HP 5920, Configuration Manual

Page 1: ...HP 5920 5900 Switch Series Network Management and Monitoring Configuration Guide Part number 5998 5309a Software version Release 23xx Document version 6W101 20150320 ...

Page 2: ...MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material The only warranties for HP products and services are set forth in the express warranty statements accompan...

Page 3: ...iguring NTP authentication 18 Configuring NTP authentication in client server mode 18 Configuring NTP authentication in symmetric active passive mode 20 Configuring NTP authentication in broadcast mode 23 Configuring NTP authentication in multicast mode 24 Configuring NTP optional parameters 27 Specifying the source interface for NTP messages 27 Disabling an interface from processing NTP messages ...

Page 4: ...r a TC OC 65 Configuring the interval for sending announce messages 65 Specifying the number of announcement intervals before the receiving node stops receiving announce messages 66 Configuring the interval for sending Pdelay_Req messages 66 Configuring the interval for sending Sync messages 66 Configuring the minimum interval for sending Delay_Req messages 67 Configuring the MAC address for non p...

Page 5: ...ample for outputting logs to a Linux log host 92 Configuring SNMP 94 Overview 94 FIPS compliance 94 SNMP framework 94 MIB and view based MIB access control 94 SNMP operations 95 Protocol versions 95 Configuring SNMP basic parameters 95 Configuring SNMPv1 or SNMPv2c basic parameters 96 Configuring SNMPv3 basic parameters 97 Configuring SNMP logging 100 Configuring SNMP notifications 101 Enabling SN...

Page 6: ...e NQA operation 134 Configuring the collaboration function 135 Configuring threshold monitoring 136 Configuring the NQA statistics collection function 139 Configuring the saving of NQA history records 139 Scheduling the NQA operation on the NQA client 140 Configuring NQA templates on the NQA client 140 Configuring the ICMP template 141 Configuring the DNS template 141 Configuring the TCP template ...

Page 7: ... 184 Configuring local mirroring groups 184 Configuring source ports for a local mirroring group 184 Configuring the monitor port for a local mirroring group 185 Displaying and maintaining port mirroring 186 Local port mirroring configuration example 186 Network requirements 186 Configuration procedure 186 Verifying the configuration 187 Layer 2 remote port mirroring configuration example 187 Netw...

Page 8: ...207 Configuring EAA 209 Overview 209 EAA framework 209 Elements in a monitor policy 210 EAA environment variables 211 Configuring a user defined EAA environment variable 212 Configuring a monitor policy 213 Configuration restrictions and guidelines 213 Configuring a monitor policy from the CLI 213 Configuring a monitor policy by using Tcl 215 Suspending monitor policies 216 Displaying and maintain...

Page 9: ... locking the configuration 248 Performing service operations 249 Performing the get get bulk operation 250 Performing the get config get bulk config operation 251 Performing the edit config operation 252 All module configuration data retrieval example 252 Syslog configuration data retrieval example 254 Example for retrieving a data entry for the interface table 255 Example for changing the value o...

Page 10: ...viii Support and other resources 279 Contacting HP 279 Subscription service 279 Related information 279 Documents 279 Websites 279 Conventions 280 Index 282 ...

Page 11: ...nds in any view Task Command Determine if a specified address in an IP network is reachable When you configure the ping command for a low speed network set a larger value for the timeout timer indicated by the t keyword in the command For IPv4 networks ping ip a source ip c count f h ttl i interface type interface number m interval n p pad q r s packet size t timeout tos tos v vpn instance vpn ins...

Page 12: ...es five ICMP packets no ICMP packet is lost and the route is reachable Get detailed information about routes from Device A to Device C DeviceA ping r 1 1 2 2 Ping 1 1 2 2 1 1 2 2 56 data bytes press CTRL_C to break 56 bytes from 1 1 2 2 icmp_seq 0 ttl 254 time 4 685 ms RR 1 1 2 1 1 1 2 2 1 1 1 2 1 1 1 1 56 bytes from 1 1 2 2 icmp_seq 1 ttl 254 time 4 834 ms same route 56 bytes from 1 1 2 2 icmp_se...

Page 13: ...evices Tracert works as shown in Figure 2 1 The source device sends a UDP packet with a TTL value of 1 to the destination device The destination UDP port is not used by any application on the destination device 2 The first hop Device B the first Layer 3 device that receives the packet responds by sending a TTL expired ICMP error message to the source with its IP address 1 1 1 2 encapsulated This w...

Page 14: ...termediate devices devices between the source and destination devices If the intermediate devices are HP devices execute the ipv6 hoplimit expires enable command on the devices For more information about this command see Layer 3 IP Services Command Reference Enable sending of ICMPv6 destination unreachable packets on the destination device If the destination device is an HP device execute the ipv6...

Page 15: ...cket s transmitted 0 packet s received 100 0 packet loss The output shows that Device A and Device C cannot reach each other 4 Use the tracert command to identify failed nodes Enable sending of ICMP timeout packets on Device B DeviceB system view DeviceB ip ttl expires enable Enable sending of ICMP destination unreachable packets on Device C DeviceC system view DeviceC ip unreachables enable Execu...

Page 16: ...ormation Screen output switch Controls whether to display the debugging information on a certain screen Use terminal monitor and terminal logging level commands to turn on the screen output switch For more information about these two commands see Network Management and Monitoring Command Reference As shown in Figure 4 assume that the device can provide debugging for the three modules 1 2 and 3 The...

Page 17: ...When debugging is complete use the undo debugging all command to disable all the debugging functions To debug a feature module Step Command Remarks 1 Enable debugging for a specified module in user view debugging all timeout time module name option By default all debugging functions are disabled 2 Optional Display the enabled debugging in any view display debugging module name N A ...

Page 18: ...tem clock setting In a small network that does not require high clock accuracy you can keep time synchronized among devices by changing their system clocks one by one NTP runs over UDP and uses UDP port 123 How NTP works Figure 5 shows how NTP synchronizes the system time between two devices in this example Device A and Device B Assume that Prior to the time synchronization the time of Device A is...

Page 19: ... of NTP For more information see the related protocols and standards NTP architecture NTP uses stratums 1 to 16 to define clock accuracy as shown in Figure 6 A lower stratum value represents higher accuracy Clocks at stratums 1 through 15 are in synchronized state and clocks at stratum 16 are not synchronized Figure 6 NTP architecture Typically a stratum 1 NTP server gets its time from an authorit...

Page 20: ...lowing association modes Client server mode Symmetric active passive mode Broadcast mode Multicast mode Table 1 NTP association modes Mode Working process Principle Application scenario Client server On the client specify the IP address of the NTP server A client sends a clock synchronization message to the NTP servers Upon receiving the message the servers automatically operate in server mode and...

Page 21: ...and the server start to exchange messages to calculate the network delay between them Then only the broadcast server sends clock synchronization messages A broadcast client can be synchronized to a broadcast server but a broadcast server cannot be synchronized to a broadcast client A broadcast server sends clock synchronization messages to synchronize clients in the same subnet As Figure 6 shows b...

Page 22: ...statement or no ACL is matched no access right is granted If no ACL is created for a specific access right the associated access right is not granted If no ACL is created for any access right peer is granted This feature provides minimal security for a system running NTP A more secure method is NTP authentication NTP authentication Use this feature to authenticate the NTP messages for security pur...

Page 23: ...the time synchronization between PEs and devices of the two VPNs can be realized Figure 8 Network diagram Protocols and standards RFC 1305 Network Time Protocol Version 3 Specification Implementation and Analysis RFC 5905 Network Time Protocol Version 4 Protocol and Algorithms Specification Configuration restrictions and guidelines Follow these restrictions and guidelines when you configure NTP Yo...

Page 24: ... Enter system view system view N A 2 Enable the NTP service ntp service enable By default the NTP service is not enabled Configuring NTP association modes This section describes how to configure NTP association modes Configuring NTP in client server mode When the device operates in client server mode specify the IP address for the server on the client Follow these guidelines when you configure an ...

Page 25: ...metric active passive mode When the device operates in symmetric active passive mode specify on a symmetric active peer the IP address for a symmetric passive peer Follow these guidelines when you configure a symmetric active peer Execute the ntp service enable command on a symmetric passive peer to enable NTP Otherwise the symmetric passive peer will not process NTP messages from a symmetric acti...

Page 26: ...efore synchronizing a broadcast client Otherwise the broadcast client will not be synchronized to the broadcast server Configure NTP in broadcast mode on both broadcast server and client Configuring a broadcast client Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface interface type interface number Enter the interface for receiving NTP broadcast messages 3 C...

Page 27: ...iguring a multicast client Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface interface type interface number Enter the interface for receiving NTP multicast messages 3 Configure the device to operate in multicast client mode Configure the device to operate in multicast client mode ntp service multicast client ip address Configure the device to operate in IPv...

Page 28: ...ss the local device Configure the NTP service access control right for a peer device to access the local device ntp service access peer query server synchronization acl number Configure the IPv6 NTP service access control right for a peer device to access the local device ntp service ipv6 peer query server synchronization acl acl number By default the NTP service access control right for a peer de...

Page 29: ... server ntp service unicast server server name ip address vpn instance vpn instance name authentication keyid keyid Associate the specified key with an IPv6 NTP server ntp service ipv6 unicast server server name ipv6 address vpn instance vpn instance name authentication keyid keyid N A To configure NTP authentication for a server Step Command Remarks 1 Enter system view system view N A 2 Enable NT...

Page 30: ... Failed NTP messages cannot be sent and received correctly Yes N A No N A N A No authentication NTP messages can be sent and received correctly No N A N A N A N A No authentication NTP messages can be sent and received correctly Configuring NTP authentication in symmetric active passive mode When you configure NTP authentication in symmetric peers mode Enable NTP authentication Configure an authen...

Page 31: ... key with a passive peer ntp service ipv6 unicast peer ipv6 address peer name vpn instance vpn instance name authentication keyid keyid N A To configure NTP authentication for a passive peer Step Command Remarks 1 Enter system view system view N A 2 Enable NTP authentication ntp service authentication enable By default NTP authentication is disabled 3 Configure an NTP authentication key ntp servic...

Page 32: ... messages cannot be sent and received correctly Yes N A No Yes N A Failed NTP messages cannot be sent and received correctly Yes N A No No N A No authentication NTP messages can be sent and received correctly No N A N A Yes N A Failed NTP messages cannot be sent and received correctly No N A N A No N A No authentication NTP messages can be sent and received correctly The active peer has a higher s...

Page 33: ...keyid By default no authentication key is configured as a trusted key To configure NTP authentication for a broadcast server Step Command Remarks 1 Enter system view system view N A 2 Enable NTP authentication ntp service authentication enable By default NTP authentication is disabled 3 Configure an NTP authentication key ntp service authentication keyid keyid authentication mode md5 cipher simple...

Page 34: ... messages can be sent and received correctly Yes N A No Yes N A Failed NTP messages cannot be sent and received correctly Yes N A No No N A No authentication NTP messages can be sent and received correctly No N A N A Yes N A Failed NTP messages cannot be sent and received correctly No N A N A No N A No authentication NTP messages can be sent and received correctly Configuring NTP authentication in...

Page 35: ...ntication keyid keyid authentication mode md5 cipher simple value By default no NTP authentication key is configured 4 Configure the key as a trusted key ntp service reliable authentication keyid keyid By default no authentication key is configured as a trusted key 5 Enter interface view interface interface type interface number N A 6 Associate the specified key with the multicast server Associate...

Page 36: ...ages cannot be sent and received correctly Yes Yes Yes No N A Failed NTP messages cannot be sent and received correctly Yes No Yes Yes N A Failed NTP messages cannot be sent and received correctly Yes No Yes No N A No authentication NTP messages can be sent and received correctly Yes N A No Yes N A Failed NTP messages cannot be sent and received correctly Yes N A No No N A No authentication NTP me...

Page 37: ...mand the interface specified in the ntp service ipv6 unicast server or ntp service ipv6 unicast peer command serves as the source interface for NTP messages If you have configured the ntp service broadcast server or ntp service ipv6 multicast server command the source interface for the broadcast or multicast NTP messages is the interface configured with the respective command To specify the source...

Page 38: ...After you specify a symmetric passive peer on a symmetric active peer static associations are created on the symmetric active peer and dynamic associations are created on the symmetric passive peer Broadcast or multicast mode Static associations are created on the server and dynamic associations are created on the client A single device can have a maximum of 128 concurrent associations including s...

Page 39: ...as a reference source Step Command Remarks 1 Enter system view system view N A 2 Configure the local clock as a reference source ntp service refclock master ip address stratum By default the device does not use the local clock as a reference source Displaying and maintaining NTP Execute display commands in any view Task Command Display information about IPv6 NTP associations display ntp service ip...

Page 40: ...on DeviceB display ntp service status Clock status synchronized Clock stratum 3 System peer 1 0 1 11 Local mode client Reference clock ID 1 0 1 11 Leap indicator 00 Clock jitter 0 000977 s Stability 0 000 pps Clock precision 2 10 Root delay 0 00383 ms Root dispersion 16 26572 ms Reference time d0c6033f b9923965 Wed Dec 29 2010 18 58 07 724 The output shows that Device B has been synchronized to De...

Page 41: ...ce source with the stratum level 2 DeviceA ntp service refclock master 2 3 Configure Device B Enable the NTP service DeviceB system view DeviceB ntp service enable Specify Device A as the IPv6 NTP server of Device B so that Device B is synchronized to Device A DeviceB ntp service ipv6 unicast server 3000 34 4 Verify the configuration Display the NTP status of Device B after clock synchronization D...

Page 42: ...ciation has been set up between Device B and Device A NTP symmetric active passive mode configuration example Network requirements As shown in Figure 1 1 Device C has a clock more accurate than Device A Set the local clock of Device A as a reference source with the stratum level 3 Set the local clock Device C as a reference source with the stratum level 2 Configure Device B to operate in client mo...

Page 43: ... so Device B selects Device C as a reference clock to synchronize to Device C After synchronization view the status of Device B The output shows that Device B has been synchronized to Device C DeviceB display ntp service status Clock status synchronized Clock stratum 3 System peer 3 0 1 33 Local mode sym_passive Reference clock ID 3 0 1 33 Leap indicator 00 Clock jitter 0 000916 s Stability 0 000 ...

Page 44: ...symmetric active mode and specify Device B as the IPv6 passive peer of Device C Figure 12 Network diagram Configuration procedure 1 Set the IP address for each interface as shown in Figure 12 Details not shown 2 Configure Device A Enable the NTP service DeviceA system view DeviceA ntp service enable Specify the local clock as the reference source with the stratum level 3 DeviceA ntp service refclo...

Page 45: ... 3 System peer 3000 36 Local mode sym_passive Reference clock ID 163 29 247 19 Leap indicator 11 Clock jitter 0 000977 s Stability 0 000 pps Clock precision 2 10 Root delay 0 01855 ms Root dispersion 9 23483 ms Reference time d0c6047c 97199f9f Wed Dec 29 2010 19 03 24 590 Display IPv6 NTP association information for Device B DeviceB display ntp service ipv6 sessions Notes 1 source master 2 source ...

Page 46: ... 13 Network diagram Configuration procedure 1 Set the IP address for each interface as shown in Figure 13 Details not shown 2 Configure Switch C Enable the NTP service SwitchC system view SwitchC ntp service enable Specify the local clock as the reference source with the stratum level 2 SwitchC ntp service refclock master 2 Configure Switch C to operate in broadcast server mode and send broadcast ...

Page 47: ...9 ms Root dispersion 4 12572 ms Reference time d0d289fe ec43c720 Sat Jan 8 2011 7 00 14 922 The output shows that Switch A has been synchronized to Switch C the clock stratum level of Switch A is 3 and that of Switch C is 2 Display IPv4 NTP association information for Switch A SwitchA Vlan interface2 display ntp service sessions source reference stra reach poll now offset delay disper 1245 3 0 1 3...

Page 48: ...re Switch D Enable the NTP service SwitchD system view SwitchD ntp service enable Configure Switch D to operate in multicast client mode and receive multicast messages on VLAN interface 2 SwitchD interface vlan interface 2 SwitchD Vlan interface2 ntp service multicast client 4 Verify the configuration Because Switch D and Switch C are on the same subnet Switch D can receive the multicast messages ...

Page 49: ...use Switch A and Switch C are on different subnets you must enable the multicast functions on Switch B before Switch A can receive multicast messages from Switch C Enable IP multicast routing and IGMP SwitchB system view SwitchB multicast routing SwitchB mrib quit SwitchB interface vlan interface 2 SwitchB Vlan interface2 pim dm SwitchB Vlan interface2 quit SwitchB vlan 3 SwitchB vlan3 port ten gi...

Page 50: ...n interface3 display ntp service sessions source reference stra reach poll now offset delay disper 1234 3 0 1 31 127 127 1 0 2 247 64 381 0 0 0 0053 4 5128 Notes 1 source master 2 source peer 3 selected 4 candidate 5 configured Total sessions 1 The output shows that an association has been set up between Switch A and Switch C IPv6 NTP multicast mode configuration example Network requirements As sh...

Page 51: ...gure Switch D Enable the NTP service SwitchD system view SwitchD ntp service enable Configure Switch D to operate in IPv6 multicast client mode and receive multicast messages on VLAN interface 2 SwitchD interface vlan interface 2 SwitchD Vlan interface2 ntp service ipv6 multicast client ff24 1 4 Verify the configuration Because Switch D and Switch C are on the same subnet Switch D can receive the ...

Page 52: ...s been set up between Switch D and Switch C 5 Configure Switch B Because Switch A and Switch C are on different subnets you must enable the IPv6 multicast functions on Switch B before Switch A can receive IPv6 multicast messages from Switch C Enable IPv6 multicast functions SwitchB system view SwitchB ipv6 multicast routing SwitchB mrib6 quit SwitchB interface vlan interface 2 SwitchB Vlan interfa...

Page 53: ...ed to Switch C the clock stratum level of Switch A is 3 and that of Switch C is 2 Display IPv6 NTP association information for Switch A SwitchA Vlan interface3 display ntp service ipv6 sessions Notes 1 source master 2 source peer 3 selected 4 candidate 5 configured Source 124 3000 2 Reference 127 127 1 0 Clock stratum 2 Reachabilities 2 Poll interval 64 Last receive time 71 Offset 0 0 Roundtrip de...

Page 54: ...s a trusted key DeviceB ntp service reliable authentication keyid 42 Specify Device A as the NTP server of Device B and associate the server with key 42 DeviceB ntp service unicast server 1 0 1 11 authentication keyid 42 Before Device B can synchronize its clock to that of Device A enable NTP authentication for Device A 4 Configure NTP authentication on Device A Enable NTP authentication DeviceA n...

Page 55: ... selected 4 candidate 5 configured Total sessions 1 The output shows that an association has been set up between Device B and Device A Configuration example for NTP broadcast mode with authentication Network requirements As shown in Figure 17 Switch C functions as the NTP server for multiple devices on different network segments and synchronizes the time among multiple devices Switch A and Switch ...

Page 56: ...vlan interface 2 SwitchA Vlan interface2 ntp service broadcast client 3 Configure Switch B Enable the NTP service SwitchB system view SwitchB ntp service enable Enable NTP authentication on Switch B Configure an NTP authentication key with the key ID of 88 and key value of 123456 Input the key in plain text and specify it as a trusted key SwitchB ntp service authentication enable SwitchB ntp servi...

Page 57: ...key SwitchC ntp service authentication enable SwitchC ntp service authentication keyid 88 authentication mode md5 simple 123456 SwitchC ntp service reliable authentication keyid 88 Specify Switch C as an NTP broadcast server and associate the key 88 with Switch C SwitchC interface vlan interface 2 SwitchC Vlan interface2 ntp service broadcast server authentication keyid 88 7 Verify the configurati...

Page 58: ...igure CE 1 s local clock as a reference source with the stratum level 2 Configure PE 1 to operate in client server mode Specify VPN 1 as the target VPN Figure 18 Network diagram Configuration procedure Before you perform the following configuration be sure you have completed MPLS VPN related configurations and make sure of the reachability between CE 1 and PE 1 between PE 1 and PE 2 and between PE...

Page 59: ... Root dispersion 1 15869 ms Reference time d0c62687 ab1bba7d Wed Dec 29 2010 21 28 39 668 PE2 display ntp service sessions source reference stra reach poll now offset delay disper 1245 10 1 1 1 127 127 1 0 2 1 64 519 0 0 0 0065 0 0 Notes 1 source master 2 source peer 3 selected 4 candidate 5 configured Total sessions 1 PE2 display ntp service trace Server 127 0 0 1 Stratum 3 jitter 0 000 synch dis...

Page 60: ...he reference source with the stratum level 2 CE1 ntp service refclock master 2 3 Configure PE 1 Enable the NTP service PE1 system view PE1 ntp service enable Specify CE 1 in VPN 1 as the symmetric passive peer of PE 1 PE1 ntp service unicast peer 10 1 1 1 vpn instance vpn1 4 Verify the configuration Display the IPv4 NTP association information and status on PE 1 a certain period of time later PE1 ...

Page 61: ...et delay disper 1245 10 1 1 1 127 127 1 0 2 1 64 519 0 0 0 0000 0 0 Notes 1 source master 2 source peer 3 selected 4 candidate 5 configured Total sessions 1 PE1 display ntp service trace Server 127 0 0 1 Stratum 3 jitter 0 000 synch distance 796 50 Server 10 1 1 1 Stratum 2 jitter 939 00 synch distance 0 0000 RefID 127 127 1 0 The output shows that PE 1 has been synchronized to CE 1 with the strat...

Page 62: ...d is selected Configuration restrictions and guidelines You cannot configure both NTP and SNTP on the same device Make sure you use the clock protocol command to specify the time protocol as NTP Configuration task list Tasks at a glance Required Enabling the SNTP service Required Specifying an NTP server for the device Optional Configuring SNTP authentication Enabling the SNTP service The NTP serv...

Page 63: ...ure SNTP authentication can work follow these guidelines on configuring SNTP authentication Enable authentication on both the NTP server and the SNTP client Configure the SNTP client with the same authentication key ID and key value as the NTP server and specify the key as a trusted key on both the NTP server and the SNTP client For information about configuring NTP authentication on an NTP server...

Page 64: ...on about all IPv4 SNTP associations display sntp sessions SNTP configuration example Network requirements As shown in Figure 20 do the following Configure the local clock of Device A as a reference source with the stratum level 2 Configure Device B to operate in SNTP client mode and specify Device A as the NTP server Configure NTP authentication on Device A and SNTP authentication on Device B Figu...

Page 65: ...n SNTP authentication key with the key ID of 10 and key value of aNiceKey Input the key in plain text DeviceB sntp authentication keyid 10 authentication mode md5 simple aNiceKey Specify the key as a trusted key DeviceB sntp reliable authentication keyid 10 Specify Device A as the NTP server of Device B and associate the server with key 10 DeviceB sntp unicast server 1 0 1 11 authentication keyid ...

Page 66: ...this example in terms of frequency synchronization Precision Time Protocol PTP synchronizes the time among devices It can also implement frequency synchronization Compared with the sub second accuracy of NTP PTP synchronizes time with sub microsecond accuracy For more information about NTP see Configuring NTP Basic concepts PTP profile A PTP profile defines two PTP standards IEEE 1588 Version 2 an...

Page 67: ...from its upstream clock node and uses the other ports to synchronize time to the relevant upstream clock nodes If a clock node serves as the clock source and synchronizes time through multiple PTP ports to its downstream clock nodes it is also called a BC such as BC 1 in Figure 22 Transparent Clock TC A TC does not need to keep time consistency with other clock nodes A TC has multiple PTP ports It...

Page 68: ...lock BMC algorithm as follows 1 By exchanging announce messages containing the priorities time class and time accuracy of GMs clock nodes in a PTP domain elect a GM The master nodes member nodes master ports and subordinate ports are specified during the process Then a loop free interconnected spanning tree with the GM as the root is generated for the PTP domain 2 The master node periodically send...

Page 69: ..._Req message to calculate the transmission delay in the reverse direction and records the sending time t3 Upon receiving the message the master clock records the receiving time t4 4 The master clock returns a Delay_Resp message carrying time t4 From the above process the member clock collects four timestamps t1 to t4 and obtains the round trip delay to the master clock by using the following calcu...

Page 70: ...me t5 Upon receiving the message the member clock records the receiving time t6 5 After sending the Pdelay_Resp message the master clock sends a Pdelay_Resp_Follow_Up message carrying time t5 immediately From the above process the member clock collects six timestamps t1 to t6 and obtains the round trip delay to the master clock by using the following calculation t4 t3 t6 t5 The member clock also o...

Page 71: ...ing the role of a PTP port Optional Configuring the mode for carrying timestamps Optional Specifying a delay measurement mechanism for a BC or OC Optional Configuring the port type for a TC OC Optional Configuring the interval for sending announce messages Optional Configuring the interval for sending Pdelay_Req messages Optional Configuring the interval for sending Sync messages Optional Configur...

Page 72: ...priority of the clock Optional Specifying the system time source as PTP Required Enabling PTP on a port Specifying a PTP standard Before configuring PTP specify a PTP standard first Otherwise PTP cannot operate Changing the PTP standard for the device clears all PTP configurations defined by the standard To specify a PTP standard Step Command Remarks 1 Enter system view system view N A 2 Specify a...

Page 73: ...pplicable to OCs only This configuration is automatically cleared after you change the clock node type for the device If an OC is operating as only a member clock you can also use the ptp force state command to configure its PTP port as a master port or passive port To configure an OC to operate as only a member clock Step Command Remarks 1 Enter system view system view N A 2 Configure the OC to o...

Page 74: ...r Delay mechanism do not carry the sending time of the messages The sending time is carried in other messages To configure the mode for carrying timestamps for every clock node Step Command Remarks 1 Enter system view system view N A 2 Enter Layer 2 Ethernet interface view or Layer 3 Ethernet interface view interface interface type interface number N A 3 Configure the mode for carrying timestamps ...

Page 75: ...om the downstream clock node Otherwise time synchronization might be affected To configure the port type for a TC OC as OC Step Command Remarks 1 Enter system view system view N A 2 Enter Layer 2 Ethernet interface view or Layer 3 Ethernet interface view interface interface type interface number N A 3 Configure the port type for a TC OC as OC ptp port mode oc By default the type of all ports on a ...

Page 76: ...nter system view system view N A 2 Enter Layer 2 Ethernet interface view or Layer 3 Ethernet interface view interface interface type interface number N A 3 Specify the number of announcement intervals before the receiving node stops receiving announce messages ptp announce timeout multiple value The default is 3 Configuring the interval for sending Pdelay_Req messages Step Command Remarks 1 Enter ...

Page 77: ...figuring the MAC address for non pdelay messages Pdelay messages include Pdelay_Req Pdelay_Resp and Pdelay_Resp_Follow_Up messages The destination MAC address of Pdelay messages is 0180 C200 000E by default which cannot be modified The destination MAC address of non Pdelay messages is either 0180 C200 000E or 01 1B 1900 0000 If ports on the same link forward PTP packets of the same type to differe...

Page 78: ...ew ptp source ip address vpn instance vpn instance name By default no source IP address is specified for PTP messages encapsulated in UDP packets Configuring the delay correction value PTP performs time synchronization based on the assumption that the delays in sending and receiving messages are the same However this is not practical If you know the offset between the delays in sending and receivi...

Page 79: ...leap61 date date By default the correction date of the UTC is not configured This command takes effect only on the GM Configuring the parameters of the Bits clock Clock nodes in a PTP domain exchange announce messages through BMC to elect a GM They compare the parameters in the announce messages in the following sequence priority 1 time class time accuracy and priority 2 If all these parameters ar...

Page 80: ...e configuration make sure you use the clock protocol command to specify the time protocol as PTP For more information about the clock protocol command see Fundamentals Command Reference To specify the system time source as PTP Step Command Remarks 1 Enter system view system view N A 2 Specify the system time source as PTP clock protocol ptp By default the system time source is NTP Enabling PTP on ...

Page 81: ... PTP statistics reset ptp statistics interface interface type interface number PTP configuration example IEEE 1588 Version 2 Network requirements As shown in Figure 25 a PTP domain comprises Device A Device B and Device C Configure all devices to use PTP standard IEEE 1588 Version 2 Configure the clock node type of Device A and Device C as OC and that of Device B as P2PTC All clock nodes elect a G...

Page 82: ...nable DeviceB Ten GigabitEthernet1 0 2 quit 3 Configure Device C Specify the PTP standard as IEEE 1588 Version 2 DeviceC system view DeviceC ptp profile 1588v2 Specify the clock node type as OC DeviceC ptp mode oc On Ten GigabitEthernet 1 0 1 specify the delay measurement mechanism as p2p and enable PTP DeviceC interface ten gigabitethernet 1 0 1 DeviceC Ten GigabitEthernet1 0 1 ptp delay mechanis...

Page 83: ...ity Class 248 Accuracy 254 Offset log variance 65535 Offset from master N A Mean path delay N A Steps removed N A Local clock time Sun Jan 15 20 57 29 2011 Display brief PTP statistics on Device B DeviceB display ptp interface brief Name State Delay mechanism Clock step Asymmetry correction XGE1 0 1 N A P2P Two 0 XGE1 0 2 N A P2P Two 0 PTP configuration example IEEE 802 1AS Network requirements As...

Page 84: ...r Ten GigabitEthernet 1 0 1 DeviceB interface ten gigabitethernet 1 0 1 DeviceB Ten GigabitEthernet1 0 1 ptp enable DeviceB Ten GigabitEthernet1 0 1 quit Enable PTP for Ten GigabitEthernet 1 0 2 DeviceB interface ten gigabitethernet 1 0 2 DeviceB Ten GigabitEthernet1 0 2 ptp enable DeviceB Ten GigabitEthernet1 0 2 quit 3 Configure Device C Specify the PTP standard as IEEE 1588 802 1AS DeviceC syst...

Page 85: ...l clock time Sun Jan 15 20 57 29 2011 Display brief PTP statistics on Device A DeviceA display ptp interface brief Name State Delay mechanism Clock step Asymmetry correction XGE1 0 1 Master P2P Two 0 Display PTP clock information on Device B DeviceB display ptp clock PTP profile IEEE 802 1AS PTP mode P2PTC Slave only No Clock ID 000FE2 FFFE FF0001 Clock type Local Clock domain 0 Number of PTP port...

Page 86: ...76 XGE1 0 2 N A P2P Two 0 ...

Page 87: ...mon logs Record common system information Unless otherwise specified the term logs in this document refers to common logs Diagnostic logs Record debug messages Security logs Record security information such as authentication and authorization information Hidden logs Record log information not displayed on the terminal such as input commands Trace logs Record system tracing and debug messages which...

Page 88: ...r terminal log buffer log host and log file Log output destinations are independent and you can configure them after enabling the information center Default output rules for logs A log output rule specifies the source modules and severity level of logs that can be output to a destination Logs matching the output rule are output to the destination Table 7 shows the default log output rules Table 7 ...

Page 89: ...ult output rules for hidden logs Table 10 Default output rules for hidden logs Destination Log source modules Output switch Severity Log host All supported modules Enabled Informational Log buffer All supported modules Enabled Informational Log file All supported modules Enabled Informational Default output rules for trace logs Trace logs can only be output to the trace log file and cannot be filt...

Page 90: ...timestamp An identifier of percent sign indicates a log with a level equal to or higher than informational An identifier of asterisk indicates a debug log or a trace log An identifier of caret indicates a diagnostic log PRI priority A log destined to the log host has a priority identifier in front of the timestamp The priority is calculated by using this formula facility 8 level where facility is ...

Page 91: ...values IRF member ID IP address of the log sender Content Provides the content of the log Table 14 Timestamp precisions and configuration commands Item Destined to the log host Destined to the console monitor terminal log buffer and log file Precision Seconds Milliseconds Command used to set the timestamp format info center timestamp loghost info center timestamp Table 15 Description of the timest...

Page 92: ...successfully May 30 06 44 22 is a timestamp in the no year date format FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140 2 requirements Support for features commands and parameters might differ in FIPS mode and non FIPS mode For more information about FIPS mode see Security Configuration Guide Information center configuration task list Task at a glance Perform at l...

Page 93: ...that can be output to the console terminal logging level severity The default setting is 6 informational Outputting logs to the monitor terminal Monitor terminals refer to terminals that log in to the device through the VTY line To output logs to the monitor terminal Step Command Remarks 1 Enter system view system view N A 2 Enable the information center info center enable By default the informati...

Page 94: ...erface 5 Optional Specify the format for logs sent to a log host info center format unicom cmcc By default logs are sent in HP format to a log host 6 Optional Configure the timestamp format info center timestamp loghost date iso with timezone no year date none By default the timestamp format is date The with timezone keyword is available in Release 2311P04 and later versions 7 Specify a log host a...

Page 95: ...y When the maximum capacity is reached the system will replace earliest logs with new logs To save logs to the log file Step Command Remarks 1 Enter system view system view N A 2 Enable the information center info center enable By default the information center is enabled 3 Enable the log file feature info center logfile enable By default the log file feature is enabled 4 Optional Enable log file ...

Page 96: ...istrator can also manually save security logs into the log file After the security logs are saved the buffer is cleared immediately The device supports only one security log file To avoid security log loss you can set an alarm threshold for the security log file usage When the alarm threshold is reached the system outputs a message to inform the administrator The administrator can log in to the de...

Page 97: ...figuration made by this command cannot survive an IRF reboot or a master subordinate switchover Manually save all the contents in the security log file buffer into the security log file security logfile save Available in any view Saving diagnostic logs to the diagnostic log file By default the system saves diagnostic logs from the diagnostic log file buffer to the diagnostic log file every 24 hour...

Page 98: ...e default saving interval is 86400 seconds The diagnostic logfile save command is available in any view Configuring the maximum size of the trace log file The device has only one trace log file When the trace log file is full the device overwrites the oldest trace logs with new ones To set the maximum size of the trace log file Step Command Remarks 1 Enter system view system view N A 2 Set the max...

Page 99: ...tputs suppressed logs and the log number and then the different log and starts another suppression period To enable duplicate log suppression Step Command Remarks 1 Enter system view system view N A 2 Enable duplicate log suppression info center logging suppress duplicates By default duplicate log suppression is disabled Disabling an interface from generating link up or link down logs By default a...

Page 100: ...play logfile summary Clear the log buffer reset logbuffer Configuration example for outputting logs to the console Network requirements Configure the device to output to the console FTP logs that have a severity level of at least warning Figure 28 Network diagram Configuration procedure Enable the information center Sysname system view Sysname info center enable Disable log output to the console S...

Page 101: ... logging facility Device info center loghost 1 2 0 1 facility local4 Disable log output to the log host Device info center source default loghost deny To avoid output of unnecessary information disable all modules from outputting logs to the specified destination loghost in this example before you configure an output rule Configure an output rule to output to the log host FTP logs that have a seve...

Page 102: ...on might not be output properly to the log host d Display the process ID of syslogd kill the syslogd process and then restart syslogd using the r option to make the new configuration take effect ps ae grep syslogd 147 kill HUP 147 syslogd r Now the device can output FTP logs to the log host which stores the logs to the specified file Configuration example for outputting logs to a Linux log host Ne...

Page 103: ... log Device info log In the above configuration local5 is the name of the logging facility used by the log host to receive logs info is the informational level The Linux system will store the log information with a severity level equal to or higher than informational to the file var log Device info log NOTE Follow these guidelines while editing the file etc syslog conf Comments must be on a separa...

Page 104: ... more information about FIPS mode see Security Configuration Guide SNMP framework The SNMP framework comprises the following elements SNMP manager Works on an NMS to monitor and manage the SNMP capable devices in the network SNMP agent Works on a managed device to receive and handle requests from the NMS and sends notifications to the NMS when events such as an interface state change occur Managem...

Page 105: ...e available only in SNMPv2c and SNMPv3 Protocol versions SNMPv1 SNMPv2c and SNMPv3 are supported in non FIPS mode Only SNMPv3 is supported in FIPS mode An NMS and an SNMP agent must use the same SNMP version to communicate with each other SNMPv1 Uses community names for authentication To access an SNMP agent an NMS must use the same community name as set on the SNMP agent If the community name use...

Page 106: ...y default the system location is null 5 Enable SNMPv1 or SNMPv2c snmp agent sys info version all v1 v2c v3 By default SNMPv3 is used 6 Optional Change the local engine ID snmp agent local engineid engineid By default the local engine ID is the company ID plus the device ID 7 Optional Create or update a MIB view snmp agent mib view excluded included view name oid tree mask mask value By default the...

Page 107: ...no SNMP context is configured on the device 10 Optional Map an SNMP community to an SNMP context snmp agent community map community name context context name By default no mapping between an SNMP community and an SNMP context exists on the device 11 Optional Configure the maximum SNMP packet size in bytes that the SNMP agent can handle snmp agent packet max size byte count By default the maximum S...

Page 108: ...ter system view system view N A 2 Optional Enable the SNMP agent snmp agent By default the SNMP agent is disabled The SNMP agent is enabled when you perform any command that begins with snmp agent except for the snmp agent calculate password command 3 Optional Configure the system contact snmp agent sys info contact sys contact By default the system contact is null 4 Optional Configure the system ...

Page 109: ...nt MIB sub tree masks multiple times the most recent configuration takes effect Except for the four sub trees in the default MIB view you can create up to 16 unique MIB view records 9 Create an SNMPv3 group In non FIPS mode snmp agent group v3 group name authentication privacy read view view name write view view name notify view view name acl acl number acl ipv6 ipv6 acl number In FIPS mode snmp a...

Page 110: ...NMP context snmp agent context context name By default no SNMP context is configured on the device 13 Optional Configure the maximum SNMP packet size in bytes that the SNMP agent can handle snmp agent packet max size byte count By default the maximum SNMP packet size that the SNMP agent can handle is 1500 bytes 14 Optional Specify the UDP port for receiving SNMP packets snmp agent port port number...

Page 111: ...able snmp trap updown command After you enable notifications for a module whether the module generates notifications also depends on the configuration of the module For more information see the configuration guide for each module To enable SNMP notifications Step Command Remarks 1 Enter system view system view N A 2 Enable notifications globally snmp agent trap enable configuration protocol standa...

Page 112: ...NMP messages To send informs make sure The SNMP agent and the NMS use SNMPv2c or SNMPv3 If SNMPv3 is used you must configure the SNMP engine ID of the NMS when you configure SNMPv3 basic settings Also specify the IP address of the SNMP engine when you create the SNMPv3 user Configuration prerequisites Configure the SNMP agent with the same basic SNMP settings as the NMS If SNMPv1 or SNMPv2c is use...

Page 113: ...on privacy In FIPS mode snmp agent target host inform address udp domain ip address ipv6 ipv6 address udp port port number vpn instance vpn instance name params securityname security string v3 authentication privacy Use either method By default no target host is configured 3 Optional Configure a source address for notifications snmp agent inform trap source interface type interface number interfac...

Page 114: ...mp agent remote ip address vpn instance vpn instance name ipv6 ipv6 address vpn instance vpn instance name Display basic information about the notification queue display snmp agent trap queue Display the modules that can generate notifications and their notification status enable or disable display snmp agent trap list Display SNMPv3 user information display snmp agent usm user engineid engineid u...

Page 115: ...info location telephone closet 3rd floor Enable SNMP notifications set the NMS at 1 1 1 2 as an SNMP trap destination and use public as the community name To make sure the NMS can receive traps specify the same SNMP version in the snmp agent target host command as is configured on the NMS Agent snmp agent trap enable Agent snmp agent target host trap address udp domain 1 1 1 2 params securityname ...

Page 116: ...AES algorithm and the privacy key 123456TESTencr Figure 34 Network diagram Configuration procedure 1 Configure the agent Configure the IP address of the agent and make sure the agent and the NMS can reach each other Details not shown Assign the NMS SNMPv3 group managev3group read and write access to the objects under the snmp node OID 1 3 6 1 2 1 11 and deny its access to any other MIB object Agen...

Page 117: ...TE The SNMP settings on the agent and the NMS must match 3 Verify the configuration Try to get the MTU value of NULL0 interface from the agent The get attempt succeeds Send request to 1 1 1 1 161 Protocol version SNMPv3 Operation Get Request binding 1 1 3 6 1 2 1 2 2 1 4 135471 Response binding 1 Oid ifMtu 135471 Syntax INT Value 1500 Get finished Try to get the device name from the agent The get ...

Page 118: ...108 Community managev3user Command Trap ...

Page 119: ...access the RMON MIB RMON groups Among standard RMON groups HP implements the statistics group history group event group alarm group probe configuration group and user history group HP also implements a private alarm group which enhances the standard alarm group The probe configuration group and user history group are not configurable from the CLI To configure these two groups you must access the M...

Page 120: ...monitored variable is greater than or equal to the rising threshold a rising alarm event is triggered If the value of the monitored variable is smaller than or equal to the falling threshold a falling alarm event is triggered The event group defines the action to take on the alarm event If an alarm entry crosses a threshold multiple times in succession the RMON agent generates an alarm event only ...

Page 121: ... from the current value and then compares the difference with the rising and falling thresholds Protocols and standards RFC 4502 Remote Network Monitoring Management Information Base Version 2 RFC 2819 Remote Network Monitoring Management Information Base Status of this Memo Configuring the RMON statistics function RMON implements the statistics function through the Ethernet statistics group and t...

Page 122: ...thernet interface view interface interface type interface number N A 3 Create an entry for the interface in the RMON history control table rmon history entry number buckets number interval sampling interval owner text By default the RMON history control table does not contain entries You can create a maximum of 100 history control entries Configuring the RMON alarm function When you configure the ...

Page 123: ...riable sampling interval absolute delta startup alarm falling rising rising falling rising threshold threshold value1 event entry1 falling threshold threshold value2 event entry2 owner text Create an entry in the private alarm table rmon prialarm entry number prialarm formula prialarm des sampling interval absolute delta startup alarm falling rising rising falling rising threshold threshold value1...

Page 124: ...w Sysname interface ten gigabitethernet 1 0 1 Sysname Ten GigabitEthernet1 0 1 rmon statistics 1 owner user1 Display statistics collected by the RMON agent for Ten GigabitEthernet 1 0 1 Sysname display rmon statistics ten gigabitethernet 1 0 1 EtherStatsEntry 1 owned by user1 is VALID Interface Ten GigabitEthernet1 0 1 ifIndex 3 etherStatsOctets 21657 etherStatsPkts 307 etherStatsBroadcastPkts 56 ...

Page 125: ...collected for Ten GigabitEthernet 1 0 1 Sysname Ten GigabitEthernet1 0 1 display rmon history HistoryControlEntry 1 owned by user1 is VALID Sampled interface Ten GigabitEthernet1 0 1 ifIndex 3 Sampling interval 60 sec with 8 buckets max Sampling record 1 dropevents 0 octets 834 packets 8 broadcast packets 1 multicast packets 6 CRC alignment errors 0 undersize packets 0 oversize packets 0 fragments...

Page 126: ...ers 0 collisions 0 utilization 0 Sampling record 7 dropevents 0 octets 766 packets 7 broadcast packets 0 multicast packets 6 CRC alignment errors 0 undersize packets 0 oversize packets 0 fragments 0 jabbers 0 collisions 0 utilization 0 Sampling record 8 dropevents 0 octets 1154 packets 13 broadcast packets 1 multicast packets 6 CRC alignment errors 0 undersize packets 0 oversize packets 0 fragment...

Page 127: ...cations when the delta sample for 1 3 6 1 2 1 16 1 1 1 4 1 exceeds 100 or drops below 50 Sysname rmon event 1 trap public owner user1 Sysname rmon alarm 1 1 3 6 1 2 1 16 1 1 1 4 1 5 delta rising threshold 100 1 falling threshold 50 1 owner user1 NOTE The string 1 3 6 1 2 1 16 1 1 1 4 1 is the object instance for Ten GigabitEthernet 1 0 1 The digits before the last digit 1 3 6 1 2 1 16 1 1 1 4 repr...

Page 128: ... etherStatsUndersizePkts 0 etherStatsOversizePkts 0 etherStatsFragments 0 etherStatsJabbers 0 etherStatsCRCAlignErrors 0 etherStatsCollisions 0 etherStatsDropEvents insufficient resources 0 Incoming packets by size 64 7 65 127 413 128 255 35 256 511 0 512 1023 0 1024 1518 0 Query alarm events on the NMS Details not shown On the device alarm event messages are displayed when events occur ...

Page 129: ...rformance The obtained performance metrics include the one way latency jitter packet loss voice quality application performance and server response time All types of NQA operations require the NQA client but only the TCP UDP echo UDP jitter and voice operations require the NQA server The NQA operations for services that are already provided by the destination device such as FTP do not need the NQA...

Page 130: ...e with the Track module to notify application modules of state or performance changes so that the application modules can take predefined actions Figure 40 Collaboration The following describes how a static route destined for 192 168 0 88 is monitored through collaboration 1 NQA monitors the reachability to 192 168 0 88 2 When 192 168 0 88 becomes unreachable NQA notifies the Track module of the c...

Page 131: ... task list Tasks at a glance Remarks Configuring the NQA server Required for TCP UDP echo UDP jitter and voice operations Required Use one of the following methods Configure NQA operations Enabling the NQA client Configuring NQA operations on the NQA client Scheduling the NQA operation on the NQA client Configuring NQA templates on the NQA client When you configure an NQA template to analyze netwo...

Page 132: ...gent enable By default the NQA client is enabled Configuring NQA operations on the NQA client NQA operation configuration task list Tasks at a glance Required Configure at least one of the NQA operations Configuring the ICMP echo operation Configuring the DHCP operation Configuring the DNS operation Configuring the FTP operation Configuring the HTTP operation Configuring the UDP jitter operation C...

Page 133: ...ddress of ICMP echo requests destination ip ip address By default no destination IP address is specified 5 Optional Specify the payload size in each ICMP echo request data size size The default setting is 100 bytes 6 Optional Specify the string to be filled in the payload of each ICMP echo request data fill string The default setting is the hexadecimal number 00010203040506070809 7 Optional Specif...

Page 134: ...ip address By default no destination IP address is specified The IP address of the DHCP server is used as the destination IP address 5 Optional Specify the source IP address of DHCP request packets source ip ip address By default no source IP address is specified for the request packets The requests take the IP address of the outgoing interface as their source IP address The specified source IP ad...

Page 135: ...erver make sure the file specified in the URL exists on the FTP server The NQA client does not save the file obtained from the FTP server Use a small file for the FTP operation A big file might result in transfer failure because of timeout or might affect other services for occupying much network bandwidth To configure the FTP operation Step Command Remarks 1 Enter system view system view N A 2 Cr...

Page 136: ...2 Create an NQA operation and enter NQA operation view nqa entry admin name operation tag By default no NQA operation is created 3 Specify the HTTP type and enter its view type http N A 4 Specify the URL of the destination HTTP server url url Enter the URL in one of the following formats http host resource http host port resource 5 Specify an HTTP login username username username By default no HTT...

Page 137: ...lows 1 The NQA client sends UDP packets to the destination port at a regular interval 2 The destination device takes a time stamp to each packet that it receives and then sends the packet back to the NQA client 3 Upon receiving the responses the NQA client calculates the jitter according to the time stamps The UDP jitter operation requires both the NQA server and the NQA client Before you perform ...

Page 138: ...l The default setting is 20 milliseconds 11 Specify how long the NQA client waits for a response from the server before it regards the response times out probe packet timeout packet timeout The default setting is 3000 milliseconds 12 Optional Specify the source IP address for UDP packets source ip ip address By default no source IP address is specified The source IP address must be the IP address ...

Page 139: ...ver For more information about the TCP listening service configuration see Configuring the NQA server To configure the TCP operation Step Command Remarks 1 Enter system view system view N A 2 Create an NQA operation and enter NQA operation view nqa entry admin name operation tag By default no NQA operation is created 3 Specify the TCP type and enter its view type tcp N A 4 Specify the destination ...

Page 140: ...n IP address is specified The destination address must be the same as the IP address of the listening service configured on the NQA server 5 Specify the destination port of UDP packets destination port port number By default no destination port number is specified The destination port number must be the same as that of the listening service on the NQA server 6 Optional Specify the payload size in ...

Page 141: ...e in the range of 1 to 5 A higher value represents a higher service quality The evaluation of voice quality depends on users tolerance for voice quality which you should consider For users with higher tolerance for voice quality use the advantage factor command to configure the advantage factor When the system calculates the ICPIF value it subtracts the advantage factor to modify ICPIF and MOS val...

Page 142: ...ta size size By default the voice packet size depends on the codec type The default packet size is 172 bytes for G 711A law and G 711 μ law codec type and 32 bytes for G 729 A law codec type 11 Optional Specify the string to be filled in the payload of each voice packet data fill string The default setting is the hexadecimal number 00010203040506070809 12 Specify the number of voice packets to be ...

Page 143: ...eeded packets on the intermediate devices between the source and the destination devices If the intermediate devices are HP devices use the ip ttl expires enable command Enable sending ICMP destination unreachable packets on the destination device If the destination device is an HP device use the ip unreachables enable command For more information about the ip ttl expires enable and the ip unreach...

Page 144: ...efault no LSR path is specified The path jitter operation uses the tracert to detect the LSR path to the destination and sends ICMP echo requests to each hop on the LSR 12 Optional Perform the path jitter operation on destination only target only By default the path jitter operation is performed on each hop on the path to the destination Configuring optional parameters for the NQA operation Unless...

Page 145: ...etting is 20 This command is not available for the DHCP and path jitter operations 9 Optional Specify the ToS value in the IP packet header of probe packets tos value The default setting is 0 10 Optional Enable the routing table bypass function route option bypass route By default the routing table bypass function is disabled This command is not available for the DHCP and path jitter operations 11...

Page 146: ...shold a threshold violation occurs consecutive If the number of consecutive times that the monitored performance metric is out of the specified value range reaches or exceeds the specified threshold a threshold violation occurs Threshold violations for the average or accumulate threshold type are determined on a per NQA operation basis and threshold violations for the consecutive type are determin...

Page 147: ...d monitoring Step Command Remarks 1 Enter system view system view N A 2 Create an NQA operation and enter NQA operation view nqa entry admin name operation tag By default no NQA operation is created 3 Enter NQA operation view type dhcp dlsw dns ftp http icmp echo snmp tcp udp echo udp jitter voice Path jitter does not support the threshold monitoring function 4 Enable sending traps to the NMS when...

Page 148: ... threshold action type none trap only Monitor packet loss only for the UDP jitter and voice operations reaction item number checked element packet loss threshold type accumulate accumulate occurrences action type none trap only Monitor the one way jitter only for the UDP jitter and voice operations reaction item number checked element jitter ds jitter sd threshold type accumulate accumulate occurr...

Page 149: ...type dhcp dlsw dns ftp http icmp echo path jitter snmp tcp udp echo udp jitter voice DHCP operation does not support the NQA statistics collection function 4 Optional Specify the interval for collecting the statistics statistics interval interval The default setting is 60 minutes 5 Optional Specify the maximum number of statistics groups that can be saved statistics max group number The default se...

Page 150: ...on starts immediately If both the specified start and end time are ahead of the system time the operation does not start To view the current system time use the display clock command Follow these guidelines when you schedule the NQA operation You cannot enter the operation type view or the operation view of a scheduled NQA operation A system time adjustment does not affect started or completed NQA...

Page 151: ...the payload of each request data fill string The default setting is the hexadecimal number 00010203040506070809 6 Optional Specify the IP address of the specified interface as the source IP address of ICMP echo requests source interface interface type interface number By default no source IP address is specified The requests use the primary IP address of the outgoing interface as their source IP a...

Page 152: ...domain name By default no domain name is specified 6 Configure the domain name resolution type resolve type A AAAA By default the type is type A A type A query resolves a domain name to a mapped IPv4 address and a type AAAA query to a mapped IPv6 address 7 Optional Specify the source IPv4 or IPv6 address for the probe packets IPv4 address source ip ip address IPv6 address source ipv6 ipv6 address ...

Page 153: ...ort number must be the same as the port number of the listening service on the NQA server 5 Optional Specify the string to be filled in the payload of each request data fill string The default setting is the hexadecimal number 00010203040506070809 6 Optional Specify the source IPv4 or IPv6 address for the probe packets IPv4 address source ip ip address IPv6 address source ipv6 ipv6 address By defa...

Page 154: ...P login password is specified 6 Specify the HTTP operation type operation get post raw By default the HTTP operation type is get which means obtaining data from the HTTP server In the HTTP raw operation use the raw request command to specify the content of the GET request to be sent to the HTTP server 7 Optional Enter raw request view raw request This step is required for the raw operation Every t...

Page 155: ...he get operation the file name is required 4 Optional Specify the FTP operation type operation get put By default the FTP operation type is get which means obtaining files from the FTP server 5 Specify an FTP login username username username By default no FTP login username is specified 6 Specify an FTP login password password cipher simple password By default no FTP login password is specified 7 ...

Page 156: ...cessful probes that lead to a successful operation reaction trigger probe pass count The default setting is 3 If the number of consecutive successful probes for an NQA operation is reached the NQA client notifies the feature that uses the template of the successful operation event 10 Configure the number of consecutive probe failures that lead to an operation failure reaction trigger probe fail co...

Page 157: ...peration and specify 10 2 2 2 as the destination IP address DeviceA system view DeviceA nqa entry admin test1 DeviceA nqa admin test1 type icmp echo DeviceA nqa admin test1 icmp echo destination ip 10 2 2 2 Configure 10 1 1 2 as the next hop The ICMP echo requests are sent through Device C to Device B DeviceA nqa admin test1 icmp echo next hop 10 1 1 2 Configure the ICMP echo operation to perform ...

Page 158: ...0 Failures due to internal error 0 Failures due to other errors 0 Display the history records of the ICMP echo operation DeviceA display nqa history admin test1 NQA entry admin admin tag test history records Index Response Status Time 370 3 Succeeded 2007 08 23 15 00 01 2 369 3 Succeeded 2007 08 23 15 00 01 2 368 3 Succeeded 2007 08 23 15 00 01 2 367 5 Succeeded 2007 08 23 15 00 01 2 366 3 Succeed...

Page 159: ... admin admin tag test1 test results Send operation times 1 Receive response times 1 Min Max Average round trip time 512 512 512 Square Sum of round trip time 262144 Last succeeded probe time 2011 11 22 09 56 03 2 Extended results Packet loss ratio 0 Failures due to timeout 0 Failures due to internal error 0 Failures due to other errors 0 Display the history records of the DHCP operation SwitchA di...

Page 160: ...viceA nqa schedule admin test1 start time now lifetime forever After the DNS operation runs for a period of time stop the operation DeviceA undo nqa schedule admin test1 Display the most recent results of the DNS operation DeviceA display nqa result admin test1 NQA entry admin admin tag test1 test results Send operation times 1 Receive response times 1 Min Max Average round trip time 62 62 62 Squa...

Page 161: ...he source IP address DeviceA nqa admin test1 ftp source ip 10 1 1 1 Configure the device to upload file config txt to the FTP server DeviceA nqa admin test1 ftp operation put DeviceA nqa admin test1 ftp filename config txt Specify the username for the FTP operation as admin DeviceA nqa admin test1 ftp username admin Specify the password for the FTP operation as systemtest DeviceA nqa admin test1 f...

Page 162: ...As shown in Figure 45 configure an HTTP operation on the NQA client to test the time required to obtain data from the HTTP server Figure 45 Network diagram Configuration procedure Assign each interface an IP address Details not shown Configure static routes or a routing protocol to make sure the devices can reach each other Details not shown Create an HTTP operation DeviceA system view DeviceA nqa...

Page 163: ...Failures due to timeout 0 Failures due to disconnect 0 Failures due to no connection 0 Failures due to internal error 0 Failures due to other errors 0 Display the history records of the HTTP operation DeviceA display nqa history admin test1 NQA entry admin admin tag test1 history records Index Response Status Time 1 64 Succeeded 2011 11 22 10 12 47 9 The output shows that Device A uses 64 millisec...

Page 164: ...iod of time stop the operation DeviceA undo nqa schedule admin test1 Display the most recent results of the UDP jitter operation DeviceA display nqa result admin test1 NQA entry admin admin tag test1 test results Send operation times 10 Receive response times 10 Min Max Average round trip time 15 32 17 Square Sum of round trip time 3235 Last packet received time 2011 05 29 13 56 17 6 Extended resu...

Page 165: ...internal error 0 Failures due to other errors 0 Packets out of sequence 0 Packets arrived late 0 UDP jitter results RTT number 410 Min positive SD 3 Min positive DS 1 Max positive SD 30 Max positive DS 79 Positive SD number 186 Positive DS number 158 Positive SD sum 2602 Positive DS sum 1928 Positive SD average 13 Positive DS average 12 Positive SD square sum 45304 Positive DS square sum 31682 Min...

Page 166: ...4 Configure Device A Create an SNMP operation and configure 10 2 2 2 as the destination IP address DeviceA system view DeviceA nqa entry admin test1 DeviceA nqa admin test1 type snmp DeviceA nqa admin test1 snmp destination ip 10 2 2 2 Enable the saving of history records DeviceA nqa admin test1 snmp history record enable DeviceA nqa admin test1 snmp quit Start the SNMP operation DeviceA nqa sched...

Page 167: ...s Details not shown 2 Configure static routes or a routing protocol to make sure the devices can reach each other Details not shown 3 Configure Device B Enable the NQA server and configure a listening service to listen on the IP address 10 2 2 2 and TCP port 9000 DeviceB system view DeviceB nqa server enable DeviceB nqa server tcp connect 10 2 2 2 9000 4 Configure Device A Create a TCP operation D...

Page 168: ... admin test1 NQA entry admin admin tag test1 history records Index Response Status Time 1 13 Succeeded 2011 11 22 10 27 25 1 The output shows that Device A uses 13 milliseconds to establish a TCP connection to port 9000 on the NQA server UDP echo operation configuration example Network requirements As shown in Figure 49 configure a UDP echo operation to test the round trip time between Device A an...

Page 169: ...sults of the UDP echo operation DeviceA display nqa result admin test1 NQA entry admin admin tag test1 test results Send operation times 1 Receive response times 1 Min Max Average round trip time 25 25 25 Square Sum of round trip time 625 Last succeeded probe time 2011 11 22 10 36 17 9 Extended results Packet loss ratio 0 Failures due to timeout 0 Failures due to internal error 0 Failures due to o...

Page 170: ...iceA nqa schedule admin test1 start time now lifetime forever After the voice operation runs for a period of time stop the operation DeviceA undo nqa schedule admin test1 Display the most recent results of the voice operation DeviceA display nqa result admin test1 NQA entry admin admin tag test1 test results Send operation times 1000 Receive response times 1000 Min Max Average round trip time 31 1...

Page 171: ...ife time 331 seconds Send operation times 4000 Receive response times 4000 Min Max Average round trip time 15 1328 32 Square Sum of round trip time 7160528 Extended results Packet loss ratio 0 Failures due to timeout 0 Failures due to internal error 0 Failures due to other errors 0 Packets out of sequence 0 Packets arrived late 0 Voice results RTT number 4000 Min positive SD 1 Min positive DS 1 Ma...

Page 172: ...her Details not shown Create a DLSw operation and configure 10 2 2 2 as the destination IP address DeviceA system view DeviceA nqa entry admin test1 DeviceA nqa admin test1 type dlsw DeviceA nqa admin test1 dlsw destination ip 10 2 2 2 Enable the saving of history records DeviceA nqa admin test1 dlsw history record enable DeviceA nqa admin test1 dlsw quit Start the DLSw operation DeviceA nqa sched...

Page 173: ...an IP address Details not shown Configure static routes or a routing protocol to make sure the devices can reach each other Details not shown Use the ip ttl expires enable command on Device B and use the ip unreachables enable command on Device C Create a path jitter operation and specify 10 2 2 2 as the destination IP address DeviceA system view DeviceA nqa entry admin test1 DeviceA nqa admin tes...

Page 174: ... 9 4 Sum Square Sum positive jitter 25 173 Negative jitter number 3 Min Max Average negative jitter 2 10 6 Sum Square Sum positive jitter 19 153 Hop IP 10 2 2 2 Basic Results Send operation times 10 Receive response times 10 Min Max Average round trip time 15 40 28 Square Sum of round trip time 4493 Extended Results Failures due to timeout 0 Failures due to internal error 0 Failures due to other e...

Page 175: ...ing admin and operation tag being test1 SwitchA nqa entry admin test1 Configure the NQA operation type as ICMP echo SwitchA nqa admin test1 type icmp echo Configure 10 2 1 1 as the destination IP address SwitchA nqa admin test1 icmp echo destination ip 10 2 1 1 Configure the operation to repeat at an interval of 100 milliseconds SwitchA nqa admin test1 icmp echo frequency 100 Create reaction entry...

Page 176: ...8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 0 32 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 127 255 255 255 32 Direct 0 0 127 0 0 1 InLoop0 224 0 0 0 4 Direct 0 0 0 0 0 0 NULL0 224 0 0 0 24 Direct 0 0 0 0 0 0 NULL0 255 255 255 255 32 Direct 0 0 127 0 0 1 InLoop0 The output shows that the static route with the next hop 10 2 1 1 is active and the status of the track entry is p...

Page 177: ... 127 0 0 1 InLoop0 127 255 255 255 32 Direct 0 0 127 0 0 1 InLoop0 224 0 0 0 4 Direct 0 0 0 0 0 0 NULL0 224 0 0 0 24 Direct 0 0 0 0 0 0 NULL0 255 255 255 255 32 Direct 0 0 127 0 0 1 InLoop0 The output shows that the static route does not exist and the status of the track entry is negative ICMP template configuration example Network requirements As shown in Figure 54 configure an ICMP template for ...

Page 178: ...tion trigger probe fail 2 DNS template configuration example Network requirements As shown in Figure 55 configure a DNS template for a feature to perform the DNS operation to test whether Device A can translate the domain name host com into an IP address through the DNS server Figure 55 Network diagram Configuration procedure Assign each interface an IP address Details not shown Configure static r...

Page 179: ...s not shown 3 Configure Device B Enable the NQA server and configure a listening service to listen to the IP address 10 2 2 2 and TCP port 9000 DeviceB system view DeviceB nqa server enable DeviceB nqa server tcp connect 10 2 2 2 9000 4 Configure Device A Create TCP template tcp DeviceA system view DeviceA nqa template tcp tcp Configure 10 2 2 2 as the destination IP address and port 9000 as the d...

Page 180: ...ault HTTP operation type is get and this step can be omitted DeviceA nqatplt http http operation get If the number of consecutive successful probes reaches 2 the operation succeeds The NQA client notifies the feature of the successful operation event DeviceA nqatplt http http reaction trigger probe pass 2 If the number of consecutive probe failures reaches 2 the operation fails The NQA client noti...

Page 181: ...erver DeviceA nqatplt ftp ftp operation put DeviceA nqatplt ftp ftp filename config txt Specify the username for the FTP server login as admin DeviceA nqatplt ftp ftp username admin Specify the password for the FTP server login as systemtest DeviceA nqatplt ftp ftp password simple systemtest If the number of consecutive successful probes reaches 2 the operation succeeds The NQA client notifies the...

Page 182: ... Mirroring destination The mirroring destination is the destination port also known as the monitor port of mirrored packets and connects to the monitoring device The device where the monitor port resides is called the destination device Mirrored packets are sent out of the monitor port to the monitoring device A monitor port might receive multiple duplicates of a packet in some networks because it...

Page 183: ... packets to the data monitoring device The mirroring source and mirroring destination are on the same device A mirroring group that contains the mirroring source and the mirroring destination on the device is called a local mirroring group Figure 59 Local port mirroring implementation As shown in Figure 59 the source port Ten GigabitEthernet 1 0 1 and monitor port Ten GigabitEthernet 1 0 2 reside ...

Page 184: ...roring group you must disable MAC address learning for the remote probe VLAN on the source intermediate and destination devices For more information about MAC address learning see Layer 2 LAN Switching Configuration Guide Layer 3 remote port mirroring Layer 3 remote port mirroring is implemented through creating a local mirroring group on the source device and one on the destination device The sou...

Page 185: ...ommand Remarks 1 Enter system view system view N A 2 Create a local mirroring group mirroring group group id local By default no local mirroring group exists Configuring source ports for the local mirroring group You can configure a list of source ports for a mirroring group at a time in system view or assign a port to it as a source port in interface view To assign multiple ports to the mirroring...

Page 186: ...roup group id mirroring port both inbound outbound By default a port does not act as a source port for any local mirroring group Configuring the monitor port for the local mirroring group You can configure the monitor port for a mirroring group in system view or assign a port to a mirroring group as the monitor port in interface view The two modes lead to the same result Configuration restrictions...

Page 187: ... ports through a remote probe VLAN perform the following tasks 1 Create a remote source group on the local device 2 Specify the reflector port for this mirroring group 3 Configure the remote probe VLAN for this mirroring group 4 Assign the local monitor ports to the remote probe VLAN Configuration restrictions and guidelines When you configure local port mirroring to support multiple monitor ports...

Page 188: ...nbound outbound c Return to system view quit By default no source port is configured for a mirroring group 4 Configure the reflector port for the remote source group mirroring group group id reflector port reflector port By default no reflector port is configured for a mirroring group 5 Create a VLAN to be configured as the remote probe VLAN vlan vlan id By default only VLAN 1 system default VLAN ...

Page 189: ...or port to the remote probe VLAN Required Configuring a remote source group on the source device 1 Creating a remote source group 2 Configuring source ports for a remote source group 3 Configuring the egress port for a remote source group 4 Configuring the remote probe VLAN for a remote source group Configuring a remote destination group on the destination device To configure a remote destination ...

Page 190: ...itor port for any remote destination group Configuring the remote probe VLAN for a remote destination group You must first create a static VLAN before you configure it as a remote probe VLAN When you configure the remote probe VLAN for a remote destination group follow these restrictions and guidelines When a VLAN is configured as a remote probe VLAN use the remote probe VLAN for port mirroring ex...

Page 191: ... in interface view To assign multiple ports to a mirroring group as source ports in interface view repeat the operation When you configure source ports for a remote source group follow these restrictions and guidelines Do not assign a source port to the remote probe VLAN A mirroring group can contain multiple source ports A port can act as a source port for multiple mirroring groups A port cannot ...

Page 192: ...n egress port To configure the egress port for a remote source group in system view Step Command Remarks 1 Enter system view system view N A 2 Configure the egress port for the specified remote source group mirroring group group id monitor egress interface type interface number By default no egress port is configured for a remote source group To configure the egress port for a remote source group ...

Page 193: ...ices are connected by a tunnel If intermediate devices exist configure a unicast routing protocol on the intermediate devices to make sure that the source device can reach the destination device at Layer 3 On the source device you must configure the ports you want to monitor as the source ports and configure the tunnel interface as the monitor port On the destination device you must perform the fo...

Page 194: ...to the tunnel interface as the source port You can configure a list of source ports for a mirroring group at a time in system view or assign a port to it as a source port in interface view To assign multiple ports to the mirroring group as source ports in interface view repeat the operation The two modes lead to the same result Configuration restrictions and guidelines When you configure source po...

Page 195: ...cal mirroring group follow these restrictions and guidelines A mirroring group contains only one monitor port Do not enable the spanning tree feature on the monitor port HP recommends that you use a monitor port only for port mirroring so the data monitoring device receives and analyzes only the mirrored traffic Configuration procedure To configure the monitor port in system view Step Command Rema...

Page 196: ...al department Figure 62 Network diagram Configuration procedure Create local mirroring group 1 Device system view Device mirroring group 1 local Configure Ten GigabitEthernet 1 0 1 and Ten GigabitEthernet 1 0 2 as source ports and port Ten GigabitEthernet 1 0 3 as the monitor port for local mirroring group 1 Device mirroring group 1 mirroring port ten gigabitethernet 1 0 1 ten gigabitethernet 1 0 ...

Page 197: ...r can monitor the bidirectional traffic of the Marketing department Figure 63 Network diagram Configuration procedure Configuring Device C the destination device Configure Ten GigabitEthernet 1 0 1 as a trunk port to permit the packets of VLAN 2 to pass through DeviceC system view DeviceC interface ten gigabitethernet 1 0 1 DeviceC Ten GigabitEthernet1 0 1 port link type trunk DeviceC Ten GigabitE...

Page 198: ...e Create VLAN 2 which is to be configured as the remote probe VLAN DeviceB system view DeviceB vlan 2 Disable MAC address learning for VLAN 2 DeviceB vlan2 undo mac address mac learning enable DeviceB vlan2 quit Configure Ten GigabitEthernet 1 0 1 as a trunk port to permit the packets of VLAN 2 to pass through DeviceB interface ten gigabitethernet 1 0 1 DeviceB Ten GigabitEthernet1 0 1 port link t...

Page 199: ...n GigabitEthernet1 0 2 port trunk permit vlan 2 DeviceA Ten GigabitEthernet1 0 2 undo stp enable DeviceA Ten GigabitEthernet1 0 2 quit Verifying the configuration Display information about all mirroring groups on Device C DeviceC display mirroring group all Mirroring group 2 Type Remote destination Status Active Monitor port Ten GigabitEthernet1 0 2 Remote probe VLAN 2 Display information about al...

Page 200: ... the reflector port of the remote source group DeviceA mirroring group 1 reflector port ten gigabitethernet 1 0 5 This operation may delete all settings made on the interface Continue Y N y Create VLAN 10 and assign ports Ten GigabitEthernet 1 0 1 1 through Ten GigabitEthernet 1 0 13 to VLAN 10 DeviceA vlan 10 DeviceA vlan10 port ten gigabitethernet 1 0 11 to ten gigabitethernet 1 0 13 DeviceA vla...

Page 201: ...nnel service for the group DeviceA system view DeviceA service loopback group 1 type tunnel Assign Ten GigabitEthernet 1 0 3 to service loopback group 1 DeviceA interface ten gigabitethernet 1 0 3 DeviceA Ten GigabitEthernet1 0 3 port service loopback group 1 All configurations on the interface will be lost Continue Y N y DeviceA Ten GigabitEthernet1 0 3 quit Create tunnel interface Tunnel 0 that ...

Page 202: ...estination device Create service loopback group 1 and specify the tunnel service for the group DeviceC system view DeviceC service loopback group 1 type tunnel Assign Ten GigabitEthernet 1 0 3 to service loopback group 1 DeviceC interface ten gigabitethernet 1 0 3 DeviceC Ten GigabitEthernet1 0 3 port service loopback group 1 All configurations on the interface will be lost Continue Y N y DeviceC ...

Page 203: ...tEthernet 1 0 2 DeviceC interface ten gigabitethernet 1 0 2 DeviceC Ten GigabitEthernet1 0 2 undo stp enable DeviceC Ten GigabitEthernet1 0 2 quit Verifying the configuration Display information about all mirroring groups on Device A DeviceA display mirroring group all Mirroring group 1 Type Local Status Active Mirroring port Ten GigabitEthernet1 0 1 Both Monitor port Tunnel0 Display information a...

Page 204: ...to mirror the matching packets to one of the following destinations Interface The matching packets are copied to an interface connecting to a data monitoring device The data monitoring device analyzes the packets received on the interface CPU The matching packets are copied to the CPU of the IRF member device where they are received The CPU analyzes the packets or delivers them to upper layers Flo...

Page 205: ...source ip address dscp dscp value vlan vlan id vrf instance vrf instance name Mirror traffic to a CPU mirror to cpu By default no mirroring destination is configured for a traffic behavior When the destination IP address is specified for mirrored packets the output interface of the route to the destination address does not support ECMP 4 Optional Display traffic behavior configuration display traf...

Page 206: ...n apply a QoS policy to a VLAN to mirror the traffic in a specified direction on all ports in the VLAN To apply the QoS policy to a VLAN Step Command 1 Enter system view system view 2 Apply a QoS policy to a VLAN qos vlan policy policy name vlan vlan id list inbound outbound Applying a QoS policy globally You can apply a QoS policy globally to mirror the traffic in a specified direction on all por...

Page 207: ... to the Marketing department during working hours 8 00 to 18 00 on weekdays Figure 66 Network diagram Configuration procedure Create a working hour range named work in which the working hour is from 8 00 to 18 00 on weekdays DeviceA system view DeviceA time range work 8 00 to 18 00 working day Create ACL 3000 to allow packets from the Technical department to access the Internet and to the Marketin...

Page 208: ...te traffic class tech_c with traffic behavior tech_b in the QoS policy DeviceA qos policy tech_p DeviceA qospolicy tech_p classifier tech_c behavior tech_b DeviceA qospolicy tech_p quit Apply QoS policy tech_p to the incoming packets of Ten GigabitEthernet 1 0 4 DeviceA interface ten gigabitethernet 1 0 4 DeviceA Ten GigabitEthernet1 0 4 qos apply policy tech_p inbound DeviceA Ten GigabitEthernet1...

Page 209: ...e sFlow collector analyzes the information and displays the results sFlow provides good scalability to allow one sFlow collector to monitor multiple sFlow agents sFlow provides the following sampling mechanisms Flow sampling Obtains packet information Counter sampling Obtains interface counter information Figure 67 sFlow system Protocols and standards RFC 3176 InMon Corporation s sFlow A Method fo...

Page 210: ... the sFlow collector information sflow collector collector id vpn instance vpn instance name ip ip address ipv6 ipv6 address port port number datagram size size time out seconds description text By default no sFlow collector information is configured 4 Optional Specify the source IP address of sFlow packets sflow source ip ip address ipv6 ipv6 address By default the source IP address is determined...

Page 211: ...sFlow collector is specified for flow sampling Configuring counter sampling Perform this task to configure counter sampling on an Ethernet interface The sFlow agent does the following Periodically collects the counter information on that interface Encapsulates the information into sFlow packets Sends them in UDP packets to the specified sFlow collector To configure counter sampling Step Command Re...

Page 212: ...the IP address for the sFlow agent Sysname system view Sysname sflow agent ip 3 3 3 1 Configure information about the sFlow collector specify the sFlow collector ID as 1 IP address as 3 3 3 2 port number as 6343 default and description as netserver Sysname sflow collector 1 ip 3 3 3 2 description netserver 3 Configure counter sampling Enable counter sampling and set the counter sampling interval t...

Page 213: ...pled from every 4000 packets Troubleshooting sFlow configuration The remote sFlow collector cannot receive sFlow packets Symptom The remote sFlow collector cannot receive sFlow packets Analysis The sFlow collector is not specified sFlow is not configured on the interface The IP address of the sFlow collector specified on the sFlow agent is different from that of the remote sFlow collector No IP ad...

Page 214: ... Verify that the physical link between the device and the sFlow collector is up 4 Verify that the bound VPN already exists 5 Verify that the length of an sFlow packet is greater than the length of the sFlow packet header plus the number of bytes HP recommends the default that flow sampling can copy per packet ...

Page 215: ...intaining processes Commands described in this section apply to both user processes and kernel threads You can execute these commands in any view The system identifies a process that consumes excessive memory or CPU resources as an anomaly source To display and maintain processes Task Command Display memory usage display memory slot slot number Display process state information display process all...

Page 216: ...efault directory is flash on the master device exception filepath directory Clear context information for process exceptions reset exception context slot slot number Monitoring kernel threads Tasks in this section help you quickly identify thread deadloop and starvation problems and their causes Configuring kernel thread deadloop detection CAUTION Inappropriate configuration of kernel thread deadl...

Page 217: ...does not impact system operation A starved thread can automatically run when certain conditions are met To configure kernel thread starvation detection Step Command Remarks 1 Enter system view system view N A 2 Enable kernel thread starvation detection monitor kernel starvation enable slot slot number By default the function is disabled 3 Optional Set the interval for identifying a kernel thread s...

Page 218: ...er Display kernel thread starvation detection configuration display kernel starvation configuration slot slot number Clear kernel thread deadloop information reset kernel deadloop slot slot number Clear kernel thread exception information reset kernel exception slot slot number Clear kernel thread reboot information reset kernel reboot slot slot number Clear kernel thread starvation information re...

Page 219: ...RTM and a set of user defined monitor policies as shown in Figure 69 Figure 69 EAA framework Event sources Event sources are software or hardware modules that produce events see Figure 69 For example the CLI module produces an event when you enter a command and the Syslog module the information center produces an event when it receives a log message Event monitors EAA creates one event monitor for...

Page 220: ...M does not trigger the monitor policy to run Process Process event occurs in response to a state change caused by an automatic system task of the monitored process such as an exception shutdown start or restart Hotplug Hotplug event occurs when a master subordinate switchover occurs or when a device joins or leaves the IRF fabric Interface Each interface event is associated with two user defined t...

Page 221: ...entals Configuration Guide Runtime Policy runtime limits the amount of time that the monitor policy can run from the time it is triggered This setting prevents system resources from being occupied by incorrectly defined policies EAA environment variables EAA environment variables decouple the configuration of action arguments from the monitor policy so you can modify a policy easily An EAA environ...

Page 222: ...vice where a hot swap event occurs Interface _ifname Interface name SNMP _oid OID of the MIB variable where an SNMP operation is performed _oid_value Value of the MIB variable SNMP_Notification _oid OID that is included in the SNMP notification Process _process_name Process name User defined variables You can use user defined variables for all types of events User defined variable names can contai...

Page 223: ... actions in different policies do not conflict Policy execution result will be unpredictable if policies that conflict in actions are running concurrently You can assign the same policy name to a CLI defined policy and a Tcl defined policy but you cannot assign the same name to policies that are the same type The system executes the actions in a policy in ascending order of action IDs When you add...

Page 224: ...an event You can configure only one event in a monitor policy If the monitor policy already contains an event the new event overrides the old event 4 Configure the actions to take when the event occurs Configure the action to execute a command action number cli command line Configure a reboot action action number reboot slot slot number Configure a logging action action number syslog priority leve...

Page 225: ...filename By default the system does not have Tcl policies This step enables the Tcl defined policy To revise the Tcl script of a policy you must suspend all monitor policies first and then resume the policies after you finish revising the script The system cannot execute a Tcl defined policy if you edit its Tcl script without suspending policies Write a Tcl script in two lines for a monitor policy...

Page 226: ... 2 Suspend monitor policies rtm scheduler suspend To resume monitor polices use the undo rtm scheduler suspend command Displaying and maintaining EAA settings Execute display commands in any view Task Command Display user defined EAA environment variables display rtm environment var name Display EAA monitor policies display rtm policy active registered policy name Configuration examples CLI define...

Page 227: ...mplete policy execution within 2000 seconds Sysname rtm test running time 2000 Specify the network admin user role for executing the policy Sysname rtm test user role network admin Enable the policy Sysname rtm test commit Verifying the configuration Display information about the policy Sysname rtm test display rtm policy registered Total number 1 Type Event TimeRegistered PolicyName CLI CLI May 0...

Page 228: ...unning Download the Tcl script file from the TFTP server at 1 2 1 1 Sysname tftp 1 2 1 1 get rtm_tcl_test tcl Enter system view Sysname system view Create the Tcl defined policy test and bind it to the Tcl script file Sysname rtm tcl policy test rtm_tcl_test tcl Sysname quit Verifying the configuration Display information about the policy Sysname display rtm policy registered Total number 1 Type E...

Page 229: ...1 CWMP network framework A basic CWMP network includes the following network elements ACS Autoconfiguration server the management device in the network CPE Customer premises equipment the managed device in the network DNS server Domain name system server CWMP defines that the ACS and the CPE use URLs to identify and access each other DNS is used to resolve the URLs DHCP server Assigns ACS attribut...

Page 230: ...e image management The ACS can manage CPE software upgrade When the ACS finds a software version update the ACS notifies the CPE to download the software image file from a specific location The location can be the URL of the ACS or an independent file server The CPE notifies the ACS of the download result success or failure when it completes a download attempt The CPE downloads the specified image...

Page 231: ...ires the CPE to download a configuration or software image file from a specific URL for software or configuration update Upload The ACS requires the CPE to upload a file to a specific URL Reboot The ACS reboots the CPE remotely for the CPE to complete an upgrade or recover from an error condition Autoconnect between ACS and CPE The CPE connects to the ACS automatically after it obtains the DNS ser...

Page 232: ...ost message 6 If the ACS wants to point the CPE to a new ACS URL the ACS queries the ACS URL set on the CPE 7 The CPE replies with its ACS URL setting 8 The ACS sends a Set request to modify the ACS URL on the CPE 9 After the ACS URL is modified the CPE sends a response 10 The ACS sends an empty HTTP message to notify the CPE that it has no other requests 11 The CPE closes the connection and then ...

Page 233: ...butes are configurable only from the CLI Optional Configuring CPE attributes Configuring ACS authentication parameters Configuring the provision code Configuring the CWMP connection interface Configuring autoconnect parameters Configuring the periodic Inform feature Scheduling a connection initiation Configuring the maximum number of connection retries Configuring the close wait timer Enabling NAT...

Page 234: ...command length A hexadecimal number that indicates the total length of the length URL username and password arguments including the spaces between these arguments No space is allowed between the 01 keyword and the length value URL ACS URL username Username for the CPE to authenticate to the ACS password Password for the CPE to authenticate to the ACS NOTE The ACS URL username and password must use...

Page 235: ...ntication to the preferred ACS URL Configuring the default ACS attributes from the CLI Step Command Remarks 1 Enter system view system view N A 2 Enter CWMP view cwmp N A 3 Configure the default ACS URL cwmp acs default url url By default no default ACS URL has been configured 4 Configure the username for authentication to the default ACS URL cwmp acs default username username By default no userna...

Page 236: ...ach CPE For correct configuration deployment make sure the same provision code is configured on the CPE and the ACS To configure the provision code Step Command Remarks 1 Enter system view system view N A 2 Enter CWMP view cwmp N A 3 Configure the provision code cwmp cpe provision code provision code The default provision code is PROVISIONINGCODE Configuring the CWMP connection interface The CWMP ...

Page 237: ...s disabled 4 Optional Configure the Inform interval cwmp cpe inform interval seconds By default the CPE sends an Inform message to start a session every 600 seconds Scheduling a connection initiation To connect to the ACS for configuration or software update at a scheduled time Step Command Remarks 1 Enter system view system view N A 2 Enter CWMP view cwmp N A 3 Schedule a connection initiation cw...

Page 238: ...ng NAT traversal for the CPE For the connection request initiated from the ACS to reach the CPE you must enable NAT traversal feature on the CPE when a NAT gateway resides between the CPE and the ACS The NAT traversal feature complies with RFC 3489 Simple Traversal of UDP Through NATs STUN The feature enables the CPE to discover the NAT gateway and obtain an open NAT binding a public IP address an...

Page 239: ...icy name By default no SSL client policy is specified Displaying and maintaining CWMP Execute display commands in any view Task Command Display CWMP configuration display cwmp configuration Display the current status of CWMP display cwmp status CWMP configuration example Network requirements As shown in Figure 3 use HP IMC BIMS as the ACS to bulk configure the devices CPEs and assign ACS attribute...

Page 240: ...word 12345 Table 26 lists serial numbers of the CPEs Table 26 CPE list Room Device Serial number A Device A 210231A95YH10C000045 Device B 210235AOLNH12000010 Device C 210235AOLNH12000015 B Device D 210235AOLNH12000017 Device E 210235AOLNH12000020 Device F 210235AOLNH12000022 Device A Device B Device C Room A Device D Device E Device F Room B ACS 10 185 10 41 DHCP Server 10 185 10 52 DNS Server 10 ...

Page 241: ...gement CPE Authentication User from the top navigation bar The CPE authentication user configuration page appears Figure 4 CPE authentication user configuration page b Click Add c Enter the username and password for authentication to the ACS and then click OK Figure 5 Adding a CPE user account 3 Add device groups and device classes for devices in equipment rooms A and B This example assigns all de...

Page 242: ...enter a device class name for devices in equipment room A and then click OK In this example the device class for devices in equipment room A is Device_A Figure 7 Adding a device class g Repeat the previous two steps to create a device class for devices in equipment room B 4 Add the devices as CPEs a Select Service BIMS Add CPE from the top navigation bar b On the Add CPE page enter or select basic...

Page 243: ...teps to add other devices Figure 8 Adding a CPE After the CPE is added successfully a success message is displayed as shown in Figure 9 Figure 9 CPE added successfully 5 Configure the system settings of the ACS as shown in Figure 10 ...

Page 244: ...Templates from the navigation tree Figure 11 Configuring templates page b On the Configuration Templates page click Import c On the Import Configuration Template page select configuration template settings for the Device_A device class add the Device_A class to the Applicable CPEs pane and then click OK d Repeat the previous two steps to configure a configuration template for equipment room B s de...

Page 245: ...235 Figure 12 Importing configuration template After the configuration template is added successfully a success message is displayed as shown in Figure 13 Figure 13 Configuration templates ...

Page 246: ... the Device_A device class add the Device_A class to the Applicable CPEs pane and then click OK h Repeat the previous two steps to configure a software library entry for equipment room B s device class Figure 15 Importing CPE software 7 Add auto deployment tasks a Select Service BIMS Configuration Management Deployment Guide from the top navigation bar b On the Deployment Guide page click By Devic...

Page 247: ...237 Figure 16 Deployment Guide c On the Auto Deploy Configuration page click Select Class Figure 17 Configuring auto deployment d On the Device Class page select Device_A and then click OK ...

Page 248: ...for devices in equipment room B in the same way you add the deployment task for the devices in equipment room A Configuring the DHCP server In this example an HP device is operating as the DHCP server 1 Configure an IP address pool to assign IP addresses and DNS server address to the CPEs This example uses subnet 10 185 10 0 24 for IP address assignment Enable DHCP DHCP_server system view ...

Page 249: ...mat DHCP_server dhcp pool 0 option 43 hex 0140 68747470 3A2F2F61 63732E64 61746162 6173653A 39303930 2F616373 20766963 6B792031 32333435 Configuring the DNS server Map http acs database 9090 acs to http 10 185 1 41 9090 acs on the DNS server For more information about DNS configuration see DNS server documentation Connecting the CPEs to the network Connect the CPEs to the network and then power on...

Page 250: ... managed objects which can be configuration data status data and statistics information For more information about the operable data see the NETCONF XML API reference for the switch Operations get get config edit config The operations layer defines a set of base operations invoked as RPC methods with XML encoded parameters NETCONF base operations include data retrieval operations configuration ope...

Page 251: ...tf params xml ns netconf base 1 0 get bulk filter type subtree top xmlns http www hp com netconf data 1 0 Ifmgr Interfaces Interface Interfaces Ifmgr top filter get bulk rpc NETCONF over SOAP All NETCONF over SOAP messages are XML based and comply with RFC 4741 NETCONF messages are contained in the Body element of SOAP messages NETCONF over SOAP messages also comply with the following rules SOAP m...

Page 252: ...t NETCONF operations copy valid NETCONF messages to the CLI in XML view This method is suitable for R D and test purposes Custom interface N A To use this method you must enable NETCONF over SOAP By default the device cannot interpret Custom interfaces URLs For the device to interpret these URLs you must encode the NETCONF messages sent from a custom interface in SOAP Protocols and standards RFC 3...

Page 253: ...e edit config operation Optional Saving rolling back and loading the configuration Optional Filtering data Optional Performing CLI operations through NETCONF Optional Retrieving NETCONF session information Optional Terminating another NETCONF session Optional Returning to the CLI Enabling NETCONF over SOAP NETCONF messages can be encapsulated into SOAP messages and transmitted over HTTP and HTTPS ...

Page 254: ...tering XML view Task Command Remarks Enter XML view xml Available in user view Exchanging capabilities After you enter XML view the client and the device exchange their capabilities before you can perform subsequent operations The device automatically advertises its NETCONF capabilities to the client in a hello message as follows xml version 1 0 encoding UTF 8 hello xmlns urn ietf params xml ns ne...

Page 255: ...s effect only on the current session If the session is terminated the subscription is automatically canceled You can send multiple subscription messages to subscribe to notification of multiple events Subscription procedure Copy the following message to the client to complete the subscription xml version 1 0 encoding UTF 8 rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 create sub...

Page 256: ...or tag error tag error severity error severity error severity error message xml lang en error message error message rpc error rpc reply For more information about error messages see RFC 4741 Example for subscribing to event notifications Network requirements Configure a client to subscribe to all events with no time limitation After the subscription is successful all events on the device are sent ...

Page 257: ...at has subscribed to all events xml version 1 0 encoding UTF 8 notification xmlns urn ietf params xml ns netconf notification 1 0 eventTime 2011 01 04T12 30 52 eventTime event xmlns http www hp com netconf event 1 0 Group SHELL Group Code SHELL_LOGIN Code Slot 6 Slot Severity Notification Severity context VTY logged in from 192 168 100 130 context event notification Locking unlocking the configura...

Page 258: ...locking the configuration Copy the following text to the client to unlock the configuration xml version 1 0 encoding UTF 8 rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 unlock target running target unlock rpc After receiving the unlock request the device returns a response in the following format if the unlock operation is successful xml version 1 0 encoding UTF 8 rpc reply mess...

Page 259: ...returns the following response xml version 1 0 encoding UTF 8 rpc reply message id 101 xmlns urn ietf params xml ns netconf base 1 0 rpc error error type protocol error type error tag lock denied error tag error severity error error severity error message xml lang en Lock failed because the NETCONF lock is held by another session error message error info session id 1 session id error info rpc erro...

Page 260: ...ion 1 0 encoding UTF 8 rpc message id 100 xmlns urn ietf params xml ns netconf base 1 0 getoperation filter top xmlns http www hp com netconf data 1 0 Specify the module submodule table name and column name top filter getoperation rpc Where the getoperation parameter can be get or get bulk The filter element is used to filter data and it can contain module name submodule name table name and column...

Page 261: ... 1 0 rpc reply message id 100 xmlns urn ietf params xml ns netconf base 1 0 data Device state and configuration data data rpc reply Performing the get config get bulk config operation The get config and get bulk config operations are used to retrieve all non default configurations which are configured by means of CLI and MIB The get config and get bulk config messages can contain the filter elemen...

Page 262: ...ation xml version 1 0 rpc message id 100 xmlns urn ietf params xml ns netconf base 1 0 edit config target running running target error option Default operation when an error occurs error option config top xmlns http www hp com netconf config 1 0 Specify the module name submodule name table name and column name top config edit config rpc After receiving the edit config request the device returns a ...

Page 263: ...e get config rpc Verifying the configuration If the client receives the following text the get config operation is successful rpc reply xmlns urn ietf params xml ns netconf base 1 0 xmlns web urn ietf params xml ns netconf base 1 0 message id 101 data top xmlns http www hp com netconf config 1 0 Ifmgr Interfaces Interface IfIndex 1307 IfIndex Shutdown 1 Shutdown Interface Interface IfIndex 1308 If...

Page 264: ...ly Syslog configuration data retrieval example Network requirements Retrieve configuration data for the Syslog module Configuration procedure Enter XML view Sysname xml Exchange capabilities hello xmlns urn ietf params xml ns netconf base 1 0 capabilities capability urn ietf params netconf base 1 0 capability capabilities hello Retrieve configuration data for the Syslog module rpc message id 100 x...

Page 265: ...c reply Example for retrieving a data entry for the interface table Network requirements Retrieve a data entry for the interface table Configuration procedure Enter XML view Sysname xml Exchange capabilities hello xmlns urn ietf params xml ns netconf base 1 0 capabilities capability urn ietf params netconf base 1 0 capability capabilities hello Retrieve a data entry for the interface table rpc mes...

Page 266: ...ortIndex 3 PortIndex ifTypeExt 22 ifTypeExt ifType 6 ifType Description Ten GigabitEthernet 1 0 2 Interface Description AdminStatus 2 AdminStatus OperStatus 2 OperStatus ConfigSpeed 0 ConfigSpeed ActualSpeed 100000 ActualSpeed ConfigDuplex 3 ConfigDuplex ActualDuplex 1 ActualDuplex Interface Interfaces Ifmgr top data rpc reply Example for changing the value of a parameter Network requirements Chan...

Page 267: ... loading the configuration Use NETCONF to save roll back or load the configuration Saving the configuration Copy the following text to the client to save the device configuration to the specified file xml version 1 0 encoding UTF 8 rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 save file Specify the configuration file name file save rpc The name of the specified configuration fil...

Page 268: ...n is successful xml version 1 0 encoding UTF 8 rpc reply message id 101 xmlns urn ietf params xml ns netconf base 1 0 ok rpc reply Loading the configuration After you perform the load operation the loaded configurations are merged into the current configuration as follows New configurations are directly loaded Configurations that already exist in the current configuration are replaced by those loa...

Page 269: ...0 save file my_config cfg file save rpc Verifying the configuration If the client receives the following response the save operation is successful xml version 1 0 encoding UTF 8 rpc reply message id 101 xmlns urn ietf params xml ns netconf base 1 0 ok rpc reply Filtering data You can define a filter with the filter element to filter information when you perform a get get bulk get config or get bul...

Page 270: ...ers from A to Z rpc message id 1 0 xmlns urn ietf params xml ns netconf base 1 0 xmlns hp http www hp com netconf base 1 0 get config source running source filter type subtree top xmlns http www hp com netconf config 1 0 Ifmgr Interfaces Interface Description hp regExp A Z Interface Interfaces Ifmgr top filter get config rpc Conditional match To implement a complex data filtering with digits and c...

Page 271: ...aracter string Not include match exclude string Excludes the specified string The supported data types include only character string Start with match startWith strin g Starts with the specified string The supported data types include character string and OID End with match endWith string Ends with the specified string The supported data types include only character string Copy the following text t...

Page 272: ...ilter type subtree top xmlns http www hp com netconf data 1 0 Ifmgr Interfaces Interface Description reg regExp Interface Interfaces Ifmgr top filter get rpc Verifying the configuration If the client receives the following text the operation is successful xml version 1 0 encoding UTF 8 rpc reply xmlns urn ietf params xml ns netconf base 1 0 xmlns reg http www hp com netconf base 1 0 message id 100...

Page 273: ...able under the Ifmgr module Configuration procedure Enter XML view Sysname xml Exchange capabilities hello xmlns urn ietf params xml ns netconf base 1 0 capabilities capability urn ietf params netconf base 1 0 capability capabilities hello Retrieve data in the Name column with the ifindex value not less than 5000 in the Interfaces table under the Ifmgr module rpc message id 100 xmlns urn ietf para...

Page 274: ...ex Name Register Tunnel0 Name Interface Interfaces Ifmgr top data rpc reply Performing CLI operations through NETCONF You can enclose command lines in XML messages to configure the device Configuration procedure Copy the following text to the client to execute the commands xml version 1 0 encoding UTF 8 rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 CLI Execution Commands Executi...

Page 275: ...es capability urn ietf params netconf base 1 0 capability capabilities hello Copy the following text to the client to execute the display current configuration command xml version 1 0 encoding UTF 8 rpc message id 101 xmlns urn ietf params xml ns netconf base 1 0 CLI Execution display current configuration Execution CLI rpc Verifying the configuration If the client receives the following text the ...

Page 276: ...ons operation is successful xml version 1 0 encoding UTF 8 rpc reply message id 101 xmlns urn ietf params xml ns netconf base 1 0 get sessions Session SessionID Configuration session ID SessionID Line Line information Line UserName Name of the user creating the session UserName Since Time when the session was created Since LockHeld Whether the session holds a lock LockHeld Session get sessions rpc...

Page 277: ... user type is vty0 The login time is 201 1 01 05T00 24 57 The user does not hold the lock of the configuration Terminating another NETCONF session NETCONF allows one client to terminate the NETCONF session of another client The client whose session is terminated returns to user view Copy the following message to the client to terminate the specified NETCONF session rpc message id 101 xmlns urn iet...

Page 278: ...guration If the client receives the following text the NETCONF session with session ID 2 has been terminated The client with session ID 2 has returned from XML view to user view xml version 1 0 encoding UTF 8 rpc reply message id 101 xmlns urn ietf params xml ns netconf base 1 0 ok rpc reply Returning to the CLI To return from XML view to the CLI send the following close session request xml versio...

Page 279: ...ription XML example get Retrieves device configuration and state information To retrieve device configuration and state information for the Syslog module rpc message id 101 xmlns urn ietf params xml ns netconf ba se 1 0 xmlns xc http www hp com netconf base 1 0 get filter type subtree top xmlns http www hp com netconf data 1 0 Syslog Syslog top filter get rpc ...

Page 280: ...ee top xmlns http www hp com netconf config 1 0 Ifmgr Interfaces Interface Interfaces Ifmgr top filter get config rpc get bulk Retrieves a number of data entries including device configuration and state information starting from the data entry next to the one with the specified index To retrieve device configuration and state information for all interface rpc message id 100 xmlns urn ietf params x...

Page 281: ...he edit config operation you must specify the operation target on a specified level If the specified target exists the operation directly changes the configuration for the target If the specified target does not exist the operation creates and configures the target If the specified target does not exist and it cannot be created an error message is returned To change the buffer size to 120 rpc mess...

Page 282: ...h the configuration carried in the message If the specified target does not exist the operation is not conducted and an invalid value error message is returned The syntax is the same as the edit config message with the merge attribute Change the operation attribute from merge to replace edit config remove Removes the specified configuration If the specified target has only the table index the oper...

Page 283: ... target and the target itself If the specified target has the table index and configuration data the operation removes the specified configuration data of this target If the specified target does not exist an error message is returned showing that the target does not exist The syntax is the same as the edit config message with the merge attribute Change the operation attribute from merge to delete...

Page 284: ...t specified and the default operation method is specified as replace none This value is used when the operation attribute is not specified and the default operation method is specified as none If this value is specified the edit config operation is used only for schema verification rather than issuing a configuration If the schema verification is passed a successful message is returned Otherwise a...

Page 285: ... reserved for future use To issue the configuration for two interfaces with the error option element value as continue on error rpc message id 101 xmlns urn ietf params xml ns netconf ba se 1 0 edit config target running target error option continue on error error o ption config xmlns xc urn ietf params xml ns netconf base 1 0 top xmlns http www hp com netconf config 1 0 Ifmgr xc operation merge I...

Page 286: ...sue the configuration for an interface for test purposes rpc message id 101 xmlns urn ietf params xml ns netconf ba se 1 0 edit config target running target test option test only test option config xmlns xc urn ietf params xml ns netconf base 1 0 top xmlns http www hp com netconf config 1 0 Ifmgr xc operation merge Interfaces Interface Index 262 Index Description 222 Description ConfigSpeed 100 Co...

Page 287: ...unlock target running target unlock rpc get sessions Retrieves information about all NETCONF sessions in the system To retrieve information about all NETCONF sessions in the system rpc message id 101 xmlns urn ietf params xml ns netconf ba se 1 0 get sessions rpc close session Terminates the NETCONF session for the current user to unlock the configuration and release the resources for example memo...

Page 288: ...up configuration file To save the running configuration to the file test cfg rpc message id 101 xmlns urn ietf params xml ns netconf ba se 1 0 save file test cfg file save rpc load Loads the configuration After the device finishes the load operation the configuration in the specified file is merged into the current configuration of the device To merge the configuration in the file a1 cfg to the cu...

Page 289: ...ing you will receive email notification of product enhancements new driver versions firmware updates and other product resources Related information Documents To find related documents browse to the Manuals page of the HP Business Support Center website http www hp com support manuals For related documentation navigate to the Networking section and select a networking category For a complete list ...

Page 290: ...eparated by vertical bars from which you select one choice multiple choices or none 1 n The argument or keyword and argument combination before the ampersand sign can be entered 1 to n times A line that starts with a pound sign is comments GUI conventions Convention Description Boldface Window names button names field names and menu items are in bold text For example the New User window appears cl...

Page 291: ...r a unified wired WLAN module or the switching engine on a unified wired WLAN switch Represents an access point Represents a mesh access point Represents omnidirectional signals Represents directional signals Represents a security product such as a firewall UTM multiservice security gateway or load balancing device Represents a security card such as a firewall load balancing NetStream SSL VPN IPS ...

Page 292: ...y 196 NMM flow mirroring QoS policy control plane 196 NMM flow mirroring QoS policy global 196 NMM flow mirroring QoS policy interface 196 NMM flow mirroring QoS policy VLAN 196 architecture NMM NTP 9 assigning CWMP ACS attribute preferred CLI 225 CWMP ACS attribute preferred DHCP server 224 NMM port mirroring monitor port to remote probe VLAN 180 associating NMM IPv6 NTP client server association...

Page 293: ...MM NQA client ICMP template 141 141 168 NMM NQA client operation scheduling 140 NMM NQA client SNMP operation 128 156 NMM NQA client statistics collection function 139 NMM NQA client TCP operation 157 NMM NQA client TCP template 142 169 NMM NQA client template configuration 140 NMM NQA client template optional parameters 145 NMM NQA client threshold monitoring 120 136 NMM NQA client UDP echo opera...

Page 294: ...p source ports 175 NMM NETCONF 240 243 NMM NQA 1 19 121 147 NMM NQA client DHCP operation 124 148 NMM NQA client DLSw operation 132 162 NMM NQA client DNS operation 124 149 NMM NQA client DNS template 141 168 NMM NQA client FTP operation 125 151 NMM NQA client FTP template 145 170 NMM NQA client history record save 139 NMM NQA client HTTP operation 126 152 NMM NQA client HTTP template 143 170 NMM ...

Page 295: ... time source 70 NMM PTP TC OC port type 65 NMM PTP timestamp carry mode 64 NMM PTP UTC correction date 69 NMM remote port mirroring destination group 179 NMM remote port mirroring source group 181 NMM remote port mirroring source group egress port 182 NMM remote port mirroring source group remote probe VLAN 182 NMM remote port mirroring source group source ports 181 NMM RMON 109 NMM RMON alarm fun...

Page 296: ... NMM NETCONF configuration data retrieval all modules 252 NMM NETCONF configuration data retrieval Syslog module 254 NMM NETCONF data entry retrieval interface table 255 NMM NETCONF filtering conditional match 259 263 NMM NETCONF filtering full match 259 NMM NETCONF filtering regex match 259 261 deadloop detection Linux kernel PMM 206 debugging feature module 7 information control module debugging...

Page 297: ...de with MPLS VPN time synchronization 48 NMM NTP MPLS VPN support 13 NMM NTP multicast association mode 37 NMM NTP symmetric active passive mode with MPLS VPN time synchronization 49 NMM port mirroring configuration 172 NMM port mirroring remote destination group 179 NMM port mirroring remote source group 181 NMM port mirroring remote source group egress port 182 NMM port mirroring remote source g...

Page 298: ...NMM NQA client ICMP echo operation 123 147 NMM NQA client UDP echo operation 130 158 egress port NMM Layer 2 remote port mirroring 173 NMM port mirroring remote source group egress port 182 Embedded Automation Architecture Use EAA enabling CWMP 223 NETCONF over SSH 244 NMM information center duplicate log suppression 89 NMM information center synchronous output 88 NMM NETCONF over SOAP 243 NMM NQA...

Page 299: ...n 195 traffic behavior configuration 195 format NMM information center system logs 79 NMM NETCONF message 241 FTP NMM NQA 1 19 NMM NQA client FTP operation 125 151 NMM NQA client FTP template 145 170 full match NETCONF data filtering 259 function NMM RMON alarm function 1 12 NMM RMON statistics function 1 1 1 G generating NMM information center interface link up link down log generation 89 get ope...

Page 300: ...Linux log host 92 92 log output log buffer 84 log output log host 84 log output monitor terminal 83 log output UNIX log host 91 log save to file 85 maintaining 90 security log default output rules 79 security log file management 87 security log management 86 security log save to file 86 synchronous log output 88 system information log types 77 system log destinations 78 system log formats 79 syste...

Page 301: ...M NTP client server association mode 31 NMM NTP multicast association mode 40 NMM NTP symmetric active passive association mode 34 K kernel thread displaying 207 Linux process 205 maintaining 207 PMM 206 PMM deadloop detection 206 PMM starvation detection 207 L Layer 2 NMM port mirroring configuration 172 NMM remote port mirroring configuration 178 187 Layer 3 NMM port mirroring configuration 172 ...

Page 302: ...9 NMM system information security log default output rules 79 NMM system information trace log default output rules 79 SNMP configuration 100 M MAC addressing NMM PTP non Pdelay message MAC address 67 maintaining NMM information center 90 NMM PTP 71 PMM 205 PMM kernel threads 207 PMM Linux 205 process monitoring and maintenance See PMM Management Information Base Use MIB managing NMM information c...

Page 303: ...ation 17 NMM NTP multicast mode authentication 24 NMM NTP multicast mode max number dynamic associations 28 NMM NTP multicast server configuration 17 N NAT CWMP CPE NAT traversal 228 NETCONF capability exchange 244 CLI operations 264 265 CLI return 268 configuration 240 243 configuration data retrieval all modules 252 configuration data retrieval Syslog module 254 configuration load 257 258 config...

Page 304: ...t path jitter operation 133 163 NMM NQA client SNMP operation 128 NMM NQA client statistics collection function 139 NMM NQA client TCP operation 129 157 NMM NQA client template configuration 140 NMM NQA client threshold monitoring 136 NMM NQA client UDP echo operation 130 158 NMM NQA client UDP jitter operation 127 NMM NQA client voice operation 131 159 NMM NQA client Track collaboration function ...

Page 305: ...156 NMM NQA client UDP jitter operation 153 NMM NQA client Track collaboration 165 NMM NQA configuration 1 19 121 147 NMM NQA ICMP template configuration 167 NMM NTP broadcast association mode 36 NMM NTP broadcast mode with authentication 45 NMM NTP client server association mode 29 NMM NTP client server mode with authentication 43 NMM NTP client server mode with MPLS VPN time synchronization 48 N...

Page 306: ...on center log formats 79 information center log levels 77 information center log output console 83 90 information center log output Linux log host 92 92 information center log output log buffer 84 information center log output log host 84 information center log output monitor terminal 83 information center log output UNIX log host 91 information center log save to file 85 information center securi...

Page 307: ...threshold monitoring 136 NQA client UDP echo operation 130 158 NQA client UDP jitter operation 127 153 NQA client voice operation 131 159 NQA client Track collaboration 165 NQA client Track collaboration function 135 NQA configuration 1 19 121 147 NQA ICMP template configuration 167 NQA operation 1 19 NQA server configuration 121 NQA threshold monitoring 120 NQA Track collaboration 120 NTP access ...

Page 308: ... system information diagnostic log output rules 78 system information hidden log default output rules 79 system information security log default output rules 79 system information trace log default output rules 79 system maintenance 1 tracert 3 4 tracert node failure identification 4 NMS NMM RMON alarm function configuration 1 16 NMM RMON configuration 109 NMM RMON Ethernet statistics group config...

Page 309: ...e 14 how it works 8 IPv6 client server association mode configuration 31 IPv6 multicast association mode configuration 40 IPv6 symmetric active passive association mode configuration 34 local clock as reference source 29 message processing disable 27 message source interface specification 27 MPLS VPN support 13 multicast association mode 10 multicast association mode configuration 17 37 multicast ...

Page 310: ... 95 SNMPv1 basic parameter configuration 96 SNMPv2c basic parameter configuration 96 SNMPv3 basic parameter configuration 97 path NMM NQA client path jitter operation 133 163 NMM NQA path jitter 1 19 Pdelay_Req message 66 performing NMM NETCONF CLI operations 264 265 NMM NETCONF edit config operation 252 NMM NETCONF get get bulk operation 250 NMM NETCONF get config get bulk config operation 251 NM...

Page 311: ...le monitor ports 177 destination 172 direction bidirectional 172 direction inbound 172 direction outbound 172 displaying 186 egress port 173 implementation 173 Layer 2 remote port mirroring configuration 187 Layer 3 local group source port configuration restrictions 184 Layer 3 remote configuration 183 Layer 3 remote port mirroring configuration 191 Layer 3 remote port mirroring local mirroring gr...

Page 312: ...guring NMM EAA monitor policy CLI 213 216 configuring NMM EAA monitor policy Tcl 215 218 configuring NMM flow mirroring 194 197 configuring NMM flow mirroring match criteria 194 configuring NMM flow mirroring QoS policy 195 configuring NMM flow mirroring traffic behavior 195 configuring NMM information center 82 configuring NMM information center trace log file 88 configuring NMM IPv6 NTP client s...

Page 313: ...ion 45 configuring NMM NTP broadcast server 16 16 configuring NMM NTP client server association mode 14 29 configuring NMM NTP client server mode authentication 18 configuring NMM NTP client server mode with authentication 43 configuring NMM NTP client server mode with MPLS VPN time synchronization 48 configuring NMM NTP local clock as reference source 29 configuring NMM NTP max number dynamic ass...

Page 314: ...ion detection 207 configuring PTP port role 63 configuring PTP timestamp carry mode 64 configuring SNMP basic parameters 95 configuring SNMP logging 100 configuring SNMP notification 101 configuring SNMPv1 104 configuring SNMPv1 agent notification 101 configuring SNMPv1 basic parameters 96 configuring SNMPv2c 104 configuring SNMPv2c agent notification 101 configuring SNMPv2c basic parameters 96 co...

Page 315: ... performing NMM NETCONF get get bulk operation 250 performing NMM NETCONF get config get bulk config operation 251 performing NMM NETCONF service operations 249 retrieving NMM NETCONF configuration data all modules 252 retrieving NMM NETCONF configuration data Syslog module 254 retrieving NMM NETCONF data entry interface table 255 retrieving NMM NETCONF session information 266 returning to NMM NET...

Page 316: ...oS NMM flow mirroring configuration 194 194 197 NMM flow mirroring match criteria configuration 194 NMM flow mirroring QoS policy application 196 NMM flow mirroring QoS policy application control plane 196 NMM flow mirroring QoS policy application global 196 NMM flow mirroring QoS policy application interface 196 NMM flow mirroring QoS policy application VLAN 196 NMM flow mirroring QoS policy conf...

Page 317: ...roup configuration 1 14 event group 1 10 group 109 history control entry creation 1 12 history group 109 history group configuration 1 15 private alarm group 1 10 private alarm group sample type 1 1 1 protocols and standards 1 1 1 statistics function configuration 1 1 1 role PTP port configuration 63 rolling back NMM NETCONF configuration 257 258 routing NMM IPv6 NTP client server association mode...

Page 318: ...21 NMM NTP broadcast server configuration 16 16 NMM NTP multicast server configuration 17 NMM SNTP configuration 52 52 54 NMM SNTP NTP server specification 52 service NMM NETCONF configuration data retrieval all modules 252 NMM NETCONF configuration data retrieval Syslog module 254 NMM NETCONF configuration load 257 NMM NETCONF configuration rollback 257 NMM NETCONF configuration save 257 NMM NETC...

Page 319: ...iguration restrictions 52 displaying 54 enable 52 NTP server specification 52 SOAP NMM NETCONF message format 241 NMM NETCONF over SOAP enable 243 source NMM port mirroring 172 specifying CWMP ACS HTTPS SSL client policy 228 NMM NTP message source interface 27 NMM PTP BC delay measurement 64 NMM PTP clock node type 62 NMM PTP domain 63 NMM PTP message encapsulating protocol 68 NMM PTP OC delay mea...

Page 320: ...tion center log output console 83 90 NMM information center log output Linux log host 92 92 NMM information center log output log buffer 84 NMM information center log output log host 84 NMM information center log output monitor terminal 83 NMM information center log output UNIX log host 91 NMM information center log save to file 85 NMM information center security log file management 87 NMM informa...

Page 321: ...g NMM information center trace log file 88 Track NMM NQA client Track collaboration 165 NMM NQA client Track collaboration function 135 NMM NQA collaboration 120 traffic mirroring See flow mirroring NMM RMON alarm function configuration 1 16 NMM RMON configuration 109 NMM RMON Ethernet statistics group configuration 1 14 NMM RMON history group configuration 1 15 NMM sFlow agent configuration 200 N...

Page 322: ...tor policy environment system defined event specific 21 1 NMM EAA event monitor policy environment system defined public 21 1 NMM EAA event monitor policy environment user defined 212 NMM EAA event monitor policy environment variable 21 1 view based MIB access control 94 VLAN NMM flow mirroring configuration 194 194 197 NMM flow mirroring QoS policy application 196 NMM Layer 2 remote port mirrorin...