manualshive.com logo in svg

HPE FlexFabric 5700 Series, Network Management And Monitoring Configuration Manual

Share
Download
HPE FlexFabric 5700 Series Network Management And Monitoring Configuration Manual Download Page 277

 

268 

This expression contains keywords, arithmetic operators (

expr

), and relational operators (

relop

). For 

example, 

len+100>=200

 captures packets that are greater than or equal to 100 bytes. 

The proto [ expr:size ] expression 

Use this type of expression to capture packets that match the result of arithmetic operations on a 
number of bytes relative to a protocol layer. 

This type of expression contains the following elements: 

 

proto—

Specifies a protocol layer. 

 

[]—Performs arithmetic operations on a number of bytes relative to the protocol layer. 

 

expr

—Specifies the arithmetic expression. 

 

size

—Specifies the byte offset. This offset indicates the number of bytes relative to the protocol 

layer. The operation is performed on the specified bytes. The offset is set to 1 byte if you do not 
specify an offset. 

For example, 

ip[0]&0xf !=5

 captures an IP packet if the result of ANDing the first byte with 0x0f is not 

5. 

To match a field, you can specify a field name for

 expr

:

size

. For example, 

icmp[icmptype]=0x08

 

captures ICMP packets that contain a value of 0x08 in the Type field. 

The vlan vlan_id expression 

Use this type of expression to capture 802.1Q tagged VLAN traffic. 

This type of expression contains the 

vlan

 

vlan_id

 keywords and logical operators. The 

vlan_id

 

variable is an integer that specifies a VLAN ID. For example, 

vlan 1 and ip6

 captures IPv6 packets 

in VLAN 1. 

To capture 802.1Q tagged traffic, you must use the 

vlan

 

vlan_id

 expression prior to any other 

expressions. An expression matches untagged packets if it does not follow a 

vlan

 

vlan_id

 

expression. For example: 

 

vlan 1 and !tcp—Captures VLAN 1-tagged non-TCP packets. 

 

icmp and vlan 1

—Captures untagged ICMP packets that are VLAN 1 tagged. This expression 

does not capture any packets because no packets can be both tagged and untagged. 

Building a display filter 

This section provides the most commonly used expression types for display filters. 

Logical expression 

Use this type of expression to display packets that match the result of logical operations. 

Logical expressions contain keywords and logical operators. For example, 

ftp or icmp

 displays all 

FTP packets and ICMP packets. 

Relational expression 

Use this type of expression to display packets that match the result of comparison operations.  

Relational expressions contain keywords and relational operators. For example, 

ip.len<=28

 displays 

IP packets that contain a value of 28 or fewer bytes in the length field. 

Packet field expression 

Use this type of expression to display packets that contain a specific field. 

Packet field expressions contain only packet field strings. For example, 

tcp.flags.syn

 displays all 

TCP packets that contain the SYN bit field. 

The proto[…] expression 

Use this type of expression to display packets that contain specific field values. 

Summary of Contents for FlexFabric 5700 Series

Page 1: ...HPE FlexFabric 5700 Switch Series Network Management and Monitoring Configuration Guide Part number 5998 5594R Software version Release 2422P01 and later Document version 6W100 20160331 ...

Page 2: ...nd 12 212 Commercial Computer Software Computer Software Documentation and Technical Data for Commercial Items are licensed to the U S Government under vendor s standard commercial license Links to third party websites take you outside the Hewlett Packard Enterprise website Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise ...

Page 3: ...guring NTP authentication in broadcast mode 19 Configuring NTP authentication in multicast mode 21 Configuring NTP optional parameters 23 Specifying the source interface for NTP messages 23 Disabling an interface from receiving NTP messages 24 Configuring the maximum number of dynamic associations 24 Setting a DSCP value for NTP packets 25 Configuring the local clock as a reference source 25 Displ...

Page 4: ...address for UDP packets 58 Setting the delay correction value 58 Setting the cumulative offset between the UTC and TAI 58 Setting the correction date of the UTC 59 Configuring the parameters of the BITS clock 59 Configuring a priority of the clock 60 Specifying the system time source as PTP 60 Enabling PTP on a port 60 Displaying and maintaining PTP 60 PTP configuration examples 61 PTP configurati...

Page 5: ... SNMP settings 92 SNMPv1 SNMPv2c configuration example 93 SNMPv3 in VACM mode configuration example 94 SNMPv3 in RBAC mode configuration example 96 Configuring RMON 99 Overview 99 RMON groups 99 Sample types for the alarm group and the private alarm group 101 Protocols and standards 101 Configuring the RMON statistics function 101 Creating an RMON Ethernet statistics entry 101 Creating an RMON his...

Page 6: ...xample 145 TCP operation configuration example 147 UDP echo operation configuration example 148 UDP tracert operation configuration example 149 Voice operation configuration example 151 DLSw operation configuration example 153 Path jitter operation configuration example 154 NQA collaboration configuration example 156 ICMP template configuration example 158 DNS template configuration example 159 TC...

Page 7: ...remote sFlow collector cannot receive sFlow packets 189 Monitoring and maintaining processes 190 Displaying and maintaining processes 190 Displaying and maintaining user processes 190 Monitoring kernel threads 191 Configuring kernel thread deadloop detection 191 Configuring kernel thread starvation detection 192 Displaying and maintaining kernel threads 192 Configuring EAA 194 Overview 194 EAA fra...

Page 8: ...bing to event notifications 230 Subscription procedure 230 Example for subscribing to event notifications 231 Locking unlocking the configuration 233 Locking the configuration 233 Unlocking the configuration 233 Example for locking the configuration 234 Performing service operations 235 Performing the get get bulk operation 235 Performing the get config get bulk config operation 236 Performing the...

Page 9: ...lay 269 Displaying the contents in a packet file 270 Packet capture configuration examples 270 Filtering packet data to display configuration example 270 Saving captured packets to a file configuration example 271 Document conventions and icons 272 Conventions 272 Network topology icons 273 Support and other resources 274 Accessing Hewlett Packard Enterprise Support 274 Accessing updates 274 Websi...

Page 10: ...tics Using a ping command to test network connectivity Execute ping commands in any view Task Command Determine if an address in an IP network is reachable When you configure the ping command for a low speed network set a larger value for the timeout timer indicated by the t keyword in the command For IPv4 networks ping ip a source ip c count f h ttl i interface type interface number m interval n ...

Page 11: ...wing information Device A sends five ICMP packets to Device C and Device A receives five ICMP packets No ICMP packet is lost The route is reachable Get detailed information about routes from Device A to Device C DeviceA ping r 1 1 2 2 Ping 1 1 2 2 1 1 2 2 56 data bytes press CTRL_C to break 56 bytes from 1 1 2 2 icmp_seq 0 ttl 254 time 4 685 ms RR 1 1 2 1 1 1 2 2 1 1 1 2 1 1 1 1 56 bytes from 1 1 ...

Page 12: ...he source device sends a UDP packet with a TTL value of 1 to the destination device The destination UDP port is not used by any application on the destination device 2 The first hop Device B the first Layer 3 device that receives the packet responds by sending a TTL expired ICMP error message to the source with its IP address 1 1 1 2 encapsulated This way the source device can get the address of t...

Page 13: ...tion about this command see Layer 3 IP Services Command Reference Enable sending of ICMPv6 destination unreachable packets on the destination device If the destination device is an HPE device execute the ipv6 unreachables enable command For more information about this command see Layer 3 IP Services Command Reference Using a tracert command to identify failed or all nodes in a path Execute tracert...

Page 14: ...eachable packets on Device C DeviceC system view DeviceC ip unreachables enable Execute the tracert command on Device A DeviceA tracert 1 1 2 2 traceroute to 1 1 2 2 1 1 2 2 30 hops at most 40 bytes each packet press CTRL_C to break 1 1 1 1 2 1 1 1 2 1 ms 2 ms 1 ms 2 3 4 5 DeviceA The output shows that Device A can reach Device B but cannot reach Device C An error has occurred on the connection be...

Page 15: ...e debugging switch and the screen output switch are turned on Debugging information is typically displayed on a console You can also send debugging information to other destinations For more information see Configuring the information center Figure 4 Relationship between the module and screen output switch Debugging a feature module Output of debugging commands is memory intensive To guarantee sys...

Page 16: ...ire high clock accuracy you can keep time synchronized among devices by changing their system clocks one by one NTP runs over UDP and uses UDP port 123 NOTE The term interface in this chapter collectively refers to Layer 3 interfaces How NTP works Figure 5 shows how NTP synchronizes the system time between two devices in this example Device A and Device B Assume that Prior to the time synchronizat...

Page 17: ...s higher accuracy Clocks at stratums 1 through 15 are in synchronized state and clocks at stratum 16 are not synchronized Figure 6 NTP architecture Typically a stratum 1 NTP server gets its time from an authoritative time source such as an atomic clock and provides time for other devices as the primary NTP server The accuracy of each server is the stratum with the topmost level primary servers ass...

Page 18: ...eriodically sends clock synchronization messages to a symmetric passive peer The symmetric passive peer automatically operates in symmetric passive mode and sends a reply If the symmetric active peer can be synchronized to multiple time servers it selects an optimal clock and synchronizes its local clock to the optimal reference source after receiving the replies from the servers A symmetric activ...

Page 19: ...P provides the access control and authentication functions NTP access control You can control NTP access by using an ACL The access rights are in the following order from least restrictive to most restrictive Peer Allows time requests and NTP control queries such as alarms authentication status and time server information and allows the local device to synchronize itself to a peer device Server Al...

Page 20: ...Algorithms Specification Configuration restrictions and guidelines Follow these restrictions and guidelines when you configure NTP You cannot configure both NTP and SNTP on the same device Do not configure NTP on an aggregate member port The NTP service and SNTP service are mutually exclusive You can only enable either NTP service or SNTP service at a time To ensure time synchronization accuracy d...

Page 21: ...ocal clock as a reference source before synchronizing an NTP client Otherwise the client will not be synchronized to the NTP server If the stratum level of a server is higher than or equal to a client the client will not synchronize to that server You can configure multiple servers by repeating the ntp service unicast server and ntp service ipv6 unicast server commands To configure an NTP client S...

Page 22: ...mmand Remarks 1 Enter system view system view N A 2 Specify a symmetric passive peer for the device Specify a symmetric passive peer ntp service unicast peer peer name ip address authentication keyid keyid priority source interface type interface number version number Specify an IPv6 symmetric passive peer ntp service ipv6 unicast peer peer name ipv6 address authentication keyid keyid priority sou...

Page 23: ...lticast server must be synchronized by other devices or use its local clock as a reference source before synchronizing a multicast client Otherwise the multicast client will not be synchronized to the multicast server Configure NTP in multicast mode on both a multicast server and client Configuring a multicast client Step Command Remarks 1 Enter system view system view N A 2 Enter interface view i...

Page 24: ...A 2 Configure the NTP service access control right for a peer device to access the local device Configure the NTP service access control right for a peer device to access the local device ntp service access peer query server synchronization acl number Configure the IPv6 NTP service access control right for a peer device to access the local device ntp service ipv6 peer query server synchronization ...

Page 25: ... server Associate the specified key with an NTP server ntp service unicast server server name ip address authentication keyid keyid Associate the specified key with an IPv6 NTP server ntp service ipv6 unicast server server name ipv6 address authentication keyid keyid N A To configure NTP authentication for a server Step Command Remarks 1 Enter system view system view N A 2 Enable NTP authenticatio...

Page 26: ...A Failed NTP messages cannot be sent and received correctly Yes N A No N A N A No authentication NTP messages can be sent and received correctly No N A N A N A N A No authentication NTP messages can be sent and received correctly Configuring NTP authentication in symmetric active passive mode When you configure NTP authentication in symmetric peers mode Enable NTP authentication Configure an authe...

Page 27: ...tem view N A 2 Enable NTP authentication ntp service authentication enable By default NTP authentication is disabled 3 Configure an NTP authentication key ntp service authentication keyid keyid authentication mode md5 cipher simple value By default no NTP authentication key is configured 4 Configure the key as a trusted key ntp service reliable authentication keyid keyid By default no authenticati...

Page 28: ...uthentication NTP messages can be sent and received correctly No N A N A Yes N A Failed NTP messages cannot be sent and received correctly No N A N A No N A No authentication NTP messages can be sent and received correctly The active peer has a higher stratum than the passive peer Yes No Yes N A N A Failed NTP messages cannot be sent and received correctly The passive peer has a higher stratum tha...

Page 29: ...nable By default NTP authentication is disabled 3 Configure an NTP authentication key ntp service authentication keyid keyid authentication mode md5 cipher simple value By default no NTP authentication key is configured 4 Configure the key as a trusted key ntp service reliable authentication keyid keyid By default no authentication key is configured as a trusted key 5 Enter interface view interfac...

Page 30: ...es N A No No N A No authentication NTP messages can be sent and received correctly No N A N A Yes N A Failed NTP messages cannot be sent and received correctly No N A N A No N A No authentication NTP messages can be sent and received correctly Configuring NTP authentication in multicast mode When you configure NTP authentication in multicast mode Enable NTP authentication Configure an authenticati...

Page 31: ...ce view interface interface type interface number N A 6 Associate the specified key with the multicast server Associate the specified key with a multicast server ntp service multicast server ip address authentication keyid keyid Associate the specified key with an IPv6 multicast server ntp service ipv6 multicast server ipv6 multicast address authentication keyid keyid By default no multicast serve...

Page 32: ...nt and received correctly Yes N A No No N A No authentication NTP messages can be sent and received correctly No N A N A Yes N A Failed NTP messages cannot be sent and received correctly No N A N A No N A No authentication NTP messages can be sent and received correctly Configuring NTP optional parameters The configuration tasks in this section are optional tasks Configure them to improve NTP secu...

Page 33: ...interface for NTP messages Specify the source interface for NTP messages ntp service source interface type interface number Specify the source interface for IPv6 NTP messages ntp service ipv6 source interface type interface number By default no source interface is specified for NTP messages Disabling an interface from receiving NTP messages When NTP is enabled all interfaces by default can receive...

Page 34: ...m view system view N A 2 Configure the maximum number of dynamic sessions allowed to be established ntp service max dynamic sessions number By default the command can establish up to 100 dynamic sessions Setting a DSCP value for NTP packets The DSCP value determines the sending precedence of a packet To configure a DSCP value for NTP packets Step Command Remarks 1 Enter system view system view N A...

Page 35: ...he primary reference source display ntp service trace NTP configuration examples NTP client server mode configuration example Network requirements As shown in Figure 8 Configure the local clock of Device A as a reference source with the stratum level 2 Configure Device B to operate in client mode and Device A to be used as the NTP server for Device B Figure 8 Network diagram Configuration procedur...

Page 36: ...fy that an IPv4 NTP association has been established between Device B and Device A DeviceB display ntp service sessions source reference stra reach poll now offset delay disper 12345 1 0 1 11 127 127 1 0 2 1 64 15 4 0 0 0038 16 262 Notes 1 source master 2 source peer 3 selected 4 candidate 5 configured Total sessions 1 IPv6 NTP client server mode configuration example Network requirements As shown...

Page 37: ... Leap indicator 00 Clock jitter 0 000977 s Stability 0 000 pps Clock precision 2 10 Root delay 0 02649 ms Root dispersion 12 24641 ms Reference time d0c60419 9952fb3e Wed Dec 29 2010 19 01 45 598 Verify that an IPv6 NTP association has been established between Device B and Device A DeviceB display ntp service ipv6 sessions Notes 1 source master 2 source peer 3 selected 4 candidate 5 configured Sou...

Page 38: ... peer 3 0 1 32 4 Verify the configuration Verify that Device B has synchronized to Device A DeviceB display ntp service status Clock status synchronized Clock stratum 3 System peer 3 0 1 31 Local mode sym_passive Reference clock ID 3 0 1 31 Leap indicator 00 Clock jitter 0 000916 s Stability 0 000 pps Clock precision 2 17 Root delay 0 00609 ms Root dispersion 1 95859 ms Reference time 83aec681 deb...

Page 39: ...enable Specify the local clock as the reference source with the stratum level 2 DeviceA ntp service refclock master 2 Configure Device B as an IPv6 symmetric passive peer DeviceA ntp service ipv6 unicast peer 3000 36 4 Verify the configuration Verify that Device B has synchronized to Device A DeviceB display ntp service status Clock status synchronized Clock stratum 3 System peer 3000 35 Local mod...

Page 40: ...l clock as a reference source with the stratum level 2 Configure Switch C to operate in broadcast server mode and send out broadcast messages from VLAN interface 2 Configure Switch A and Switch B to operate in broadcast client mode and listen to broadcast messages through VLAN interface 2 Figure 12 Network diagram NOTE In this example Switch B must be a switch that supports IPv4 multicast routing ...

Page 41: ...SwitchB interface vlan interface 2 SwitchB Vlan interface2 ntp service broadcast client 5 Verify the configuration Verify that Switch A has synchronized to Switch C and the clock stratum level is 3 on Switch A and 2 on Switch C SwitchA Vlan interface2 display ntp service status Clock status synchronized Clock stratum 3 System peer 3 0 1 31 Local mode bclient Reference clock ID 3 0 1 31 Leap indica...

Page 42: ...n Figure 13 Details not shown 2 Configure Switch C Enable the NTP service SwitchC system view SwitchC ntp service enable Specify the local clock as the reference source with the stratum level 2 SwitchC ntp service refclock master 2 Configure Switch C to operate in multicast server mode and send multicast messages through VLAN interface 2 SwitchC interface vlan interface 2 SwitchC Vlan interface2 n...

Page 43: ...lay ntp service sessions source reference stra reach poll now offset delay disper 1245 3 0 1 31 127 127 1 0 2 1 64 519 0 0 0 0022 4 1257 Notes 1 source master 2 source peer 3 selected 4 candidate 5 configured Total sessions 1 5 Configure Switch B Because Switch A and Switch C are on different subnets you must enable the multicast functions on Switch B before Switch A can receive multicast messages...

Page 44: ...Dec 29 2010 20 03 21 065 Verify that an IPv4 NTP association has been established between Switch A and Switch C SwitchA Vlan interface3 display ntp service sessions source reference stra reach poll now offset delay disper 1234 3 0 1 31 127 127 1 0 2 247 64 381 0 0 0 0053 4 5128 Notes 1 source master 2 source peer 3 selected 4 candidate 5 configured Total sessions 1 IPv6 NTP multicast mode configur...

Page 45: ... interface 2 SwitchC Vlan interface2 ntp service ipv6 multicast server ff24 1 3 Configure Switch D Enable the NTP service SwitchD system view SwitchD ntp service enable Configure Switch D to operate in IPv6 multicast client mode and receive multicast messages on VLAN interface 2 SwitchD interface vlan interface 2 SwitchD Vlan interface2 ntp service ipv6 multicast client ff24 1 4 Verify the configu...

Page 46: ... Configure Switch B Because Switch A and Switch C are on different subnets you must enable the IPv6 multicast functions on Switch B before Switch A can receive IPv6 multicast messages from Switch C Enable IPv6 multicast functions SwitchB system view SwitchB ipv6 multicast routing SwitchB mrib6 quit SwitchB interface vlan interface 2 SwitchB Vlan interface2 ipv6 pim dm SwitchB Vlan interface2 quit ...

Page 47: ...eference time d0c61289 10b1193f Wed Dec 29 2010 20 03 21 065 Verify that an IPv6 NTP association has been established between Switch A and Switch C SwitchA Vlan interface3 display ntp service ipv6 sessions Notes 1 source master 2 source peer 3 selected 4 candidate 5 configured Source 124 3000 2 Reference 127 127 1 0 Clock stratum 2 Reachabilities 2 Poll interval 64 Last receive time 71 Offset 0 0 ...

Page 48: ...the NTP server of Device B and associate the server with key 42 DeviceB ntp service unicast server 1 0 1 11 authentication keyid 42 Before Device B can synchronize its clock to that of Device A enable NTP authentication for Device A 4 Configure NTP authentication on Device A Enable NTP authentication DeviceA ntp service authentication enable Set an authentication key and input the key in plain tex...

Page 49: ...e with the stratum level 3 Configure Switch C to operate in broadcast server mode and send out broadcast messages from VLAN interface 2 Configure Switch A and Switch B to operate in broadcast client mode and receive broadcast messages through VLAN interface 2 Enable NTP authentication on Switch A Switch B and Switch C Figure 16 Network diagram Configuration procedure 1 Set the IP address for each ...

Page 50: ...tchC ntp service enable Specify the local clock as the reference source with the stratum level 3 SwitchC ntp service refclock master 3 Configure Switch C to operate in NTP broadcast server mode and use VLAN interface 2 to send NTP broadcast packets SwitchC interface vlan interface 2 SwitchC Vlan interface2 ntp service broadcast server SwitchC Vlan interface2 quit 5 Verify the configuration NTP aut...

Page 51: ...Local mode bclient Reference clock ID 3 0 1 31 Leap indicator 00 Clock jitter 0 006683 s Stability 0 000 pps Clock precision 2 10 Root delay 0 00127 ms Root dispersion 2 89877 ms Reference time d0d287a7 3119666f Sat Jan 8 2011 6 50 15 191 Verify that an IPv4 NTP association has been established between Switch B and Switch C SwitchB Vlan interface2 display ntp service sessions source reference stra...

Page 52: ...ictions and guidelines Follow these restrictions and guidelines when you configure SNTP You cannot configure both NTP and SNTP on the same device Make sure you use the clock protocol command to specify the time protocol as NTP Configuration task list Tasks at a glance Required Enabling the SNTP service Required Specifying an NTP server for the device Optional Configuring SNTP authentication Enabli...

Page 53: ...n work follow these guidelines on configuring SNTP authentication Enable authentication on both the NTP server and the SNTP client Configure the SNTP client with the same authentication key ID and key value as the NTP server and specify the key as a trusted key on both the NTP server and the SNTP client For information about configuring NTP authentication on an NTP server see Configuring NTP Assoc...

Page 54: ...uirements As shown in Figure 17 Configure the local clock of Device A as a reference source with the stratum level 2 Configure Device B to operate in SNTP client mode and specify Device A as the NTP server Configure NTP authentication on Device A and SNTP authentication on Device B Figure 17 Network diagram Configuration procedure 1 Set the IP address for each interface and make sure Device A and ...

Page 55: ...hentication key with the key ID of 10 and key value of aNiceKey Input the key in plain text DeviceB sntp authentication keyid 10 authentication mode md5 simple aNiceKey Specify the key as a trusted key DeviceB sntp reliable authentication keyid 10 Specify Device A as the NTP server of Device B and associate the server with key 10 DeviceB sntp unicast server 1 0 1 11 authentication keyid 10 4 Verif...

Page 56: ...f basic clock nodes Ordinary Clock OC A PTP clock with a single PTP port in a PTP domain for time synchronization It synchronizes time from its upstream clock node through the port If a clock node works as the clock source and sends synchronization time through a single PTP port to its downstream clock node it is also called an OC Boundary Clock BC A clock with more than one PTP port in a PTP doma...

Page 57: ...Subordinate port A master port sends a synchronization message and a subordinate port receives the synchronization message The master and subordinate ports can be on a BC or an OC A port that neither receives nor sends synchronization time is a passive port Grandmaster clock In Figure 18 all clock nodes are organized together and ultimately derive their time from a clock known as the grandmaster c...

Page 58: ...e one way delay equals half of the round trip delay assume the delays in both directions are the same Then the member node synchronizes its clock with the master clock according to the offset between the clocks PTP defines the following transmission delay measurement mechanisms Request_Response Peer Delay The basis of the two mechanisms is that the transmission delay from the master clock to the m...

Page 59: ...llow_Up message Peer Delay Figure 20 Operation procedure of the Peer Delay mechanism The Peer Delay mechanism uses Pdelay messages to calculate link delay which applies only to point to point delay measurement Figure 20 shows an example of the Peer Delay mechanism by using the two step mode 1 The master clock sends a Sync message to the member clock and records the sending time t1 Upon receiving t...

Page 60: ...n single step mode t1 is carried in the Sync message and no Follow_Up message is sent The offset between t5 and t4 is carried in the Pdelay_Resp message and no Pdelay_Resp_Follow_Up message is sent In two step mode t1 is carried in the Follow_Up message and t4 and t5 are carried in the Pdelay_Resp and Pdelay_Resp_Follow_Up messages Protocols and standards IEEE 1588 2008 IEEE Standard for a Precisi...

Page 61: ...umulative offset between the UTC and TAI Optional Setting the correction date of the UTC Optional Configuring the parameters of the BITS clock Optional Configuring a priority of the clock Optional Specifying the system time source as PTP Required Enabling PTP on a port The PTP standard is IEEE 802 1AS 802 1AS Required Specifying a clock node type Optional Specifying a PTP domain Optional Configuri...

Page 62: ...ll PTP configurations except the PTP standard To specify the clock node type Step Command Remarks 1 Enter system view system view N A 2 Specify the clock node type for the device ptp mode bc e2etc e2etc oc oc p2ptc p2ptc oc By default no clock node type is specified Specifying a PTP domain Within a PTP domain all devices follow the same rules to communicate with each other Devices in different PTP...

Page 63: ...mand Remarks 1 Enter system view system view N A 2 Enter Layer 2 Ethernet interface view interface interface type interface number N A 3 Configure the role of the PTP port ptp force state master passive slave By default the PTP port role is automatically specified through BMC 4 Quit interface view quit N A 5 Activate the port role configuration ptp active force state By default the port role confi...

Page 64: ...stem view system view N A 2 Enter Layer 2 Ethernet interface view interface interface type interface number N A 3 Specify a delay measurement mechanism for a BC or OC ptp delay mechanism e2e p2p By default the delay measurement mechanism depends on the PTP standard Configuring the port type for a TC OC All ports on a TC OC E2ETC OC or P2PTC OC are TCs by default This command allows you to configur...

Page 65: ...le value If the PTP standard is IEEE 802 1AS the interval is the announce message sending interval for the master node multiple value To specify the number of announcement intervals before the receiving node stops receiving announce messages Step Command Remarks 1 Enter system view system view N A 2 Enter Layer 2 Ethernet interface view interface interface type interface number N A 3 Specify the n...

Page 66: ... when the minimum interval is reached Configuring the MAC address for non pdelay messages Pdelay messages include Pdelay_Req Pdelay_Resp and Pdelay_Resp_Follow_Up messages The destination MAC address of Pdelay messages is 0180 C200 000E by default which cannot be modified The destination MAC address of non Pdelay messages is either 0180 C200 000E or 011B 1900 0000 If ports on the same link forward...

Page 67: ... based on the assumption that the delays in sending and receiving messages are the same However this is not practical If you know the offset between the delays in sending and receiving messages you can configure the delay correction value for more accurate time synchronization To configure the delay correction value for every clock node Step Command Remarks 1 Enter system view system view N A 2 En...

Page 68: ...e accuracy and priority 2 If all these parameters are the same the clock node with a smaller port ID consisting of clock number and port number wins To configure the clock parameters Step Command Remarks 1 Enter system view system view N A 2 Configure priority 1 of the clock ptp priority clock source bits1 bits2 local priority1 pri1 value Optional The default is 128 3 Configure the parameters of t...

Page 69: ...e information about the clock protocol command see Fundamentals Command Reference To specify the system time source as PTP Step Command Remarks 1 Enter system view system view N A 2 Specify the system time source as PTP clock protocol ptp By default the system time source is NTP Enabling PTP on a port A port enabled with PTP becomes a PTP port An OC can have only one PTP port To enable PTP on a po...

Page 70: ... comprises Device A Device B and Device C Configure all devices to use PTP standard IEEE 1588 version 2 Configure the clock node type of Device A and Device C as OC and that of Device B as P2PTC All clock nodes elect a GM through BMC based on their respective default GM attributes Configure the delay measurement mechanism for Device A and Device C as p2p Figure 21 Network diagram Configuration pro...

Page 71: ...ersion 2 DeviceC system view DeviceC ptp profile 1588v2 Specify the clock node type as OC DeviceC ptp mode oc On Ten GigabitEthernet 1 0 1 specify the delay measurement mechanism as p2p and enable PTP DeviceC interface ten gigabitethernet 1 0 1 DeviceC Ten GigabitEthernet1 0 1 ptp delay mechanism p2p DeviceC Ten GigabitEthernet1 0 1 ptp enable DeviceC Ten GigabitEthernet1 0 1 quit 4 Verify the con...

Page 72: ...15 20 57 29 2011 Display brief PTP statistics on Device B DeviceB display ptp interface brief Name State Delay mechanism Clock step Asymmetry correction XGE1 0 1 N A P2P Two 0 XGE1 0 2 N A P2P Two 0 PTP configuration example IEEE 802 1AS Network requirements As shown in Figure 21 a PTP domain comprises Device A Device B and Device C Configure all devices to use PTP standard IEEE 802 1AS Configure ...

Page 73: ...e PTP for Ten GigabitEthernet 1 0 2 DeviceB interface ten gigabitethernet 1 0 2 DeviceB Ten GigabitEthernet1 0 2 ptp enable DeviceB Ten GigabitEthernet1 0 2 quit 3 Configure Device C Specify the PTP standard as IEEE 1588 802 1AS DeviceC system view DeviceC ptp profile 802 1AS Specify the clock node type as OC DeviceC ptp mode oc Enable PTP on Ten GigabitEthernet 1 0 1 DeviceC interface ten gigabit...

Page 74: ...2P Two 0 Display PTP clock information on Device B DeviceB display ptp clock PTP profile IEEE 802 1AS PTP mode P2PTC Slave only No Clock ID 000FE2 FFFE FF0001 Clock type Local Clock domain 0 Number of PTP ports 2 Priority1 246 Priority2 248 Clock quality Class 248 Accuracy 254 Offset log variance 16640 Offset from master N A Mean path delay N A Steps removed N A Local clock time Sun Jan 15 20 57 2...

Page 75: ...ogs Diagnostic logs Record debug messages Security logs Record security information such as authentication and authorization information Hidden logs Record log information not displayed on the terminal such as input commands Trace logs Record system tracing and debug messages which can be viewed only after the devkit package is installed Log levels Logs are classified into eight severity levels fr...

Page 76: ...the output rule are output to the destination Table 7 shows the default log output rules Table 7 Default output rules Destination Log source modules Output switch Severity Console All supported modules Enabled Debug Monitor terminal All supported modules Disabled Debug Log host All supported modules Enabled Informational Log buffer All supported modules Enabled Informational Log file All supported...

Page 77: ...e logs Table 11 Default output rules for trace logs Destination Log source modules Output switch Severity Trace log file All supported modules Enabled Debugging Log formats The format of logs varies by output destination Table 12 shows the original format of log information which might be different from what you see The actual format depends on the log resolution tool used Table 12 Log formats Out...

Page 78: ...o the log host and those sent to the other destinations have different timestamp precisions and their timestamp formats are configured with different commands For more information see Table 14 and Table 15 Hostip Source IP address of the log If info center loghost source is configured this field displays the IP address of the specified source interface Otherwise this field displays the sysname Thi...

Page 79: ...ut to other destinations All logs support this parameter May 30 05 36 29 579 2003 Sysname FTPD 5 FTPD_LOGIN User ftp 192 168 1 23 has logged in successfully May 30 05 36 29 579 2003 is a timestamp in the date format iso Timestamp format stipulated in ISO 8601 Only logs that are sent to a log host support this parameter 189 2003 05 30T06 42 44 Sysname 10FTPD 5 FTPD_LOGIN l User ftp 192 168 1 23 has...

Page 80: ... center enable By default the information center is enabled 3 Configure an output rule for the console info center source module name default console monitor logbuffer logfile loghost deny level severity For information about default output rules see Default output rules for logs 4 Optional Configure the timestamp format info center timestamp boot date none By default the timestamp format is date ...

Page 81: ...system view N A 2 Enable the information center info center enable By default the information center is enabled 3 Configure an output rule for outputting logs to a log host info center source module name default console monitor logbuffer logfile loghost deny level severity For information about default output rules see Default output rules for logs 4 Optional Specify the source IP address for outp...

Page 82: ... are output to a temporary buffer called the log file buffer Do not confuse the log file buffer with log buffer which is an independent log output destination By default the log file feature saves logs from the log file buffer to the log file every 24 hours You can adjust the saving interval or manually save logs to the log file After saving logs to the log file the system clears the log file buff...

Page 83: ...ecurity logs to the security log file After you enable the saving of the security logs to the security log file The system first outputs security logs to the security log file buffer The system saves the logs from the security log file buffer to the security log file at a specified interval a user authorized the security audit role can can also manually save security logs to the security log file ...

Page 84: ...ile 1 system view 2 info center security logfile directory dir name By default the security log file is saved in the seclog directory in the root directory of the storage device The configuration made by this command cannot survive an IRF reboot or a master subordinate switchover Manually save all the contents in the security log file buffer to the security log file security logfile save Available...

Page 85: ...gnostic logfile save command is available in any view Configuring the maximum size of the trace log file The device has only one trace log file When the trace log file is full the device overwrites the oldest trace logs with new ones To set the maximum size of the trace log file Step Command Remarks 1 Enter system view system view N A 2 Set the maximum size of the trace log file info center diagno...

Page 86: ... log suppression info center logging suppress duplicates By default duplicate log suppression is disabled Disabling an interface from generating link up or link down logs By default all interfaces generate link up or link down log information when the interface state changes In some cases you might want to disable some interfaces from generating this information For example You are concerned only ...

Page 87: ...orage time By default the system automatically deletes the earliest logs when the log buffer of log file is full regardless of the log storage time To set the log minimum storage time Step Command Remarks 1 Enter system view system view N A 2 Set the log minimum storage time info center syslog min age min age By default the log minimum storage time is not configured Information center configuratio...

Page 88: ...he device Enable the information center Device system view Device info center enable Specify the log host 1 2 0 1 16 and specify local4 as the logging facility Device info center loghost 1 2 0 1 facility local4 Disable log output to the log host Device info center source default loghost deny To avoid output of unnecessary information disable all modules from outputting logs to the specified destin...

Page 89: ...hen restart syslogd using the r option to make the new configuration take effect ps ae grep syslogd 147 kill HUP 147 syslogd r Now the device can output FTP logs to the log host which stores the logs to the specified file Configuration example for outputting logs to a Linux log host Network requirements Configure the device to output to the Linux log host 1 2 0 1 16 FTP logs that have a severity l...

Page 90: ...eceive logs info is the informational level The Linux system will store the log information with a severity level equal to or higher than informational to the file var log Device info log NOTE Follow these guidelines while editing the file etc syslog conf Comments must be on a separate line and must begin with a pound sign No redundant spaces are allowed after the file name The logging facility na...

Page 91: ...handle requests from the NMS and sends notifications to the NMS when events such as an interface state change occur Management Information Base MIB Specifies the variables for example interface status and CPU usage maintained by the SNMP agent for the SNMP manager to read and set Figure 27 Relationship between NMS agent and MIB MIB and view based MIB access control A MIB stores variables called no...

Page 92: ... to the NMS The difference between these two types of notification is that informs require acknowledgment but traps do not Traps are available in SNMPv1 SNMPv2c and SNMPv3 but informs are available only in SNMPv2c and SNMPv3 Protocol versions SNMPv1 SNMPv2c and SNMPv3 are supported in non FIPS mode Only SNMPv3 is supported in FIPS mode An NMS and an SNMP agent must use the same SNMP version to com...

Page 93: ...ght from the NMS to MIB objects The RBAC mode is more secure As a best practice use the RBAC mode to control NMS access to MIB objects SNMP silence SNMP silence enables the device to automatically detect and defend against SNMP attacks After you enable SNMP the device automatically starts an SNMP silence timer and counts the number of packets that fail SNMP authentication within 1 minute If the nu...

Page 94: ...s in the iso subtree but the snmpUsmMIB snmpVacmMIB and snmpModules 18 subtrees are accessible Each view name oid tree pair represents a view record If you specify the same record with different MIB sub tree masks multiple times the most recent configuration takes effect Except for the four sub trees in the default MIB view you can create up to 16 unique MIB view records 8 Configure the SNMP acces...

Page 95: ...ault the device uses UDP port 161 for receiving SNMP packets Configuring SNMPv3 basic parameters SNMPv3 users are managed in groups All SNMPv3 users in a group share the same security model but can use different authentication and privacy key settings To implement a security model for a user and avoid SNMP communication failures make sure the security model configuration for the group and the secu...

Page 96: ...nge the local engine ID the existing SNMPv3 users and encrypted keys become invalid and you must reconfigure them 7 Optional Configure a remote engine ID snmp agent remote ip address ipv6 ipv6 address vpn instance vpn instance name engineid engineid By default no remote engine ID is configured To send informs to an SNMPv3 NMS you must configure the SNMP engine ID of the NMS 8 Optional Create or up...

Page 97: ...ed engineid engineid N A 11 Create an SNMPv3 user In non FIPS mode In VACM mode snmp agent usm user v3 user name group name remote ip address ipv6 ipv6 address vpn instance vpn instance name cipher simple authentication mode md5 sha auth password privacy mode aes128 3des des56 priv password acl acl number acl ipv6 ipv6 acl number In RBAC mode snmp agent usm user v3 user name user role role name re...

Page 98: ...ount By default the maximum SNMP packet size that the SNMP agent can handle is 1500 bytes If the packet size of the requests and responses that contain MIB node information exceeds the maximum packet size that the agent can handle operations from the NMS fail For the NMS to access the agent successfully configure a bigger packet size that the agent can handle 14 Optional Specify the UDP port for r...

Page 99: ...ions when the link state of an interface changes you must perform the following tasks Enable linkUp or linkDown notification globally by using the snmp agent trap enable standard linkdown linkup command Enable linkUp or linkDown notification on the interface by using the enable snmp trap updown command After you enable notifications for a module whether the module generates notifications also depe...

Page 100: ...ttings Also specify the IP address of the SNMP engine when you create the SNMPv3 user Configuration prerequisites Configure the SNMP agent with the same basic SNMP settings as the NMS If SNMPv1 or SNMPv2c is used you must configure a community name If SNMPv3 is used you must configure an SNMPv3 user a MIB view and a remote SNMP engine ID associated with the SNMPv3 user for notifications The SNMP a...

Page 101: ...riodic notifications snmp agent trap periodical interval interval time The default is 60 seconds Displaying the SNMP settings Execute display commands in any view The display snmp agent community command is supported only in non FIPS mode Task Command Display SNMP agent system information including the contact physical location and SNMP version display snmp agent sys info contact location version ...

Page 102: ...n Specify SNMPv1 and create the read only community public and the read and write community private Agent system view Agent snmp agent sys info version v1 Agent snmp agent community read public Agent snmp agent community write private Configure contact and physical location information for the agent Agent snmp agent sys info contact Mr Wang Tel 3306 Agent snmp agent sys info location telephone clo...

Page 103: ...on example Network requirements As shown in Figure 30 the NMS 1 1 1 2 24 uses SNMPv3 to monitor and manage the interface status of the agent 1 1 1 1 24 The agent automatically sends notifications to report events to the NMS The NMS and the agent perform authentication when they establish an SNMP session The authentication algorithm is SHA 1 and the authentication key is 123456TESTauth The NMS and ...

Page 104: ...ress udp domain 1 1 1 2 params securityname managev3user v3 privacy 2 Configure the SNMP NMS Specify SNMPv3 Create the SNMPv3 user managev3user Enable both authentication and privacy functions Use SHA 1 for authentication and AES for encryption Set the authentication key to 123456TESTauth and the privacy key to 123456TESTencr Set the timeout timer and maximum number of retries For information abou...

Page 105: ...ure 1 Configure the agent Configure the IP address of the agent and make sure the agent and the NMS can reach each other Details not shown Create the user role test and permit test to have read and write access to the snmp node OID 1 3 6 1 2 1 11 Agent system view Agent role name test Agent role test rule 1 permit read write oid 1 3 6 1 2 1 11 Permit the user role test to have read only access to ...

Page 106: ... sysName from the agent The get attempt succeeds Send request to 1 1 1 1 161 Protocol version SNMPv3 Operation Get Request binding 1 1 3 6 1 2 1 1 5 0 Response binding 1 Oid sysName 0 Syntax OCTETS Value Agent Get finished Try to set the device name from the agent The set attempt fails because the NMS does not have access rights to the node Send request to 1 1 1 1 161 Protocol version SNMPv3 Opera...

Page 107: ...ng 1 sysUpTime 0 timeticks 0 days 08h 03m 43s 37th Binding 2 snmpTrapOID 0 oid hh3cLogIn Binding 3 hh3cTerminalUserName 0 octets testuser 74 65 73 74 75 73 65 72 hex Binding 4 hh3cTerminalSource 0 octets VTY 56 54 59 hex ...

Page 108: ...ation group and user history group Hewlett Packard Enterprise also implements a private alarm group which enhances the standard alarm group The probe configuration group and user history group are not configurable from the CLI To configure these two groups you must access the MIB Statistics group The statistics group samples traffic statistics for monitored Ethernet interfaces and stores the stati...

Page 109: ...sing For example if the value of a sampled alarm variable crosses the rising threshold multiple times before it crosses the falling threshold only the first crossing triggers a rising alarm event as shown in Figure 32 Figure 32 Rising and falling alarm events Private alarm group The private alarm group enables you to perform basic math operations on multiple variables and compare the calculation r...

Page 110: ... configuration see Creating an RMON Ethernet statistics entry The history group provides statistics that are sampled for a variable for each sampling interval The history group uses the history control table to control sampling and it stores samples in the history table For more information about the configuration see Creating an RMON history control entry Creating an RMON Ethernet statistics entr...

Page 111: ... entry to be created The entry must not have the same set of parameters as an existing entry The maximum number of entries is not reached Table 17 shows the parameters to be compared for duplication and the entry limits Table 17 RMON configuration restrictions Entry Parameters to be compared Maximum number of entries Event Event description description string Event type log trap logtrap or none Co...

Page 112: ...do not contain entries You can associate an alarm with an event that has not been created yet but the alarm will trigger the event only after the event is created Displaying and maintaining RMON settings Execute display commands in any view Task Command Display RMON statistics display rmon statistics interface type interface number Display RMON history control entries and history samples display r...

Page 113: ...raffic statistics from the NMS through SNMP Details not shown History group configuration example Network requirements As shown in Figure 34 create an RMON history control entry on the device to sample traffic statistics for Ten GigabitEthernet 1 0 1 every minute Figure 34 Network diagram Configuration procedure Create an RMON history control entry to sample traffic statistics every minute for Ten...

Page 114: ...CRC alignment errors 0 undersize packets 0 oversize packets 0 fragments 0 jabbers 0 collisions 0 utilization 0 Sampling record 5 dropevents 0 octets 898 packets 9 broadcast packets 2 multicast packets 6 CRC alignment errors 0 undersize packets 0 oversize packets 0 fragments 0 jabbers 0 collisions 0 utilization 0 Sampling record 6 dropevents 0 octets 898 packets 9 broadcast packets 2 multicast pack...

Page 115: ...gent community read public Sysname snmp agent community write private Sysname snmp agent sys info version v1 Sysname snmp agent trap enable Sysname snmp agent trap log Sysname snmp agent target host trap address udp domain 1 1 1 2 params securityname public Create an RMON Ethernet statistics entry for Ten GigabitEthernet 1 0 1 Sysname interface ten gigabitethernet 1 0 1 Sysname Ten GigabitEthernet...

Page 116: ...tatistics ten gigabitethernet 1 0 1 EtherStatsEntry 1 owned by user1 is VALID Interface Ten GigabitEthernet1 0 1 ifIndex 3 etherStatsOctets 57329 etherStatsPkts 455 etherStatsBroadcastPkts 53 etherStatsMulticastPkts 353 etherStatsUndersizePkts 0 etherStatsOversizePkts 0 etherStatsFragments 0 etherStatsJabbers 0 etherStatsCRCAlignErrors 0 etherStatsCollisions 0 etherStatsDropEvents insufficient res...

Page 117: ...application performance and server response time All types of NQA operations require the NQA client but only the TCP UDP echo UDP jitter and voice operations require the NQA server The NQA operations for services that are already provided by the destination device such as FTP do not need the NQA server You can configure the NQA server to listen and respond to specific IP addresses and ports to mee...

Page 118: ...les of state or performance changes so that the application modules can take predefined actions Figure 37 Collaboration The following describes how a static route destined for 192 168 0 88 is monitored through collaboration 1 NQA monitors the reachability to 192 168 0 88 2 When 192 168 0 88 becomes unreachable NQA notifies the Track module of the change 3 The Track module notifies the static routi...

Page 119: ...d Perform at least one of the following tasks Configuring NQA operations on the NQA client Configuring NQA templates on the NQA client When you configure an NQA template to analyze network performance the feature that uses the template performs the NQA operation Configuring the NQA server To perform TCP UDP echo UDP jitter and voice operations you must enable the NQA server on the destination devi...

Page 120: ...TTP operation Configuring the UDP jitter operation Configuring the SNMP operation Configuring the TCP operation Configuring the UDP echo operation Configuring the UDP tracert operation Configuring the voice operation Configuring the DLSw operation Configuring the path jitter operation Optional Configuring optional parameters for the NQA operation Optional Configuring the collaboration feature Opti...

Page 121: ... 7 Optional Specify the output interface for ICMP echo requests out interface interface type interface number By default no output interface is specified The NQA client determines the output interface based on the routing table lookup 8 Optional Specify the source IP address of ICMP echo requests Specify the IP address of the specified interface as the source IP address source interface interface ...

Page 122: ...ace based on the routing table lookup 6 Optional Specify the source IP address of DHCP packets source ip ip address By default no source IP address is specified for the request packets The requests take the IP address of the output interface as their source IP address The specified source IP address must be the IP address of a local interface and the local interface must be up Otherwise no probe p...

Page 123: ...cupying much network bandwidth To configure the FTP operation Step Command Remarks 1 Enter system view system view N A 2 Create an NQA operation and enter NQA operation view nqa entry admin name operation tag By default no NQA operation is created 3 Specify the FTP type and enter its view type ftp N A 4 Specify the URL of the destination FTP server url url By default no URL is specified for the de...

Page 124: ... resource http host port resource 5 Specify an HTTP login username username username By default no HTTP login username is specified 6 Specify an HTTP login password password cipher simple password By default no HTTP login password is specified 7 Optional Specify the source IP address of request packets source ip ip address By default no source IP address is specified The source IP address must be ...

Page 125: ... Remarks 1 Enter system view system view N A 2 Create an NQA operation and enter NQA operation view nqa entry admin name operation tag By default no NQA operation is created 3 Specify the UDP jitter type and enter its view type udp jitter N A 4 Specify the destination address of UDP packets destination ip ip address By default no destination IP address is specified The destination IP address must ...

Page 126: ...res the time for the NQA client to get a response packet from an SNMP agent To configure the SNMP operation Step Command Remarks 1 Enter system view system view N A 2 Create an NQA operation and enter NQA operation view nqa entry admin name operation tag By default no NQA operation is created 3 Specify the SNMP type and enter its view type snmp N A 4 Specify the destination address of SNMP packets...

Page 127: ...the NQA server 6 Optional Specify the source IP address of TCP packets source ip ip address By default no source IP address is specified The source IP address must be the IP address of a local interface and the interface must be up Otherwise no TCP packets can be sent out Configuring the UDP echo operation The UDP echo operation measures the round trip time between the client and a UDP port on the...

Page 128: ... over an IPv4 network Before you configure the UDP tracert operation perform the following tasks Enable sending ICMP time exceeded messages on the intermediate devices between the source and destination devices If the intermediate devices are HPE devices use the ip ttl expires enable command Enable sending ICMP destination unreachable messages on the destination device If the destination device is...

Page 129: ...al Specify the source port number of the UDP packets source port port number By default no source port number is specified 12 Optional Specify the source IP address of the UDP packets Use the IP address of the specified interface as the source IP address source interface interface type interface number Specify the source IP address source ip ip address By default the source IP address of the UDP p...

Page 130: ... service on the NQA server For more information about UDP listening service configuration see Configuring the NQA server The voice operation cannot repeat To configure the voice operation Step Command Remarks 1 Enter system view system view N A 2 Create an NQA operation and enter NQA operation view nqa entry admin name operation tag By default no NQA operation is created 3 Specify the voice type a...

Page 131: ...NQA client waits for a response from the server before it regards the response times out probe packet timeout packet timeout The default setting is 5000 milliseconds NOTE Use the display nqa result or display nqa statistics command to verify the voice operation The display nqa history command does not display the voice operation results or statistics Configuring the DLSw operation The DLSw operati...

Page 132: ...nation ip ip address By default no destination IP address is specified 5 Optional Specify the payload size in each ICMP echo request data size size The default setting is 100 bytes 6 Optional Specify the string to be filled in the payload of each ICMP echo request data fill string The default payload fill string is hexadecimal number 00010203040506070809 7 Optional Specify the source IP address of...

Page 133: ...terval at which the NQA operation repeats frequency interval For a voice or path jitter operation the default setting is 60000 milliseconds For other operations the default setting is 0 milliseconds Only one operation is performed If the operation is not completed when the interval expires the next operation does not start 6 Specify the probe times probe count times By default In the UDP tracert o...

Page 134: ...w dns ftp http icmp echo snmp tcp udp echo The collaboration feature is not available for the path jitter UDP jitter UDP tracert and voice operations 4 Configure a reaction entry reaction item number checked element probe fail threshold type consecutive consecutive occurrences action type trigger only By default no reaction entry is configured You cannot modify the content of an existing reaction ...

Page 135: ...shold is violated the state of the entry is set to over threshold Otherwise the state of the entry is set to below threshold If the action is configured as trap only for a reaction entry a trap message is sent to the NMS when the state of the entry changes Configuration procedure Before you configure threshold monitoring configure the destination address of the trap messages by using the snmp agen...

Page 136: ...ate accumulate occurrences average threshold value upper threshold lower threshold action type none trap only Monitor packet loss only for the UDP jitter and voice operations reaction item number checked element packet loss threshold type accumulate accumulate occurrences action type none trap only Monitor the one way jitter only for the UDP jitter and voice operations reaction item number checked...

Page 137: ...lecting the statistics statistics interval interval The default setting is 60 minutes 5 Optional Specify the maximum number of statistics groups that can be saved statistics max group number The default setting is two groups To disable collecting NQA statistics set the maximum number to 0 When the maximum number of statistics groups is reached to save a new statistics group the oldest statistics g...

Page 138: ...ictions and guidelines You cannot enter the operation type view or the operation view of a scheduled NQA operation A system time adjustment does not affect started or completed NQA operations It affects only the NQA operations that have not started To schedule the NQA operation on the NQA client Step Command 1 Enter system view system view 2 Specify the scheduling parameters for an NQA operation n...

Page 139: ...mand the most recent configuration takes effect 7 Optional Specify the source IPv4 or IPv6 address for the probe packets IPv4 address source ip ip address IPv6 address source ipv6 ipv6 address By default no source IP address is specified The source IP address must be the IP address of a local interface and the interface must be up Otherwise no probe packets can be sent out Configuring the DNS temp...

Page 140: ...to be returned IPv4 address expect ip ip address IPv6 address expect ipv6 ipv6 address By default no expected IP address is specified Configuring the TCP template A feature that uses the TCP template performs the TCP operation to test the following items Whether the NQA client can establish a TCP connection to a specific port on the server Whether the requested service is available on the server I...

Page 141: ...forms the UDP operation to test the following items Reachability of a specific port on the NQA server Availability of the requested service on the NQA server In UDP template view you can specify the expected data to be returned If you do not specify the expected data the UDP operation tests only whether the client can receive the response packet from the server The UDP operation requires both the ...

Page 142: ... is checked only when the expected data is configured and the HTTP response contains the Content Length field in the HTTP header The Content Length field indicates the packet body length and it does not include the header length An HTTP packet with this field indicates that the packet data does not include the multipart type and the packet body is a data type The status code of the HTTP packet is ...

Page 143: ... address of a local interface and the interface must be up Otherwise no probe packets can be sent out 12 Optional Configure the expected status codes expect status status list By default no expected status code is configured 13 Optional Configure the expected data expect data expression offset number By default no expected data is configured Configuring the FTP template A feature that uses the FTP...

Page 144: ...address IPv6 address source ipv6 ipv6 address By default no source IP address is specified The source IP address must be the IP address of a local interface and the interface must be up Otherwise no probe packets can be sent out Configuring optional parameters for the NQA template Step Command Remarks 1 Enter system view system view N A 2 Create an NQA template and enter its view nqa template dns ...

Page 145: ...fies the feature that uses the NQA template of the operation failure Displaying and maintaining NQA Execute display commands in any view Task Command Display history records of NQA operations display nqa history admin name operation tag Display the current monitoring results of reaction entries display nqa reaction counters admin name operation tag item number Display the most recent result of the...

Page 146: ...m view DeviceA nqa entry admin test1 DeviceA nqa admin test1 type icmp echo Specify the destination IP address of ICMP echo requests as 10 2 2 2 DeviceA nqa admin test1 icmp echo destination ip 10 2 2 2 Configure 10 1 1 2 as the next hop The ICMP echo requests are sent through Device C to Device B DeviceA nqa admin test1 icmp echo next hop 10 1 1 2 Configure the ICMP echo operation to perform 10 p...

Page 147: ... timeout 0 Failures due to internal error 0 Failures due to other errors 0 Display the history records of the ICMP echo operation DeviceA display nqa history admin test1 NQA entry admin admin tag test history records Index Response Status Time 370 3 Succeeded 2007 08 23 15 00 01 2 369 3 Succeeded 2007 08 23 15 00 01 2 368 3 Succeeded 2007 08 23 15 00 01 2 367 5 Succeeded 2007 08 23 15 00 01 2 366 ...

Page 148: ...sult admin test1 NQA entry admin admin tag test1 test results Send operation times 1 Receive response times 1 Min Max Average round trip time 512 512 512 Square Sum of round trip time 262144 Last succeeded probe time 2011 11 22 09 56 03 2 Extended results Packet loss ratio 0 Failures due to timeout 0 Failures due to internal error 0 Failures due to other errors 0 Display the history records of the...

Page 149: ...eA nqa schedule admin test1 start time now lifetime forever After the DNS operation runs for a period of time stop the operation DeviceA undo nqa schedule admin test1 Display the most recent result of the DNS operation DeviceA display nqa result admin test1 NQA entry admin admin tag test1 test results Send operation times 1 Receive response times 1 Min Max Average round trip time 62 62 62 Square S...

Page 150: ... 1 1 1 Configure the device to upload file config txt to the FTP server DeviceA nqa admin test1 ftp operation put DeviceA nqa admin test1 ftp filename config txt Specify the username for the FTP operation as admin DeviceA nqa admin test1 ftp username admin Specify the password for the FTP operation as systemtest DeviceA nqa admin test1 ftp password simple systemtest Enable the saving of history re...

Page 151: ...2 Network diagram Configuration procedure Assign each interface an IP address Details not shown Configure static routes or a routing protocol to make sure the devices can reach each other Details not shown Create an HTTP operation DeviceA system view DeviceA nqa entry admin test1 DeviceA nqa admin test1 type http Specify the URL of the HTTP server DeviceA nqa admin test http url http 10 2 2 2 inde...

Page 152: ...istory records Index Response Status Time 1 64 Succeeded 2011 11 22 10 12 47 9 The output shows that it took Device A 64 milliseconds to obtain data from the HTTP server UDP jitter operation configuration example Network requirements As shown in Figure 43 configure a UDP jitter operation to test the jitter delay and round trip time between Device A and Device B Figure 43 Network diagram Configurat...

Page 153: ...Square Sum of round trip time 3235 Last packet received time 2011 05 29 13 56 17 6 Extended results Packet loss ratio 0 Failures due to timeout 0 Failures due to internal error 0 Failures due to other errors 0 Packets out of sequence 0 Packets arrived late 0 UDP jitter results RTT number 10 Min positive SD 4 Min positive DS 1 Max positive SD 21 Max positive DS 28 Positive SD number 5 Positive DS n...

Page 154: ...D sum 2602 Positive DS sum 1928 Positive SD average 13 Positive DS average 12 Positive SD square sum 45304 Positive DS square sum 31682 Min negative SD 1 Min negative DS 1 Max negative SD 30 Max negative DS 78 Negative SD number 181 Negative DS number 209 Negative SD sum 181 Negative DS sum 209 Negative SD average 13 Negative DS average 14 Negative SD square sum 46994 Negative DS square sum 3030 O...

Page 155: ... snmp destination ip 10 2 2 2 Enable the saving of history records DeviceA nqa admin test1 snmp history record enable DeviceA nqa admin test1 snmp quit Start the SNMP operation DeviceA nqa schedule admin test1 start time now lifetime forever After the SNMP operation runs for a period of time stop the operation DeviceA undo nqa schedule admin test1 Display the most recent result of the SNMP operati...

Page 156: ...2 and TCP port 9000 DeviceB nqa server tcp connect 10 2 2 2 9000 4 Configure Device A Create a TCP operation DeviceA system view DeviceA nqa entry admin test1 DeviceA nqa admin test1 type tcp Configure 10 2 2 2 as the destination IP address and port 9000 as the destination port DeviceA nqa admin test1 tcp destination ip 10 2 2 2 DeviceA nqa admin test1 tcp destination port 9000 Enable the saving o...

Page 157: ...ation to test the round trip time between Device A and Device B The destination port number is 8000 Figure 46 Network diagram Configuration procedure 1 Assign each interface an IP address Details not shown 2 Configure static routes or a routing protocol to make sure the devices can reach each other Details not shown 3 Configure Device B Enable the NQA server DeviceB system view DeviceB nqa server ...

Page 158: ... the history records of the UDP echo operation DeviceA display nqa history admin test1 NQA entry admin admin tag test1 history records Index Response Status Time 1 25 Succeeded 2011 11 22 10 36 17 9 The output shows that the round trip time between Device A and port 8000 on Device B is 25 milliseconds UDP tracert operation configuration example Network requirements As shown in Figure 47 configure ...

Page 159: ...6 Set the initial TTL to 1 for the UDP probe packets DeviceA nqa admin test1 udp tracert init ttl 1 Start the UDP tracert operation DeviceA nqa schedule admin test1 start time now lifetime forever After the UDP tracert operation runs for a period of time stop the operation DeviceA undo nqa schedule admin test1 Display the most recent result of the UDP tracert operation DeviceA display nqa result a...

Page 160: ...er udp echo 10 2 2 2 9000 4 Configure Device A Create a voice operation DeviceA system view DeviceA nqa entry admin test1 DeviceA nqa admin test1 type voice Configure 10 2 2 2 as the destination IP address and port 9000 as the destination port DeviceA nqa admin test1 voice destination ip 10 2 2 2 DeviceA nqa admin test1 voice destination port 9000 DeviceA nqa admin test1 voice quit Start the voice...

Page 161: ...3655 Negative DS square sum 1691776 One way results Max SD delay 343 Max DS delay 985 Min SD delay 343 Min DS delay 985 Number of SD delay 1 Number of DS delay 1 Sum of SD delay 343 Sum of DS delay 985 Square Sum of SD delay 117649 Square Sum of DS delay 970225 SD lost packets 0 DS lost packets 0 Lost packets for unknown reason 0 Voice scores MOS value 4 38 ICPIF value 0 Display the statistics of ...

Page 162: ...elay 4 Sum of SD delay 1390 Sum of DS delay 1079 Square Sum of SD delay 483202 Square Sum of DS delay 973651 SD lost packets 0 DS lost packets 0 Lost packets for unknown reason 0 Voice scores Max MOS value 4 38 Min MOS value 4 38 Max ICPIF value 0 Min ICPIF value 0 DLSw operation configuration example Network requirements As shown in Figure 49 configure a DLSw operation to test the response time o...

Page 163: ...n 0 Failures due to internal error 0 Failures due to other errors 0 Display the history records of the DLSw operation DeviceA display nqa history admin test1 NQA entry admin admin tag test1 history records Index Response Status Time 1 19 Succeeded 2011 11 22 10 40 27 7 The output shows that the response time of the DLSw device is 19 milliseconds Path jitter operation configuration example Network ...

Page 164: ...test results Hop IP 10 1 1 2 Basic Results Send operation times 10 Receive response times 10 Min Max Average round trip time 9 21 14 Square Sum of round trip time 2419 Extended Results Failures due to timeout 0 Failures due to internal error 0 Failures due to other errors 0 Packets out of sequence 0 Packets arrived late 0 Path Jitter Results Jitter number 9 Min Max Average jitter 1 10 4 Positive j...

Page 165: ...ack entry 1 SwitchA system view SwitchA ip route static 10 1 1 2 24 10 2 1 1 track 1 3 On Switch A configure an ICMP echo operation Create an NQA operation with administrator name admin and operation tag test1 SwitchA nqa entry admin test1 Configure the NQA operation type as ICMP echo SwitchA nqa admin test1 type icmp echo Configure 10 2 1 1 as the destination IP address SwitchA nqa admin test1 ic...

Page 166: ...0 2 1 2 32 Direct 0 0 127 0 0 1 InLoop0 10 2 1 255 32 Direct 0 0 10 2 1 2 Vlan3 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 0 32 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 127 255 255 255 32 Direct 0 0 127 0 0 1 InLoop0 224 0 0 0 4 Direct 0 0 0 0 0 0 NULL0 224 0 0 0 24 Direct 0 0 0 0 0 0 NULL0 255 255 255 255 32 Direct 0 0 127 0 0 1 InLoop0 The output shows that th...

Page 167: ...5 32 Direct 0 0 127 0 0 1 InLoop0 224 0 0 0 4 Direct 0 0 0 0 0 0 NULL0 224 0 0 0 24 Direct 0 0 0 0 0 0 NULL0 255 255 255 255 32 Direct 0 0 127 0 0 1 InLoop0 The output shows that the static route does not exist and the status of the track entry is negative ICMP template configuration example Network requirements As shown in Figure 52 configure an ICMP template for a feature to perform the ICMP ech...

Page 168: ...ts As shown in Figure 53 configure a DNS template for a feature to perform the DNS operation The operation tests whether Device A can perform the address resolution through the DNS server Figure 53 Network diagram Configuration procedure Assign each interface an IP address Details not shown Configure static routes or a routing protocol to make sure the devices can reach each other Details not show...

Page 169: ... to the IP address 10 2 2 2 and TCP port 9000 DeviceB nqa server tcp connect 10 2 2 2 9000 4 Configure Device A Create TCP template tcp DeviceA system view DeviceA nqa template tcp tcp Configure 10 2 2 2 as the destination IP address and port 9000 as the destination port DeviceA nqatplt tcp tcp destination ip 10 2 2 2 DeviceA nqatplt tcp tcp destination port 9000 Configure the NQA client to notify...

Page 170: ...mber to 9000 DeviceA nqatplt udp udp destination port 9000 Configure the NQA client to notify the feature of the successful operation event if the number of consecutive successful probes reaches 2 DeviceA nqatplt udp udp reaction trigger probe pass 2 Configure the NQA client to notify the feature of the operation failure if the number of consecutive failed probes reaches 2 DeviceA nqatplt udp udp ...

Page 171: ...peration tests whether Device A can upload a file to the FTP server The login username and password are admin and systemtest respectively The file to be transferred to the FTP server is config txt Figure 57 Network diagram Configuration procedure Assign each interface an IP address Details not shown Configure static routes or a routing protocol to make sure the devices can reach each other Details...

Page 172: ...f the number of consecutive successful probes reaches 2 DeviceA nqatplt ftp ftp reaction trigger probe pass 2 Configure the NQA client to notify the feature of the operation failure if the number of consecutive failed probes reaches 2 DeviceA nqatplt ftp ftp reaction trigger probe fail 2 ...

Page 173: ...llowing conditions exist Port 1 is monitoring bidirectional traffic of Port 2 and Port 3 on the same device The packet travels from Port 2 to Port 3 Destination device The device where the monitor port resides is called the destination device Mirroring direction The mirroring direction specifies the direction of the traffic that is copied on a mirroring source Inbound Copies packets received Outbo...

Page 174: ...he same device Figure 58 Local port mirroring implementation As shown in Figure 58 the source port Ten GigabitEthernet 1 0 1 and the monitor port Ten GigabitEthernet 1 0 2 reside on the same device Packets received on Ten GigabitEthernet 1 0 1 are copied to Ten GigabitEthernet 1 0 2 Ten GigabitEthernet 1 0 2 then forwards the packets to the data monitoring device for analysis Remote port mirroring...

Page 175: ...facing the source and destination devices to the remote probe VLAN To monitor the bidirectional traffic of a port in a mirroring group disable MAC address learning for the remote probe VLAN on the source intermediate and destination devices For more information about MAC address learning see Layer 2 LAN Switching Configuration Guide Configuring local port mirroring A local mirroring group takes ef...

Page 176: ... or monitor port When you configure a TRILL access port as a source port only non TRILL encapsulated packets can be mirrored Other packets are dropped When you configure a TRILL trunk port as a source port only TRILL encapsulated packets can be mirrored Other packets are dropped When you configure a TRILL hybrid port as a source port both TRILL encapsulated and non TRILL encapsulated packets can b...

Page 177: ... group id monitor port interface type interface number By default no monitor port is configured for a local mirroring group Configuring the monitor port in interface view Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface interface type interface number N A 3 Configure the port as the monitor port for the specified mirroring group mirroring group group id mon...

Page 178: ...obe vlan command If the remote probe VLAN of a remote mirroring group is removed the remote mirroring group will become invalid Configuration procedure To configure local port mirroring with multiple monitor ports Step Command Remarks 1 Enter system view system view N A 2 Create a remote source group mirroring group group id remote source By default no mirroring groups exist on a device 3 Configur...

Page 179: ...Layer 2 remote source or destination group Do not enable MVRP on the devices or ports that allow the remote probe VLAN to pass through If MVRP is enabled MVRP might register the remote probe VLAN with unexpected ports resulting in undesired copies For more information about MVRP see Layer 2 LAN Switching Configuration Guide As a best practice configure devices in the order of the destination devic...

Page 180: ...tem view N A 2 Configure the monitor port for the specified remote destination group mirroring group group id monitor port interface type interface number By default no monitor port is configured for a remote destination group Configuring the monitor port for a remote destination group in interface view Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface inter...

Page 181: ...eate a remote source group mirroring group group id remote source By default no remote source group exists on a device Configuring source ports for a remote source group To configure source ports for a mirroring group use one of the following methods Assign a list of source ports to the mirroring group in system view Assign a port to the mirroring group as a source port in interface view To assign...

Page 182: ... for any remote source group Configuring the egress port for a remote source group To configure the egress port for a remote source group use one of the following methods Configure the egress port for the remote source group in system view Assign a port to the remote source group as the egress port in interface view When you configure the egress port for a remote source group follow these guidelin...

Page 183: ...oring groups on the source device and destination device must use the same remote probe VLAN To configure the remote probe VLAN for a remote source group Step Command Remarks 1 Enter system view system view N A 2 Configure the remote probe VLAN for the specified remote source group mirroring group group id remote probe vlan vlan id By default no remote probe VLAN is configured for a remote source ...

Page 184: ... monitor port ten gigabitethernet 1 0 3 Disable the spanning tree feature on the monitor port Ten GigabitEthernet 1 0 3 Device interface ten gigabitethernet 1 0 3 Device Ten GigabitEthernet1 0 3 undo stp enable Device Ten GigabitEthernet1 0 3 quit Verifying the configuration Display information about all mirroring groups Device display mirroring group all Mirroring group 1 Type Local Status Active...

Page 185: ...2 DeviceC vlan 2 Disable MAC address learning for VLAN 2 DeviceC vlan2 undo mac address mac learning enable DeviceC vlan2 quit Configure VLAN 2 as the remote probe VLAN and Ten GigabitEthernet 1 0 2 as the monitor port of the mirroring group DeviceC mirroring group 2 remote probe vlan 2 DeviceC interface ten gigabitethernet 1 0 2 DeviceC Ten GigabitEthernet1 0 2 mirroring group 2 monitor port Disa...

Page 186: ...LAN 2 DeviceA vlan 2 Disable MAC address learning for VLAN 2 DeviceA vlan2 undo mac address mac learning enable DeviceA vlan2 quit Configure VLAN 2 as the remote probe VLAN of the mirroring group DeviceA mirroring group 1 remote probe vlan 2 Configure Ten GigabitEthernet 1 0 1 as a source port and Ten GigabitEthernet 1 0 2 as the egress port in the mirroring group DeviceA mirroring group 1 mirrori...

Page 187: ...s As shown in Figure 62 configure port mirroring so servers A B and C can monitor the bidirectional traffic of the three departments Figure 62 Network diagram Configuration procedure Create remote source group 1 DeviceA system view DeviceA mirroring group 1 remote source Configure Ten GigabitEthernet 1 0 1 through Ten GigabitEthernet 1 0 3 as source ports of the remote source group DeviceA mirrori...

Page 188: ... Y N y Create VLAN 10 and assign ports Ten GigabitEthernet 1 0 11 through Ten GigabitEthernet 1 0 13 to VLAN 10 DeviceA vlan 10 DeviceA vlan10 port ten gigabitethernet 1 0 11 to ten gigabitethernet 1 0 13 DeviceA vlan10 quit Configure VLAN 10 as the remote probe VLAN of the remote source group DeviceA mirroring group 1 remote probe vlan 10 ...

Page 189: ... the CPU of the IRF member device where they are received The CPU analyzes the packets or delivers them to upper layers For more information about QoS policies traffic classes and traffic behaviors see ACL and QoS Configuration Guide Flow mirroring configuration task list Tasks at a glance Required Configuring match criteria Required Configuring a traffic behavior Required Configuring a QoS policy...

Page 190: ...ffic behavior Available in any view Configuring a QoS policy Step Command Remarks 1 Enter system view system view N A 2 Create a QoS policy and enter QoS policy view qos policy policy name By default no QoS policy exists 3 Associate a class with a traffic behavior in the QoS policy classifier tcl name behavior behavior name By default no traffic behavior is associated with a class 4 Optional Displ...

Page 191: ...cy name global inbound outbound Applying a QoS policy to the control plane You can apply a QoS policy to the control plane to mirror the traffic in the specified direction on all ports of the control plane To apply a QoS policy to the control plane Step Command 1 Enter system view system view 2 Enter control plane view control plane slot slot number 3 Apply a QoS policy to the control plane qos ap...

Page 192: ... and configure the match criterion as ACL 3000 DeviceA traffic classifier tech_c DeviceA classifier tech_c if match acl 3000 DeviceA classifier tech_c quit Create traffic behavior tech_b configure the action of mirroring traffic to port Ten GigabitEthernet 1 0 3 DeviceA traffic behavior tech_b DeviceA behavior tech_b mirror to interface ten gigabitethernet 1 0 3 DeviceA behavior tech_b quit Create...

Page 193: ...t the server can monitor the following traffic All traffic sent by the Technical department to access the Internet The IP traffic that the Technical department sends to the Marketing department during working hours on weekdays Details not shown ...

Page 194: ...UDP datagrams to the specified sFlow collector The sFlow collector analyzes the information and displays the results One sFlow collector can monitor multiple sFlow agents sFlow provides the following sampling mechanisms Flow sampling Obtains packet information Counter sampling Obtains interface counter information Figure 64 sFlow system Protocols and standards RFC 3176 InMon Corporation s sFlow A ...

Page 195: ...ort port number datagram size size time out seconds description text By default no sFlow collector information is configured 4 Optional Specify the source IP address of sFlow packets sflow source ip ip address ipv6 ipv6 address By default the source IP address is determined by routing Configuring flow sampling Perform this task to configure flow sampling on an Ethernet interface The sFlow agent pe...

Page 196: ... 1 Periodically collects the counter information on that interface 2 Encapsulates the counter information into sFlow packets 3 Encapsulates the sFlow packets in the UDP packets and sends the UDP packets to the specified sFlow collector To configure counter sampling Step Command Remarks 1 Enter system view system view N A 2 Enter Layer 2 Ethernet interface view interface interface type interface nu...

Page 197: ...Device sflow collector 1 ip 3 3 3 2 description netserver 3 Configure counter sampling Enable counter sampling and set the counter sampling interval to 120 seconds on Ten GigabitEthernet 1 0 1 Device interface ten gigabitethernet 1 0 1 Device Ten GigabitEthernet1 0 1 sflow counter interval 120 Specify sFlow collector 1 for counter sampling Device Ten GigabitEthernet1 0 1 sflow counter collector 1 ...

Page 198: ...ace that sends sFlow packets However the UDP datagrams with this source IP address cannot reach the sFlow collector The physical link between the device and the sFlow collector fails The sFlow collector is bound to a non existent VPN The length of an sFlow packet is less than the sum of the following two values The length of the sFlow packet header The number of bytes that flow sampling can copy p...

Page 199: ...fies a process that consumes excessive memory or CPU resources as an anomaly source To display and maintain processes Task Command Display memory usage display memory slot slot number cpu cpu number Display process state information display process all job job id name process name slot slot number cpu cpu number Display CPU usage for all processes display process cpu slot slot number cpu cpu numbe...

Page 200: ...d their causes Configuring kernel thread deadloop detection CAUTION Inappropriate configuration of kernel thread deadloop detection can cause service problems or system breakdown Make sure you understand the impact of this configuration on your network before you configure kernel thread deadloop detection Kernel threads share resources If a kernel thread monopolizes the CPU other threads cannot ru...

Page 201: ...lt is 120 seconds 4 Optional Disable kernel thread starvation detection for a kernel thread monitor kernel starvation exclude thread tid slot slot number cpu cpu number After enabled kernel thread starvation detection monitors all kernel threads by default Displaying and maintaining kernel threads Execute display commands in any view and reset commands in user view Task Command Display kernel thre...

Page 202: ...3 Task Command Clear kernel thread reboot information reset kernel reboot slot slot number cpu cpu number Clear kernel thread starvation information reset kernel starvation slot slot number cpu cpu number ...

Page 203: ...nt sources Event sources are software or hardware modules that trigger events see Figure 66 For example the CLI module triggers an event when you enter a command The Syslog module the information center triggers an event when it receives a log message Event monitors EAA creates one event monitor for a monitor policy to monitor the system for the event specified in each monitor policy An event moni...

Page 204: ...tplug event occurs when the following situations occur Master subordinate switchover occurs Member device is added to or removed from the IRF fabric Interface Each interface event is associated with two user defined thresholds start and restart An interface event occurs when the monitored interface traffic statistic crosses the start threshold in the following situations The statistic crosses the ...

Page 205: ...t variables EAA environment variables decouple the configuration of action arguments from the monitor policy so you can modify a policy easily An EAA environment variable is defined as a variable_name variable_value pair and can be used in different policies When you define an action you can enter a variable name with a leading dollar sign variable_name instead of entering a value for an argument ...

Page 206: ...fication Process _process_name Process name User defined variables You can use user defined variables for all types of events User defined variable names can contain digits characters and the underscore sign _ except that their leading character cannot be the underscore sign Configuring a user defined EAA environment variable Configure a user defined EAA environment variable before you use it in a...

Page 207: ...ent cli async skip sync mode execute help tab pattern regular exp Configure a hotplug event event hotplug slot slot number Configure an interface event event interface interface type interface number monitor obj monitor obj start op start op start val start val restart op restart op restart val restart val interval interval Configure a process event event process exception restart shutdown start n...

Page 208: ...ign the security audit user role to the policy The previously assigned security audit user role is automatically removed when you assign any other user roles to the policy 6 Optional Configure the policy runtime running time time The default runtime is 20 seconds 7 Enable the policy commit By default CLI defined policies are not enabled A CLI defined policy can take effect only after you perform t...

Page 209: ...in variable_name format for an argument The following actions are available Standard Tcl commands EAA specific Tcl commands Commands supported by the device Suspending monitor policies This task suspends all CLI defined and Tcl defined monitor policies except for the policies that are running To suspend monitor policies Step Command Remarks 1 Enter system view system view N A 2 Suspend monitor pol...

Page 210: ...lo world Add an action that enters system view when the event occurs Sysname rtm test action 2 cli system view Set the policy runtime to 2000 seconds The system stops executing the policy and displays an execution failure message if it fails to complete policy execution within 2000 seconds Sysname rtm test running time 2000 Specify the network admin user role for executing the policy Sysname rtm t...

Page 211: ...test and enter its view Sysname rtm cli policy test Add a CLI event that occurs when a command line that contains loopback0 is executed Sysname rtm test event cli async mode execute pattern loopback0 Add an action that enters system view when the event occurs Sysname rtm test action 0 cli system view Add an action that creates the interface Loopback 0 and enters loopback interface view Sysname rtm...

Page 212: ...tes the command only after it executes the policy successfully Configuration procedure Edit a Tcl script file rtm_tcl_test tcl in this example for EAA to send the message rtm_tcl_test is running when a command that contains the display this string is executed comware rtm event_register cli sync mode execute pattern display this user role network admin comware rtm action syslog priority 1 facility ...

Page 213: ...204 Sysname display this return Sysname Jun 4 15 02 30 354 2013 Sysname RTM 1 RTM_ACTION rtm_tcl_test is running Jun 4 15 02 30 382 2013 Sysname RTM 6 RTM_POLICY TCL policy test is running successfully ...

Page 214: ...evice in the network DNS server Domain name system server CWMP defines that the ACS and the CPE use URLs to identify and access each other DNS is used to resolve the URLs DHCP server Assigns ACS attributes along with IP addresses to CPEs when the CPEs are powered on DHCP server is optional in CWMP With a DHCP server you do not need to configure ACS attributes manually on each CPE The CPEs contact ...

Page 215: ...fied image file only when the file passes validity verification Data backup The ACS can require the CPE to upload a configuration or log file to a specific location The destination location can be the ACS or a file server Status and performance monitoring The CPE allows the ACS to monitor the status and performance objects in Table 22 Table 22 CPE status and performance objects available for the A...

Page 216: ...ection is established again or the specified retry limit is reached Depending on the configuration the CPE can also connect to the ACS regularly or at a scheduled time to update its information with the ACS NOTE For the CPE to complete autoconfiguration at its initial startup use a DHCP server as a best practice The DHCP option for ACS parameter assignment is option 43 For more information about D...

Page 217: ...om the CLI Optional Configuring the default ACS attributes from the CLI The preferred ACS attributes are configurable from the CPE s CLI DHCP server and ACS The default ACS attributes are configurable only from the CLI Optional Configuring CPE attributes Configuring ACS authentication parameters Configuring the provision code Configuring the CWMP connection interface Configuring autoconnect parame...

Page 218: ...S assigned values overwrite each other The default ACS attributes are configurable only from the CLI The CPE uses the default ACS attributes for connection establishment only when it is not assigned a preferred ACS URL from the CLI ACS or DHCP server Configuring the preferred ACS attributes Assigning ACS attributes from the DHCP server You can use DHCP option 43 to assign the ACS URL and ACS login...

Page 219: ...the CLI Step Command Remarks 1 Enter system view system view N A 2 Enter CWMP view cwmp N A 3 Configure the preferred ACS URL cwmp acs url url By default no preferred ACS URL has been configured 4 Configure the username for authentication to the preferred ACS URL cwmp acs username username By default no username has been configured for authentication to the preferred ACS URL 5 Optional Configure t...

Page 220: ... The password setting is optional You can specify only a username for authentication To configure ACS authentication parameters Step Command Remarks 1 Enter system view system view N A 2 Enter CWMP view cwmp N A 3 Configure the username for authentication to the CPE cwmp cpe username username By default no username has been configured for authentication to the CPE 4 Optional Configure the password...

Page 221: ...the CWMP connection interface cwmp cpe connect interface interface type interface number No CWMP connection interface is specified Configuring autoconnect parameters You can configure the CPE to connect to the ACS periodically or at a schedule time for configuration or software update To protect system resources limit the number of retries that the CPE can make to connect to the ACS Configuring th...

Page 222: ...r also specifies the maximum amount of time the CPE waits for the response to a session request The CPE determines that its session attempt has failed when the timer expires To configure the close wait timer for the CPE Step Command Remarks 1 Enter system view system view N A 2 Enter CWMP view cwmp N A 3 Set the close wait timer cwmp cpe wait timeout seconds By default the close wait timer is 30 s...

Page 223: ...nd Remarks 1 Enter system view system view N A 2 Enter CWMP view cwmp N A 3 Specify an SSL client policy ssl client policy policy name By default no SSL client policy is specified Displaying and maintaining CWMP Execute display commands in any view Task Command Display CWMP configuration display cwmp configuration Display the current status of CWMP display cwmp status CWMP configuration example Ne...

Page 224: ... numbers of the CPEs Table 26 CPE list Room Device Serial number A Device A 210231A95YH10C000045 Device B 210235AOLNH12000010 Device C 210235AOLNH12000015 B Device D 210235AOLNH12000017 Device E 210235AOLNH12000020 Device F 210235AOLNH12000022 Configuration procedure Configuring the ACS 1 Log in to the ACS Device A Device B Device C Room A Device D Device E Device F Room B ACS 10 185 10 41 DHCP Se...

Page 225: ...ion user configuration page appears Figure 4 CPE authentication user configuration page b Click Add c Enter the username and password for authentication to the ACS and then click OK Figure 5 Adding a CPE user account 3 Add device groups and device classes for devices in equipment rooms A and B This example assigns all devices to the same device group and assigns the devices in two equipment rooms ...

Page 226: ...OK In this example the device class for devices in equipment room A is Device_A Figure 7 Adding a device class g Repeat the previous two steps to create a device class for devices in equipment room B 4 Add the devices as CPEs a Select Service BIMS Add CPE from the top navigation bar b On the Add CPE page enter or select basic settings for device A and then click OK c Repeat the previous two steps ...

Page 227: ...Figure 8 Adding a CPE After the CPE is added successfully a success message is displayed as shown in Figure 9 Figure 9 CPE added successfully 5 Configure the system settings of the ACS as shown in Figure 10 ...

Page 228: ...Templates from the navigation tree Figure 11 Configuring templates page b On the Configuration Templates page click Import c On the Import Configuration Template page select configuration template settings for the Device_A device class add the Device_A class to the Applicable CPEs pane and then click OK d Repeat the previous two steps to configure a configuration template for equipment room B s de...

Page 229: ...220 Figure 12 Importing configuration template After the configuration template is added successfully a success message is displayed as shown in Figure 13 Figure 13 Configuration templates ...

Page 230: ... the Device_A device class add the Device_A class to the Applicable CPEs pane and then click OK h Repeat the previous two steps to configure a software library entry for equipment room B s device class Figure 15 Importing CPE software 7 Add auto deployment tasks a Select Service BIMS Configuration Management Deployment Guide from the top navigation bar b On the Deployment Guide page click By Devic...

Page 231: ...222 Figure 16 Deployment Guide c On the Auto Deploy Configuration page click Select Class Figure 17 Configuring auto deployment d On the Device Class page select Device_A and then click OK ...

Page 232: ...n equipment room B in the same way you add the deployment task for the devices in equipment room A Configuring the DHCP server In this example an HPE device is operating as the DHCP server 1 Configure an IP address pool to assign IP addresses and DNS server address to the CPEs This example uses subnet 10 185 10 0 24 for IP address assignment Enable DHCP DHCP_server system view DHCP_server dhcp ena...

Page 233: ...ver dhcp pool 0 option 43 hex 0140 68747470 3A2F2F61 63732E64 61746162 6173653A 39303930 2F616373 20766963 6B792031 32333435 Configuring the DNS server Map http acs database 9090 acs to http 10 185 1 41 9090 acs on the DNS server For more information about DNS configuration see DNS server documentation Connecting the CPEs to the network Connect the CPEs to the network and then power on the CPEs De...

Page 234: ... of managed objects which can be configuration data status data and statistics information For information about the operable data see the NETCONF XML API reference for the switch Operations get get config edit config The operations layer defines a set of base operations invoked as RPC methods with XML encoded parameters NETCONF base operations include data retrieval operations configuration opera...

Page 235: ...pc message id 100 xmlns urn ietf params xml ns netconf base 1 0 get bulk filter type subtree top xmlns http www h3c com netconf data 1 0 Ifmgr Interfaces Interface Interfaces Ifmgr top filter get bulk rpc NETCONF over SOAP All NETCONF over SOAP messages are XML based and comply with RFC 4741 NETCONF messages are contained in the Body element of SOAP messages NETCONF over SOAP messages also comply ...

Page 236: ...hod is suitable for R D and test purposes Custom configuration tool N A To use this method you must enable NETCONF over SOAP By default the device cannot interpret Custom configuration tools URLs For the device to interpret these URLs you must encode the NETCONF messages sent from a custom configuration tool in SOAP Protocols and standards RFC 3339 Date and Time on the Internet Timestamps RFC 4741...

Page 237: ...ling back and loading the configuration Optional Filtering data Optional Performing CLI operations through NETCONF Optional Retrieving NETCONF session information Optional Terminating another NETCONF session Optional Returning to the CLI Enabling NETCONF over SOAP NETCONF messages can be encapsulated into SOAP messages and transmitted over HTTP and HTTPS After enabling NETCONF over SOAP you can de...

Page 238: ... netconf ssh server port port number By default port 830 listens for NETCONF over SSH connections Enabling NETCONF logging NETCONF logging generates logs for different NETCONF operation sources and NETCONF operations To enable NETCONF logging Step Command Remarks 1 Enter system view system view N A 6 Enable NETCONF logging netconf log source all agent soap web protocol operation all action config ...

Page 239: ...represents the unique ID assigned to the current session After receiving the hello message from the device copy the following message to notify the device of the capabilities user configurable supported by the client hello xmlns urn ietf params xml ns netconf base 1 0 capabilities capability capability set capability capabilities hello Use a pair of capability and capability tags to enclose each c...

Page 240: ... a response in the following format if the subscription is successful xml version 1 0 encoding UTF 8 rpc reply message id 101 xmlns netconf urn ietf params xml ns netconf base 1 0 ok rpc reply If the subscription fails the device returns an error message in the following format xml version 1 0 encoding UTF 8 rpc reply message id 101 xmlns urn ietf params xml ns netconf base 1 0 rpc error error typ...

Page 241: ...o the client that has subscribed to all events xml version 1 0 encoding UTF 8 notification xmlns urn ietf params xml ns netconf notification 1 0 eventTime 2011 01 04T12 30 46 eventTime event xmlns http www h3c com netconf event 1 0 Group DEV Group Code FAN_DIRECTION_NOT_PREFERRED Code Slot 6 Slot Severity Alert Severity context Fan 1 airflow direction is not preferred on slot 6 please check it con...

Page 242: ...he configuration Copy the following text to the client to lock the configuration xml version 1 0 encoding UTF 8 rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 lock target running target lock rpc After receiving the lock request the device returns a response in the following format if the lock operation is successful xml version 1 0 encoding UTF 8 rpc reply message id 101 xmlns ur...

Page 243: ...ng target lock rpc Verifying the configuration If the client receives the following response the lock operation is successful xml version 1 0 encoding UTF 8 rpc reply message id 101 xmlns urn ietf params xml ns netconf base 1 0 ok rpc reply If another client sends a lock request the device returns the following response xml version 1 0 encoding UTF 8 rpc reply message id 101 xmlns urn ietf params ...

Page 244: ...the data entry next to the one with the specified index You do not specify the count attribute The number of matched data entries is less than the value of the count attribute Copy the following text to the client to perform the get operation xml version 1 0 encoding UTF 8 rpc message id 100 xmlns urn ietf params xml ns netconf base 1 0 getoperation filter top xmlns http www h3c com netconf data 1...

Page 245: ...e following format if the operation is successful xml version 1 0 rpc reply message id 100 xmlns urn ietf params xml ns netconf base 1 0 data Device state and configuration data data rpc reply Performing the get config get bulk config operation The get config and get bulk config operations are used to retrieve all non default configurations which are configured by means of CLI and MIB The get conf...

Page 246: ...ion 1 0 rpc message id 100 xmlns urn ietf params xml ns netconf base 1 0 edit config target running running target error option Default operation when an error occurs error option config top xmlns http www h3c com netconf config 1 0 Specify the module name submodule name table name and column name top config edit config rpc After receiving the edit config request the device returns a response in t...

Page 247: ...If the client receives the following text the get config operation is successful rpc reply xmlns urn ietf params xml ns netconf base 1 0 xmlns web urn ietf params xml ns netconf base 1 0 message id 101 data top xmlns http www h3c com netconf config 1 0 Ifmgr Interfaces Interface IfIndex 1307 IfIndex Shutdown 1 Shutdown Interface Interface IfIndex 1308 IfIndex Shutdown 1 Shutdown Interface Interfac...

Page 248: ... Retrieve configuration data for the Syslog module Configuration procedure Enter XML view Sysname xml Exchange capabilities hello xmlns urn ietf params xml ns netconf base 1 0 capabilities capability urn ietf params netconf base 1 0 capability capabilities hello Retrieve configuration data for the Syslog module rpc message id 100 xmlns urn ietf params xml ns netconf base 1 0 get config source runn...

Page 249: ...le Network requirements Retrieve a data entry for the interface table Configuration procedure Enter XML view Sysname xml Exchange capabilities hello xmlns urn ietf params xml ns netconf base 1 0 capabilities capability urn ietf params netconf base 1 0 capability capabilities hello Retrieve a data entry for the interface table rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 xmlns w...

Page 250: ...nStatus 2 AdminStatus OperStatus 2 OperStatus ConfigSpeed 0 ConfigSpeed ActualSpeed 100000 ActualSpeed ConfigDuplex 3 ConfigDuplex ActualDuplex 1 ActualDuplex Interface Interfaces Ifmgr top data rpc reply Example for changing the value of a parameter Network requirements Change the log buffer size for the Syslog module to 512 Configuration procedure Enter XML view Sysname xml Exchange capabilities...

Page 251: ...ding UTF 8 rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 save file Specify the configuration file name file save rpc The name of the specified configuration file must start with the storage media name and end with the extension cfg The total length of the save path and file name must be no more than 191 characters If the text includes the file column you must specify the file na...

Page 252: ...are merged into the current configuration New configurations are directly loaded Configurations that already exist in the current configuration are replaced by those loaded from the configuration file Copy the following text to the client to load a configuration file for the device xml version 1 0 encoding UTF 8 rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 load file Specify the...

Page 253: ...tf params xml ns netconf base 1 0 ok rpc reply Filtering data You can define a filter with the filter element to filter information when you perform a get get bulk get config or get bulk config operation Data filtering mechanisms include full match regular expression match and conditional match Full match You can specify an element value in an XML message to implement full match If multiple elemen...

Page 254: ...ove examples show that both element value based full match and attribute name based full match can retrieve the same configuration data for all interfaces in up state Regular expression match To implement a complex data filtering with characters you can add a regExp attribute for a specific element Copy the following text to the client to retrieve the descriptions of interfaces of which all the ch...

Page 255: ...tring OID and BOOL Not equal match notEqual valu e Not equal to the specified value The supported data types include date digit character string OID and BOOL Include match include string Includes the specified string The supported data types include only character string Not include match exclude string Excludes the specified string The supported data types include only character string Start with...

Page 256: ... Interfaces table under the Ifmgr module xml version 1 0 rpc message id 100 xmlns urn ietf params xml ns netconf base 1 0 xmlns reg http www h3c com netconf base 1 0 get filter type subtree top xmlns http www h3c com netconf data 1 0 Ifmgr Interfaces Interface Description reg regExp Interface Interfaces Ifmgr top filter get rpc Verifying the configuration If the client receives the following text ...

Page 257: ...rieve data in the Name column with the ifindex value not less than 5000 in the Interfaces table under the Ifmgr module Configuration procedure Enter XML view Sysname xml Exchange capabilities hello xmlns urn ietf params xml ns netconf base 1 0 capabilities capability urn ietf params netconf base 1 0 capability capabilities hello Retrieve data in the Name column with the ifindex value not less than...

Page 258: ...eply Performing CLI operations through NETCONF You can enclose command lines in XML messages to configure the device Configuration procedure Copy the following text to the client to execute the commands xml version 1 0 encoding UTF 8 rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 CLI Execution Commands Execution CLI rpc The Execution element can contain multiple commands with one...

Page 259: ...lowing text to the client to execute the display current configuration command xml version 1 0 encoding UTF 8 rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 CLI Execution display current configuration Execution CLI rpc Verifying the configuration If the client receives the following text the operation is successful xml version 1 0 encoding UTF 8 rpc reply message id 101 xmlns urn...

Page 260: ...etf params xml ns netconf base 1 0 get sessions Session SessionID Configuration session ID SessionID Line line information Line UserName Name of the user creating the session UserName Since Time when the session was created Since LockHeld Whether the session holds a lock LockHeld Session get sessions rpc reply For example to get NETCONF session information Enter XML view Sysname xml Copy the follo...

Page 261: ... of another client The client whose session is terminated returns to user view Copy the following message to the client to terminate the specified NETCONF session rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 kill session session id Specified session ID session id kill session rpc After receiving the kill session request the device returns a response in the following format if t...

Page 262: ...ID 2 has returned from XML view to user view xml version 1 0 encoding UTF 8 rpc reply message id 101 xmlns urn ietf params xml ns netconf base 1 0 ok rpc reply Returning to the CLI To return from XML view to the CLI send the following close session request xml version 1 0 rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 close session rpc When the device receives the close session r...

Page 263: ...onf base 1 0 get filter type subtree top xmlns http www h3c com netconf data 1 0 Syslog Syslog top filter get rpc get config Retrieves the non default configuration data If non default configuration data does not exist the device returns a response with empty data To retrieve non default configuration data for the interface table rpc message id 100 xmlns urn ietf params xml ns netconf base 1 0 xml...

Page 264: ...ecified index To retrieve non default configuration for all interfaces rpc message id 100 xmlns urn ietf params xml ns netconf base 1 0 get bulk config source running source filter type subtree top xmlns http www h3c com netconf config 1 0 Ifmgr Ifmgr top filter get bulk config rpc edit config merge Changes the running configuration To use the merge attribute in an edit config operation you must s...

Page 265: ...t If the specified target exists the operation replaces the configuration of the target with the configuration carried in the message If the specified target does not exist but is allowed to be created create the target and then apply the configuration of the target If the specified target does not exist and is not allowed to be created the operation is not conducted and an invalid value error mes...

Page 266: ...ing default operation attributes merge create delete and replace Your setting of the value for the default operation element takes effect only once If you do not specify an operation attribute and the default operation method for an edit config message merge is always applied merge The default value for the default operation element replace Value used when the operation attribute is not specified ...

Page 267: ...s continue on error rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 edit config target running target error option continue on error error opt ion config xmlns xc urn ietf params xml ns netconf b ase 1 0 top xmlns http www h3c com netconf config 1 0 Ifmgr xc operation merge Interfaces Interface Index 262 Index Description 222 Description ConfigSpeed 100 ConfigSpeed ConfigDuplex 1 ...

Page 268: ...ce Index 262 Index Description 222 Description ConfigSpeed 100 ConfigSpeed ConfigDuplex 1 ConfigDuplex Interface Interfaces Ifmgr top config edit config rpc action Issues actions that are not for configuring data for example reset action To clear statistics information for all interfaces rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 action top xmlns http www h3c com netconf acti...

Page 269: ...f the XML view To terminate the NETCONF session for the current user rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 close session rpc kill session Terminates the NETCONF session for another user This operation cannot terminate the NETCONF session for the current user To terminate the NETCONF session with session id 1 rpc message id 101 xmlns urn ietf params xml ns netconf base 1 ...

Page 270: ...ation in the specified file is merged into the current configuration of the device To merge the configuration in the file a1 cfg to the current configuration of the device rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 load file a1 cfg file load rpc rollback Rolls back the configuration To do so you must specify the configuration file in the file element After the device finishes...

Page 271: ...uired format For example you can set an IP address to 2 2 2 2 or any other valid values A variable must be modified by one or multiple qualifiers For example to capture any packets sent from the host at 2 2 2 2 use the filter src host 2 2 2 2 Operators include the following types Logical operators Perform logical operations such as the AND operation Arithmetic operators Perform arithmetic operatio...

Page 272: ...ets that are less than or equal to a specific size greater Matches packets that are greater than or equal to a specific size len Matches the packet length vlan Matches VLAN packets NOTE The broadcast multicast and all protocol qualifiers cannot modify variables Table 32 Variable types for capture filters Variable type Description Examples Integer Represented in binary octal decimal or hexadecimal ...

Page 273: ...operator to capture traffic that matches either of the conditions For example to capture traffic that is sent to or from 1 1 1 1 or 2 2 2 2 use host 1 1 1 1 or host 2 2 2 2 Table 34 Arithmetic operators for capture filters Nonalphanumeric symbol Description Adds two values Subtracts one value from another Multiplies one value by another Divides one value by another Returns the result of the bitwis...

Page 274: ...ds Table 36 and Table 37 describe the qualifiers and variables for display filters respectively Table 36 Qualifiers for display filters Category Description Examples Protocol Matches a protocol eth Matches Ethernet ftp Matches FTP http Matches HTTP icmp Matches ICMP ip Matches IPv4 ipv6 Matches IPv6 tcp Matches TCP telnet Matches Telnet udp Matches UDP Packet field Matches a field in packets by us...

Page 275: ... sent to or from 129 111 0 0 16 use ip addr 129 111 0 0 16 IPv6 address Represented in colon hexadecimal notation For example To display IPv6 packets that are sent to or from 1 1 use ipv6 addr 1 1 To display IPv6 packets that are sent to or from 1 64 use ipv6 addr 1 64 String Character string For example to display HTTP packets that contain the string HTTP 1 1 for the request version field use htt...

Page 276: ...equal to For example frame len le 0x100 displays frames with a length less than or equal to 256 bytes Building a capture filter This section provides the most commonly used expression types for capture filters Logical expression Use this type of expression to capture packets that match the result of logical operations Logical expressions contain keywords and logical operators For example not port ...

Page 277: ...es a VLAN ID For example vlan 1 and ip6 captures IPv6 packets in VLAN 1 To capture 802 1Q tagged traffic you must use the vlan vlan_id expression prior to any other expressions An expression matches untagged packets if it does not follow a vlan vlan_id expression For example vlan 1 and tcp Captures VLAN 1 tagged non TCP packets icmp and vlan 1 Captures untagged ICMP packets that are VLAN 1 tagged ...

Page 278: ...red packets use the packet capture read command To stop the capture while it is capturing packets press Ctrl C There might be a delay for the capture to stop because of heavy traffic To save the captured packets to a file Task Command Remarks Save the captured packets to a file packet capture interface interface type interface number capture filter capt expression limit captured frames limit limit...

Page 279: ...1 SwitchA behavior behavior1 mirror to cpu SwitchA behavior behavior1 quit Configure a traffic class to use the ACL to match traffic SwitchA traffic classifier classifier1 SwitchA classifier class1 if match acl 3000 SwitchA classifier class1 quit Associate the traffic class with the traffic behavior in a QoS policy SwitchA qos policy user1 SwitchA qospolicy user1 classifier classifier1 behavior be...

Page 280: ...tured packets to 10 Save the packets to the file flash a pcap DeviceA packet capture interface ten gigabitethernet 1 0 1 limit captured frames 10 write flash a pcap Capturing on Ten GigabitEthernet1 0 1 10 Display the contents in the packet file DeviceA packet capture read flash a pcap 1 0 000000 192 168 56 1 192 168 56 2 TCP 62 6325 telnet SYN Seq 0 Win 65535 Len 0 MSS 1460 SACK_PERM 1 2 0 000061...

Page 281: ...ast one x y Asterisk marked square brackets enclose optional syntax choices separated by vertical bars from which you select one choice multiple choices or none 1 n The argument or keyword and argument combination before the ampersand sign can be entered 1 to n times A line that starts with a pound sign is comments GUI conventions Convention Description Boldface Window names button names field nam...

Page 282: ... Represents an access controller a unified wired WLAN module or the access controller engine on a unified wired WLAN switch Represents an access point Represents a wireless terminator unit Represents a wireless terminator Represents a mesh access point Represents omnidirectional signals Represents directional signals Represents a security product such as a firewall UTM multiservice security gatewa...

Page 283: ...s provide a mechanism for accessing software updates through the product interface Review your product documentation to identify the recommended software update method To download product updates go to either of the following Hewlett Packard Enterprise Support Center Get connected with updates page www hpe com support e updates Software Depot website www hpe com support softwaredepot To view and u...

Page 284: ...r self repair CSR programs allow you to repair your product If a CSR part needs to be replaced it will be shipped directly to you so that you can install it at your convenience Some parts do not qualify for CSR Your Hewlett Packard Enterprise authorized service provider will determine whether a repair can be accomplished by CSR For more information about CSR contact your local service provider or ...

Page 285: ...number edition and publication date located on the front cover of the document For online help content include the product name product version help edition and publication date located on the legal notices page ...

Page 286: ...referred DHCP server 209 port mirroring monitor port to remote probe VLAN 172 associating IPv6 NTP client server association mode 27 IPv6 NTP symmetric active passive association mode 30 NMM IPv6 NTP multicast association mode 35 NMM NTP broadcast association mode 31 NMM NTP broadcast association mode with authentication 40 NMM NTP multicast association mode 33 NTP association mode 12 46 305 NTP b...

Page 287: ...tter operation 116 NQA client voice operation 120 NQA collaboration configuration 156 NQA DHCP operation configuration 138 NQA DLSw operation configuration 153 NQA DNS operation configuration 139 NQA echo operation configuration ICMP 137 NQA echo operation configuration UDP 148 NQA enable 111 NQA FTP operation configuration 141 NQA HTTP operation configuration 142 NQA operation 111 NQA operation c...

Page 288: ...em view 168 local port mirroring group source ports 167 local port mirroring group source ports interface view 167 local port mirroring group source ports system view 167 local port mirroring with multiple monitor ports 178 NMM IPv6 NTP multicast association mode 35 NMM NETCONF 225 228 NMM NTP broadcast association mode 31 NMM NTP broadcast mode with authentication 40 NMM NTP multicast association...

Page 289: ...PTP non Pdelay message MAC address 57 PTP OC as member clock 53 PTP port role 54 PTP system time source 60 PTP TC OC port type 55 PTP timestamp carry mode 54 PTP UTC correction date 59 remote port mirroring destination group 170 remote port mirroring source group 172 remote port mirroring source group egress port 173 remote port mirroring source group remote probe VLAN 174 remote port mirroring so...

Page 290: ...g feature module 6 system maintenance 1 default information center log default output rules 67 system information diagnostic log output rules 67 system information hidden log output rules 68 system information security log output rules 67 system information trace log output rules 68 Delay_Req message 57 delaying PTP BC delay measurement 55 PTP delay correction value 58 PTP OC delay measurement 55 ...

Page 291: ...agnostic log 66 information center diagnostic log save log file 75 direction port mirroring bidirectional 164 port mirroring inbound 164 port mirroring outbound 164 disabling information center interface link up link down log generation 77 NTP message receiving 24 display filter keyword packet capture 265 display filter operator packet capture 266 displaying contents in a packet file 270 CWMP sett...

Page 292: ...ment EAA environment variable configuration user defined 197 EAA event monitor policy environment variable 196 establishing NMM NETCONF session 229 Ethernet CWMP configuration 205 208 214 Layer 2 remote port mirroring configuration 170 port mirroring configuration 164 174 RMON Ethernet statistics entry 101 RMON Ethernet statistics group configuration 103 RMON statistics configuration 101 RMON stat...

Page 293: ...trol entry 101 RMON history group configuration 104 host information center log output log host 72 SNMP agent host notification 91 HTTP NMM NETCONF over SOAP HTTP based 228 NMM NETCONF over SOAP HTTPS based 228 NQA 108 NQA client HTTP operation 115 NQA client template HTTP 133 NQA HTTP operation configuration 142 NQA template configuration HTTP 161 HTTPS CWMP ACS HTTPS SSL client policy 214 hybrid...

Page 294: ...t path jitter operation 123 NQA client SNMP operation 117 NQA client statistics collection 128 163 305 NQA client TCP operation 117 NQA client template DNS 130 NQA client template FTP 134 NQA client template HTTP 133 NQA client template ICMP 129 NQA client template TCP 131 NQA client template UDP 132 NQA client template optional parameters 135 NQA client threshold monitoring 125 NQA client Track c...

Page 295: ...s 66 information center interface link up link down log generation 77 information center log default output rules 67 information center log output console 71 78 information center log output Linux log host 80 information center log output log buffer 73 information center log output log host 72 information center log output monitor terminal 71 information center log output UNIX log host 79 informat...

Page 296: ...ta retrieval Syslog module 239 NMM NETCONF data entry retrieval interface table 240 monitor terminal information center log output 71 monitoring configuring local mirroring to support multiple monitor ports 168 EAA configuration 194 EAA environment variable configuration user defined 197 EAA monitor policy configuration CLI 198 kernel thread PMM 191 NQA client threshold monitoring 125 NQA threshol...

Page 297: ... port mirroring group source port 167 Network Configuration Protocol Use NETCONF NQA client DHCP operation 112 NQA client DLSw operation 122 NQA client DNS operation 113 NQA client echo operation ICMP 111 NQA client echo operation UDP 118 NQA client FTP operation 114 NQA client history record save 128 NQA client HTTP operation 115 NQA client operation 111 NQA client operation UDP tracert 119 NQA c...

Page 298: ...uration 93 SNMPv2c configuration 93 Network Time Protocol Use NTP NMM captured packet saving 269 CWMP ACS attributes 209 CWMP ACS attributes default CLI 210 CWMP ACS attributes preferred 209 CWMP ACS autoconnect parameters 212 CWMP ACS HTTPS SSL client policy 214 CWMP basic functions 205 CWMP configuration 205 208 214 CWMP CPE ACS authentication parameters 211 CWMP CPE ACS connection interface 212...

Page 299: ...7 NETCONF capability exchange 230 NETCONF CLI operations 249 250 NETCONF CLI return 253 NETCONF configuration 225 228 NETCONF configuration data retrieval all modules 237 NETCONF configuration data retrieval Syslog module 239 NETCONF configuration load 242 NETCONF configuration lock unlock 233 234 NETCONF configuration rollback 242 NETCONF configuration save 242 NETCONF data entry retrieval interf...

Page 300: ...ic associations max 24 NTP enable 12 NTP local clock as reference source 25 NTP message receiving disable 24 NTP message source interface specification 23 NTP multicast association mode 14 NTP multicast association mode configuration 33 NTP multicast mode authentication configuration 21 NTP optional parameter configuration 23 NTP packet DSCP value setting 25 NTP protocols and standards 11 NTP secu...

Page 301: ...ver specification 43 system debugging 1 5 system information diagnostic log default output rules 67 system information hidden log default output rules 68 system information security log default output rules 67 system information trace log default output rules 68 system maintenance 1 tracert 3 4 tracert node failure identification 4 troubleshooting sFlow 189 troubleshooting sFlow remote collector c...

Page 302: ...ations max 24 broadcast mode with authentication 40 broadcast server configuration 14 client server association mode 9 client server association mode configuration 12 26 client server mode authentication configuration 15 client server mode dynamic associations max 24 client server mode authentication 38 configuration 7 11 26 configuration restrictions 11 display 26 enable 12 how it works 7 IPv6 cl...

Page 303: ... receiving disable 24 NTP message source interface 23 NTP optional parameter configuration 23 SNMP basics configuration 84 SNMPv1 basics configuration 84 SNMPv2c basics configuration 84 SNMPv3 basics configuration 86 path NQA client path jitter operation 123 NQA path jitter 108 NQA path jitter operation configuration 154 Pdelay_Req message 56 peer PTP Peer Delay 50 performing NMM NETCONF CLI opera...

Page 304: ...remote port mirroring configuration 176 local 165 local configuration 166 local group creation 167 local group monitor port 168 local group monitor port configuration restrictions 168 local group source port 167 local group source port configuration restrictions 167 local mirroring configuration 174 local mirroring configuration with multiple monitor ports 178 local mirroring supporting multiple m...

Page 305: ...h multiple monitor ports 178 configuring NMM IPv6 NTP multicast association mode 35 configuring NMM NETCONF 228 configuring NMM NTP broadcast association mode 31 configuring NMM NTP broadcast mode with authentication 40 configuring NMM NTP multicast association mode 33 configuring NMM PTP IEEE 1588 v2 61 configuring NMM PTP announcement interval 56 configuring NMM PTP BITS clock parameter 59 confi...

Page 306: ...g packet capture 269 270 configuring PMM kernel thread deadloop detection 191 configuring PMM kernel thread starvation detection 192 configuring port mirroring monitor port to remote probe VLAN assignment 172 configuring port mirroring remote destination group monitor port 171 configuring port mirroring remote destination group on the destination device 170 configuring port mirroring remote destin...

Page 307: ...CONF data regex match 247 filtering packet data to display 269 identifying node failure with tracert 4 4 loading NMM NETCONF configuration 242 243 locking NMM NETCONF configuration 233 234 maintaining information center 77 maintaining PMM 190 maintaining PMM kernel threads 192 maintaining PTP 60 managing information center security log 74 managing information center security log file 75 monitoring...

Page 308: ...on 82 SNMP versions 83 provision code ACS 211 PTP announce message send interval 55 announcement interval 56 basic concepts 47 BC delay measurement 55 BITS clock parameters 59 clock node 47 clock node configuration 51 clock node type 53 clock priority 60 clock source type 49 configuration 47 61 configuration IEEE 1588 v2 61 configuration IEEE 802 1AS 63 cumulative offset UTC TAI 58 delay correctio...

Page 309: ...ion 168 local port mirroring group source port configuration 167 NTP configuration 11 SNTP configuration 11 SNTP configuration restrictions 43 retrieving NMM NETCONF configuration data all modules 237 NMM NETCONF configuration data Syslog module 239 NMM NETCONF data entry interface table 240 NMM NETCONF session information 251 returning NMM NETCONF CLI return 253 RMON alarm configuration 102 106 a...

Page 310: ...ssage send interval 55 PTP Delay_Req message send interval 57 PTP Pdelay_Req message send interval 56 PTP Sync message send interval 56 server NQA 110 NTP broadcast server configuration 14 NTP multicast server configuration 14 SNTP configuration 43 43 45 SNTP NTP server specification 43 service NMM NETCONF configuration data retrieval all modules 237 NMM NETCONF configuration data retrieval Syslog...

Page 311: ...c parameter configuration 84 configuration 93 Notification operation 83 protocol version 83 SNMPv3 agent host notification 91 basic parameter configuration 86 configuration RBAC mode 96 configuration VACM mode 94 Notification operation 83 protocol version 83 SNTP authentication 44 configuration 43 43 45 configuration restrictions 11 43 display 45 enable 43 NTP server specification 43 SOAP NMM NETC...

Page 312: ... log host 80 information center log output log buffer 73 information center log output log host 72 information center log output monitor terminal 71 information center log output UNIX log host 79 information center log save log file 73 information center log types 66 information center security log file management 75 information center security log management 74 information center security log sav...

Page 313: ...25 163 305 NQA collaboration 109 NQA collaboration configuration 156 traffic RMON configuration 99 103 sFlow agent configuration 186 sFlow collector information configuration 186 sFlow configuration 185 185 187 sFlow counter sampling configuration 187 sFlow flow sampling configuration 186 transparency PTP clock node TC 47 trapping SNMP notification 90 triggering NQA operation threshold triggered a...

Page 314: ...efined environment variables 202 view SNMP access control view based 83 VLAN capture filter expression 267 flow mirroring configuration 180 180 182 flow mirroring QoS policy application 182 Layer 2 remote port mirroring configuration 170 local port mirroring configuration 166 local port mirroring group monitor port 168 local port mirroring group source port 167 port mirroring configuration 164 174...

Reviews:

No comments

Brands by name

Popular brands

Load more brands