HP HSR6800 Routers Network Management and Monitoring Configuration Guide Part number: 5998-4498 Software version: HSR6800-CMW520-R3303P05 Document version: 6PW105-20140507
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Using ping, tracert, and system debugging ··············································································································· 1 Ping ····················································································································································································· 1 Using a ping command to test network connectivity ···························································································· 1 Ping example
DLSw operation configuration example ·············································································································· 47 NQA collaboration configuration example········································································································ 48 Configuring NTP ························································································································································ 51 Overview·································
SNMP configuration task list ········································································································································· 88 Configuring SNMP basic parameters ·························································································································· 88 Configuring SNMPv3 basic parameters ············································································································· 88 Configuring SNMPv1 or SNMPv2c bas
Traffic mirroring configuration task list ······················································································································ 125 Configuring match criteria ·········································································································································· 125 Configuring different types of traffic mirroring ········································································································· 126 Mirroring traffic
IPv6 NetStream export format ···························································································································· 149 IPv6 NetStream configuration task list ······················································································································· 150 Enabling IPv6 NetStream ············································································································································ 150 Configuring IPv6 NetSt
Configuring sFlow ··················································································································································· 183 Configuring the sFlow agent and sFlow collector information ················································································ 183 Configuring flow sampling·········································································································································· 184 Configuring counter sampling
Using ping, tracert, and system debugging Use the ping, tracert, and system debugging utilities to test network connectivity and identify network problems. Ping The ping utility sends ICMP echo requests (ECHO-REQUEST) to the destination device. Upon receiving the requests, the destination device responds with ICMP echo replies (ECHO-REPLY) to the source device.
Figure 1 Network diagram Configuration procedure # Use the ping command on Device A to test connectivity to Device C. ping 1.1.2.2 PING 1.1.2.2: 56 data bytes, press CTRL_C to break Reply from 1.1.2.2: bytes=56 Sequence=1 ttl=254 time=205 ms Reply from 1.1.2.2: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms Reply from 1.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms --- 1.1.2.
1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 Reply from 1.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 --- 1.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/11/53 ms The test procedure with the ping –r command (see Figure 1) is as follows: 1.
Figure 2 Traceroute operation Tracert uses received ICMP error messages to get the IP addresses of devices. As shown in Figure 2, tracert works as follows: 1. The source device (Device A) sends a UDP packet with a TTL value of 1 to the destination device (Device D). The destination UDP port is not used by any application on the destination device. 2.
icmp-extensions compliant command on the devices. For more information about this command, see Layer 3—IP Services Command Reference. For an IPv6 network: • Enable sending of ICMPv6 timeout packets on the intermediate devices (devices between the source and destination devices). If the intermediate devices are HP devices, execute the ipv6 hoplimit-expires enable command on the devices. For more information about this command, see Layer 3—IP Services Command Reference.
Output of debugging information depends on the configurations of the information center and the debugging commands of each protocol and functional module. Debugging information is typically displayed on a terminal (including console or VTY). You can also send debugging information to other destinations. For more information, see "Configuring the information center.
Step 4. Command display debugging [ interface interface-type interface-number ] [ module-name ] [ | { begin | exclude | include } regular-expression ] Display the enabled debugging functions. Remarks Optional. Available in any view. Ping and tracert example Network requirements As shown in Figure 4, Router A failed to Telnet Router C. Determine whether Router A and Router C can reach each other. If they cannot reach each other, locate the failed nodes in the network.
3 * * * 4 * * * 5 The output shows that Router A and Router C cannot reach other, Router A and Router B can reach each other, and an error occurred on the connection between Router B and Router C. Use the debugging ip icmp command on Router A and Router C to verify that they can send and receive the specific ICMP packets. Or use the display ip routing-table command to verify the availability of active routes between Router A and Router C.
Configuring NQA Overview Network quality analyzer (NQA) allows you to monitor link status, measure network performance, verify the service levels for IP services and applications, and troubleshoot network problems.
Figure 6 Collaboration Application modules Detection module VRRP Associates with an NQA entry Associates with a track entry Static routing Policy-based routing Track NQA Sends the detection results Sends the track entry status Interface backup Traffic redirection The following describes how a static route destined for 192.168.0.88 is monitored through collaboration: 1. NQA monitors the reachability to 192.168.0.88. 2. When 192.168.0.
NQA configuration task list Complete the following task to configure the NQA server: Task Remarks Configuring the NQA server Required for NQA operations types of TCP, UDP echo, UDP jitter, and voice. Complete these tasks to configure the NQA client: Task Remarks Enabling the NQA client Required. Configuring an ICMP echo operation Configuring a DHCP operation Configuring a DNS operation Configuring an FTP operation Configuring an HTTP operation Required.
To configure the NQA server: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable the NQA server. nqa server enable Disabled by default. • Method 1: 3. Configure a listening service. nqa server tcp-connect ip-address port-number • Method 2: Use at least one method. nqa server udp-echo ip-address port-number Configuring the NQA client Enabling the NQA client Step Command Remarks N/A 1. Enter system view. system-view 2. Enable the NQA client.
Step 5. 6. 7. Command Specify the payload size in each ICMP echo request. Configure the string to be filled in the payload of each ICMP echo request. Specify the VPN where the operation is performed. data-size size Remarks Optional. 100 bytes by default. Optional. data-fill string By default, the string is the hexadecimal number 00010203040506070809. Optional. vpn-instance vpn-instance-name By default, the operation is performed on the public network. Optional. • Method 1: 8.
Step Command Specify an interface to perform the DHCP operation. 4. operation interface interface-type interface-number Remarks By default, no interface is specified to perform a DHCP operation. The specified interface must be up. Otherwise, no probe packets can be sent out. Configuring a DNS operation A DNS operation measures the time the NQA client uses to translate a domain name into an IP address through a DNS server.
Step Command Remarks 1. Enter system view. system-view N/A 2. Create an NQA operation and enter NQA operation view. nqa entry admin-name operation-tag By default, no NQA operation is created. 3. Specify the FTP type and enter its view. type ftp N/A 4. Specify the IP address of the FTP server as the destination address of FTP request packets. destination ip ip-address By default, no destination IP address is configured. By default, no source IP address is specified. 5.
Step Command Remarks 3. Specify the HTTP type and enter its view. type http N/A 4. Configure the IP address of the HTTP server as the destination address of HTTP request packets. destination ip ip-address By default, no destination IP address is configured. Optional. 5. Configure the source IP address of request packets. By default, no source IP address is specified. source ip ip-address The source IP address must be the IP address of a local interface. The local interface must be up.
Step Command Remarks 1. Enter system view. system-view N/A 2. Create an NQA operation and enter NQA operation view. nqa entry admin-name operation-tag By default, no NQA operation is created. 3. Specify the UDP jitter type and enter its view. type udp-jitter N/A 4. Configure the destination address of UDP packets. By default, no destination IP address is configured. destination ip ip-address By default, no destination port number is configured. 5.
NOTE: The display nqa history command does not show the results of the UDP jitter operation. Use the display nqa result command to display the results, or use the display nqa statistics command to display the statistics of the operation. Configuring an SNMP operation An SNMP operation measures the time the NQA client uses to get a value from an SNMP agent. To configure an SNMP operation: Step Command Remarks 1. Enter system view. system-view N/A 2.
Step Command Remarks 2. Create an NQA operation and enter NQA operation view. nqa entry admin-name operation-tag By default, no NQA operation is created. 3. Specify the TCP type and enter its view. type tcp N/A By default, no destination IP address is configured. 4. 5. Configure the destination address of TCP packets. Configure the destination port of TCP packets.
Step Command Remarks By default, no destination IP address is configured. 4. Configure the destination address of UDP packets. destination ip ip-address By default, no destination port number is configured. 5. Configure the destination port of UDP packets. destination port port-number 6. Configure Payload size in each UDP packet. data-size size 7. 8. Configure the string to be filled in the payload of each UDP packet. Specify the source port of UDP packets.
The following parameters that reflect VoIP network performance can be calculated by using the metrics gathered by the voice operation: • Calculated Planning Impairment Factor (ICPIF)—Measures impairment to voice quality in a VoIP network. It is decided by packet loss and delay. A higher value represents a lower service quality. • Mean Opinion Scores (MOS)—A MOS value can be evaluated by using the ICPIF value, in the range of 1 to 5. A higher value represents a higher service quality.
Step Command Remarks Optional. By default, no source IP address is specified. 8. Specify the source IP address of voice packets. source ip ip-address 9. Specify the source port number of voice packets. source port port-number The source IP address must be the IP address of a local interface. The local interface must be up. Otherwise, no voice packets can be sent out. Optional. By default, no source port number is specified. Optional. 10. Configure the payload size in each voice packet.
Step Command Remarks 2. Create an NQA operation and enter NQA operation view. nqa entry admin-name operation-tag By default, no NQA operation is created. 3. Specify the DLSw type and enter its view. type dlsw N/A 4. Configure the destination address of probe packets. destination ip ip-address By default, no destination IP address is configured. Optional. Configure the source IP address of probe packets. 5. By default, no source IP address is specified.
Step Command Remarks Optional. 5. Specify the interval at which the NQA operation repeats. frequency interval By default, the interval is 0 milliseconds. Only one operation is performed. If the operation is not completed when the interval expires, the next operation does not start. Optional. 6. Specify the probe times. probe count times By default, an NQA operation performs one probe. The voice operation can perform only one probe, and does not support this command. Optional. 7.
Step Command Remarks 2. Create an NQA operation and enter NQA operation view. nqa entry admin-name operation-tag By default, no NQA operation is created. 3. Specify an NQA operation type and enter its view. type { dhcp | dlsw | dns | ftp | http | icmp-echo | snmp | tcp | udp-echo } The collaboration function is not available for the UDP jitter and voice operations. • The trigger action only: 4. Configure a reaction entry.
{ trap-only—NQA displays results on the terminal screen, and meanwhile it sends traps to the NMS. The DNS operation does not support the action of sending trap messages. 3. Reaction entry In a reaction entry, a monitored element, a threshold type, and an action to be triggered are configured to implement threshold monitoring. The state of a reaction entry can be invalid, over-threshold, or below-threshold. { { Before an NQA operation starts, the reaction entry is in invalid state.
Step Command Remarks • Enable sending traps to the NMS when specified conditions are met: reaction trap { probe-failure consecutive-probe-failures | test-complete | test-failure cumulate-probe-failures } • Configure a reaction entry for monitoring the duration of an NQA operation (not supported in UDP jitter and voice operations): reaction item-number checked-element probe-duration threshold-type { accumulate accumulate-occurrences | average | consecutive consecutive-occurrences } threshold-value upper
Configuring the NQA statistics function NQA collects statistics for an operation in a statistics group. To view information about the statistics groups, use the display nqa statistics command. To set the interval for collecting statistics, use the statistics interval command. If a new statistics group is to be saved when the number of statistics groups reaches the upper limit, the oldest statistics group is deleted.
To configure the history records saving function: Step Command Remarks 1. Enter system view. system-view N/A 2. Create an NQA operation and enter NQA operation view. nqa entry admin-name operation-tag By default, no NQA operation is created. 3. Enter NQA operation type view. type { dhcp | dlsw | dns | ftp | http | icmp-echo | snmp | tcp | udp-echo | udp-jitter | voice } N/A 4. Enable saving history records for the NQA operation.
Displaying and maintaining NQA Task Command Remarks Display history records of NQA operations. display nqa history [ admin-name operation-tag ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display the current monitoring results of reaction entries. display nqa reaction counters [ admin-name operation-tag [ item-number ] ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display the result of the specified NQA operation.
NQA configuration examples ICMP echo operation configuration example Network requirements As shown in Figure 7, configure and schedule an ICMP echo operation from the NQA client Router A to Router B through Router C to test the round-trip time. Figure 7 Network diagram Configuration procedure # Assign each interface an IP address. (Details not shown.) # Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.
# Enable saving history records and configure the maximum number of history records that can be saved as 10. [RouterA-nqa-admin-test1-icmp-echo] history-record enable [RouterA-nqa-admin-test1-icmp-echo] history-record number 10 [RouterA-nqa-admin-test1-icmp-echo] quit # Start the ICMP echo operation. [RouterA] nqa schedule admin test1 start-time now lifetime forever # Stop the ICMP echo operation after a period of time.
DHCP operation configuration example Network requirements As shown in Figure 8, configure and schedule a DHCP operation to test the time required for Router A to obtain an IP address from the DHCP server (Router B). Figure 8 Network diagram NQA client DHCP server GE2/0/1 10.1.1.1/16 GE2/0/1 10.1.1.2/16 Router A Router B Configuration procedure # Create a DHCP operation to be performed on interface GigabitEthernet 2/0/1.
1 512 Succeeded 2011-11-22 09:54:03.8 The output shows that Router A uses 512 milliseconds to obtain an IP address from the DHCP server. DNS operation configuration example Network requirements As shown in Figure 9, configure a DNS operation to test whether Router A can translate the domain name host.com into an IP address through the DNS server, and test the time required for resolution. Figure 9 Network diagram Configuration procedure # Assign each interface an IP address. (Details not shown.
Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 # Display the history records of the DNS operation. [RouterA] display nqa history admin test1 NQA entry (admin admin, tag test1) history record(s): Index Response Status Time 1 62 Succeeded 2011-11-10 10:49:37.
[RouterA-nqa-admin-test1-ftp] filename config.txt # Enable the saving of history records. [RouterA-nqa-admin-test1-ftp] history-record enable [RouterA-nqa-admin-test1-ftp] quit # Start the FTP operation. [RouterA] nqa schedule admin test1 start-time now lifetime forever # Stop the FTP operation after a period of time. [RouterA] undo nqa schedule admin test1 # Display the results of the FTP operation.
Configuration procedure # Assign each interface an IP address. (Details not shown.) # Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) # Create an HTTP operation. system-view [RouterA] nqa entry admin test1 [RouterA-nqa-admin-test1] type http # Specify the IP address of the HTTP server 10.2.2.2 as the destination IP address. [RouterA-nqa-admin-test1-http] destination ip 10.2.2.
NQA entry (admin admin, tag test1) history record(s): Index Response Status Time 1 64 Succeeded 2011-11-22 10:12:47.9 The output shows that Router A uses 64 milliseconds to obtain data from the HTTP server. UDP jitter operation configuration example Network requirements As shown in Figure 12, configure a UDP jitter operation to test the jitter, delay, and round-trip time between Router A and Router B. Figure 12 Network diagram Configuration procedure 1. Assign each interface an IP address.
Destination IP address: 10.2.2.2 Send operation times: 10 Receive response times: 10 Min/Max/Average round trip time: 15/32/17 Square-Sum of round trip time: 3235 Last succeeded probe time: 2008-05-29 13:56:17.
Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 UDP-jitter results: RTT number: 410 Min positive SD: 3 Min positive DS: 1 Max positive SD: 30 Max positive DS: 79 Positive SD number: 186 Positive DS number: 158 Positive SD sum: 2602 Positive DS sum: 1928 Positive SD average: 13 Positive DS average: 12 Positive SD square sum: 45304 P
# Enable the SNMP agent, and set the SNMP version to all, the read community to public, and the write community to private. system-view [RouterB] snmp-agent sys-info version all [RouterB] snmp-agent community read public [RouterB] snmp-agent community write private 4. Configure Router A: # Create an SNMP operation and configure 10.2.2.2 as the destination IP address.
TCP operation configuration example Network requirements As shown in Figure 14, configure a TCP operation to test the time the NQA client uses to establish a TCP connection to the NQA server on Router B. Figure 14 Network diagram Configuration procedure 1. Assign each interface an IP address. (Details not shown.) 2. Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) 3.
Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 # Display the history records of the TCP operation. [RouterA] display nqa history admin test1 NQA entry (admin admin, tag test1) history record(s): Index 1 Response Status 13 Time Succeeded 2011-11-22 10:27:25.
[RouterA-nqa-admin-test1-udp-echo] destination port 8000 # Enable the saving of history records. [RouterA-nqa-admin-test1-udp-echo] history-record enable [RouterA-nqa-admin-test1-udp-echo] quit # Start the UDP echo operation. [RouterA] nqa schedule admin test1 start-time now lifetime forever # Stop the UDP echo operation after a period of time. [RouterA] undo nqa schedule admin test1 # Display the results of the UDP echo operation.
2. Configure static routes or a routing protocol to make sure the devices can reach each other. (Details not shown.) 3. Configure Router B: # Enable the NQA server, and configure a listening service to listen on IP address 10.2.2.2 and UDP port 9000. system-view [RouterB] nqa server enable [RouterB] nqa server udp-echo 10.2.2.2 9000 4. Configure Router A: # Create a voice operation. system-view [RouterA] nqa entry admin test1 [RouterA-nqa-admin-test1] type voice # Configure 10.2.2.
Max negative SD: 203 Max negative DS: 1297 Negative SD number: 255 Negative DS number: 259 Negative SD sum: 759 Negative DS sum: 1796 Negative SD average: 2 Negative DS average: 6 Negative SD square sum: 53655 Negative DS square sum: 1691776 One way results: Max SD delay: 343 Max DS delay: 985 Min SD delay: 343 Min DS delay: 985 Number of SD delay: 1 Number of DS delay: 1 Sum of SD delay: 343 Sum of DS delay: 985 Square sum of SD delay: 117649 Square sum of DS delay: 970225 SD lost packe
One way results: Max SD delay: 359 Max DS delay: 985 Min SD delay: 0 Min DS delay: 0 Number of SD delay: 4 Number of DS delay: 4 Sum of SD delay: 1390 Sum of DS delay: 1079 Square sum of SD delay: 483202 Square sum of DS delay: 973651 SD lost packet(s): 0 DS lost packet(s): 0 Lost packet(s) for unknown reason: 0 Voice scores: Max MOS value: 4.38 Min MOS value: 4.
Square-Sum of round trip time: 361 Last succeeded probe time: 2011-11-22 10:40:27.7 Extended results: Packet loss in test: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 # Display the history records of the DLSw operation.
# Configure the NQA operation type as ICMP echo. [RouterA-nqa-admin-test1] type icmp-echo # Configure 10.2.2.1 as the destination IP address. [RouterA-nqa-admin-test1-icmp-echo] destination ip 10.2.1.1 # Configure the operation to repeat at an interval of 100 milliseconds. [RouterA-nqa-admin-test1-icmp-echo] frequency 100 # Create reaction entry 1. If the number of consecutive probe failures reaches 5, collaboration is triggered.
[RouterA] display track all Track ID: 1 Status: Negative Notification delay: Positive 0, Negative 0 (in seconds) Reference object: NQA entry: admin test1 Reaction: 1 # Display brief information about active routes in the routing table on Router A. [RouterA] display ip routing-table Routing Tables: Public Destinations : 4 Destination/Mask Proto 10.2.1.0/24 10.2.1.2/32 Routes : 4 Pre Cost NextHop Interface Direct 0 0 10.2.1.2 GE2/0/1 Direct 0 0 127.0.0.1 InLoop0 127.0.0.
Configuring NTP You must synchronize your device with a trusted time source by using the Network Time Protocol (NTP) or changing the system time before you run it on a live network. Various tasks, including network management, charging, auditing, and distributed computing depend on an accurate system time setting, because the timestamps of system messages and logs use the system time. Overview NTP is typically used in large networks to dynamically synchronize time among network devices.
How NTP works Figure 19 shows how NTP synchronizes the system time between two devices, in this example, Device A and Device B. Assume that: • Prior to the time synchronization, the time of Device A is set to 10:00:00 am and that of Device B is set to 11:00:00 am. • Device B is used as the NTP server. Device A is to be synchronized to Device B. • It takes 1 second for an NTP message to travel from Device A to Device B, and from Device B to Device A.
NTP message format All NTP messages mentioned in this document refer to NTP clock synchronization messages. NTP uses two types of messages: clock synchronization messages and NTP control messages. NTP control messages are used in environments where network management is needed. Because NTP control messages are not essential for clock synchronization, they are not described in this document. A clock synchronization message is encapsulated in a UDP message, as shown in Figure 20.
• Stratum—An 8-bit integer that indicates the stratum level of the local clock, taking the value of 1 to 16. Clock precision decreases from stratum 1 through stratum 16. A stratum 1 clock has the highest precision, and a stratum 16 clock is not synchronized. • Poll—An 8-bit signed integer that indicates the maximum interval between successive messages, which is called the poll interval. • Precision—An 8-bit signed integer that indicates the precision of the local clock.
(server mode). Upon receiving the replies from the servers, the client performs clock filtering and selection and synchronizes its local clock to that of the optimal reference source. In client/server mode, a client can be synchronized to a server, but not vice versa. Symmetric peers mode Figure 22 Symmetric peers mode In symmetric peers mode, devices that operate in symmetric active mode and symmetric passive mode exchange NTP messages with the Mode field 3 (client mode) and 4 (server mode).
The client continues listening to broadcast messages and synchronizes its local clock based on the received broadcast messages. Multicast mode Figure 24 Multicast mode In multicast mode, a server periodically sends clock synchronization messages to the user-configured multicast address, or, if no multicast address is configured, to the default NTP multicast address 224.0.1.1, with the Mode field in the messages set to 5 (multicast mode). Clients listen to the multicast messages from servers.
Figure 25 Network diagram NTP configuration task list Task Remarks Configuring NTP operation modes Required. Configuring the local clock as a reference source Optional. Configuring optional parameters for NTP Optional. Configuring access-control rights Optional. Configuring NTP authentication Optional. Configuring NTP operation modes Devices can implement clock synchronization in one of the following modes: • Client/server mode—Configure only clients.
Step 1. 2. Command Remarks Enter system view. system-view N/A By default, no NTP server is specified. Specify an NTP server for the device. ntp-service unicast-server [ vpn-instance vpn-instance-name ] { ip-address | server-name } [ authentication-keyid keyid | priority | source-interface interface-type interface-number | version number ] * You can configure multiple servers by repeating the command. The clients will select the optimal reference source.
Configuring a broadcast client Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number This command enters the view of the interface for sending NTP broadcast messages. 3. Configure the device to operate in NTP broadcast client mode. ntp-service broadcast-client N/A Command Remarks Configuring the broadcast server Step 1. Enter system view. system-view N/A 2. Enter interface view.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number This command enters the view of the interface for sending NTP multicast messages. 3. Configure the device to operate in NTP multicast server mode. ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ] * A multicast server can synchronize broadcast clients only when its clock has been synchronized.
Configuration guidelines • The source interface for NTP unicast messages is the interface specified in the ntp-service unicast-server or ntp-service unicast-peer command. • The source interface for NTP broadcast or multicast messages is the interface where you configure the ntp-service broadcast-server or ntp-service multicast-server command. • If the specified source interface goes down, NTP uses the primary IP address of the outgoing interface as the source IP address.
symmetric-passive peer side. In broadcast or multicast mode, static associations are created at the server side, and dynamic associations are created at the client side. To configure the allowed maximum number of dynamic sessions: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the maximum number of dynamic sessions allowed to be established locally. ntp-service max-dynamic-sessions number The default is 100.
Step Configure the NTP service access-control right for a peer device to access the local device. 2. Command Remarks ntp-service access { peer | query | server | synchronization } acl-number The default is peer. Configuring NTP authentication Enable NTP authentication for a system running NTP in a network where there is a high security demand.
Step Associate the specified key with an NTP server. 5. Command Remarks ntp-service unicast-server { ip-address | server-name } authentication-keyid keyid You can associate a non-existing key with an NTP server. To enable NTP authentication, you must configure the key and specify it as a trusted key after associating the key with the NTP server. Configuring NTP authentication for a server Step Command Remarks 1. Enter system view. system-view N/A 2. Enable NTP authentication.
Step Command Remarks Enable NTP authentication. ntp-service authentication enable By default, NTP authentication is disabled. 3. Configure an NTP authentication key. ntp-service authentication-keyid keyid authentication-mode md5 [ cipher | simple ] value 4. Configure the key as a trusted key. ntp-service reliable authentication-keyid keyid By default, no authentication key is configured to be trusted.
Step Command Remarks By default, NTP authentication is disabled. 2. Enable NTP authentication. ntp-service authentication enable 3. Configure an NTP authentication key. ntp-service authentication-keyid keyid authentication-mode md5 [ cipher | simple ] value Configure the key as a trusted key. ntp-service reliable authentication-keyid keyid 4. By default, no NTP authentication key is configured. Configure the same authentication key on the client and server.
Step 3. 4. Command Configure an NTP authentication key. ntp-service authentication-keyid keyid authentication-mode md5 [ cipher | simple ] value Configure the key as a trusted key. ntp-service reliable authentication-keyid keyid Remarks By default, no NTP authentication key is configured. Configure the same authentication key on the client and server. By default, no authentication key is configured to be trusted. Configuring NTP authentication for a multicast server Step Command Remarks 1.
NTP configuration examples NTP client/server mode configuration example Network requirements Perform the following configurations to synchronize the time between Router B and Router A: • As shown in Figure 26, the local clock of Router A is to be used as a reference source, with the stratum level 2. • Router B operates in client/server mode and Router A is to be used as the NTP server of Router B. Figure 26 Network diagram Configuration procedure 1.
Nominal frequency: 64.0000 Hz Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 1.05 ms Peer dispersion: 7.81 ms Reference time: 14:53:27.371 UTC Sep 19 2005 (C6D94F67.5EF9DB22) The output shows that Router B has synchronized to Router A. The stratum level of Router B is 3, and that of Router A is 2. # Display the NTP session information of Router B, which shows that an association has been set up between Router B and Router A.
Configuration procedure 1. Set the IP address for each interface as shown in Figure 27. (Details not shown.) 2. Configure Router A: # Specify the local clock as the reference source, with the stratum level 2. system-view [RouterA] ntp-service refclock-master 2 3. Configure Router B: # Specify Router A as the NTP server of Router B. system-view [RouterB] ntp-service unicast-server 3.0.1.31 4.
NTP broadcast mode configuration example Network requirements As shown in Figure 28, Router C functions as the NTP server for multiple devices on a network segment and synchronizes the time among multiple devices. • Router C’s local clock is to be used as a reference source, with the stratum level 2. • Router C operates in broadcast server mode and sends broadcast messages from GigabitEthernet 2/0/1.
# Configure Router B to operate in broadcast client mode and receive broadcast messages on GigabitEthernet 2/0/1. system-view [RouterB] interface gigabitethernet 2/0/1 [RouterB-GigabitEthernet2/0/1] ntp-service broadcast-client Router A and Router B get synchronized upon receiving a broadcast message from Router C. # Take Router A as an example. Display the NTP status of Router A after clock synchronization.
Figure 29 Network diagram Configuration procedure 1. Set the IP address for each interface as shown in Figure 29. (Details not shown.) 2. Configure Router C: # Specify the local clock as the reference source, with the stratum level 2. system-view [RouterC] ntp-service refclock-master 2 # Configure Router C to operate in multicast server mode and send multicast messages through GigabitEthernet 2/0/1.
Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.30 ms Reference time: 16:01:51.713 UTC Sep 19 2005 (C6D95F6F.B6872B02) The output shows that Router D has synchronized to Router C. The stratum level of Router D is 3, and that of Router C is 2. # Display the NTP session information of Router D, which shows that an association has been set up between Router D and Router C.
# Display the NTP session information of Router A, which shows that an association has been set up between Router A and Router C. [RouterA-GigabitEthernet2/0/1] display ntp-service sessions source reference stra reach poll now offset delay disper ************************************************************************** [1234] 3.0.1.31 127.127.1.0 2 255 64 26 -16.0 40.0 16.
4. Perform the following configuration on Router A: # Enable NTP authentication. [RouterA] ntp-service authentication enable # Set an authentication key. [RouterA] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey # Specify the key as a trusted key. [RouterA] ntp-service reliable authentication-keyid 42 # Display the NTP status of Router B after clock synchronization. [RouterB] display ntp-service status Clock status: synchronized Clock stratum: 3 Reference clock ID: 1.0.1.
Figure 31 Network diagram Configuration procedure 1. Set the IP address for each interface as shown in Figure 31. (Details not shown.) 2. Configure Router A: # Configure Router A to operate in NTP broadcast client mode and receive NTP broadcast messages on GigabitEthernet 2/0/1. system-view [RouterA] interface gigabitethernet 2/0/1 [RouterA-GigabitEthernet2/0/1] ntp-service broadcast-client 3. Configure Router B: # Enable NTP authentication on Router B.
[RouterC-GigabitEthernet2/0/1] quit # Router A synchronizes its local clock based on the received broadcast messages sent from Router C. # Display NTP service status information on Router A. [RouterA-GigabitEthernet2/0/1] display ntp-service status Clock status: synchronized Clock stratum: 4 Reference clock ID: 3.0.1.31 Nominal frequency: 64.0000 Hz Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.
[RouterC-GigabitEthernet2/0/1] ntp-service broadcast-server authentication-keyid 88 # After NTP authentication is enabled on Router C, Router B can synchronize to Router C. Display NTP service status information on Router B. [RouterB-GigabitEthernet2/0/1] display ntp-service status Clock status: synchronized Clock stratum: 4 Reference clock ID: 3.0.1.31 Nominal frequency: 64.0000 Hz Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.
local clock as a reference source, with the stratum level 1, configure CE 1 to operate in client/server mode, and specify VPN 1 as the target VPN. MPLS L3VPN time synchronization can be implemented only in the unicast mode (client/server mode or symmetric peers mode), but not in the multicast or broadcast mode. Figure 32 Network diagram Device Interface IP address Device Interface IP address CE 1 GE2/0/0 10.1.1.1/24 PE 1 GE2/0/0 10.1.1.2/24 CE 2 GE2/0/0 10.2.1.1/24 GE2/0/1 172.1.1.
# Display the NTP session information and status information on PE 2 a certain period of time later. The information should show that PE 2 has been synchronized to CE 1, with the stratum level 2. [PE2] display ntp-service status Clock status: synchronized Clock stratum: 2 Reference clock ID: 10.1.1.1 Nominal frequency: 63.9100 Hz Actual frequency: 63.9100 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 47.00 ms Root dispersion: 0.18 ms Peer dispersion: 34.29 ms Reference time: 02:36:23.
[PE1] display ntp-service status Clock status: synchronized Clock stratum: 2 Reference clock ID: 10.1.1.1 Nominal frequency: 63.9100 Hz Actual frequency: 63.9100 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 32.00 ms Root dispersion: 0.60 ms Peer dispersion: 7.81 ms Reference time: 02:44:01.200 UTC Jan 1 2001(BDFA6D71.
Configuring IPC This chapter provides an overview of Inter-Process Communication (IPC) and describes the IPC monitoring commands. Overview IPC provides a reliable communication mechanism among processing units, typically CPUs. IPC is typically used on a distributed device to provide reliable inter-card or inter-device transmission. This section describes the basic IPC concepts. Node An IPC node is an independent IPC-capable processing unit, typically, a CPU.
C ha nn el 2 Figure 33 Relationship between a node, link and channel Link Packet sending modes IPC uses one of the following modes to send packets for upper layer application modules: • Unicast—One node sends packets to another node. • Multicast—One node sends packets to several other nodes. This mode includes broadcast, a special multicast. To use multicast mode, an application module must create a multicast group that includes a set of nodes.
Displaying and maintaining IPC Task Command Remarks Display IPC node information. display ipc node [ | { begin | exclude | include } regular-expression ] Available in any view. Display channel information for a node. display ipc channel { node node-id | self-node } [ | { begin | exclude | include } regular-expression ] Available in any view. Display queue information for a node.
Configuring SNMP This chapter provides an overview of the Simple Network Management Protocol (SNMP) and guides you through the configuration procedure. Overview SNMP is an Internet standard protocol widely used for a management station to access and operate the devices on a network, regardless of their vendors, physical characteristics and interconnect technologies.
Figure 35 MIB tree A MIB view represents a set of MIB objects (or MIB object hierarchies) with certain access privilege and is identified by a view name. The MIB objects included in the MIB view are accessible while those excluded from the MIB view are inaccessible. A MIB view can have multiple view records each identified by a view-name oid-tree pair. You control access to the MIB by assigning MIB views to SNMP groups or communities.
SNMP configuration task list Task Remarks Configuring SNMP basic parameters Required. Configuring SNMP logging Optional. Configuring SNMP traps Optional. Configuring SNMP basic parameters SNMPv3 differs from SNMPv1 and SNMPv2c in many ways. Their configuration procedures are described in separate sections. Configuring SNMPv3 basic parameters Step 1. Enter system view. Command Remarks system-view N/A Optional. By default, the SNMP agent is disabled. 2. 3. Enable the SNMP agent.
Step Command Remarks Optional. By default, the MIB view ViewDefault is predefined and its OID is 1. Each view-name oid-tree pair represents a view record. If you specify the same record with different MIB subtree masks multiple times, the last configuration takes effect. Except the four subtrees in the default MIB view, you can create up to 16 unique MIB view records. Create or update a MIB view.
Step Command Remarks 3. Configure system information for the SNMP agent. snmp-agent sys-info { contact sys-contact | location sys-location | version { all | { v1 | v2c | v3 }* } } 4. Configure the local engine ID. snmp-agent local-engineid engineid The defaults are as follows: • Contact—Null. • Location—Null. • Version—SNMPv3. Optional. The default local engine ID is the company ID plus the device ID. Optional. By default, the MIB view ViewDefault is predefined and its OID is 1. 5.
IMPORTANT: Disable SNMP logging in normal cases to prevent a large amount of SNMP logs from decreasing device performance. The SNMP logging function logs Get requests, Set requests, and Set responses, but does not log Get responses. • Get operation—The agent logs the IP address of the NMS, name of the accessed node, and node OID. • Set operation—The agent logs the NMS' IP address, name of accessed node, node OID, variable value, and error code and index for the Set operation.
Step Command Remarks Enter system view. system-view N/A 2. Enable traps globally.
Step Command Remarks Optional. By default, standard linkUp/linkDown traps are used. 4. Extend the standard linkUp/linkDown traps. snmp-agent trap if-mib link extended Extended linkUp/linkDown traps add interface description and interface type to standard linkUp/linkDown traps. If the NMS does not support extended SNMP messages, use standard linkUp/linkDown traps. Optional. 5. Configure the trap queue size. The default trap queue size is 100.
Task Command Remarks Display SNMPv1 or SNMPv2c community information. display snmp-agent community [ read | write ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display MIB view information. display snmp-agent mib-view [ exclude | include | viewname view-name ] [ | { begin | exclude | include } regular-expression ] Available in any view. SNMP configuration examples This section gives examples of configuring SNMPv1 or SNMPv2c, SNMPv3, and SNMP logging.
# Configure the SNMP version for the NMS as v1 or v2c, create a read-only community and name it public, and create a read and write community and name it private. For more information about configuring the NMS, see the NMS manual. NOTE: The SNMP settings on the agent and the NMS must match. 3. Verify the configuration: # Try to get the count of sent traps from the agent. The attempt succeeds. Send request to 1.1.1.1/161 ... Protocol version: SNMPv1 Operation: Get Request binding: 1: 1.3.6.1.2.1.11.29.
# Configure the IP address of the agent and make sure the agent and the NMS can reach each other. (Details not shown.) # Assign the NMS read and write access to the objects under the snmp node (OID 1.3.6.1.2.1.11), and deny its access to any other MIB object.
Operation: Get Request binding: 1: 1.3.6.1.2.1.1.5.0 Response binding: 1: Oid=sysName.0 Syntax=noSuchObject Value=NULL Get finished # Execute the shutdown or undo shutdown command on an idle interface on the agent. You can see the interface state change traps on the NMS: 1.1.1.1/3374 V3 Trap = linkdown SNMP Version = V3 Community = managev3user Command = Trap 1.1.1.
[Agent] snmp-agent log get-operation [Agent] snmp-agent log set-operation # Verify the configuration: Use the NMS to get a MIB variable from the agent. The following is a sample log message displayed on the configuration terminal: %Nov 23 16:10:09:482 2011 Agent SNMP/6/SNMP_GET: -seqNO=27-srcIP=1.1.1.2-op=GET-node=sysUpTime(1.3.6.1.2.1.1.3.0)-value=-node=ifHCOutO ctets(1.3.6.1.2.1.31.1.1.1.10.1)-value=; The agent received a message. Use the NMS to set a MIB variable on the agent.
Configuring RMON Overview Remote Monitoring (RMON) is an enhancement to SNMP for remote device management and traffic monitoring. An RMON monitor, typically the RMON agent embedded in a network device, periodically or continuously collects traffic statistics for the network attached to a port, and when a statistic crosses a threshold, it logs the crossing event and sends a trap to the management station. RMON uses SNMP traps to notify NMSs of exceptional conditions.
History group The history group defines that the system periodically collects traffic statistics on interfaces and saves the statistics in the history record table (etherHistoryTable). The statistics include bandwidth utilization, number of error packets, and total number of packets. The history statistics table record traffic statistics collected for each sampling interval. The sampling interval is user-configurable.
Private alarm group The private alarm group calculates the values of alarm variables and compares the results with the defined threshold for a more comprehensive alarming function. The system handles the private alarm entry (as defined by the user) in the following ways: • Periodically samples the private alarm variables defined in the private alarm formula. • Calculates the sampled values based on the private alarm formula.
• You can configure multiple history control entries for one interface, but must make sure their entry numbers and sampling intervals are different. • The device supports up to 100 history control entries. • You can successfully create a history control entry, even if the specified bucket size exceeds the history table size supported by the device. However, the effective bucket size will be the actual value supported by the device. To configure the RMON history statistics function: Step Command 1.
Step Command Remarks • Create an entry in the alarm table: 3. Create an entry in the alarm table or private alarm table.
Task Command Remarks Display log information for event entries. display rmon eventlog [ entry-number ] [ | { begin | exclude | include } regular-expression ] Available in any view. Ethernet statistics group configuration example Network requirements Configure the RMON statistics group on the RMON agent in Figure 40 to gather cumulative traffic statistics for GigabitEthernet 2/0/1.
History group configuration example Network requirements Configure the RMON history group on the RMON agent in Figure 41 to gather periodical traffic statistics for GigabitEthernet 2/0/1 every 1 minute. Figure 41 Network diagram Configuration procedure # Configure the RMON history group on the RMON agent to gather traffic statistics every 1 minute for GigabitEthernet 2/0/1. Retain up to eight records for the interface in the history statistics table.
undersize packets : 0 , oversize packets : 0 fragments : 0 , jabbers : 0 collisions : 0 , utilization : 0 Sampled values of record 4 : dropevents : 0 , octets : 933 packets : 8 , broadcast packets : 0 multicast packets : 7 , CRC alignment errors : 0 undersize packets : 0 , oversize packets : 0 fragments : 0 , jabbers : 0 collisions : 0 , utilization : 0 Sampled values of record 5 : dropevents : 0 , octets : 898 packets : 9 , broadcast packets : 2 multicast packets : 6
Figure 42 Network diagram Configuration procedure # Configure the SNMP agent with the same SNMP settings as the NMS at 1.1.1.2. This example uses SNMPv1, read community public, and write community private. system-view [Sysname] snmp-agent [Sysname] snmp-agent community read public [Sysname] snmp-agent community write private [Sysname] snmp-agent sys-info version v1 [Sysname] snmp-agent trap enable [Sysname] snmp-agent target-host trap address udp-domain 1.1.1.
etherStatsOctets : 57329 , etherStatsPkts etherStatsBroadcastPkts : 53 , etherStatsMulticastPkts : 353 etherStatsUndersizePkts : 0 , etherStatsOversizePkts : 0 etherStatsFragments : 0 , etherStatsJabbers : 0 , etherStatsCollisions : 0 etherStatsCRCAlignErrors : 0 : 455 etherStatsDropEvents (insufficient resources): 0 Packets received according to length: 64 : 7 , 65-127 : 413 256-511: 0 , 512-1023: 0 , 128-255 : 35 , 1024-1518: 0 # Query alarm events on the NMS.
Configuring sampler Overview A sampler samples packets. The sampler selects a packet from among sequential packets, and it sends the packet to the service module for processing. The following sampling modes are available: • Fixed mode—The first packet is selected from among sequential packets in each sampling. • Random mode—Any packet might be selected from among sequential packets in each sampling. A sampler can be used to sample packets for NetStream.
Sampler configuration example Network requirements As shown in Figure 43, configure IPv4 NetStream on Router A to collect statistics on incoming and outgoing traffic on GigabitEthernet 2/0/0. The NetStream data is sent to port 5000 on the NSC at 12.110.2.2/16. Do the following: • Configure fixed sampling in the inbound direction to select the first packet from among 256 packets. • Configure random sampling in the outbound direction to select one packet randomly from among 1024 packets.
[RouterA-GigabitEthernet2/0/1] quit # Configure the address and port number of NSC as the destination host for the NetStream data export, leaving the default for the source interface. [RouterA] ip netstream export host 12.110.2.2 5000 Verifying the configuration # Execute the display sampler command on Router A to view the configuration and running information about sampler 256.
Configuring port mirroring Overview Port mirroring refers to copying packets that are passing through a port to a monitor port that is connected to a monitoring device for packet analysis. Terminologies of port mirroring Mirroring source The mirroring source can be one or more monitored ports. Packets (called "mirrored packets") passing through them are copied to a port that is connected to a monitoring device for packet analysis.
Port mirroring classification and implementation Port mirroring includes local port mirroring and remote port mirroring based on whether the mirroring source and the mirroring destination are on the same device. Local port mirroring In local port mirroring, the mirroring source and mirroring destination are on the same device, and the source device is directly connected to the data monitoring device and can act as the destination device to forward mirrored packets to the data monitoring device.
Figure 45 Layer 2 remote port mirroring implementation As shown in Figure 45, the source device copies packets received on the source port Ethernet 1/1 to the egress port Ethernet 1/2. The egress port forwards the packets to the intermediate devices, which then broadcast the packets in the remote probe VLAN and transmit the packets to the destination device. Upon receiving the mirrored packets, the destination device checks whether their VLAN IDs are the same as the remote probe VLAN ID.
Complete these tasks to configure local port mirroring: Task Remarks Creating a local mirroring group Required. Configuring source ports for the local mirroring group Required. Configuring the monitor port for the local mirroring group Required. Creating a local mirroring group Local port mirroring takes effect only when the source ports and the monitor port are configured. To create a local mirroring group: Step Command Remarks 1. Enter system view. system-view N/A 2.
Step Configure the current port as a source port. 3. Command Remarks [ mirroring-group group-id ] mirroring-port { both | inbound | outbound } By default, a port does not serve as a source port for any mirroring group. Configuring the monitor port for the local mirroring group CAUTION: Do not enable the spanning tree feature on the monitor port.
Feature 6602 HSR6602 6604/6608/6616 Layer 2 remote mirroring No No Yes only when SAP modules are operating in bridge mode Configuration task list To configure Layer 2 remote port mirroring, configure remote mirroring groups. When doing that, configure the remote source group on the source device, and configure the cooperating remote destination group on the destination device. If an intermediate device exists, configure the intermediate devices to allow the remote probe VLAN to pass through.
Configuring source ports for the remote source group CAUTION: • A mirroring group can contain multiple source ports. • Do not assign a source port to the remote probe VLAN. Either you can configure a list of source ports for a mirroring group in system view, or you can assign only the current port as a source port in interface view. The two configuration modes lead to the same result. To configure source ports for the remote source group in system view: Step Command Remarks 1. Enter system view.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the current port as the egress port. mirroring-group group-id monitor-egress By default, a port does not serve as the egress port for any remote source group. Configuring the remote probe VLAN for the remote source group Before configuring a remote probe VLAN, create a static VLAN that serves as the remote probe VLAN for the remote source group.
• HP recommends that you use a monitor port only for port mirroring. This is to make sure that the data monitoring device receives and analyzes only the mirrored traffic rather than a mix of mirrored traffic and correctly forwarded traffic. • A mirroring group contains only one monitor port. To configure the monitor port for the remote destination group in system view: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the monitor port.
Step Command Remarks • For an access port: Use one of the commands. port access vlan vlan-id Assign the port to the probe VLAN. 3. • For a trunk port: port trunk permit vlan vlan-id • For a hybrid port: port hybrid vlan vlan-id { tagged | untagged } For more information about the port access vlan, port trunk permit vlan, and port hybrid vlan commands, see Layer 2—LAN Switching Command Reference.
Configuration procedure # Create local mirroring group 1. system-view [RouterA] mirroring-group 1 local # Configure GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 as source ports, and configure GigabitEthernet 2/0/3 as the monitor port. [RouterA] mirroring-group 1 mirroring-port gigabitethernet 2/0/1 gigabitethernet 2/0/2 both [RouterA] mirroring-group 1 monitor-port gigabitethernet 2/0/3 # Disable the spanning tree feature on the monitor port GigabitEthernet 2/0/3.
Configuration procedure 1. Configure Router A (the source device): # Create a remote source group. system-view [RouterA] mirroring-group 1 remote-source # Create VLAN 2. [RouterA] vlan 2 [RouterA-vlan2] quit # Configure VLAN 2 as the remote probe VLAN, GigabitEthernet 2/0/1 as a source port in the mirroring group, and GigabitEthernet 2/0/2 as the egress port.
# Create VLAN 2. [RouterC] vlan 2 [RouterC-vlan2] quit # Configure VLAN 2 as the remote probe VLAN, and configure GigabitEthernet 2/0/2 as the monitor port in the mirroring group, disable the spanning tree feature on GigabitEthernet 2/0/2, and assign the port to VLAN 2.
Configuring traffic mirroring This feature is supported only when SAP modules are operating in bridge mode. Overview Traffic mirroring copies specified packets to a specific destination for packet analysis and monitoring. Traffic mirroring is implemented through QoS policies. In other words, you define traffic classes and configure match criteria to classify packets to be mirrored, and then you configure traffic behaviors to mirror packets that fit the match criteria to the specified destination.
Step 3. Configure match criteria. Command Remarks if-match [ not ] match-criteria By default, no match criterion is configured in a traffic class. For more information about the traffic classifier and if-match commands, see ACL and QoS Command Reference. Configuring different types of traffic mirroring In a traffic behavior, you can configure only one type of traffic mirroring. Mirroring traffic to an interface To mirror traffic to an interface: Step 1. Enter system view.
Configuring a QoS policy Step Command Remarks 1. Enter system view. system-view N/A 2. Create a policy and enter policy view. qos policy policy-name By default, no policy exists. 3. Associate a class with a traffic behavior in the QoS policy. classifier tcl-name behavior behavior-name By default, no traffic behavior is associated with a class. For more information about the qos policy and classifier behavior commands, see ACL and QoS Command Reference.
Step Command 1. Enter system view. system-view 2. Apply a QoS policy to a VLAN. qos vlan-policy policy-name vlan vlan-id-list { inbound | outbound } For more information about the qos vlan-policy command, see ACL and QoS Command Reference. Displaying and maintaining traffic mirroring Task Command Remarks Display user-defined traffic behavior configuration. display traffic behavior user-defined [ behavior-name ] [ | { begin | exclude | include } regular-expression ] Available in any view.
Figure 48 Network diagram Configuration procedure 1. Monitor the traffic sent by the technical department to access the Internet: # Create ACL 3000 to allow packets from the technical department (on subnet 192.168.2.0/24) to access the Internet. system-view [RouterA] acl number 3000 [RouterA-acl-adv-3000] rule permit tcp source 192.168.2.0 0.0.0.255 destination-port eq www [RouterA-acl-adv-3000] quit # Create traffic class tech_c, and then configure the match criterion as ACL 3000.
# Configure a time range named work to cover the time from 8: 00 to 18: 00 in working days. [RouterA] time-range work 8:0 to 18:0 working-day # Create ACL 3001 to allow packets sent from the technical department (on subnet 192.168.2.0/24) to the marketing department (on subnet 192.168.1.0/24). [RouterA] acl number 3001 [RouterA-acl-adv-3001] rule permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.
Configuring NetStream Overview Conventional ways to collect traffic statistics, like SNMP and port mirroring, cannot provide precise network management because of inflexible statistical methods or the high cost of required dedicated servers. This calls for a new technology to collect traffic statistics. NetStream provides statistics about network traffic flows, and it can be deployed on access, distribution, and core layers.
• NetStream collector (NSC)—The NSC is usually a program running in UNIX or Windows. It parses the packets sent from the NDE, and then it stores the statistics to the database for the NDA. The NSC gathers the data from multiple NDEs, and then it filters and aggregates the total received data. • NetStream data analyzer (NDA)—The NDA is a tool for analyzing network traffic.
NetStream aggregation data export NetStream aggregation merges the flow statistics according to the aggregation criteria of an aggregation mode, and it sends the summarized data to the NetStream server. This process is the NetStream aggregation data export, which uses less bandwidth than traditional data export. For example, the aggregation mode configured on the NDE is protocol-port, which means that is aggregates statistics about flow entries by protocol number, source port, and destination port.
Aggregation mode Aggregation criteria Source prefix Prefix-port aggregation • • • • • • • • • • • • • • • ToS • • • • • ToS • • • • • ToS • • • • • • • • • ToS • • • • • • ToS ToS-AS aggregation ToS-source-prefix aggregation ToS-destination-prefix aggregation ToS- prefix aggregation ToS-protocol-port aggregation ToS-BGP-nexthop Destination prefix Source address mask length Destination address mask length ToS Protocol number Source port Destination port Inbound interface index Outbound int
In an aggregation mode with AS, if the packets are not forwarded according to the BGP routing table, the statistics on the AS number cannot be obtained. In the aggregation mode of ToS-BGP-nexthop, if the packets are not forwarded according to the BGP routing table, the statistics on the BGP next hop cannot be obtained. NetStream export formats NetStream exports data in UDP datagrams in one of the following formats: • Version 5—Exports original statistics collected based on the 7-tuple elements.
Figure 50 NetStream configuration flow Start Enable NetStream Configure filtering Yes Filter? No Yes Configure sampling Sample? No Configure export format Configure flow aging Configure aggregation data export Yes Aggregate? No Configure common data export End Complete these tasks to configure NetStream: Task Remarks Enabling NetStream Required. Configuring NetStream filtering and sampling Optional. Configuring NetStream sampling Optional.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Enable NetStream on the interface. ip netstream { inbound | outbound } Disabled by default. Configuring NetStream filtering and sampling Before you configure NetStream filtering and sampling, use the ip netstream command to enable NetStream.
Step Command Remarks N/A 2. Enter interface view. interface interface-type interface-number 3. Configure NetStream sampling. ip netstream sampler sampler-name { inbound | outbound } You can also execute the command in system view to enable NetStream sampling for all interfaces. 4. Enable NetStream. ip netstream { inbound | outbound } N/A Disabled by default.
Configuring NetStream aggregation data export Configurations in NetStream aggregation view apply to aggregation data export only, and those in system view apply to NetStream traditional data export. If configurations in NetStream aggregation view are not provided, the configurations in system view apply to the aggregation data export. To configure NetStream aggregation data export: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view.
Configuring attributes of NetStream export data Configuring NetStream export format The NetStream export format exports NetStream data in version 5 or version 9 formats, and the data fields can be expanded to contain more information: • Statistics about source AS, destination AS, and peer ASs in version 5 or version 9 export format. • Statistics about BGP next hop in version 9 format only. To configure the NetStream export format: Step 1. Enter system view. Command Remarks system-view N/A Optional.
Figure 51 Recorded AS information varies with different keyword configurations AS 20 Enable NetStream AS 21 AS 22 Include peer-as in the command. AS 21 is recorded as the source AS, and AS 23 as the destination AS. Include origin-as in the command. AS 20 is recorded as the source AS and AS 24 as the destination AS.
To configure MPLS-aware NetStream: Step 1. Enter system view. Command Remarks system-view N/A By default, no statistics about MPLS packets are counted and exported. 2. Count and export statistics on MPLS packets.
Configuration procedure To configure flow aging: Step 1. Enter system view. 2. Enable periodical aging and TCP FINand RST-triggered aging. Command Remarks system-view N/A Optional. ip netstream aging By default, periodical aging and TCP FIN- and RST-triggered aging are enabled. Optional. • Set the aging timer for active flows: 3. Configure periodical aging.
Task Command Remarks Clear the cache, age out, and export all NetStream data. reset ip netstream statistics Available in user view. NetStream configuration examples NetStream traditional data export configuration example Network requirements As shown in Figure 52, configure NetStream on Router A to collect statistics on packets passing through it. Enable NetStream for incoming traffic on GigabitEthernet 2/0/0 and for outgoing traffic on GigabitEthernet 2/0/1.
• Router A performs NetStream aggregation in the modes of AS, protocol-port, source-prefix, destination-prefix, and prefix. Use version 8 export format to send the aggregation data of different modes to the destination address at 4.1.1.1, with UDP ports 2000, 3000, 4000, 6000, and 7000, respectively. All routers in the network are running EBGP. For more information about BGP, see Layer 3—IP Routing Configuration Guide.
[RouterA] ip netstream aggregation source-prefix [RouterA-ns-aggregation-srcpre] enable [RouterA-ns-aggregation-srcpre] ip netstream export host 4.1.1.1 4000 [RouterA-ns-aggregation-srcpre] quit # Configure the aggregation mode as destination-prefix, and then in aggregation view, configure the destination address and the destination UDP port number for the NetStream destination-prefix aggregation data export.
Configuring IPv6 NetStream Overview Legacy ways to collect traffic statistics, like SNMP and port mirroring, cannot provide precise network management because of inflexible statistical methods or the high cost of required dedicated servers. This calls for a new technology to collect traffic statistics. IPv6 NetStream provides statistics about network traffic flows, and it can be deployed on access, distribution, and core layers.
• NetStream collector (NSC)—The NSC is usually a program running in UNIX or Windows. It parses the packets sent from the NDE, and then it stores the statistics to the database for the NDA. The NSC gathers the data from multiple NDEs. • NetStream data analyzer (NDA)—The NDA is a tool for analyzing network traffic.
IPv6 NetStream aggregation data export IPv6 NetStream aggregation merges the flow statistics according to the aggregation criteria of an aggregation mode, and it sends the summarized data to the IPv6 NetStream server. This process is the IPv6 NetStream aggregation data export, which uses less bandwidth than traditional data export. Table 5 lists the six IPv6 NetStream aggregation modes are supported.
The version 9 format template-based feature provides support of different statistics, such as BGP next hop and MPLS information. IPv6 NetStream configuration task list Before you configure IPv6 NetStream, verify that the following configurations are proper, as needed: • Make sure which device you want to enable IPv6 NetStream on. • Configure the timer for IPv6 NetStream flow aging. • To reduce the bandwidth that IPv6 NetStream data export uses, configure IPv6 NetStream aggregation.
Step Command Remarks 3. Enable IPv6 NetStream. ipv6 netstream { inbound | outbound } Disabled by default. 4. Exit to system view. quit N/A 5. Configure the destination address and the destination UDP port number for the IPv6 NetStream traditional data export. ipv6 netstream export host ip-address udp-port [ vpn-instance vpn-instance-name ] By default, no destination address or destination UDP port number is configured, so the IPv6 NetStream traditional data is not exported. Optional. 6. 7.
Step Command Remarks Optional. By default, the interface connecting to the NetStream server is used as the source interface. Configure the source interface for IPv6 NetStream aggregation data export. 7. • Source interfaces in different ipv6 netstream export source interface interface-type interface-number aggregation views can be different. • If no source interface is configured in aggregation view, the source interface configured in system view, if any, is used.
Configuring the refresh rate for IPv6 NetStream version 9 templates Version 9 is template-based and supports user-defined formats, so the NetStream device needs to resend a new template to the NetStream server for an update. If the version 9 format is changed on the NetStream device and not updated on the NetStream server, the server cannot associate the received statistics with its proper fields.
Forced aging Use the reset ipv6 netstream statistics command to age out all IPv6 NetStream entries in the cache and to clear the statistics. This is forced aging. Alternatively, use the ipv6 netstream max-entry command to configure aging out of entries in the cache if the maximum number of entries is reached. TCP FIN- and RST-triggered aging For a TCP connection, when a packet with a FIN or RST flag is sent out, it means that a session is finished.
Task Command Remarks Display the configuration and status of the NetStream flow record templates. display ipv6 netstream template [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] Available in any view. Clear the cache, age out, and export all IPv6 NetStream data. reset ipv6 netstream statistics Available in user view.
IPv6 NetStream aggregation data export configuration example Network requirements As shown in Figure 56, configure IPv6 NetStream on Router A to meet the following requirements: • Router A exports IPv6 NetStream traditional data to port 5000 of the NetStream server at 4.1.1.1/16. • Router A performs IPv6 NetStream aggregation in the modes of AS, protocol-port, source-prefix, destination-prefix, and prefix.
# Configure the aggregation mode as protocol-port, and then, in aggregation view, configure the destination address and the destination UDP port number for the IPv6 NetStream protocol-port aggregation data export. [RouterA] ipv6 netstream aggregation protocol-port [RouterA-ns6-aggregation-protport] enable [RouterA-ns6-aggregation-protport] ipv6 netstream export host 4.1.1.
Configuring the information center Overview The information center collects and outputs system information as follows: • Receives system information including log, trap, and debugging information from source modules. • Assigns the system information to different information channels, according to user-defined output rules. • Outputs information to different destinations, based on channel-to-destination associations.
Table 6 System information levels Severity Severity level Description Corresponding keyword in commands Emergency 0 The system is unusable. For example, the system authorization has expired. emergencies Alert 1 Action must be taken immediately to solve a serious problem. For example, traffic on an interface exceeds the upper limit. alerts Critical 2 Critical condition. For example, the device temperature exceeds the upper limit, the power module fails or the fan tray fails.
Channel number Default channel name Default output destination System information received by default 7 channel7 Not specified Log, trap, and debugging information 8 channel8 Not specified Log, trap, and debugging information 9 channel9 Log file Log, trap, and debugging information Default output rules of system information A default output rule specifies the system information source modules, information type, and severity levels for an output destination.
System information formats The following shows the original format of system information, which might be different from what you see. The actual system information format depends on the log resolution tool you use. Formats The system information format varies with output destinations. See Table 9.
Field Description • If the system information that is sent to a log host is in the UNICOM format, and Sysname (host name or host IP address) the info-center loghost source command is configured, or the vpn-instance vpn-instance-name option is provided in the info-center loghost command, the sysname field is displayed as the IP address of the device that generated the system information.
Table 11 Description of the timestamp parameters Timestamp parameters boot date Description Example Time since system startup, in the format of xxx.yyy. xxx represents the higher 32 bits, and yyy represents the lower 32 bits, of milliseconds elapsed. %0.109391473 Sysname FTPD/5/FTPD_LOGIN: User ftp (192.168.1.23) has logged in successfully. System information sent to all destinations other than log host supports this parameter. 0.109391473 is a timestamp in the boot format.
Task Remarks Configuring the minimum age of syslog messages Optional. Disabling an interface from generating link up/down logging information Optional. Configurations for the information output destinations function independently. Outputting system information to the console Step Command Remarks N/A 1. Enter system view. system-view 2. Enable the information center. info-center enable 3. Name the channel with a specified channel number.
Outputting system information to the monitor terminal Monitor terminals refer to terminals that log in to the device through the AUX, VTY, or TTY user interface. To output system information to the monitor terminal: Step Command Remarks N/A 1. Enter system view. system-view 2. Enable the information center. info-center enable Name the channel with a specified channel number. info-center channel channel-number name channel-name 3. Optional. Enabled by default. Optional.
Outputting system information to a log host Step Command Remarks N/A 1. Enter system view. system-view 2. Enable the information center. info-center enable Name the channel with a specified channel number. info-center channel channel-number name channel-name 4. Configure an output rule for the log host.
Step Command Remarks N/A 1. Enter system view. system-view 2. Enable the information center. info-center enable 3. Name the channel with a specified channel number. info-center channel channel-number name channel-name 4. Configure an output channel for the trap buffer and set the buffer size. info-center trapbuffer [ channel { channel-number | channel-name } | size buffersize ] * 5. Configure an output rule for the trap buffer.
Step Command 5. Configure an output rule for the log buffer. info-center source { module-name | default } channel { channel-number | channel-name } [ debug { level severity | state state } * | log { level severity | state state } * | trap { level severity | state state } * ] * 6. Configure the timestamp format. info-center timestamp { debugging | log | trap } { boot | date | none } Remarks Optional. See "Default output rules of system information." Optional.
Saving system information to the log file Perform this task to enable saving system information to the log file at specific interval, or manually save system information to the log file. System information is saved into the log file buffer. The system writes the information from the log file buffer to the log file at the specified interval. You can also manually save the information while the device is not busy.
Step Command Remarks Optional. Available in any view. Manually save the log file buffer content to the log file. 8. logfile save By default, the system saves logs in the log file buffer to the log file at the interval configured by the info-center logfile frequency command. Enabling synchronous information output The output of system logs interrupts ongoing configuration operations. You have to find the previously input commands before the logs.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet interface view, Layer 3 Ethernet interface view, or VLAN interface view. interface interface-type interface-number N/A undo enable log updown By default, all interfaces generate link up and link down logging information when the state changes. 3. Disable the interface from generating link up or link down logging information.
Task Command Remarks Display the state and the trap information of the trap buffer. display trapbuffer [ reverse ] [ size buffersize ] [ | { begin | exclude | include } regular-expression ] Available in any view. Clear the log buffer. reset logbuffer Available in user view. Clear the trap buffer. reset trapbuffer Available in user view.
Now, if the ARP and IP modules generate log information, the information center automatically sends the log information to the console. Outputting log information to a UNIX log host Network requirements Configure the router to send ARP and IP log information that has a severity level of at least informational to the UNIX log host at 1.2.0.1/16. Figure 59 Network diagram Configuration procedure Before the configuration, make sure the router and the log host can reach each other. (Details not shown.) 1.
In this configuration, local4 is the name of the logging facility that the log host uses to receive logs. info is the informational level. The UNIX system records the log information that has a severity level of at least informational to the file /var/log/Router/info.log. NOTE: Be aware of the following issues while editing file /etc/syslog.conf: • Comments must be on a separate line and must begin with a pound sign (#). • No redundant spaces are allowed after the file name.
Disable the output of unnecessary information of all modules on the specified channel in the output rule. 2. Configure the log host: a. Log in to the log host as a root user. b. Create a subdirectory named Router in the directory /var/log/, and create file info.log in the Router directory to save logs from the router. # mkdir /var/log/Router # touch /var/log/Router/info.log c. Edit the file syslog.conf in the directory /etc/ and add the following contents. # Router configuration messages local5.
Configuring Flow Logging Configuring flow logging Flow logging records users' access to external networks. The device classifies flows by 5-tuple information and generates flow logs. The 5-tuple information includes source IP address, destination IP address, source port, destination port, and protocol number. The flow logs contain the 5-tuple information of flows and the numbers of received and sent bytes. Flow logging has two versions: version 1.0 and version 3.0.
Field Description StartTime Start time of the flow, in seconds, counted from 1970/01/01 00:00. EndTime End time of the flow, in seconds, counted from 1970/01/01 00:00. InTotalPkg Number of packets received. InTotalByte Number of bytes received. OutTotalPkg Number of packets sent. OutTotalByte Number of bytes sent. Reserved in version 0x02 (FirewallV200R001).
Configuring the source address for flow log packets A source IP address is usually used to uniquely identify the sender of a packet. Suppose Device A sends flow logs to Device B. Device A uses the specified IP address instead of the actual egress address as the source IP address of the packets. In this way, although Device A sends out packets to Device B through different ports, Device B can judge whether the packets are sent from Device A according to their source IP addresses.
has the same IP address as but has other information from the current server, the new configuration overwrites the previous one. Exporting flow logs to an IPv4 log server Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the IPv4 address and UDP port number of the log server. userlog flow export [ slot slot-number ] [ vpn-instance vpn-instance-name ] host ipv4-address udp-port By default, no IPv6 log server is configured.
Step 2. Command Configure the device to timestamp flow logs in the local time. Remarks By default, flow logs are time stamped in the Coordinated Universal Time (UTC). userlog flow export timestamps localtime Flow logs exported to the information center are always time stamped in the local time, regardless of this configuration. Displaying and maintaining flow logging Task Command Remarks Display the configuration and statistics about flow logging.
Configuration procedure # Configure IP addresses for the interfaces according to the network diagram. Make sure the devices can reach each other. (Details not shown.) # Set the flow logging version to 3.0. system-view [Router] userlog flow export version 3 # Export flow logs to the log server with IP address 1.2.3.6:2000. [Router] userlog flow export host 1.2.3.6 2000 # Configure the source IP address of UDP packets carrying flow logs as 2.2.2.2. [Router] userlog flow export source-ip 2.2.2.
Configuration procedure # Set the flow logging version to 3.0. system-view [Router] userlog flow export version 3 # Export flow logs of the interface card in slot 2 to the log server with IP address 1.2.3.6:2000. [Router] userlog flow export slot 2 host 1.2.3.6 2000 # Configure the source IP address of UDP packets carrying flow logs as 2.2.2.2. [Router] userlog flow export source-ip 2.2.2.
Configuring sFlow This feature is available on only SAP interface modules that are operating in bridge mode. Sampled Flow (sFlow) is a traffic monitoring technology used to collect and analyze traffic statistics. As shown in Figure 63, the sFlow system involves an sFlow agent embedded in a device and a remote sFlow collector. The sFlow agent collects interface counter information and packet content information and encapsulates the sampled information in sFlow packets.
Step Command Remarks Optional. 2. Configure an IP address for the sFlow agent. sflow agent { ip ip-address | ipv6 ipv6-address } Not specified by default. The device periodically checks whether the sFlow agent has an IP address. If the sFlow agent has no IP address configured, the device automatically selects an interface IP address for the sFlow agent but does not save the IP address. NOTE: • HP recommends configuring an IP address manually for the sFlow agent.
Configuring counter sampling Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Set the interval for counter sampling. sflow counter interval seconds Counter sampling is disabled by default. 4. Specify the sFlow collector for counter sampling. sflow counter collector collector-id No collector is specified for counter sampling by default.
# Configure the IP address of GigabitEthernet 4/0/0 on the device as 3.3.3.1/16. system-view [Router] interface gigabitethernet 4/0/0 [Router-GigabitEthernet4/0/0] ip address 3.3.3.1 16 [Router-GigabitEthernet4/0/0] quit # Configure the IP address for the sFlow agent. [Router] sflow agent ip 3.3.3.1 # Configure parameters for an sFlow collector: specify sFlow collector ID 2, IP address 3.3.3.2, the default port number, and description of netserver for the sFlow collector.
Troubleshooting sFlow configuration The remote sFlow collector cannot receive sFlow packets Symptom The remote sFlow collector cannot receive sFlow packets. Analysis • The sFlow collector is not specified. • sFlow is not configured on the interface. • The IP address of the sFlow collector specified on the sFlow agent is different from that of the remote sFlow collector. • No IP address is configured for the Layer 3 interface on the device.
Configuring gateway mode The gateway mode is a specific operating mode for 6600/HSR6600. It enables the router to provide more than 10 G NAT performance, so the router can provide better gateway services for campus, enterprise, and cybercafé networks. On an 6600 router that has two MCP MPUs, after you enable or disable gateway mode on the active MPU, the standby MPU automatically reboots to synchronize its operating mode to the active MPU. Configuring gateway mode To enable gateway mode: Step 1.
Figure 65 Network diagram Configuration procedure 1. Configure the router. # Enable gateway mode. [HP]gateway-mode Info: Please reboot the device to make the configuration take effect. # Reboot the router. 2. Display device information to check if the router is in gateway mode. display device System-mode(Current/After Reboot): Gateway/Gateway Slot No.
Configuring Host-monitor Overview Host-monitor is a traffic monitoring feature that helps quickly identify sources of illegitimate traffic flows in your network and access basic traffic flow statistics. This feature automatically imports flow data from NetStream to a host monitor table and allows you to manually add and delete flow entries.
Step Command Remarks By default, Host-monitor is disabled. 2. Enable Host-monitor. host-monitor { inbound | outbound } Make sure Host-monitor is enabled in the same traffic direction as Netstream. Freezing legitimate flow entries After you freeze the legitimate flow entries for a card, all new flow entries automatically added on it are illegitimate entries. You can only manually add new legitimate flow entries for the card. To freeze legitimate flow entries in the host monitor table: Step 1.
Step Command • In standalone mode: 2. Delete a legitimate flow entry.
Task Command Remarks Display the flow entries in the host monitor table (in IRF mode). display host-monitor [ invalid ] [ verbose ] [ destination ip-address | interface interface-type interface-number | source ip-address ] * [ chassis chassis-number slot slot-number ] [ | { begin | exclude | include } regular-expression ] Available in any view. Clear the flow statistics in the host monitor table (in standalone mode). reset host-monitor statistics [ slot slot-number ] Available in user view.
[Router] display host-monitor Total 9 flow(s). State: Unfixed Source Destination Protocol Direction Interface VPN ------------------------------------------------------------------------------192.168.1.102 192.168.1.255 17 Inbound GE2/1/1 192.168.1.1 239.255.255.250 17 Inbound GE2/1/1 192.168.20.65 239.255.255.250 17 Inbound GE2/1/1 56.56.56.44 224.0.0.5 89 Inbound GE2/1/1 192.168.20.167 192.168.20.255 17 Inbound GE2/1/1 192.168.20.170 192.168.20.255 17 Inbound GE2/1/1 192.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ABCDEFGHINOPRST Configuring the NQA server,11 A Configuring the RMON alarm function,102 Adding legitimate flow entries,191 Configuring the RMON statistics function,101 Alarm group configuration example,106 Configuring the sFlow agent and sFlow collector information,183 Applying a QoS policy,127 B Configuring the source address for flow log packets,178 Basic IPv6 NetStream concepts,147 Configuring the timestamp for flow logs,179 Basic NetStream concepts,131 Contacting HP,195 C Conventions
Outputting system information to the SNMP module,168 Ethernet statistics group configuration example,104 Exporting flow logs,178 Outputting system information to the trap buffer,166 F Overview,147 Flow logging configuration examples,180 Overview,99 Flow logging configuration task list,177 Overview,51 Freezing legitimate flow entries,191 Overview,125 G Overview,131 Gateway mode configuration example,188 Overview,9 Overview,190 H Overview,109 History group configuration example,105 Overview,
