manualshive.com logo in svg

H3C S3100V2-52TP, Руководство по настройке, Страница: 32 / 224

Поделиться
Скачать
H3C S3100V2-52TP Скачать руководство пользователя страница 32

 

20 

To do… 

Use the command… 

Remarks 

Enter system view 

system-view 

— 

Configure the NTP service 
access-control right for a peer 

device to access the local device  

ntp-service access

 {

 peer

 | 

query 

|

 

server 

|

 synchronization 

acl-number

 

Required 

peer

 by default 

 

 

NOTE: 

The access-control right mechanism provides only a minimum level of security protection for a system 
running NTP. A more secure method is identity authentication. 

 

Configuring NTP authentication 

NTP authentication should be enabled for a system running NTP in a network with a high security 
demand. It enhances the network security by means of client-server key authentication, which prohibits a 

client from synchronizing with a device that has failed authentication. 

Configuration prerequisites 

NTP authentication requires configuration on the client and on the server. 
The following principles apply: 

 

For all synchronization modes, when you enable the NTP authentication feature, configure an 
authentication key and specify it as a trusted key. In other words, the 

ntp-service authentication 

enable

 command must work together with the 

ntp-service authentication-keyid 

command and the 

ntp-service reliable authentication-keyid

 command. Otherwise, the NTP authentication function 

cannot be normally enabled. 

 

For client/server mode or symmetric mode, associate the specified authentication key on the client 
(symmetric-active peer if in the symmetric peer mode) with the corresponding NTP server 

(symmetric-passive peer if in the symmetric peer mode). Otherwise, the NTP authentication feature 

cannot be normally enabled. 

 

For broadcast server mode or multicast server mode, associate the specified authentication key on 
the broadcast server or multicast server with the corresponding NTP server. Otherwise, the NTP 

authentication feature cannot be normally enabled. 

 

For client/server mode, if the NTP authentication feature has not been enabled for the client, the 

client can synchronize with the server regardless of whether the NTP authentication feature has 
been enabled for the server. If the NTP authentication is enabled on a client, the client can be 

synchronized only to a server that can provide a trusted authentication key. 

 

For all synchronization modes, the server side configuration and the client side configuration must 
be consistently. 

Configuration procedure 

Configuring NTP authentication for a client 

Follow these steps to configure NTP authentication for a client:  

To do… 

Use the command… 

Remarks 

Enter system view 

system-view 

— 

Содержание S3100V2-52TP

Страница 1: ...H3C S3100V2 52TP Switch Network Management and Monitoring Configuration Guide Hangzhou H3C Technologies Co Ltd http www h3c com Software version Release 2101 Document version 6W100 20110905...

Страница 2: ...re Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the...

Страница 3: ...twork connectivity This preface includes Audience Conventions About the S3100V2 52TP documentation set Obtaining documentation Technical support Documentation feedback Audience This documentation is i...

Страница 4: ...ion Description WARNING An alert that calls attention to important information that if not understood or followed can result in personal injury CAUTION An alert that calls attention to important infor...

Страница 5: ...FP XFP transceiver modules Software configuration Configuration guides Describe software features and configuration procedures Command references Provide a quick reference to all available commands Op...

Страница 6: ...Technical support customer_service h3c com http www h3c com Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Страница 7: ...ring NTP broadcast mode 16 Configuring NTP multicast mode 17 Configuring optional parameters of NTP 18 Specifying the source interface for NTP messages 18 Disabling an interface from receiving NTP mes...

Страница 8: ...on center 51 Information center configuration examples 52 Outputting log information to a UNIX log host 52 Outputting log information to a Linux log host 54 Outputting log information to the console 5...

Страница 9: ...er 2 remote port mirroring 91 Layer 2 remote port mirroring configuration task list 91 Configuring a remote source group on the source device 92 Configuring a remote destination group on the destinati...

Страница 10: ...function 133 Configuring the history records saving function 133 Configuring optional parameters for an NQA test group 134 Configuring a schedule for an NQA test group 135 Displaying and maintaining N...

Страница 11: ...Configuring cluster management protocol packets 175 Cluster member management 176 Configuring the member switches 177 Enabling NDP 177 Enabling NTDP 177 Manually collecting topology information 177 E...

Страница 12: ...ACS switchover 195 CWMP configuration tasks 196 Configuring the DHCP server 196 Configuring the DNS server 197 Configuring the ACS server 197 Configuring CPEs 197 Enabling CWMP 197 Configuring the AC...

Страница 13: ...and replies received The distance between the source and destination based on the round trip time of ping packets Configuring ping Follow the step below to configure the ping function To do Use the co...

Страница 14: ...time 1 ms Reply from 1 1 2 2 bytes 56 Sequence 5 ttl 254 time 1 ms 1 1 2 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 1 41 205 ms Get the detail...

Страница 15: ...receiving the request the destination device copies the RR option in the request and adds the IP address 1 1 2 2 of its outbound interface to the RR option Then the destination device sends an ICMP ec...

Страница 16: ...3 2 6 When the source device receives the port unreachable ICMP error message it knows that the packet has reached the destination and that it has received the addresses of all the Layer 3 devices in...

Страница 17: ...Use one of the commands Available in any view System debugging Introduction to system debugging The device provides various debugging functions For the majority of protocols and features supported the...

Страница 18: ...o a terminal including console or VTY for display You can also output debugging information to other destinations For more information see Network Management and Monitoring Command Reference By defaul...

Страница 19: ...vice C Determine whether Device A and Device C can reach each other If they cannot reach each other locate the failed nodes in the network Figure 4 Network diagram Configuration procedure Use the ping...

Страница 20: ...has occurred on the connection between Device B and Device C In this case use the debugging ip icmp command to enable ICMP debugging on Device A and Device C to check whether the devices send or rece...

Страница 21: ...nformation and debugging information collected from different devices in network management time must be used as reference basis All devices must use the same reference clock in a charging system To i...

Страница 22: ...01 am 11 00 02 am NTP message NTP message NTP message received at 10 00 03 am 1 3 2 4 The process of system clock synchronization is as follows Device A sends Device B an NTP message which is timestam...

Страница 23: ...ts Root dispersion 32 bits Reference identifier 32 bits Receive timestamp 64 bits Transmit timestamp 64 bits Authenticator optional 96 bits Reference timestamp 64 bits Originate timestamp 64 bits 1 4...

Страница 24: ...Timestamp The local time at which the reply departed from the service host for the client Authenticator authentication information Operation modes of NTP Devices that run NTP can implement clock sync...

Страница 25: ...ic active 3 The device that receives the messages automatically enters symmetric passive mode and sends a reply with the Mode field in the message set to 2 symmetric passive This exchange of messages...

Страница 26: ...ient receives the first multicast message the client and the server start to exchange messages with the Mode field set to 3 client mode and 4 server mode to calculate the network delay between client...

Страница 27: ...the creation of associations in the following ways In client server mode when you execute a command to synchronize the time to a server the system creates a static association The server will not crea...

Страница 28: ...passive peer is specified by default NOTE In symmetric mode use the any NTP configuration command in Configuring the operation modes of NTP to enable NTP Otherwise a symmetric passive peer will not p...

Страница 29: ...only when its clock has been synchronized Configuring NTP multicast mode The multicast server periodically sends NTP multicast messages to multicast clients which send replies after they receive the...

Страница 30: ...sages ntp service source interface interface type interface number Required By default no source interface is specified for NTP messages and the system uses the IP address of the interface determined...

Страница 31: ...clock source information and so on synchronization Server access only This level of right permits a peer device to synchronize its clock to that of the local device but does not permit the peer devic...

Страница 32: ...rvice reliable authentication keyid command Otherwise the NTP authentication function cannot be normally enabled For client server mode or symmetric mode associate the specified authentication key on...

Страница 33: ...rusted Otherwise the client cannot be synchronized to the server Configuring NTP authentication for a server Follow these steps to configure NTP authentication for a server To do Use the command Remar...

Страница 34: ...following configurations to synchronize the time between Device B and Device A As shown in Figure 1 1 the local clock of Device A is to be used as a reference source with the stratum level of 2 Devic...

Страница 35: ...ew the NTP session information of Device B which shows that an association has been set up between Device B and Device A DeviceB display ntp service sessions source reference stra reach poll now offse...

Страница 36: ...5 15 ms Peer dispersion 34 29 ms Reference time 15 22 47 083 UTC Sep 19 2005 C6D95647 153F7CED The output shows that Device B has been synchronized to Device A and the clock stratum level of Device B...

Страница 37: ...urce master 2 source peer 3 selected 4 candidate 5 configured Total associations 1 Configuring NTP broadcast mode Network requirements As shown in Figure 13 Device C functions as the NTP server for mu...

Страница 38: ...Device C Take Device A as an example View the NTP status of Device A after clock synchronization DeviceA Vlan interface2 display ntp service status Clock status synchronized Clock stratum 3 Reference...

Страница 39: ...edure 1 Set the IP address for each interface as shown in Figure 14 Details not shown 2 Configure Device C Configure Device C to work in multicast server mode and send multicast messages through VLAN...

Страница 40: ...multicast functions on Device B before Device A can receive multicast messages from Device C Enable IP multicast routing and IGMP DeviceB system view DeviceB multicast routing enable DeviceB interface...

Страница 41: ...rver mode with authentication Network requirements As shown in Figure 15 perform the following configurations to synchronize the time between Device B and Device A and ensure network security as follo...

Страница 42: ...e B has been synchronized to Device A and the clock stratum level of Device B is 3 while that of Device A is 2 View the NTP session information of Device B which shows that an association has been set...

Страница 43: ...authentication keyid 88 authentication mode md5 123456 DeviceB ntp service reliable authentication keyid 88 Configure Device B to work in broadcast client mode and receive NTP broadcast messages on V...

Страница 44: ...y 100 0000 Hz Clock precision 2 18 Clock offset 0 0000 ms Root delay 0 00 ms Root dispersion 0 00 ms Peer dispersion 0 00 ms Reference time 00 00 00 000 UTC Jan 1 1900 00000000 00000000 Enable NTP aut...

Страница 45: ...3 0 1 31 127 127 1 0 3 254 64 62 16 0 32 0 16 6 note 1 source master 2 source peer 3 selected 4 candidate 5 configured Total associations 1 After you configure NTP authentication on Device C there is...

Страница 46: ...defined output rules Outputs information to different destinations based on the information channel to destination associations Information center assigns log trap and debugging information to 10 inf...

Страница 47: ...h severity level being informational the information with severity level being emergency through informational will be output Table 1 Severity description Severity Severity value Description Correspon...

Страница 48: ...ut according to source modules You can use the info center source command to view the supported information source modules Default output rules of system information The default output rules define th...

Страница 49: ...s not the log host such as console monitor terminal logbuffer trapbuffer SNMP or log file the system information is in the following format timestamp sysname module level digest content For example a...

Страница 50: ...ormation sent to the log host has a precision of seconds and that to all the other destinations has a precision of milliseconds The time stamp format of the system information sent to the log host is...

Страница 51: ...e vendor ID This field indicates that the information is generated by an H3C device It is displayed only when the system information is sent to a log host in the format of H3C vv This field is a versi...

Страница 52: ...on Configuring information center Information center configuration task list Complete the following tasks to configure information center Task Remarks Outputting system information to the console Opti...

Страница 53: ...ation is date by default Enabling the display of system information on the console After setting to output system information to the console you need to enable the associated display function to displ...

Страница 54: ...abling the display of system information on a monitor terminal After setting to output system information to a monitor terminal you need to enable the associated display function in order to display t...

Страница 55: ...om Optional H3C by default Specify a log host and configure the related output parameters info center loghost host ipv4 address ipv6 host ipv6 address port port number channel channel number channel n...

Страница 56: ...trap information even if you have configured to output it to the log buffer To do Use the command Remarks Enter system view system view Enable information center info center enable Optional Enabled b...

Страница 57: ...me Optional By default system information is output to the SNMP module through channel 5 known as snmpagent Configure the output rules of the system information info center source module name default...

Страница 58: ...rface after logging in through the web interface you can view log information of specific types only and other types of information will be filtered out Saving system information to a log file This fe...

Страница 59: ...nto the security log file in a specific directory without affecting the current output rules of the system information It means that the system picks up all security logs from the system information c...

Страница 60: ...ters such as the saving frequency the maximum size and the alarm threshold of the security log file usage have their default settings To modify these parameters you need to log in to the device as the...

Страница 61: ...figured by the info center security logfile frequency command into a directory configured by the info center security logfile switch directory command Available in user view Display the contents of th...

Страница 62: ...ile localfile Uploading the security log file to the SFTP server All other operations supported by the device acting as an SFTP client See Security Configuration Guide Optional The sftp commands are a...

Страница 63: ...u can use this function to disable other ports from generating link up down logging information A port is unstable and continuously outputs logging information In this case you can disable the port fr...

Страница 64: ...trap information recorded display trapbuffer reverse size buffersize begin exclude include regular expression Available in any view Reset the log buffer reset logbuffer Available in user view Reset t...

Страница 65: ...reate file info log under the Device directory to save logs of Device mkdir var log Device touch var log Device info log Step 3 Edit file etc syslog conf and add the following contents Device configur...

Страница 66: ...me info center source default channel loghost debug state off log state off trap state off CAUTION Because the default system configurations for different channels are different you need to first disa...

Страница 67: ...ue the following commands to display the process ID of syslogd kill the syslogd process and restart syslogd using the r option to make the modified configuration take effect ps ae grep syslogd 147 kil...

Страница 68: ...a terminal optional this function is enabled by default Sysname terminal monitor Info Current terminal monitor is on Sysname terminal logging Info Current terminal logging is on After the above confi...

Страница 69: ...he frequency with which the system automatically saves the security log file to one hour Sysname system view Sysname info center security logfile enable Sysname info center security logfile frequency...

Страница 70: ...security logfile buffer 175 Nov 2 17 02 53 766 2011 Sysname SHELL 4 LOGOUT Trap 1 3 6 1 4 1 25506 2 2 1 1 3 0 2 hh3cLogOut logout from Console 176 Nov 2 17 02 53 766 2011 Sysname SHELL 5 SHELL_LOGOUT...

Страница 71: ...rks on a managed device to receive and handle requests from the NMS and send traps to the NMS when some events such as interface state change occur Management Information Base MIB Specifies the variab...

Страница 72: ...a user based security model USM to secure SNMP communication You can configure authentication and privacy mechanisms to authenticate and encrypt SNMP packets for integrity authenticity and confidenti...

Страница 73: ...wDefault is predefined and its OID is 1 Configure an SNMPv3 group snmp agent group v3 group name authentication privacy read view read view write view write view notify view notify view acl acl number...

Страница 74: ...efault the contact is Hangzhou H3C Tech Co Ltd the physical location is Hangzhou China and the protocol version is SNMPv3 Configure the local engine ID snmp agent local engineid engineid Optional The...

Страница 75: ...M specific ifindex value starts from 1 and increments by 1 2 32 bit NM specific ifindex A 32 bit NM specific ifindex value comprises an Offset Interface Type Slot ID and Chassis ID as shown in Figure...

Страница 76: ...the format back To use these settings in the new format you must re configure them For example if a RMON alarm group or private alarm group has alarm variables in the format of OID variable name NM sp...

Страница 77: ...Information center configuration Enabling SNMP traps Enable SNMP traps only when necessary SNMP traps are memory intensive and may affect device performance Follow these steps to enable traps To do U...

Страница 78: ...ring v1 v2c v3 authentication privacy Required If the trap destination is a host the ip address argument must be the IP address of the host Configure the source address for traps snmp agent trap sourc...

Страница 79: ...e regular expression Available in any view Display the modules that can send traps and their trap status enable or disable display snmp agent trap list begin exclude include regular expression Availab...

Страница 80: ...nd use public as the community name To make sure that the NMS can receive traps specify the same SNMP version in the snmp agent target host command as on the NMS Agent snmp agent trap enable Agent snm...

Страница 81: ...ssign the NMS SNMPv3 group managev3group read and write access to the objects under the snmp node OID 1 3 6 1 2 1 1 1 and deny its access to any other MIB object Agent system view Agent undo snmp agen...

Страница 82: ...1 161 Protocol version SNMPv3 Operation Get Request binding 1 1 3 6 1 2 1 11 29 0 Response binding 1 Oid snmpOutTraps 0 Syntax CNTR32 Value 18 Get finished Try to get the device name from the agent b...

Страница 83: ...ent terminal logging Enable the information center to output the system events of the informational or higher severity to the console port Agent system view Agent info center source snmp channel conso...

Страница 84: ...status with noError meaning no error value Value set by the SET operation this field is null for a GET operation If the value is a character string that has characters beyond the ASCII range 0 to 127...

Страница 85: ...ID 25506 These two styles of MIBs implement the same management function Your device comes with a MIB loaded but the MIB style depends on the switch model You can change the MIB style as needed but mu...

Страница 86: ...N probes directly and control network resources In this approach NMSs can obtain all RMON MIB information RMON agents embedded in network devices NMSs exchange data with RMON agents by using basic SNM...

Страница 87: ...o on in the event log table of the RMON MIB of the device The management device can check the logs through the SNMP Get operation Trap Sending a trap to notify the occurrence of this event to the netw...

Страница 88: ...he first crossing triggers a rising alarm event If the count result of the private alarm group overpasses the same threshold multiple times only the first one can cause an alarm event In other words t...

Страница 89: ...Otherwise the operation fails You can configure multiple history entries on one interface but the values of the entry number arguments must be different and the values of the sampling interval argume...

Страница 90: ...ill be compared with the existing history entries only on the same interface See Table 8 for the parameters to be compared for different entries The system limits the total number of each type of entr...

Страница 91: ...view Ethernet statistics group configuration example Network requirements As shown in Figure 29 Agent is connected to a configuration terminal through its console port and to Server through Ethernet c...

Страница 92: ...can view whether traffic bursts have happened on the interface in a short time Figure 30 Network diagram Configuration procedure Configure RMON to periodically gather statistics for interface Ethernet...

Страница 93: ...pevents 0 octets 898 packets 9 broadcast packets 2 multicast packets 6 CRC alignment errors 0 undersize packets 0 oversize packets 0 fragments 0 jabbers 0 collisions 0 utilization 0 Sampled values of...

Страница 94: ...is example sets the SNMP version to SNMPv1 read community to public write community to private and the trap destination to 1 1 1 2 the IP address of the NMS Sysname system view Sysname snmp agent Sysn...

Страница 95: ...lingAlarm Latest value 0 Display statistics for interface Ethernet 1 0 1 Sysname display rmon statistics ethernet 1 0 1 EtherStatsEntry 1 owned by user1 rmon is VALID Interface Ethernet1 0 1 ifIndex 3...

Страница 96: ...2 and Port 3 on the same device If a packet travels from Port 2 to Port 3 two duplicates of the packet will be received on Port 1 Mirroring direction The mirroring direction indicates that the inboun...

Страница 97: ...thernet 1 0 1 are copied to Ethernet 1 0 2 which then forwards the packets to the data monitoring device for analysis Remote port mirroring In remote port mirroring the mirroring source and the mirror...

Страница 98: ...e VLAN IDs of these mirrored packets match the remote probe VLAN ID the device forwards them to the data monitoring device through the monitor port Ethernet 1 0 2 NOTE Allow remote probe VLAN to pass...

Страница 99: ...he monitor port Ethernet 1 0 2 in the local mirroring group created on the destination device 7 Forwards the packets to the data monitoring device through Ethernet 1 0 2 NOTE For more information abou...

Страница 100: ...rt to the group as a source port so you must repeat the step for each additional port Configuring source ports in system view Follow these steps to configure source ports for a local mirroring group i...

Страница 101: ...in system view or assign the current port to a mirroring group as the monitor port in interface view The two methods lead to the same result Configuring the monitor port in system view Follow these st...

Страница 102: ...probe VLAN you can monitor the traffic of the local device on multiple data monitoring devices Configure this feature in the following steps 1 Configure a remote source mirroring group on the local de...

Страница 103: ...r port A mirroring group can contain multiple source ports To make sure that the port mirroring function works properly do not assign a source port to the remote probe VLAN If you have already configu...

Страница 104: ...ports for the remote source group Configuring source CPUs for the remote source group Perform at least one configuration Configuring the egress port for the remote source group Required Configuring a...

Страница 105: ...r Configure the current port as a source port mirroring group group id mirroring port both inbound outbound Required By default a port does not serve as a source port for any remote source group NOTE...

Страница 106: ...itor egress Required By default a port does not serve as the egress port for any remote source group NOTE A mirroring group contains only one egress port A source port of an existing mirroring group c...

Страница 107: ...Enter system view system view Create a remote destination group mirroring group group id remote destination Required By default no remote destination group exists on a device Configuring the monitor...

Страница 108: ...remote probe VLAN mirroring group group id remote probe vlan rprobe vlan id Required By default no remote probe VLAN is configured for a remote destination group NOTE A VLAN can serve for only one mi...

Страница 109: ...ort and configure the port that connects the data monitoring device as the monitor port Complete these tasks to configure Layer 3 remote port mirroring Task Remarks Configuring local mirroring groups...

Страница 110: ...t in interface view Follow these steps to configure a source port for a local mirroring group in interface view To do Use the command Remarks Enter system view system view Enter interface view interfa...

Страница 111: ...nfigure the monitor port for a local mirroring group in interface view To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Config...

Страница 112: ...rk diagram Configuration procedure 1 Create a local mirroring group Create local mirroring group 1 DeviceA system view DeviceA mirroring group 1 local Configure Ethernet 1 0 1 and Ethernet 1 0 2 as so...

Страница 113: ...three data monitoring devices Server A Server B and Server C to monitor both the incoming and outgoing traffic of the three departments Figure 36 Network diagram Dept A Dept B Dept C DeviceA Eth1 0 1...

Страница 114: ...k port Ethernet 1 0 1 Device A supports egress port configuration Configure Layer 2 remote port mirroring to enable the server to monitor the bidirectional traffic of the marketing department Figure 3...

Страница 115: ...port trunk permit vlan 2 DeviceB Ethernet1 0 1 quit Configure Ethernet 1 0 2 as a trunk port that permits the packets of VLAN 2 to pass through DeviceB Ethernet1 0 1 quit DeviceB interface Ethernet 1...

Страница 116: ...connects to Ethernet 1 0 2 of Device B through Ethernet 1 0 1 Configure Layer 3 remote port mirroring to enable the server to monitor the bidirectional traffic of the marketing department through a GR...

Страница 117: ...h DeviceA mirroring group 1 monitor port tunnel 0 3 Configure Device B the intermediate device Configure two static routes DeviceB system view DeviceB ip route static 10 1 1 0 255 255 255 0 20 1 1 1 D...

Страница 118: ...a source port and Ethernet 1 0 2 as the monitor port of local mirroring group 1 DeviceC mirroring group 1 mirroring port Ethernet 1 0 1 inbound DeviceC mirroring group 1 monitor port Ethernet 1 0 2 Di...

Страница 119: ...matching packets to a destination interface Mirroring traffic to a CPU copies the matching packets to a CPU NOTE For more information about QoS policies traffic classes and traffic behaviors see ACL a...

Страница 120: ...ehavior behavior name Required By default no traffic behavior exists Specify the destination interface for traffic mirroring mirror to interface interface type interface number Required By default tra...

Страница 121: ...policy can be applied to multiple interfaces but in one direction inbound or outbound of an interface only one policy can be applied Follow these steps to apply a QoS policy to a port To do Use the co...

Страница 122: ...to the control plane to mirror the traffic in the inbound direction of the control plane Follow these steps to apply a QoS policy to the control plane To do Use the command Remarks Enter system view s...

Страница 123: ...configuration information display traffic behavior user defined behavior name begin exclude include regular expression Available in any view Display user defined QoS policy configuration information...

Страница 124: ..._b and configure the action of mirroring traffic to port Ethernet 1 0 3 DeviceA traffic behavior tech_b DeviceA behavior tech_b mirror to interface Ethernet 1 0 3 DeviceA behavior tech_b quit Create Q...

Страница 125: ...ort Ethernet 1 0 3 DeviceA traffic behavior mkt_b DeviceA behavior mkt_b mirror to interface Ethernet 1 0 3 DeviceA behavior mkt_b quit Create QoS policy mkt_p and associate traffic class mkt_c with t...

Страница 126: ...ferent test types to detect the protocol availability and response time of the peer Test results help you understand network performance Supporting the collaboration function Collaboration is implemen...

Страница 127: ...test types Monitored elements Test type supported Probe duration Tests excluding UDP jitter test and voice test Count of probe failures Tests excluding UDP jitter test and voice test Packet round tri...

Страница 128: ...r threshold otherwise the state of the entry is set to below threshold If the action to be triggered is configured as trap only for a reaction entry when the state of the entry changes a trap message...

Страница 129: ...ver are the same as those configured for the test group on the NQA client Each listening service must be unique on the NQA server NQA probe operation procedure An NQA probe operation involves the foll...

Страница 130: ...schedule for an NQA test group Required Configuring the NQA server To perform TCP UDP echo UDP jitter or voice tests configure the NQA server on the peer device The NQA server responds to the probe pa...

Страница 131: ...ability of a destination host An ICMP echo test has the same function as the ping command but provides more output information In addition you can specify the next hop for ICMP echo tests ICMP echo te...

Страница 132: ...ss of ICMP echo requests next hop ip address Optional By default no next hop IP address is configured Configure optional parameters See Configuring optional parameters for an NQA test group Optional N...

Страница 133: ...NS tests of an NQA test group are used to test whether the NQA client can translate a domain name into an IP address through a DNS server and test the time required for resolution Configuration prereq...

Страница 134: ...type view type ftp Required Specify the IP address of the FTP server as the destination address of FTP request packets destination ip ip address Required By default no destination IP address is confi...

Страница 135: ...connectivity and performance of the HTTP server Configuration prerequisites Before you start HTTP tests configure the HTTP server Configuring HTTP tests Follow these steps to configure HTTP tests To...

Страница 136: ...s packets to the destination port at regular intervals 2 The destination affixes a time stamp to each packet that it receives and then sends the packet back to the source 3 Upon receiving the response...

Страница 137: ...09 Configure the number of probe packets to be sent during each UDP jitter probe operation probe packet number packet number Optional 10 by default Configure the interval for sending probe packets dur...

Страница 138: ...onal By default no source port number is specified Configure the source IP address of SNMP packets source ip ip address Optional By default no source IP address is specified The source IP address must...

Страница 139: ...s specified The source IP address must be the IP address of a local interface The local interface must be up otherwise no probe packets can be sent out Configure optional parameters See Configuring op...

Страница 140: ...source IP address is specified The source IP address must be that of an interface on the device and the interface must be up otherwise no probe packets can be sent out Configure optional parameters Se...

Страница 141: ...ests To do Use the command Remarks Enter system view system view Enter NQA test group view nqa entry admin name operation tag Configure the test type as voice and enter test type view type voice Requi...

Страница 142: ...packet interval packet interval Optional 20 milliseconds by default Configure the interval the NQA client must wait for a response from the server before it regards the response times out probe packet...

Страница 143: ...Enter NQA test group view nqa entry admin name operation tag Enter test type view of the test group type dhcp dlsw dns ftp http icmp echo snmp tcp udp echo The collaboration function is not supported...

Страница 144: ...ests reaction item number checked element rtt threshold type accumulate accumulate occurrences average threshold value upper threshold lower threshold action type none trap only Configure a reaction e...

Страница 145: ...of statistics groups for a test group use the statistics hold time command Follow these steps to configure the NQA statistics collection function To do Use the command Remarks Enter system view syste...

Страница 146: ...of the history records in an NQA test group history record keep time keep time Optional By default the history records in the NQA test group are kept for 120 minutes Configure the maximum number of h...

Страница 147: ...nfigure the ToS field in an IP packet header in an NQA probe packet tos value Optional 0 by default Not available for DHCP tests Enable the routing table bypass function route option bypass route Opti...

Страница 148: ...o Use the command Remarks Display history records of NQA test groups display nqa history admin name operation tag begin exclude include regular expression Display the current monitoring results of rea...

Страница 149: ...equests The ICMP echo requests are sent to Device C to Device B the destination DeviceA nqa admin test icmp echo next hop 10 1 1 2 Configure the device to perform 10 probe operations per test perform...

Страница 150: ...0 Failures due to other errors 0 Packet s arrived late 0 Display the history of ICMP echo tests DeviceA display nqa history admin test NQA entry admin admin tag test history record s Index Response St...

Страница 151: ...ults Send operation times 1 Receive response times 1 Min Max Average round trip time 624 624 624 Square Sum of round trip time 389376 Last succeeded probe time 2011 01 22 09 56 03 2 Extended results P...

Страница 152: ...d enable DeviceA nqa admin test dns quit Start DNS tests DeviceA nqa schedule admin test start time now lifetime forever Stop the DNS tests after a period of time DeviceA undo nqa schedule admin test...

Страница 153: ...dress of the FTP server 10 2 2 2 as the destination IP address for FTP tests DeviceA nqa admin test ftp destination ip 10 2 2 2 Specify 10 1 1 1 as the source IP address for probe packets DeviceA nqa...

Страница 154: ...Status Time 1 173 Succeeded 2011 01 22 10 07 28 6 HTTP test configuration example Network requirements As shown in Figure 46 configure NQA HTTP tests to test the connection with a specific HTTP server...

Страница 155: ...t test results Destination IP address 10 2 2 2 Send operation times 1 Receive response times 1 Min Max Average round trip time 64 64 64 Square Sum of round trip time 4096 Last succeeded probe time 201...

Страница 156: ...ation ip 10 2 2 2 DeviceA nqa admin test udp jitter destination port 9000 Configure the device to perform UDP jitter tests at an interval of 1000 milliseconds DeviceA nqa admin test udp jitter frequen...

Страница 157: ...ults Max SD delay 15 Max DS delay 16 Min SD delay 7 Min DS delay 7 Number of SD delay 10 Number of DS delay 10 Sum of SD delay 78 Sum of DS delay 85 Square sum of SD delay 666 Square sum of DS delay 7...

Страница 158: ...45987 Square sum of DS delay 49393 SD lost packet s 0 DS lost packet s 0 Lost packet s for unknown reason 0 NOTE The display nqa history command does not show the results of UDP jitter tests To know t...

Страница 159: ...test DeviceA display nqa result admin test NQA entry admin admin tag test test results Destination IP address 10 2 2 2 Send operation times 1 Receive response times 1 Min Max Average round trip time...

Страница 160: ...viceA nqa admin test tcp destination ip 10 2 2 2 DeviceA nqa admin test tcp destination port 9000 Enable the saving of history records DeviceA nqa admin test tcp history record enable DeviceA nqa admi...

Страница 161: ...ocedure NOTE Before you make the configuration make sure the devices can reach each other 1 Configure Device B Enable the NQA server and configure a listening service to listen to IP address 10 2 2 2...

Страница 162: ...s due to timeout 0 Failures due to disconnect 0 Failures due to no connection 0 Failures due to sequence error 0 Failures due to internal error 0 Failures due to other errors 0 Packet s arrived late 0...

Страница 163: ...the result of the last voice test DeviceA display nqa result admin test NQA entry admin admin tag test test results Destination IP address 10 2 2 2 Send operation times 1000 Receive response times 100...

Страница 164: ...eration times 4000 Receive response times 4000 Min Max Average round trip time 15 1328 32 Square Sum of round trip time 7160528 Extended results Packet loss in test 0 Failures due to timeout 0 Failure...

Страница 165: ...tests DLSw test configuration example Network requirements As shown in Figure 52 configure NQA DLSw tests to test the response time of the DLSw device Figure 52 Network diagram Configuration procedure...

Страница 166: ...ecord s Index Response Status Time 1 19 Succeeded 2011 01 22 10 40 27 7 NQA collaboration configuration example Network requirements As shown in Figure 53 configure a static route to Device C on Devic...

Страница 167: ...test start time now lifetime forever 4 On Device A create the track entry Create track entry 1 and associate it with reaction entry 1 of the NQA test group admin test DeviceA track 1 nqa entry admin t...

Страница 168: ...ormation about active routes in the routing table on Device A DeviceA display ip routing table Routing Tables Public Destinations 4 Routes 4 Destination Mask Proto Pre Cost NextHop Interface 10 2 1 0...

Страница 169: ...analyzes the sFlow packets and displays the results sFlow has the following two sampling mechanisms Flow sampling Packet based sampling used to obtain packet content information Counter sampling Time...

Страница 170: ...em view Specify the IP address for the sFlow agent sflow agent ip ip address ipv6 ipv6 address Optional Not specified by default The device periodically checks the existence of the sFlow agent address...

Страница 171: ...s not support the flow sampling mode determine Configuring counter sampling Follow these steps to configure counter sampling To do Use the command Remarks Enter system view system view Enter Layer 2 i...

Страница 172: ...ecify sFlow collector ID 2 IP address 3 3 3 2 the default port number and description of netserver for the sFlow collector Device sflow collector 2 ip 3 3 3 2 description netserver 2 Configure counter...

Страница 173: ...t receive sFlow packets Analysis The sFlow collector has no IP address specified No interface is enabled with sFlow to sample data The IP address of the sFlow collector specified on the sFlow agent is...

Страница 174: ...wo nodes All IPC nodes are fully connected IPC links are created when the system is initialized When a node starts up it sends handshake packets to other nodes It the handshake succeeds a connection i...

Страница 175: ...ion of a multicast group and multicast group members depend on the application module Mixcast namely both unicast and multicast are supported Enabling IPC performance statistics When IPC performance s...

Страница 176: ...multicast group node node id self node begin exclude include regular expression Display packet information of a node display ipc packet node node id self node begin exclude include regular expression...

Страница 177: ...tations Roles in a cluster The switches in a cluster play different roles according to their different functions and status You can specify the following three roles for the switches Management switch...

Страница 178: ...ter it is removed from the cluster How a cluster works Cluster management is implemented through HW Group Management Protocol version 2 HGMPv2 which consists of the following three protocols Neighbor...

Страница 179: ...le maintained by NDP NTDP on the management switch advertises NTDP topology collection requests to collect the NDP information of all the switches in a specific network range as well as the connection...

Страница 180: ...t a t e i s r e c o v e r e d Active Disconnect Connect After a cluster is created and a candidate switch is added to the cluster and becomes a member switch the management switch saves the state info...

Страница 181: ...port cannot be added to the cluster Therefore if the ports including the cascade ports connecting the management switch and the member candidate switches prohibit the packets from the management VLAN...

Страница 182: ...itch and member switches after a cluster is created will not cause the cluster to be dismissed but will influence the normal operation of the cluster In a cluster if a member switch enabled with the 8...

Страница 183: ...ts to its neighbors If no NDP information from the neighbor is received to reset the holdtime the holdtime times out and the switch removes the corresponding entry from the NDP table Follow these step...

Страница 184: ...ch does not forward it immediately Instead it waits for a period of time and then forwards the NTDP topology collection request on its first NTDP enabled port Except for its first port each switch s N...

Страница 185: ...to the cluster The IP addresses of the VLAN interfaces of the management switch and member switches cannot be in the same network segment as that of the cluster address pool or the cluster cannot work...

Страница 186: ...tiation function the cascade ports and the ports directly connected to the management switch can be automatically added to the management VLAN NOTE When the management VLAN auto negotiation is enabled...

Страница 187: ...in a cluster To do Use the command Remarks Enter system view system view Enter cluster view cluster Configure the interval to send handshake packets timer interval Optional 10 seconds by default Confi...

Страница 188: ...he system automatically sets it to 1 minute If the interval for sending MAC address negotiation broadcast packets is not 0 the interval remains unchanged Cluster member management You can manually add...

Страница 189: ...witch from a cluster To do Use the command Remarks Enter system view system view Enter cluster view cluster Delete a member switch from the cluster undo administrator address Required Configuring acce...

Страница 190: ...of an authentication failure If the member specified in this command does not exist the system prompts error when you execute the command if the switching succeeds your user level on the management s...

Страница 191: ...nd blacklist will be automatically restored from the Flash When a cluster is re established you can choose whether to restore the whitelist and blacklist from the Flash automatically or you can manual...

Страница 192: ...ired By default no TFTP server is configured for a cluster Configure the log host shared by the member switches in the cluster logging host ip address Required By default no log host is configured for...

Страница 193: ...figurations are retained when a cluster is dismissed or the member switches are removed from the whitelist For more information about SNMP see the chapter SNMP configuration Configuring web user accou...

Страница 194: ...n Display the current blacklist of the cluster display cluster black list begin exclude include regular expression Display the information of candidate switches display cluster candidates mac address...

Страница 195: ...chA ntdp enable SwitchA interface ethernet 1 0 1 SwitchA Ethernet1 0 1 ntdp enable SwitchA Ethernet1 0 1 quit Enable the cluster function SwitchA cluster enable 2 Configure the member switch Switch C...

Страница 196: ...port delay 15 Configure the interval to collect topology information as 3 minutes SwitchB ntdp timer 3 Configure the management VLAN of the cluster as VLAN 10 SwitchB vlan 10 SwitchB vlan10 quit Swit...

Страница 197: ...tp server 63 172 55 1 abc_0 SwitchB cluster logging host 69 172 55 4 abc_0 SwitchB cluster snmp host 69 172 55 4 Add the switch whose MAC address is 000f e201 0013 to the blacklist abc_0 SwitchB clust...

Страница 198: ...reduce customer investments and simplify network management Introduction to stack A stack is a management domain that comprises several network devices connected to one another through stack ports In...

Страница 199: ...ce of a stack Creating a stack Required Configuring stack ports of a slave device Required Logging in to the CLI of a slave from the master Optional Configuring the master device of a stack Configurin...

Страница 200: ...view Create a stack stack role master Required NOTE After you configure a device as the master device of a stack the prompt changes to stack_0 Sysname where Sysname is the system name of the device Co...

Страница 201: ...he user level being unchanged To return to the master device use the quit command Displaying and maintaining stack configuration To do Use the command Remarks Display the stack information of stack me...

Страница 202: ...thernet 1 0 1 as a stack port SwitchC system view SwitchC stack stack port 1 port ethernet 1 0 1 On Switch D configure local port Ethernet 1 0 1 as a stack port SwitchD system view SwitchD stack stack...

Страница 203: ...s in the data center network The switch support the CWMP protocol When starting up for the first time to access the network an H3C switch functions as a CPE and automatically downloads the configurati...

Страница 204: ...f the same type obtain the same service configurations The ACS divides CPEs by their switch models or serial IDs A configuration file delivered by the ACS can be either the startup configuration or th...

Страница 205: ...nectionRequestURL CPE username ConnectionRequestUsername CPE password ConnectionRequestPassword CWMP mechanism Auto connection between the ACS and a CPE When a CPE starts up for the first time it auto...

Страница 206: ...riodicInformEnable Enables the sending of Inform messages PeriodicInformInterval Configures the CPE to send an Inform message periodically The parameter is used for querying updates and information ba...

Страница 207: ...son for sending this message in the Eventcode field In this example the reason is 6 CONNECTION REQUEST indicating that the ACS requires the CPE to establish a connection 4 If the CPE passes the authen...

Страница 208: ...length of the URL username password arguments No space is allowed between the 01 keyword and the length value URL is the ACS address username is the ACS username password is the ACS password When con...

Страница 209: ...enabled network so the following describes only the configuration on CPEs You can perform some configurations on CPEs at the CLI or remotely obtain the configurations from the ACS or DHCP server The...

Страница 210: ...lished otherwise the authentication fails and the connection is not allowed to be established Configuring the ACS URL Follow these steps to configure the ACS URL To do Use the command Remarks Enter sy...

Страница 211: ...n the switch CPE receives the request it compares the CPE URL username and password with those configured locally If they are the same the ACS passes the authentication of the CPE and the connection e...

Страница 212: ...pe connect interface interface type interface number Required By default the interface that connects the CPE to the ACS is VLAN interface 1 Sending Inform messages Inform messages need to be sent duri...

Страница 213: ...s that a CPE can make to retry a connection cwmp cpe connect retry times Optional Infinity by default that is a CPE sends connection request s to the ACS at a specified interval all along Configuring...

Страница 214: ...e server Along with software updates the BIMS functions and web interface may change If your web interface is different from that in this example see the user manual came with your server Network requ...

Страница 215: ...atabase 9090 acs Configuration procedure 1 Configure the ACS server ACS server configuration includes the following tasks Setting the username and password for accessing the ACS server Adding informat...

Страница 216: ...A class of the DB_1 group Click the Resource tab and select Group Management Device Group from the navigation tree to enter the device group page Click Add to enter the page for adding a device group...

Страница 217: ...69 Add device class page After setting the class name click OK Select Add Device from the navigation tree to enter the page for adding a device Figure 70 Add device page Input the device information a...

Страница 218: ...different configuration files to different CPE groups to realize auto deployment Select Deployment Guide from the navigation tree On the deployment guide page select By Device Type in the Auto Deploy...

Страница 219: ...207 Figure 73 Auto deploy configuration page Click Select Class and enter the page for selecting device type...

Страница 220: ...ure 75 Deploying task succeeded Configuration of the switches in room B is the same as that of the switches in room A except that you need to perform the following configuration Create device class De...

Страница 221: ...0 60 Configure Option 43 to contain the ACS address username and password Covert the ACS address username and password to ASCII code The ASCII code of the URL address is 68 74 74 70 3A 2F 2F 61 63 73...

Страница 222: ...ou can now query alarm events on the NMS On the monitored device alarm event messages are displayed when events occur The following is a sample output Sysname Aug 27 16 31 34 12 2011 Sysname RMON 2 AL...

Страница 223: ...onfiguring the history records saving function 133 Configuring the management switch 170 Configuring the master device of a stack 187 Configuring the member switches 177 Configuring the NQA server 1 1...

Страница 224: ...verview 73 P Ping 1 Ping and tracert configuration example 7 Port mirroring configuration examples 100 R RMON overview 74 S Setting the MIB style 73 sFlow configuration example 159 sFlow overview 157...

Отзывы:

Нет отзывов