H3c-technologies H3C WX5500E Series Access Controllers Manuel d'utilisateur

H3C WX5540E Access ControllerSwitching EngineNetwork Management and MonitoringConfiguration Guide Hangzhou H3C Technologies Co.,

2 Test procedure # Use the ping command on Device A to test connectivity to Device C. <DeviceA> ping 1.1.2.2 PING 1.1.2.2: 56 data bytes, pr

92 [DeviceA] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 gigabitethernet 1/0/2 both [DeviceA] mirroring-group 1 monitor-port gigabitethern

93 Configuration procedure # Create remote source mirroring group 1. <DeviceA> system-view [DeviceA] mirroring-group 1 remote-source # Configur

94 [DeviceA] vlan 2 # Disable MAC address learning for VLAN 2. [DeviceA-vlan2] mac-address mac-learning disable [DeviceA-vlan2] quit # Configure VLAN

95 [DeviceC] vlan 2 # Disable MAC address learning for VLAN 2. [DeviceC-vlan2] mac-address mac-learning disable [DeviceC-vlan2] quit # Configure VLAN

96 Index A C D E H I N O P S T A Alarm group configuration example,76 C Configuring access-control rights,18 Configuring Layer 2 remote port mirrori

3 1.1.2.2 1.1.1.2 1.1.1.1 --- 1.1.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00%

4 2. The first hop (Device B, the first Layer 3 device that receives the packet) responds by sending a TTL-expired ICMP error message to the source,

5 Output of debugging information depends on the configurations of the information center and the debugging commands of each protocol and functional

6 Step Command Remarks 4. Display the enabled debugging functions. display debugging [ interface interface-type interface-number ] [ module-name ] [

7 [DeviceC] ip unreachables enable # Execute the tracert command on Device A. <DeviceA> tracert 1.1.2.2 traceroute to 1.1.2.2(1.1.2.2) 30 hops

8 Configuring NTP This chapter provides an overview of NTP configuration. Overview NTP is typically used in large networks to dynamically synchronize

9 • Prior to system clock synchronization between Device A and Device B, the clock of Device A is set to 10:00:00 am while that of Device B is set t

10 used in environments where network management is needed. Because NTP control messages are not essential for clock synchronization, they are not de

11 • Root Delay—Roundtrip delay to the primary reference source. • Root Dispersion—The maximum error of the local clock relative to the primary ref

Copyright © 2014, Hangzhou H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmitted

12 Symmetric peers mode Figure 8 Symmetric peers mode In symmetric peers mode, devices that operate in symmetric active mode and symmetric passive

13 Multicast mode Figure 10 Multicast mode In multicast mode, a server periodically sends clock synchronization messages to the user-configured mul

14 Configuring the client/server mode For devices operating in client/server mode, make configurations on the clients. If you specify the source inte

15 Step Command Remarks 2. Specify a symmetric-passive peer for the device. ntp-service unicast-peer { ip-address | peer-name } [ authentication-key

16 Step Command Remarks 3. Configure the device to operate in NTP broadcast server mode. ntp-service broadcast-server [ authentication-keyid keyid |

17 Configuration guidelines • The source interface for NTP unicast messages is the interface specified in the ntp-service unicast-server or ntp-serv

18 • Symmetric active/passive mode—After you specify a symmetric-passive peer on a symmetric active peer, static associations are created on the sym

19 Configuration prerequisites Before you configure the NTP service access-control right to the local device, create and configure an ACL associated

20 Configuring NTP authentication for client Step Command Remarks 1. Enter system view. system-view N/A 2. Enable NTP authentication. ntp-service

21 { On the active peer, if NTP authentication is enabled and a key is associated with the passive peer, but the key is not a trusted key, no matter

Preface The H3C WX5540E Access Controller Switching Engine documentation set describes the software features for the H3C WX5540E Access Controller Swi

22 • A broadcast client can synchronize to the broadcast server only when you configure all the required tasks on both the broadcast client and serv

23 Configuring NTP authentication for a multicast client Step Command Remarks 1. Enter system view. system-view N/A 2. Enable NTP authentication.

24 Task Command Remarks Display the brief information about the NTP servers from the local device back to the primary reference source. display ntp-s

25 Clock status: synchronized Clock stratum: 3 Reference clock ID: 1.0.1.11 Nominal frequency: 64.0000 Hz Actual frequency: 64.0000 Hz Clock pr

26 # Specify Device A as the NTP server of Device B. <DeviceB> system-view [DeviceB] ntp-service unicast-server 3.0.1.31 3. Display the NTP s

27 NTP broadcast mode configuration example Network requirements As shown in Figure 13, Switch C functions as the NTP server for multiple devices on

28 # Take Switch A as an example. Display the NTP status of Switch A after clock synchronization. [SwitchA-Vlan-interface2] display ntp-service stat

29 Figure 14 Network diagram Configuration procedure 1. Set the IP address for each interface as shown in Figure 14. (Details not shown.) 2. Conf

30 # Display NTP session information for Switch C, which shows that an association has been set up between Switch C and the device. [SwitchC-Vlan-in

31 # Display NTP session information for Switch A, which shows that an association has been set up between Switch A and the device. [SwitchA-Vlan-in

Convention Description [ x | y | ... ] * Asterisk marked square brackets enclose optional syntax choices separated by vertical bars, from which you se

32 # Specify the key as a trusted key. [DeviceA] ntp-service reliable authentication-keyid 42 # Display the NTP status of Device B after clock synch

33 Figure 16 Network diagram Configuration procedure 1. Set the IP address for each interface as shown in Figure 16. (Details not shown.) 2. Conf

34 Reference clock ID: 3.0.1.31 Nominal frequency: 64.0000 Hz Actual frequency: 64.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root

35 Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.30 ms Reference time: 16:

36 Configuring the information center This chapter describes how to configure the information center. Overview The information center collects and c

37 Table 1 System information levels Severity Severity value Description Corresponding keyword in commands Emergency 0 The system is unusable. For ex

38 Information channel number Default channel name Default output destination System information received by default 7 channel7 Not specified Log, tr

39 System information formats The following shows the original format of system information, which might be different from what you see. The actual f

40 Field Description %% (vendor ID) This field indicates that the information was generated by an H3C device. It exists only in logs sent to a log ho

41 Timestamp parameters Description Example date Current date and time, in the format of mm dd hh:mm:ss:xxx yyy. All system information supports this

Category Documents Purposes Hardware specifications and installation Compliance and safety manual Provides regulatory information and the safety instr

42 Outputting system information to the console Step Command Remarks 1. Enter system view. system-view N/A 2. Enable the information center. info-

43 Step Command Remarks 1. Enter system view. system-view N/A 2. Enable the information center. info-center enable Optional. Enabled by default. 3

44 Step Command Remarks 2. Enable the information center. info-center enable Optional. Enabled by default. 3. Specify a name for a channel identifi

45 Step Command Remarks 3. Specify a name for a channel identified by its number. info-center channel channel-number name channel-name Optional. See

46 Outputting system information to the SNMP module The SNMP module receives the trap information only, and discards the log and debugging informatio

47 Step Command Remarks 3. Specify a name for a channel identified by its number. info-center channel channel-number name channel-name Optional. See

48 Step Command Remarks 6. Configure the directory to save the log file. info-center logfile switch-directory dir-name Optional. By default, the log

49 To disable an interface from generating link up/down logging information: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter

50 Figure 18 Network diagram Configuration procedure # Enable the information center. <Sysname> system-view [Sysname] info-center enable # Us

51 Configuration procedure Before the configuration, make sure that the device and the log host can reach each other. (Details not shown.) 1. Config

i Contents Using ping, tracert, and system debugging ································································································

52 # ps -ae | grep syslogd 147 # kill -HUP 147 # syslogd -r & Now, the system can record log information into the log file. Outputting log inform

53 NOTE: Be aware of the following issues while editing file /etc/syslog.conf: • Comments must be on a separate line and must begin with the pound

54 Configuring SNMP This chapter provides an overview of the Simple Network Management Protocol (SNMP) and guides you through the configuration proce

55 Figure 22 MIB tree A MIB view represents a set of MIB objects (or MIB object hierarchies) with certain access privilege and is identified by a v

56 Task Remarks Configuring SNMP logging Optional. Configuring SNMP traps Optional. Configuring SNMP basic parameters SNMPv3 differs from SNMPv1

57 Step Command Remarks 5. Create or update a MIB view. snmp-agent mib-view { excluded | included } view-name oid-tree [ mask mask-value ] Optional.

58 Step Command Remarks 2. Enable the SNMP agent. snmp-agent Optional. By default, the SNMP agent is disabled. You can also enable the SNMP agent s

59 Step Command Remarks 8. Set the DSCP value for SNMP responses. snmp-agent packet response dscp dscp-value Optional. By default, the DSCP value f

60 Configuration procedure To switch the NM-specific ifindex format: Step Command Remarks 1. Enter system view. system-view N/A 2. Switch the for

61 SNMP traps generated by a module are sent to the information center. You can configure the information center to enable or disable outputting the

ii System information levels ························································································································

62 Step Command Remarks 2. Configure a target host. snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number ] [ dscp dscp-v

63 Task Command Remarks Display the modules that can send traps and their trap status (enable or disable). display snmp-agent trap-list [ | { begin

64 # Enable SNMP traps, set the NMS at 1.1.1.2 as an SNMP trap destination, and use public as the community name. (To make sure the NMS can receive t

65 Figure 25 Network diagram Configuration procedure 1. Configure the agent: # Configure the IP address of the agent and make sure the agent and t

66 Request binding: 1: 1.3.6.1.2.1.11.29.0 Response binding: 1: Oid=snmpOutTraps.0 Syntax=CNTR32 Value=18 Get finished # Try to get the device name

67 <Agent> terminal logging # Enable the information center to output system information with severity level equal to or higher than informatio

68 Configuring MIB style MIBs include public MIBs and private MIBs. A private MIB is attached to a sub-node under the enterprises MIB node (1.3.6.1.4

69 Configuring RMON This chapter describes how to configure RMON. Overview Remote Monitoring (RMON) is an enhancement to SNMP for remote device mana

70 History group The history group defines that the system periodically collects traffic statistics on interfaces and saves the statistics in the his

71 Private alarm group The private alarm group calculates the values of alarm variables and compares the results with the defined threshold for a mor

iii Displaying and maintaining RMON ·················································································································

72 • You can configure multiple history control entries for one interface, but must make sure their entry numbers and sampling intervals are differe

73 Step Command Remarks 3. Create an entry in the alarm table or private alarm table. • Create an entry in the alarm table: rmon alarm entry-numbe

74 Task Command Remarks Display log information for event entries. display rmon eventlog [ entry-number ] [ | { begin | exclude | include } regular-e

75 History group configuration example Network requirements Configure the RMON history group on the RMON agent in Figure 29 to gather periodical traf

76 collisions : 0 , utilization : 0 Sampled values of record 4 : dropevents : 0 , octets

77 Figure 30 Network diagram Configuration procedure # Configure the SNMP agent with the same SNMP settings as the NMS at 1.1.1.2. This example use

78 etherStatsUndersizePkts : 0 , etherStatsOversizePkts : 0 etherStatsFragments : 0 , etherStatsJabbers : 0 etherS

79 Configuring port mirroring This chapter describes how to configure port mirroring. Overview Port mirroring refers to copying packets passing thro

80 Reflector port, egress port, and remote probe VLAN The reflector port, remote probe VLAN, and egress port are used for Layer 2 remote port mirrori

81 The source device copies packets received on the source port to the egress port. The egress port forwards the packets to the intermediate devices,

1 Using ping, tracert, and system debugging Use the ping, tracert, and system debugging utilities to test network connectivity and identify network p

82 Local port mirroring configuration task list Local port mirroring takes effect only when the source ports and the monitor port are configured. Com

83 Configuring a source port in interface view Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface inter

84 Configuring the monitor port in interface view Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface in

85 • A remote probe VLAN must be a static VLAN. To remove the VLAN configured as a remote probe VLAN, you must first remove the remote probe VLAN wi

86 Layer 2 remote port mirroring configuration task list CAUTION: For a mirrored packet to successfully arrive at the remote destination device, mak

87 Step Command Remarks 2. Create a remote source group. mirroring-group group-id remote-source By default, no remote source group exists on a devic

88 Configuring the egress port for a remote source group CAUTION: Disable these functions on the egress port: spanning tree, 802.1X, IGMP snooping,

89 Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the remote probe VLAN. mirroring-group group-id remote-probe vlan rprob

90 Step Command Remarks 3. Configure the current port as the monitor port for a remote destination group. [ mirroring-group group-id ] monitor-port

91 Displaying and maintaining port mirroring Task Command Remarks Display mirroring group information. display mirroring-group { group-id | all | loc