013 test Enable the information center to output log messages to the current monitoring term...

Page 208: ...ds You can execute these commands in any view The system identifies a process that consumes excessive memory or CPU resources as an anomaly source To display and maintain processes in standalone mode Task Command Display memory usage display memory slot slot number cpu cpu number Display process state information display process all job job id name process name slot slot number cpu cpu number Disp...

Page 209: ...ss display process memory heap job job id size memory size offset offset size slot slot number cpu cpu number Display memory content starting from a specified memory block for a user process display process memory heap job job id address starting address length memory length slot slot number cpu cpu number Display context information for process exceptions display exception context count value slo...

Page 210: ...ich defaults to 1 process core maxcore value off job job id name process name chassis chassis number slot slot number cpu cpu number Specify the directory for saving core files the default directory is the root directory of the storage medium on the global active MPU exception filepath directory Clear context information for process exceptions reset exception context chassis chassis number slot sl...

Page 211: ... slot number cpu cpu number The default is 8 seconds 4 Optional Disable kernel thread deadloop detection for a kernel thread monitor kernel deadloop exclude thread tid chassis chassis number slot slot number cpu cpu number After enabled kernel thread deadloop detection monitors all kernel threads by default Configuring kernel thread starvation detection CAUTION The system detects whether or not ke...

Page 212: ...ation exclude thread tid chassis chassis number slot slot number cpu cpu number After enabled kernel thread starvation detection monitors all kernel threads by default Displaying and maintaining kernel threads Execute display commands in any view and reset commands in user view in standalone mode Task Command Display kernel thread deadloop information display kernel deadloop show number offset ver...

Page 213: ...ormation display kernel reboot show number offset verbose chassis chassis number slot slot number cpu cpu number Display kernel thread starvation information display kernel starvation show number offset verbose chassis chassis number slot slot number cpu cpu number Display kernel thread starvation detection configuration display kernel starvation configuration chassis chassis number slot slot numb...

Page 214: ... For more information about NetStream see Configuring NetStream Creating a sampler Step Command Remarks 1 Enter system view system view N A 2 Create a sampler sampler sampler name mode fixed random packet interval rate By default no sampler exists Displaying and maintaining a sampler Execute display commands in any view Task Command Display configuration information about the sampler in standalone...

Page 215: ...ice interface gigabitethernet 2 1 2 Device GigabitEthernet2 1 2 ip address 11 110 2 1 255 255 0 0 Device GigabitEthernet2 1 2 ip netstream inbound Device GigabitEthernet2 1 2 ip netstream inbound sampler 100 Enable IPv4 NetStream to use sampler 200 to collect statistics about outgoing traffic on GigabitEthernet 2 1 2 Device GigabitEthernet2 1 2 ip netstream outbound Device GigabitEthernet2 1 2 ip ...

Page 216: ...s and connects to a data monitoring device Mirrored packets are sent out of the monitor port to the data monitoring device A monitor port might receive multiple copies of a packet when it monitors multiple mirroring sources For example two copies of a packet are received on Port 1 when the following conditions exist Port 1 is monitoring bidirectional traffic of Port 2 and Port 3 on the same device...

Page 217: ...of the device As shown in Figure 62 the source port GigabitEthernet 2 0 1 and the monitor port GigabitEthernet 2 0 2 reside on the same device Packets received on GigabitEthernet 2 0 1 are copied to GigabitEthernet 2 0 2 GigabitEthernet 2 0 2 then forwards the packets to the data monitoring device for analysis Figure 62 Local port mirroring implementation Configuring local port mirroring A local m...

Page 218: ...s A mirroring group can contain multiple source ports Typically a port can act as a source port only for one mirroring group A source port cannot be configured as a monitor port Configuring source ports in system view Step Command Remarks 1 Enter system view system view N A 2 Configure source ports for a local mirroring group mirroring group group id mirroring port interface list both inbound outb...

Page 219: ...e monitor port in system view Step Command Remarks 1 Enter system view system view N A 2 Configure the monitor port for a local mirroring group mirroring group group id monitor port interface type interface number By default no monitor port is configured for a local mirroring group Configuring the monitor port in interface view Step Command Remarks 1 Enter system view system view N A 2 Enter inter...

Page 220: ...gure GigabitEthernet 2 0 1 and GigabitEthernet 2 0 2 as source ports for local mirroring group 1 Device mirroring group 1 mirroring port gigabitethernet 2 0 1 gigabitethernet 2 0 2 both Configure GigabitEthernet 2 0 3 as the monitor port for local mirroring group 1 Device mirroring group 1 monitor port gigabitethernet 2 0 3 Verifying the configuration Verify the mirroring group configuration Devic...

Page 221: ...lows by using the 7 tuple elements Collects data from the classified flows Aggregates and exports the data to the NSC NetStream collector A program running in an operation system The NSC parses the packets received from the NDEs and saves the data to its database NetStream data analyzer A network traffic analyzing tool Based on the data in NSC the NDA generates reports for traffic billing network ...

Page 222: ...Stream collects and exports the statistics of each flow to NetStream servers This method consumes more bandwidth and CPU than the aggregation method and it requires a large cache size Aggregation data export NetStream aggregation merges the flow statistics according to the aggregation criteria of an aggregation mode and it sends the summarized data to NetStream servers The NetStream aggregation da...

Page 223: ... number Source port Destination port Source prefix aggregation Source AS number Source address mask length Source prefix source network address Inbound interface index Destination prefix aggregation Destination AS number Destination address mask length Destination prefix destination network address Outbound interface index Prefix aggregation Source AS number Destination AS number Source address ma...

Page 224: ...packets are not forwarded according to the BGP routing table in an aggregation mode with AS the AS number cannot be obtained If the packets are not forwarded according to the BGP routing table in the aggregation mode of ToS BGP nexthop the BGP next hop cannot be obtained NetStream export formats NetStream exports data in UDP datagrams in one of the following formats Version 5 Exports original stat...

Page 225: ...eful when the network has a large amount of traffic NetStream on sampled traffic lessens the impact on the device s performance For more information about sampling see Configuring samplers NetStream configuration task list When you configure NetStream choose the following configurations as needed Choose the device on which you want to enable NetStream If multiple service flows are passing through ...

Page 226: ...g Required Perform at least one of the following tasks to configure NetStream data export Configuring the NetStream traditional data export Configuring the NetStream aggregation data export Enabling NetStream Step Command Remarks 1 Enter system view system view N A Start Configure NetStream filtering Filter Yes No Sample End Configure NetStream sampling Yes No Aggregate Configure aggregation data ...

Page 227: ... NetStream filtering on the interface ip netstream inbound outbound filter acl acl number By default NetStream filtering is disabled NetStream collects statistics of all IPv4 packets passing through the interface Configuring NetStream sampling Step Command Remarks 1 Enter system view system view N A 2 Create a sampler sampler sampler name mode fixed random packet interval rate For more information...

Page 228: ... to configure the AS numbers to be exported as the source AS and destination AS origin as Exports statistics of the source AS originating the route for the source address and the destination AS for the destination address peer as Exports statistics of the peer ASs for the source and destination address For example as shown in Figure 66 a flow starts at AS 20 passes AS 21 through AS 23 and then rea...

Page 229: ...er system view system view N A 2 Optional Configure the refresh frequency for NetStream version 9 templates ip netstream export v9 template refresh rate packet packets By default the version 9 templates are sent every 20 packets 3 Optional Configure the refresh interval for NetStream version 9 templates ip netstream export v9 template refresh rate time minutes By default the version 9 templates ar...

Page 230: ...ng commands Use the reset ip netstream statistics command This command ages out all NetStream entries and exports and clears the statistics Use the ip netstream max entry command This command provides the following processing options when the upper limit is reached Age out the entries Disable creation of a new entry in the cache TCP FIN and RST triggered aging TCP FIN and RST triggered aging is au...

Page 231: ...ess of the output interface as the source IP address 4 Optional Limit the data export rate ip netstream export rate rate By default the data export rate is not limited Configuring the NetStream aggregation data export NetStream aggregation is implemented by software Configuration restrictions and guidelines When you configure the NetStream aggregation data export follow these restrictions and guid...

Page 232: ...nterfaces in different NetStream aggregation mode views can be different If no source interface is configured in NetStream aggregation mode view the source interface configured in system view applies 5 Enable NetStream aggregation enable By default NetStream aggregation is disabled Displaying and maintaining NetStream Execute display commands in any view and reset commands in user view Task Comman...

Page 233: ... 255 0 0 Enable NetStream for incoming traffic on GigabitEthernet 2 0 1 RouterA GigabitEthernet2 0 1 ip netstream inbound RouterA GigabitEthernet2 0 1 quit Assign an IP address to GigabitEthernet 2 0 2 RouterA interface gigabitethernet 2 0 2 RouterA GigabitEthernet2 0 2 ip address 12 110 2 1 255 255 0 0 Enable NetStream for outgoing traffic on GigabitEthernet 2 0 2 RouterA GigabitEthernet2 0 2 ip ...

Page 234: ... IP MASK Lbl Exp S List IP 12 110 2 2 0 11 111 2 2 0 1 0 GE2 0 1 I 5 IP 12 110 2 2 0 11 111 2 2 0 1 0 GE2 0 2 O 5 Display the statistics of the NetStream data export RouterA display ip netstream export IP export information Flow source interface Not specified Flow destination VPN instance Not specified Flow destination IP address UDP 12 110 2 2 5000 Version 5 exported flows number 0 Version 5 expo...

Page 235: ...5000 RouterA ip netstream export host 4 1 1 1 5000 Configure the aggregation mode as AS and specify the destination host for the aggregation data export RouterA ip netstream aggregation as RouterA ns aggregation as enable RouterA ns aggregation as ip netstream export host 4 1 1 1 2000 RouterA ns aggregation as quit Configure the aggregation mode as protocol port and specify the destination host fo...

Page 236: ...che IP NetStream cache information Active flow timeout 30 min Inactive flow timeout 10 sec Max number of entries 1024 IP active flow entries 2 MPLS active flow entries 0 L2 active flow entries 0 IPL2 active flow entries 0 IP flow entries counted 0 MPLS flow entries counted 0 L2 flow entries counted 0 IPL2 flow entries counted 0 Last statistics resetting time Never IP packet size distribution 11 pa...

Page 237: ...mation Flow source interface Not specified Flow destination VPN instance Not specified Flow destination IP address UDP 4 1 1 1 4000 Version 8 exported flows number 2 Version 8 exported UDP datagrams number failed 2 0 Version 9 exported flows number 0 Version 9 exported UDP datagrams number failed 0 0 destination prefix aggregation export information Flow source interface Not specified Flow destina...

Page 238: ...ination VPN instance Not specified Flow destination IP address UDP 4 1 1 1 5000 Version 5 exported flows number 10 Version 5 exported UDP datagrams number failed 10 0 Version 9 exported flows number 0 Version 9 exported UDP datagrams number failed 0 0 ...

Page 239: ...ies traffic flows by using the 8 tuple elements Collects data from the classified flows Aggregates and exports the data to the NSC NetStream collector A program running in a Unix or Windows operating system The NSC parses the packets received from the NDEs and saves the data to its database NetStream data analyzer A network traffic analyzing tool Based on the data in NSC the NDA generates reports ...

Page 240: ...tStream collects and exports the statistics of each flow to NetStream servers This method consumes a lot of bandwidth and CPU usage and requires a large cache size In addition you do not need all of the data in most cases Aggregation data export An IPv6 NetStream aggregation mode merges the flow statistics according to the aggregation criteria of the aggregation mode and it sends the summarized da...

Page 241: ...tination network address Output interface index BGP nexthop BGP next hop Output interface index If IPv6 packets are not forwarded according to the BGP routing table the AS number or BGP next hop cannot be obtained IPv6 NetStream data export format IPv6 NetStream exports data in the version 9 format which is template based The version 9 format supports exporting the IPv6 NetStream aggregation data ...

Page 242: ... through the NDE use an ACL to select the target data If the network has a large amount of traffic configure IPv6 NetStream sampling Determine the export format for the IPv6 NetStream data export Configure IPv6 NetStream flow aging To reduce the bandwidth consumption of the IPv6 NetStream data export configure IPv6 NetStream aggregation Figure 70 IPv6 NetStream configuration flow To configure IPv6...

Page 243: ... on the interface ipv6 netstream inbound outbound By default IPv6 NetStream is disabled on an interface Configuring IPv6 NetStream filtering When you configure IPv6 NetStream filtering follow these restrictions and guidelines The IPv6 NetStream filtering function does not take effect on MPLS packets If IPv6 NetStream filtering and sampling are both configured IPv6 packets are filtered first and th...

Page 244: ...source IPv6 address destination IPv6 address and their respective AS numbers You can choose to configure which AS numbers are to be exported as the source AS and destination AS origin as Exports statistics of the source AS originating the route for the source address and the destination AS for the destination address peer as Exports statistics of the peer ASs for the source and destination address...

Page 245: ...v6 fields The peer AS numbers are recorded The BGP next hop is not recorded Configuring the refresh rate for IPv6 NetStream version 9 templates Version 9 is template based and supports user defined formats An IPv6 NetStream enabled device must periodically resend the updated template to NetStream servers The server cannot associate the statistics with their proper fields when the following conditi...

Page 246: ...lect and export statistics on MPLS packets ip netstream mpls label positions label position1 label position2 label position3 no ip fields By default statistics of MPLS packets are not collected or exported Configuring IPv6 NetStream flow aging Flow aging methods Periodical aging Periodical aging has the following methods Inactive flow aging A flow is inactive if no packet arrives for the IPv6 NetS...

Page 247: ...cket with a FIN or RST flag is recorded for a flow with an existing IPv6 NetStream entry the entry is immediately aged out exported and cleared However when the first packet of a flow has a FIN or RST flag a new IPv6 NetStream entry is created instead of being aged out This type of aging is enabled by default and is not user configurable Configuration procedure To configure IPv6 NetStream flow agi...

Page 248: ...g the IPv6 NetStream aggregation data export The IPv6 NetStream aggregation is implemented by software Configurations in IPv6 NetStream aggregation mode view apply only to the IPv6 NetStream aggregation data export Configurations in system view apply to the IPv6 NetStream traditional data export When no configuration in IPv6 NetStream aggregation mode view is provided the configurations in system ...

Page 249: ...gation is disabled Displaying and maintaining IPv6 NetStream Execute display commands in any view and reset commands in user view Task Command Display IPv6 NetStream entry information in the cache in standalone mode display ipv6 netstream cache slot slot number verbose Display IPv6 NetStream entry information in the cache in IRF mode display ipv6 netstream cache chassis chassis number slot slot nu...

Page 250: ... NetStream for incoming and outgoing traffic on GigabitEthernet 2 0 1 RouterA GigabitEthernet2 0 1 ipv6 netstream inbound RouterA GigabitEthernet2 0 1 ipv6 netstream outbound RouterA GigabitEthernet2 0 1 quit Specify the export destination host as 40 1 64 with UDP port 5000 RouterA ipv6 netstream export host 40 1 64 5000 Verifying the configuration Display IPv6 NetStream entry information in the c...

Page 251: ...21 6 0 0x0 GE2 0 1 I 42996 IP 2001 1 1024 2002 1 21 6 0 0x0 GE2 0 1 O 42996 Display the statistics of the IPv6 NetStream data export RouterA display ipv6 netstream export IPv6 export information Flow source interface Not specified Flow destination VPN instance Not specified Flow destination IP address UDP 40 1 5000 Version 9 exported flows number 10 Version 9 exported UDP datagrams number failed 1...

Page 252: ...A ns6 aggregation as ipv6 netstream export host 40 1 2000 RouterA ns6 aggregation as quit Configure the aggregation mode as protocol port and specify the destination host for the aggregation data export RouterA ipv6 netstream aggregation protocol port RouterA ns6 aggregation protport enable RouterA ns6 aggregation protport ipv6 netstream export host 40 1 3000 RouterA ns6 aggregation protport quit ...

Page 253: ...information Flow source interface Not specified Flow destination VPN instance Not specified Flow destination IP address UDP 40 1 3000 Version 9 exported flows number 0 Version 9 exported UDP datagrams number failed 0 0 source prefix aggregation export information Flow source interface Not specified Flow destination VPN instance Not specified Flow destination IP address UDP 40 1 4000 Version 9 expo...

Page 254: ...Flow source interface Not specified Flow destination VPN instance Not specified Flow destination IP address UDP 40 1 5000 Version 9 exported flows number 0 Version 9 exported UDP datagrams number failed 0 0 ...

Page 255: ...information center to save resources Log types Logs are classified into the following types Common logs Record common system information Unless otherwise specified the term logs in this document refers to common logs Diagnostic logs Record debug messages Security logs Record security information such as authentication and authorization information Hidden logs Record log information not displayed o...

Page 256: ...e system outputs logs to the following destinations console monitor terminal log buffer log host and log file Log output destinations are independent and you can configure them after enabling the information center Default output rules for logs A log output rule specifies the source modules and severity level of logs that can be output to a destination Logs matching the output rule are output to t...

Page 257: ...or hidden logs Destination Log source modules Output switch Severity Log host All supported modules Enabled Informational Log buffer All supported modules Enabled Informational Log file All supported modules Enabled Informational Default output rules for trace logs Trace logs can only be output to the trace log file and cannot be filtered by source modules and severity levels Table 19 shows the de...

Page 258: ...73000 020 VTY logged in from 192 168 1 21 cmcc format 189 Oct 9 14 59 04 2009 Sysname 10SHELL 5 SHELL_LO GIN VTY logged in from 192 168 1 21 Table 22 describes the fields in a log message Table 22 Log field description Field Description Prefix information type A log to a destination other than the log host has an identifier in front of the timestamp An identifier of percent sign indicates a log wi...

Page 259: ...ID Indicates that the information was generated by an H3C device This field exists only in logs sent to the log host vv version information Identifies the version of the log and has a value of 10 This field exists only in logs that are sent to the log host Module Specifies the name of the module that generated the log You can enter the info center source command in system view to view the module l...

Page 260: ...g host support this parameter 189 2003 05 30T06 42 44 Sysname 10FTPD 5 FTPD_LOGIN l User ftp 192 168 1 23 has logged in successfully 2003 05 30T06 42 44 is a timestamp in the iso format none No timestamp is included All logs support this parameter Sysname FTPD 5 FTPD_LOGIN User ftp 192 168 1 23 has logged in successfully No timestamp is included no year date Current date and time without year info...

Page 261: ...e monitor logbuffer logfile loghost deny level severity For information about default output rules see Default output rules for logs 4 Optional Configure the timestamp format info center timestamp boot date none By default the timestamp format is date 5 Return to user view quit N A 6 Optional Enable log output to the console terminal monitor The default setting is enabled 7 Enable the display of d...

Page 262: ...n center info center enable By default the information center is enabled 3 Configure an output rule for outputting logs to a log host info center source module name default console monitor logbuffer logfile loghost deny level severity For information about default output rules see Default output rules for logs 4 Optional Specify the source IP address for output logs info center loghost source inte...

Page 263: ...o a log file After saving logs to a log file the system clears the log file buffer The device supports multiple log files Each log file has a maximum capacity The log files are named as logfile1 log logfile2 log and so on When the maximum capacity of logfile1 log is reached the system compresses logfile1 log as logfile1 log gz and creates a new log file named logfile2 log You can download the comp...

Page 264: ...ty logs are very important for locating and troubleshooting network problems Generally security logs are output together with other logs It is difficult to identify security logs among all logs To solve this problem you can save security logs to the security log file without affecting the current log output rules Saving security logs to the security log file After you enable the saving of the secu...

Page 265: ...inistrator must pass local AAA authentication first For more information about security log administrator see Security Configuration Guide To manage the security log file Task Command Remarks Display a summary of the security log file display security logfile summary Available in user view Change the directory of the security log file 7 system view 8 info center security logfile directory dir name...

Page 266: ... file info center diagnostic logfile quota size By default the maximum size of a diagnostic log file is 5 MB To ensure normal operation set the size argument to a value between 1 MB and 10 MB 5 Optional Specify the directory to save diagnostic log files info center diagnostic logfile directory dir name By default diagnostic log files are saved in the diagfile directory under the root directory of ...

Page 267: ...ise the log host cannot receive logs 4 Optional Specify the source IP address for output custom NAT444 logs customlog host source interface type interface number By default the source IP address of output custom NAT444 logs is the primary IP address of the matching route s egress interface 5 Optional Configure the timestamp of output custom NAT444 logs to show the local time customlog timestamp lo...

Page 268: ...ble duplicate log suppression info center logging suppress duplicates By default duplicate log suppression is disabled Disabling an interface from generating link up or link down logs By default all interfaces generate link up or link down log information when the interface state changes In some cases you might want to disable certain interfaces from generating this information For example You are...

Page 269: ...ber Display the configuration of the log file display logfile summary Display the diagnostic log file configuration display diagnostic logfile summary Clear the log buffer reset logbuffer Information center configuration examples Configuration example for outputting logs to the console Network requirements Configure the device to send the console FTP logs that have a severity level of at least war...

Page 270: ...0 1 16 and specify local4 as the logging facility Device info center loghost 1 2 0 1 facility local4 Disable log output to the log host Device info center source default loghost deny To avoid output of unnecessary information disable all modules from outputting logs to the specified destination loghost in this example before you configure an output rule Configure an output rule to output to the lo...

Page 271: ...logd using the r option to make the new configuration take effect ps ae grep syslogd 147 kill HUP 147 syslogd r Now the device can output FTP logs to the log host which stores the logs to the specified file Configuration example for outputting logs to a Linux log host Network requirements Configure the device to output to the Linux log host 1 2 0 1 16 FTP logs that have a severity level of at leas...

Page 272: ...receive logs info is the informational level The Linux system will store the log information with a severity level equal to or higher than informational to the file var log Device info log NOTE Follow these guidelines while editing the file etc syslog conf Comments must be on a separate line and must begin with a pound sign No redundant spaces are allowed after the file name The logging facility n...

Page 273: ...P UDP port number before NAT DestPort Destination TCP UDP port number before NAT StartTime Start time of the flow in seconds EndTime End time of the flow in seconds This field is 0 if the Operator field is 6 regular connectivity check record for the active flow Protocol Protocol number Operator Reasons why a flow log entry was generated 0 Reserved 1 Flow was ended normally 2 Flow was aged out beca...

Page 274: ... NAT DestIP Destination IP address before NAT DestNatIP Destination IP address after NAT SrcPort Source TCP UDP port number before NAT SrcNatPort Source TCP UDP port number after NAT DestPort Destination TCP UDP port number before NAT DestNatPort Destination TCP UDP port number after NAT StartTime Start time of the flow in seconds EndTime End time of the flow in seconds This field is 0 when the Op...

Page 275: ...AT flows nat log flow active Logging of NAT session establishment events nat log flow begin Logging of NAT session removal events nat log flow end For more information about the NAT logging commands see Layer 3 IP Services Command Reference Configuring the flow log version Step Command Remarks 1 Enter system view system view N A 2 Configure the flow log version userlog flow export version version ...

Page 276: ...tries The flow log entries generated for the same source IP address are sent to the same log host If a log host goes down the flow logs sent to it will be lost To enable load balancing for flow log entries Step Command Remarks 1 Enter system view system view N A 2 Enable load balancing for flow log entries userlog flow export load balancing By default load balancing is disabled Configuring the tim...

Page 277: ...eadable However the log data volume is higher in ASCII format than in binary format Specifying a log host as the flow log export destination Step Command Remarks 1 Enter system view system view N A 2 Specify a log host as the destination for flow log export userlog flow export vpn instance vpn instance name host hostname ipv4 address ipv6 ipv6 address port udp port By default no log hosts are spec...

Page 278: ...nable NAT logging for session establishment events session removal events and active flows Device nat log flow begin Device nat log flow end Device nat log flow active 10 Set the flow log version to 3 0 Device userlog flow export version 3 Specify the log host at 1 2 3 6 as the destination for flow log export Set the UDP port number to 2000 Device userlog flow export host 1 2 3 6 port 2000 Specify...

Page 279: ...5 Flow Export flow log as UDP Packet Version 3 0 Source address 2 2 2 2 Log load balance function Disabled Log host numbers 1 Log host 1 IP address Port 1 2 3 6 2000 Total logs UDP packets exported 112 87 ...

Page 280: ...he NQA client 31 Configuring NTP association modes 72 Configuring NTP authentication 76 Configuring NTP optional parameters 84 Configuring SNMP basic parameters 157 Configuring SNMP logging 163 Configuring SNMP notifications 164 Configuring SNTP authentication 109 Configuring SyncE on an Ethernet interface 152 Configuring the flow log version 261 Configuring the IPv6 NetStream data export 233 Conf...

Page 281: ...configuration example 206 M Managing security logs 250 Monitoring kernel threads 196 N NetStream configuration examples 219 NetStream configuration task list 21 1 Network synchronization configuration example 150 Network synchronization configuration task list 143 NQA configuration examples 38 NQA configuration task list 10 NTP broadcast mode configuration example 92 NTP client server mode configu...

Page 282: ...MPv3 configuration example 168 SNTP configuration example 1 10 Specifying a flow log export destination 263 Specifying a line clock input port 146 Specifying a source IP address for flow log packets 261 Specifying an NTP server for the device 109 Suspending monitor policies 189 SyncE configuration example 153 System debugging 6 T Tracert 3 ...

Reviews:

No comments