Hewlett Packard Enterprise Aruba 2920 Management And Configuration Manual

Aruba 2920 Management and Configuration Guide for ArubaOSSwitch 16.05

Part Number: 5200-4205a Published: April 2018 Edition: 2

Notices

The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.

Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website.

Acknowledgments

Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the United States and other countries.

Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.

Java® and Oracle® are registered trademarks of Oracle and/or its affiliates.

UNIX® is a registered trademark of The Open Group.

Chapter 1 About this guide........................................................................... 24

Applicable products..................................................................................................................................24

Switch prompts used in this guide........................................................................................................... 24

Chapter 2 Time Protocols..............................................................................25

General steps for running a time protocol on the switch..........................................................................25

TimeP time synchronization.......................................................................................................... 25

SNTP time synchronization...........................................................................................................25

NTP time synchronization............................................................................................................. 26

timesync Command................................................................................................................... 26

Selecting a time synchronization protocol................................................................................................26

Disabling time synchronization................................................................................................................ 27

SNTP: Selecting and configuring............................................................................................................. 27

Viewing and configuring SNTP (Menu)......................................................................................... 28

Viewing and configuring SNTP (CLI).............................................................................................30

Configuring (enabling or disabling) the SNTP mode.......................................................... 31

SNTP client authentication............................................................................................................37

Requirements..................................................................................................................... 37

Configuring the key-identifier, authentication mode, and key-value (CLI)..........................37

Configuring a trusted key................................................................................................... 38

Associating a key with an SNTP server (CLI).................................................................... 39

Enabling SNTP client authentication.................................................................................. 39

Configuring unicast and broadcast mode for authentication.............................................. 40

Viewing SNTP authentication configuration information (CLI)............................................40

Saving configuration files and the include-credentials command.......................................41

TimeP: Selecting and configuring............................................................................................................ 43

Viewing, enabling, and modifying the TimeP protocol (Menu)...................................................... 44

Viewing the current TimeP configuration (CLI)..............................................................................45

Configuring (enabling or disabling) the TimeP mode......................................................... 46

SNTP unicast time polling with multiple SNTP servers............................................................................49

Displaying all SNTP server addresses configured on the switch (CLI)......................................... 50

Adding and deleting SNTP server addresses............................................................................... 50

Adding addresses...............................................................................................................50

Deleting addresses.............................................................................................................50

Operating with multiple SNTP server addresses configured (Menu)....................................................... 51

SNTP messages in the Event Log........................................................................................................... 51

Network Time Protocol (NTP).................................................................................................................. 51

Commands....................................................................................................................................51

timesync ntp....................................................................................................................... 51

ntp...................................................................................................................................... 52

[no] ntp............................................................................................................................... 52

ntp enable...........................................................................................................................53

ntp authentication............................................................................................................... 53

ntp authentication key-id ................................................................................................... 54

ntp max-association........................................................................................................... 54

ntp server........................................................................................................................... 55

ntp server key-id.................................................................................................................57

ntp ipv6-multicast............................................................................................................... 57

debug ntp........................................................................................................................... 58

Contents 3

ntp trap............................................................................................................................... 58

show ntp statistics.............................................................................................................. 59

show ntp status.................................................................................................................. 60

show ntp associations........................................................................................................ 60

show ntp authentication......................................................................................................61

Validation rules................................................................................................................... 62

Event log messages........................................................................................................... 64

Monitoring resources............................................................................................................................... 65

Displaying current resource usage................................................................................................65

Viewing information on resource usage........................................................................................ 66

Policy enforcement engine................................................................................................. 66

Usage notes for show resources output.............................................................................67

When insufficient resources are available.....................................................................................68

Chapter 3 Port Status and Configuration.....................................................69

Viewing port status and configuring port parameters...............................................................................69

Connecting transceivers to fixed-configuration devices................................................................ 69

Viewing port configuration (Menu).................................................................................................71

Configuring ports (Menu)....................................................................................................72

Viewing port status and configuration (CLI).................................................................................. 73

Dynamically updating the show interfaces command (CLI/Menu)..................................... 74

Customizing the show interfaces command (CLI).........................................................................74

Error messages associated with the show interfaces command........................................76

Viewing port utilization statistics (CLI)...........................................................................................76

Operating notes for viewing port utilization statistics..........................................................77

Viewing transceiver status (CLI)....................................................................................................77

Operating Notes................................................................................................................. 77

Enabling or disabling ports and configuring port mode (CLI)........................................................ 78

Enabling or disabling flow control (CLI).........................................................................................79

Port shutdown with broadcast storm............................................................................................. 81

Viewing broadcast storm.................................................................................................... 81

SNMP MIB..........................................................................................................................82

Configuring auto-MDIX..................................................................................................................85

Manual override..................................................................................................................85

Configuring auto-MDIX (CLI)..............................................................................................86

Using friendly (optional) port names........................................................................................................ 87

Configuring and operating rules for friendly port names............................................................... 87

Configuring friendly port names (CLI)........................................................................................... 87

Configuring a single port name (CLI)................................................................................. 88

Configuring the same name for multiple ports (CLI)...........................................................88

Displaying friendly port names with other port data (CLI)............................................................. 88

Listing all ports or selected ports with their friendly port names (CLI)................................89

Including friendly port names in per-port statistics listings (CLI)........................................ 90

Searching the configuration for ports with friendly port names (CLI)................................. 90

Uni-directional link detection (UDLD).......................................................................................................91

Configuring UDLD......................................................................................................................... 92

Configuring uni-directional link detection (UDLD) (CLI)..................................................... 92

Enabling UDLD (CLI)..........................................................................................................93

Changing the keepalive interval (CLI)................................................................................ 93

Changing the keepalive retries (CLI)..................................................................................93

Configuring UDLD for tagged ports.................................................................................... 93

Viewing UDLD information (CLI)................................................................................................... 94

Viewing summary information on all UDLD-enabled ports (CLI)........................................94

Viewing detailed UDLD information for specific ports (CLI)................................................95

Clearing UDLD statistics (CLI)........................................................................................... 95

4 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

Uplink failure detection.............................................................................................................................96

Configuration guidelines for UFD.................................................................................................. 98

UFD enable/disable.......................................................................................................................98

UFD track data configuration........................................................................................................ 98

UFD minimum uplink threshold configuration............................................................................... 99

show uplink-failure-detection.........................................................................................................99

UFD operating notes................................................................................................................... 100

Error log...................................................................................................................................... 100

Invalid port error messages.........................................................................................................100

Chapter 4 Power Over Ethernet (PoE/PoE+) Operation............................101

Introduction to PoE................................................................................................................................ 101

PoE terminology..........................................................................................................................101

Planning and implementing a PoE configuration................................................................................... 101

Power requirements.................................................................................................................... 101

Assigning PoE ports to VLANs....................................................................................................102

Applying security features to PoE configurations........................................................................102

Assigning priority policies to PoE traffic...................................................................................... 102

PoE operation........................................................................................................................................ 102

Configuration options.................................................................................................................. 103

PD support.................................................................................................................................. 103

Power priority operation.............................................................................................................. 104

When is power allocation prioritized?...............................................................................104

How is power allocation prioritized?................................................................................. 104

Configuring PoE operation.....................................................................................................................104

Disabling or re-enabling PoE port operation............................................................................... 104

Enabling support for pre-standard devices................................................................................. 105

Configuring the PoE port priority................................................................................................. 105

Controlling PoE allocation........................................................................................................... 105

Manually configuring PoE power levels...................................................................................... 106

Configuring PoE redundancy...................................................................................................... 107

Changing the threshold for generating a power notice............................................................... 108

PoE/PoE+ allocation using LLDP information........................................................................................109

LLDP with PoE............................................................................................................................ 109

Enabling or disabling ports for allocating power using LLDP........................................... 110

Enabling PoE detection via LLDP TLV advertisement......................................................110

LLDP with PoE+.......................................................................................................................... 110

Overview...........................................................................................................................110

PoE allocation...................................................................................................................110

Viewing PoE when using LLDP information......................................................................111

Operating note..................................................................................................................113

Viewing the global PoE power status of the switch................................................................................113

Viewing PoE status on all ports...................................................................................................114

Viewing the PoE status on specific ports.....................................................................................116

Using the HPE 2920 Switch with an external power supply...................................................................118

Overview......................................................................................................................................118

Supported PSUs..........................................................................................................................118

Using the XPS for additional PoE power.....................................................................................119

Determining the maximum available PoE power..............................................................119

Operating rules.................................................................................................................121

Using redundant (N+1) power.......................................................................................... 122

Providing non-PoE redundant power.......................................................................................... 122

Configuring the HPE 2920 PoE switches to use the XPS...........................................................123

Enabling and disabling power from the XPS.................................................................... 123

Configuring auto-recovery................................................................................................ 123

Contents 5

Restoring the default external power supply settings.......................................................124

Distributing power to specified ports................................................................................ 125

Example: of the power-share option.................................................................................125

Example: of adding a switch.............................................................................................125

Example: of using the force option................................................................................... 125

Reducing allocated external power.................................................................................. 126

Example: configurations..............................................................................................................126

Non-PoE configuration..................................................................................................... 127

PoE configuration for full PoE power to one XPS port..................................................... 128

PoE configuration for multiple switches............................................................................129

Viewing power information.......................................................................................................... 131

Examples for show external-power-supply.......................................................................132

Examples for show power-over-ethernet commands....................................................... 135

Example: for show running-config command................................................................... 136

PoE Event Log messages......................................................................................................................137

Chapter 5 Port Trunking.............................................................................. 138

Overview of port trunking....................................................................................................................... 138

Port connections and configuration.............................................................................................138

Port trunk features and operation.......................................................................................................... 139

Fault tolerance ........................................................................................................................... 139

Trunk configuration methods..................................................................................................................139

Dynamic LACP trunk...................................................................................................................139

Using keys to control dynamic LACP trunk configuration.................................................140

Static trunk.................................................................................................................................. 140

Viewing and configuring a static trunk group (Menu).............................................................................144

Viewing and configuring port trunk groups (CLI)....................................................................................146

Viewing static trunk type and group for all ports or for selected ports.........................................146

Viewing static LACP and dynamic LACP trunk data................................................................... 147

Dynamic LACP Standby Links.................................................................................................... 147

Configuring a static trunk or static LACP trunk group................................................................. 148

Removing ports from a static trunk group................................................................................... 148

Enabling a dynamic LACP trunk group....................................................................................... 149

Removing ports from a dynamic LACP trunk group....................................................................149

Viewing existing port trunk groups (WebAgent).....................................................................................150

Trunk group operation using LACP........................................................................................................150

Default port operation..................................................................................................................152

LACP notes and restrictions........................................................................................................153

802.1X (Port-based access control) configured on a port................................................ 154

Port security configured on a port.................................................................................... 154

Changing trunking methods............................................................................................. 154

Static LACP trunks........................................................................................................... 154

Dynamic LACP trunks...................................................................................................... 154

VLANs and dynamic LACP.............................................................................................. 154

Blocked ports with older devices...................................................................................... 155

Spanning Tree and IGMP.................................................................................................155

Half-duplex, different port speeds, or both not allowed in LACP trunks........................... 156

Dynamic/static LACP interoperation.................................................................................156

Trunk group operation using the "trunk" option......................................................................................156

How the switch lists trunk data...............................................................................................................156

Outbound traffic distribution across trunked links.................................................................................. 157

Trunk load balancing using port layers.................................................................................................. 158

Enabling trunk load balancing..................................................................................................... 159

6 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

Chapter 6 Port Traffic Controls................................................................... 161

Rate-limiting........................................................................................................................................... 161

All traffic rate-limiting...................................................................................................................161

Configuring in/out rate-limiting..........................................................................................161

Displaying the current rate-limit configuration.................................................................. 162

Operating notes for rate-limiting....................................................................................... 164

ICMP rate-limiting.................................................................................................................................. 165

Guidelines for configuring ICMP rate-limiting..............................................................................166

Configuring ICMP rate-limiting.................................................................................................... 166

Using both ICMP rate-limiting and all-traffic rate-limiting on the same interface.........................167

Viewing the current ICMP rate-limit configuration....................................................................... 168

Operating notes for ICMP rate-limiting........................................................................................168

Notes on testing ICMP rate-limiting..................................................................................169

ICMP rate-limiting trap and Event Log messages.......................................................................170

Determining the switch port number used in ICMP port reset commands....................... 170

Configuring inbound rate-limiting for broadcast and multicast traffic.......................................... 171

Operating Notes............................................................................................................... 172

Configuring egress per-queue rate-limiting (2920 and 5400R switches only)....................................... 173

Overview..................................................................................................................................... 173

Restrictions.......................................................................................................................173

Configuration commands............................................................................................................ 173

Rate-limit queues out command.......................................................................................174

Show commands..............................................................................................................174

show rate-limit queues..................................................................................................... 175

Rate-limiting Unknown Unicast Traffic........................................................................................ 176

rate-limit unknown-unicast in percent..........................................................176

rate-limit unknown-unicast in kbps................................................................ 177

show rate-limit unknown-unicast.......................................................................178

Rate-limiting Unknown Unicast Traffic................................................................................................... 179

rate-limit unknown-unicast in percent.................................................................... 179

rate-limit unknown-unicast in kbps...........................................................................180

show rate-limit unknown-unicast................................................................................. 181

Guaranteed minimum bandwidth (GMB)............................................................................................... 182

GMB operation............................................................................................................................ 182

Impacts of QoS queue configuration on GMB operation..................................................183

Configuring GMB for outbound traffic...............................................................................184

Viewing the current GMB configuration............................................................................186

GMB operating notes.................................................................................................................. 187

Impact of QoS queue configuration on GMB commands................................................. 187

Jumbo frames........................................................................................................................................ 187

Operating rules............................................................................................................................187

Jumbo traffic-handling...................................................................................................... 188

Configuring jumbo frame operation.............................................................................................189

Overview.......................................................................................................................... 189

Viewing the current jumbo configuration.......................................................................... 189

Enabling or disabling jumbo traffic on a VLAN................................................................. 191

Configuring a maximum frame size.............................................................................................191

Configuring IP MTU..........................................................................................................192

SNMP implementation......................................................................................................192

Displaying the maximum frame size.................................................................................192

Operating notes for maximum frame size........................................................................ 192

Troubleshooting...........................................................................................................................193

A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound

jumbo frames....................................................................................................................193

Contents 7

A non-jumbo port is generating "Excessive undersize/giant frames" messages in the

Event Log......................................................................................................................... 193

Chapter 7 Fault-Finder port-level link-flap................................................. 194

Overview................................................................................................................................................ 194

Fault-finder link-flap .............................................................................................................................. 194

Show fault-finder link-flap.......................................................................................................................196

Event Log...............................................................................................................................................197

Restrictions............................................................................................................................................ 197

Chapter 8 Configuring for Network Management Applications...............198

Using SNMP tools to manage the switch...............................................................................................198

SNMP management features......................................................................................................198

SNMPv1 and v2c access to the switch....................................................................................... 199

SNMPv3 access to the switch.....................................................................................................199

Enabling and disabling switch for access from SNMPv3 agents......................................200

Enabling or disabling restrictions to access from only SNMPv3 agents...........................200

Enabling or disabling restrictions from all non-SNMPv3 agents to read-only access...... 200

Viewing the operating status of SNMPv3......................................................................... 200

Viewing status of message reception of non-SNMPv3 messages................................... 200

Viewing status of write messages of non-SNMPv3 messages.........................................200

Enabling SNMPv3............................................................................................................ 200

SNMPv3 users................................................................................................................. 201

Group access levels......................................................................................................... 204

SNMPv3 communities...................................................................................................... 205

Viewing and configuring non-version-3 SNMP communities (Menu)............................... 206

Listing community names and values (CLI)..................................................................... 207

SNMP notifications......................................................................................................................208

Supported Notifications.................................................................................................... 209

General steps for configuring SNMP notifications............................................................209

SNMPv1 and SNMPv2c Traps......................................................................................... 209

SNMP trap receivers........................................................................................................ 210

SNMP trap when MAC address table changes................................................................ 211

SNMPv2c informs.............................................................................................................212

Configuring SNMPv3 notifications (CLI)...........................................................................213

Network security notifications...........................................................................................216

Enabling Link-Change Traps (CLI)...................................................................................218

Source IP address for SNMP notifications....................................................................... 219

Viewing SNMP notification configuration (CLI).................................................................221

Configuring the MAC address count option................................................................................ 221

Displaying information about the mac-count-notify option................................................222

Advanced management: RMON................................................................................................. 223

CLI-configured sFlow with multiple instances............................................................................. 224

Configuring sFlow (CLI)....................................................................................................224

Viewing sFlow Configuration and Status (CLI).................................................................225

Configuring UDLD Verify before forwarding...........................................................................................227

UDLD time delay......................................................................................................................... 227

Restrictions.......................................................................................................................228

UDLD configuration commands.................................................................................................. 228

Show commands.........................................................................................................................229

RMON generated when user changes UDLD mode................................................................... 229

LLDP...................................................................................................................................................... 229

General LLDP operation............................................................................................................. 230

LLDP-MED....................................................................................................................... 230

8 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

Packet boundaries in a network topology................................................................................... 230

LLDP operation configuration options......................................................................................... 230

Enable or disable LLDP on the switch..............................................................................231

Enable or disable LLDP-MED.......................................................................................... 231

Change the frequency of LLDP packet transmission to neighbor devices....................... 231

Change the Time-To-Live for LLDP packets sent to neighbors........................................ 231

Transmit and receive mode..............................................................................................231

SNMP notification.............................................................................................................231

Per-port (outbound) data options..................................................................................... 231

Remote management address......................................................................................... 233

Debug logging.................................................................................................................. 233

Options for reading LLDP information collected by the switch....................................................233

LLDP and LLDP-MED standards compatibility........................................................................... 233

LLDP operating rules.................................................................................................................. 234

Port trunking..................................................................................................................... 234

IP address advertisements...............................................................................................234

Spanning-tree blocking.....................................................................................................234

802.1X blocking................................................................................................................234

Configuring LLDP operation........................................................................................................234

Displaying the global LLDP, port admin, and SNMP notification status (CLI).................. 234

Configuring Global LLDP Packet Controls....................................................................... 236

Configuring SNMP notification support............................................................................ 239

Configuring per-port transmit and receive modes (CLI)................................................... 240

Basic LLDP per-port advertisement content.....................................................................240

Support for port speed and duplex advertisements..........................................................242

Port VLAN ID TLV support on LLDP........................................................................................... 243

Configuring the VLAN ID TLV...........................................................................................243

Viewing the TLVs advertised............................................................................................ 243

SNMP support.................................................................................................................. 244

LLDP-MED (media-endpoint-discovery)..................................................................................... 245

LLDP-MED endpoint support........................................................................................... 246

LLDP-MED endpoint device classes................................................................................ 246

LLDP-MED operational support....................................................................................... 246

LLDP-MED fast start control.............................................................................................247

Advertising device capability, network policy, PoE status and location data.................... 247

Location data for LLDP-MED devices.............................................................................. 250

Viewing switch information available for outbound advertisements............................................ 254

Displaying the current port speed and duplex configuration on a switch port.................. 255

Viewing advertisements currently in the neighbors MIB...................................................256

Displaying LLDP statistics................................................................................................ 257

LLDP over OOBM....................................................................................................................... 259

LLDP over OOBM commands..........................................................................................259

LLDP Operating Notes................................................................................................................ 264

Neighbor maximum.......................................................................................................... 264

LLDP packet forwarding................................................................................................... 264

One IP address advertisement per port........................................................................... 264

802.1Q VLAN Information................................................................................................ 264

Effect of 802.1X Operation............................................................................................... 265

Neighbor data can remain in the neighbor database after the neighbor is

disconnected.................................................................................................................... 265

Mandatory TLVs............................................................................................................... 265

LLDP and CDP data management..............................................................................................265

LLDP and CDP neighbor data..........................................................................................265

CDP operation and commands........................................................................................ 266

Viewing the current CDP configuration of the switch........................................................266

Viewing the current CDP neighbors table of the switch....................................................267

Enabling and Disabling CDP Operation........................................................................... 268

Contents 9

Enabling or disabling CDP operation on individual ports................................................. 268

Configuring CDPv2 for voice transmission..................................................................................268

Filtering CDP information............................................................................................................ 270

Configuring the switch to filter untagged traffic.................................................................271

Displaying the configuration............................................................................................. 271

Filtering PVID mismatch log messages...................................................................................... 272

DHCPv4 server...................................................................................................................................... 272

Introduction to DHCPv4.............................................................................................................. 272

IP pools....................................................................................................................................... 272

DHCP options............................................................................................................................. 272

BootP support............................................................................................................................. 273

Authoritative server and support for DHCP inform packets........................................................ 273

Authoritative pools.......................................................................................................................273

Authoritative dummy pools..........................................................................................................273

Change in server behavior.......................................................................................................... 274

DHCPv4 configuration commands.............................................................................................. 274

Enable/disable the DHCPv4 server..................................................................................274

Configuring the DHCP address pool name...................................................................... 274

Authoritative..................................................................................................................... 276

Specify a boot file for the DHCP client ............................................................................ 276

Configure a default router for a DHCP client....................................................................276

Configure the DNS IP servers ......................................................................................... 276

Configure a domain name................................................................................................ 277

Configure lease time........................................................................................................ 277

Configure the NetBIOS WINS servers............................................................................. 277

Configure the NetBIOS node type....................................................................................277

Configure subnet and mask ............................................................................................ 278

Configure DHCP server options....................................................................................... 278

Configure the range of IP address................................................................................... 278

Configure the static binding information........................................................................... 279

Configure the TFTP server domain name........................................................................ 279

Configure the TFTP server address................................................................................. 279

Change the number of ping packets................................................................................ 280

Change the amount of time.............................................................................................. 280

Configure DHCP Server to save automatic bindings....................................................... 280

Configure a DHCP server to send SNMP notifications.................................................... 281

Enable conflict logging on a DHCP server....................................................................... 281

Enable the DHCP server on a VLAN................................................................................281

Clear commands.............................................................................................................. 281

Reset all DHCP server and BOOTP counters..................................................................282

Delete an automatic address binding............................................................................... 282

Show commands.........................................................................................................................282

Display the DHCPv4 server address bindings................................................................. 282

Display address conflicts..................................................................................................282

Display DHCPv4 server database agent..........................................................................282

Display DHCPv4 server statistics.....................................................................................283

Display the DHCPv4 server IP pool information...............................................................283

Display DHCPv4 server global configuration information.................................................283

Event log..................................................................................................................................... 283

Event Log Messages........................................................................................................284

LLDP Management TLV Transmission disablement..............................................................................286

Overview..................................................................................................................................... 286

Commands..................................................................................................................................286

[no] lldp config basicTlvEnable management_addr..........................................................286

lldp config......................................................................................................................... 287

Show commands.........................................................................................................................287

10 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

Chapter 9 Captive Portal for ClearPass..................................................... 289

Requirements.........................................................................................................................................289

Best Practices........................................................................................................................................ 290

Limitations..............................................................................................................................................290

Features.................................................................................................................................................290

High Availability...........................................................................................................................290

Load balancing and redundancy................................................................................................. 290

Captive Portal when disabled................................................................................................................ 291

Disabling Captive Portal..............................................................................................................291

Configuring Captive Portal on CPPM.....................................................................................................291

Import the HP RADIUS dictionary............................................................................................... 291

Create enforcement profiles........................................................................................................292

Create a ClearPass guest self-registration................................................................................. 293

Configure the login delay ........................................................................................................... 294

Configuring the switch............................................................................................................................294

Configure the URL key................................................................................................................295

Configuring a certificate for Captive Portal usage..................................................................................295

Display Captive Portal configuration...................................................................................................... 295

Show certificate information...................................................................................................................296

Troubleshooting..................................................................................................................................... 296

Event Timestamp not working.....................................................................................................296

Cannot enable Captive Portal..................................................................................................... 296

Unable to enable feature.............................................................................................................297

Authenticated user redirected to login page ...............................................................................297

Unable to configure a URL hash key.......................................................................................... 298

authentication command............................................................................................................. 298

show command........................................................................................................................... 298

Debug command.........................................................................................................................299

Chapter 10 Zero Touch Provisioning with AirWave and Central............. 300

Zero Touch Provisioning........................................................................................................................ 300

ZTP with AirWave.................................................................................................................................. 300

DHCP-based ZTP with AirWave................................................................................................. 300

Configuring DHCP-based ZTP with AirWave................................................................... 300

Limitations................................................................................................................................... 302

Best Practices............................................................................................................................. 302

Configure AirWave details in DHCP (preferred method).............................................................302

Configure AirWave details in DHCP (alternative method)...........................................................307

Configure AirWave details manually........................................................................................... 314

amp-server....................................................................................................................... 315

debug ztp..........................................................................................................................316

Stacking support......................................................................................................................... 316

Disabling ZTP..............................................................................................................................316

Image Upgrade........................................................................................................................... 317

Troubleshooting...........................................................................................................................317

AMP server messages..................................................................................................... 317

Activate based ZTP with AirWave...............................................................................................317

Configuring Activate-based ZTP with AirWave.................................................................317

IPsec for AirWave Connectivity..............................................................................................................318

Overview..................................................................................................................................... 318

IPsec for Management Traffic.......................................................................................... 318

IPsec Tunnel Establishment.............................................................................................319

IPsec Tunnel Failures.......................................................................................................319

Contents 11

AirWave IP after discovery............................................................................................... 319

Configuring the Aruba controller.......................................................................................319

AirWave Controller IP configuration commands..........................................................................320

aruba-vpn type................................................................................................................. 320

Show commands.........................................................................................................................321

show aruba-vpn................................................................................................................321

show ip route.................................................................................................................... 322

show interfaces tunnel aruba-vpn.................................................................................... 322

show crypto-ipsec sa........................................................................................................323

show running-configuration.............................................................................................. 324

ZTP with Aruba Central..........................................................................................................................324

LED Blink feature........................................................................................................................ 326

Aruba Central Configuration manually........................................................................................ 326

aruba-central.................................................................................................................... 326

aruba-central support-mode................................................................................. 327

Activating ArubaOS-Switch Firmware Integration............................................................ 327

activate software-update enable...................................................................................... 328

activate software-update check........................................................................................328

activate software-update update...................................................................................... 328

show activate software-update.........................................................................................329

Troubleshooting...........................................................................................................................329

show aruba-central...........................................................................................................329

debug ztp..........................................................................................................................330

Stacking support......................................................................................................................... 330

Chapter 11 Auto configuration upon Aruba AP detection........................331

Auto device detection and configuration................................................................................................ 331

Requirements..............................................................................................................................331

Limitations................................................................................................................................... 331

Feature Interactions.................................................................................................................... 331

Profile Manager and 802.1X.............................................................................................332

Profile Manager and LMA/WMA/MAC-AUTH...................................................................332

Profile manager and Private VLANs.................................................................................332

Procedure for creating a device identity and associating a device type......................................332

device-profile name.....................................................................................................................333

device-profile type....................................................................................................................... 334

Rogue AP Isolation................................................................................................................................ 335

Limitations................................................................................................................................... 335

Feature Interactions.................................................................................................................... 336

MAC lockout and lockdown ............................................................................................. 336

LMA/WMA/802.1X/Port-Security...................................................................................... 336

L3 MAC............................................................................................................................ 337

Using the Rogue AP Isolation feature......................................................................................... 337

rogue-ap-isolation....................................................................................................................... 338

rogue-ap-isolation action.............................................................................................................338

rogue-ap-isolation whitelist..........................................................................................................339

clear rogue-ap-isolation...............................................................................................................339

Troubleshooting..................................................................................................................................... 340

Dynamic configuration not displayed when using “show running-config”....................................340

Switch does not detect the rogue AP TLVs.................................................................................340

The show run command displays non-numerical value for untagged-vlan...............................340

Show commands.........................................................................................................................341

Validation Rules...........................................................................................................................341

12 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

Chapter 12 Device Profile for custom device types..................................344

Procedure for creating a device identity and associating a device type................................................ 344

Chapter 13 Dynamically detecting LLDP device profiles......................... 345

device-profile.................................................................................................................................345

device-profile type-device...................................................................................................................... 345

device-profile device-type enable........................................................................................346

Associating a profile with a device......................................................................................................... 347

device-profile device-type associate.......................................................................347

show device-profile status.......................................................................................................347

show device-profile config......................................................................................................................348

show device-identity....................................................................................................................349

Chapter 14 LACP-MAD.................................................................................351

LACP-MAD commands..........................................................................................................................351

Configuration command.............................................................................................................. 351

show commands......................................................................................................................... 351

clear command............................................................................................................................351

LACP-MAD overview............................................................................................................................. 351

Chapter 15 Scalability IP Address VLAN and Routing Maximum Values

....................................................................................................................... 353

Chapter 16 Static IP Visibility......................................................................355

IP client-tracker...................................................................................................................................... 355

Chapter 17 File Transfers............................................................................ 358

Overview................................................................................................................................................ 358

Downloading switch software.................................................................................................................358

General software download rules................................................................................................358

Using TFTP to download software from a server........................................................................358

Downloading from a server to primary flash using TFTP (Menu).....................................359

Troubleshooting TFTP download failures.........................................................................361

Downloading from a server to flash using TFTP (CLI)..................................................... 362

Enabling TFTP (CLI)........................................................................................................ 363

Configuring the switch to download software automatically from a TFTP server using

auto-TFTP (CLI)............................................................................................................... 363

Using SCP and SFTP................................................................................................................. 364

Enabling SCP and SFTP.............................................................................................................365

Disabling TFTP and auto-TFTP for enhanced security.................................................... 365

Enabling SSH V2 (required for SFTP)..............................................................................367

Authentication...................................................................................................................367

SCP/SFTP operating notes.............................................................................................. 368

Troubleshooting SSH, SFTP, and SCP operations.......................................................... 369

Using Xmodem to download switch software from a PC or UNIX workstation........................... 370

Downloading to primary flash using Xmodem (Menu)......................................................370

Downloading to primary or secondary flash using Xmodem and a terminal emulator

(CLI)................................................................................................................................. 371

Contents 13

Using USB to transfer files to and from the switch......................................................................372

Downloading switch software using USB (CLI)................................................................ 372

Switch-to-switch download..........................................................................................................374

Switch-to-switch download to primary flash (Menu)......................................................... 374

Downloading the OS from another switch (CLI)............................................................... 374

Using AirWave to update switch software...................................................................................375

Using IMC to update switch software..........................................................................................375

Copying software images.......................................................................................................................376

TFTP: Copying a software image to a remote host (CLI)............................................................376

Xmodem: Copying a software image from the switch to a serially connected PC or UNIX

workstation (CLI)......................................................................................................................... 376

USB: Copying a software image to a USB device (CLI)............................................................. 376

Transferring switch configurations......................................................................................................... 377

TFTP: Copying a configuration file to a remote host (CLI)..........................................................377

TFTP: Copying a configuration file from a remote host (CLI)......................................................377

TFTP: Copying a customized command file to a switch (CLI).................................................... 378

Xmodem: Copying a configuration file to a serially connected PC or UNIX workstation (CLI)....378

Xmodem: Copying a configuration file from a serially connected PC or UNIX workstation

(CLI)............................................................................................................................................ 379

USB: Copying a configuration file to a USB device (CLI)............................................................380

USB: Copying a configuration file from a USB device (CLI)....................................................... 380

Transferring ACL command files............................................................................................................381

TFTP: Uploading an ACL command file from a TFTP server (CLI)............................................ 381

Xmodem: Uploading an ACL command file from a serially connected PC or UNIX

workstation (CLI)......................................................................................................................... 382

Single copy command............................................................................................................................383

Single copy command.................................................................................................................383

Multiple management switches................................................................................................... 386

Stacking switches........................................................................................................................387

Standalone switches................................................................................................................... 387

Crash file options........................................................................................................................ 387

USB: Uploading an ACL command file from a USB device (CLI).......................................................... 388

Copying diagnostic data to a remote host, USB device, PC or UNIX workstation ................................389

Copying command output to a destination device (CLI)............................................................. 390

Copying Event Log output to a destination device (CLI)............................................................. 390

Copying Command Log output to a destination device (CLI)......................................................391

Copying crash data content to a destination device (CLI)...........................................................391

Flight Data Recorder (FDR)................................................................................................................... 392

Chapter 18 Monitoring and Analyzing Switch Operation......................... 393

Overview................................................................................................................................................ 393

Accessing port and trunk group statistics.............................................................................................. 393

show interfaces........................................................................................................................... 393

Reset port counters.....................................................................................................................393

clear statistics...................................................................................................................394

Accessing port and trunk statistics (Menu)................................................................................. 395

MAC address tables...............................................................................................................................395

MAC address views and searches..............................................................................................395

show mac-add detail................................................................................................ 396

show mac-address <MAC-ADDRESS> detail..........................................................397

show mac-address.......................................................................................................397

Using the menu to view and search MAC addresses.......................................................398

Finding the port connection for a specific device on a VLAN........................................... 399

Viewing and searching port-level MAC addresses...........................................................399

Determining whether a specific device is connected to the selected port........................ 400

14 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

MSTP data............................................................................................................................................. 400

show spanning-tree.....................................................................................................................400

IP IGMP status.......................................................................................................................................401

show ip igmp............................................................................................................................... 401

VLAN information...................................................................................................................................403

show vlan.................................................................................................................................... 403

Configuring a source switch in a local mirroring session....................................................................... 404

Selecting all traffic on a port interface for mirroring according to traffic direction...................................405

Viewing all mirroring sessions configured on the switch........................................................................406

Viewing the mirroring configuration for a specific session..................................................................... 407

Using the Menu to configure local mirroring.......................................................................................... 408

Menu and WebAgent limits......................................................................................................... 408

High-level overview of the mirror configuration process........................................................................ 408

Determine the mirroring session and destination........................................................................408

For a local mirroring session............................................................................................ 408

Configure the monitored traffic in a mirror session...........................................................408

Classifier-based mirroring configuration................................................................................................ 408

Classifier-based mirroring restrictions.........................................................................................410

Mirroring configuration examples................................................................................................ 411

Maximum supported frame size.............................................................................................................412

Enabling jumbo frames to increase the mirroring path MTU.......................................................412

Effect of downstream VLAN tagging on untagged, mirrored traffic........................................................413

Operating notes for traffic mirroring.............................................................................................414

Troubleshooting traffic mirroring............................................................................................................ 416

Interface monitoring features................................................................................................................. 416

Configuring port and static trunk monitoring (Menu)................................................................... 416

Configuring port and static trunk monitoring (CLI)...................................................................... 417

Displaying the monitoring configuration........................................................................... 417

Configuring the monitor port.............................................................................................418

Selecting or removing monitoring source interfaces........................................................ 418

Chapter 19 Fans........................................................................................... 420

show system ......................................................................................................................................... 420

show system fans.............................................................................................................................421

show system power-supply....................................................................................................................423

Fan failures and SNMP traps.................................................................................................................427

Chapter 20 Troubleshooting........................................................................428

Overview................................................................................................................................................ 428

Troubleshooting approaches..................................................................................................................428

Browser or Telnet access problems....................................................................................................... 429

Cannot access the WebAgent.....................................................................................................429

Cannot Telnet into the switch console from a station on the network......................................... 429

Unusual network activity........................................................................................................................ 430

General problems........................................................................................................................430

The network runs slow; processes fail; users cannot access servers or other devices... 430

Duplicate IP addresses.................................................................................................... 430

Duplicate IP addresses in a DHCP network.....................................................................431

The switch has been configured for DHCP/Bootp operation, but has not received a

DHCP or Bootp reply........................................................................................................431

802.1Q Prioritization problems....................................................................................................431

Ports configured for non-default prioritization (level 1 to 7) are not performing the

specified action.................................................................................................................431

Addressing ACL problems.......................................................................................................... 431

Contents 15

ACLs are properly configured and assigned to VLANs, but the switch is not using the

ACLs to filter IP layer 3 packets....................................................................................... 431

The switch does not allow management access from a device on the same VLAN........ 432

Error (Invalid input) when entering an IP address............................................................ 432

Apparent failure to log all "deny" matches........................................................................433

The switch does not allow any routed access from a specific host, group of hosts, or

subnet...............................................................................................................................433

The switch is not performing routing functions on a VLAN...............................................433

Routing through a gateway on the switch fails................................................................. 433

IGMP-related problems............................................................................................................... 434

IP multicast (IGMP) traffic that is directed by IGMP does not reach IGMP hosts or a

multicast router connected to a port................................................................................. 435

IP multicast traffic floods out all ports; IGMP does not appear to filter traffic................... 435

LACP-related problems...............................................................................................................435

Unable to enable LACP on a port with the interface <port-number> lacp

command .........................................................................................................................435

Port-based access control (802.1X)-related problems................................................................435

The switch does not receive a response to RADIUS authentication requests................. 435

The switch does not authenticate a client even though the RADIUS server is properly

configured and providing a response to the authentication request.................................436

During RADIUS-authenticated client sessions, access to a VLAN on the port used for

the client sessions is lost..................................................................................................436

The switch appears to be properly configured as a supplicant, but cannot gain access

to the intended authenticator port on the switch to which it is connected........................ 436

The supplicant statistics listing shows multiple ports with the same authenticator MAC

address.............................................................................................................................436

The show port-access authenticator <port-list> command shows one

or more ports remain open after they have been configured with control

unauthorized ...............................................................................................................436

RADIUS server fails to respond to a request for service, even though the server's IP

address is correctly configured in the switch....................................................................437

The authorized MAC address on a port that is configured for both 802.1X and port

security either changes or is re-acquired after execution of aaa port-access

authenticator <port-list> initialize ..........................................................437

A trunked port configured for 802.1X is blocked.............................................................. 437

QoS-related problems................................................................................................................. 437

Loss of communication when using VLAN-tagged traffic................................................. 438

Radius-related problems............................................................................................................. 438

The switch does not receive a response to RADIUS authentication requests................. 438

RADIUS server fails to respond to a request for service, even though the server's IP

address is correctly configured in the switch....................................................................438

MSTP and fast-uplink problems.................................................................................................. 439

Broadcast storms appearing in the network..................................................................... 439

STP blocks a link in a VLAN even though there are no redundant links in that VLAN.....439

Fast-uplink troubleshooting.............................................................................................. 439

SSH-related problems.................................................................................................................439

Switch access refused to a client..................................................................................... 439

Executing IP SSH does not enable SSH on the switch....................................................440

Switch does not detect a client's public key that does appear in the switch's public

key file (show ip client-public-key) ....................................................................440

An attempt to copy a client public-key file into the switch has failed and the switch

lists one of the following messages..................................................................................440

Client ceases to respond ("hangs") during connection phase..........................................440

TACACS-related problems..........................................................................................................440

Event Log......................................................................................................................... 440

All users are locked out of access to the switch...............................................................440

16 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

No communication between the switch and the TACACS+ server application................ 441

Access is denied even though the username/password pair is correct............................441

Unknown users allowed to login to the switch..................................................................441

System allows fewer login attempts than specified in the switch configuration................442

TimeP, SNTP, or Gateway problems........................................................................................... 442

The switch cannot find the time server or the configured gateway.................................. 442

VLAN-related problems...............................................................................................................442

Monitor port...................................................................................................................... 442

None of the devices assigned to one or more VLANs on an 802.1Q-compliant switch

are being recognized........................................................................................................442

Link configured for multiple VLANs does not support traffic for one or more VLANs.......442

Duplicate MAC addresses across VLANs........................................................................ 443

Disabled overlapping subnet configuration...................................................................... 443

Fan failure................................................................................................................................... 444

Mitigating flapping transceivers...................................................................................................444

Fault finder thresholds......................................................................................................446

Viewing transceiver information............................................................................................................. 450

Viewing information about transceivers (CLI)..............................................................................451

MIB support.................................................................................................................................451

Viewing transceiver information.................................................................................................. 451

Information displayed with the detail parameter...............................................................452

Viewing transceiver information for copper transceivers with VCT support................................ 456

Testing the Cable..............................................................................................................456

Using the Event Log for troubleshooting switch problems..................................................................... 458

Event Log entries........................................................................................................................ 459

Using the Menu........................................................................................................................... 470

Using the CLI.............................................................................................................................. 471

Clearing Event Log entries..........................................................................................................472

Turning event numbering on....................................................................................................... 472

Using log throttling to reduce duplicate Event Log and SNMP messages.................................. 472

Log throttle periods...........................................................................................................473

Example: of event counter operation................................................................................474

Reporting information about changes to the running configuration.............................................475

Debug/syslog operation......................................................................................................................... 475

Debug/syslog messaging............................................................................................................ 475

Hostname in syslog messages................................................................................................... 476

Logging origin-id...............................................................................................................476

Viewing the identification of the syslog message sender................................................. 478

SNMP MIB........................................................................................................................480

Debug/syslog destination devices...............................................................................................480

Debug/syslog configuration commands...................................................................................... 481

Configuring debug/syslog operation............................................................................................484

Viewing a debug/syslog configuration.............................................................................. 486

Debug command.........................................................................................................................488

Debug messages............................................................................................................. 488

Debug destinations...........................................................................................................490

Logging command.......................................................................................................................491

Configuring a syslog server..............................................................................................492

Adding a description for a Syslog server.....................................................................................494

Adding a priority description........................................................................................................495

Configuring the severity level for Event Log messages sent to a syslog server......................... 495

Configuring the system module used to select the Event Log messages sent to a

syslog server.................................................................................................................... 496

Enabling local command logging................................................................................................ 496

Operating notes for debug and Syslog........................................................................................497

Diagnostic tools......................................................................................................................................498

Port auto-negotiation...................................................................................................................498

Contents 17

Ping and link tests....................................................................................................................... 498

Ping test........................................................................................................................... 498

Link test............................................................................................................................ 498

Executing ping or link tests (WebAgent)...........................................................................498

Testing the path between the switch and another device on an IP network..................... 499

Issuing single or multiple link tests................................................................................... 501

Tracing the route from the switch to a host address................................................................... 501

Halting an ongoing traceroute search.............................................................................. 503

A low maxttl causes traceroute to halt before reaching the destination address............. 503

If a network condition prevents traceroute from reaching the destination........................ 504

Viewing switch configuration and operation...........................................................................................504

Viewing the startup or running configuration file......................................................................... 504

Viewing the configuration file (WebAgent).................................................................................. 505

Viewing a summary of switch operational data........................................................................... 505

Saving show tech command output to a text file.............................................................. 506

Customizing show tech command output.........................................................................507

Viewing more information on switch operation............................................................................509

Searching for text using pattern matching with show command...................................... 510

Displaying the information you need to diagnose problems........................................................512

Restoring the factory-default configuration............................................................................................ 513

Resetting to the factory-default configuration..............................................................................513

Using the CLI....................................................................................................................513

Using Clear/Reset............................................................................................................ 513

Restoring a flash image......................................................................................................................... 514

Recovering from an empty or corrupted flash state.................................................................... 514

DNS resolver..........................................................................................................................................516

Basic operation........................................................................................................................... 516

Configuring and using DNS resolution with DNS-compatible commands...................................517

Configuring a DNS entry............................................................................................................. 517

Using DNS names with ping and traceroute: Example:.............................................................. 518

Viewing the current DNS configuration....................................................................................... 520

Operating notes...........................................................................................................................520

Event Log messages...................................................................................................................521

Locating a switch (Locator LED)............................................................................................................ 521

Chapter 21 Job Scheduler........................................................................... 522

Job Scheduler........................................................................................................................................ 522

Commands.............................................................................................................................................522

Job at | delay | enable | disable ...........................................................................522

Show job..................................................................................................................................... 523

Show job <Name>.......................................................................................................................523

Chapter 22 Configuration backup and restore without reboot................ 525

Overview................................................................................................................................................ 525

Benefits of configuration restore without reboot..........................................................................525

Recommended scenarios...................................................................................................................... 525

Use cases.............................................................................................................................................. 525

Switching to a new configuration.................................................................................................526

Rolling back to a stable configuration using job scheduler......................................................... 527

Commands used in switch configuration restore without reboot............................................................528

Configuration backup............................................................................................................................. 528

cfg-backup...............................................................................................................................529

show config files................................................................................................................529

Configuration restore without reboot .....................................................................................................531

18 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

cfg-restore.............................................................................................................................531

Force configuration restore.............................................................................................. 533

cfg-restore non-blocking......................................................................................534

cfg-restore recovery-mode................................................................................... 535

cfg-restore verbose................................................................................................ 537

cfg-restore config_bkp..........................................................................................538

Configuration restore with force option....................................................................................... 539

System reboot commands................................................................................................540

Configuration restore without force option.................................................................................. 541

show cfg-restore status...................................................................................................541

Viewing the differences between a running configuration and a backup configuration...............543

Show commands to show the SHA of a configuration........................................................................... 545

show hash.................................................................................................................................545

Scenarios that block the configuration restoration process................................................................... 546

Limitations..............................................................................................................................................546

Blocking of configuration from other sessions.............................................................................546

Troubleshooting and support................................................................................................................. 547

debug cfg-restore................................................................................................................547

Chapter 23 Virtual Technician..................................................................... 548

Cisco Discovery Protocol (CDP)............................................................................................................ 548

Show cdp traffic...........................................................................................................................548

Clear cdp counters...................................................................................................................... 548

Enable/Disable debug tracing for MOCANA code................................................................................. 549

Debug security ........................................................................................................................... 549

User diagnostic crash via Front Panel Security (FPS) button................................................................549

Front panel security password-clear........................................................................................... 549

Front-panel-security diagnostic-reset..........................................................................................550

[no] front-panel-security diagnostic-reset.................................................................................... 550

Front-panel-security diagnostic-reset clear-button......................................................................551

[No] front-panel-security diagnostic-reset clear-button............................................................... 551

Show front-panel-security........................................................................................................... 552

Diagnostic table...........................................................................................................................552

Validation rules............................................................................................................................553

FPS Error Log............................................................................................................................. 554

User initiated diagnostic crash via the serial console............................................................................ 555

Front-panel-security diagnostic-reset serial-console...................................................................555

[No] front-panel-security diagnostic-reset serial-console............................................................ 555

Serial console error messages....................................................................................................556

Chapter 24 IP Service Level Agreement.....................................................557

Overview................................................................................................................................................ 557

How IP SLA works................................................................................................................................. 559

Configuration commands....................................................................................................................... 559

[no] ip-sla <ID>............................................................................................................................559

ip-sla <ID> clear.......................................................................................................................... 560

[no] ip-sla <ID> history-size ........................................................................................................561

[no] ip-sla <ID> icmp-echo.......................................................................................................... 561

[no] ip-sla <ID> udp-echo............................................................................................................561

[no] ip-sla <ID> tcp-connect........................................................................................................ 561

[no] ip-sla <ID> monitor threshold-config.................................................................................... 561

[no] ip-sla <ID> monitor packet-loss............................................................................................562

[no] ip-sla <ID> monitor test-completion..................................................................................... 562

[no] ip-sla <ID> schedule............................................................................................................ 563

Contents 19

[no] ip-sla <ID> tos...................................................................................................................... 563

[no] ip-sla responder................................................................................................................... 563

[no] ip-sla <ID> udp-jitter ............................................................................................................563

[no] ip-sla <ID> udp-jitter-voip .................................................................................................... 564

Show commands................................................................................................................................... 564

show ip-sla <ID>......................................................................................................................... 564

show ip-sla <ID> history..............................................................................................................565

show ip-sla <ID> message-statistics...........................................................................................565

show ip-sla <ID> results .............................................................................................................566

show ip-sla <ID> aggregated-results.......................................................................................... 567

show ip-sla responder................................................................................................................. 568

show ip-sla responder statistics.................................................................................................. 568

show tech ip-sla.......................................................................................................................... 569

clear ip-sla responder statistics........................................................................................571

Validation rules.......................................................................................................................................572

Event log messages...............................................................................................................................574

Interoperability....................................................................................................................................... 575

IP SLA UDP Jitter and Jitter for VoIP ....................................................................................................575

Overview..................................................................................................................................... 575

Significance of jitter..................................................................................................................... 576

Solution components...................................................................................................................576

SLA Measurements.....................................................................................................................577

Chapter 25 Easing Wired/Wireless Deployment feature integration....... 579

Overview................................................................................................................................................ 579

Configuration commands....................................................................................................................... 579

allow-jumbo-frames.....................................................................................................................579

Validation rules................................................................................................................. 580

Default AP Profile........................................................................................................................580

device-profile...............................................................................................................................580

Associating a device with a profile.............................................................................................. 581

device-profile type....................................................................................................................... 581

Configuring the rogue-ap-isolation command............................................................................. 582

rogue-ap-isolation....................................................................................................................... 582

VXLAN show commands....................................................................................................................... 583

show device-profile..................................................................................................................... 583

show command device-profile status.......................................................................................... 584

Show rogue-ap-isolation............................................................................................................. 584

Chapter 26 Local user roles........................................................................ 586

Overview................................................................................................................................................ 586

Captive-portal commands...................................................................................................................... 588

Overview..................................................................................................................................... 588

[no] aaa authentication captive-portal profile.............................................................................. 588

Validation rules................................................................................................................. 589

Policy commands...................................................................................................................................590

Overview..................................................................................................................................... 590

policy user................................................................................................................................... 590

[no] policy user............................................................................................................................ 590

policy resequence....................................................................................................................... 591

Commands in the policy-user context......................................................................................... 591

(policy-user)# class.......................................................................................................... 591

User role configuration...........................................................................................................................592

aaa authorization user-role......................................................................................................... 592

20 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

Error log............................................................................................................................593

captive-portal-profile....................................................................................................................594

policy........................................................................................................................................... 594

reauth-period...............................................................................................................................594

Validation rules................................................................................................................. 595

VLAN commands........................................................................................................................ 595

vlan-id...............................................................................................................................595

vlan-name.........................................................................................................................595

VLAN range commands.........................................................................................................................596

Applying a UDR..................................................................................................................................... 597

aaa port-access local-mac apply user-role................................................................................. 597

VXLAN show commands....................................................................................................................... 597

show captive-portal profile.......................................................................................................... 597

show user-role.............................................................................................................................598

show port-access clients............................................................................................................. 599

Chapter 27 Port QoS Trust Mode................................................................ 601

Overview................................................................................................................................................ 601

Configuration commands....................................................................................................................... 601

qos trust...................................................................................................................................... 601

qos dscp-map..............................................................................................................................602

Show commands................................................................................................................................... 602

show qos trust............................................................................................................................. 602

Validation rules ......................................................................................................................................604

Chapter 28 Tunneled node...........................................................................605

Overview................................................................................................................................................ 605

Operating notes...........................................................................................................................605

Protocol Application Programming Interface (PAPI)....................................................................606

Configuration commands....................................................................................................................... 606

tunneled-node-server.................................................................................................................. 606

Validation rules................................................................................................................. 606

tunneled-node-server.................................................................................................................. 607

Validation rules................................................................................................................. 607

tunneled-node-server.................................................................................................................. 609

interface tunneled-node-server................................................................................................... 610

controller-ip................................................................................................................................. 610

keepalive..................................................................................................................................... 610

backup-controller-ip.....................................................................................................................610

fallback-local-switching................................................................................................................611

VLAN show commands..........................................................................................................................611

show tunneled-node-server.........................................................................................................611

Validation rules................................................................................................................. 612

show tunneled-node-server state................................................................................................612

show tunneled-node-server.........................................................................................................612

clear statistics tunneled-node-server.......................................................................................... 613

Interaction table..................................................................................................................................... 613

Restrictions............................................................................................................................................ 614

PAPI security..........................................................................................................................................615

Protocol Application Programming Interface (PAPI)....................................................................615

PAPI configurable secret key...................................................................................................... 616

papi-security........................................................................................................................ 616

Preventing double tunneling of Aruba Access Points............................................................................ 618

Preventing double tunneling using device profile parameter...................................................... 618

Contents 21

device-profile name................................................................................................ 618

Chapter 29 Time Domain Reflectometry.................................................... 622

Virtual cable testing................................................................................................................................622

Test cable-diagnostics............................................................................................................................622

show cable-diagnostics..........................................................................................................................625

clear cable-diagnostics.......................................................................................................................... 625

Limitations..............................................................................................................................................625

Chapter 30 Link Layer Discovery Protocol bypass authentication......... 627

Overview................................................................................................................................................ 627

Configuration commands....................................................................................................................... 627

aaa port-access lldp-bypass....................................................................................................... 627

Validation rules................................................................................................................. 628

Show commands................................................................................................................................... 629

show port-access lldp-bypass clients..........................................................................................629

show port-access lldp-bypass config.......................................................................................... 630

Error Log................................................................................................................................................ 631

Debug log...............................................................................................................................................632

Chapter 31 Net-destination and Net-service..............................................633

Net-service Overview.............................................................................................................................633

netservice [tcp | udp | port].....................................................................................................................633

Net-destination overview........................................................................................................................634

net-destination host |position | network..................................................................................................635

show net-destination.............................................................................................................................. 636

Chapter 32 Websites.................................................................................... 637

Chapter 33 Support and other resources.................................................. 638

Accessing Hewlett Packard Enterprise Support.................................................................................... 638

Accessing updates.................................................................................................................................638

Customer self repair...............................................................................................................................639

Remote support..................................................................................................................................... 639

Warranty information..............................................................................................................................639

Regulatory information...........................................................................................................................640

Documentation feedback....................................................................................................................... 640

Remote Device Deployment (TR-069).........................................................641

Introduction............................................................................................................................................ 641

Advantages of TR-069................................................................................................................ 642

Zero-touch configuration process................................................................................................643

Zero-touch configuration setup and execution............................................................................ 646

CLI commands.......................................................................................................................................646

Configuration setup..................................................................................................................... 646

ACS password configuration.......................................................................................................647

When encrypt-credentials is off........................................................................................ 647

When encrypt-credentials is on........................................................................................ 648

ACS URL configuration .............................................................................................................. 648

ACS username configuration...................................................................................................... 648

22 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

CPE configuration....................................................................................................................... 648

CPE password configuration.......................................................................................................649

When encrypt-credentials is on........................................................................................ 649

When encrypt-credentials is off........................................................................................ 649

CPE username configuration...................................................................................................... 649

Enable/disable CWMP................................................................................................................ 650

Show commands.........................................................................................................................650

CWMP configuration and status query.............................................................................650

Event logging......................................................................................................................................... 651

System logging............................................................................................................................651

Status/control commands............................................................................................................652

Network Out-of-Band Management (OOBM)..............................................654

Concepts................................................................................................................................................654

Example:..................................................................................................................................... 655

OOBM and switch applications................................................................................................... 656

OOBM configuration.............................................................................................................................. 656

Entering the OOBM configuration context from the general configuration context..................... 656

Enabling and disabling OOBM.................................................................................................... 657

Enabling and disabling the OOBM port.......................................................................................657

Setting the OOBM port speed..................................................................................................... 658

Configuring an OOBM IPv4 address...........................................................................................658

Configuring an OOBM IPv4 default gateway.............................................................................. 659

Configuring an IPv6 default gateway for OOBM devices............................................................ 659

oobm ipv6 default-gateway................................................................................... 659

oobm member ipv6 default-gateway.................................................................... 660

IPv6 default router preferences..............................................................................................................660

ipv6 nd ra router-preference........................................................................................660

OOBM show commands .......................................................................................................................661

Showing the global OOBM and OOBM port configuration.......................................................... 661

Showing OOBM IP configuration................................................................................................ 662

Showing OOBM ARP information............................................................................................... 662

show oobm ipv6...................................................................................................................... 662

show oobm ipv6 (for stacked switches)...................................................................................... 663

show oobm ip detail (for stacked switches).................................................................................663

Application server commands................................................................................................................664

Application client commands................................................................................................................. 665

Configuration backup and restore without reboot....................................668

Glossary........................................................................................................ 670

Contents 23

Chapter 1

About this guide

This guide provides information on how to configure, manage, and monitor basic switch operation.

Applicable products

This guide applies to these products:

Aruba 2920 Switch Series (J9726A, J9727A, J9728A, J9729A, J9836A)

Switch prompts used in this guide

Examples in this guide are representative and may not match your particular switch/environment. Examples use simplified prompts as follows:

Prompt Explanation

switch#

switch>

switch(config)#

switch(vlan-x)#

switch(eth-x)#

switch-Stack#

switch-Stack(config)#

switch-Stack(stacking)#

switch-Stack(vlan-x)#

switch-Stack(eth-x/y)#

# indicates manager context (authority).

> indicates operator context (authority).

(config) indicates the config context.

(vlan-x) indicates the vlan context of config, where x

represents the VLAN ID. For example:

switch(vlan-128)#.

(eth-x) indicates the interface context of config, where x represents the interface. For example: switch(eth-48)#.

Stack indicates that stacking is enabled.

Stack(config) indicates the config context while

stacking is enabled.

Stack(stacking) indicates the stacking context of config while stacking is enabled.

Stack(vlan-x) indicates the vlan context of config while stacking is enabled, where x represents the VLAN ID. For example: switch-

Stack(vlan-128)#.

Stack(eth-x/y) indicates the interface context of

config, in the form (eth-<member-in-stack>/ <interface>). For example: switch(eth-1/48)#

24 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

Chapter 2

Time Protocols

NOTE:

For successful time protocol setup and specific configuration details, you may need to contact your system administrator regarding your local configuration.

General steps for running a time protocol on the switch

Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages.

The switch offers TimeP, SNTP (Simple Network Time Protocol), NTP, and a timesync command for changing the time protocol selection (or turning off time protocol operation).

NOTE: Although you can create and save configurations for all time protocols without conflicts, the switch allows only one active time protocol at any time.

In the factory-default configuration, time synchronization is disabled by default.

NOTE: Because the Aruba 2920 Switch Series does not contain an RTC (real time clock) chip, Hewlett Packard Enterprise recommends configuring one of the time synchronization protocols supported. Failure to do so could result in the switch time being reset to the factory default of 01/01/1990 00:00:00 in the case of a switch reload, software upgrade, or power cycle.

TimeP time synchronization

You can either manually assign the switch to use a TimeP server or use DHCP to assign the TimeP server. In either case, the switch can get its time synchronization updates from only one designated TimeP server. This option enhances security by specifying which time server to use.

SNTP time synchronization

SNTP provides three operating modes:

• Broadcast mode

The switch acquires time updates by accepting the time value from the first SNTP time broadcast detected. (In this case, the SNTP server must be configured to broadcast time updates to the network broadcast address; see the documentation provided with your SNTP server application.) Once the switch detects a particular server, it ignores time broadcasts from other SNTP servers unless the configurable Poll Interval expires three consecutive times without an update received from the first-detected server.

NOTE: To use Broadcast mode, the switch and the SNTP server must be in the same subnet.

• DHCP mode

DHCP mode is enabled by default. In DHCP mode, the SNTP server address and the timezone are provided in the DHCP address reply.

• Unicast mode

Chapter 2 Time Protocols 25

The switch requests a time update from the configured SNTP server. (You can configure one server using the menu interface, or up to three servers using the CLI sntp server command.) This option provides increased security over the Broadcast mode by specifying which time server to use instead of using the first one detected through a broadcast.

NTP time synchronization

The Network Time Protocol (NTP) synchronizes the time of day among a set of distributed time servers and clients in order to correlate events when receiving system logs and other time-specific events from multiple network devices. NTP uses the User Datagram Protocol (UDP) as its transport protocol.

timesync Command

This command is used to configure the protocol used for network time synchronization.

Syntax

[no] timesync { timep | sntp | timep-or-sntp | ntp }

Options

Deletes all timesync configurations on the device.

timep

Updates the system clock using TIMEP.

sntp

Updates the system clock using SNTP.

timep-or-sntp

Updates the system clock using TIMEP or SNTP (default).

ntp

Updates the system clock using NTP

Example

switch(config)# timesync sntp Update the system clock using SNTP. timep Update the system clock using TIMEP. timep-or-sntp Update the system clock using TIMEP or SNTP. ntp Update the system clock using NTP.

Selecting a time synchronization protocol

Procedure

1. Select the time synchronization protocol: TimeP, SNTP, or NTP.

2. Enable the protocol; the choices are:

26 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

a. TimeP: DHCP or Manual

b. SNTP: Broadcast or Unicast

c. NTP: Broadcast or Unicast

3. Configure the remaining parameters for the time protocol you selected.

The switch retains the parameter settings for both time protocols even if you change from one protocol to the other. Thus, if you select a time protocol, the switch uses the parameters you last configured for the selected protocol.

Simply selecting a time synchronization protocol does not enable that protocol on the switch unless you also enable the protocol itself (step 2, above). For example, in the factory-default configuration, TimeP is the selected time synchronization method. However, because TimeP is disabled in the factory-default configuration, no time synchronization protocol is running.

Disabling time synchronization

You can use either of the following methods to disable time synchronization without changing the TimeP, SNTP, or NTP configuration:

• Global config level of the CLI

Execute no timesync.

• System Information screen of the Menu interface

1. Set the Time Synch Method parameter to None.

2. Press [Enter] , then [S] (for Save ).

SNTP: Selecting and configuring

The following table shows the SNTP parameters and their operations.

Table 1: SNTP parameters

SNTP parameter Operation

Time Sync Method Used to select either SNTP, TIMEP, NTP, or None as the time synchronization method.

SNTP Mode

Disabled

Unicast

The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command.

Directs the switch to poll a specific server for SNTP time synchronization. Requires at least one server address.

Table Continued

Chapter 2 Time Protocols 27

SNTP parameter Operation

Broadcast

Poll Interval (seconds)

Server Address Used only when the SNTP Mode is set to Unicast. Specifies the IP address of the SNTP

Server Version Specifies the SNTP software version to use and is assigned on a per-server basis. The

Priority Specifies the order in which the configured servers are polled for getting the time. Value is

Directs the switch to acquire its time synchronization from data broadcast by any SNTP server to the network broadcast address. The switch uses the first server detected and ignores any others. However, if the Poll Interval expires three times without the switch detecting a time update from the original server, the switch accepts a broadcast time update from the next server it detects.

In Unicast Mode: Specifies how often the switch polls the designated SNTP server for a time update.In Broadcast Mode: Specifies how often the switch polls the network broadcast address for a time update.Value is between 30 to 720 seconds.

server that the switch accesses for time synchronization updates. You can configure up to three servers; one using the menu or CLI, and two more using the CLI.

version setting is backwards-compatible. For example, using version 3 means that the switch accepts versions 1 through 3. Default: 3; range: 1 to 7.

between 1 and 3.

Viewing and configuring SNTP (Menu)

Procedure

1. From the Main Menu, select:

a. 2. Switch Configuration…

b. 1. System Information

Figure 1: System Information screen (default values)

2. Press [E] (for Edit ).

Move the cursor to the System Name field.

3. Use the Space bar to move the cursor to the Time Sync Method field.

4. Use the Space bar to select SNTP, then move to the SNTP Mode field.

28 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

5. Complete one of the following options.

Option 1

a. Use the Space bar to select the Broadcast mode.

b. Move the cursor to the Poll Interval field.

c. Go to 6. (For Broadcast mode details, see SNTP time synchronization)

Figure 2: Time configuration fields for SNTP with broadcast mode

Option 2

d. Use the Space bar to select the Unicast mode.

e. Move the cursor to the Server Address field.

f. Enter the IP address of the SNTP server you want the switch to use for time synchronization.

NOTE: This step replaces any previously configured server IP address. If you will be using backup SNTP servers (requires use of the CLI), see SNTP unicast time polling with multiple SNTP servers.

g. Move the cursor to the Server Version field. Enter the value that matches the SNTP server version running

on the device you specified in the preceding step.

If you are unsure which version to use, Hewlett Packard Enterprise recommends leaving this value at the default setting of 3 and testing SNTP operation to determine whether any change is necessary.

NOTE: Using the menu to enter the IP address for an SNTP server when the switch already has one or more SNTP servers configured, the switch deletes the primary SNTP server from the server list. The switch then selects a new primary SNTP server from the IP addresses in the updated list. For more on this topic, see SNTP unicast time polling with multiple SNTP

servers.

h. Move the cursor to the Poll Interval field, then go to step 6.

Figure 3: SNTP configuration fields for SNTP configured with unicast mode

6. In the Poll Interval field, enter the time in seconds that you want for a Poll Interval.

Chapter 2 Time Protocols 29

(For Poll Interval operation, see SNTP parameters)

7. Press Enter to return to the Actions line, then S (for Save) to enter the new time protocol configuration in both the startup-config and running-config files.

Viewing and configuring SNTP (CLI)

Syntax:

show sntp

Lists both the time synchronization method (TimeP, SNTP, or None) and the SNTP configuration, even if SNTP is not the selected time protocol.

If you configure the switch with SNTP as the time synchronization method, then enable SNTP in broadcast mode with the default poll interval, show sntp lists the following:

SNTP configuration when SNTP is the selected time synchronization method

switch(config)# show sntp

SNTP Configuration

Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 719

Priority SNTP Server Address Protocol Version

-------- ------------------------------ ----------------

1 2001:db8::215:60ff:fe79:8980 7 2 10.255.5.24 3 3 fe80::123%vlan10 3

In the factory-default configuration (where TimeP is the selected time synchronization method), show sntp still lists the SNTP configuration, even though it is not currently in use. In the selected time synchronization method on page 30, even though TimeP is the current time synchronous method, the switch maintains the SNTP configuration.

SNTP configuration when SNTP is not the selected time synchronization method

switch(config)# show sntp

SNTP Configuration

Time Sync Mode: Timep SNTP Mode : Unicast Poll Interval (sec) [720] : 719

Priority SNTP Server Address Protocol Version

-------- ------------------------------ ----------------

1 2001:db8::215:60ff:fe79:8980 7 2 10.255.5.24 3 3 fe80::123%vlan10 3

SNTP configuration when SNTP is not

Syntax:

show management

30 Aruba 2920 Management and Configuration Guide for

ArubaOS-Switch 16.05

+ 641 hidden pages

Hewlett Packard Enterprise Aruba 2920 Management And Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

About this guide

Applicable products

Switch prompts used in this guide

Time Protocols

General steps for running a time protocol on the switch

TimeP time synchronization

SNTP time synchronization

NTP time synchronization

timesync Command

Selecting a time synchronization protocol

Disabling time synchronization

SNTP: Selecting and configuring

Viewing and configuring SNTP (Menu)

Viewing and configuring SNTP (CLI)