HP 5920 & 5900 Switch Series Network Management and Monitoring Configuration Guide Part number: 5998-5309a Software version: Release 23xx Document version: 6W101-20150320...
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Contents Using ping, tracert, and system debugging ··············································································································· 1 Ping ····················································································································································································· 1 Using a ping command to test network connectivity ···························································································· 1 Ping example ···························································································································································· 1 Tracert ················································································································································································ 3 Prerequisites ······························································································································································ 4 Using a tracert command to identify failed or all nodes in a path ····································································· 4 ...
Page 4
Configuration example for NTP broadcast mode with authentication ····································································· 45 Configuration example for MPLS VPN time synchronization in client/server mode ·············································· 48 Configuration example for MPLS VPN time synchronization in symmetric active/passive mode ························· 49 Configuring SNTP ······················································································································································ 52 ...
Page 5
Default output rules for hidden logs····················································································································· 79 Default output rules for trace logs ························································································································ 79 Log formats ····························································································································································· 79 FIPS compliance ····························································································································································· 82 Information center configuration task list ····················································································································· 82 Outputting logs to the console ······································································································································ 83 ...
Page 7
NQA collaboration configuration example······································································································ 165 ICMP template configuration example ·············································································································· 167 DNS template configuration example ··············································································································· 168 TCP template configuration example ················································································································ 169 HTTP template configuration example ··············································································································· 170 FTP template configuration example ················································································································· 170 ...
Page 8
Configuration procedure ···································································································································· 197 Verifying the configuration ································································································································· 198 Configuring sFlow ··················································································································································· 199 Protocols and standards ·············································································································································· 199 sFlow configuration task list ········································································································································ 199 Configuring the sFlow agent and sFlow collector information ················································································ 200 Configuring flow sampling ··········································································································································...
Page 9
Enabling NAT traversal for the CPE ·················································································································· 228 Specifying an SSL client policy for HTTPS connection to ACS ······································································· 228 Displaying and maintaining CWMP ·························································································································· 229 CWMP configuration example ··································································································································· 229 Network requirements ········································································································································· 229 Configuration procedure ····································································································································...
Page 10
Support and other resources ·································································································································· 279 Contacting HP ······························································································································································ 279 Subscription service ············································································································································ 279 Related information ······················································································································································ 279 Documents ···························································································································································· 279 Websites ······························································································································································· 279 Conventions ·································································································································································· 280 Index ········································································································································································ 282 viii...
Using ping, tracert, and system debugging This chapter covers ping, tracert, and information about debugging the system. Ping Use the ping utility to determine if a specific address is reachable. Ping sends ICMP echo requests (ECHO-REQUEST) to the destination device. Upon receiving the requests, the destination device responds with ICMP echo replies (ECHO-REPLY) to the source device.
Page 12
Figure 1 Network diagram Configuration procedure # Use the ping command on Device A to test connectivity to Device C. Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break 56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms 56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms 56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms 56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=1.963 ms 56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=1.991 ms...
The intermediate device (Device B) adds the IP address of its outbound interface (1.1.2.1) to the RR option of the ICMP echo request, and forwards the packet. Upon receiving the request, the destination device copies the RR option in the request and adds the IP address of its outbound interface (1.1.2.2) to the RR option.
Enable sending of ICMP timeout packets on the intermediate devices (devices between the source • and destination devices). If the intermediate devices are HP devices, execute the ip ttl-expires enable command on the devices. For more information about this command, see Layer 3—IP Services Command Reference.
Page 15
Test the network connectivity between Device A and Device C. If they cannot reach each other, locate the failed nodes in the network. Figure 3 Network diagram 1.1.1.1/24 1.1.1.2/24 1.1.2.1/24 1.1.2.2/24 Device A Device B Device C Configuration procedure Configure the IP addresses for devices as shown in Figure Configure a static route on Device A.
Use the debugging ip icmp command on Device A and Device C to verify that they can send and receive the specific ICMP packets, or use the display ip routing-table command to verify that there is a route from Device A to Device C. System debugging The device supports debugging for the majority of protocols and features and provides debugging information to help users diagnose errors.
Debugging a feature module Output of debugging commands is memory intensive. To guarantee system performance, enable debugging only for modules that are in an exceptional condition. When debugging is complete, use the undo debugging all command to disable all the debugging functions. To debug a feature module: Step Command...
Configuring NTP Synchronize your device with a trusted time source by using the Network Time Protocol (NTP) or changing the system time before you run it on a live network. Various tasks, including network management, charging, auditing, and distributed computing depend on an accurate system time setting, because the timestamps of system messages and logs use the system time.
The synchronization process is as follows: Device A sends Device B an NTP message, which is timestamped when it leaves Device A. The time stamp is 10:00:00 am (T1). When this NTP message arrives at Device B, Device B adds a timestamp showing the time when the message arrived at Device B.
To ensure time accuracy and availability, you can specify multiple NTP servers for a device. The device selects an optimal NTP server as the clock source based on parameters such as stratum. The clock that the device selects is called the reference source. For more information about clock selection, see the related protocols and standards.
Page 21
Mode Working process Principle Application scenario On the symmetric active peer, specify the IP address of the symmetric passive peer. A symmetric active peer Figure 6 shows, this periodically sends clock mode is most often used A symmetric active peer synchronization messages to a between two or more and a symmetric passive...
NTP security To improve time synchronization security, NTP provides the access control and authentication functions. NTP access control You can control NTP access by using an ACL. The access rights are in the following order, from least restrictive to most restrictive: Peer—Allows time requests and NTP control queries (such as alarms, authentication status, and time •...
in the NTP message. If they are the same, the receiver accepts the message. Otherwise, it discards the message. NTP for MPLS VPNs The device supports multiple VPN instances when it functions as an NTP client or a symmetric active peer to realize time synchronization with the NTP server or symmetric passive peer in an MPLS VPN network.
The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN • interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). Configuration task list Tasks at a glance (Required.)
Step Command Remarks Enter system view. system-view • Specify an NTP server for the device: ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number | version Specify an NTP server for the By default, no NTP server is number ] * device.
Step Command Remarks By default, the device does not operate in broadcast server mode. Configure the device to ntp-service broadcast-server After you execute the command, operate in NTP broadcast [ authentication-keyid keyid | the device receives NTP broadcast server mode. version number ] * messages from the specified interface.
Step Command Remarks • Configure the device to operate in multicast server mode: ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | By default, the device does not ttl ttl-number | version number ] operate in multicast server mode. Configure the device to After you execute the command, operate in multicast server •...
Page 29
Set the key as a trusted key on both client and server. • • Associate the key with the NTP server on the client. The key IDs and key values configured on the server and client must be the same. Otherwise, NTP authentication fails.
Table 2 NTP authentication results Client Server Configure Configure a a key and Authentication Associate the key and Enable NTP configure Enable NTP result key with an NTP configure it authentication it as a authentication server as a trusted trusted Succeeded.
Page 31
Step Command Remarks Enter system view. system-view By default, NTP authentication is Enable NTP authentication. ntp-service authentication enable disabled. ntp-service authentication-keyid Configure an NTP By default, no NTP authentication keyid authentication-mode md5 authentication key. key is configured. { cipher | simple } value Configure the key as a trusted ntp-service reliable By default, no authentication key is...
Page 32
Table 3 NTP authentication results Active peer Passive peer Configure Associate a key and Configure a the key Authentication result Enable NTP configure Enable NTP key and with a authentication it as a authentication configure it as passive trusted a trusted key peer Stratum level of the active and passive peers is not considered.
Configuring NTP authentication in broadcast mode When you configure NTP authentication in broadcast mode: • Enable NTP authentication. Configure an authentication key. • Set the key as a trusted key on both the broadcast client and server. • Configure an NTP authentication key on the broadcast server. •...
Table 4 NTP authentication results Broadcast server Broadcast client Configure a Enable Associate Configure a key and Authentication result the key with Enable NTP key and configure it authentic a broadcast authentication configure it as as a trusted ation server a trusted key Succeeded.
Page 35
Step Command Remarks Enter system view. system-view By default, NTP authentication is Enable NTP authentication. ntp-service authentication enable disabled. ntp-service authentication-keyid Configure an NTP By default, no NTP authentication keyid authentication-mode md5 authentication key. key is configured. { cipher | simple } value Configure the key as a trusted ntp-service reliable By default, no authentication key is...
Page 36
Table 5 NTP authentication results Multicast server Multicast client Configur e a key Configure a Authentication Associate the key and Enable NTP Enable NTP result configure key with a configure it authentication authentication it as a multicast server as a trusted trusted Succeeded.
Configuring NTP optional parameters The configuration tasks in this section are optional tasks. Configure them to improve NTP security, performance, or reliability. Specifying the source interface for NTP messages To prevent interface status changes from causing NTP communication failures, configure the device to use the IP address of an interface that is always up, for example, a loopback interface, as the source IP address for the NTP messages to be sent.
Step Command Remarks • For IPv4: ntp-service inbound disable Disable the interface from By default, an interface processes • For IPv6: processing NTP messages. NTP messages. ntp-service ipv6 inbound disable Configuring the maximum number of dynamic associations NTP has the following types of associations: Static association—A manually created association.
Step Command Remarks • IPv4 packets: The defaults for a DSCP value: ntp-service dscp dscp-value Set a DSCP value for NTP • • 48 for IPv4 NTP packets. IPv6 packets: packets. ntp-service ipv6 dscp • 56 for IPv6 NTP packets. dscp-value Configuring the local clock as a reference source Follow these guidelines when you configure the local clock as a reference source:...
Page 40
Figure 9 Network diagram Configuration procedure Set the IP address for each interface as shown in Figure 9. (Details not shown.) Configure Device A: # Enable the NTP service. <DeviceA> system-view [DeviceA] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2. [DeviceA] ntp-service refclock-master 2 Configure Device B: # Enable the NTP service.
IPv6 NTP client/server mode configuration example Network requirements As shown in Figure 10, the local clock of Device A is to be used as a reference source, with the stratum level 2. Device B operates in client mode and Device A is to be used as the IPv6 NTP server for Device Figure 10 Network diagram Configuration procedure Set the IP address for each interface as shown in...
The output shows that Device B has been synchronized to Device A, the clock stratum level of Device B is 3, and that of Device A is 2. # Display IPv6 NTP association information for Device B. [DeviceB] display ntp-service ipv6 sessions Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.
Page 43
# Enable the NTP service. <DeviceA> system-view [DeviceA] ntp-service enable # Specify the local clock as the reference source, with the stratum level 3. [DeviceA] ntp-service refclock-master 3 Configure Device B: # Enable the NTP service. [DeviceB] ntp-service enable # Specify Device A as the NTP server of Device B. [DeviceB] ntp-service unicast-server 3.0.1.31 Configure Device C: # Enable the NTP service.
IPv6 NTP symmetric active/passive mode configuration example Network requirements As shown in Figure 12, Device C has a clock more accurate than Device A. Set the local clock of Device A as a reference source, with the stratum level 3. •...
Page 45
<DeviceC> system-view [DeviceC] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2. [DeviceC] ntp-service refclock-master 2 # Configure Device B as an IPv6 symmetric passive peer. [DeviceC] ntp-service ipv6 unicast-peer 3000::35 Verify the configuration: # After the configuration, Device B has two time servers Device A and Device C.
NTP broadcast mode configuration example Network requirements As shown in Figure 13, Switch C functions as the NTP server for multiple devices on a network segment and synchronizes the time among multiple devices. Switch C's local clock is to be used as a reference source, with the stratum level 2. •...
[SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ntp-service broadcast-client Configure Switch B: # Enable the NTP service. <SwitchB> system-view [SwitchB] ntp-service enable # Configure Switch B to operate in broadcast client mode and receive broadcast messages on VLAN-interface 2. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ntp-service broadcast-client Verify the configuration: # Switch A and Switch B get synchronized upon receiving a broadcast message from Switch C.
Page 48
Switch A and Switch D operate in multicast client mode and receive multicast messages through • VLAN-interface 3 and VLAN-interface 2, respectively. Figure 14 Network diagram Vlan-int2 3.0.1.31/24 Switch C NTP multicast server Vlan-int3 Vlan-int3 Vlan-int2 1.0.1.11/24 1.0.1.10/24 3.0.1.30/24 Switch A Switch B NTP multicast client Vlan-int2...
Page 49
Local mode: bclient Reference clock ID: 3.0.1.31 Leap indicator: 00 Clock jitter: 0.044281 s Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.00229 ms Root dispersion: 4.12572 ms Reference time: d0d289fe.ec43c720 Sat, Jan 8 2011 7:00:14.922 The output shows that Switch D has been synchronized to Switch C, the clock stratum level of Switch D is 3, and that of Switch C is 2.
[SwitchA-Vlan-interface3] ntp-service multicast-client Verify the configuration: # Display the NTP status of Switch A after clock synchronization. [SwitchA-Vlan-interface3] display ntp-service status Clock status: synchronized Clock stratum: 3 System peer: 3.0.1.31 Local mode: bclient Reference clock ID: 3.0.1.31 Leap indicator: 00 Clock jitter: 0.165741 s Stability: 0.000 pps Clock precision: 2^-10...
Page 51
Figure 15 Network diagram Configuration procedure Set the IP address for each interface as shown in Figure 15. (Details not shown.) Configure Switch C: # Enable the NTP service. <SwitchC> system-view [SwitchC] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2. [SwitchC] ntp-service refclock-master 2 # Configure Switch C to operate in IPv6 multicast server mode and send multicast messages through VLAN-interface 2.
Page 52
Leap indicator: 00 Clock jitter: 0.000977 s Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.00000 ms Root dispersion: 8.00578 ms Reference time: d0c60680.9754fb17 Wed, Dec 29 2010 19:12:00.591 The output shows that Switch D has been synchronized to Switch C, the clock stratum level of Switch D is 3, and that of Switch C is 2.
# Configure Switch A to operate in IPv6 multicast client mode and receive IPv6 multicast messages on VLAN-interface 3. [SwitchA] interface vlan-interface 3 [SwitchA-Vlan-interface3] ntp-service ipv6 multicast-client ff24::1 Verify the configuration: # Display the NTP status of Switch A after clock synchronization. [SwitchA-Vlan-interface3] display ntp-service status Clock status: synchronized Clock stratum: 3...
Page 54
Figure 16 Network diagram Configuration procedure Set the IP address for each interface as shown in Figure 16. (Details not shown.) Configure Device A: # Enable the NTP service. <DeviceA> system-view [DeviceA] ntp-service enable # Specify the local clock as the reference source, with the stratum level 2. [DeviceA] ntp-service refclock-master 2 Configure Device B: # Enable the NTP service.
Reference clock ID: 1.0.1.11 Leap indicator: 00 Clock jitter: 0.005096 s Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.00655 ms Root dispersion: 1.15869 ms Reference time: d0c62687.ab1bba7d Wed, Dec 29 2010 21:28:39.668 The output shows that Device B has been synchronized to Device A, the clock stratum level of Device B is 3, and that of Device A is 2.
Page 56
Figure 17 Network diagram Vlan-int2 3.0.1.31/24 Switch C NTP broadcast server Vlan-int2 3.0.1.30/24 Switch A NTP broadcast client Vlan-int2 3.0.1.32/24 Switch B NTP broadcast client Configuration procedure Set the IP address for each interface as shown in Figure 17. (Details not shown.) Configure Switch A: # Enable the NTP service.
Page 57
<SwitchC> system-view [SwitchC] ntp-service enable # Specify the local clock as the reference source, with the stratum level 3. [SwitchC] ntp-service refclock-master 3 # Configure Switch C to operate in NTP broadcast server mode and use VLAN-interface 2 to send NTP broadcast packets.
source reference stra reach poll now offset delay disper ******************************************************************************** [1245]3.0.1.31 127.127.1.0 -0.0 0.0000 Notes: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured. Total sessions : 1 The output shows that an association has been set up between Switch B and Switch C. Configuration example for MPLS VPN time synchronization in client/server mode Network requirements...
# Specify the local clock as the reference source, with the stratum level 2. [CE1] ntp-service refclock-master 2 Configure PE 2: # Enable the NTP service. <PE2> system-view [PE2] ntp-service enable # Specify CE 1 in VPN 1 as the NTP server of PE 2. [PE2] ntp-service unicast-server 10.1.1.1 vpn-instance vpn1 Verify the configuration: # Display the IPv4 NTP association information and status on PE 2 a certain period of time later.
Page 60
Configure CE 1's local clock as a reference source, with the stratum level 2. • • Configure CE 1 to operate in symmetric active mode. Specify VPN 1 as the target VPN. • Figure 19 Network diagram Configuration procedure Set the IP address for each interface as shown in Figure 19.
Configuring SNTP SNTP is a simplified, client-only version of NTP specified in RFC 4330. SNTP supports only the client/server mode. An SNTP-enabled device can receive time from NTP servers, but cannot provide time services to other devices. SNTP uses the same packet format and packet exchange procedure as NTP, but provides faster synchronization at the price of time accuracy.
Step Command Remarks • For IPv4: sntp unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] By default, no NTP server is [ authentication-keyid keyid | specified for the device. source interface-type interface-number | version Repeat this step to specify multiple Specify an NTP server for the number ] * NTP servers.
Step Command Remarks • For IPv4: sntp unicast-server { ip-address | server-name } [ vpn-instance vpn-instance-name ] authentication-keyid keyid Associate the SNTP By default, no NTP server is authentication key with the • For IPv6: specified. specific NTP server. sntp ipv6 unicast-server { ipv6-address | server-name } [ vpn-instance vpn-instance-name ]...
Page 65
# Enable NTP authentication on Device A. [DeviceA] ntp-service authentication enable # Configure an NTP authentication key, with the key ID of 10 and key value of aNiceKey. Input the key in plain text. [DeviceA] ntp-service authentication-keyid 10 authentication-mode md5 simple aNiceKey # Specify the key as a trusted key.
Configuring PTP Overview Network clock synchronization keeps the offset of time and frequency within a rational range among all the devices in a network. It involves two concepts: • Phase synchronization (time synchronization)—Keeps frequency and phase consistency of signals. Frequency synchronization (clock synchronization)—Keeps a specific relationship between signals •...
Page 67
PTP domain A PTP domain refers to a network enabled with PTP. A PTP domain has only one synchronization clock. All devices in the domain synchronize time with the clock. Clock node and PTP port A node in a PTP domain is a clock node. A port enabled with PTP is a PTP port. PTP defines the following three types of basic clock nodes: Ordinary Clock (OC)—A PTP clock with a single PTP port in a PTP domain for time synchronization.
Besides the three basic types of clock nodes, PTP introduces some hybrid clock nodes. For example, a TC+OC has multiple PTP ports in a PTP domain: one port is the OC type, and the others are the TC type. A TC+OC forwards PTP messages through TC-type ports and performs delay corrections. In addition, it synchronizes time through its OC-type port.
Page 69
PTP defines two transmission delay measurement mechanisms: Request_Response and Peer Delay. The basis of the two mechanisms is that the transmission delay from the master clock to the member clock is the same as that from the member clock to the master clock. Request_Response Figure 23 Operation procedure of the Request_Response mechanism Master clock...
Page 70
Peer Delay Figure 24 Operation procedure of the Peer Delay mechanism Master clock Member clock Timestamps known by member clock t1, t2 t1, t2, t3 t1, t2, t3, t4, t6 t1, t2, t3, t4, t5, t6 The Peer Delay mechanism uses Pdelay messages to calculate link delay, which applies to only point-to-point delay measurement.
In two-step mode, t1 is carried in the Follow_Up message, and t4 and t5 are carried in the • Pdelay_Resp and Pdelay_Resp_Follow_Up messages. Protocols and standards IEEE 1588-2008, IEEE Standard for a Precision Clock Synchronization Protocol for Networked • Measurement and Control Systems IEEE P802.1AS, Timing and Synchronization for Time-Sensitive Applications in Bridged Local Area •...
Tasks at a glance The PTP standard is IEEE 802.1AS (802.1AS): (Required.) Specifying the clock node type (Optional.) Specifying a PTP domain (Optional.) Configuring an OC to operate as only a member clock (Optional.) Configuring the role of a PTP port (Optional.) Configuring the port type for a TC+OC (Optional.)
Step Command Remarks Enter system view. system-view Specify the clock node type ptp mode { bc | e2etc | e2etc-oc | By default, no clock node type is for the device. oc | p2ptc | p2ptc-oc } specified. Specifying a PTP domain Within a PTP domain, all devices follow the same rules to communicate with each other.
To configure the PTP port role on an OC, BC, E2ETC+OC, or P2PTC+OC: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view or Layer 3 interface-number Ethernet interface view. By default, the PTP port role is Configure the role of the PTP ptp force-state { master | passive | automatically specified through...
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view or Layer 3 interface-number Ethernet interface view. By default, the delay measurement Specify a delay measurement ptp delay-mechanism { e2e | p2p } mechanism depends on the PTP mechanism for a BC or OC.
Specifying the number of announcement intervals before the receiving node stops receiving announce messages A master node periodically sends announce messages to the member nodes. If a member node does not receive any announce message from the master node within the specified interval, it considers the master node invalid.
Step Command Remarks By default: • The interval is 2 seconds if the Configure the interval for PTP standard is IEEE 1588 ptp syn-interval value sending Sync messages. Version 2. • The interval is 2 seconds if the PTP standard is IEEE 802.1AS. Configuring the minimum interval for sending Delay_Req messages Step...
Specifying the protocol for encapsulating PTP messages as UDP (IPv4) PTP messages can be encapsulated in IEEE 802.3/Ethernet packets or UDP packets. To configure the protocol for encapsulating PTP messages as UDP (IPv4): Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view or Layer 3...
Configuring the cumulative offset between the UTC and TAI The time displayed on a device is based on the Coordinated Universal Time (UTC). There is an offset between UTC and TAI (International Atomic Time in English), which is made public periodically. This task allows you to adjust the offset between the UTC and TAI on the device.
Step Command Remarks Optional. Configure priority 2 of the ptp priority clock-source { bits1 | clock. bits2 | local } priority2 pri2-value The default is 128. Optional. Configure the attribute value ptp clock-source { bits1 | bits2 } of the Bits clock. time-source ts-value The default is 160.
Displaying and maintaining PTP Execute display commands in any view and the reset command in user view. Task Command Display PTP clock information. display ptp clock Display the delay correction history. display ptp corrections display ptp foreign-masters-record [ interface Display information about foreign master nodes. interface-type interface-number ] display ptp interface [ interface-type interface-number Display PTP information on an interface.
Page 82
# On Ten-GigabitEthernet 1/0/1, specify the delay measurement mechanism as p2p, and enable PTP. [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] ptp delay-mechanism p2p [DeviceA-Ten-GigabitEthernet1/0/1] ptp enable [DeviceA-Ten-GigabitEthernet1/0/1] quit Configure Device B: # Specify the PTP standard as IEEE 1588 Version 2. <DeviceB>...
Clock quality : Class : 248 Accuracy : 254 Offset (log variance) : 65535 Offset from master : 0 (ns) Mean path delay : 0 (ns) Steps removed Local clock time : Sun Jan 15 20:57:29 2011 # Display brief PTP statistics on Device A. [DeviceA] display ptp interface brief Name State...
Page 84
Figure 26 Network diagram P2PTC XGE1/0/1 XGE1/0/1 XGE1/0/2 XGE1/0/1 Device A Device B Device C PTP domain Configuration procedure Configure Device A: # Specify the PTP standard as IEEE 802.1AS. <DeviceA> system-view [DeviceA] ptp profile 802.1AS # Specify the clock node type as OC. [DeviceA] ptp mode oc # Enable PTP on Ten-GigabitEthernet 1/0/1.
Page 85
When the network is stable, display PTP clock information by using the display ptp clock command, and display brief PTP statistics on an interface by using the display ptp interface brief command. # Display PTP clock information on Device A. [DeviceA] display ptp clock PTP profile : IEEE 802.1AS...
Configuring the information center The information center on a device classifies and manages logs for all modules so that network administrators can monitor network performance and troubleshoot network problems. Overview The information center receives logs generated by source modules and outputs logs to different destinations according to user-defined output rules.
Severity Level Description value Action must be taken immediately. For example, traffic on an interface exceeds Alert the upper limit. Critical condition. For example, the device temperature exceeds the upper limit, Critical the power module fails, or the fan tray fails. Error Error condition.
Table 8 Default output rule for diagnostic logs Destination Log source modules Output switch Severity Diagnostic log file All supported modules Enabled Debug Default output rules for security logs Security logs can only be output to the security log file, and cannot be filtered by source modules and severity levels.
Page 90
Table 12 Log formats Output destination Format Example %Nov 24 14:21:43:502 2010 HP Console, monitor SYSLOG/6/SYSLOG_RESTART: Prefix Timestamp Sysname terminal, log buffer, or System restarted –- Module/Level/Mnemonic: Content log file HP Comware Software. • HP format: <190>Nov 24 16:22:21 2010 HP %%10SYSLOG/6/SYSLOG_RE •...
Page 91
IP address) You can use the sysname command to modify the name of the device. Indicates that the information was generated by an HP device. %% (vendor ID) This field exists only in logs sent to the log host.
Timestamp Description Example parameters <189>2003-05-30T06:42:44 Sysname %%10FTPD/5/FTPD_LOGIN(l): Timestamp format stipulated in ISO 8601. User ftp (192.168.1.23) has logged in Only logs that are sent to a log host support successfully. this parameter. 2003-05-30T06:42:44 is a timestamp in the iso format. % Sysname FTPD/5/FTPD_LOGIN: User No timestamp is included.
Outputting logs to the console Step Command Remarks Enter system view. system-view By default, the information center is Enable the information center. info-center enable enabled. info-center source { module-name | For information about default Configure an output rule for default } { console | monitor | output rules, see "Default output the console.
Step Command Remarks (Optional.) Set the maximum info-center logbuffer size By default, the log buffer can store number of logs that can be buffersize 512 logs. stored in the log buffer. info-center source { module-name | For information about default Configure an output rule for default } { console | monitor | output rules, see...
Step Command Remarks • Method 1: Configure the interval to perform the save Use either method. operation: info-center logfile frequency The default saving interval is Save the logs in the log file freq-sec 86400 seconds. buffer to the log file. •...
Step Command Remarks By default, the alarm threshold of (Optional.) Set the alarm the security log file usage is 80. info-center security-logfile threshold of the security log When the usage of the security log alarm-threshold usage file usage. file reaches 80%, the system will inform the user.
Step Command Remarks By default, the maximum size is 10 (Optional.) Configure the info-center diagnostic-logfile quota maximum size of the To ensure normal operation, set the size diagnostic log file. size argument to a value between 1 MB and 10 MB. The default directory is flash:/diagfile.
Step Command Remarks Enable synchronous By default, synchronous info-center synchronous information output. information output is disabled. Enabling duplicate log suppression The output of consecutive duplicate logs at an interval of less than 30 seconds wastes system and network resources. With this feature enabled, the system starts a suppression period upon outputting a log: During the suppression period, the system does not output logs that have the same module name, •...
Step Command Remarks Disable the interface from By default, all interfaces generate generating link up or link undo enable log updown link up and link down logs when down logs. the interface state changes. Displaying and maintaining information center Execute display commands in any view and reset commands in user view. Task Command Display the information of each output destination.
<Sysname> terminal logging level 6 <Sysname> terminal monitor Current terminal monitor is on. Now, if the FTP module generates logs, the information center automatically sends the logs to the console, and the console displays the logs. Configuration example for outputting logs to a UNIX log host Network requirements Configure the device to output to the UNIX log host FTP logs that have a severity level of at least...
# Device configuration messages local4.info /var/log/Device/info.log In this configuration, local4 is the name of the logging facility that the log host uses to receive logs. info is the informational level. The UNIX system records the log information that has a severity level of at least informational to the file /var/log/Device/info.log.
Page 103
[Sysname] info-center source default loghost deny To avoid outputting unnecessary information, disable all modules from outputting log information to the specified destination (loghost in this example) before you configure an output rule. # Configure an output rule to enable output to the log host FTP logs that have a severity level of at least informational.
Configuring SNMP This chapter provides an overview of the Simple Network Management Protocol (SNMP) and guides you through the configuration procedure. Overview SNMP is an Internet standard protocol widely used for a management station to access and operate the devices on a network, regardless of their vendors, physical characteristics, and interconnect technologies.
Figure 32 MIB tree A MIB view represents a set of MIB objects (or MIB object hierarchies) with certain access privileges and is identified by a view name. The MIB objects included in the MIB view are accessible while those excluded from the MIB view are inaccessible.
Configuring SNMPv1 or SNMPv2c basic parameters SNMPv1 and SNMPv2c settings are supported only in non-FIPS mode. To configure SNMPv1 or SNMPv2c basic parameters: Step Command Remarks Enter system view. system-view By default, the SNMP agent is disabled. The SNMP agent is enabled when (Optional.) Enable the snmp-agent you perform any command that...
Step Command Remarks • (Method 1) Create an SNMP community: snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view Use either method. view-name ] [ acl acl-number | acl By default, no SNMP group or ipv6 ipv6-acl-number ] * SNMP community exists.
Page 108
Table 16 Basic security setting requirements for different security models Security model Security key settings Security model Remarks keyword for the group for the user If the authentication key or Authentication with Authentication key, the privacy key is not privacy privacy privacy key configured, SNMP...
Page 109
Step Command Remarks By default, no remote engine ID is snmp-agent remote { ip-address | configured. (Optional.) Configure a remote ipv6 ipv6-address } [ vpn-instance To send informs to an SNMPv3 engine ID. vpn-instance-name ] engineid NMS, you must configure the engineid SNMP engine ID of the NMS.
Step Command Remarks (Optional.) Enable SNMP snmp-agent log { all | By default, SNMP logging is logging. get-operation | set-operation } disabled. (Optional.) Enable SNMP By default, SNMP notification snmp-agent trap log notification logging. logging is disabled. Configuring SNMP notifications The SNMP Agent sends notifications (traps and informs) to inform the NMS of significant events, such as link state changes and user logins or logouts.
Page 112
Configuration guidelines When network congestion occurs or the destination is not reachable, the SNMP agent buffers notifications in a queue. You can configure the queue size and the notification lifetime (the maximum time that a notification can stay in the queue). A notification is deleted when its lifetime expires. When the notification queue is full, the oldest notifications are automatically deleted.
Step Command Remarks By default, the SNMP agent sends a periodical trap every 60 (Optional.) Configure seconds. snmp-agent trap periodical-interval the interval for sending interval-time This configuration is available in periodical traps. Release 2311P04 and later versions. Displaying the SNMP settings Execute display commands in any view.
Page 115
Network requirements As shown in Figure 33, the NMS (1.1.1.2/24) uses SNMPv1 to manage the SNMP agent (1.1.1.1/24), and the agent automatically sends notifications to report events to the NMS. Figure 33 Network diagram Configuration procedure Configure the SNMP agent: # Configure the IP address of the agent and make sure the agent and the NMS can reach each other.
1: Oid=ifMtu.135471 Syntax=INT Value=1500 Get finished # Use a wrong community name to get the value of a MIB node on the agent. You can see an authentication failure trap on the NMS. 1.1.1.1/2934 V1 Trap = authenticationFailure SNMP Version = V1 Community = public Command = Trap Enterprise = 1.3.6.1.4.1.43.1.16.4.3.50...
Page 117
[Agent] snmp-agent sys-info location telephone-closet,3rd-floor # Enable notifications, specify the NMS at 1.1.1.2 as a trap destination, and set the username to managev3user for the traps. [Agent] snmp-agent trap enable [Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname managev3user v3 privacy Configure the SNMP NMS: Specify SNMPv3.
Page 118
Community = managev3user Command = Trap...
For more information about SNMP notifications, see "Configuring SNMP." HP devices provide an embedded RMON agent as the RMON monitor. An NMS can perform basic SNMP operations to access the RMON MIB. RMON groups Among standard RMON groups, HP implements the statistics group, history group, event group, alarm group, probe configuration group, and user history group.
The history table stores traffic statistics collected for each sampling interval. Event group The event group controls the generation and notifications of events triggered by the alarms defined in the alarm group and the private alarm group. The following are RMON alarm event handling methods: Log—Logs event information (including event time and description) in the event log table so the •...
Compares the calculation result with the predefined thresholds, and then takes one of the following actions: Triggers the event associated with the rising alarm event if the result is equal to or greater than the rising threshold. Triggers the event associated with the falling alarm event if the result is equal to or less than the falling threshold.
Step Command Remarks By default, the RMON statistics table does not contain entries. Create an entry for You can create one statistics entry for the interface in the rmon statistics entry-number [ owner each Ethernet interface, and a maximum RMON statistics text ] of 100 statistics entries on the device.
History group configuration example Network requirements Create an RMON history control entry on the device in Figure 37 to sample traffic statistics for Ten-GigabitEthernet 1/0/1 every minute. Figure 37 Network diagram Configuration procedure # Create an RMON history control entry to sample traffic statistics every minute for Ten-GigabitEthernet 1/0/1.
Figure 38 Network diagram Configuration procedure # Configure the SNMP agent (the device) with the same SNMP settings as the NMS at 1.1.1.2. This example uses SNMPv1, read community public, and write community private. <Sysname> system-view [Sysname] snmp-agent [Sysname] snmp-agent community read public [Sysname] snmp-agent community write private [Sysname] snmp-agent sys-info version v1 [Sysname] snmp-agent trap enable...
Configuring NQA Overview Network quality analyzer (NQA) allows you to measure network performance, verify the service levels for IP services and applications, and troubleshoot network problems. It provides the following types of operations: • ICMP echo DHCP • • • HTTP •...
A UDP jitter or a voice operation sends a specific number of probe packets. The number of probe • packets is configurable with the probe packet-number command. An FTP operation uploads or downloads a file. • An HTTP operation gets a Web page. •...
Table 18 describes the relationships between performance metrics and NQA operation types. Table 18 Performance metrics and NQA operation types Performance metric NQA operation types that can gather the metric All NQA operation types excluding UDP jitter, path Probe duration jitter, and voice All NQA operation types excluding UDP jitter, path Number of probe failures...
Step Command Remarks Enter system view. system-view By default, the NQA server Enable the NQA server. nqa server enable is disabled. • TCP listening service: nqa server tcp-connect ip-address You can specify the ToS port-number [ tos tos ] [ vpn-instance value in the IP packet vpn-instance-name ] Configure a TCP or UDP...
Tasks at a glance (Optional.) Configuring the saving of NQA history records Configuring the ICMP echo operation The ICMP echo operation measures the reachability of a destination device. It has the same function as the ping command, but provides more output information. In addition, if multiple paths exist between the source and destination devices, you can specify the next hop for the ICMP echo operation.
Configuring the DHCP operation The DHCP operation measures whether or not the DHCP server can respond to client requests. DHCP also measures the amount of time it takes for the NQA client to obtain an IP address from a DHCP server. The NQA client simulates the DHCP relay agent to forward DHCP requests for IP address acquisition from the DHCP server.
Step Command Remarks Create an NQA operation By default, no NQA operation is and enter NQA operation nqa entry admin-name operation-tag created. view. Specify the DNS type and type dns enter its view. Specify the IP address of the By default, no destination IP DNS server as the destination destination ip ip-address address is specified.
Step Command Remarks By default, the FTP operation type is get, Specify the FTP operation operation { get | put } which means obtaining files from the FTP type. server. Specify an FTP login By default, no FTP login username is username username username.
Step Command Remarks Every time you enter the raw request view, (Optional.) Enter raw request raw-request the previously configured content of the view. HTTP request is removed. (Optional.) Specify the By default, no contents are specified. content of a GET request for Enter or paste the content.
Step Command Remarks By default, no destination port number is specified. Specify the destination port of destination port port-number The destination port must be the UDP packets. same as that of the listening service on the NQA server. (Optional.) Specify the source By default, no source port number source port port-number port number of UDP packets.
Step Command Remarks Specify the SNMP type and type snmp enter its view. Specify the destination By default, no destination IP address is destination ip ip-address address of SNMP packets. specified. (Optional.) Specify the source By default, no source port number is source port port-number port of SNMP packets.
Configuring the UDP echo operation The UDP echo operation measures the round-trip time between the client and a specific UDP port on the NQA server. The UDP echo operation requires both the NQA server and the NQA client. Before you perform a UDP echo operation, configure a UDP listening service on the NQA server.
Configuring the voice operation CAUTION: To ensure successful voice operations and avoid affecting existing services, do not perform the operations on well-known ports from 1 to 1023. The voice operation measures VoIP network performance. The voice operation works as follows: The NQA client sends voice packets of G.711 A-law, G.711 μ-law or G.729 A-law codec type at a specific interval to the destination device (NQA server).
Step Command Remarks By default, no destination port number is configured. Specify the destination port of destination port port-number The destination port must be the same voice packets. as that of the listening service on the NQA server. codec-type { g711a | g711u | By default, the codec type is G.711 Specify the codec type.
Before you configure the path jitter operation, perform the following configurations: Enable sending ICMP time-exceeded packets on the intermediate devices between the source and • the destination devices. If the intermediate devices are HP devices, use the ip ttl-expires enable command. •...
Step Command Remarks By default, no source IP address is specified. Specify the source IP address of source ip ip-address The source IP address must be the IP ICMP echo request. address of a local interface and the interface must be up. Specify the number of ICMP probe packet-number echo requests to be sent in a...
Step Command Remarks For a voice or path jitter operation, the default setting is 60000 milliseconds. For other operations, the default setting is 0 (Optional.) Specify the milliseconds. Only one operation is interval at which the NQA frequency interval performed. operation repeats.
Step Command Remarks type { dhcp | dlsw | dns | ftp | The collaboration function is not Specify an NQA operation http | icmp-echo | snmp | tcp | available for the path jitter, UDP type and enter its view. udp-echo } jitter, and voice operations.
Page 147
If the action to be triggered is configured as trap-only for a reaction entry, when the state of the entry changes, a trap message is generated and sent to the NMS. Configuration procedure Before you configure threshold monitoring, configure the destination address of the trap messages by using the snmp-agent target-host command.
Page 148
Step Command Remarks • Monitor the operation duration (not supported in the UDP jitter and voice operations): reaction item-number checked-element late probe-duration threshold-type { accumu accumulate-occurrences | average | consecutive consecutive-occurrences } threshold-value upper-threshold action-type lower-threshold [ { none | trap-only } ] •...
Configuring the NQA statistics collection function NQA collects statistics for operations completed within a specific period. The statistics forms a statistics group. A statistics group is generated after an operation is completed. To view information about the statistics groups, use the display nqa statistics command. A statistics group is deleted when its hold time expires.
Step Command Remarks Create an NQA By default, no NQA operation operation and enter nqa entry admin-name operation-tag is created. NQA operation view. The UDP jitter, path jitter, and Enter NQA operation type { dhcp | dlsw | dns | ftp | http | voice operations do not support type view.
Some operation parameters for an NQA template can be specified by the template configuration or the feature that uses the template. When both are specified, the parameters in the template configuration take effect. Configuring the ICMP template A feature that uses the ICMP template creates and starts the ICMP operation to measure the reachability of a destination device.
In DNS template view, you can specify the address expected to be returned. If the returned IP addresses include the expected address, the DNS server is valid and the operation succeeds. Otherwise, the operation fails. Create a mapping between the domain name and an address before you perform the DNS operation. For information about configuring the DNS server, see Layer 3—IP Services Configuration Guide.
In TCP template view, you can specify the expected data to be returned. If you do not specify the expected data, the TCP operation only tests whether the client can establish a TCP connection to the server. The TCP operation requires both the NQA server and the NQA client. Before you perform a TCP operation, configure a TCP listening service on the NQA server.
Page 154
length, and it does not include the header length. An HTTP packet with this field indicates that the packet data does not include the multipart type and the packet body is a data type. The status code of the HTTP packet is a three-digit field in decimal notation, and it includes the status information for the HTTP server.
Step Command Remarks (Optional.) Configure the expect data expression By default, no expected data is expected data. [ offset number ] configured. Configuring the FTP template A feature that uses the FTP template creates and starts the FTP operation to measure the time the NQA client uses to transfer a file to or download a file from an FTP server.
Step Command Remarks Enter system view. system-view Create an NQA template nqa template { dns | ftp | http and enter its view. | icmp | tcp } name Configure a description. description text By default, no description is configured. The default setting is 5000 milliseconds.
NQA configuration examples ICMP echo operation configuration example Network requirements As shown in Figure 41, configure and schedule an ICMP echo operation from the NQA client Device A to Device B through Device C to test the round-trip time. Figure 41 Network diagram Configuration procedure # Assign each interface an IP address.
# Enable saving history records and configure the maximum number of history records that can be saved as 10. [DeviceA-nqa-admin-test1-icmp-echo] history-record enable [DeviceA-nqa-admin-test1-icmp-echo] history-record number 10 [DeviceA-nqa-admin-test1-icmp-echo] quit # Start the ICMP echo operation. [DeviceA] nqa schedule admin test1 start-time now lifetime forever # After the ICMP echo operation runs for a period of time, stop the operation.
Figure 42 Network diagram Configuration procedure # Create a DHCP operation to be performed to the destination IP address 10.1.1.2. <SwitchA> system-view [SwitchA] nqa entry admin test1 [SwitchA-nqa-admin-test1] type dhcp [SwitchA-nqa-admin-test1-dhcp] destination ip 10.1.1.2 # Enable the saving of history records. [SwitchA-nqa-admin-test1-dhcp] history-record enable [SwitchA-nqa-admin-test1-dhcp] quit # Start the DHCP operation.
Page 160
Figure 43 Network diagram Configuration procedure # Assign each interface an IP address. (Details not shown.) # Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) # Create a DNS operation. <DeviceA>...
FTP operation configuration example Network requirements As shown in Figure 44, configure an FTP operation to test the time required for Device A to upload a file to the FTP server. The login username is admin, the login password is systemtest, and the file to be transferred to the FTP server is config.txt.
Min/Max/Average round trip time: 173/173/173 Square-Sum of round trip time: 29929 Last succeeded probe time: 2011-11-22 10:07:28.6 Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to internal error: 0 Failures due to other errors: 0 # Display the history records of the FTP operation.
# Enable the saving of history records. [DeviceA-nqa-admin-test1-http] history-record enable [DeviceA-nqa-admin-test1-http] quit # Start the HTTP operation. [DeviceA] nqa schedule admin test1 start-time now lifetime forever # After the HTTP operation runs for a period of time, stop the operation. [DeviceA] undo nqa schedule admin test1 # Display the most recent results of the HTTP operation.
Page 164
# Enable the NQA server and configure a listening service to listen on the IP address 10.2.2.2 and UDP port 9000. <DeviceB> system-view [DeviceB] nqa server enable [DeviceB] nqa server udp-echo 10.2.2.2 9000 Configure Device A: # Create a UDP jitter operation. <DeviceA>...
Page 165
Negative SD square-sum: 460 Negative DS square-sum: 754 One way results: Max SD delay: 15 Max DS delay: 16 Min SD delay: 7 Min DS delay: 7 Number of SD delay: 10 Number of DS delay: 10 Sum of SD delay: 78 Sum of DS delay: 85 Square-Sum of SD delay: 666 Square-Sum of DS delay: 787...
SNMP operation configuration example Network requirements As shown in Figure 47, configure an SNMP operation to test the time the NQA client uses to get a value from the SNMP agent. Figure 47 Network diagram Configuration procedure Assign each interface an IP address. (Details not shown.) Configure static routes or a routing protocol to make sure the devices can reach each other.
Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 # Display the history records of the SNMP operation. [DeviceA] display nqa history admin test1 NQA entry (admin admin, tag test1) history records: Index Response Status...
# After the TCP operation runs for a period of time, stop the operation. [DeviceA] undo nqa schedule admin test1 # Display the most recent results of the TCP operation. [DeviceA] display nqa result admin test1 NQA entry (admin admin, tag test1) test results: Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 13/13/13...
Configure Device A: # Create a UDP echo operation. <DeviceA> system-view [DeviceA] nqa entry admin test1 [DeviceA-nqa-admin-test1] type udp-echo # Configure 10.2.2.2 as the destination IP address and port 8000 as the destination port. [DeviceA-nqa-admin-test1-udp-echo] destination ip 10.2.2.2 [DeviceA-nqa-admin-test1-udp-echo] destination port 8000 # Enable the saving of history records.
Page 170
Configuration procedure Assign each interface an IP address. (Details not shown.) Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) Configure Device B: # Enable the NQA server, and configure a listening service to listen on IP address 10.2.2.2 and UDP port 9000.
Page 171
Max negative SD: 203 Max negative DS: 1297 Negative SD number: 255 Negative DS number: 259 Negative SD sum: 759 Negative DS sum: 1796 Negative SD average: 2 Negative DS average: 6 Negative SD square-sum: 53655 Negative DS square-sum: 1691776 One way results: Max SD delay: 343 Max DS delay: 985...
Min SD delay: 0 Min DS delay: 0 Number of SD delay: 4 Number of DS delay: 4 Sum of SD delay: 1390 Sum of DS delay: 1079 Square-Sum of SD delay: 483202 Square-Sum of DS delay: 973651 SD lost packets: 0 DS lost packets: 0 Lost packets for unknown reason: 0 Voice scores:...
Packet loss ratio: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to internal error: 0 Failures due to other errors: 0 # Display the history records of the DLSw operation. [DeviceA] display nqa history admin test1 NQA entry (admin admin, tag test1) history records: Index...
Page 174
[DeviceA] display nqa result admin test1 NQA entry (admin admin, tag test1) test results: Hop IP 10.1.1.2 Basic Results Send operation times: 10 Receive response times: 10 Min/Max/Average round trip time: 9/21/14 Square-Sum of round trip time: 2419 Extended Results Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0...
NQA collaboration configuration example Network requirements As shown in Figure 53, configure a static route to Switch C with Switch B as the next hop on Switch A. Associate the static route, a track entry, and an ICMP operation to monitor the state of the static route. Figure 53 Network diagram Configuration procedure Assign each interface an IP address.
Page 176
Verifying the configuration # On Switch A, display information about all the track entries. [SwitchA] display track all Track ID: 1 State: Positive Duration: 0 days 0 hours 0 minutes 0 seconds Notification delay: Positive 0, Negative 0 (in seconds) Tracked object: NQA entry: admin test1 Reaction: 1...
# Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) # Create ICMP template icmp and specify 10.2.2.2 as the destination IP address. <DeviceA> system-view [DeviceA] nqa template icmp icmp [DeviceA-nqatplt-icmp-icmp] destination ip 10.2.2.2 # Set the probe timeout time for the ICMP operation to 500 milliseconds, and configure the operation to repeat at an interval of 3000 milliseconds.
[DeviceA-nqatplt-dns-dns] reaction trigger probe-pass 2 # If the number of consecutive probe failures reaches 2, the operation fails. The NQA client notifies the feature of the operation failure. [DeviceA-nqatplt-dns-dns] reaction trigger probe-fail 2 TCP template configuration example Network requirements As shown in Figure 56, configure a TCP template for a feature to perform the TCP operation to test whether Device A can establish a TCP connection to Device B and process the server's response.
HTTP template configuration example Network requirements As shown in Figure 57, configure an HTTP template for a feature to perform the HTTP operation to test whether the NQA client can establish a connection to and get data from the HTTP server. Figure 57 Network diagram Configuration procedure # Assign each interface an IP address.
Page 181
Configuration procedure # Assign each interface an IP address. (Details not shown.) # Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) # Create FTP template ftp. <DeviceA> system-view [DeviceA] nqa template ftp ftp # Specify the URL of the FTP server.
Configuring port mirroring The port mirroring feature is available on Layer 2 Ethernet interfaces, Layer 3 Ethernet interfaces, and FC interfaces. The term "interface" in this chapter collectively refers to these types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).
Reflector port, egress port, and remote probe VLAN A reflector port, remote probe VLAN, and an egress port are used for Layer 2 remote port mirroring. The remote probe VLAN specially transmits mirrored packets to the destination device. Both the reflector port and egress port reside on a source device and send mirrored packets to the remote probe VLAN.
Page 184
Layer 2 remote port mirroring—The mirroring source and the mirroring destination are located on • different devices on a same Layer 2 network. Layer 3 remote port mirroring—The mirroring source and the mirroring destination are separated • by IP networks. Layer 2 remote port mirroring The source device copies packets received on the source port to the egress port.
forwards the packets to the data monitoring device. For more information about GRE tunnels and tunnel interfaces, see Layer 3—IP Services Configuration Guide. Figure 61 Layer 3 remote port mirroring implementation Tunnel interface Tunnel interface Source Destination device device GRE tunnel IP network XGE1/0/2 XGE1/0/1...
A mirroring group can contain multiple source ports. • • A port can act as a source port for multiple mirroring groups, but the port cannot be a reflector port, egress port, or monitor port at the same time. Configuration procedure To configure source ports in system view: Step Command...
If you have configured the reflector port for a remote source group, do not configure the egress port • for it. A VLAN can act as the remote probe VLAN for only one remote source group. HP recommends that • you use the remote probe VLAN for port mirroring exclusively. Do not create a VLAN interface or...
A remote probe VLAN must be a static VLAN. To delete this static VLAN, you must first remove the • remote probe VLAN configuration by using the undo mirroring-group remote-probe vlan command. • If the remote probe VLAN of a remote mirroring group is removed, the remote mirroring group will become invalid.
MVRP is enabled, MVRP might register the remote probe VLAN with unexpected ports, resulting in undesired duplicates. For more information about MVRP, see Layer 2—LAN Switching Configuration Guide. • HP recommends that you configure the destination device first, then the intermediate devices, and then the source device. Tasks at a glance (Required.)
Page 190
A mirroring group must contain only one monitor port, and a monitor port can belong to only one • mirroring group. To configure the monitor port for a remote destination group in system view: Step Command Remarks Enter system view. system-view Configure the monitor port for mirroring-group group-id...
Step Command • For an access port: port access vlan vlan-id • For a trunk port: Assign the port to the probe VLAN. port trunk permit vlan vlan-id • For a hybrid port: port hybrid vlan vlan-id { tagged | untagged } For more information about the port access vlan, port trunk permit vlan, and port hybrid vlan commands, see Layer 2—LAN Switching Command Reference.
Page 192
Step Command Remarks Configure the port as a source mirroring-group group-id By default, a port does not act as a port for the specified remote mirroring-port { both | inbound | source port for any remote source source group. outbound } group.
When a VLAN is configured as a remote probe VLAN, use the remote probe VLAN for port • mirroring exclusively. The remote mirroring groups on the source device and destination device must use the same remote • probe VLAN. To configure the remote probe VLAN for a remote source group: Step Command Remarks...
Configuration prerequisites Create a tunnel interface and a GRE tunnel. The source and destination addresses of the tunnel interface are the IP addresses of the physical interfaces on the source and destination devices respectively. For more information about tunnel interfaces, see Layer 3—IP Services Configuration Guide. Configuring local mirroring groups Configure a local mirroring group on the source device and on the destination device separately.
Do not enable the spanning tree feature on the monitor port. • • HP recommends that you use a monitor port only for port mirroring, so the data monitoring device receives and analyzes only the mirrored traffic. Configuration procedure To configure the monitor port in system view:...
Displaying and maintaining port mirroring Execute display commands in any view. Task Command display mirroring-group { group-id | all | local | Display mirroring group information. remote-destination | remote-source } Local port mirroring configuration example Network requirements As shown in Figure 62, configure local port mirroring in source port mode so the server can monitor the bidirectional traffic of the Marketing department and the Technical department.
[Device-Ten-GigabitEthernet1/0/3] quit Verifying the configuration # Display information about all mirroring groups. [Device] display mirroring-group all Mirroring group 1: Type: Local Status: Active Mirroring port: Ten-GigabitEthernet1/0/1 Both Ten-GigabitEthernet1/0/2 Both Monitor port: Ten-GigabitEthernet1/0/3 Layer 2 remote port mirroring configuration example Network requirements As shown in Figure 63, configure Layer 2 remote port mirroring so the server can monitor the...
Page 198
[DeviceC-Ten-GigabitEthernet1/0/1] quit # Create a remote destination group. [DeviceC] mirroring-group 2 remote-destination # Create VLAN 2, which is to be configured as the remote probe VLAN. [DeviceC] vlan 2 # Disable MAC address learning for VLAN 2. [DeviceC-vlan2] undo mac-address mac-learning enable [DeviceC-vlan2] quit # Configure VLAN 2 as the remote probe VLAN of the mirroring group and Ten-GigabitEthernet 1/0/2 as the monitor port of the mirroring group.
[DeviceA-vlan2] quit # Configure VLAN 2 as the remote probe VLAN of the mirroring group. [DeviceA] mirroring-group 1 remote-probe vlan 2 # Configure Ten-GigabitEthernet 1/0/1 as a source port and Ten-GigabitEthernet 1/0/2 as the egress port in the mirroring group. [DeviceA] mirroring-group 1 mirroring-port ten-gigabitethernet 1/0/1 both [DeviceA] mirroring-group 1 monitor-egress ten-gigabitethernet 1/0/2 # Configure Ten-GigabitEthernet 1/0/2 as a trunk port to permit the packets of VLAN 2 to pass through,...
Layer 3 remote port mirroring configuration example Network requirements As shown in Figure 65, configure Layer 3 remote port mirroring and create a GRE tunnel so the server can monitor the bidirectional traffic of the Marketing department through a GRE tunnel. Figure 65 Network diagram Configuration procedure Configure IP addresses for the tunnel interfaces and related ports on the devices.
# Enable the OSPF protocol. [DeviceA] ospf 1 [DeviceA-ospf-1] area 0 [DeviceA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [DeviceA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [DeviceA-ospf-1-area-0.0.0.0] quit [DeviceA-ospf-1] quit # Create local mirroring group 1. [DeviceA] mirroring-group 1 local # Configure Ten-GigabitEthernet 1/0/1 as a source port and Tunnel 0 as the monitor port of local mirroring group 1.
# Create local mirroring group 1. [DeviceC] mirroring-group 1 local # Configure Ten-GigabitEthernet 1/0/1 as a source port and Ten-GigabitEthernet 1/0/2 as the monitor port of local mirroring group 1. [DeviceC] mirroring-group 1 mirroring-port ten-gigabitethernet 1/0/1 inbound [DeviceC] mirroring-group 1 monitor-port ten-gigabitethernet 1/0/2 # Disable the spanning tree feature on the monitor port Ten-GigabitEthernet 1/0/2.
Configuring flow mirroring The flow mirroring feature is available on both Layer 2 and Layer 3 Ethernet interfaces. The term "interface" in this chapter collectively refers to these two types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).
Step Command Remarks By default, no match criterion is Configure match criteria. if-match match-criteria configured in a traffic class. Configuring a traffic behavior Step Command Remarks Enter system view. system-view Create a traffic behavior and By default, no traffic behavior traffic behavior behavior-name enter traffic behavior view.
Applying a QoS policy Applying a QoS policy to an interface By applying a QoS policy to an interface, you can mirror the traffic in a specified direction on the interface. A policy can be applied to multiple interfaces, but in one direction (inbound or outbound) of an interface, only one policy can be applied.
Step Command Enter system view. system-view Enter control plane view. control-plane slot slot-number Apply a QoS policy to the qos apply policy policy-name inbound control plane. Flow mirroring configuration example Network requirements As shown in Figure 66, configure flow mirroring so that the server can monitor the following traffic: All traffic that the Technical department sends to access the Internet.
Configuring sFlow Sampled Flow (sFlow) is a traffic monitoring technology. As shown in Figure 67, the sFlow system involves an sFlow agent embedded in a device and a remote sFlow collector. The sFlow agent collects interface counter information and packet information and encapsulates the sampled information in sFlow packets.
{ ip ip-address | NOTE: address for the ipv6 ipv6-address } • HP recommends that you manually configure sFlow agent. an IP address for the sFlow agent. • Only one IP address can be configured for the sFlow agent on the device, and a newly configured IP address overwrites the existing one.
(starting from The default setting is 128 bytes. the packet header) that flow sflow flow max-header length HP recommends the default. sampling can copy per packet. Specify the sFlow collector for By default, no sFlow collector is sflow flow collector collector-id flow sampling.
Task Command Display sFlow configuration. display sflow sFlow configuration example Network requirements As shown in Figure 68, configure flow sampling in random mode and counter sampling on Ten-GigabitEthernet 1/0/1 of the device to monitor traffic on the port. Configure the device to send sampled information in sFlow packets through Ten-GigabitEthernet 1/0/3 to the sFlow collector.
[Sysname-Ten-GigabitEthernet1/0/1] sflow sampling-rate 4000 # Specify sFlow collector 1 for flow sampling. [Sysname-Ten-GigabitEthernet1/0/1] sflow flow collector 1 Verifying the configuration # Display the sFlow configuration and operation information. [Sysname-Ten-GigabitEthernet1/0/1] display sflow sFlow datagram version: 5 Global information: Agent IP: 3.3.3.1(CLI) Source address: Collector information: Port...
Page 214
Verify that the bound VPN already exists. Verify that the length of an sFlow packet is greater than the length of the sFlow packet header plus the number of bytes (HP recommends the default) that flow sampling can copy per packet.
Monitoring and maintaining processes HP Comware V7 is a full-featured, modular, and scalable network operating system based on the Linux kernel. Comware V7 software features run the following types of independent processes: • User process—Runs in user space. Most Comware V7 software features run user processes. Each process runs in an independent space so the failure of a process does not affect other processes.
Task Command Display heap memory usage for a display process memory heap job job-id [ verbose ] [ slot slot-number ] user process. Display the addresses of memory display process memory heap job job-id size memory-size [ offset blocks with a specified size used offset-size ] [ slot slot-number ] by a user process.
Step Command Remarks (Optional.) Set the interval monitor kernel deadloop time interval [ slot for identifying a kernel The default is 8 seconds. slot-number ] thread deadloop. (Optional.) Disable kernel After enabled, kernel thread monitor kernel deadloop exclude-thread thread deadloop detection deadloop detection monitors tid [ slot slot-number ] for a kernel thread.
Configuring EAA Overview Embedded Automation Architecture (EAA) is a monitoring framework that enables you to self-define monitored events and actions to take in response to an event. It allows you to create monitor policies by using the CLI or Tcl scripts. EAA framework EAA framework includes a set of event sources, a set of event monitors, a real-time event manager (RTM), and a set of user-defined monitor policies, as shown in...
RTM manages the creation, state machine, and execution of monitor policies. EAA monitor policies A monitor policy specifies the event to monitor and actions to take when the event occurs. You can configure EAA monitor policies by using the CLI or Tcl. A monitor policy contains the following elements: •...
Event type Description SNMP_Notification event occurs when the monitored MIB variable's value in an SNMP SNMP_Notification notification matches the specified condition. For example, the broadcast traffic rate on an Ethernet interface is equal to or greater than 30%. Action You can create a series of order-dependent actions to take in response to the event specified in the monitor policy.
Event-specific variable—Available only for a type of event. • Table 20 shows all system-defined variables. Table 20 System-defined EAA environment variables by event type Variable name Description Any event: _event_id Event ID. _event_type Event type. _event_type_string Event type description. _event_time Time when the event occurs.
Step Command Remarks Enter system view. system-view Configure a By default, no user-defined environment user-defined EAA rtm environment env-name variables are configured. The system provides environment env-value the system-defined variables in Table variable. Configuring a monitor policy You can configure a monitor policy by using the CLI or Tcl. Configuration restrictions and guidelines When you configure monitor policies, follow these restrictions and guidelines: Make sure the actions in different policies do not conflict.
Step Command Remarks By default, CLI-defined policies are not enabled. Enable the policy. commit A CLI-defined policy can take effect only after you perform this step. Configuring a monitor policy by using Tcl Step Command Remarks Edit a Tcl script file The supported Tcl version is 8.5.8.
Line Content Requirements You can reference a variable name in the $variable_name format instead of specifying a value for an argument when you define an action. Line 2 Actions The following actions are available: • Standard Tcl commands. • EAA-specific Tcl commands. •...
Page 227
Configuration procedure # Enter system view. <Sysname> system-view # Create the CLI-defined policy test and enter its view. [Sysname] rtm cli-policy test # Add a CLI event that occurs when a question mark (?) is entered at any command line that contains letters and digits.
Tcl-defined policy configuration example Network requirements Use Tcl to create a monitor policy on the device. This policy must meet the following requirements: EAA sends the log message "rtm_tcl_test is running" when a command that contains the display • this string is entered. The system executes the command only after it executes the policy successfully.
Configuring CWMP CWMP is available in release 231 1P04 and later versions. Overview CPE WAN Management Protocol (CWMP), also called "TR-069," is a DSL Forum technical specification for remote management of home network devices. The protocol was initially designed to provide remote autoconfiguration through a server for large numbers of dispersed end-user devices in DSL networks.
Basic CWMP functions The ACS identifies different categories of CPEs by provision code. You can use the ACS to autoconfigure and upgrade each category of CPEs in bulk. Autoconfiguration You can create configuration files for different categories of CPEs on the ACS. The ACS identifies the configuration file for a CPE by its provision code.
Category Objects ACS URL ACS username ACS password PeriodicInformEnable CWMP settings PeriodicInformInterval PeriodicInformTime ConnectionRequestURL (CPE URL) ConnectionRequestUsername (CPE username) ConnectionRequestPassword (CPE password) How CWMP works CWMP uses remote procedure call (RPC) methods for bidirectional communication between CPE and ACS. The RPC methods are encapsulated in HTTP or HTTPS. RPC methods Table 23 shows the primary RPC methods used in CWMP.
NOTE: For the CPE to complete autoconfiguration at its initial startup, HP recommends that you use a DHCP server. The DHCP option for ACS parameter assignment is option 43. For more information about DHCP, Layer 3—IP Services Configuration Guide CWMP connection establishment...
For an attribute, the CLI- and ACS-assigned values have higher priority than the DHCP-assigned value. The CLI- and ACS-assigned values overwrite each other, whichever is assigned later. This document only describes configuring ACS and CPE attributes from the CLI and DHCP server. For more information about configuring and using the ACS, see ACS documentation.
You can use DHCP option 43 to assign the ACS URL and ACS login authentication username and password. If the DHCP server is an HP device, you can configure DHCP option 43 by using the option 43 hex 01length URL username password command.
Attribute Attribute value Hexadecimal form ACS connect 5678 35363738 password For more information about DHCP and DHCP Option 43, see layer 3—IP Services Configuration Guide. Configuring the preferred ACS attributes from the CLI Step Command Remarks Enter system view. system-view Enter CWMP view.
Configuring ACS authentication parameters To protect the CPE against unauthorized access, configure a CPE username and password for ACS authentication. When an ACS initiates a connection to the CPE, the ACS must provide the correct username and password. NOTE: The password setting is optional. You may choose to use only a username for authentication. To configure ACS authentication parameters: Step Command...
To configure the CWMP connection interface: Step Command Remarks Enter system view. system-view Enter CWMP view. cwmp Specify the interface that cwmp cpe connect interface No CWMP connection interface is connects to the ACS as the interface-type interface-number specified. CWMP connection interface. Configuring autoconnect parameters You can configure the CPE to connect to the ACS periodically, or at a schedule time for configuration or software update.
Step Command Remarks Enter system view. system-view Enter CWMP view. cwmp By default, the CPE retries a failed Configure the maximum cwmp cpe connect retry times connection until the connection is number of connection retries. established. Configuring the close-wait timer The close-wait timer specifies the amount of time the connection to the ACS can be idle before it is terminated.
As shown in Figure 3, use HP IMC BIMS as the ACS to bulk-configure the devices (CPEs), and assign ACS attributes to the CPEs from the DHCP server. The configuration files for the devices in equipment rooms A and B are configure1.cfg and configure2.cfg,...
Page 240
Figure 3 Network diagram DHCP Server DNS Server 10.185.10.41 10.185.10.52 10.185.10.60 Device A Device B Device C Device D Device E Device F Room A Room B Table 25 shows the ACS attributes for the CPEs to connect to the ACS. Table 25 ACS attributes Item Setting...
Configuration procedure Configuring the ACS Log in to the ACS: Launch a Web browser on the ACS configuration terminal. In the address bar of the Web browser, enter the ACS URL and port number. This example uses http://10.185.10.41:8080/imc. On the login page, enter the ACS login username and password, and then click Login. Create a CPE user account: Select Service >...
Page 242
On the Add Device Group page, enter a service group name (for example, DB_1), and then click OK. Figure 6 Adding a device group Select Service > Resource > Device Class from the top navigation bar. Click Add. On the Add Device Class page, enter a device class name for devices in equipment room A, and then click OK.
Page 243
Repeat the previous two steps to add other devices. Figure 8 Adding a CPE After the CPE is added successfully, a success message is displayed, as shown in Figure Figure 9 CPE added successfully Configure the system settings of the ACS, as shown in Figure...
Page 244
Figure 10 Configuring the system settings of the ACS Add configuration templates and software library entries for the two classes of devices: Select Service > BIMS > Configuration Management > Configuration Templates from the navigation tree. Figure 11 Configuring templates page On the Configuration Templates page, click Import….
Page 245
Figure 12 Importing configuration template After the configuration template is added successfully, a success message is displayed, as shown in Figure Figure 13 Configuration templates...
Page 246
Select Service > BIMS > Configuration Management > Software Library from the top navigation bar. Figure 14 Configuring software library On the Software Library page, click Import…. On the Import CPE Software page, select the software images for the Device_A device class, add the Device_A class to the Applicable CPEs pane, and then click OK.
Page 247
Figure 16 Deployment Guide On the Auto Deploy Configuration page, click Select Class. Figure 17 Configuring auto deployment On the Device Class page, select Device_A, and then click OK.
Page 248
A. Configuring the DHCP server In this example, an HP device is operating as the DHCP server. Configure an IP address pool to assign IP addresses and DNS server address to the CPEs. This example uses subnet 10.185.10.0/24 for IP address assignment.
[DHCP_server] dhcp enable # Enable DHCP server on VLAN-interface 1. [DHCP_server] interface vlan-interface 1 [DHCP_server-Vlan-interface1] dhcp select server global-pool [DHCP_server-Vlan-interface1] quit # Exclude the DNS server address 10.185.10.60 and the ACS IP address 10.185.10.41 from dynamic allocation. [DHCP_server] dhcp server forbidden-ip 10.185.10.41 [DHCP_server] dhcp server forbidden-ip 10.185.10.60 # Create DHCP address pool 0.
Configuring NETCONF Overview Network Configuration Protocol (NETCONF) is an XML-based network management protocol with good filtering capabilities. It provides programmable mechanisms to manage and configure network devices. Through NETCONF, you can configure device parameters, retrieve parameter values, and get statistics information.
NETCONF XML API reference for the switch. The following example shows a NETCONF message for getting all parameters of all interfaces on the device: <?xml version="1.0" encoding="utf-8"?> <rpc message-id ="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-bulk> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface/> </Interfaces> </Ifmgr> </top>...
</env:Header> <env:Body> <rpc message-id ="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-bulk> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <IF> <Interfaces> <Interface/> </Interfaces> </IF> </top> </filter> </get-bulk> </rpc> </env:Body> </env:Envelope> How to use NETCONF You can use NETCONF to manage and configure the device by using the methods in...
FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode (see Security Configuration Guide) and non-FIPS mode. NETCONF configuration task list Task at a glance (Optional.) Enabling NETCONF over SOAP (Optional.)
The device automatically advertises its NETCONF capabilities to the client in a hello message as follows: <?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:pa rams:netconf:base:1.1</capability><capability>urn:ietf:params:netconf:writable-runnin g</capability><capability>urn:ietf:params:netconf:capability:notification:1.0</capabi lity><capability>urn:ietf:params:netconf:capability:validate:1.1</capability><capabil ity>urn:ietf:params:netconf:capability:interleave:1.0</capability><capability>urn:iet f:params:netconf:capability:hp-netconf-ext:1.0</capability></capabilities><session-id >1</session-id></hello>]]>]]> Where: The <capabilities> parameter represents the capabilities supported by the device. • • The <session-id> parameter represents the unique ID assigned to the current session.
You can send multiple subscription messages to subscribe to notification of multiple events. Subscription procedure # Copy the following message to the client to complete the subscription: <?xml version="1.0" encoding="UTF-8"?> <rpc message-id="101" xmlns ="urn:ietf:params:xml:ns:netconf:base:1.0"> <create-subscription xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0"> <stream>NETCONF</stream> <filter> <event xmlns="http://www.hp.com/netconf/event:1.0"> <Code>code</Code> <Group>group</Group> <Severity>severity</Severity> </event> </filter> <startTime>start-time</startTime> <stopTime>stop-time</stopTime> </create-subscription>...
The <severity> parameter represents the severity level of the event. • • The <start-time> parameter represents the start time of the subscription. The <stop-time> argument represents the end time of the subscription. • After receiving the subscription request from the client, the device returns a response in the following format if the subscription is successful: <?xml version="1.0"...
# If fan 1 on the device encounters problems, the device sends the following text to the client that has subscribed to all events: <?xml version="1.0" encoding="UTF-8"?> <notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0"> <eventTime>2011-01-04T12:30:46</eventTime> <event xmlns="http://www.hp.com/netconf/event:1.0"> <Group>DEV</Group> <Code>FAN_DIRECTION_NOT_PREFERRED</Code> <Slot>6</Slot> <Severity>Alert</Severity> <context>Fan 1 airflow direction is not preferred on slot 6, please check it.</context>...
Locking the configuration # Copy the following text to the client to lock the configuration: <?xml version="1.0" encoding="UTF-8"?> <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <lock> <target> <running/> </target> </lock> </rpc> After receiving the lock request, the device returns a response in the following format if the lock operation is successful: <?xml version="1.0"...
The number of matched data entries is less than the value of the count attribute. # Copy the following text to the client to perform the get operation: <?xml version="1.0" encoding="UTF-8"?> <rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <getoperation> <filter> <top xmlns=" http://www.hp.com/netconf/data:1.0"> Specify the module, submodule, table name, and column name </top> </filter> </getoperation> </rpc>...
The <get-config> and <get-bulk-config> messages are similar. The following is a <get-config> message example: <?xml version="1.0"?> <rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter> <top xmlns="http://www.hp.com/netconf/config:1.0"> Specify the module name, submodule name, table name, and column name </top> </filter> </get-config>...
<edit-config> <target><running></running></target> <error-option> Default operation when an error occurs </error-option> <config> <top xmlns="http://www.hp.com/netconf/config:1.0"> Specify the module name, submodule name, table name, and column name </top> </config> </edit-config> </rpc> After receiving the edit-config request, the device returns a response in the following format if the operation is successful: <?xml version="1.0">...
Page 263
<get-config> <source> <running/> </source> </get-config> </rpc> Verifying the configuration If the client receives the following text, the get-config operation is successful: <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:web="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <data> <top xmlns="http://www.hp.com/netconf/config:1.0"> <Ifmgr> <Interfaces> <Interface> <IfIndex>1307</IfIndex> <Shutdown>1</Shutdown> </Interface> <Interface> <IfIndex>1308</IfIndex> <Shutdown>1</Shutdown> </Interface> <Interface>...
</capabilities> </hello> # Change the log buffer size for the Syslog module to 512. <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:web="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <running/> </target> <config> <top xmlns="http://www.hp.com/netconf/config:1.0" web:operation="merge"> <Syslog> <LogBuffer> <BufferSize>512</BufferSize> </LogBuffer> </Syslog> </top> </config> </edit-config> </rpc> Verifying the configuration If the client receives the following text, the edit-config operation is successful: <?xml version="1.0"...
After receiving the save request, the device returns a response in the following format if the save operation is successful: <?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply> Rolling back the configuration # Copy the following text to the client to roll back the configuration: <?xml version="1.0"...
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply> Example for saving the configuration Network requirements Save the current configuration to the configuration file my_config.cfg. Configuration procedure # Enter XML view. <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> </capabilities> </hello> # Save the configuration of the device to the configuration file my_config.cfg.
Page 270
<rpc message-id ="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface> <AdminStatus>2</AdminStatus> </Interface> </Interfaces> </Ifmgr> </top> </filter> </get> </rpc> Regular expression match • To implement a complex data filtering with characters, you can add a regExp attribute for a specific element.
# Copy the following text to the client to retrieve extension information about the entity of which the CPU usage is more than 50%: <rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:hp="http://www.hp.com/netconf/base:1.0"> <get> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Device> <ExtPhysicalEntities> <Entity> <CpuUsage hp:match="more:50"></CpuUsage> </Entity> </ExtPhysicalEntities>...
Page 272
</capabilities> </hello> # Retrieve all data including colons in the Description column of the Interfaces table under the Ifmgr module. <?xml version="1.0"?> <rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:reg="http://www.hp.com/netconf/base:1.0"> <get> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface> <Description reg:regExp=":"/> </Interface> </Interfaces> </Ifmgr> </top>...
# Retrieve data in the Name column with the ifindex value not less than 5000 in the Interfaces table under the Ifmgr module. <rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="http://www.hp.com/netconf/base:1.0"> <get> <filter type="subtree"> <top xmlns="http://www.hp.com/netconf/data:1.0"> <Ifmgr> <Interfaces> <Interface> <IfIndex nc:match="more:5000"/> <Name/> </Interface> </Interfaces>...
<?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <CLI> <Execution> <![CDATA[Responses to the commands]]> </Execution> </CLI> </rpc-reply> CLI operation example Configuration requirements Send the display current-configuration command to the device. Configuration procedure # Enter XML view. <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities>...
telnet server enable irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 ]]> </Execution> </CLI> </rpc-reply> Retrieving NETCONF session information You can use the get-sessions operation to retrieve NETCONF session information of the device. # Copy the following message to the client to retrieve NETCONF session information from the device: <?xml version="1.0"...
<?xml version="1.0" encoding="UTF-8"?> <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-sessions/> </rpc> If the client receives a message as follows, the operation is successful: <?xml version="1.0" encoding="UTF-8"?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <get-sessions> <Session> <SessionID>1</SessionID> <Line>vty0</Line> <UserName></UserName> <Since>2011-01-05T00:24:57</Since> <LockHeld>false</LockHeld> </Session> </get-sessions> </rpc-reply> The output shows the following information: •...
Configuration example Configuration requirement The user whose session's ID is 1 terminates the session with session ID 2. Configuration procedure # Enter XML view. <Sysname> xml # Exchange capabilities. <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> </capabilities> </hello> # Terminate the session with session ID 2. <rpc message-id="101"...
NETCONF operations available with Comware V7. Table 30 NETCONF operations Operation Description XML example To retrieve device configuration and state information for the Syslog module: <rpc message-id ="101" xmlns="urn:ietf:params:xml:ns:netconf:ba se:1.0" xmlns:xc="http://www.hp.com/netconf/base :1.0"> <get> <filter type="subtree"> Retrieves device configuration and state information. <top xmlns="http://www.hp.com/netconf/data:1. 0"> <Syslog>...
Page 280
Operation Description XML example To retrieve non-default configuration data for the interface table: <rpc message-id ="100" xmlns="urn:ietf:params:xml:ns:netconf:ba se:1.0" xmlns:xc="http://www.hp.com/netconf/base :1.0"> <get-config> <source> <running/> </source> Retrieves the non-default configuration data. If <filter type="subtree"> get-config non-default configuration data <top does not exist, the device returns xmlns="http://www.hp.com/netconf/config:...
Page 281
<running/> Retrieves a number of </source> non-default configuration data <filter type="subtree"> get-bulk-config entries starting from the data entry next to the one with the <top xmlns="http://www.hp.com/netconf/config: specified index. 1.0"> <Ifmgr> </Ifmgr> </top> </filter> </get-bulk-config> </rpc> To change the buffer size to 120: <rpc message-id ="101"...
Page 282
Operation Description XML example Creates a specified target. To use the create attribute in the edit-config operation, you must specify the operation target. • If the table supports target The XML data format is the same as the edit-config creation and the specified edit-config: create message with the merge attribute.
Page 283
Operation Description XML example Deletes the specified configuration. • If the specified target has only the table index, the operation removes all configuration of the specified target, and the target itself. The syntax is the same as the edit-config message with •...
Page 284
<config xmlns:xc="urn:ietf:params:xml:ns:netconf • merge—This is the default :base:1.0"> value for the edit-config: <top <default-operation> default-operation xmlns="http://www.hp.com/netconf/config: element. 1.0"> • replace—This value is used <Ifmgr > when the operation attribute <Interfaces> is not specified and the <Interface> default operation method is <Index>262</Index>...
Page 285
<config xmlns:xc="urn:ietf:params:xml:ns:netconf Determines the action to take in :base:1.0"> case of a configuration error. <top The error-option element has xmlns="http://www.hp.com/netconf/config: 1.0"> one of the following values: <Ifmgr xc:operation="merge"> • stop-on-error—Stops the operation on error and <Interfaces> returns an error message.
Page 286
<test-option>test-only</test-option> • <config test-then-set—Performs a xmlns:xc="urn:ietf:params:xml:ns:netconf validation test before :base:1.0"> attempting to set. If the <top validation test fails, the xmlns="http://www.hp.com/netconf/config: edit-config operation is not 1.0"> performed. This is the default edit-config: <Ifmgr xc:operation="merge"> test-option value. test-option <Interfaces> • set—Directly performs the <Interface>...
Page 287
Operation Description XML example To lock the configuration: Locks the configuration data that can be changed by the <rpc message-id="101" edit-config operation. Other xmlns="urn:ietf:params:xml:ns:netconf:ba configurations are not limited by se:1.0"> the lock operation. <lock> lock This lock operation locks only <target>...
Page 288
Operation Description XML example Executes CLI operations. A request message encloses commands in the <CLI> To execute the display this command in system view: element, and a response message encloses the command <rpc message-id="101" output in the <CLI> element. xmlns="urn:ietf:params:xml:ns:netconf:ba NETCONF supports the se:1.0">...
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. For a complete list of acronyms and their definitions, see HP FlexNetwork Technology Acronyms.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 291
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 295
NMM NTP client/server mode with MPLS VPN NMM remote port mirroring source group, time synchronization, NMM remote port mirroring source group egress NMM NTP local clock as reference source, port, NMM NTP max number dynamic NMM remote port mirroring source group remote associations, probe VLAN, NMM NTP multicast association mode, 17,...
Page 296
data ACS authentication parameters, NMM NETCONF configuration data retrieval (all modules), ACS connection interface, NMM NETCONF configuration data retrieval ACS provision code, (Syslog module), attribute type, NMM NETCONF data entry retrieval (interface CWMP ACS autoconnect parameters, table), NAT traversal, NMM NETCONF filtering (conditional CPE WAN Management Protocol.
Page 297
NMM information center log output NMM port mirroring remote destination group, (console), 90, NMM port mirroring remote source group, NMM information center log output (Linux log NMM port mirroring remote source group egress host), 92, port, NMM information center log output (UNIX log NMM port mirroring remote source group remote host), probe VLAN,...
Page 298
PMM kernel threads, NMM NQA client UDP echo operation, 130, SNMP settings, egress port user PMM, NMM Layer 2 remote port mirroring, DLSw NMM port mirroring remote source group egress port, NMM NQA, 1 19 Embedded Automation Architecture. Use NMM NQA client DLSw operation, 132, enabling CWMP, NMM NQA,...
Page 299
NMM EAA environment variable configuration NMM information center system logs, (user-defined), NMM NETCONF message, NMM EAA event monitor, NMM EAA event monitor policy element, NMM NQA, 1 19 NMM EAA event monitor policy environment NMM NQA client FTP operation, 125, variable, 21 1 NMM NQA client FTP template, 145,...
Page 300
NMM RMON group, log output (Linux log host), 92, NMM RMON history control entry, 1 12 log output (log buffer), NMM RMON history group log output (log host), configuration, 1 15 log output (monitor terminal), host log output (UNIX log host), NMM information center log output (log log save to file, host),...
Page 302
NMM information center diagnostic logs, NMM PTP non-Pdelay message MAC address, NMM information center duplicate log maintaining suppression, NMM information center, NMM information center hidden logs, NMM PTP, NMM information center interface link up/link PMM, down log generation, PMM kernel threads, NMM information center log default output PMM Linux, rules,...
Page 303
module feature module debug, CWMP CPE NAT traversal, NMM information center configuration, 77, NETCONF NMM NETCONF configuration data retrieval capability exchange, (all modules), CLI operations, 264, NMM NETCONF configuration data retrieval CLI return, (Syslog module), configuration, 240, NMM NETCONF data entry retrieval (interface configuration data retrieval (all modules), table), configuration data retrieval (Syslog module),...
Page 306
CWMP CPE attributes, information center log formats, CWMP CPE NAT traversal, information center log levels, CWMP framework, information center log output (console), 83, CWMP settings display, information center log output (Linux log host), 92, displaying information center, information center log output (log buffer), displaying NTP, information center log output (log host), displaying PTP,...
Page 317
remote source group remote probe VLAN history group, configuration, history group configuration, 1 15 remote source group source ports, private alarm group, 1 10 remote probe VLAN private alarm group sample type, 1 1 1 NMM Layer 2 remote port mirroring, protocols and standards, 1 1 1 NMM port mirroring monitor port to remote...
Page 318
NMM system information default trace log NMM NTP multicast server configuration, output, NMM SNTP configuration, 52, 52, runtime NMM SNTP NTP server specification, NMM EAA event monitor policy runtime, 21 1 service NMM NETCONF configuration data retrieval (all modules), sampling NMM NETCONF configuration data retrieval NMM RMON alarm group sample type, 1 1 1...
Page 319
Get operation, 95, displaying, logging configuration, enable, manager, NTP server specification, MIB, 94, SOAP MIB view-based access control, NMM NETCONF message format, NMM NQA, 1 19 NMM NETCONF over SOAP enable, NMM NQA client SNMP operation, 128, source NMM RMON alarm function configuration, 1 16 NMM port mirroring, NMM RMON configuration,...
Page 320
NMM information center duplicate log NMM information center log output (log buffer), suppression, NMM information center log output (log host), suspending NMM information center log output (monitor NMM EAA monitor policy, terminal), switch NMM information center log output (UNIX log host), module debug, NMM information center log save to file,...